Skip to content

fix: Fix sw64 gcc not support pie by default #47

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
deepin-bot merged 1 commit into from
Jan 6, 2026
Merged

fix: Fix sw64 gcc not support pie by default #47

deepin-bot merged 1 commit into from
Jan 6, 2026

Conversation

@wangrong1069
Copy link
Contributor

@wangrong1069 wangrong1069 commented Jan 6, 2026
edited by sourcery-ai bot
Loading

Add the -fPIE parameter via CMAKE_POSITION_INDEPENDENT_CODE. Add the -pie parameter via target_link_options.

Log: Update compiler flags for security enhancements
Bug: https://pms.uniontech.com/bug-view-339563.html

Summary by Sourcery

Enable position-independent code and PIE linking for the dde-device-formatter target to ensure compatibility with sw64 GCC defaults.

Enhancements:

  • Turn on CMake-wide position-independent code generation via CMAKE_POSITION_INDEPENDENT_CODE.
  • Add PIE linker flags to the main target using target_link_options.

@wangrong1069
fix: Fix sw64 gcc not support pie by default
6da8df9 
Add the -fPIE parameter via CMAKE_POSITION_INDEPENDENT_CODE.
Add the -pie parameter via target_link_options.

Log: Update compiler flags for security enhancements
Bug: https://pms.uniontech.com/bug-view-339563.html
@sourcery-ai
Copy link

sourcery-ai bot commented Jan 6, 2026

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

This PR enables position-independent code and PIE linking for the dde-device-formatter target to address sw64 GCC not enabling PIE by default, by turning on global PIC generation and adding a -pie link option.

File-Level Changes

Change Details Files
Enable generation of position-independent code at the CMake project level.
  • Set CMAKE_POSITION_INDEPENDENT_CODE to ON so all targets build with -fPIE or equivalent by default
 CMakeLists.txt
Enable PIE (Position Independent Executable) at link time for the main target.
  • Add target_link_options with -pie for the dde-device-formatter target to ensure the final binary is linked as a PIE
 CMakeLists.txt
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

sourcery-ai[bot]
sourcery-ai bot reviewed Jan 6, 2026
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've left some high level feedback:

  • The CMAKE_POSITION_INDEPENDENT_CODE flag is being set globally, which will affect all current and future targets; consider limiting this to the specific target(s) that require PIE to avoid unintended side effects on libraries or other executables.
  • The unconditional target_link_options(${PROJECT_NAME} PRIVATE -pie) may not be supported or appropriate on all toolchains or platforms; consider wrapping this in a check for the sw64 GCC toolchain or CMake's CMAKE_SYSTEM_PROCESSOR/CMAKE_CXX_COMPILER_ID to avoid build issues elsewhere.
Prompt for AI Agents 
Please address the comments from this code review:

## Overall Comments
- The `CMAKE_POSITION_INDEPENDENT_CODE` flag is being set globally, which will affect all current and future targets; consider limiting this to the specific target(s) that require PIE to avoid unintended side effects on libraries or other executables.
- The unconditional `target_link_options(${PROJECT_NAME} PRIVATE -pie)` may not be supported or appropriate on all toolchains or platforms; consider wrapping this in a check for the sw64 GCC toolchain or CMake's `CMAKE_SYSTEM_PROCESSOR`/`CMAKE_CXX_COMPILER_ID` to avoid build issues elsewhere.
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@deepin-ci-robot
Copy link

deepin-ci-robot commented Jan 6, 2026

deepin pr auto review

我来对这个 CMakeLists.txt 的修改进行审查:

  1. 语法逻辑:
  • 新增的两行代码语法都是正确的
  • set(CMAKE_POSITION_INDEPENDENT_CODE ON)target_link_options(${PROJECT_NAME} PRIVATE -pie) 的位置都是合适的
  1. 代码质量:
  • 代码结构清晰,注释完整
  • 使用了 CMake 的标准变量和命令
  • 修改遵循了现有代码的风格
  1. 代码性能:
  • CMAKE_POSITION_INDEPENDENT_CODE ON-pie 选项都是为了生成位置无关代码,这会:
    • 提高安全性(启用 ASLR)
    • 可能会带来轻微的性能开销(通常可以忽略)
    • 对于共享库是必需的
  1. 代码安全:
  • 这两个修改都是为了提高安全性:
    • CMAKE_POSITION_INDEPENDENT_CODE ON 确保生成位置无关代码
    • -pie 选项启用位置无关可执行文件
    • 这些修改有助于防止缓冲区溢出等安全漏洞

改进建议:

  1. 建议在添加这些安全选项时添加注释,说明为什么需要这些选项:
# 启用位置无关代码,提高安全性(ASLR)
set(CMAKE_POSITION_INDEPENDENT_CODE ON)
...
# 启用位置无关可执行文件,提高安全性
target_link_options(${PROJECT_NAME} PRIVATE -pie)
  1. 考虑添加条件编译,只在支持的平台上启用这些选项:
# 检查平台是否支持 PIE
if(UNIX AND NOT APPLE)
    set(CMAKE_POSITION_INDEPENDENT_CODE ON)
    target_link_options(${PROJECT_NAME} PRIVATE -pie)
endif()

总体来说,这个修改是合理的,主要是为了提高程序的安全性。建议添加适当的注释和平台检查,使代码更加健壮和可维护。

@deepin-ci-robot
Copy link

deepin-ci-robot commented Jan 6, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: lzwind, wangrong1069

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@wangrong1069
Copy link
Contributor Author

wangrong1069 commented Jan 6, 2026

/forcemerge

@deepin-bot
Copy link
Contributor

deepin-bot bot commented Jan 6, 2026

This pr force merged! (status: unstable)

@deepin-bot deepin-bot bot merged commit f86f7a8 into linuxdeepin:master Jan 6, 2026
16 of 18 checks passed
@wangrong1069 wangrong1069 deleted the pr0106 branch January 6, 2026 09:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

@lzwind lzwind lzwind approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@wangrong1069 @deepin-ci-robot @lzwind