Skip to content

Commit 5a3fb03

Browse files
tianontianon
authored
Merge pull request #811 from infosiftr/dpkg-buildflags
Add compiler hardening flags via `dpkg-buildflags`
2 parents 8442e04 + 8a8d6ba commit 5a3fb03

File tree

37 files changed

+77
-26
lines changed

37 files changed

+77
-26
lines changed

3.10/alpine3.16/Dockerfile

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.10/alpine3.17/Dockerfile

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.10/bullseye/Dockerfile

+2
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.10/buster/Dockerfile

+2
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.10/slim-bullseye/Dockerfile

+3-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.10/slim-buster/Dockerfile

+3-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.11/alpine3.16/Dockerfile

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.11/alpine3.17/Dockerfile

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.11/bullseye/Dockerfile

+2
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.11/buster/Dockerfile

+2
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.11/slim-bullseye/Dockerfile

+3-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.11/slim-buster/Dockerfile

+3-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.12-rc/alpine3.16/Dockerfile

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.12-rc/alpine3.17/Dockerfile

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.12-rc/bullseye/Dockerfile

+2
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.12-rc/buster/Dockerfile

+2
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.12-rc/slim-bullseye/Dockerfile

+3-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.12-rc/slim-buster/Dockerfile

+3-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.7/alpine3.16/Dockerfile

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.7/alpine3.17/Dockerfile

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.7/bullseye/Dockerfile

+2
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.7/buster/Dockerfile

+2
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.7/slim-bullseye/Dockerfile

+3-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.7/slim-buster/Dockerfile

+3-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.8/alpine3.16/Dockerfile

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.8/alpine3.17/Dockerfile

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.8/bullseye/Dockerfile

+2
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.8/buster/Dockerfile

+2
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.8/slim-bullseye/Dockerfile

+3-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.8/slim-buster/Dockerfile

+3-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.9/alpine3.16/Dockerfile

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.9/alpine3.17/Dockerfile

+1-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.9/bullseye/Dockerfile

+2
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.9/buster/Dockerfile

+2
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.9/slim-bullseye/Dockerfile

+3-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

3.9/slim-buster/Dockerfile

+3-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Dockerfile-linux.template

+5-2
Original file line numberDiff line numberDiff line change
@@ -170,9 +170,12 @@ RUN set -eux; \
170170
# set thread stack size to 1MB so we don't segfault before we hit sys.getrecursionlimit()
171171
# https://github.com/alpinelinux/aports/commit/2026e1259422d4e0cf92391ca2d3844356c649d0
172172
EXTRA_CFLAGS="-DTHREAD_STACK_SIZE=0x100000"; \
173-
{{ ) else "" end -}}
173+
{{ ) else ( -}}
174+
EXTRA_CFLAGS="$(dpkg-buildflags --get CFLAGS)"; \
175+
LDFLAGS="$(dpkg-buildflags --get LDFLAGS)"; \
176+
{{ ) end -}}
174177
{{ if is_slim or is_alpine then ( -}}
175-
LDFLAGS="-Wl,--strip-all"; \
178+
LDFLAGS="${LDFLAGS:--Wl},--strip-all"; \
176179
{{ ) else "" end -}}
177180
{{ if env.version == "3.7" then ( -}}
178181
# setting PROFILE_TASK makes "--enable-optimizations" reasonable: https://bugs.python.org/issue36044 / https://github.com/docker-library/python/issues/160#issuecomment-509426916

0 commit comments

Comments
 (0)