configure.ac: support static toolchains when compiling with hardening#3561
Open
winterqt wants to merge 1 commit intotpm2-software:masterfrom
Open
configure.ac: support static toolchains when compiling with hardening#3561winterqt wants to merge 1 commit intotpm2-software:masterfrom
winterqt wants to merge 1 commit intotpm2-software:masterfrom
Conversation
It's not clear to me why `-shared` was added to the hardening flags in the first place, but unconditionally adding it breaks compilation with hardening enabled (the default). Signed-off-by: Winter M <winter@antithesis.com>
winterqt
force-pushed
the
push-rkukwrtswtoy
branch
from
69ca9af to
f1c5f2a
Compare
Author
|
cc @thesamesam since I saw you in the log for |
AndreasFuchsTPM
approved these changes
Feb 25, 2026
Author
winterqt
commented
Feb 25, 2026
Comment on lines
+327
to
+330
| AC_ARG_ENABLE([shared], | ||
| AS_HELP_STRING([--disable-shared], [don't build shared libraries]),, | ||
| [enable_shared="yes"] | ||
| ) |
Author
There was a problem hiding this comment.
I think there's a chance that we want to move this outside of the hardened conditional?
thesamesam
reviewed
Feb 25, 2026
| [enable_shared="yes"] | ||
| ) | ||
| AS_IF([test x"$enable_shared" != x"no"], [ | ||
| add_hardened_ld_flag([[-shared]]) |
Contributor
There was a problem hiding this comment.
IMO we should drop this entirely: that would fix your problem too.
The project already uses libtool which has machinery for shared and static linking. It is not really a hardening flag at all other than "shared libraries are good" (and I like them!)
Member
|
I'm fine in either case. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
It's not clear to me why
-sharedwas added to the hardening flags in the first place, but unconditionally adding it breaks compilation with hardening enabled (the default).