2 # run the configure script for a native Windows build
4 if [ -f ../configure.in ]; then
5 # we're in the windows directory, so we need to go up a level
9 if [ ! -f configure ]; then
16 ####### configure options:
17 # --help Show configure options and a short description
19 # --host=i686-w64-mingw32 Use the mingw cross-compiler to build a 'native' windows binary
20 # --enable-mingw32 Use mingw32 for a Windows GUI
21 # --enable-static-linking Use static linking instead of dynamic linking (and not have
22 # to put all the .DLLs in the path or the same dir as Privoxy)
23 # --disable-pcre2 Don't try to use the pcre2 library even if it's available
24 # --disable-pthread Use native threads instead of POSIX pthreads library
25 # --disable-dynamic-pcre Use the built-in, static pcre, even if libpcre is available
26 # --with-docbook=yes Enable docbook documentation creation
30 # note: configure.in line 155
31 # if test "X$CFLAGS" = "X "; then # if CFLAGS were unset (see above)
32 # In other words, if you set CFLAGS you need to include -O2 if you want optimization
33 # assume I'll set cflags below, so set O2 now
36 # start with initially empty flags
39 # start with initially empty flags
42 CFLAGS="${CFLAGS} -fstack-protector-strong -D_FORTIFY_SOURCE=2"
43 LDFLAGS="${LDFLAGS} -fstack-protector-strong"
44 # -fstack-protector-strong: enable stack checking.
45 # NOTE: need to specify when compiling _and_ linking
46 # stack-protector-strong: better balance between security and performance.
47 # This flag protects more kinds of vulnerable functions than -fstack-protector does,
48 # but not every function, providing better performance than -fstack-protector-all.
49 # see : https://en.wikipedia.org/wiki/Buffer_overflow_protection
50 # NOTE: needs static linking or the following in the path:
51 # /usr/i686-w64-mingw32/sys-root/mingw/bin/libssp-0.dll
53 # -D_FORTIFY_SOURCE: detect some buffer overflow errors
54 # ***>> requires compiler optimization level 1 or above <<***
55 # see : https://gcc.gnu.org/legacy-ml/gcc-patches/2004-09/msg02055.html
56 # The difference between -D_FORTIFY_SOURCE=1 and -D_FORTIFY_SOURCE=2 is e.g. for
57 # struct S { struct T { char buf[5]; int x; } t; char buf[20]; } var;
58 # With -D_FORTIFY_SOURCE=1,
59 # strcpy (&var.t.buf[1], "abcdefg");
60 # is not considered an overflow (object is whole VAR), while with -D_FORTIFY_SOURCE=2
61 # strcpy (&var.t.buf[1], "abcdefg");
62 # will be considered a buffer overflow.
64 ### CFLAGS="${CFLAGS} -march=native"
66 # Generate instructions for the machine type cpu-type. In contrast to -mtune=cpu-type, which merely tunes the
67 # generated code for the specified cpu-type, -march=cpu-type allows GCC to generate code that may not run at all on
68 # processors other than the one indicated.
69 # Specifying -march=cpu-type implies -mtune=cpu-type.
72 # This selects the CPU to generate code for at compilation time by determining the processor type of the compiling
73 # machine. Using -march=native enables all instruction subsets supported by the local machine (hence the result
74 # might not run on different machines). Using -mtune=native produces code optimized for the local machine under
75 # the constraints of the selected instruction set.
77 LDFLAGS="${LDFLAGS} -Wl,--nxcompat"
78 # https://en.wikipedia.org/wiki/Data_Execution_Prevention
79 # Enable DEP with -Wl,--nxcompat
80 # also called NX or nxcompat for "no execute" see: https://en.wikipedia.org/wiki/NX_bit
81 # $ peflags -v privoxy.exe
82 # privoxy.exe: coff(0x0106[+executable_image,+line_nums_stripped,+32bit_machine]) pe(0x0140[+dynamicbase,+nxcompat])
84 LDFLAGS="${LDFLAGS} -Wl,--dynamicbase,--export-all-symbols"
85 # https://en.wikipedia.org/wiki/Address_space_layout_randomization
86 # https://stackoverflow.com/questions/24283918/how-can-i-enable-aslr-dep-and-safeseh-on-an-exe-in-codeblocks-using-mingw
87 # ASLR with gcc has a problem: -Wl,--dynamicbase doesn't emit the necessary relocation table.
