diff options
| author |  Alexander Batischev <eual.jp@gmail.com>
| 2019-06-09 14:13:03 +0300 |
|---|---|---|
| committer | Alexander Batischev <eual.jp@gmail.com>
| 2019-06-09 14:16:45 +0300 |
| commit | efda9d415359cb67e86f31049fb450d45ee60ec3 (patch) | |
| tree | 2c074727c264fc64ee16a9ad921c0e9759a0e067 /.travis.yml | |
| parent | 604ac12059522620c12a8f345b78d5a84a73dfe1 (diff) | |
| download | newsboat-efda9d415359cb67e86f31049fb450d45ee60ec3.tar.gz newsboat-efda9d415359cb67e86f31049fb450d45ee60ec3.tar.zst newsboat-efda9d415359cb67e86f31049fb450d45ee60ec3.zip | |
Travis: harden compilation the way Fedora and Ubuntu do
Fedora and Ubuntu use these options to turn some bugs into compilation
failures and runtime crashes:
- https://fedoraproject.org/wiki/Changes/HardeningFlags28
- https://fedoraproject.org/wiki/Changes/HardenedCompiler
- https://wiki.ubuntu.com/ToolChain/CompilerFlags
I might add "-Wformat -Wformat-security" to the Makefile, because
they're only affecting the compilation. The rest are runtime checks, and
I'm on the fence about enabling them for all downstream users. Let's
keep deferring the decision to distributions for now.
This commit is inspired by #542.
Diffstat (limited to '')
| -rw-r--r-- | .travis.yml | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/.travis.yml b/.travis.yml index 5aa72e8d..dc63b436 100644 --- a/.travis.yml +++ b/.travis.yml @@ -42,6 +42,9 @@ newsboat_brew_commands: &osx_deps - pip3 install cpp-coveralls - pyenv rehash +env: + - CXXFLAGS='-fstack-clash-protection -D_GLIBCXX_ASSERTIONS -Wformat -Wformat-security -fstack-protector-strong --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2' + matrix: fast_finish: true include: @@ -90,7 +93,7 @@ matrix: - COMPILER=g++-8 - GCOV=/usr/bin/gcov-8 script: &release_build_script - - CXXFLAGS="-O3" make -j2 --keep-going all test + - CXXFLAGS="$CXXFLAGS -O3" make -j2 --keep-going all test - ( cd test && ./test --order rand ); ret=$?; (cargo test) && sh -c "exit $ret" - compiler: clang-8 os: linux |