8a054169ad
Dockerfile targets systems without GPUs: - Add -DBUILD_NVML_GPU=OFF to cmake in simple.Dockerfile - Add BUILD_NVML_GPU option to native/CMakeLists.txt (default ON) - Conditionally include nvml_gpu subdirectory - Update all_native_libs target to exclude nvml_gpu when disabled This allows native libraries (dataset_hash, queue_index) to build without requiring NVIDIA drivers/libraries.
142 lines
5.2 KiB
CMake
142 lines
5.2 KiB
CMake
cmake_minimum_required(VERSION 3.20)
|
|
project(fetchml_native VERSION 0.1.0 LANGUAGES CXX C)
|
|
|
|
set(CMAKE_CXX_STANDARD 20)
|
|
set(CMAKE_CXX_STANDARD_REQUIRED ON)
|
|
set(CMAKE_C_STANDARD 11)
|
|
set(CMAKE_C_STANDARD_REQUIRED ON)
|
|
|
|
# Build options
|
|
option(BUILD_SHARED_LIBS "Build shared libraries" ON)
|
|
option(ENABLE_ASAN "Enable AddressSanitizer" OFF)
|
|
option(ENABLE_TSAN "Enable ThreadSanitizer" OFF)
|
|
option(BUILD_NVML_GPU "Build NVML GPU library (requires NVIDIA drivers)" ON)
|
|
|
|
# Position independent code for shared libraries
|
|
set(CMAKE_POSITION_INDEPENDENT_CODE ON)
|
|
|
|
# Compiler flags
|
|
if(CMAKE_CXX_COMPILER_ID MATCHES "GNU|Clang")
|
|
# Don't use -march=native in Docker/containers - use portable optimization
|
|
if(DEFINED ENV{FETCHML_DOCKER_BUILD})
|
|
set(ARCH_FLAGS "-O3 -DNDEBUG -fomit-frame-pointer")
|
|
else()
|
|
set(ARCH_FLAGS "-O3 -march=native -DNDEBUG -fomit-frame-pointer")
|
|
endif()
|
|
|
|
set(CMAKE_CXX_FLAGS_RELEASE "${ARCH_FLAGS}")
|
|
set(CMAKE_CXX_FLAGS_DEBUG "-O0 -g -fno-omit-frame-pointer")
|
|
set(CMAKE_C_FLAGS_RELEASE "${ARCH_FLAGS}")
|
|
set(CMAKE_C_FLAGS_DEBUG "-O0 -g -fno-omit-frame-pointer")
|
|
|
|
# Security hardening flags (always enabled)
|
|
set(SECURITY_FLAGS
|
|
-D_FORTIFY_SOURCE=2 # Buffer overflow protection
|
|
-fstack-protector-strong # Stack canaries
|
|
-Wformat-security # Format string warnings
|
|
-Werror=format-security # Format string errors
|
|
-fPIE # Position-independent executable
|
|
-fPIC # Position-independent code (for static libs)
|
|
)
|
|
|
|
# Add security flags to all build types
|
|
add_compile_options(${SECURITY_FLAGS})
|
|
|
|
# Linker security flags (Linux only)
|
|
if(CMAKE_SYSTEM_NAME MATCHES "Linux")
|
|
set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-z,relro -Wl,-z,now -pie")
|
|
set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,-z,relro -Wl,-z,now")
|
|
endif()
|
|
|
|
# Warnings
|
|
add_compile_options(-Wall -Wextra -Wpedantic)
|
|
|
|
if(ENABLE_ASAN)
|
|
add_compile_options(-fsanitize=address,undefined -fno-omit-frame-pointer)
|
|
add_link_options(-fsanitize=address,undefined)
|
|
endif()
|
|
|
|
if(ENABLE_TSAN)
|
|
add_compile_options(-fsanitize=thread)
|
|
add_link_options(-fsanitize=thread)
|
|
endif()
|
|
endif()
|
|
|
|
if(APPLE)
|
|
# macOS universal binary support (optional - comment out if targeting single arch)
|
|
# set(CMAKE_OSX_ARCHITECTURES "x86_64;arm64")
|
|
