Mercurial > trustbridge > trustbridge

view CMakeLists.txt @ 1119:5349e2354c48

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
(issue54) Merge branch runafterinstall There is now an NSIS Plugin that executes the Software after installation using COM in the shell of the current user. With the way over the shell there is no inheritance / token management required. As it is impossible to drop all privileges of a token granted by UAC and still be able to reelevate the Token again with another RunAs call later this round trip over the Shell was necessary.
author Andre Heinecke <andre.heinecke@intevation.de>
date Tue, 16 Sep 2014 19:48:22 +0200
parents fd85a02d771d
children 6950f08342bb
line wrap: on
line source
# Copyright (C) 2014 by Bundesamt für Sicherheit in der Informationstechnik
# Software engineering by Intevation GmbH
#
# This file is Free Software under the GNU GPL (v>=2)
# and comes with ABSOLUTELY NO WARRANTY!
# See LICENSE.txt for details.

cmake_minimum_required(VERSION 2.8.8)
project(trustbridge)

option(DO_RELEASE_BUILD "Build for a public release." OFF)
option(USE_REAL_RESOURCES "Use real resource names on the download server. Autmatically ON if DO_RELEASE_BUILD is set" OFF )
option(ENABLE_PROFILING "Set to enable profiling." OFF)
option(USE_CURL "Use libcurl to download updates and certificate lists." ON)

set(DOWNLOAD_SERVER "https://tb-devel.intevation.de:443" CACHE STRING "Used as download server" )
set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake/")

#Old qtmain linking behavior to be compatible with cmake versions < 2.8.11

if(POLICY CMP0020)
  cmake_policy(SET CMP0020 OLD)
endif()

include(CTest)
include(GenerateCppcheck)
include(HGVersion)

if(HG_REVISION)
   set(PROJECT_VERSION ${HG_REVISION})
else()
   set(PROJECT_VERSION unknown)
endif()

add_definitions(-DVERSION="${PROJECT_VERSION}")

find_package(PolarSSL)
include_directories(${POLARSSL_INCLUDE_DIR})

find_package(Qt5Widgets)

find_program(OSSLSIGNCODE_EXECUTABLE osslsigncode)

if (WIN32 AND NOT OSSLSIGNCODE_EXECUTABLE)
   message (STATUS "WARNING: osslsigncode not found. Code verification and code verification tests will fail.")
endif()

if (NOT WIN32)
   find_package(NSS)
else ()
   # Use static NSS for Windows
   if (NOT EXISTS "${CMAKE_SOURCE_DIR}/nss-cmake-static")
      MESSAGE(FATAL_ERROR "Could not find nss-cmake-static checkout. Please run: \n hg clone https://wald.intevation.org/hg/trustbridge/nss-cmake-static '${CMAKE_SOURCE_DIR}/nss-cmake-static'")
   endif()
  set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/nss-cmake-static/")
  set(NSS_STATIC_PATH "${CMAKE_SOURCE_DIR}/nss-cmake-static")
  include (nss-cmake-static)
endif()

# Use cmake's automoc and make sure the generated files are included
set(CMAKE_AUTOMOC ON)
set(CMAKE_INCLUDE_CURRENT_DIR ON)

if(DO_RELEASE_BUILD)
   if (NOT CMAKE_BUILD_TYPE)
      set (CMAKE_BUILD_TYPE RELEASE)
   endif (NOT CMAKE_BUILD_TYPE)
   add_definitions (-DRELEASE_BUILD)
   set(USE_REAL_RESOURCES ON)
else()
# Default to debug build
   if (NOT CMAKE_BUILD_TYPE)
     set (CMAKE_BUILD_TYPE Debug)
     set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g")
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g")
   endif (NOT CMAKE_BUILD_TYPE)
endif()

if(USE_REAL_RESOURCES)
   add_definitions (-DUSE_REAL_RESOURCES)
endif()

# Warn level to be used for privileged parts
set(WARN_HARDENING_FLAGS " -Wextra -Wconversion -Wformat-security")

# Hardening flags
set(HARDENING_FLAGS " -Wall -fstack-protector-all -fno-exceptions")
set(HARDENING_FLAGS " ${HARDENING_FLAGS} -Wstack-protector")
set(HARDENING_FLAGS " ${HARDENING_FLAGS} --param ssp-buffer-size=4")
set(HARDENING_FLAGS " ${HARDENING_FLAGS} -D_FORTIFY_SOURCE=2 -O0")

if(ENABLE_PROFILING)
   set(PROFILING_FLAGS "-fprofile-arcs -ftest-coverage")
   set(PROFILING_LIBS gcov)
endif()

if(WIN32)
   add_definitions(-D_WIN32_WINNT=0x0600) # Windows vista
   add_definitions(-DWINVER=0x0600)
   add_definitions(-DMINGW_HAS_SECURE_API) # for _s functions
endif(WIN32)

if(UNIX)
   set(HARDENING_FLAGS " ${HARDENING_FLAGS} -pie -fPIE -ftrapv")
   set(HARDENING_FLAGS " ${HARDENING_FLAGS} -Wl,-z,relro,-z,now")
elseif(WIN32)
   set(HARDENING_FLAGS " ${HARDENING_FLAGS} -Wl,--dynamicbase -Wl,--nxcompat")
endif()

set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${HARDENING_FLAGS} ${PROFILING_FLAGS}")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${WARN_HARDENING_FLAGS} ${HARDENING_FLAGS} ${PROFILING_FLAGS}")

add_custom_target(static_check)

# FlawFinder
find_program(FLAWFINDER_PATH flawfinder DOC "flawfinder path")
if (FLAWFINDER_PATH)
    add_custom_target(flawfinder COMMENT "FlawFinder" VERBATIM COMMAND ${FLAWFINDER_PATH}
       ${CMAKE_SOURCE_DIR}/ui
       ${CMAKE_SOURCE_DIR}/cinst
       ${CMAKE_SOURCE_DIR}/common
    )
    add_dependencies(static_check flawfinder)
endif (FLAWFINDER_PATH)

if(WIN32)
  add_subdirectory(nss-cmake-static)
  add_definitions(-D_WIN32_WINNT=0x0600) # Windows vista. NSS defines its own winver.
endif()

# No chance to compile nss with -Werror
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Werror")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Werror")

add_subdirectory(common)

add_subdirectory(cinst)
if(Qt5Widgets_FOUND)
    add_subdirectory(ui)
else()
   message(STATUS "WARNING: Could not find qt. GUI parts will not be built.")
endif()

# Documentation
configure_file (doc/Doxyfile.in doc/Doxyfile)
add_subdirectory(doc)

find_package(Sphinx)

if (NOT SPHINX_FOUND)
   message (STATUS "WARNING could not find sphinx (Package python-sphinx). Manuals will not be built.")
else()
   add_subdirectory(manuals)
endif()

add_subdirectory(packaging)

if (ENABLE_PROFILING)
   configure_file (make-coverage.sh.in make-coverage.sh)
   add_custom_target(lcov COMMENT "Lcov coverage report" VERBATIM COMMAND /bin/bash
      ${CMAKE_CURRENT_BINARY_DIR}/make-coverage.sh
   )
endif()
http://wald.intevation.org/projects/trustbridge/