Add support for /INTEGRITYCHECK flag on Windows (#1390)

* Build dlls with INTEGRITYCHECK flag if ENABLE_INTEGRITYCHECK=ON

INTEGRITYCHECK flag enforces digital signature before loading the binary in Windows.
Also, refine /guard:cf flag enabling - MSCV, Intel, clang compilers does support /guard:cf.

diff --git a/cmake/features.cmake b/cmake/features.cmake
index 026d2518aa434ce03fdb21423098ee0b65696e8c..5eda5db8131b006377d207ed3cd791714cb560fe 100644 (file)
--- a/cmake/features.cmake
+++ b/cmake/features.cmake
@@ -28,6 +28,8 @@ ie_option (OS_FOLDER "create OS dedicated folder in output" OFF)
 # FIXME: ARM cross-compiler generates several "false positive" warnings regarding __builtin_memcpy buffer overflow
 ie_dependent_option (TREAT_WARNING_AS_ERROR "Treat build warnings as errors" ON "X86 OR X86_64" OFF)
 
+ie_option (ENABLE_INTEGRITYCHECK "build DLLs with /INTEGRITYCHECK flag" OFF)
+
 ie_option (ENABLE_SANITIZER "enable checking memory errors via AddressSanitizer" OFF)
 
 ie_option (ENABLE_THREAD_SANITIZER "enable checking data races via ThreadSanitizer" OFF)

diff --git a/cmake/sdl.cmake b/cmake/sdl.cmake
index ff88ccc287dc3d1cf1f01797d3098e322415e2f1..7027a697119b21a89e9d695ca3e6bcf32f994777 100644 (file)
--- a/cmake/sdl.cmake
+++ b/cmake/sdl.cmake
@@ -14,9 +14,7 @@ if (CMAKE_BUILD_TYPE STREQUAL "Release")
         endif()
 
         if(CMAKE_CXX_COMPILER_ID STREQUAL "GNU")
-            set(CMAKE_SHARED_LINKER_FLAGS_RELEASE "${CMAKE_SHARED_LINKER_FLAGS_RELEASE} -z noexecstack -z relro -z now")
-            set(CMAKE_MODULE_LINKER_FLAGS_RELEASE "${CMAKE_MODULE_LINKER_FLAGS_RELEASE} -z noexecstack -z relro -z now")
-            set(CMAKE_EXE_LINKER_FLAGS_RELEASE "${CMAKE_EXE_LINKER_FLAGS_RELEASE} -z noexecstack -z relro -z now")
+            set(IE_LINKER_FLAGS "${IE_LINKER_FLAGS} -z noexecstack -z relro -z now")
             if(CMAKE_CXX_COMPILER_VERSION VERSION_LESS 4.9)
                 set(IE_C_CXX_FLAGS "${IE_C_CXX_FLAGS} -fstack-protector-all")
             else()
@@ -32,14 +30,21 @@ if (CMAKE_BUILD_TYPE STREQUAL "Release")
                 set(IE_C_CXX_FLAGS "${IE_C_CXX_FLAGS} -Wl,--strip-all")
             endif()
             set(IE_C_CXX_FLAGS "${IE_C_CXX_FLAGS} -fstack-protector-strong")
-            set(CMAKE_SHARED_LINKER_FLAGS_RELEASE "${CMAKE_SHARED_LINKER_FLAGS_RELEASE} -z noexecstack -z relro -z now")
-            set(CMAKE_MODULE_LINKER_FLAGS_RELEASE "${CMAKE_MODULE_LINKER_FLAGS_RELEASE} -z noexecstack -z relro -z now")
-            set(CMAKE_EXE_LINKER_FLAGS_RELEASE "${CMAKE_EXE_LINKER_FLAGS_RELEASE} -z noexecstack -z relro -z now")
+            set(IE_LINKER_FLAGS "${IE_LINKER_FLAGS} -z noexecstack -z relro -z now")
+        endif()
+    else()
+        if(CMAKE_CXX_COMPILER_ID STREQUAL "MSVC")
+            set(IE_C_CXX_FLAGS "${IE_C_CXX_FLAGS} /sdl")
+        endif()
+        set(IE_C_CXX_FLAGS "${IE_C_CXX_FLAGS} /guard:cf")
+        if(ENABLE_INTEGRITYCHECK)
+            set(CMAKE_SHARED_LINKER_FLAGS_RELEASE "${CMAKE_SHARED_LINKER_FLAGS_RELEASE} /INTEGRITYCHECK")
         endif()
-    elseif(CMAKE_CXX_COMPILER_ID STREQUAL "MSVC")
-        set(IE_C_CXX_FLAGS "${IE_C_CXX_FLAGS} /sdl /guard:cf")
     endif()
 
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${IE_C_CXX_FLAGS}")
     set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${IE_C_CXX_FLAGS}")
+    set(CMAKE_SHARED_LINKER_FLAGS_RELEASE "${CMAKE_SHARED_LINKER_FLAGS_RELEASE} ${IE_LINKER_FLAGS}")
+    set(CMAKE_MODULE_LINKER_FLAGS_RELEASE "${CMAKE_MODULE_LINKER_FLAGS_RELEASE} ${IE_LINKER_FLAGS}")
+    set(CMAKE_EXE_LINKER_FLAGS_RELEASE "${CMAKE_EXE_LINKER_FLAGS_RELEASE} ${IE_LINKER_FLAGS}")
 endif()