File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -9,17 +9,21 @@ ENV DEBIAN_FRONTEND=noninteractive
99
1010WORKDIR /tmp
1111
12+ # Hardening flags for Debian builds
13+ # These flags help to ensure that the build process is secure and that the resulting binaries are hardened against common vulnerabilities.
14+ ENV DEB_BUILD_HARDENING=1
15+
1216# If we're building for ARMv7, enable compiler optimizations for the TI Sitara AM335x processor
1317# CPU Type: ARMv7-A
1418# CPU Architecture: Cortex-A8
1519# SIMD Coprocessor: NEON
1620# Floating Point ABI: Hard (generates floating-point instructions with FPU-specific calling conventions)
1721RUN if [ "${TARGETARCH}" = "arm" ] && [ "${TARGETVARIANT}" = "v7" ]; then \
18- export CFLAGS="-O2 -march=armv7-a -mtune=cortex-a8 -mfloat-abi=hard -mfpu=neon -pipe" ; \
19- export CXXFLAGS="-O2 -march=armv7-a -mtune=cortex-a8 -mfloat-abi=hard -mfpu=neon -pipe" ; \
22+ export CFLAGS="-O2 -march=armv7-a -mtune=cortex-a8 -mfloat-abi=hard -mfpu=neon -pipe -fstack-protector-strong -Wformat -Werror=format-security " ; \
23+ export CXXFLAGS="-O2 -march=armv7-a -mtune=cortex-a8 -mfloat-abi=hard -mfpu=neon -pipe -fstack-protector-strong -Wformat -Werror=format-security " ; \
2024 else \
21- export CFLAGS="-O2 -pipe" ; \
22- export CXXFLAGS="-O2 -pipe" ; \
25+ export CFLAGS="-O2 -pipe -fstack-protector-strong -Wformat -Werror=format-security " ; \
26+ export CXXFLAGS="-O2 -pipe -fstack-protector-strong -Wformat -Werror=format-security " ; \
2327 fi && \
2428 git clone https://github.com/VerdigrisTech/localproxy && \
2529 cd localproxy && \
You can’t perform that action at this time.
0 commit comments