build: add compiler options -buildmode=pie and -trimpath

Signed-off-by: Christian Menges <[email protected]>
fluent · Oct 2, 2022 · fc9fdeb · fc9fdeb
1 parent 6463d6d
commit fc9fdeb
Show file tree

Hide file tree

Showing 7 changed files with 8 additions and 8 deletions.
diff --git a/cmd/fluent-manager/Dockerfile b/cmd/fluent-manager/Dockerfile
@@ -16,7 +16,7 @@ COPY controllers controllers/
 COPY pkg pkg/
 
 # Build
-RUN CGO_ENABLED=0 GO111MODULE=on go build -a -o manager main.go
+RUN CGO_ENABLED=0 GO111MODULE=on go build -buildmode=pie -trimpath -a -o manager main.go
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details

diff --git a/cmd/fluent-watcher/fluentbit/Dockerfile b/cmd/fluent-watcher/fluentbit/Dockerfile
@@ -4,7 +4,7 @@ RUN mkdir -p /code
 COPY . /code/
 WORKDIR /code
 RUN echo $(ls -al /code)
-RUN CGO_ENABLED=0 go build -ldflags '-w -s' -o /fluent-bit/fluent-bit /code/cmd/fluent-watcher/fluentbit/main.go
+RUN CGO_ENABLED=0 go build -buildmode=pie -trimpath -ldflags '-w -s' -o /fluent-bit/fluent-bit /code/cmd/fluent-watcher/fluentbit/main.go
 
 FROM fluent/fluent-bit:1.9.9
 LABEL Description="Fluent Bit docker image" Vendor="Fluent" Version="1.0"

diff --git a/cmd/fluent-watcher/fluentd/Dockerfile.amd64 b/cmd/fluent-watcher/fluentd/Dockerfile.amd64
@@ -5,7 +5,7 @@ RUN mkdir -p /code
 COPY . /code/
 WORKDIR /code
 RUN echo $(ls -al /code)
-RUN CGO_ENABLED=0 go build -ldflags '-w -s' -o /fluentd/fluentd-watcher /code/cmd/fluent-watcher/fluentd/main.go
+RUN CGO_ENABLED=0 go build -buildmode=pie -trimpath -ldflags '-w -s' -o /fluentd/fluentd-watcher /code/cmd/fluent-watcher/fluentd/main.go
 
 # Fluentd main image
 FROM alpine:3.13

diff --git a/cmd/fluent-watcher/fluentd/Dockerfile.arm64 b/cmd/fluent-watcher/fluentd/Dockerfile.arm64
@@ -5,9 +5,9 @@ RUN mkdir -p /code
 COPY . /code/
 WORKDIR /code
 RUN echo $(ls -al /code)
-RUN CGO_ENABLED=0 go build -ldflags '-w -s' -o /fluentd/fluentd-watcher /code/cmd/fluent-watcher/fluentd/main.go
+RUN CGO_ENABLED=0 go build -buildmode=pie -trimpath -ldflags '-w -s' -o /fluentd/fluentd-watcher /code/cmd/fluent-watcher/fluentd/main.go
 
-# To set multiarch build for Docker hub automated build.
+# To set multiarch build -buildmode=pie -trimpath for Docker hub automated build.
 FROM golang:alpine AS builderqemu
 WORKDIR /go
 ENV QEMU_DOWNLOAD_SHA256 5db25cccb40ac7b1ca857653b883376b931d91b06ff34ffe70dcf6180bd07bb8

diff --git a/cmd/fluent-watcher/fluentd/Dockerfile.arm64.base b/cmd/fluent-watcher/fluentd/Dockerfile.arm64.base
@@ -1,4 +1,4 @@
-# To set multiarch build for Docker hub automated build.
+# To set multiarch build -buildmode=pie -trimpath for Docker hub automated build.
 FROM golang:alpine AS builderqemu
 WORKDIR /go
 ENV QEMU_DOWNLOAD_SHA256 5db25cccb40ac7b1ca857653b883376b931d91b06ff34ffe70dcf6180bd07bb8

diff --git a/cmd/fluent-watcher/fluentd/Dockerfile.arm64.quick b/cmd/fluent-watcher/fluentd/Dockerfile.arm64.quick
@@ -5,7 +5,7 @@ RUN mkdir -p /code
 COPY . /code/
 WORKDIR /code
 RUN echo $(ls -al /code)
-RUN CGO_ENABLED=0 go build -ldflags '-w -s' -o /fluentd/fluentd-watcher /code/cmd/fluent-watcher/fluentd/main.go
+RUN CGO_ENABLED=0 go build -buildmode=pie -trimpath -ldflags '-w -s' -o /fluentd/fluentd-watcher /code/cmd/fluent-watcher/fluentd/main.go
 
 # Fluentd main image
 FROM kubesphere/fluentd:v1.14.6-arm64-base

diff --git a/docs/best-practice/forwarding-logs-via-http/Dockerfile b/docs/best-practice/forwarding-logs-via-http/Dockerfile
@@ -3,7 +3,7 @@ FROM golang:1.19.1 as builder
 
 WORKDIR /
 COPY main.go /go/src/main.go
-RUN CGO_ENABLED=0 go build /go/src/main.go
+RUN CGO_ENABLED=0 go build -buildmode=pie -trimpath /go/src/main.go
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details