Add cflags and ldflags for security and portability

docker-library · Dec 5, 2016 · cae3c03 · miglanc · Dec 8, 2016 · tianon
1 parent c0bef1c
commit cae3c03
Show file tree

Hide file tree

Showing 23 changed files with 92 additions and 0 deletions.
diff --git a/5.6/Dockerfile b/5.6/Dockerfile
@@ -32,6 +32,10 @@ RUN mkdir -p $PHP_INI_DIR/conf.d
 ##<autogenerated>##
 ##</autogenerated>##
 
+ENV CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
+ENV CPPFLAGS="$CFLAGS"
+ENV LDFLAGS="-Wl,-O1 -Wl,--hash-style=both"
+
 ENV GPG_KEYS 0BD78B5F97500D450838F95DFE857D9A90D90EC1 6E4F6AB321FDC07F2C332E3AC2BF0BC433CFC8B3
 
 ENV PHP_VERSION 5.6.28

diff --git a/5.6/alpine/Dockerfile b/5.6/alpine/Dockerfile
@@ -37,6 +37,10 @@ RUN mkdir -p $PHP_INI_DIR/conf.d
 ##<autogenerated>##
 ##</autogenerated>##
 
+ENV CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
+ENV CPPFLAGS="$CFLAGS"
+ENV LDFLAGS="-Wl,-O1 -Wl,--hash-style=both"
+
 ENV GPG_KEYS 0BD78B5F97500D450838F95DFE857D9A90D90EC1 6E4F6AB321FDC07F2C332E3AC2BF0BC433CFC8B3
 
 ENV PHP_VERSION 5.6.28

diff --git a/5.6/apache/Dockerfile b/5.6/apache/Dockerfile
@@ -88,6 +88,10 @@ ENV PHP_EXTRA_BUILD_DEPS apache2-dev
 ENV PHP_EXTRA_CONFIGURE_ARGS --with-apxs2
 ##</autogenerated>##
 
+ENV CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
+ENV CPPFLAGS="$CFLAGS"
+ENV LDFLAGS="-Wl,-O1 -Wl,--hash-style=both"
+
 ENV GPG_KEYS 0BD78B5F97500D450838F95DFE857D9A90D90EC1 6E4F6AB321FDC07F2C332E3AC2BF0BC433CFC8B3
 
 ENV PHP_VERSION 5.6.28

diff --git a/5.6/fpm/Dockerfile b/5.6/fpm/Dockerfile
@@ -33,6 +33,10 @@ RUN mkdir -p $PHP_INI_DIR/conf.d
 ENV PHP_EXTRA_CONFIGURE_ARGS --enable-fpm --with-fpm-user=www-data --with-fpm-group=www-data
 ##</autogenerated>##
 
+ENV CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
+ENV CPPFLAGS="$CFLAGS"
+ENV LDFLAGS="-Wl,-O1 -Wl,--hash-style=both"
+
 ENV GPG_KEYS 0BD78B5F97500D450838F95DFE857D9A90D90EC1 6E4F6AB321FDC07F2C332E3AC2BF0BC433CFC8B3
 
 ENV PHP_VERSION 5.6.28

diff --git a/5.6/fpm/alpine/Dockerfile b/5.6/fpm/alpine/Dockerfile
@@ -38,6 +38,10 @@ RUN mkdir -p $PHP_INI_DIR/conf.d
 ENV PHP_EXTRA_CONFIGURE_ARGS --enable-fpm --with-fpm-user=www-data --with-fpm-group=www-data
 ##</autogenerated>##
 
+ENV CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
+ENV CPPFLAGS="$CFLAGS"
+ENV LDFLAGS="-Wl,-O1 -Wl,--hash-style=both"
+
 ENV GPG_KEYS 0BD78B5F97500D450838F95DFE857D9A90D90EC1 6E4F6AB321FDC07F2C332E3AC2BF0BC433CFC8B3
 
