Test linking for hardening options

Some options depend on correct library support.

configure

@@ -3204,7 +3204,7 @@ main ()
   return 0;
 }
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"; then :
   { $as_echo "$as_me:${as_lineno-$LINENO}: Setting $TESTFLAGS" >&5
 $as_echo "$as_me: Setting $TESTFLAGS" >&6;}
 else
@@ -3212,7 +3212,8 @@ else
 $as_echo "$as_me: Not setting $TESTFLAGS" >&6;}; CFLAGS="$OLDFLAGS"
 
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
 }
 
 { $as_echo "$as_me:${as_lineno-$LINENO}: Checking if compiler '$CC' supports -fno-strict-overflow" >&5
@@ -3232,7 +3233,7 @@ main ()
   return 0;
 }
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"; then :
   { $as_echo "$as_me:${as_lineno-$LINENO}: Setting $TESTFLAGS" >&5
 $as_echo "$as_me: Setting $TESTFLAGS" >&6;}
 else
@@ -3240,7 +3241,8 @@ else
 $as_echo "$as_me: Not setting $TESTFLAGS" >&6;}; CFLAGS="$OLDFLAGS"
 
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
 }
 
 # needed for various extensions. define early before autoconf tests
@@ -3296,7 +3298,7 @@ main ()
   return 0;
 }
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"; then :
   { $as_echo "$as_me:${as_lineno-$LINENO}: Setting $TESTFLAGS" >&5
 $as_echo "$as_me: Setting $TESTFLAGS" >&6;}
 else
@@ -3304,7 +3306,8 @@ else
 $as_echo "$as_me: Not setting $TESTFLAGS" >&6;}; CFLAGS="$OLDFLAGS"
 
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
 }
 
 		OLDLDFLAGS="$LDFLAGS"
@@ -3396,7 +3399,7 @@ main ()
   return 0;
 }
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"; then :
   { $as_echo "$as_me:${as_lineno-$LINENO}: Setting $TESTFLAGS" >&5
 $as_echo "$as_me: Setting $TESTFLAGS" >&6;}
 else
@@ -3415,7 +3418,7 @@ main ()
   return 0;
 }
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"; then :
   { $as_echo "$as_me:${as_lineno-$LINENO}: Setting $TESTFLAGS" >&5
 $as_echo "$as_me: Setting $TESTFLAGS" >&6;}
 else
@@ -3423,11 +3426,13 @@ else
 $as_echo "$as_me: Not setting $TESTFLAGS" >&6;}; CFLAGS="$OLDCFLAGS"
 
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
 
 
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
 	# FORTIFY_SOURCE
 	{
 		OLDFLAGS="$CFLAGS"
@@ -3444,7 +3449,7 @@ main ()
   return 0;
 }
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"; then :
   { $as_echo "$as_me:${as_lineno-$LINENO}: Setting $TESTFLAGS" >&5
 $as_echo "$as_me: Setting $TESTFLAGS" >&6;}
 else
@@ -3452,7 +3457,8 @@ else
 $as_echo "$as_me: Not setting $TESTFLAGS" >&6;}; CFLAGS="$OLDFLAGS"
 
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
 }
 
 	# Spectre v2 mitigations
@@ -3471,7 +3477,7 @@ main ()
   return 0;
 }
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"; then :
   { $as_echo "$as_me:${as_lineno-$LINENO}: Setting $TESTFLAGS" >&5
 $as_echo "$as_me: Setting $TESTFLAGS" >&6;}
 else
@@ -3479,7 +3485,8 @@ else
 $as_echo "$as_me: Not setting $TESTFLAGS" >&6;}; CFLAGS="$OLDFLAGS"
 
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
 }
 	{
 		OLDFLAGS="$CFLAGS"
@@ -3496,7 +3503,7 @@ main ()
   return 0;
 }
 _ACEOF
-if ac_fn_c_try_compile "$LINENO"; then :
+if ac_fn_c_try_link "$LINENO"; then :
   { $as_echo "$as_me:${as_lineno-$LINENO}: Setting $TESTFLAGS" >&5
 $as_echo "$as_me: Setting $TESTFLAGS" >&6;}
 else
@@ -3504,7 +3511,8 @@ else
 $as_echo "$as_me: Not setting $TESTFLAGS" >&6;}; CFLAGS="$OLDFLAGS"
 
 fi
-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
 }
 
 fi

configure.ac

@@ -23,15 +23,15 @@ AC_PROG_CC
 if test -z "$LD" ; then
 	LD=$CC
 fi
-AC_SUBST(LD)	
+AC_SUBST(LD)
 
