mirror of
https://github.com/optim-enterprises-bv/kubernetes.git
synced 2025-11-03 19:58:17 +00:00
Build non-static binaries with PIE buildmode
We now add the `-buildmode pie` flag when building non-static binaries, which enables the ASLR security mechanism. Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
This commit is contained in:
Sascha Grunert
@@ -412,6 +412,10 @@ kube::golang::set_platform_envs() {
|
|||||||
export CGO_ENABLED=1
|
export CGO_ENABLED=1
|
||||||
export CC=${KUBE_LINUX_AMD64_CC:-x86_64-linux-gnu-gcc}
|
export CC=${KUBE_LINUX_AMD64_CC:-x86_64-linux-gnu-gcc}
|
||||||
;;
|
;;
|
||||||
|
"linux/386")
|
||||||
|
export CGO_ENABLED=1
|
||||||
|
export CC=${KUBE_LINUX_386_CC:-i686-linux-gnu-gcc}
|
||||||
|
;;
|
||||||
"linux/arm")
|
"linux/arm")
|
||||||
export CGO_ENABLED=1
|
export CGO_ENABLED=1
|
||||||
export CC=${KUBE_LINUX_ARM_CC:-arm-linux-gnueabihf-gcc}
|
export CC=${KUBE_LINUX_ARM_CC:-arm-linux-gnueabihf-gcc}
|
||||||
@@ -721,6 +725,7 @@ kube::golang::build_binaries_for_platform() {
|
|||||||
-gcflags "${gogcflags:-}"
|
-gcflags "${gogcflags:-}"
|
||||||
-asmflags "${goasmflags:-}"
|
-asmflags "${goasmflags:-}"
|
||||||
-ldflags "${goldflags:-}"
|
-ldflags "${goldflags:-}"
|
||||||
|
-buildmode pie
|
||||||
-tags "${gotags:-}"
|
-tags "${gotags:-}"
|
||||||
)
|
)
|
||||||
kube::golang::build_some_binaries "${nonstatics[@]}"
|
kube::golang::build_some_binaries "${nonstatics[@]}"
|
||||||
|
|||||||
Reference in New Issue
Block a user