libreSSL/scripts/wrap-compiler-for-flag-check

#!/bin/sh

# This file is in the public domain.
# https://github.com/kmcallister/autoharden/blob/c5c7842f39c2f8d19836bb5427d6479db4436d62/LICENSE
#
# From kmcallister: 
# https://github.com/kmcallister/autoharden/blob/efaf5a16612589808c276a11536ea9a47071f74b/scripts/wrap-compiler-for-flag-check

# Prior to clang v5.1, there was no way to make
# clang's "argument unused" warning fatal.  This
# wrapper script that greps for this warning message. Newer clang's have no issues.
#
# Ideally the search string would also include 'clang: ' but this output might
# depend on clang's argv[0].
#
set -o errexit
set -o nounset

if out=`"$@" 2>&1`; then
  echo "$out"
  if echo "$out" | grep 'warning: argument unused' >/dev/null; then
    echo "$0: found clang warning"
    exit 1
  else
    exit 0
  fi
else
  code=$?
  echo "$out"
  exit $code
fi
configure.ac: use executable hardening where available Where available, enable stack smashing protection, fortify source, no-strict-overflow, and read only relocations. Many Linux distributions automatically enable most of these options. They are no brainers. The difference introduced here is in asking for a few more aggressive options. An option to disable the more aggressive options is provided (--disable-hardening). When set, configure will fall back to the default CFLAGS on the system - in many cases that will still be hardened. There is no point in going further than that. Options enabled are: -fstack-protector-strong is a relatively new GCC-4.9 feature that is supposed to give a better balance between performance and protection. -all is considered too aggressive, but was used in Chromium and other security critical systems until -strong became available. Follow their lead and use -strong when possible. clang 6.0 supports -all but not -strong. _FORTIFY_SOURCE replaces certain unsafe C str* and mem* functions with more robust equivalents when the compiler can determine the length of the buffers involved. -fno-strict-overflow instructs GCC to not make optimizations based on the assumption that signed arithmetic will wrap around on overflow (e.g. (short)0x7FFF + 1 == 0). This prevents the optimizer from doing some unexpected things. Further improvements should trap signed overflows and reduce the use of signed to refer to naturally unsigned quantities. I did not set -fPIE (position independent executables). The critical function of Open/LibreSSL is as a library, not an executable. Tested on Ubuntu Linux 14.04.1 LTS, OS X 10.10.1 with "make check". The code added to m4/ is GPLv3 but con Signed-off-by: Jim Barlow <jim@purplerock.ca> 2014-12-24 06:47:03 +01:00			`#!/bin/sh`

move public domain to top, help automatic tools 2015-01-02 14:42:15 +01:00			`# This file is in the public domain.`
			`# https://github.com/kmcallister/autoharden/blob/c5c7842f39c2f8d19836bb5427d6479db4436d62/LICENSE`
			`#`
configure.ac: use executable hardening where available Where available, enable stack smashing protection, fortify source, no-strict-overflow, and read only relocations. Many Linux distributions automatically enable most of these options. They are no brainers. The difference introduced here is in asking for a few more aggressive options. An option to disable the more aggressive options is provided (--disable-hardening). When set, configure will fall back to the default CFLAGS on the system - in many cases that will still be hardened. There is no point in going further than that. Options enabled are: -fstack-protector-strong is a relatively new GCC-4.9 feature that is supposed to give a better balance between performance and protection. -all is considered too aggressive, but was used in Chromium and other security critical systems until -strong became available. Follow their lead and use -strong when possible. clang 6.0 supports -all but not -strong. _FORTIFY_SOURCE replaces certain unsafe C str* and mem* functions with more robust equivalents when the compiler can determine the length of the buffers involved. -fno-strict-overflow instructs GCC to not make optimizations based on the assumption that signed arithmetic will wrap around on overflow (e.g. (short)0x7FFF + 1 == 0). This prevents the optimizer from doing some unexpected things. Further improvements should trap signed overflows and reduce the use of signed to refer to naturally unsigned quantities. I did not set -fPIE (position independent executables). The critical function of Open/LibreSSL is as a library, not an executable. Tested on Ubuntu Linux 14.04.1 LTS, OS X 10.10.1 with "make check". The code added to m4/ is GPLv3 but con Signed-off-by: Jim Barlow <jim@purplerock.ca> 2014-12-24 06:47:03 +01:00			`# From kmcallister:`
			`# https://github.com/kmcallister/autoharden/blob/efaf5a16612589808c276a11536ea9a47071f74b/scripts/wrap-compiler-for-flag-check`

