diff --git a/build/docker/intel-deviceplugin-operator.Dockerfile b/build/docker/intel-deviceplugin-operator.Dockerfile index 89d2d6b1..85619c6f 100644 --- a/build/docker/intel-deviceplugin-operator.Dockerfile +++ b/build/docker/intel-deviceplugin-operator.Dockerfile @@ -39,13 +39,16 @@ ARG GOLANG_BASE=golang:1.21-bookworm FROM ${GOLANG_BASE} as builder ARG DIR=/intel-device-plugins-for-kubernetes ARG GO111MODULE=on -ARG BUILDFLAGS="-ldflags=-w -s" +ARG LDFLAGS="-ldflags=all=-w -s" +ARG GOFLAGS=-trimpath +ARG GCFLAGS="-gcflags=all=-spectre=all -N -l" +ARG ASMFLAGS="-asmflags=all=-spectre=all" ARG GOLICENSES_VERSION ARG EP=/usr/local/bin/intel_deviceplugin_operator ARG CMD WORKDIR ${DIR} COPY . . -RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} CGO_ENABLED=0 go install "${BUILDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} +RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install "${GCFLAGS}" "${ASMFLAGS}" "${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ diff --git a/build/docker/intel-dlb-plugin.Dockerfile b/build/docker/intel-dlb-plugin.Dockerfile index 4b0eac0c..aeab5f72 100644 --- a/build/docker/intel-dlb-plugin.Dockerfile +++ b/build/docker/intel-dlb-plugin.Dockerfile @@ -39,13 +39,16 @@ ARG GOLANG_BASE=golang:1.21-bookworm FROM ${GOLANG_BASE} as builder ARG DIR=/intel-device-plugins-for-kubernetes ARG GO111MODULE=on -ARG BUILDFLAGS="-ldflags=-w -s" +ARG LDFLAGS="-ldflags=all=-w -s" +ARG GOFLAGS=-trimpath +ARG GCFLAGS="-gcflags=all=-spectre=all -N -l" +ARG ASMFLAGS="-asmflags=all=-spectre=all" ARG GOLICENSES_VERSION ARG EP=/usr/local/bin/intel_dlb_device_plugin ARG CMD WORKDIR ${DIR} COPY . . -RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} CGO_ENABLED=0 go install "${BUILDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} +RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install "${GCFLAGS}" "${ASMFLAGS}" "${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ diff --git a/build/docker/intel-dsa-plugin.Dockerfile b/build/docker/intel-dsa-plugin.Dockerfile index dee977b0..42f601b0 100644 --- a/build/docker/intel-dsa-plugin.Dockerfile +++ b/build/docker/intel-dsa-plugin.Dockerfile @@ -39,13 +39,16 @@ ARG GOLANG_BASE=golang:1.21-bookworm FROM ${GOLANG_BASE} as builder ARG DIR=/intel-device-plugins-for-kubernetes ARG GO111MODULE=on -ARG BUILDFLAGS="-ldflags=-w -s" +ARG LDFLAGS="-ldflags=all=-w -s" +ARG GOFLAGS=-trimpath +ARG GCFLAGS="-gcflags=all=-spectre=all -N -l" +ARG ASMFLAGS="-asmflags=all=-spectre=all" ARG GOLICENSES_VERSION ARG EP=/usr/local/bin/intel_dsa_device_plugin ARG CMD WORKDIR ${DIR} COPY . . -RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} CGO_ENABLED=0 go install "${BUILDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} +RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install "${GCFLAGS}" "${ASMFLAGS}" "${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ diff --git a/build/docker/intel-fpga-admissionwebhook.Dockerfile b/build/docker/intel-fpga-admissionwebhook.Dockerfile index 4f4bda8c..4d95cf01 100644 --- a/build/docker/intel-fpga-admissionwebhook.Dockerfile +++ b/build/docker/intel-fpga-admissionwebhook.Dockerfile @@ -39,13 +39,16 @@ ARG GOLANG_BASE=golang:1.21-bookworm FROM ${GOLANG_BASE} as builder ARG DIR=/intel-device-plugins-for-kubernetes ARG GO111MODULE=on -ARG BUILDFLAGS="-ldflags=-w -s" +ARG LDFLAGS="-ldflags=all=-w -s" +ARG GOFLAGS=-trimpath +ARG GCFLAGS="-gcflags=all=-spectre=all -N -l" +ARG ASMFLAGS="-asmflags=all=-spectre=all" ARG GOLICENSES_VERSION ARG EP=/usr/local/bin/intel_fpga_admissionwebhook ARG CMD WORKDIR ${DIR} COPY . . -RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} CGO_ENABLED=0 go install "${BUILDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} +RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install "${GCFLAGS}" "${ASMFLAGS}" "${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ diff --git a/build/docker/intel-fpga-initcontainer.Dockerfile b/build/docker/intel-fpga-initcontainer.Dockerfile index 74bdef9d..f5705e73 100644 --- a/build/docker/intel-fpga-initcontainer.Dockerfile +++ b/build/docker/intel-fpga-initcontainer.Dockerfile @@ -38,14 +38,17 @@ ARG GOLANG_BASE=golang:1.21-bookworm FROM ${GOLANG_BASE} as builder ARG DIR=/intel-device-plugins-for-kubernetes ARG GO111MODULE=on -ARG BUILDFLAGS="-ldflags=-w -s" +ARG LDFLAGS="-ldflags=all=-w -s" +ARG GOFLAGS=-trimpath +ARG GCFLAGS="-gcflags=all=-spectre=all -N -l" +ARG ASMFLAGS="-asmflags=all=-spectre=all" ARG GOLICENSES_VERSION ARG CRI_HOOK=intel-fpga-crihook ARG CMD=fpga_crihook ARG EP=/usr/local/fpga-sw/$CRI_HOOK WORKDIR ${DIR} COPY . . -RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} CGO_ENABLED=0 go install "${BUILDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} +RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install "${GCFLAGS}" "${ASMFLAGS}" "${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ @@ -56,7 +59,7 @@ ARG CMD=fpga_tool ARG EP=/usr/local/fpga-sw/$CMD WORKDIR ${DIR} COPY . . -RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} CGO_ENABLED=0 go install "${BUILDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} +RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install "${GCFLAGS}" "${ASMFLAGS}" "${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ diff --git a/build/docker/intel-fpga-plugin.Dockerfile b/build/docker/intel-fpga-plugin.Dockerfile index 15baf94b..0f599be2 100644 --- a/build/docker/intel-fpga-plugin.Dockerfile +++ b/build/docker/intel-fpga-plugin.Dockerfile @@ -39,13 +39,16 @@ ARG GOLANG_BASE=golang:1.21-bookworm FROM ${GOLANG_BASE} as builder ARG DIR=/intel-device-plugins-for-kubernetes ARG GO111MODULE=on -ARG BUILDFLAGS="-ldflags=-w -s" +ARG LDFLAGS="-ldflags=all=-w -s" +ARG GOFLAGS=-trimpath +ARG GCFLAGS="-gcflags=all=-spectre=all -N -l" +ARG ASMFLAGS="-asmflags=all=-spectre=all" ARG GOLICENSES_VERSION ARG EP=/usr/local/bin/intel_fpga_device_plugin ARG CMD WORKDIR ${DIR} COPY . . -RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} CGO_ENABLED=0 go install "${BUILDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} +RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install "${GCFLAGS}" "${ASMFLAGS}" "${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ diff --git