Skip to content
This repository has been archived by the owner on May 12, 2021. It is now read-only.

Commit

Permalink
agent: build as Position-Independent-Executable
Browse files Browse the repository at this point in the history 
Build the agent binary as Position-Independent-Executable (PIE) for improved
security and compliancy with distros packaging guidelines.

Fixes: #408

Signed-off-by: Marco Vedovati <[email protected]>
  • Loading branch information
@marcov
marcov committed Nov 6, 2018
1 parent 0f411fd commit 8dedf30
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@ ARCH := $(shell go env GOARCH)
ifeq ($(SECCOMP),yes)
BUILDTAGS := seccomp
endif
# go build common flags
BUILDFLAGS := -buildmode=pie

# args for building agent image
BUILDARGS := $(if $(http_proxy), --build-arg http_proxy=$(http_proxy))
Expand All @@ -45,7 +47,7 @@ AGENT_IMAGE := katacontainers/agent-dev
AGENT_TAG := $(if $(COMMIT_NO_SHORT),$(COMMIT_NO_SHORT),dev)

$(TARGET): $(GENERATED_FILES) $(SOURCES) $(VERSION_FILE)
go build -tags "$(BUILDTAGS)" -o $@ \
go build $(BUILDFLAGS) -tags "$(BUILDTAGS)" -o $@ \
-ldflags "-X main.version=$(VERSION_COMMIT) -X main.seccompSupport=$(SECCOMP)"

install:
Expand Down

0 comments on commit 8dedf30

Please sign in to comment.