[privoxy.git] / windows / MYconfigure

#!/bin/sh
# run the configure script for a native Windows build

if [ -f ../configure.in ]; then
   #  we're in the windows directory, so we need to go up a level
   cd ..
fi

if [ ! -f configure ]; then
   autoheader
   #   creates config.h.in
   autoconf
   #   creates configure
fi

####### configure options:
# --help                          Show configure options and a short description
#
# --host=i686-w64-mingw32         Use the mingw cross-compiler to build a 'native' windows binary
# --enable-mingw32                Use mingw32 for a Windows GUI
# --enable-static-linking         Use static linking instead of dynamic linking (and not have
#                                 to put all the .DLLs in the path or the same dir as Privoxy)
# --disable-pthread               Use native threads instead of POSIX pthreads library
# --disable-dynamic-pcre          Use the built-in, static pcre, even if libpcre is available
# --with-docbook=yes              Enable docbook documentation creation


export CFLAGS="-O2"
# note: configure.in line 155
#         if test "X$CFLAGS" = "X "; then # if CFLAGS were unset (see above)
#   In other words, if you set CFLAGS you need to include -O2 if you want optimization
#   assume I'll set cflags below, so set O2 now

export CPPFLAGS=""
# start with initially empty flags

export LDFLAGS=""
# start with initially empty flags


CFLAGS="${CFLAGS} -fstack-protector-strong -D_FORTIFY_SOURCE=2"
LDFLAGS="${LDFLAGS} -fstack-protector-strong"
# -fstack-protector-strong:  enable stack checking.
# NOTE: need to specify when compiling _and_ linking
# stack-protector-strong: better balance between security and performance.
#   This flag protects more kinds of vulnerable functions than -fstack-protector does,
#   but not every function, providing better performance than -fstack-protector-all.
# see : https://en.wikipedia.org/wiki/Buffer_overflow_protection
# NOTE: needs static linking or the following in the path:
#         /usr/i686-w64-mingw32/sys-root/mingw/bin/libssp-0.dll
#
# -D_FORTIFY_SOURCE:  detect some buffer overflow errors
#     ***>> requires compiler optimization level 1 or above <<***
# see : https://gcc.gnu.org/legacy-ml/gcc-patches/2004-09/msg02055.html
#   The diffence between -D_FORTIFY_SOURCE=1 and -D_FORTIFY_SOURCE=2 is e.g. for
#     struct S { struct T { char buf[5]; int x; } t; char buf[20]; } var;
#   With -D_FORTIFY_SOURCE=1,
#     strcpy (&var.t.buf[1], "abcdefg");
#   is not considered an overflow (object is whole VAR), while with -D_FORTIFY_SOURCE=2
#     strcpy (&var.t.buf[1], "abcdefg");
#   will be considered a buffer overflow.

### CFLAGS="${CFLAGS} -march=native"
# -march=cpu-type
#   Generate instructions for the machine type cpu-type.  In contrast to -mtune=cpu-type, which merely tunes the
#   generated code for the specified cpu-type, -march=cpu-type allows GCC to generate code that may not run at all on
#   processors other than the one indicated.
#   Specifying -march=cpu-type implies -mtune=cpu-type.
#
# -march=native
#   This selects the CPU to generate code for at compilation time by determining the processor type of the compiling
#   machine.  Using -march=native enables all instruction subsets supported by the local machine (hence the result
#   might not run on different machines).  Using -mtune=native produces code optimized for the local machine under
#   the constraints of the selected instruction set.

LDFLAGS="${LDFLAGS} -Wl,--nxcompat"
# https://en.wikipedia.org/wiki/Data_Execution_Prevention
#   Enable DEP with -Wl,--nxcompat
# also called NX or nxcompat for "no execute"  see: https://en.wikipedia.org/wiki/NX_bit
#   $ peflags -v privoxy.exe
#   privoxy.exe: coff(0x0106[+executable_image,+line_nums_stripped,+32bit_machine]) pe(0x0140[+dynamicbase,+nxcompat])


LDFLAGS="${LDFLAGS} -Wl,--dynamicbase,--export-all-symbols"
# https://en.wikipedia.org/wiki/Address_space_layout_randomization
# https://stackoverflow.com/questions/24283918/how-can-i-enable-aslr-dep-and-safeseh-on-an-exe-in-codeblocks-using-mingw
#   ASLR with gcc has a problem: -Wl,--dynamicbase doesn't emit the necessary relocation table.
#   As a workaround, you can pass -Wl,--dynamicbase,--export-all-symbols
#   NOTE: you can't have both this and profiling (cflags='-pg') enabled!

