refactor(build): Remove hardening options

The package build systems are re-adding themselves the recommended
compiler options.

CMakeLists.txt

@@ -371,9 +371,6 @@ endif()
 option(UA_DEBUG_DUMP_PKGS "Dump every package received by the server as hexdump format" OFF)
 mark_as_advanced(UA_DEBUG_DUMP_PKGS)
 
-option(UA_ENABLE_HARDENING "Enable Hardening measures (e.g. Stack-Protectors and Fortify)" ON)
-mark_as_advanced(UA_ENABLE_HARDENING)
-
 if(CMAKE_VERSION VERSION_GREATER 3.6)
     set(UA_ENABLE_STATIC_ANALYZER "OFF" CACHE STRING "Enable installed static analyzer during build process (off/minimal/reduced/full)")
     mark_as_advanced(UA_ENABLE_STATIC_ANALYZER)
@@ -597,16 +594,6 @@ if((CMAKE_COMPILER_IS_GNUCC OR CMAKE_C_COMPILER_ID STREQUAL "Clang") AND
     endif()
 
     if(NOT MINGW AND NOT UA_BUILD_OSS_FUZZ)
-        if(UA_ENABLE_HARDENING)
-            check_add_cc_flag("-fstack-protector-strong") # more performant stack protector, available since gcc 4.9
-            check_add_cc_flag("-fstack-clash-protection") # increased reliability of stack overflow detection, available since gcc 8
-            # future use (control flow integrity protection)
-            if(NOT ${CMAKE_SYSTEM_NAME} MATCHES "OpenBSD")
-                check_add_cc_flag("-mcet")
-                check_add_cc_flag("-fcf-protection")
-            endif()
-        endif()
-
         # IPO requires too much memory for unit tests
         # GCC docu recommends to compile all files with the same options, therefore ignore it completely
         if(NOT UA_BUILD_UNIT_TESTS AND NOT DEFINED CMAKE_INTERPROCEDURAL_OPTIMIZATION)
@@ -639,10 +626,6 @@ if((CMAKE_COMPILER_IS_GNUCC OR CMAKE_C_COMPILER_ID STREQUAL "Clang") AND
         set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${SANITIZER_FLAGS}")
     endif()
 
-    if(NOT MINGW AND UA_ENABLE_HARDENING AND ((CMAKE_BUILD_TYPE STREQUAL "Release") OR (CMAKE_BUILD_TYPE STREQUAL "RelWithDebInfo")))
-        check_add_cc_flag("-D_FORTIFY_SOURCE=2") # run-time buffer overflow detection (needs at least -O1)
-    endif()
-
     # Strip release builds
     if(CMAKE_BUILD_TYPE STREQUAL "MinSizeRel" OR CMAKE_BUILD_TYPE STREQUAL "Release")
         check_add_cc_flag("-ffunction-sections")

arch/zephyr/Kconfig

@@ -175,11 +175,6 @@ config OPEN62541_DEBUG_DUMP_PKGS
     default n
     help
         Dump every package received by the server as hexdump format
-config OPEN62541_ENABLE_HARDENING
-    bool "Enable hardening"
-    default y
-    help
-        Enable Hardening measures (e.g. Stack-Protectors and Fortify)
 config OPEN62541_DEBUG_FILE_LINE_INFO
     bool "Enable debug file line info"
     default n

arch/zephyr/zephyr.cmake

@@ -48,7 +48,6 @@ if(CONFIG_OPEN62541)
     open62541_translate_zephyr_param_option(UA_FILE_NS0_BLACKLIST CONFIG_OPEN62541_FILE_NS0_BLACKLIST)
     open62541_translate_zephyr_bool_option(UA_ENABLE_DISCOVERY_SEMAPHORE CONFIG_OPEN62541_ENABLE_DISCOVERY_SEMAPHORE)
     open62541_translate_zephyr_bool_option(UA_DEBUG_DUMP_PKGS CONFIG_OPEN62541_DEBUG_DUMP_PKGS)
-    open62541_translate_zephyr_bool_option(UA_ENABLE_HARDENING CONFIG_OPEN62541_ENABLE_HARDENING)
     open62541_translate_zephyr_bool_option(UA_DEBUG_FILE_LINE_INFO CONFIG_OPEN62541_DEBUG_FILE_LINE_INFO)
     open62541_translate_zephyr_param_option(UA_MULTITHREADING CONFIG_OPEN62541_MULTITHREADING)
     open62541_translate_zephyr_param_option(UA_NAMESPACE_ZERO CONFIG_OPEN62541_NAMESPACE_ZERO)

tools/docker/Dockerfile

@@ -15,8 +15,6 @@ WORKDIR /opt/open62541/build
 RUN cmake -DBUILD_SHARED_LIBS=ON \
       -DCMAKE_BUILD_TYPE=Release \
       -DUA_BUILD_EXAMPLES=ON \
-      # Hardening needs to be disabled, otherwise the docker build takes too long and travis fails
-      -DUA_ENABLE_HARDENING=OFF \
       -DUA_ENABLE_ENCRYPTION=MBEDTLS \
       -DUA_ENABLE_SUBSCRIPTIONS=ON \
       -DUA_ENABLE_SUBSCRIPTIONS_EVENTS=ON \