docs: add a note about compilation options

Closes #6371.
author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2019-03-05 11:03:59 +0100
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2019-03-05 13:58:06 +0100
commit: 57903f93c96e0751a3235f425173122d512ad912 (patch)
tree: 383eea5d0a2d5ef5ee92456e790e4458e0535a85 /docs/DISTRO_PORTING.md
parent: 55dadc5c57ef1379dbc984938d124508a454be55 (diff)
download: systemd-57903f93c96e0751a3235f425173122d512ad912.tar.gz
1 files changed, 14 insertions, 0 deletions
diff --git a/docs/DISTRO_PORTING.md b/docs/DISTRO_PORTING.md
index 0099a1334a..620e47e823 100644
--- a/docs/DISTRO_PORTING.md
+++ b/docs/DISTRO_PORTING.md
@@ -31,6 +31,20 @@ distribution:
    print the initial transaction it would execute during boot-up.
    This will also inform you about ordering loops and suchlike.
 
+## Compilation options
+
+The default configuration does not enable any optimization or hardening
+options. This is suitable for development and testing, but not for end-user
+installations.
+
+For deployment, optimization (`-O2` or `-O3` compiler options), link time
+optimization (`-Db_lto=true` meson option), and hardening (e.g.
+`-D_FORTIFY_SOURCE=2`, `-fstack-protector-strong`, `-fstack-clash-protection`,
+`-fcf-protection`, `-pie` compiler options, and `-z relro`, `-z now`,
+`--as-needed` linker options) are recommended. The most appropriate set of
+options depends on the architecture and distribution specifics so no default is
+provided.
+
 ## NTP Pool
 
 By default, systemd-timesyncd uses the Google Public NTP servers
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2019-03-05 11:03:59 +0100
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2019-03-05 13:58:06 +0100
commit	57903f93c96e0751a3235f425173122d512ad912 (patch)
tree	383eea5d0a2d5ef5ee92456e790e4458e0535a85 /docs/DISTRO_PORTING.md
parent	55dadc5c57ef1379dbc984938d124508a454be55 (diff)
download	systemd-57903f93c96e0751a3235f425173122d512ad912.tar.gz