add --enable-static configure argument. disable conflicting harden flags

Makefile.in

@@ -94,6 +94,8 @@ LDFLAGS=@LDFLAGS@
 
 EXEEXT=@EXEEXT@
 
+STATIC=@STATIC@
+
 # whether we're building client, server, or both for the common objects.
 # evilness so we detect 'dropbear' by itself as a word
 space:= $(empty) $(empty)

configure.ac

@@ -33,6 +33,17 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
     [AC_MSG_RESULT(no); CFLAGS="$OLDCFLAGS" ]
     )
 
+STATIC=0
+AC_ARG_ENABLE(static,
+	[  --enable-static        Build static binaries],
+	[
+		if test "x$enableval" = "xyes"; then
+			STATIC=1
+			AC_MSG_NOTICE(Static Build)
+		fi
+	], [])
+AC_SUBST(STATIC)
+
 hardenbuild=1
 AC_ARG_ENABLE(harden,
 	[  --disable-harden        Don't set hardened build flags],
@@ -45,37 +56,40 @@ AC_ARG_ENABLE(harden,
 
 if test "$hardenbuild" -eq 1; then
 	AC_MSG_NOTICE(Checking for available hardened build flags:)
-	# pie
+	# relocation flags don't make sense for static builds
-	OLDCFLAGS="$CFLAGS"
+	if test "$STATIC" -ne 1; then
-	TESTFLAGS="-fPIE"
+		# pie
-	CFLAGS="$CFLAGS $TESTFLAGS"
+		OLDCFLAGS="$CFLAGS"
-	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], 
+		TESTFLAGS="-fPIE"
-	    [AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+		CFLAGS="$CFLAGS $TESTFLAGS"
-	    [AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDCFLAGS" ]
+		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], 
-	    )
+			[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
-	OLDLDFLAGS="$LDFLAGS"
+			[AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDCFLAGS" ]
-	TESTFLAGS="-Wl,-pie"
+			)
-	LDFLAGS="$LDFLAGS $TESTFLAGS"
+		OLDLDFLAGS="$LDFLAGS"
-	AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
+		TESTFLAGS="-Wl,-pie"
-	    [AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+		LDFLAGS="$LDFLAGS $TESTFLAGS"
-		[
+		AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
-			LDFLAGS="$OLDLDFLAGS"
+			[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
-			TESTFLAGS="-pie"
+			[
-			LDFLAGS="$LDFLAGS $TESTFLAGS"
+				LDFLAGS="$OLDLDFLAGS"
-			AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
+				TESTFLAGS="-pie"
-				[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+				LDFLAGS="$LDFLAGS $TESTFLAGS"
-				[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
+				AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
-				)
+					[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
-		]
+					[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
-	    )
+					)
-	# readonly elf relocation sections (relro)
+			]
-	OLDLDFLAGS="$LDFLAGS"
+			)
-	TESTFLAGS="-Wl,-z,now -Wl,-z,relro"
+		# readonly elf relocation sections (relro)
-	LDFLAGS="$LDFLAGS $TESTFLAGS"
+		OLDLDFLAGS="$LDFLAGS"
-	AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
+		TESTFLAGS="-Wl,-z,now -Wl,-z,relro"
-	    [AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+		LDFLAGS="$LDFLAGS $TESTFLAGS"
-	    [AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
+		AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
-	    )
+			[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+			[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
+			)
+	fi # non-static
 	# stack protector. -strong is good but only in gcc 4.9 or later
 	OLDCFLAGS="$CFLAGS"
 	TESTFLAGS="-fstack-protector-strong"