(PA-6383) share compiler default settings

Author: h0tw1r3

configs/projects/_shared-agent-settings.rb

@@ -140,23 +140,8 @@
 proj.setting(:platform_triple, platform_triple)
 proj.setting(:host, host)
 
-# Define default CFLAGS and LDFLAGS for most platforms, and then
-# tweak or adjust them as needed.
-proj.setting(:cppflags, "-I#{proj.includedir} -I/opt/pl-build-tools/include")
-proj.setting(:cflags, "#{proj.cppflags}")
-proj.setting(:ldflags, "-L#{proj.libdir} -L/opt/pl-build-tools/lib -Wl,-rpath=#{proj.libdir}")
-
-# Platform specific overrides or settings, which may override the defaults
-
-# Harden Linux ELF binaries by compiling with PIE (Position Independent Executables) support,
-# stack canary and full RELRO.
-# We only do this on platforms that use their default OS toolchain since pl-gcc versions
-# are too old to support these flags.
-if (platform.is_sles? && platform.os_version.to_i >= 15) || (platform.is_el? && platform.os_version.to_i >= 8) || platform.is_debian? || (platform.is_ubuntu? && platform.os_version.to_i >= 20) || platform.is_fedora?
-  proj.setting(:cppflags, "-I#{proj.includedir} -D_FORTIFY_SOURCE=2")
-  proj.setting(:cflags, '-fstack-protector-strong -fno-plt -O2')
-  proj.setting(:ldflags, "-L#{proj.libdir} -Wl,-rpath=#{proj.libdir},-z,relro,-z,now")
-end
+# Load default compiler settings
+instance_eval File.read(File.join(__dir__, '_shared-compiler-settings.rb'))
 
 if ruby_version_x == "3"
   proj.setting(:openssl_version, '3.0')

configs/projects/_shared-client-tools-runtime.rb

@@ -92,20 +92,8 @@
   proj.setting(:ldflags, "-L#{proj.tools_root}/lib -L#{proj.gcc_root}/lib -L#{proj.libdir} -Wl,--nxcompat -Wl,--dynamicbase")
   proj.setting(:cygwin, "nodosfilewarning winsymlinks:native")
 else
-  proj.setting(:tools_root, "/opt/pl-build-tools")
-  proj.setting(:cppflags, "-I#{proj.includedir} -I/opt/pl-build-tools/include")
-  proj.setting(:cflags, "#{proj.cppflags}")
-  proj.setting(:ldflags, "-L#{proj.libdir} -L/opt/pl-build-tools/lib -Wl,-rpath=#{proj.libdir}")
-
-  # Harden Linux ELF binaries by compiling with PIE (Position Independent Executables) support,
-  # stack canary and full RELRO.
-  # We only do this on platforms that use their default OS toolchain since pl-gcc versions
-  # are too old to support these flags.
-  if (platform.is_sles? && platform.os_version.to_i >= 15) || (platform.is_el? && platform.os_version.to_i >= 8) || platform.is_debian? || (platform.is_ubuntu? && platform.os_version.to_i >= 20) || platform.is_fedora?
-    proj.setting(:cppflags, "-I#{proj.includedir} -D_FORTIFY_SOURCE=2")
-    proj.setting(:cflags, '-fstack-protector-strong -fno-plt -O2')
-    proj.setting(:ldflags, "-L#{proj.libdir} -Wl,-rpath=#{proj.libdir},-z,relro,-z,now")
-  end
+  # Load default compiler settings
+  instance_eval File.read(File.join(__dir__, '_shared-compiler-settings.rb'))
 end
 
