diff --git a/configure.ac b/configure.ac
index e0fd5dbcab30485e671c6c022012d05ac7e884fc..47c9c092b62db4b33ab6ba39f9876f0b3d6a4609 100644 (file)
--- a/configure.ac
+++ b/configure.ac
done
fi
-for flag in -Wall -Wextra -Werror; do
+dnl Hardening (see e.g. http://wiki.debian.org/Hardening for a motivation).
+AC_DEFINE([_FORTIFY_SOURCE], 2,
+ [Define to enable protection against static sized buffer overflows.])
+AC_ARG_ENABLE([hardening],
+ AS_HELP_STRING([--disable-hardening],
+ [Disable hardening options]),
+ [enable_hardening="$enableval"],
+ [enable_hardening="yes"])
+
+if test "x$enable_hardening" = "xyes"; then
+ hardening=0
+ hardening_tests=0
+ for flag in -Wformat -Wformat-security; do
+ hardening_tests=$(($hardening_tests + 1))
+ AC_MSG_CHECKING([whether $CC accepts $flag])
+
+ if test_cc_flags $flag; then
+ CFLAGS="$CFLAGS $flag"
+ hardening=$(($hardening + 1))
+ AC_MSG_RESULT([yes])
+ else
+ AC_MSG_RESULT([no])
+ fi
+ done
+ if test $hardening -ne $hardening_tests; then
+ AC_MSG_WARN(
+ [Some hardening options are not supported by your compiler!])
+ fi
+fi
+
+dnl Strict checking for potential problems.
+AC_ARG_ENABLE([strict-checks],
+ AS_HELP_STRING([--disable-strict-checks],
+ [Disable strict compiler checks]),
+ [enable_strict_checks="$enableval"],
+ [enable_strict_checks="yes"])
+
+STRICT_CFLAGS=""
+for flag in -Wall -Werror; do
AC_MSG_CHECKING([whether $CC accepts $flag])
if test_cc_flags $flag; then
AC_MSG_RESULT([no])
fi
done
+
+if test "x$enable_strict_checks" = "xyes"; then
+ for flag in -Wextra \
+ -Wbad-function-cast \
+ -Wcast-align \
+ -Wcast-qual \
+ -Wconversion \
+ -Wdeclaration-after-statement \
+ -Wmissing-prototypes \
+ -Wpointer-arith \
+ -Wshadow \
+ -Wstrict-prototypes \
+ -Wunreachable-code \
+ -Wvla; do
+ AC_MSG_CHECKING([whether $CC accepts $flag])
+
+ if test_cc_flags $flag; then
+ STRICT_CFLAGS="$STRICT_CFLAGS $flag"
+ AC_MSG_RESULT([yes])
+ else
+ AC_MSG_RESULT([no])
+ fi
+ done
+fi
AC_SUBST([STRICT_CFLAGS])
build_date="`date --utc '+%F %T'` (UTC)"