File tree Expand file tree Collapse file tree 1 file changed +10
-0
lines changed
Expand file tree Collapse file tree 1 file changed +10
-0
lines changed Original file line number Diff line number Diff line change @@ -111,11 +111,21 @@ RUN set -eux; \
111111 patches $HTTPD_PATCHES; \
112112 \
113113 gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" ; \
114+ CFLAGS="$(dpkg-buildflags --get CFLAGS)" ; \
115+ CPPFLAGS="$(dpkg-buildflags --get CPPFLAGS)" ; \
116+ LDFLAGS="$(dpkg-buildflags --get LDFLAGS)" ; \
114117 ./configure \
115118 --build="$gnuArch" \
116119 --prefix="$HTTPD_PREFIX" \
117120 --enable-mods-shared=reallyall \
118121 --enable-mpms-shared=all \
122+ # enable the same hardening flags as Debian
123+ # - https://salsa.debian.org/apache-team/apache2/blob/87db7de4e59683fb03e97900f078d06ef2292748/debian/rules#L19-21
124+ # - https://salsa.debian.org/apache-team/apache2/blob/87db7de4e59683fb03e97900f078d06ef2292748/debian/rules#L115
125+ --enable-pie \
126+ CFLAGS="-pipe $CFLAGS" \
127+ CPPFLAGS="$CPPFLAGS" \
128+ LDFLAGS="-Wl,--as-needed $LDFLAGS" \
119129 ; \
120130 make -j "$(nproc)" ; \
121131 make install; \
You can’t perform that action at this time.
0 commit comments