view CMakeLists.txt @ 648:e41a2537b84d

Implement root installation We now iterate over all users that do not obviously have their login shell disabled and look for NSS directories in their home directory, dropping our privileges to do so.
author Andre Heinecke <andre.heinecke@intevation.de>
date Wed, 25 Jun 2014 12:44:47 +0200
parents 7dfa4555fb89
children a5a709c6ce93
line wrap: on
line source
# Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
# Software engineering by Intevation GmbH
#
# This file is Free Software under the GNU GPL (v>=2)
# and comes with ABSOLUTELY NO WARRANTY!
# See LICENSE.txt for details.

cmake_minimum_required(VERSION 2.8.8)
project(trustbridge)

option(DO_RELEASE_BUILD "Build for a public release." OFF)
option(ENABLE_PROFILING "Set to enable profiling." OFF)

set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake/")

#Old qtmain linking behavior to be compatible with cmake versions < 2.8.11

if(POLICY CMP0020)
  cmake_policy(SET CMP0020 OLD)
endif()

include(CTest)
include(GenerateCppcheck)
include(HGVersion)

if(HG_REVISION)
   set(PROJECT_VERSION ${HG_REVISION})
else()
   set(PROJECT_VERSION unknown)
endif()

add_definitions(-DVERSION="${PROJECT_VERSION}")

find_package(PolarSSL)
include_directories(${POLARSSL_INCLUDE_DIR})

find_package(Qt5Widgets)

find_package(NSS)

# Use cmake's automoc and make sure the generated files are included
set(CMAKE_AUTOMOC ON)
set(CMAKE_INCLUDE_CURRENT_DIR ON)

if(DO_RELEASE_BUILD)
   if (NOT CMAKE_BUILD_TYPE)
      set (CMAKE_BUILD_TYPE RELEASE)
   endif (NOT CMAKE_BUILD_TYPE)
   add_definitions (-DRELEASE_BUILD)
else()
# Default to debug build
   if (NOT CMAKE_BUILD_TYPE)
     set (CMAKE_BUILD_TYPE Debug)
     set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g")
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g")
   endif (NOT CMAKE_BUILD_TYPE)
endif()

# Warn level to be used for privileged parts
set(WARN_HARDENING_FLAGS " -Wextra -Wconversion -Wformat-security")

# Hardening flags
set(HARDENING_FLAGS " -Wall -Werror -fstack-protector-all -fno-exceptions")
set(HARDENING_FLAGS " ${HARDENING_FLAGS} -Wstack-protector")
set(HARDENING_FLAGS " ${HARDENING_FLAGS} --param ssp-buffer-size=4")
set(HARDENING_FLAGS " ${HARDENING_FLAGS} -D_FORTIFY_SOURCE=2 -O0")

if(ENABLE_PROFILING)
   set(PROFILING_FLAGS "-fprofile-arcs -ftest-coverage")
   set(PROFILING_LIBS gcov)
endif()

if(WIN32)
   add_definitions(-D_WIN32_WINNT=0x0600) # Windows vista
   add_definitions(-DWINVER=0x0600)
   add_definitions(-DMINGW_HAS_SECURE_API) # for _s functions
endif(WIN32)

if(UNIX)
   set(HARDENING_FLAGS " ${HARDENING_FLAGS} -pie -fPIE -ftrapv")
   set(HARDENING_FLAGS " ${HARDENING_FLAGS} -Wl,-z,relro,-z,now")
elseif(WIN32)
   set(HARDENING_FLAGS " ${HARDENING_FLAGS} -Wl,--dynamicbase -Wl,--nxcompat")
endif()

set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${HARDENING_FLAGS} ${PROFILING_FLAGS}")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${WARN_HARDENING_FLAGS} ${HARDENING_FLAGS} ${PROFILING_FLAGS}")

add_custom_target(static_check)

# FlawFinder
find_program(FLAWFINDER_PATH flawfinder DOC "flawfinder path")
if (FLAWFINDER_PATH)
    add_custom_target(flawfinder COMMENT "FlawFinder" VERBATIM COMMAND ${FLAWFINDER_PATH}
       ${CMAKE_SOURCE_DIR}/ui
       ${CMAKE_SOURCE_DIR}/cinst
       ${CMAKE_SOURCE_DIR}/common
    )
    add_dependencies(static_check flawfinder)
endif (FLAWFINDER_PATH)

add_subdirectory(common)

add_subdirectory(cinst)
if(Qt5Widgets_FOUND)
    add_subdirectory(ui)
else()
   message(STATUS "WARNING: Could not find qt. GUI parts will not be built.")
endif()

# Documentation
configure_file (doc/Doxyfile.in doc/Doxyfile)
add_subdirectory(doc)

# Configure packaging script for testing
list(GET NSS_LIBRARIES 1 NSS_BASE_DIR)
get_filename_component(NSS_BASE_DIR ${NSS_BASE_DIR} PATH)

set(NSS_BASE_DIR "${NSS_BASE_DIR}/..")
configure_file (packaging/tmp-createpackage.sh.in packaging/tmp-createpackage.sh)

if (ENABLE_PROFILING)
   configure_file (make-coverage.sh.in make-coverage.sh)
   add_custom_target(lcov COMMENT "Lcov coverage report" VERBATIM COMMAND /bin/bash
      ${CMAKE_CURRENT_BINARY_DIR}/make-coverage.sh
   )
endif()

http://wald.intevation.org/projects/trustbridge/