Establish default build flags for Fortran #

• Date proposed: 2025-05-04
• RFC MR: https://gitlab.archlinux.org/archlinux/rfcs/-/merge_requests/0054

Summary #

This RFC establishes default build flags (FFLAGS, FCFLAGS, DEBUG_FFLAGS) for compiling Fortran code in Arch Linux packages, aligning them with the security hardening standards defined for C.

Motivation #

Arch Linux has been using build flags for security hardening of C and C++ code for a long time. Since RFC0026, Arch Linux also sets RUSTFLAGS. The support for configuring Fortran build flags was recently implemented in pacman. This relies on exporting FFLAGS and FCFLAGS, which are consumed by GNU autotools and passed to the Fortran 77 and Fortran 90 compilers, respectively. Other build systems may also use these variables, e.g. CMake passes FFLAGS to any Fortran compiler.

The purpose of this RFC is to introduce default Fortran build flags to bring security hardening closer to the level of C. The motivation for many of the existing CFLAGS was discussed in RFC0003 and RFC0026.

Specification #

We will set the following build flags in FFLAGS, FCFLAGS, and DEBUG_FFLAGS:

FFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt \
        -Wp,-D_FORTIFY_SOURCE=3 -fstack-clash-protection -fcf-protection \
        -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"
FCFLAGS="$FFLAGS"
DEBUG_FFLAGS="-g"

Note that FFLAGS aligns closely with CFLAGS but excludes the following exceptions:

• Omit -Wformat and -Werror=format-security

  While the gfortran(1) compiler inherits all flags from gcc(1), the -W flag does not support the same language-specific warning options. Unfortunately gfortran emits a verbose message when an unsupported warning flag such as format or format-security is used.

• Omit -fexceptions

  This flag is irrelevant to the Fortran language which does not have native exception handling. It can only affect bindings with languages that support exceptions, such as C++. However, we are not aware of any packages where adding support for exception unwinding to Fortran code would provide tangible benefits.

This RFC does not enforce synchronization between CFLAGS and FFLAGS. When new flags are added to CFLAGS in the future, we will evaluate their effect on Fortran and either add them to FFLAGS or not.

Drawbacks #

• Packagers must ensure that build systems properly utilize the flags configured in FFLAGS and/or FCFLAGS.
• The Arch Linux community does not have much experience with Fortran projects, so it is hard to thoroughly evaluate all effects.

Unresolved Questions #

None.

Alternatives Considered #

Initially we intended to have FFLAGS exactly the same as CFLAGS. However, later we found out that gfortran does not support the same warning options as gcc and -fexceptions is arguably not useful for Fortran. Therefore we excluded these flags from the specification.