From 1ec6939facb0fc51b989f368816d0df29be285ed Mon Sep 17 00:00:00 2001 From: Omair Majid Date: Mon, 10 Aug 2020 09:43:39 -0400 Subject: [PATCH] Support extra compiler flags during building (#39191) Many Linux distributions like to use an extra set of compiler flags (via `CFLAGS`, `CXXFLAGS` and `LDFLAGS`) to produce builds that are hardened against vulnerabilities and exploits. The flags sometimes also enable extra warnings to inform packagers about potential memory issues. This pach adds support for that to dotnet/runtime. The obvious method to make this work is to just export the `CFLAGS`, `CXXFLAGS`, and `LDFLAGS` directly. This, however, enables those flags during configure-time (aka `cmake` without `--build` too). That means several cmake configure tests get executed with unexpected compiler flags. These configure tests can then report incorrect results. For example, https://bugzilla.redhat.com/show_bug.cgi?id=1712158 demonstrates an issue where the check for `strerror_r` in the runtime comes to the wrong conclusion because `-Wall` is enabled and a variable is unused. A slightly longer fix is to support another set of environment variables, and use them to set `CFLAGS`, `CXXFLAGS`, `LDFLAGS`, but only for the invocation of `cmake --build`/`make`. See #35727 for the complete details. Fixes #35727 --- docs/workflow/building/coreclr/README.md | 2 ++ eng/build.sh | 3 +++ eng/native/build-commons.sh | 15 +++++++++++++++ 3 files changed, 20 insertions(+) diff --git a/docs/workflow/building/coreclr/README.md b/docs/workflow/building/coreclr/README.md index c00d90a9799ac..520ecd98a4fc7 100644 --- a/docs/workflow/building/coreclr/README.md +++ b/docs/workflow/building/coreclr/README.md @@ -22,6 +22,8 @@ CoreCLR also supports a 'checked' build type which has asserts enabled like 'deb ./build.sh -subset clr -configuration checked ``` +To pass extra compiler/linker flags to the coreclr build, set the environment variables `EXTRA_CFLAGS`, `EXTRA_CXXFLAGS` and `EXTRA_LDFLAGS` as needed. Don't set `CFLAGS`/`CXXFLAGS`/`LDFLAGS` directly as that might lead to configure-time tests failing. + This will produce outputs as follows: - Product binaries will be dropped in `artifacts\bin\coreclr\..` folder. diff --git a/eng/build.sh b/eng/build.sh index da8e3770f595a..afa16a69447a9 100755 --- a/eng/build.sh +++ b/eng/build.sh @@ -97,6 +97,9 @@ usage() echo "* Build CoreCLR for Linux x64 on Debug configuration using GCC 8.4." echo "./build.sh clr -gcc8.4" echo "" + echo "* Build CoreCLR for Linux x64 using extra compiler flags (-fstack-clash-protection)." + echo "EXTRA_CFLAGS=-fstack-clash-protection EXTRA_CXXFLAGS=-fstack-clash-protection ./build.sh clr" + echo "" echo "* Cross-compile CoreCLR runtime for Linux ARM64 on Release configuration." echo "./build.sh clr.runtime -arch arm64 -c release -cross" echo "" diff --git a/eng/native/build-commons.sh b/eng/native/build-commons.sh index 29c29a194e615..7315e43f27614 100755 --- a/eng/native/build-commons.sh +++ b/eng/native/build-commons.sh @@ -158,6 +158,17 @@ EOF return fi + SAVED_CFLAGS="${CFLAGS}" + SAVED_CXXFLAGS="${CXXFLAGS}" + SAVED_LDFLAGS="${LDFLAGS}" + + # Let users provide additional compiler/linker flags via EXTRA_CFLAGS/EXTRA_CXXFLAGS/EXTRA_LDFLAGS. + # If users directly override CFLAG/CXXFLAGS/LDFLAGS, that may lead to some configure tests working incorrectly. + # See https://github.com/dotnet/runtime/issues/35727 for more information. + export CFLAGS="${CFLAGS} ${EXTRA_CFLAGS}" + export CXXFLAGS="${CXXFLAGS} ${EXTRA_CXXFLAGS}" + export LDFLAGS="${LDFLAGS} ${EXTRA_LDFLAGS}" + if [[ "$__StaticAnalyzer" == 1 ]]; then pushd "$intermediatesDir" @@ -176,6 +187,10 @@ EOF $cmake_command --build "$intermediatesDir" --target install -- -j "$__NumProc" fi + CFLAGS="${SAVED_CFLAGS}" + CXXFLAGS="${SAVED_CXXFLAGS}" + LDFLAGS="${SAVED_LDFLAGS}" + local exit_code="$?" if [[ "$exit_code" != 0 ]]; then echo "${__ErrMsgPrefix}Failed to build \"$message\"."