I'm trying to build OpenSSL with -Wa,--noexecstack, but can't find anywhere in its config command-line to provide this flag. I've tried to set CFLAGS, but it appears to ignore that and just use its own.
我正在尝试使用-Wa构建OpenSSL, - noexecstack,但在其config命令行中找不到任何地方来提供此标志。我试图设置CFLAGS,但它似乎忽略了它,只是使用它自己的。
This is an automated build working off a clean copy of the OpenSSL source, so a one-time hack of the config script isn't really an option.
这是一个自动构建工作的OpenSSL源的干净副本,因此配置脚本的一次性黑客实际上不是一个选项。
Is there a way to pass custom flags to OpenSSL's build process?
有没有办法将自定义标志传递给OpenSSL的构建过程?
3 个解决方案
#1
12
The config script ignores CFLAGS, but not CC. So you can specify your compiler and give it the flags at the same time:
配置脚本忽略CFLAGS,但不忽略CC。因此,您可以指定编译器并同时为其指定标志:
export CC="gcc -Wall -DHELLO_WORLD"; ./config
Alternatively, since config auto detects your platform and then runs Configure with preset compiler settings, you can add the compiler flags to your platform configuration. E.g., for my mac, I see this line when I first run config:
或者,由于config auto会检测您的平台,然后使用预设编译器设置运行Configure,您可以将编译器标志添加到您的平台配置中。例如,对于我的mac,我在第一次运行config时看到这一行:
Operating system: i386-apple-darwinDarwin Kernel Version 10.8.0: Tue Jun 7 16:33:36 PDT 2011; root:xnu-1504.15.3~1/RELEASE_I386
Configuring for darwin-i386-cc
So if I open Configure, I can search for darwin-i386-cc and add the flags to the presets.
因此,如果我打开Configure,我可以搜索darwin-i386-cc并将标志添加到预设中。
If you're not using a preset configuration, then you'd just pass the flags directly to Configure on the command line and it'll use them.
如果您没有使用预设配置,那么您只需将标志直接传递给命令行上的Configure,它就会使用它们。
#2
20
Later to the party, but this seems to be the correct way of doing this.
后来参加聚会,但这似乎是这样做的正确方法。
From the config script help:
从配置脚本帮助:
$ ./config -h
Usage: config [options]
-d Add a debug- prefix to machine choice.
-t Test mode, do not run the Configure perl script.
-h This help.
Any other text will be passed to the Configure perl script.
See INSTALL for instructions.
So the config script forwards "unexpected" options to the Configure script. Well, lets see what the Configure script has to say about that:
因此配置脚本将“意外”选项转发到配置脚本。好吧,让我们看看配置脚本对此有何看法:
$ ./Configure --help
Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]
See the [:flags] part at the end of that long line? There is also a comment inside the file:
看那条长线末尾的[:flags]部分?文件中还有一条评论:
# -<xxx> +<xxx> compiler options are passed through
It's not that obvious since it does not follow well known standards but the answer is: just append the options to the end of the config command line.
它并不那么明显,因为它不遵循众所周知的标准,但答案是:只需将选项附加到config命令行的末尾即可。
As a long time has passed since you posted the question, I must add:
自从您发布问题以来已经过了很长时间,我必须补充:
- it may not work for the version of OpenSSL you are working with (mine is OpenSSL 1.0);
- 它可能不适用于您正在使用的OpenSSL版本(我的是OpenSSL 1.0);
- I felt compelled to post this answer since none of the previous answers solved my problem and it took me a little while to figure out that solution.
- 我觉得有必要发布这个答案,因为之前的答案都没有解决我的问题,我花了一点时间才弄清楚这个解决方案。
#3
3
Late to the party, but another way of doing this is to make an automated edit to the generated makefile. E.g., to add -DPURIFY to the flags, I first do the regular configure, then:
迟到了,但另一种方法是对生成的makefile进行自动编辑。例如,要将-DPURIFY添加到标志中,我首先进行常规配置,然后:
perl -i~ -plwe 's!^(CFLAG=.*$)!$1 -DPURIFY!' Makefile
Not the most elegant solution, but it works for me.
不是最优雅的解决方案,但它适合我。
#1
12
The config script ignores CFLAGS, but not CC. So you can specify your compiler and give it the flags at the same time:
配置脚本忽略CFLAGS,但不忽略CC。因此,您可以指定编译器并同时为其指定标志:
export CC="gcc -Wall -DHELLO_WORLD"; ./config
Alternatively, since config auto detects your platform and then runs Configure with preset compiler settings, you can add the compiler flags to your platform configuration. E.g., for my mac, I see this line when I first run config:
或者,由于config auto会检测您的平台,然后使用预设编译器设置运行Configure,您可以将编译器标志添加到您的平台配置中。例如,对于我的mac,我在第一次运行config时看到这一行:
Operating system: i386-apple-darwinDarwin Kernel Version 10.8.0: Tue Jun 7 16:33:36 PDT 2011; root:xnu-1504.15.3~1/RELEASE_I386
Configuring for darwin-i386-cc
So if I open Configure, I can search for darwin-i386-cc and add the flags to the presets.
因此,如果我打开Configure,我可以搜索darwin-i386-cc并将标志添加到预设中。
If you're not using a preset configuration, then you'd just pass the flags directly to Configure on the command line and it'll use them.
如果您没有使用预设配置,那么您只需将标志直接传递给命令行上的Configure,它就会使用它们。
#2
20
Later to the party, but this seems to be the correct way of doing this.
后来参加聚会,但这似乎是这样做的正确方法。
From the config script help:
从配置脚本帮助:
$ ./config -h
Usage: config [options]
-d Add a debug- prefix to machine choice.
-t Test mode, do not run the Configure perl script.
-h This help.
Any other text will be passed to the Configure perl script.
See INSTALL for instructions.
So the config script forwards "unexpected" options to the Configure script. Well, lets see what the Configure script has to say about that:
因此配置脚本将“意外”选项转发到配置脚本。好吧,让我们看看配置脚本对此有何看法:
$ ./Configure --help
Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]
See the [:flags] part at the end of that long line? There is also a comment inside the file:
看那条长线末尾的[:flags]部分?文件中还有一条评论:
# -<xxx> +<xxx> compiler options are passed through
It's not that obvious since it does not follow well known standards but the answer is: just append the options to the end of the config command line.
它并不那么明显,因为它不遵循众所周知的标准,但答案是:只需将选项附加到config命令行的末尾即可。
As a long time has passed since you posted the question, I must add:
自从您发布问题以来已经过了很长时间,我必须补充:
- it may not work for the version of OpenSSL you are working with (mine is OpenSSL 1.0);
- 它可能不适用于您正在使用的OpenSSL版本(我的是OpenSSL 1.0);
- I felt compelled to post this answer since none of the previous answers solved my problem and it took me a little while to figure out that solution.
- 我觉得有必要发布这个答案,因为之前的答案都没有解决我的问题,我花了一点时间才弄清楚这个解决方案。
#3
3
Late to the party, but another way of doing this is to make an automated edit to the generated makefile. E.g., to add -DPURIFY to the flags, I first do the regular configure, then:
迟到了,但另一种方法是对生成的makefile进行自动编辑。例如,要将-DPURIFY添加到标志中,我首先进行常规配置,然后:
perl -i~ -plwe 's!^(CFLAG=.*$)!$1 -DPURIFY!' Makefile
Not the most elegant solution, but it works for me.
不是最优雅的解决方案,但它适合我。