From e9599f2be3e9d95666d8c4318e43c190b7a782b0 Mon Sep 17 00:00:00 2001 From: Graham Steffaniak <42989099+gtsteffaniak@users.noreply.github.com> Date: Sun, 1 Jun 2025 08:28:46 -0500 Subject: [PATCH 1/2] Update Dockerfile flags --- Dockerfile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4aa6d02..9372fe8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -60,8 +60,8 @@ RUN apk add --no-cache $APK_OPTS \ # -static-libgcc is needed to make gcc not include gcc_s as "as-needed" shared library which # cmake will include as a implicit library. # other options to get hardened build (same as ffmpeg hardened) -ARG CFLAGS="-O3 -static-libgcc -fno-strict-overflow -fstack-protector-all -fPIC" -ARG CXXFLAGS="-O3 -static-libgcc -fno-strict-overflow -fstack-protector-all -fPIC" +ARG CFLAGS="-static-libgcc -fno-strict-overflow -fstack-protector-all -fPIC" +ARG CXXFLAGS="-static-libgcc -fno-strict-overflow -fstack-protector-all -fPIC" ARG LDFLAGS="-Wl,-z,relro,-z,now" # retry dns and some http codes that might be transient errors @@ -1135,12 +1135,12 @@ RUN \ # workaround for https://gitlab.com/AOMediaCodec/SVT-AV1/-/merge_requests/2387 sed -i 's/svt_av1_enc_init_handle(&svt_enc->svt_handle, svt_enc, &svt_enc->enc_params)/svt_av1_enc_init_handle(\&svt_enc->svt_handle, \&svt_enc->enc_params)/g' libavcodec/libsvtav1.c && \ FDKAAC_FLAGS=$(if [[ -n "$ENABLE_FDKAAC" ]] ;then echo " --enable-libfdk-aac --enable-nonfree " ;else echo ""; fi) && \ - sed -i 's/add_ldexeflags -fPIE -pie/add_ldexeflags -fPIE -static-pie/' configure && \ ./configure \ --pkg-config-flags="--static" \ - --extra-cflags="-fopenmp" \ + --extra-cflags="$CFLAGS" \ + --extra-cxxflags="$CXXFLAGS" \ + --extra-ldexeflags="-fPIE -static-pie" \ --extra-ldflags="-fopenmp -Wl,--allow-multiple-definition -Wl,-z,stack-size=2097152" \ - --toolchain=hardened \ --disable-debug \ --disable-shared \ --disable-ffplay \ From 2654c9b3054ed02dba0b1c224cfe2cd7c73f099d Mon Sep 17 00:00:00 2001 From: Graham Steffaniak <42989099+gtsteffaniak@users.noreply.github.com> Date: Sun, 1 Jun 2025 11:58:47 -0500 Subject: [PATCH 2/2] Update Dockerfile --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9372fe8..6ced7a6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -60,8 +60,8 @@ RUN apk add --no-cache $APK_OPTS \ # -static-libgcc is needed to make gcc not include gcc_s as "as-needed" shared library which # cmake will include as a implicit library. # other options to get hardened build (same as ffmpeg hardened) -ARG CFLAGS="-static-libgcc -fno-strict-overflow -fstack-protector-all -fPIC" -ARG CXXFLAGS="-static-libgcc -fno-strict-overflow -fstack-protector-all -fPIC" +ARG CFLAGS="-O3 -static-libgcc -fno-strict-overflow -fstack-protector-all -fPIC" +ARG CXXFLAGS="-O3 -static-libgcc -fno-strict-overflow -fstack-protector-all -fPIC" ARG LDFLAGS="-Wl,-z,relro,-z,now" # retry dns and some http codes that might be transient errors