 ENV PHP_VERSION 5.6.28

diff --git a/5.6/zts/Dockerfile b/5.6/zts/Dockerfile
@@ -33,6 +33,10 @@ RUN mkdir -p $PHP_INI_DIR/conf.d
 ENV PHP_EXTRA_CONFIGURE_ARGS --enable-maintainer-zts
 ##</autogenerated>##
 
+ENV CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
+ENV CPPFLAGS="$CFLAGS"
+ENV LDFLAGS="-Wl,-O1 -Wl,--hash-style=both"
+
 ENV GPG_KEYS 0BD78B5F97500D450838F95DFE857D9A90D90EC1 6E4F6AB321FDC07F2C332E3AC2BF0BC433CFC8B3
 
 ENV PHP_VERSION 5.6.28

diff --git a/5.6/zts/alpine/Dockerfile b/5.6/zts/alpine/Dockerfile
@@ -38,6 +38,10 @@ RUN mkdir -p $PHP_INI_DIR/conf.d
 ENV PHP_EXTRA_CONFIGURE_ARGS --enable-maintainer-zts
 ##</autogenerated>##
 
+ENV CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
+ENV CPPFLAGS="$CFLAGS"
+ENV LDFLAGS="-Wl,-O1 -Wl,--hash-style=both"
+
 ENV GPG_KEYS 0BD78B5F97500D450838F95DFE857D9A90D90EC1 6E4F6AB321FDC07F2C332E3AC2BF0BC433CFC8B3
 
 ENV PHP_VERSION 5.6.28

diff --git a/7.0/Dockerfile b/7.0/Dockerfile
@@ -32,6 +32,10 @@ RUN mkdir -p $PHP_INI_DIR/conf.d
 ##<autogenerated>##
 ##</autogenerated>##
 
+ENV CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
+ENV CPPFLAGS="$CFLAGS"
+ENV LDFLAGS="-Wl,-O1 -Wl,--hash-style=both"
+
 ENV GPG_KEYS 1A4E8B7277C42E53DBA9C7B9BCAA30EA9C0D5763
 
 ENV PHP_VERSION 7.0.13

diff --git a/7.0/alpine/Dockerfile b/7.0/alpine/Dockerfile
@@ -37,6 +37,10 @@ RUN mkdir -p $PHP_INI_DIR/conf.d
 ##<autogenerated>##
 ##</autogenerated>##
 
+ENV CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
+ENV CPPFLAGS="$CFLAGS"
+ENV LDFLAGS="-Wl,-O1 -Wl,--hash-style=both"
+
 ENV GPG_KEYS 1A4E8B7277C42E53DBA9C7B9BCAA30EA9C0D5763
 
 ENV PHP_VERSION 7.0.13

diff --git a/7.0/apache/Dockerfile b/7.0/apache/Dockerfile
@@ -88,6 +88,10 @@ ENV PHP_EXTRA_BUILD_DEPS apache2-dev
 ENV PHP_EXTRA_CONFIGURE_ARGS --with-apxs2
 ##</autogenerated>##
 
+ENV CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
+ENV CPPFLAGS="$CFLAGS"
+ENV LDFLAGS="-Wl,-O1 -Wl,--hash-style=both"
+
 ENV GPG_KEYS 1A4E8B7277C42E53DBA9C7B9BCAA30EA9C0D5763
 
 ENV PHP_VERSION 7.0.13

diff --git a/7.0/fpm/Dockerfile b/7.0/fpm/Dockerfile
@@ -33,6 +33,10 @@ RUN mkdir -p $PHP_INI_DIR/conf.d
 ENV PHP_EXTRA_CONFIGURE_ARGS --enable-fpm --with-fpm-user=www-data --with-fpm-group=www-data
 ##</autogenerated>##
 
+ENV CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
+ENV CPPFLAGS="$CFLAGS"
+ENV LDFLAGS="-Wl,-O1 -Wl,--hash-style=both"
+
 ENV GPG_KEYS 1A4E8B7277C42E53DBA9C7B9BCAA30EA9C0D5763
 