 # What to build?

configs/projects/_shared-compiler-settings.rb

@@ -0,0 +1,22 @@
+# Define default CFLAGS and LDFLAGS for most platforms, and then
+# tweak or adjust them as needed.
+proj.setting(:cppflags, "-I#{proj.includedir} -I/opt/pl-build-tools/include")
+proj.setting(:cflags, "#{proj.cppflags}")
+proj.setting(:ldflags, "-L#{proj.libdir} -L/opt/pl-build-tools/lib -Wl,-rpath=#{proj.libdir}")
+
+# Platform specific overrides or settings, which may override the defaults
+
+# Harden Linux ELF binaries by compiling with PIE (Position Independent Executables) support,
+# stack canary and full RELRO.
+# We only do this on platforms that use their default OS toolchain since pl-gcc versions
+# are too old to support these flags.
+if ((platform.is_sles? && platform.os_version.to_i >= 15) ||
+    (platform.is_el? && platform.os_version.to_i >= 8) ||
+    platform.is_debian? ||
+    (platform.is_ubuntu? && platform.os_version.to_i >= 20) ||
+    platform.is_fedora?
+   )
+  proj.setting(:cppflags, "-I#{proj.includedir} -D_FORTIFY_SOURCE=2")
+  proj.setting(:cflags, '-fstack-protector-strong -fno-plt -O2')
+  proj.setting(:ldflags, "-L#{proj.libdir} -Wl,-rpath=#{proj.libdir},-z,relro,-z,now")
+end

configs/projects/_shared-pe-bolt-server_with_ruby.rb

@@ -75,23 +75,8 @@
 ruby_base_version = proj.ruby_version.gsub(/(\d+)\.(\d+)\.(\d+)/, '\1.\2.0')
 proj.setting(:gem_home, File.join(proj.libdir, 'ruby', 'gems', ruby_base_version))
 
-# Define default CFLAGS and LDFLAGS for most platforms, and then
-# tweak or adjust them as needed.
-proj.setting(:cppflags, "-I#{proj.includedir} -I/opt/pl-build-tools/include")
-proj.setting(:cflags, "#{proj.cppflags}")
-proj.setting(:ldflags, "-L#{proj.libdir} -L/opt/pl-build-tools/lib -Wl,-rpath=#{proj.libdir}")
-
-# Platform specific overrides or settings, which may override the defaults
-
-# Harden Linux ELF binaries by compiling with PIE (Position Independent Executables) support,
-# stack canary and full RELRO.
-# We only do this on platforms that use their default OS toolchain since pl-gcc versions
-# are too old to support these flags.
-if (platform.is_sles? && platform.os_version.to_i >= 15) || (platform.is_el? && platform.os_version.to_i >= 8) || platform.is_debian? || (platform.is_ubuntu? && platform.os_version.to_i >= 20) || platform.is_fedora?
-  proj.setting(:cppflags, "-I#{proj.includedir} -D_FORTIFY_SOURCE=2")
-  proj.setting(:cflags, '-fstack-protector-strong -fno-plt -O2')
-  proj.setting(:ldflags, "-L#{proj.libdir} -Wl,-rpath=#{proj.libdir},-z,relro,-z,now")
-end
+# Load default compiler settings
+instance_eval File.read(File.join(__dir__, '_shared-compiler-settings.rb'))
 
 # Required to build ruby
 proj.component 'libffi'

configs/projects/_shared-pe-installer-runtime.rb

@@ -31,21 +31,8 @@
 proj.setting(:artifactory_url, "https://artifactory.delivery.puppetlabs.net/artifactory")
 proj.setting(:buildsources_url, "#{proj.artifactory_url}/generic/buildsources")
 
-# Define default CFLAGS and LDFLAGS for most platforms, and then
-# tweak or adjust them as needed.
-proj.setting(:cppflags, "-I#{proj.includedir} -I/opt/pl-build-tools/include")
-proj.setting(:cflags, "#{proj.cppflags}")
-proj.setting(:ldflags, "-L#{proj.libdir} -L/opt/pl-build-tools/lib -Wl,-rpath=#{proj.libdir}")
-
-# Harden Linux ELF binaries by compiling with PIE (Position Independent Executables) support,
-# stack canary and full RELRO.
-# We only do this on platforms that use their default OS toolchain since pl-gcc versions
-# are too old to support these flags.
-if (platform.is_sles? && platform.os_version.to_i >= 15) || (platform.is_el? && platform.os_version.to_i >= 8) || platform.is_debian? || (platform.is_ubuntu? && platform.os_version.to_i >= 20) || platform.is_fedora?
-  proj.setting(:cppflags, "-I#{proj.includedir} -D_FORTIFY_SOURCE=2")
-  proj.setting(:cflags, '-fstack-protector-strong -fno-plt -O2')
-  proj.setting(:ldflags, "-L#{proj.libdir} -Wl,-rpath=#{proj.libdir},-z,relro,-z,now")
-end
+# Load default compiler settings
+instance_eval File.read(File.join(__dir__, '_shared-compiler-settings.rb'))
 