CFLAGS="${CFLAGS} -Wall"
# see: http://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html
# -Wall   doesn't actually turn on all warnings, so add  -Wextra
#    but then plenty too many complaints by
#      -Wimplicit-fallthrough=3
#         too many warnings in pcre/study.c & pcre.c
#      -Wmissing-field-initializers
#      -Wsign-compare
#      -Wtype-limits
#      -Wunused-but-set-parameter
#      -Wunused-but-set-variable
CFLAGS="${CFLAGS} -Wextra -Wno-missing-field-initializers -Wno-sign-compare -Wno-type-limits"
CFLAGS="${CFLAGS} -Wno-unused-parameter -Wno-unused-but-set-variable"

#-no-# CFLAGS="${CFLAGS} -Wconversion"
#   way too many warnings for things that don't look like a problem

#-no-# CFLAGS="${CFLAGS} -Werror"
# Turn all warnings into errors.
#   Privoxy still has a few warnings that are not a problem

CFLAGS="${CFLAGS} -Wformat=2"
# -Wformat is enabled by -Wall.
# -Wformat=2 is equivalent to -Wformat -Wformat-nonliteral -Wformat-security -Wformat-y2k
#   -Wformat-security : also warn about uses of format functions that represent possible security problems.

CFLAGS="${CFLAGS} -Wlogical-op"
# Warn about suspicious uses of logical operators in expressions.

CFLAGS="${CFLAGS} -Wshadow"
# Warn whenever a local variable or type declaration shadows
# another variable or whenever a built-in function is shadowed.

#-no-# CFLAGS="${CFLAGS} -Wwrite-strings"
# These warnings help you find at compile time code that can try to write
# into a string constant, but only if you have been very careful about
# using const in declarations and prototypes.
# >>> Otherwise, it is just a nuisance. <<<  -- this, very much this

# why does the mingw library _not_ include .a files for libpcre?
# *sigh* build my own pcre so I can do static linking
# Get the 8.x PCRE library from  https://ftp.pcre.org/pub/pcre/
inc="/source/pcre-8.45/"
lib="/source/pcre-8.45/.libs"
CPPFLAGS="${CPPFLAGS} -I${inc}"
LDFLAGS="${LDFLAGS} -L${lib}"

# mbedtls
# Get the 2.16.x mbedtls library from  https://github.com/ARMmbed/mbedtls/tags
inc="/source/mbedtls-2.16.10/include"
lib="/source/mbedtls-2.16.10/library"
MITMOPT="--with-mbedtls"
CPPFLAGS="${CPPFLAGS} -I${inc}"
LDFLAGS="${LDFLAGS} -L${lib}"

# brotli
# Get the brotli library from  https://github.com/google/brotli/releases
inc="/source/brotli-1.0.9/c/include"
lib="/source/brotli-1.0.9/.libs"
BROTLIOPT="--with-brotli"
CPPFLAGS="${CPPFLAGS} -I${inc}"
LDFLAGS="${LDFLAGS} -L${lib}"

###
echo "CFLAGS=${CFLAGS}"
echo "CPPFLAGS=${CPPFLAGS}"
echo "LDFLAGS=${LDFLAGS}"

# ./configure cross-compilation options:
#    --build: the system on which the program will be built.
#    --host:  the system on which the generated program will run.
#    --target: only used to build a cross-compiling toolchain.

./configure  --host=i686-w64-mingw32  --enable-mingw32  --enable-zlib \
             --enable-static-linking \
             --enable-strptime-sanity-checks \
             --disable-pthread  \
             --enable-extended-statistics \
             --enable-pcre-host-patterns \
             --with-brotli  \
             --with-mbedtls \
             --with-docbook=yes

#  -- done --