-AC_DEFUN(DB_TRYADDCFLAGS, 
+AC_DEFUN(DB_TRYADDCFLAGS,
 [{
 		OLDFLAGS="$CFLAGS"
 		TESTFLAGS="$1"
 		CFLAGS="$CFLAGS $TESTFLAGS"
-		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], 
-			[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+		AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+			[AC_MSG_NOTICE([Setting $TESTFLAGS])],
 			[AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDFLAGS" ]
 			)
 }])
@@ -82,14 +82,14 @@ if test "$hardenbuild" -eq 1; then
 		OLDLDFLAGS="$LDFLAGS"
 		TESTFLAGS="-Wl,-pie"
 		LDFLAGS="$LDFLAGS $TESTFLAGS"
-		AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
-			[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+		AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+			[AC_MSG_NOTICE([Setting $TESTFLAGS])],
 			[
 				LDFLAGS="$OLDLDFLAGS"
 				TESTFLAGS="-pie"
 				LDFLAGS="$LDFLAGS $TESTFLAGS"
-				AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
-					[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+				AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+					[AC_MSG_NOTICE([Setting $TESTFLAGS])],
 					[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
 					)
 			]
@@ -98,8 +98,8 @@ if test "$hardenbuild" -eq 1; then
 		OLDLDFLAGS="$LDFLAGS"
 		TESTFLAGS="-Wl,-z,now -Wl,-z,relro"
 		LDFLAGS="$LDFLAGS $TESTFLAGS"
-		AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
-			[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+		AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+			[AC_MSG_NOTICE([Setting $TESTFLAGS])],
 			[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
 			)
 	fi # non-static
@@ -107,14 +107,14 @@ if test "$hardenbuild" -eq 1; then
 	OLDCFLAGS="$CFLAGS"
 	TESTFLAGS="-fstack-protector-strong"
 	CFLAGS="$CFLAGS $TESTFLAGS"
-	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], 
-	    [AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+	AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+	    [AC_MSG_NOTICE([Setting $TESTFLAGS])],
 	    [
 			CFLAGS="$OLDCFLAGS"
 			TESTFLAGS="-fstack-protector --param=ssp-buffer-size=4"
 			CFLAGS="$CFLAGS $TESTFLAGS"
-			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], 
-			    [AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+			AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+			    [AC_MSG_NOTICE([Setting $TESTFLAGS])],
 			    [AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDCFLAGS" ]
 			    )
 	    ]
@@ -174,7 +174,7 @@ case "$host" in
 	# OpenSSH thinks it's broken. If it isn't, let me know.
 	AC_DEFINE(BROKEN_GETADDRINFO,1,Broken getaddrinfo)
 	;;
-	
+
 *-*-hpux*)
 	LIBS="$LIBS -lsec"
 	# It's probably broken.
@@ -191,7 +191,7 @@ AC_CHECK_TOOL(STRIP, strip, :)
 AC_CHECK_TOOL(INSTALL, install, :)
 
 dnl Can't use login() or logout() with uclibc
-AC_CHECK_DECL(__UCLIBC__, 
+AC_CHECK_DECL(__UCLIBC__,
 	[
 	no_loginfunc_check=1
 	AC_MSG_NOTICE([Using uClibc - login() and logout() probably don't work, so we won't use them.])
@@ -199,14 +199,14 @@ AC_CHECK_DECL(__UCLIBC__,
 
 dnl We test for crypt() specially. On Linux (and others?) it resides in libcrypt
 dnl but we don't want link all binaries to -lcrypt, just dropbear server.
-dnl OS X doesn't need -lcrypt 
+dnl OS X doesn't need -lcrypt
 AC_CHECK_FUNC(crypt, found_crypt_func=here)
-AC_CHECK_LIB(crypt, crypt, 
+AC_CHECK_LIB(crypt, crypt,
 	[
 	CRYPTLIB="-lcrypt"
 	found_crypt_func=here
 	])
-AC_SUBST(CRYPTLIB)	
+AC_SUBST(CRYPTLIB)
 if test "t$found_crypt_func" = there; then
 AC_DEFINE(HAVE_CRYPT, 1, [crypt() function])
 fi
@@ -568,7 +568,7 @@ AC_ARG_ENABLE(bundled-libtom,
 )
 
 if test $BUNDLED_LIBTOM = 1 ; then
-	AC_DEFINE(BUNDLED_LIBTOM,1,Use bundled libtom) 
+	AC_DEFINE(BUNDLED_LIBTOM,1,Use bundled libtom)
 fi
 
 AC_SUBST(LIBTOM_LIBS)
@@ -641,7 +641,7 @@ AC_ARG_ENABLE(pututxline,
 AC_ARG_WITH(lastlog,
   [  --with-lastlog=FILE|DIR specify lastlog location [common locations]],
 	[
-		if test "x$withval" = "xno" ; then	
+		if test "x$withval" = "xno" ; then
 			AC_DEFINE(DISABLE_LASTLOG)
 		else
 			conf_lastlog_location=$withval
@@ -716,7 +716,7 @@ fi
 
 if test -n "$conf_lastlog_location"; then
 	AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location", lastlog file location)
-fi	
+fi
 
 dnl utmp detection
 AC_MSG_CHECKING([if your system defines UTMP_FILE])
@@ -746,7 +746,7 @@ if test -z "$conf_utmp_location"; then
 fi
 if test -n "$conf_utmp_location"; then
 	AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location", utmp file location)
-fi	
+fi
 
 dnl wtmp detection
 AC_MSG_CHECKING([if your system defines WTMP_FILE])
@@ -778,7 +778,7 @@ if test -z "$conf_wtmp_location"; then
 fi
 if test -n "$conf_wtmp_location"; then
 	AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location", wtmp file location)
-fi	
+fi
 
 
 dnl utmpx detection - I don't know any system so perverse as to require
@@ -806,7 +806,7 @@ if test -z "$conf_utmpx_location"; then
 	fi
 else
 	AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location", utmpx file location)
-fi	
+fi
 
 dnl wtmpx detection
 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
@@ -833,7 +833,7 @@ if test -z "$conf_wtmpx_location"; then
 	fi
 else
 	AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location", wtmpx file location)
-fi	
+fi
 
 # Checks for library functions.
 AC_PROG_GCC_TRADITIONAL
@@ -869,7 +869,7 @@ fi
 AC_EXEEXT
 
 if test $BUNDLED_LIBTOM = 1 ; then
-(cd $srcdir; find libtomcrypt -type d) | xargs mkdir -pv 
+(cd $srcdir; find libtomcrypt -type d) | xargs mkdir -pv
 LIBTOM_FILES="libtomcrypt/Makefile libtommath/Makefile"
 fi