 ENV PHP_VERSION 7.0.13

diff --git a/7.0/fpm/alpine/Dockerfile b/7.0/fpm/alpine/Dockerfile
@@ -38,6 +38,10 @@ RUN mkdir -p $PHP_INI_DIR/conf.d
 ENV PHP_EXTRA_CONFIGURE_ARGS --enable-fpm --with-fpm-user=www-data --with-fpm-group=www-data
 ##</autogenerated>##
 
+ENV CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
+ENV CPPFLAGS="$CFLAGS"
+ENV LDFLAGS="-Wl,-O1 -Wl,--hash-style=both"
+
 ENV GPG_KEYS 1A4E8B7277C42E53DBA9C7B9BCAA30EA9C0D5763
 
 ENV PHP_VERSION 7.0.13

diff --git a/7.0/zts/Dockerfile b/7.0/zts/Dockerfile
@@ -33,6 +33,10 @@ RUN mkdir -p $PHP_INI_DIR/conf.d
 ENV PHP_EXTRA_CONFIGURE_ARGS --enable-maintainer-zts
 ##</autogenerated>##
 
+ENV CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
+ENV CPPFLAGS="$CFLAGS"
+ENV LDFLAGS="-Wl,-O1 -Wl,--hash-style=both"
+
 ENV GPG_KEYS 1A4E8B7277C42E53DBA9C7B9BCAA30EA9C0D5763
 
 ENV PHP_VERSION 7.0.13

diff --git a/7.0/zts/alpine/Dockerfile b/7.0/zts/alpine/Dockerfile
@@ -38,6 +38,10 @@ RUN mkdir -p $PHP_INI_DIR/conf.d
 ENV PHP_EXTRA_CONFIGURE_ARGS --enable-maintainer-zts
 ##</autogenerated>##
 
+ENV CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
+ENV CPPFLAGS="$CFLAGS"
+ENV LDFLAGS="-Wl,-O1 -Wl,--hash-style=both"
+
 ENV GPG_KEYS 1A4E8B7277C42E53DBA9C7B9BCAA30EA9C0D5763
 
 ENV PHP_VERSION 7.0.13

diff --git a/7.1/Dockerfile b/7.1/Dockerfile
@@ -32,6 +32,10 @@ RUN mkdir -p $PHP_INI_DIR/conf.d
 ##<autogenerated>##
 ##</autogenerated>##
 
+ENV CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
+ENV CPPFLAGS="$CFLAGS"
+ENV LDFLAGS="-Wl,-O1 -Wl,--hash-style=both"
+
 ENV GPG_KEYS A917B1ECDA84AEC2B568FED6F50ABC807BD5DCD0
 
 ENV PHP_VERSION 7.1.0

diff --git a/7.1/alpine/Dockerfile b/7.1/alpine/Dockerfile
@@ -37,6 +37,10 @@ RUN mkdir -p $PHP_INI_DIR/conf.d
 ##<autogenerated>##
 ##</autogenerated>##
 
+ENV CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
+ENV CPPFLAGS="$CFLAGS"
+ENV LDFLAGS="-Wl,-O1 -Wl,--hash-style=both"
+
 ENV GPG_KEYS A917B1ECDA84AEC2B568FED6F50ABC807BD5DCD0
 
 ENV PHP_VERSION 7.1.0

diff --git a/7.1/apache/Dockerfile b/7.1/apache/Dockerfile
@@ -88,6 +88,10 @@ ENV PHP_EXTRA_BUILD_DEPS apache2-dev
 ENV PHP_EXTRA_CONFIGURE_ARGS --with-apxs2
 ##</autogenerated>##
 
+ENV CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
+ENV CPPFLAGS="$CFLAGS"
+ENV LDFLAGS="-Wl,-O1 -Wl,--hash-style=both"
+
 ENV GPG_KEYS A917B1ECDA84AEC2B568FED6F50ABC807BD5DCD0
 
