Support for providing compiler flags during build

[omajid]

Certain linux distributions, like Fedora, require that all the native code in the distribution gets built with some distribution-standard compiler options.

Debian has a Release goal for supporting standard (security) flags :

This goal is to update as many packages as possible to use security hardening build flags via dpkg-buildflags. These flags enable various protections against security issues such as stack smashing, predictable locations of values in memory, etc.

Even more information here: https://wiki.debian.org/Hardening. This also applies to Ubuntu, since it follows Debian's packaging rules. In fact, Ubuntu recommends you get your package into Debian first.

Fedora says:

Compilers used to build packages must honor the applicable compiler flags set in the system rpm configuration. Honoring means that the contents of that variable is used as the basis of the flags actually used by the compiler during the package build.

Gentoo says:

In Gentoo-based systems, set the CFLAGS and CXXFLAGS variables in /etc/portage/make.conf. Variables set in this file will be exported to the environment of programs invoked by portage such that all packages will be compiled using these options as a base.

It would be great if source-build provided a way for a distribution maintainer to pass these flags in one place so all libraries and executables built by source-build can follow the distribution's policy.

[omajid]

Given that most native builds are done via cmake, the following generally works just fine:

export CFLAGS="$FLAGS_GO_HERE"
export CXXFLAGS="$FLAGS_GO_HERE"
export LDFLAGS="$FLAGS_GO_HERE"

Assuming that the flags are understood by clang. Fedora, for example, likes to use -specs=/path/to/file and clang doesn't seem to understand that.

But this doesn't play very nice with the liberal use of -Werror in corefx. Also, the flags leak into corefx's configure tests (https://github.com/dotnet/corefx/blob/master/src/Native/Unix/configure.cmake) and result in tests that should work failing. For example HAVE_IN_PKTINFO would fail due to an unrelated warning. I use this to work around all that: https://gist.github.com/omajid/2e31ae5262256c275716d9c374dabe20

[omajid]

I looked more into this.

For the corefx configuration bits, I added a hack to save/empty flags during configure:

+set (PREVIOUS_CMAKE_CXX_FLAGS ${CMAKE_CXX_FLAGS})                                                                
+set (CMAKE_CXX_FLAGS "")                                                                                         
+set (PREVIOUS_CMAKE_C_FLAGS ${CMAKE_C_FLAGS})                                                                    
+set (CMAKE_C_FLAGS "") 

And then restore them at the end of the file.

For -specs=, it turns out Fedora uses it to decide at build time how something should be compiled/linked. DSOs get -pic but executibles get -pie. I have hacked around it for now by adding custom patches to cmake configuration:

SET_TARGET_PROPERTIES(${DOTNET_HOST_EXE_NAME} PROPERTIES LINK_FLAGS -pie)