[binutils-gdb] configure: Implement --enable-host-pie

[Alan Modra <amodra@sourceware.org>]

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=60b42421e900f9bb186c306a657f41b88e422bcd

commit 60b42421e900f9bb186c306a657f41b88e422bcd
Author: Marek Polacek <polacek@redhat.com>
Date:   Mon Aug 7 13:07:12 2023 +0200

    configure: Implement --enable-host-pie
    
    This patch implements the --enable-host-pie configure option which
    makes the compiler executables PIE.  This can be used to enhance
    protection against ROP attacks, and can be viewed as part of a wider
    trend to harden binaries.
    
    Co-Authored by: Iain Sandoe  <iain@sandoe.co.uk>
    
            * configure.ac (--enable-host-pie): New check.  Set PICFLAG after this
            check.
    
    intl/
            * configure.ac (--enable-host-shared): Don't set PICFLAG here.
            (--enable-host-pie): New check.  Set PICFLAG after this check.
    
    libdecnumber/
            * configure.ac (--enable-host-shared): Don't set PICFLAG here.
            (--enable-host-pie): New check.  Set PICFLAG after this check.
    
    zlib/
            * configure.ac (--enable-host-shared): Don't set PICFLAG here.
            (--enable-host-pie): New check.  Set PICFLAG after this check.

Diff:
---
 configure.ac              | 43 +++++++++++++++++++++++++++++++++++++++++--
 intl/configure.ac         | 21 +++++++++++++++++++++
 libdecnumber/configure.ac | 19 +++++++++++++++++--
 zlib/configure.ac         | 21 ++++++++++++++++++---
 4 files changed, 97 insertions(+), 7 deletions(-)

diff --git a/configure.ac b/configure.ac
index 86d10a6af8e..39dcf54b6a8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1987,6 +1987,28 @@ AC_ARG_ENABLE(linker-plugin-flags,
   extra_linker_plugin_flags=)
 AC_SUBST(extra_linker_plugin_flags)
 
+# Enable --enable-host-pie.
+# Checked early to determine whether jit is an 'all' language
+AC_ARG_ENABLE(host-pie,
+[AS_HELP_STRING([--enable-host-pie],
+		[build position independent host executables])],
+[host_pie=$enableval
+ case $host in
+   x86_64-*-darwin* | aarch64-*-darwin*)
+     if test x$host_pie != xyes ; then
+       # PIC is the default, and actually cannot be switched off.
+       echo configure.ac: warning: PIC code is required for the configured target, host-shared setting ignored. 1>&2
+       host_pie=yes
+     fi ;;
+  *) ;;
+ esac],
+[case $host in
+  *-*-darwin2*) host_pie=yes ;;
+  *) host_pie=no ;;
+ esac])
+
+AC_SUBST(host_pie)
+
 # Enable --enable-host-shared.
 # Checked early to determine whether jit is an 'all' language
 AC_ARG_ENABLE(host-shared,
@@ -2000,20 +2022,37 @@ AC_ARG_ENABLE(host-shared,
        echo configure.ac: warning: PIC code is required for the configured target, host-shared setting ignored. 1>&2
        host_shared=yes
      fi ;;
+   *-*-darwin*)
+     if test x$host_pie == xyes ; then
+       echo configure.ac: warning: PIC code is required for PIE executables. 1>&2
+       host_shared=yes
+     fi ;;
   *) ;;
  esac],
 [case $host in
   x86_64-*-darwin* | aarch64-*-darwin*) host_shared=yes ;;
-  *) host_shared=no ;;
+  # Darwin needs PIC objects to link PIE executables.
+  *-*-darwin*) host_shared=host_pie ;;
+  *) host_shared=no;;
  esac])
 
 AC_SUBST(host_shared)
 
