cmcfarlen commented on issue #10608:
URL:
https://github.com/apache/trafficserver/issues/10608#issuecomment-1765246216
Modern cmake seems to frown on setting optional compiler flags inside the
cmake files but instead put that stuff in presets or leaving that up to users
and package maintainers. This seems reasonable to avoid having to micromanage
differences between compiler vendors and versions. For this issue, we could
add options to the ci-debian preset to manage these flags. We could create a
base "hardening" preset that can be inherited from, but there is some
awkwardness with merging cache variables from multiple inheritance.
If we thing this is a reasonable approach for ATS, here are the flags that
--enable-hardening sets:
CMAKE_CXX_FLAGS="-D_FORTIFY_SOURCE=2 -fPIE -fstack-protector"
CMAKE_EXE_LINKER_FLAGS="-pie -Wl,-z,relro -Wl,-z,now"
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@trafficserver.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
