mirror of
https://github.com/bitcoin/bitcoin.git
synced 2026-05-05 19:38:54 +02:00
f409444d02
77e553ab6abuild: refactor: hardening flags -> core_interface (David Gumberg)00ba3ba303build: Drop option for disabling hardening (David Gumberg)f57db75e91build: Use `-z noseparate-code` on NetBSD < 11.0 (David Gumberg) Pull request description: Follow up to #32038 which dropped `NO_HARDEN` from depends builds, this PR drops the `ENABLE_HARDENING` build option since disabling hardening of binaries should not be a supported or maintained use case. With this change, hardening flags are always enabled. Individual hardening flags and options can still be disabled by appending flags, e.g.: ```bash cmake -B build \ -DAPPEND_CPPFLAGS='-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=0 -fno-stack-protector -fcf-protection=none -fno-stack-clash-protection' \ -DAPPEND_LDFLAGS='-Wl,-z,lazy -Wl,-z,norelro -Wl,-z,noseparate-code' ``` There is an issue with NetBSD 10.0's dynamic linker that makes one of the hardening linker flags, `-z separate-code`, [problematic](https://github.com/bitcoin/bitcoin/pull/28724#issuecomment-2589347934), so this PR also introduces a check to prevent the use of this flag in NetBSD versions < 11.0, (where this issue is [fixed](acf7fb3abf)). The fix for this [might be backported](https://mail-index.netbsd.org/tech-userlevel/2023/01/05/msg013670.html) to NetBSD 10.0. I suggest reviewing the diff with whitespace changes hidden (`git diff -w` or using github's hide whitespace option) ACKs for top commit: hebasto: re-ACK77e553ab6a. laanwj: re-ACK77e553ab6ajanb84: ACK [77e553a](77e553ab6a) vasild: ACK77e553ab6amusaHaruna: tested ACK [77e553](77e553ab6a) Tree-SHA512: b149fb0371d12312c140255bf674c2bdc9f5272a5750a5b9ec5f192323364bb2ea8e164af13b9ab981ab3aa7ceb91b7a64785081e7458470e81c2f5228abf7b1
2.8 KiB
2.8 KiB