 # These flags are applied in addition to the defaults in configs/component/openssl.rb.
 proj.setting(:openssl_extra_configure_flags, [

configs/projects/bolt-runtime.rb

@@ -66,21 +66,8 @@
   proj.setting(:artifactory_url, "https://artifactory.delivery.puppetlabs.net/artifactory")
   proj.setting(:buildsources_url, "#{proj.artifactory_url}/generic/buildsources")
 
-  # Define default CFLAGS and LDFLAGS for most platforms, and then
-  # tweak or adjust them as needed.
-  proj.setting(:cppflags, "-I#{proj.includedir} -I/opt/pl-build-tools/include")
-  proj.setting(:cflags, "#{proj.cppflags}")
-  proj.setting(:ldflags, "-L#{proj.libdir} -L/opt/pl-build-tools/lib -Wl,-rpath=#{proj.libdir}")
-
-  # Harden Linux ELF binaries by compiling with PIE (Position Independent Executables) support,
-  # stack canary and full RELRO.
-  # We only do this on platforms that use their default OS toolchain since pl-gcc versions
-  # are too old to support these flags.
-  if (platform.is_sles? && platform.os_version.to_i >= 15) || (platform.is_el? && platform.os_version.to_i >= 8) || platform.is_debian? || (platform.is_ubuntu? && platform.os_version.to_i >= 20) || platform.is_fedora?
-    proj.setting(:cppflags, "-I#{proj.includedir} -D_FORTIFY_SOURCE=2")
-    proj.setting(:cflags, '-fstack-protector-strong -fno-plt -O2')
-    proj.setting(:ldflags, "-L#{proj.libdir} -Wl,-rpath=#{proj.libdir},-z,relro,-z,now")
-  end
+  # Load default compiler settings
+  instance_eval File.read(File.join(__dir__, '_shared-compiler-settings.rb'))
 
   # Platform specific overrides or settings, which may override the defaults
   if platform.is_windows?

configs/projects/pdk-runtime.rb

@@ -111,21 +111,8 @@
     proj.setting(:host, "--host #{platform.platform_triple}")
   end
 
-  # Define default CFLAGS and LDFLAGS for most platforms, and then
-  # tweak or adjust them as needed.
-  proj.setting(:cppflags, "-I#{proj.includedir} -I/opt/pl-build-tools/include")
-  proj.setting(:cflags, proj.cppflags.to_s)
-  proj.setting(:ldflags, "-L#{proj.libdir} -L/opt/pl-build-tools/lib -Wl,-rpath=#{proj.libdir}")
-
-  # Harden Linux ELF binaries by compiling with PIE (Position Independent Executables) support,
-  # stack canary and full RELRO.
-  # We only do this on platforms that use their default OS toolchain since pl-gcc versions
-  # are too old to support these flags.
-  if (platform.is_sles? && platform.os_version.to_i >= 15) || (platform.is_el? && platform.os_version.to_i >= 8) || platform.is_debian? || (platform.is_ubuntu? && platform.os_version.to_i >= 20) || platform.is_fedora?
-    proj.setting(:cppflags, "-I#{proj.includedir} -D_FORTIFY_SOURCE=2")
-    proj.setting(:cflags, '-fstack-protector-strong -fno-plt -O2')
-    proj.setting(:ldflags, "-L#{proj.libdir} -Wl,-rpath=#{proj.libdir},-z,relro,-z,now")
-  end
+  # Load default compiler settings
+  instance_eval File.read(File.join(__dir__, '_shared-compiler-settings.rb'))
 
   if platform.is_windows?
     proj.setting(:gcc_root, 'C:/tools/mingw64')