 ENV PHP_VERSION 7.1.0

diff --git a/7.1/fpm/Dockerfile b/7.1/fpm/Dockerfile
@@ -33,6 +33,10 @@ RUN mkdir -p $PHP_INI_DIR/conf.d
 ENV PHP_EXTRA_CONFIGURE_ARGS --enable-fpm --with-fpm-user=www-data --with-fpm-group=www-data
 ##</autogenerated>##
 
+ENV CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
+ENV CPPFLAGS="$CFLAGS"
+ENV LDFLAGS="-Wl,-O1 -Wl,--hash-style=both"
+
 ENV GPG_KEYS A917B1ECDA84AEC2B568FED6F50ABC807BD5DCD0
 
 ENV PHP_VERSION 7.1.0

diff --git a/7.1/fpm/alpine/Dockerfile b/7.1/fpm/alpine/Dockerfile
@@ -38,6 +38,10 @@ RUN mkdir -p $PHP_INI_DIR/conf.d
 ENV PHP_EXTRA_CONFIGURE_ARGS --enable-fpm --with-fpm-user=www-data --with-fpm-group=www-data
 ##</autogenerated>##
 
+ENV CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
+ENV CPPFLAGS="$CFLAGS"
+ENV LDFLAGS="-Wl,-O1 -Wl,--hash-style=both"
+
 ENV GPG_KEYS A917B1ECDA84AEC2B568FED6F50ABC807BD5DCD0
 
 ENV PHP_VERSION 7.1.0

diff --git a/7.1/zts/Dockerfile b/7.1/zts/Dockerfile
@@ -33,6 +33,10 @@ RUN mkdir -p $PHP_INI_DIR/conf.d
 ENV PHP_EXTRA_CONFIGURE_ARGS --enable-maintainer-zts
 ##</autogenerated>##
 
+ENV CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
+ENV CPPFLAGS="$CFLAGS"
+ENV LDFLAGS="-Wl,-O1 -Wl,--hash-style=both"
+
 ENV GPG_KEYS A917B1ECDA84AEC2B568FED6F50ABC807BD5DCD0
 
 ENV PHP_VERSION 7.1.0

diff --git a/7.1/zts/alpine/Dockerfile b/7.1/zts/alpine/Dockerfile
@@ -38,6 +38,10 @@ RUN mkdir -p $PHP_INI_DIR/conf.d
 ENV PHP_EXTRA_CONFIGURE_ARGS --enable-maintainer-zts
 ##</autogenerated>##
 
+ENV CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
+ENV CPPFLAGS="$CFLAGS"
+ENV LDFLAGS="-Wl,-O1 -Wl,--hash-style=both"
+
 ENV GPG_KEYS A917B1ECDA84AEC2B568FED6F50ABC807BD5DCD0
 
 ENV PHP_VERSION 7.1.0

diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template
@@ -31,6 +31,10 @@ RUN mkdir -p $PHP_INI_DIR/conf.d
 ##<autogenerated>##
 ##</autogenerated>##
 
+ENV CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
+ENV CPPFLAGS="$CFLAGS"
+ENV LDFLAGS="-Wl,-O1 -Wl,--hash-style=both"
+
 ENV GPG_KEYS %%GPG_KEYS%%
 
 ENV PHP_VERSION %%PHP_VERSION%%

diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template
@@ -26,6 +26,10 @@ RUN mkdir -p $PHP_INI_DIR/conf.d
 ##<autogenerated>##
 ##</autogenerated>##
 
+ENV CFLAGS="-fstack-protector-strong -fpic -fpie -O2"
+ENV CPPFLAGS="$CFLAGS"
+ENV LDFLAGS="-Wl,-O1 -Wl,--hash-style=both"
+
 ENV GPG_KEYS %%GPG_KEYS%%
 
 ENV PHP_VERSION %%PHP_VERSION%%