Added some secure compilation options, especially PIE and RELRO.

Signed-off-by: TaylorKanper <tony_kanper@hotmail.com>
This commit is contained in:
TaylorKanper 2022-04-02 10:07:42 +08:00
parent d2c9f72c6b
commit 69b1e01166

View file

@ -30,7 +30,7 @@ WHALE = "+"
TESTFLAGS_RACE= TESTFLAGS_RACE=
GOFILES=$(shell find . -type f -name '*.go') GOFILES=$(shell find . -type f -name '*.go')
GO_TAGS=$(if $(BUILDTAGS),-tags "$(BUILDTAGS)",) GO_TAGS=$(if $(BUILDTAGS),-tags "$(BUILDTAGS)",)
GO_LDFLAGS=-ldflags '-s -w -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PKG) $(EXTRA_LDFLAGS)' GO_LDFLAGS=-ldflags '-extldflags "-Wl,-z,now" -s -w -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PKG) $(EXTRA_LDFLAGS)'
BINARIES=$(addprefix bin/,$(COMMANDS)) BINARIES=$(addprefix bin/,$(COMMANDS))
@ -88,14 +88,14 @@ FORCE:
# Build a binary from a cmd. # Build a binary from a cmd.
bin/%: cmd/% FORCE bin/%: cmd/% FORCE
@echo "$(WHALE) $@${BINARY_SUFFIX}" @echo "$(WHALE) $@${BINARY_SUFFIX}"
@go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@${BINARY_SUFFIX} ${GO_LDFLAGS} ${GO_TAGS} ./$< @go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@${BINARY_SUFFIX} ${GO_LDFLAGS} --ldflags '-extldflags "-Wl,-z,now" -s' ${GO_TAGS} ./$<
binaries: $(BINARIES) ## build binaries binaries: $(BINARIES) ## build binaries
@echo "$(WHALE) $@" @echo "$(WHALE) $@"
build: build:
@echo "$(WHALE) $@" @echo "$(WHALE) $@"
@go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} ${GO_LDFLAGS} ${GO_TAGS} $(PACKAGES) @go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} ${GO_LDFLAGS} --ldflags '-extldflags "-Wl,-z,now" -s' ${GO_TAGS} $(PACKAGES)
clean: ## clean up binaries clean: ## clean up binaries
@echo "$(WHALE) $@" @echo "$(WHALE) $@"