88 # As a workaround, you can pass -Wl,--dynamicbase,--export-all-symbols
89 # NOTE: you can't have both this and profiling (cflags='-pg') enabled!
91 CFLAGS="${CFLAGS} -Wall"
92 # see: http://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html
93 # -Wall doesn't actually turn on all warnings, so add -Wextra
94 # but then plenty too many complaints by
95 # -Wmissing-field-initializers
98 # -Wunused-but-set-parameter
99 # -Wunused-but-set-variable
100 CFLAGS="${CFLAGS} -Wextra -Wno-missing-field-initializers -Wno-sign-compare -Wno-type-limits"
101 CFLAGS="${CFLAGS} -Wno-unused-parameter -Wno-unused-but-set-variable"
103 #-no-# CFLAGS="${CFLAGS} -Wconversion"
104 # way too many warnings for things that don't look like a problem
106 #-no-# CFLAGS="${CFLAGS} -Werror"
107 # Turn all warnings into errors.
108 # Privoxy still has a few warnings that are not a problem
110 CFLAGS="${CFLAGS} -Wformat=2"
111 # -Wformat is enabled by -Wall.
112 # -Wformat=2 is equivalent to -Wformat -Wformat-nonliteral -Wformat-security -Wformat-y2k
113 # -Wformat-security : also warn about uses of format functions that represent possible security problems.
115 CFLAGS="${CFLAGS} -Wlogical-op"
116 # Warn about suspicious uses of logical operators in expressions.
118 CFLAGS="${CFLAGS} -Wshadow"
119 # Warn whenever a local variable or type declaration shadows
120 # another variable or whenever a built-in function is shadowed.
122 #-no-# CFLAGS="${CFLAGS} -Wwrite-strings"
123 # These warnings help you find at compile time code that can try to write
124 # into a string constant, but only if you have been very careful about
125 # using const in declarations and prototypes.
126 # >>> Otherwise, it is just a nuisance. <<< -- this, very much this
128 # why does the mingw library _not_ include .a files for libpcre?
129 # *sigh* build my own pcre so I can do static linking
130 # Get the 8.x PCRE library from
131 # https://sourceforge.net/projects/pcre/files/pcre/
132 # Get the 10.x PCRE2 library from
133 # https://github.com/PCRE2Project/pcre2/releases
139 if [ "$usepcre2" = "yes" ]; then
141 inc="/source/pcre2-10.42/src/"
143 lib="/source/pcre2-10.42/.libs"
144 # need libpcre2-8.a & libpcre2-posix.a
146 PCREOPT="--disable-pcre2"
147 inc="/source/pcre-8.45/"
148 lib="/source/pcre-8.45/.libs"
150 CPPFLAGS="${CPPFLAGS} -I${inc}"
151 LDFLAGS="${LDFLAGS} -L${lib}"
154 ## https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.16.12
155 ## This is the last release of the 2.16 long-time support branch.
156 ## Users who want a long-time branch should move to mbedtls-2.28,
157 ## which is backward-compatible and will be supported for at least
159 # Get the 2.28.x mbedtls library from https://github.com/Mbed-TLS/mbedtls/tags
160 # Release Notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.4
161 inc="/source/mbedtls-2.28.4/include"
162 lib="/source/mbedtls-2.28.4/library"
164 MITMOPT="--with-mbedtls"
165 CPPFLAGS="${CPPFLAGS} -I${inc}"
166 LDFLAGS="${LDFLAGS} -L${lib}"
169 # Get the brotli library from https://github.com/google/brotli/releases
170 inc="/source/brotli-1.0.9/c/include"
171 lib="/source/brotli-1.0.9/.libs"
172 BROTLIOPT="--with-brotli"
173 CPPFLAGS="${CPPFLAGS} -I${inc}"
174 LDFLAGS="${LDFLAGS} -L${lib}"
177 echo "CFLAGS=${CFLAGS}"
178 echo "CPPFLAGS=${CPPFLAGS}"
179 echo "LDFLAGS=${LDFLAGS}"
181 # ./configure cross-compilation options:
182 # --build: the system on which the program will be built.
183 # --host: the system on which the generated program will run.
184 # --target: only used to build a cross-compiling toolchain.
186 ./configure --host=i686-w64-mingw32 --enable-mingw32 --enable-zlib \
187 --enable-extended-statistics \
189 --enable-pcre-host-patterns \
190 --enable-static-linking \
191 --enable-strptime-sanity-checks \