fix: Fix sw64 gcc not support pie by default

[wangrong1069]

Add the -fPIE parameter via CMAKE_POSITION_INDEPENDENT_CODE. Add the -pie parameter via target_link_options.

Log: Update compiler flags for security enhancements
Bug: https://pms.uniontech.com/bug-view-339563.html

Summary by Sourcery

Enable position-independent code and PIE linking for the dde-device-formatter target to ensure compatibility with sw64 GCC defaults.

Enhancements:

• Turn on CMake-wide position-independent code generation via CMAKE_POSITION_INDEPENDENT_CODE.
• Add PIE linker flags to the main target using target_link_options.

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

This PR enables position-independent code and PIE linking for the dde-device-formatter target to address sw64 GCC not enabling PIE by default, by turning on global PIC generation and adding a -pie link option.

File-Level Changes

Change	Details	Files
Enable generation of position-independent code at the CMake project level.	Set CMAKE_POSITION_INDEPENDENT_CODE to ON so all targets build with -fPIE or equivalent by default	CMakeLists.txt
Enable PIE (Position Independent Executable) at link time for the main target.	Add target_link_options with -pie for the dde-device-formatter target to ensure the final binary is linked as a PIE	CMakeLists.txt

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've left some high level feedback:

• The CMAKE_POSITION_INDEPENDENT_CODE flag is being set globally, which will affect all current and future targets; consider limiting this to the specific target(s) that require PIE to avoid unintended side effects on libraries or other executables.
• The unconditional target_link_options(${PROJECT_NAME} PRIVATE -pie) may not be supported or appropriate on all toolchains or platforms; consider wrapping this in a check for the sw64 GCC toolchain or CMake's CMAKE_SYSTEM_PROCESSOR/CMAKE_CXX_COMPILER_ID to avoid build issues elsewhere.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The `CMAKE_POSITION_INDEPENDENT_CODE` flag is being set globally, which will affect all current and future targets; consider limiting this to the specific target(s) that require PIE to avoid unintended side effects on libraries or other executables.
- The unconditional `target_link_options(${PROJECT_NAME} PRIVATE -pie)` may not be supported or appropriate on all toolchains or platforms; consider wrapping this in a check for the sw64 GCC toolchain or CMake's `CMAKE_SYSTEM_PROCESSOR`/`CMAKE_CXX_COMPILER_ID` to avoid build issues elsewhere.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[deepin-ci-robot]

deepin pr auto review

我来对这个 CMakeLists.txt 的修改进行审查：

1. 语法逻辑：

• 新增的两行代码语法都是正确的
• set(CMAKE_POSITION_INDEPENDENT_CODE ON) 和 target_link_options(${PROJECT_NAME} PRIVATE -pie) 的位置都是合适的

2. 代码质量：

• 代码结构清晰，注释完整
• 使用了 CMake 的标准变量和命令
• 修改遵循了现有代码的风格

3. 代码性能：

• CMAKE_POSITION_INDEPENDENT_CODE ON 和 -pie 选项都是为了生成位置无关代码，这会：
  • 提高安全性（启用 ASLR）
  • 可能会带来轻微的性能开销（通常可以忽略）
  • 对于共享库是必需的

4. 代码安全：

• 这两个修改都是为了提高安全性：
  • CMAKE_POSITION_INDEPENDENT_CODE ON 确保生成位置无关代码
  • -pie 选项启用位置无关可执行文件
  • 这些修改有助于防止缓冲区溢出等安全漏洞

改进建议：

1. 建议在添加这些安全选项时添加注释，说明为什么需要这些选项：

# 启用位置无关代码，提高安全性（ASLR）
set(CMAKE_POSITION_INDEPENDENT_CODE ON)
...
# 启用位置无关可执行文件，提高安全性
target_link_options(${PROJECT_NAME} PRIVATE -pie)

2. 考虑添加条件编译，只在支持的平台上启用这些选项：

# 检查平台是否支持 PIE
if(UNIX AND NOT APPLE)
    set(CMAKE_POSITION_INDEPENDENT_CODE ON)
    target_link_options(${PROJECT_NAME} PRIVATE -pie)
endif()

总体来说，这个修改是合理的，主要是为了提高程序的安全性。建议添加适当的注释和平台检查，使代码更加健壮和可维护。

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: lzwind, wangrong1069

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• debian/deepin/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[wangrong1069]

/forcemerge

[deepin-bot]

This pr force merged! (status: unstable)