add safe compilation options

add two options when building rustc : strip and stack protector if set `strip = true`, `rustc` will be stripped of symbols using `-Cstrip=symbols` also can set `stack-protector` and `rustc` will be compiled with stack protectors.
rust-lang · Nov 16, 2023 · 2477a5f · 2477a5f
1 parent 9144d51
commit 2477a5f
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 1 deletion.
diff --git a/config.example.toml b/config.example.toml
@@ -603,6 +603,13 @@ change-id = 116881
 # desired in distributions, for example.
 #rpath = true
 
+# Indicates whether `rustc` should be stripped of symbols using `-Cstrip=symbols`.
+#strip = false
+
+# Indicates whether `rustc` should be compiled with stack protectors.
+# Valid options are : `none`(default),`basic`,`strong`, or `all`.
+#stack-protector = "none"
+
 # Prints each test name as it is executed, to help debug issues in the test harness itself.
 #verbose-tests = false
 

diff --git a/src/bootstrap/src/core/builder.rs b/src/bootstrap/src/core/builder.rs
@@ -16,7 +16,7 @@ use crate::core::build_steps::llvm;
 use crate::core::build_steps::tool::{self, SourceType};
 use crate::core::build_steps::{check, clean, compile, dist, doc, install, run, setup, test};
 use crate::core::config::flags::{Color, Subcommand};
-use crate::core::config::{DryRun, SplitDebuginfo, TargetSelection};
+use crate::core::config::{DryRun, SplitDebuginfo, TargetSelection, StackProtector};
 use crate::utils::cache::{Cache, Interned, INTERNER};
 use crate::utils::helpers::{self, add_dylib_path, add_link_lib_path, exe, libdir, output, t};
 use crate::Crate;
@@ -1686,6 +1686,16 @@ impl<'a> Builder<'a> {
                 rustflags.arg(&format!("-Clink-args={rpath}"));
             }
         }
+
+        if self.config.rust_strip {
+            rustflags.arg("-Cstrip=symbols");
+        }
+        match self.config.rust_stack_protector {
+            StackProtector::All => rustflags.arg("-Zstack-protector=all"),
+            StackProtector::Strong => rustflags.arg("-Zstack-protector=strong"),
+            StackProtector::Basic => rustflags.arg("-Zstack-protector=basic"),
+            StackProtector::None => rustflags.arg("-Zstack-protector=none"),
+        };
 
         if let Some(host_linker) = self.linker(compiler.host) {
             hostflags.arg(format!("-Clinker={}", host_linker.display()));

diff --git a/src/bootstrap/src/core/config/config.rs b/src/bootstrap/src/core/config/config.rs
@@ -222,6 +222,8 @@ pub struct Config {
     pub rust_debuginfo_level_tests: DebuginfoLevel,
     pub rust_split_debuginfo: SplitDebuginfo,
     pub rust_rpath: bool,
+    pub rust_strip: bool,
+    pub rust_stack_protector: StackProtector,
     pub rustc_parallel: bool,
     pub rustc_default_linker: Option<String>,
     pub rust_optimize_tests: bool,
@@ -394,6 +396,29 @@ impl SplitDebuginfo {
     }
 }
 
+/// Stack protector mode for compiling rustc itself
+#[derive(Default, Clone, PartialEq, Debug)]
+pub enum StackProtector {
+    #[default]
+    None,
+    Basic,
+    Strong,
+    All,
+}
+
+impl std::str::FromStr for StackProtector {
+    type Err = String;
+    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        match s {
+            "none" => Ok(StackProtector::None),
+            "basic" => Ok(StackProtector::Basic),
+            "strong" => Ok(StackProtector::Strong),
+            "all" => Ok(StackProtector::All),
+            _ => Err(format!("Invalid value for stack protector: {s}")),
+        }
+    }
+}
+
 /// LTO mode used for compiling rustc itself.
 #[derive(Default, Clone, PartialEq, Debug)]
 pub enum RustcLto {
@@ -1000,6 +1025,8 @@ define_config! {
         description: Option<String> = "description",
         musl_root: Option<String> = "musl-root",
         rpath: Option<bool> = "rpath",
+        strip: Option<bool> = "strip",
+        stack_protector: Option<String> = "stack-protector",
         verbose_tests: Option<bool> = "verbose-tests",
         optimize_tests: Option<bool> = "optimize-tests",
         codegen_tests: Option<bool> = "codegen-tests",
@@ -1067,6 +1094,7 @@ impl Config {
         config.docs = true;
         config.docs_minification = true;
         config.rust_rpath = true;
+        config.rust_strip = false;
         config.channel = "dev".to_string();
         config.codegen_tests = true;
         config.rust_dist_src = true;
@@ -1420,6 +1448,12 @@ impl Config {
             set(&mut config.rust_optimize_tests, rust.optimize_tests);
             set(&mut config.codegen_tests, rust.codegen_tests);
             set(&mut config.rust_rpath, rust.rpath);
+            set(&mut config.rust_strip, rust.strip);
+            config.rust_stack_protector = rust
+                    .stack_protector
+                    .as_deref()
+                    .map(|value| StackProtector::from_str(value).unwrap())
+                    .unwrap_or_default();
             set(&mut config.jemalloc, rust.jemalloc);
             set(&mut config.test_compare_mode, rust.test_compare_mode);
             set(&mut config.backtrace, rust.backtrace);