+if test x$host_shared = xyes; then
+  PICFLAG=-fPIC
+elif test x$host_pie = xyes; then
+  PICFLAG=-fPIE
+else
+  PICFLAG=
+fi
+
+AC_SUBST(PICFLAG)
+
 # If we are building PIC/PIE host executables, and we are building dependent
 # libs (e.g. GMP) in-tree those libs need to be configured to generate PIC
 # code.
 host_libs_picflag=
-if test "$host_shared" = "yes";then
+if test "$host_shared" = "yes" -o "$host_pie" = "yes"; then
 host_libs_picflag='--with-pic'
 fi
 AC_SUBST(host_libs_picflag)
diff --git a/intl/configure.ac b/intl/configure.ac
index 77e2fd2d8c5..a5fc45b3602 100644
--- a/intl/configure.ac
+++ b/intl/configure.ac
@@ -73,5 +73,26 @@ fi
 AC_SUBST(BISON3_YES)
 AC_SUBST(BISON3_NO)
 
+# Enable --enable-host-shared.
+AC_ARG_ENABLE(host-shared,
+[AS_HELP_STRING([--enable-host-shared],
+       [build host code as shared libraries])])
+AC_SUBST(enable_host_shared)
+
+# Enable --enable-host-pie.
+AC_ARG_ENABLE(host-pie,
+[AS_HELP_STRING([--enable-host-pie],
+       [build host code as PIE])])
+AC_SUBST(enable_host_pie)
+
+if test x$enable_host_shared = xyes; then
+  PICFLAG=-fPIC
+elif test x$enable_host_pie = xyes; then
+  PICFLAG=-fPIE
+else
+  PICFLAG=
+fi
+AC_SUBST(PICFLAG)
+
 AC_CONFIG_FILES(Makefile config.intl)
 AC_OUTPUT
diff --git a/libdecnumber/configure.ac b/libdecnumber/configure.ac
index 16c7465b327..2e95b829dc0 100644
--- a/libdecnumber/configure.ac
+++ b/libdecnumber/configure.ac
@@ -99,8 +99,23 @@ AC_C_BIGENDIAN
 # Enable --enable-host-shared.
 AC_ARG_ENABLE(host-shared,
 [AS_HELP_STRING([--enable-host-shared],
-		[build host code as shared libraries])],
-[PICFLAG=-fPIC], [PICFLAG=])
+		[build host code as shared libraries])])
+AC_SUBST(enable_host_shared)
+
+# Enable --enable-host-pie.
+AC_ARG_ENABLE(host-pie,
+[AS_HELP_STRING([--enable-host-pie],
+		[build host code as PIE])])
+AC_SUBST(enable_host_pie)
+
+if test x$enable_host_shared = xyes; then
+  PICFLAG=-fPIC
+elif test x$enable_host_pie = xyes; then
+  PICFLAG=-fPIE
+else
+  PICFLAG=
+fi
+
 AC_SUBST(PICFLAG)
 
 # Output.
diff --git a/zlib/configure.ac b/zlib/configure.ac
index ec73c219228..b50b9c7b426 100644
--- a/zlib/configure.ac
+++ b/zlib/configure.ac
@@ -121,11 +121,26 @@ else
   multilib_arg=
 fi
 
+# Enable --enable-host-shared.
 AC_ARG_ENABLE(host-shared,
 [AS_HELP_STRING([--enable-host-shared],
-		[build host code as shared libraries])],
-[PICFLAG=-fPIC], [PICFLAG=])
-AC_SUBST(PICFLAG)
+		[build host code as shared libraries])])
+AC_SUBST(enable_host_shared)
+
+# Enable --enable-host-pie.
+AC_ARG_ENABLE(host-pie,
+[AS_HELP_STRING([--enable-host-pie],
+		[build host code as PIE])])
+AC_SUBST(enable_host_pie)
+
+if test x$enable_host_shared = xyes; then
+  PICFLAG=-fPIC
+elif test x$enable_host_pie = xyes; then
+  PICFLAG=-fPIE
+else
+  PICFLAG=
+fi
 
+AC_SUBST(PICFLAG)
 AC_CONFIG_FILES([Makefile])
 AC_OUTPUT