endif()
|
|
|
|
# Find threading library
|
|
find_package(Threads REQUIRED)
|
|
|
|
# Include directories
|
|
include_directories(${CMAKE_CURRENT_SOURCE_DIR})
|
|
|
|
# Enable testing
|
|
enable_testing()
|
|
|
|
# Libraries will be added as subdirectories
|
|
add_subdirectory(common)
|
|
add_subdirectory(queue_index)
|
|
add_subdirectory(dataset_hash)
|
|
if(BUILD_NVML_GPU)
|
|
add_subdirectory(nvml_gpu)
|
|
endif()
|
|
|
|
# Tests from root tests/ directory
|
|
if(EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/tests)
|
|
add_executable(test_storage tests/test_storage.cpp)
|
|
target_link_libraries(test_storage queue_index)
|
|
add_test(NAME storage_smoke COMMAND test_storage)
|
|
|
|
add_executable(test_dataset_hash tests/test_dataset_hash.cpp)
|
|
target_link_libraries(test_dataset_hash dataset_hash)
|
|
add_test(NAME dataset_hash_smoke COMMAND test_dataset_hash)
|
|
|
|
# Test storage_init on new directories
|
|
add_executable(test_storage_init_new_dir tests/test_storage_init_new_dir.cpp)
|
|
target_link_libraries(test_storage_init_new_dir queue_index)
|
|
add_test(NAME storage_init_new_dir COMMAND test_storage_init_new_dir)
|
|
|
|
# Test parallel_hash with >256 files
|
|
add_executable(test_parallel_hash_large_dir tests/test_parallel_hash_large_dir.cpp)
|
|
target_link_libraries(test_parallel_hash_large_dir dataset_hash)
|
|
add_test(NAME parallel_hash_large_dir COMMAND test_parallel_hash_large_dir)
|
|
|
|
# Test queue_index compact
|
|
add_executable(test_queue_index_compact tests/test_queue_index_compact.cpp)
|
|
target_link_libraries(test_queue_index_compact queue_index)
|
|
add_test(NAME queue_index_compact COMMAND test_queue_index_compact)
|
|
|
|
# Test ARMv8 SHA256 (only on ARM64)
|
|
if(CMAKE_SYSTEM_PROCESSOR MATCHES "arm64|aarch64")
|
|
add_executable(test_sha256_arm_kat tests/test_sha256_arm_kat.cpp)
|
|
target_link_libraries(test_sha256_arm_kat dataset_hash)
|
|
add_test(NAME sha256_arm_kat COMMAND test_sha256_arm_kat)
|
|
endif()
|
|
|
|
# CVE-2024-45339: Test storage symlink resistance
|
|
add_executable(test_storage_symlink_resistance tests/test_storage_symlink_resistance.cpp)
|
|
target_link_libraries(test_storage_symlink_resistance queue_index)
|
|
add_test(NAME storage_symlink_resistance COMMAND test_storage_symlink_resistance)
|
|
|
|
# CVE-2025-0838: Test queue index batch limit
|
|
add_executable(test_queue_index_batch_limit tests/test_queue_index_batch_limit.cpp)
|
|
target_link_libraries(test_queue_index_batch_limit queue_index)
|
|
add_test(NAME queue_index_batch_limit COMMAND test_queue_index_batch_limit)
|
|
endif()
|
|
|
|
# Combined target for building all libraries
|
|
if(BUILD_NVML_GPU)
|
|
add_custom_target(all_native_libs DEPENDS
|
|
queue_index
|
|
dataset_hash
|
|
nvml_gpu
|
|
)
|
|
else()
|
|
add_custom_target(all_native_libs DEPENDS
|
|
queue_index
|
|
dataset_hash
|
|
)
|
|
endif()
|