From 54cbb90b4604018dd69342e740bd090ed3767e22 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Wed, 20 Jul 2022 15:33:17 +0300 Subject: [PATCH] Added security / optimization compilation flags --- Dockerfiles/build-mysql/alpine/Dockerfile | 3 ++- Dockerfiles/build-mysql/centos/Dockerfile | 3 ++- Dockerfiles/build-mysql/ol/Dockerfile | 3 ++- Dockerfiles/build-mysql/rhel/Dockerfile | 3 ++- Dockerfiles/build-mysql/ubuntu/Dockerfile | 3 ++- Dockerfiles/build-pgsql/alpine/Dockerfile | 3 ++- Dockerfiles/build-pgsql/centos/Dockerfile | 3 ++- Dockerfiles/build-pgsql/ol/Dockerfile | 3 ++- Dockerfiles/build-pgsql/ubuntu/Dockerfile | 3 ++- Dockerfiles/build-sqlite3/alpine/Dockerfile | 3 ++- Dockerfiles/build-sqlite3/centos/Dockerfile | 3 ++- Dockerfiles/build-sqlite3/ol/Dockerfile | 3 ++- Dockerfiles/build-sqlite3/rhel/Dockerfile | 3 ++- Dockerfiles/build-sqlite3/ubuntu/Dockerfile | 3 ++- 14 files changed, 28 insertions(+), 14 deletions(-) diff --git a/Dockerfiles/build-mysql/alpine/Dockerfile b/Dockerfiles/build-mysql/alpine/Dockerfile index c1be5ce2d..57d189330 100644 --- a/Dockerfiles/build-mysql/alpine/Dockerfile +++ b/Dockerfiles/build-mysql/alpine/Dockerfile @@ -47,7 +47,8 @@ RUN set -eux && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/zabbix_java/src/com/zabbix/gateway/GeneralInformation.java && \ ./bootstrap.sh && \ - export CFLAGS="-fPIC -pie -Wl,-z,relro -Wl,-z,now" && \ + export CFLAGS="-fPIC -pie -Wl,-z,relro,-z,now,-z,defs" && \ + export CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fexceptions -O2 -pipe -flto" && \ ./configure \ --datadir=/usr/lib \ --libdir=/usr/lib/zabbix \ diff --git a/Dockerfiles/build-mysql/centos/Dockerfile b/Dockerfiles/build-mysql/centos/Dockerfile index fcb060c79..8f1e09a1a 100644 --- a/Dockerfiles/build-mysql/centos/Dockerfile +++ b/Dockerfiles/build-mysql/centos/Dockerfile @@ -41,7 +41,8 @@ RUN set -eux && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/zabbix_java/src/com/zabbix/gateway/GeneralInformation.java && \ ./bootstrap.sh && \ - export CFLAGS="-fPIC -pie -Wl,-z,relro -Wl,-z,now" && \ + export CFLAGS="-fPIC -pie -Wl,-z,relro,-z,now,-z,defs" && \ + export CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fexceptions -O2 -pipe" && \ ./configure \ --datadir=/usr/lib \ --libdir=/usr/lib/zabbix \ diff --git a/Dockerfiles/build-mysql/ol/Dockerfile b/Dockerfiles/build-mysql/ol/Dockerfile index c990d5a38..c2eadd6c1 100644 --- a/Dockerfiles/build-mysql/ol/Dockerfile +++ b/Dockerfiles/build-mysql/ol/Dockerfile @@ -28,7 +28,8 @@ RUN set -eux && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/zabbix_java/src/com/zabbix/gateway/GeneralInformation.java && \ ./bootstrap.sh && \ - export CFLAGS="-fPIC -pie -Wl,-z,relro -Wl,-z,now" && \ + export CFLAGS="-fPIC -pie -Wl,-z,relro,-z,now,-z,defs" && \ + export CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fexceptions -O2 -pipe" && \ ./configure \ --datadir=/usr/lib \ --libdir=/usr/lib/zabbix \ diff --git a/Dockerfiles/build-mysql/rhel/Dockerfile b/Dockerfiles/build-mysql/rhel/Dockerfile index 22e1c39a0..e34cfc49c 100644 --- a/Dockerfiles/build-mysql/rhel/Dockerfile +++ b/Dockerfiles/build-mysql/rhel/Dockerfile @@ -51,7 +51,8 @@ RUN set -eux && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/zabbix_java/src/com/zabbix/gateway/GeneralInformation.java && \ ./bootstrap.sh && \ - export CFLAGS="-fPIC -pie -Wl,-z,relro -Wl,-z,now" && \ + export CFLAGS="-fPIC -pie -Wl,-z,relro,-z,now,-z,defs" && \ + export CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fexceptions -O2 -pipe" && \ ./configure \ --datadir=/usr/lib \ --libdir=/usr/lib/zabbix \ diff --git a/Dockerfiles/build-mysql/ubuntu/Dockerfile b/Dockerfiles/build-mysql/ubuntu/Dockerfile index 7c420333e..b0c81b2cc 100644 --- a/Dockerfiles/build-mysql/ubuntu/Dockerfile +++ b/Dockerfiles/build-mysql/ubuntu/Dockerfile @@ -47,7 +47,8 @@ RUN set -eux && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/zabbix_java/src/com/zabbix/gateway/GeneralInformation.java && \ ./bootstrap.sh && \ - export CFLAGS="-fPIC -pie -Wl,-z,relro -Wl,-z,now" && \ + export CFLAGS="-fPIC -pie -Wl,-z,relro,-z,now,-z,defs" && \ + export CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fexceptions -O2 -pipe -flto" && \ ./configure \ --datadir=/usr/lib \ --libdir=/usr/lib/zabbix \ diff --git a/Dockerfiles/build-pgsql/alpine/Dockerfile b/Dockerfiles/build-pgsql/alpine/Dockerfile index d2061f6f1..550f3f2f8 100644 --- a/Dockerfiles/build-pgsql/alpine/Dockerfile +++ b/Dockerfiles/build-pgsql/alpine/Dockerfile @@ -47,7 +47,8 @@ RUN set -eux && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/zabbix_java/src/com/zabbix/gateway/GeneralInformation.java && \ ./bootstrap.sh && \ - export CFLAGS="-fPIC -pie -Wl,-z,relro -Wl,-z,now" && \ + export CFLAGS="-fPIC -pie -Wl,-z,relro,-z,now,-z,defs" && \ + export CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fexceptions -O2 -pipe -flto" && \ ./configure \ --datadir=/usr/lib \ --libdir=/usr/lib/zabbix \ diff --git a/Dockerfiles/build-pgsql/centos/Dockerfile b/Dockerfiles/build-pgsql/centos/Dockerfile index 0f21f255f..57e26ab76 100644 --- a/Dockerfiles/build-pgsql/centos/Dockerfile +++ b/Dockerfiles/build-pgsql/centos/Dockerfile @@ -41,7 +41,8 @@ RUN set -eux && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/zabbix_java/src/com/zabbix/gateway/GeneralInformation.java && \ ./bootstrap.sh && \ - export CFLAGS="-fPIC -pie -Wl,-z,relro -Wl,-z,now" && \ + export CFLAGS="-fPIC -pie -Wl,-z,relro,-z,now,-z,defs" && \ + export CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fexceptions -O2 -pipe -flto" && \ ./configure \ --datadir=/usr/lib \ --libdir=/usr/lib/zabbix \ diff --git a/Dockerfiles/build-pgsql/ol/Dockerfile b/Dockerfiles/build-pgsql/ol/Dockerfile index 3e176c783..619ed5991 100644 --- a/Dockerfiles/build-pgsql/ol/Dockerfile +++ b/Dockerfiles/build-pgsql/ol/Dockerfile @@ -28,7 +28,8 @@ RUN set -eux && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/zabbix_java/src/com/zabbix/gateway/GeneralInformation.java && \ ./bootstrap.sh && \ - export CFLAGS="-fPIC -pie -Wl,-z,relro -Wl,-z,now" && \ + export CFLAGS="-fPIC -pie -Wl,-z,relro,-z,now,-z,defs" && \ + export CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fexceptions -O2 -pipe" && \ ./configure \ --datadir=/usr/lib \ --libdir=/usr/lib/zabbix \ diff --git a/Dockerfiles/build-pgsql/ubuntu/Dockerfile b/Dockerfiles/build-pgsql/ubuntu/Dockerfile index ec14ec387..7139b59fb 100644 --- a/Dockerfiles/build-pgsql/ubuntu/Dockerfile +++ b/Dockerfiles/build-pgsql/ubuntu/Dockerfile @@ -47,7 +47,8 @@ RUN set -eux && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/zabbix_java/src/com/zabbix/gateway/GeneralInformation.java && \ ./bootstrap.sh && \ - export CFLAGS="-fPIC -pie -Wl,-z,relro -Wl,-z,now" && \ + export CFLAGS="-fPIC -pie -Wl,-z,relro,-z,now,-z,defs" && \ + export CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fexceptions -O2 -pipe -flto" && \ ./configure \ --datadir=/usr/lib \ --libdir=/usr/lib/zabbix \ diff --git a/Dockerfiles/build-sqlite3/alpine/Dockerfile b/Dockerfiles/build-sqlite3/alpine/Dockerfile index 0a40a18cc..98336ceb7 100644 --- a/Dockerfiles/build-sqlite3/alpine/Dockerfile +++ b/Dockerfiles/build-sqlite3/alpine/Dockerfile @@ -47,7 +47,8 @@ RUN set -eux && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/zabbix_java/src/com/zabbix/gateway/GeneralInformation.java && \ ./bootstrap.sh && \ - export CFLAGS="-fPIC -pie -Wl,-z,relro -Wl,-z,now" && \ + export CFLAGS="-fPIC -pie -Wl,-z,relro,-z,now,-z,defs" && \ + export CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fexceptions -O2 -pipe -flto" && \ ./configure \ --datadir=/usr/lib \ --libdir=/usr/lib/zabbix \ diff --git a/Dockerfiles/build-sqlite3/centos/Dockerfile b/Dockerfiles/build-sqlite3/centos/Dockerfile index 26fede138..4e61a7edb 100644 --- a/Dockerfiles/build-sqlite3/centos/Dockerfile +++ b/Dockerfiles/build-sqlite3/centos/Dockerfile @@ -41,7 +41,8 @@ RUN set -eux && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/zabbix_java/src/com/zabbix/gateway/GeneralInformation.java && \ ./bootstrap.sh && \ - export CFLAGS="-fPIC -pie -Wl,-z,relro -Wl,-z,now" && \ + export CFLAGS="-fPIC -pie -Wl,-z,relro,-z,now,-z,defs" && \ + export CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fexceptions -O2 -pipe" && \ ./configure \ --datadir=/usr/lib \ --libdir=/usr/lib/zabbix \ diff --git a/Dockerfiles/build-sqlite3/ol/Dockerfile b/Dockerfiles/build-sqlite3/ol/Dockerfile index e75ee4d6b..450034dd2 100644 --- a/Dockerfiles/build-sqlite3/ol/Dockerfile +++ b/Dockerfiles/build-sqlite3/ol/Dockerfile @@ -28,7 +28,8 @@ RUN set -eux && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/zabbix_java/src/com/zabbix/gateway/GeneralInformation.java && \ ./bootstrap.sh && \ - export CFLAGS="-fPIC -pie -Wl,-z,relro -Wl,-z,now" && \ + export CFLAGS="-fPIC -pie -Wl,-z,relro,-z,now,-z,defs" && \ + export CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fexceptions -O2 -pipe" && \ ./configure \ --datadir=/usr/lib \ --libdir=/usr/lib/zabbix \ diff --git a/Dockerfiles/build-sqlite3/rhel/Dockerfile b/Dockerfiles/build-sqlite3/rhel/Dockerfile index a9f3f7484..bec9ae1d9 100644 --- a/Dockerfiles/build-sqlite3/rhel/Dockerfile +++ b/Dockerfiles/build-sqlite3/rhel/Dockerfile @@ -51,7 +51,8 @@ RUN set -eux && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/zabbix_java/src/com/zabbix/gateway/GeneralInformation.java && \ ./bootstrap.sh && \ - export CFLAGS="-fPIC -pie -Wl,-z,relro -Wl,-z,now" && \ + export CFLAGS="-fPIC -pie -Wl,-z,relro,-z,now,-z,defs" && \ + export CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fexceptions -O2 -pipe" && \ ./configure \ --datadir=/usr/lib \ --libdir=/usr/lib/zabbix \ diff --git a/Dockerfiles/build-sqlite3/ubuntu/Dockerfile b/Dockerfiles/build-sqlite3/ubuntu/Dockerfile index ada47479e..96661c1be 100644 --- a/Dockerfiles/build-sqlite3/ubuntu/Dockerfile +++ b/Dockerfiles/build-sqlite3/ubuntu/Dockerfile @@ -47,7 +47,8 @@ RUN set -eux && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \ sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/zabbix_java/src/com/zabbix/gateway/GeneralInformation.java && \ ./bootstrap.sh && \ - export CFLAGS="-fPIC -pie -Wl,-z,relro -Wl,-z,now" && \ + export CFLAGS="-fPIC -pie -Wl,-z,relro,-z,now,-z,defs" && \ + export CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fexceptions -O2 -pipe -flto" && \ ./configure \ --datadir=/usr/lib \ --libdir=/usr/lib/zabbix \