Add compiler flags which could be interesting in terms of software security #956
Assignees
Labels
Milestone
Comments
piponazo
added
the
compilers
|
We essentially want to add this: $ rpm --eval %{optflags}
-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectionwherever supported (the annobin stuff is afaik only supported on RHEL/CentOS & Fedora) |
|
Also, for better performance LTO use would be nice to have. |
|
Peter Kovář <notifications@github.com> writes:
Also, for better performance LTO use would be nice to have.
Shared libraries don't support LTO.
You can build the library with LTO, but I wouldn't get my hopes up
without using profile guided optimization.
…
--
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
#956 (comment)
|
|
This sounds important, although I don't understand it. I'll mark this for attention in v1.00. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Take ideas from here:
https://git.libssh.org/projects/libssh.git/tree/CompilerChecks.cmake
The text was updated successfully, but these errors were encountered: