Skip to content

Commit

Permalink
runtime,netmon: build as Position-Independent-Executable
Browse files Browse the repository at this point in the history 
Build {runtime,netmon} as Position-Independent-Executable (PIE) for improved
security and compliancy with distros packaging guidelines.

Fixes: clearcontainers#875

Signed-off-by: Marco Vedovati <[email protected]>
  • Loading branch information
@marcov
marcov committed Nov 2, 2018
1 parent e90dc35 commit 658bdb1
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -225,6 +225,7 @@ USER_VARS += DEFDISABLENESTINGCHECKS
USER_VARS += DEFMSIZE9P
USER_VARS += DEFHOTPLUGVFIOONROOTBUS
USER_VARS += DEFENTROPYSOURCE
USER_VARS += BUILDFLAGS


V = @
Expand All @@ -237,6 +238,9 @@ QUIET_GENERATE = $(Q:@=@echo ' GENERATE '$@;)
QUIET_INST = $(Q:@=@echo ' INSTALL '$@;)
QUIET_TEST = $(Q:@=@echo ' TEST '$@;)

# go build common flags
BUILDFLAGS := -buildmode=pie

# Return non-empty string if specified directory exists
define DIR_EXISTS
$(shell test -d $(1) && echo "$(1)")
Expand All @@ -252,7 +256,7 @@ all: runtime netmon
netmon: $(NETMON_TARGET_OUTPUT)

$(NETMON_TARGET_OUTPUT): $(SOURCES)
$(QUIET_BUILD)(cd $(NETMON_DIR) && go build -i -o $@ -ldflags "-X main.version=$(VERSION)")
$(QUIET_BUILD)(cd $(NETMON_DIR) && go build $(BUILDFLAGS) -o $@ -ldflags "-X main.version=$(VERSION)")

runtime: $(TARGET_OUTPUT) $(CONFIG)
.DEFAULT: default
Expand Down Expand Up @@ -359,7 +363,7 @@ $(GENERATED_CONFIG): Makefile VERSION
$(QUIET_GENERATE)echo "$$GENERATED_CODE" >$@

$(TARGET_OUTPUT): $(EXTRA_DEPS) $(SOURCES) $(GENERATED_GO_FILES) $(GENERATED_FILES) Makefile | show-summary
$(QUIET_BUILD)(cd $(CLI_DIR) && go build -i -o $@ .)
$(QUIET_BUILD)(cd $(CLI_DIR) && go build $(BUILDFLAGS) -o $@ .)

.PHONY: \
check \
Expand Down

0 comments on commit 658bdb1

Please sign in to comment.