Change comments to remark on script not being needed for clang >= 5.1 2015-01-02 00:03:03 +01:00			`# Prior to clang v5.1, there was no way to make`
			`# clang's "argument unused" warning fatal. This`
			`# wrapper script that greps for this warning message. Newer clang's have no issues.`
configure.ac: use executable hardening where available Where available, enable stack smashing protection, fortify source, no-strict-overflow, and read only relocations. Many Linux distributions automatically enable most of these options. They are no brainers. The difference introduced here is in asking for a few more aggressive options. An option to disable the more aggressive options is provided (--disable-hardening). When set, configure will fall back to the default CFLAGS on the system - in many cases that will still be hardened. There is no point in going further than that. Options enabled are: -fstack-protector-strong is a relatively new GCC-4.9 feature that is supposed to give a better balance between performance and protection. -all is considered too aggressive, but was used in Chromium and other security critical systems until -strong became available. Follow their lead and use -strong when possible. clang 6.0 supports -all but not -strong. _FORTIFY_SOURCE replaces certain unsafe C str* and mem* functions with more robust equivalents when the compiler can determine the length of the buffers involved. -fno-strict-overflow instructs GCC to not make optimizations based on the assumption that signed arithmetic will wrap around on overflow (e.g. (short)0x7FFF + 1 == 0). This prevents the optimizer from doing some unexpected things. Further improvements should trap signed overflows and reduce the use of signed to refer to naturally unsigned quantities. I did not set -fPIE (position independent executables). The critical function of Open/LibreSSL is as a library, not an executable. Tested on Ubuntu Linux 14.04.1 LTS, OS X 10.10.1 with "make check". The code added to m4/ is GPLv3 but con Signed-off-by: Jim Barlow <jim@purplerock.ca> 2014-12-24 06:47:03 +01:00			`#`
			`# Ideally the search string would also include 'clang: ' but this output might`
			`# depend on clang's argv[0].`
Change comments to remark on script not being needed for clang >= 5.1 2015-01-02 00:03:03 +01:00			`#`
			`set -o errexit`
			`set -o nounset`
configure.ac: use executable hardening where available Where available, enable stack smashing protection, fortify source, no-strict-overflow, and read only relocations. Many Linux distributions automatically enable most of these options. They are no brainers. The difference introduced here is in asking for a few more aggressive options. An option to disable the more aggressive options is provided (--disable-hardening). When set, configure will fall back to the default CFLAGS on the system - in many cases that will still be hardened. There is no point in going further than that. Options enabled are: -fstack-protector-strong is a relatively new GCC-4.9 feature that is supposed to give a better balance between performance and protection. -all is considered too aggressive, but was used in Chromium and other security critical systems until -strong became available. Follow their lead and use -strong when possible. clang 6.0 supports -all but not -strong. _FORTIFY_SOURCE replaces certain unsafe C str* and mem* functions with more robust equivalents when the compiler can determine the length of the buffers involved. -fno-strict-overflow instructs GCC to not make optimizations based on the assumption that signed arithmetic will wrap around on overflow (e.g. (short)0x7FFF + 1 == 0). This prevents the optimizer from doing some unexpected things. Further improvements should trap signed overflows and reduce the use of signed to refer to naturally unsigned quantities. I did not set -fPIE (position independent executables). The critical function of Open/LibreSSL is as a library, not an executable. Tested on Ubuntu Linux 14.04.1 LTS, OS X 10.10.1 with "make check". The code added to m4/ is GPLv3 but con Signed-off-by: Jim Barlow <jim@purplerock.ca> 2014-12-24 06:47:03 +01:00
			if out=`"$@" 2>&1`; then
			`echo "$out"`
			`if echo "$out" \| grep 'warning: argument unused' >/dev/null; then`
			`echo "$0: found clang warning"`
			`exit 1`
			`else`
			`exit 0`
			`fi`
			`else`
			`code=$?`
			`echo "$out"`
			`exit $code`
			`fi`