a/build/docker/intel-gpu-fakedev.Dockerfile b/build/docker/intel-gpu-fakedev.Dockerfile index d67474b5..fcdabe12 100644 --- a/build/docker/intel-gpu-fakedev.Dockerfile +++ b/build/docker/intel-gpu-fakedev.Dockerfile @@ -39,13 +39,16 @@ ARG GOLANG_BASE=golang:1.21-bookworm FROM ${GOLANG_BASE} as builder ARG DIR=/intel-device-plugins-for-kubernetes ARG GO111MODULE=on -ARG BUILDFLAGS="-ldflags=-w -s" +ARG LDFLAGS="-ldflags=all=-w -s" +ARG GOFLAGS=-trimpath +ARG GCFLAGS="-gcflags=all=-spectre=all -N -l" +ARG ASMFLAGS="-asmflags=all=-spectre=all" ARG GOLICENSES_VERSION ARG EP=/usr/local/bin/intel_gpu_fakedev ARG CMD WORKDIR ${DIR} COPY . . -RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} CGO_ENABLED=0 go install "${BUILDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} +RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install "${GCFLAGS}" "${ASMFLAGS}" "${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ diff --git a/build/docker/intel-gpu-initcontainer.Dockerfile b/build/docker/intel-gpu-initcontainer.Dockerfile index 2b35c8e0..51e4e534 100644 --- a/build/docker/intel-gpu-initcontainer.Dockerfile +++ b/build/docker/intel-gpu-initcontainer.Dockerfile @@ -38,7 +38,10 @@ ARG GOLANG_BASE=golang:1.21-bookworm FROM ${GOLANG_BASE} as builder ARG DIR=/intel-device-plugins-for-kubernetes ARG GO111MODULE=on -ARG BUILDFLAGS="-ldflags=-w -s" +ARG LDFLAGS="-ldflags=all=-w -s" +ARG GOFLAGS=-trimpath +ARG GCFLAGS="-gcflags=all=-spectre=all -N -l" +ARG ASMFLAGS="-asmflags=all=-spectre=all" ARG GOLICENSES_VERSION ARG EP=/usr/local/bin/gpu-sw/intel-gpu-nfdhook ARG CMD=gpu_nfdhook @@ -46,7 +49,7 @@ ARG NFD_HOOK=intel-gpu-nfdhook ARG SRC_DIR=/usr/local/bin/gpu-sw WORKDIR ${DIR} COPY . . -RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} CGO_ENABLED=0 go install "${BUILDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} +RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install "${GCFLAGS}" "${ASMFLAGS}" "${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ diff --git a/build/docker/intel-gpu-plugin.Dockerfile b/build/docker/intel-gpu-plugin.Dockerfile index 5a4e4f36..ffb586fb 100644 --- a/build/docker/intel-gpu-plugin.Dockerfile +++ b/build/docker/intel-gpu-plugin.Dockerfile @@ -39,13 +39,16 @@ ARG GOLANG_BASE=golang:1.21-bookworm FROM ${GOLANG_BASE} as builder ARG DIR=/intel-device-plugins-for-kubernetes ARG GO111MODULE=on -ARG BUILDFLAGS="-ldflags=-w -s" +ARG LDFLAGS="-ldflags=all=-w -s" +ARG GOFLAGS=-trimpath +ARG GCFLAGS="-gcflags=all=-spectre=all -N -l" +ARG ASMFLAGS="-asmflags=all=-spectre=all" ARG GOLICENSES_VERSION ARG EP=/usr/local/bin/intel_gpu_device_plugin ARG CMD WORKDIR ${DIR} COPY . . -RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} CGO_ENABLED=0 go install "${BUILDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} +RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install "${GCFLAGS}" "${ASMFLAGS}" "${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ diff --git a/build/docker/intel-iaa-plugin.Dockerfile b/build/docker/intel-iaa-plugin.Dockerfile index e3630c34..b687c1a6 100644 --- a/build/docker/intel-iaa-plugin.Dockerfile +++ b/build/docker/intel-iaa-plugin.Dockerfile @@ -39,13 +39,16 @@ ARG GOLANG_BASE=golang:1.21-bookworm FROM ${GOLANG_BASE} as builder ARG DIR=/intel-device-plugins-for-kubernetes ARG GO111MODULE=on -ARG BUILDFLAGS="-ldflags=-w -s" +ARG LDFLAGS="-ldflags=all=-w -s" +ARG GOFLAGS=-trimpath +ARG GCFLAGS="-gcflags=all=-spectre=all -N -l" +ARG ASMFLAGS="-asmflags=all=-spectre=all" ARG GOLICENSES_VERSION ARG EP=/usr/local/bin/intel_iaa_device_plugin ARG CMD WORKDIR ${DIR} COPY . . -RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} CGO_ENABLED=0 go install "${BUILDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} +RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install "${GCFLAGS}" "${ASMFLAGS}" "${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ diff --git a/build/docker/intel-qat-plugin-kerneldrv.Dockerfile b/build/docker/intel-qat-plugin-kerneldrv.Dockerfile index 8f7008d6..148654bb 100644 --- a/build/docker/intel-qat-plugin-kerneldrv.Dockerfile +++ b/build/docker/intel-qat-plugin-kerneldrv.Dockerfile @@ -38,7 +38,10 @@ ARG GOLANG_BASE=golang:1.21-bookworm FROM ${GOLANG_BASE} as builder ARG DIR=/intel-device-plugins-for-kubernetes ARG GO111MODULE=on -ARG BUILDFLAGS="-ldflags=-w -s" +ARG LDFLAGS="-ldflags=all=-w -s" +ARG GOFLAGS=-trimpath +ARG GCFLAGS="-gcflags=all=-spectre=all -N -l" +ARG ASMFLAGS="-asmflags=all=-spectre=all" ARG GOLICENSES_VERSION ARG EP=/usr/local/bin/intel_sgx_device_plugin ARG CMD=qat_plugin @@ -47,8 +50,8 @@ COPY . . ARG QAT_DRIVER_RELEASE="qat1.7.l.4.14.0-00031" ARG QAT_DRIVER_SHA256="a68dfaea4308e0bb5f350b7528f1a076a0c6ba3ec577d60d99dc42c49307b76e" SHELL ["/bin/bash", "-o", "pipefail", "-c"] -RUN mkdir -p /usr/src/qat && cd /usr/src/qat && wget -q https://downloadmirror.intel.com/30178/eng/$QAT_DRIVER_RELEASE.tar.gz && echo "$QAT_DRIVER_SHA256 $QAT_DRIVER_RELEASE.tar.gz" | sha256sum -c - && tar xf *.tar.gz && cd /usr/src/qat/quickassist/utilities/adf_ctl && make KERNEL_SOURCE_DIR=/usr/src/qat/quickassist/qat && install -D adf_ctl /install_root/usr/local/bin/adf_ctl -RUN (cd cmd/$CMD && GO111MODULE=${GO111MODULE} CGO_ENABLED=1 go install -tags kerneldrv) +RUN mkdir -p /usr/src/qat && cd /usr/src/qat && wget -q https://downloadmirror.intel.com/30178/eng/$QAT_DRIVER_RELEASE.tar.gz && echo "$QAT_DRIVER_SHA256 $QAT_DRIVER_RELEASE.tar.gz" | sha256sum -c - && tar xf *.tar.gz && cd /usr/src/qat/quickassist/utilities/adf_ctl && LDFLAGS= make KERNEL_SOURCE_DIR=/usr/src/qat/quickassist/qat && install -D adf_ctl /install_root/usr/local/bin/adf_ctl +RUN (cd cmd/$CMD && GOFLAGS=${GOFLAGS} GO111MODULE=${GO111MODULE} CGO_ENABLED=1 go install "${GCFLAGS}" "${ASMFLAGS}" "${LDFLAGS}" -tags kerneldrv) RUN chmod a+x /go/bin/$CMD && install -D /go/bin/$CMD /install_root/usr/local/bin/intel_qat_device_plugin RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ diff --git a/build/docker/intel-qat-plugin.Dockerfile b/build/docker/intel-qat-plugin.Dockerfile index 387aa9ee..4df324fe 100644 --- a/build/docker/intel-qat-plugin.Dockerfile +++ b/build/docker/intel-qat-plugin.Dockerfile @@ -39,13 +39,16 @@ ARG GOLANG_BASE=golang:1.21-bookworm FROM ${GOLANG_BASE} as builder ARG DIR=/intel-device-plugins-for-kubernetes ARG GO111MODULE=on -ARG BUILDFLAGS="-ldflags=-w -s" +ARG LDFLAGS="-ldflags=all=-w -s" +ARG GOFLAGS=-trimpath +ARG GCFLAGS="-gcflags=all=-spectre=all -N -l" +ARG ASMFLAGS="-asmflags=all=-spectre=all" ARG GOLICENSES_VERSION ARG EP=/usr/local/bin/intel_qat_device_plugin ARG CMD WORKDIR ${DIR} COPY . . -RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} CGO_ENABLED=0 go install "${BUILDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} +RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install "${GCFLAGS}" "${ASMFLAGS}" "${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ diff --git a/build/docker/intel-sgx-admissionwebhook.Dockerfile b/build/docker/intel-sgx-admissionwebhook.Dockerfile index a145f354..0da163a7 100644 --- a/build/docker/intel-sgx-admissionwebhook.Dockerfile +++ b/build/docker/intel-sgx-admissionwebhook.Dockerfile @@ -39,13 +39,16 @@ ARG GOLANG_BASE=golang:1.21-bookworm FROM ${GOLANG_BASE} as builder ARG DIR=/intel-device-plugins-for-kubernetes ARG GO111MODULE=on -ARG BUILDFLAGS="-ldflags=-w -s" +ARG LDFLAGS="-ldflags=all=-w -s" +ARG GOFLAGS=-trimpath +ARG GCFLAGS="-gcflags=all=-spectre=all -N -l" +ARG ASMFLAGS="-asmflags=all=-spectre=all" ARG GOLICENSES_VERSION ARG EP=/usr/local/bin/intel_sgx_admissionwebhook ARG CMD WORKDIR ${DIR} COPY . . -RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} CGO_ENABLED=0 go install "${BUILDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} +RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install "${GCFLAGS}" "${ASMFLAGS}" "${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ diff --git a/build/docker/intel-sgx-initcontainer.Dockerfile b/build/docker/intel-sgx-initcontainer.Dockerfile index fae82da0..e30a5612 100644 --- a/build/docker/intel-sgx-initcontainer.Dockerfile +++ b/build/docker/intel-sgx-initcontainer.Dockerfile @@ -38,7 +38,10 @@ ARG GOLANG_BASE=golang:1.21-bookworm FROM ${GOLANG_BASE} as builder ARG DIR=/intel-device-plugins-for-kubernetes ARG GO111MODULE=on -ARG BUILDFLAGS="-ldflags=-w -s" +ARG LDFLAGS="-ldflags=all=-w -s" +ARG GOFLAGS=-trimpath +ARG GCFLAGS="-gcflags=all=-spectre=all -N -l" +ARG ASMFLAGS="-asmflags=all=-spectre=all" ARG GOLICENSES_VERSION ARG EP=/usr/local/bin/sgx-sw/intel-sgx-epchook ARG CMD=sgx_epchook @@ -46,7 +49,7 @@ ARG NFD_HOOK=intel-sgx-epchook ARG SRC_DIR=/usr/local/bin/sgx-sw WORKDIR ${DIR} COPY . . -RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} CGO_ENABLED=0 go install "${BUILDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} +RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install "${GCFLAGS}" "${ASMFLAGS}" "${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ diff --git a/build/docker/intel-sgx-plugin.Dockerfile b/build/docker/intel-sgx-plugin.Dockerfile index 6829da65..3bf014e3 100644 --- a/build/docker/intel-sgx-plugin.Dockerfile +++ b/build/docker/intel-sgx-plugin.Dockerfile @@ -39,13 +39,16 @@ ARG GOLANG_BASE=golang:1.21-bookworm FROM ${GOLANG_BASE} as builder ARG DIR=/intel-device-plugins-for-kubernetes ARG GO111MODULE=on -ARG BUILDFLAGS="-ldflags=-w -s" +ARG LDFLAGS="-ldflags=all=-w -s" +ARG GOFLAGS=-trimpath +ARG GCFLAGS="-gcflags=all=-spectre=all -N -l" +ARG ASMFLAGS="-asmflags=all=-spectre=all" ARG GOLICENSES_VERSION ARG EP=/usr/local/bin/intel_sgx_device_plugin ARG CMD WORKDIR ${DIR} COPY . . -RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} CGO_ENABLED=0 go install "${BUILDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} +RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install "${GCFLAGS}" "${ASMFLAGS}" "${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ diff --git a/build/docker/intel-xpumanager-sidecar.Dockerfile b/build/docker/intel-xpumanager-sidecar.Dockerfile index 913341b6..a060c2b7 100644 --- a/build/docker/intel-xpumanager-sidecar.Dockerfile +++ b/build/docker/intel-xpumanager-sidecar.Dockerfile @@ -39,13 +39,16 @@ ARG GOLANG_BASE=golang:1.21-bookworm FROM ${GOLANG_BASE} as builder ARG DIR=/intel-device-plugins-for-kubernetes ARG GO111MODULE=on -ARG BUILDFLAGS="-ldflags=-w -s" +ARG LDFLAGS="-ldflags=all=-w -s" +ARG GOFLAGS=-trimpath +ARG GCFLAGS="-gcflags=all=-spectre=all -N -l" +ARG ASMFLAGS="-asmflags=all=-spectre=all" ARG GOLICENSES_VERSION ARG EP=/usr/local/bin/intel_xpumanager_sidecar ARG CMD WORKDIR ${DIR} COPY . . -RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} CGO_ENABLED=0 go install "${BUILDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} +RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install "${GCFLAGS}" "${ASMFLAGS}" "${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ diff --git a/build/docker/lib/default_args.docker b/build/docker/lib/default_args.docker index 5064bbcc..1d65ea67 100644 --- a/build/docker/lib/default_args.docker +++ b/build/docker/lib/default_args.docker @@ -1,4 +1,7 @@ ARG DIR=/intel-device-plugins-for-kubernetes ARG GO111MODULE=on -ARG BUILDFLAGS="-ldflags=-w -s" +ARG LDFLAGS="-ldflags=all=-w -s" +ARG GOFLAGS=-trimpath +ARG GCFLAGS="-gcflags=all=-spectre=all -N -l" +ARG ASMFLAGS="-asmflags=all=-spectre=all" ARG GOLICENSES_VERSION diff --git a/build/docker/lib/default_build.docker b/build/docker/lib/default_build.docker index db9538aa..48aeb413 100644 --- a/build/docker/lib/default_build.docker +++ b/build/docker/lib/default_build.docker @@ -1,7 +1,7 @@ WORKDIR ${DIR} COPY . . -RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} CGO_ENABLED=0 go install "${BUILDFLAGS}") \ +RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install "${GCFLAGS}" "${ASMFLAGS}" "${LDFLAGS}") \ && install -D /go/bin/${CMD} /install_root${EP} #include "default_licenses.docker" diff --git a/build/docker/templates/intel-qat-plugin-kerneldrv.Dockerfile.in b/build/docker/templates/intel-qat-plugin-kerneldrv.Dockerfile.in index 80d47eaf..83a205ca 100644 --- a/build/docker/templates/intel-qat-plugin-kerneldrv.Dockerfile.in +++ b/build/docker/templates/intel-qat-plugin-kerneldrv.Dockerfile.in @@ -22,9 +22,9 @@ RUN mkdir -p /usr/src/qat \ && echo "$QAT_DRIVER_SHA256 $QAT_DRIVER_RELEASE.tar.gz" | sha256sum -c - \ && tar xf *.tar.gz \ && cd /usr/src/qat/quickassist/utilities/adf_ctl \ - && make KERNEL_SOURCE_DIR=/usr/src/qat/quickassist/qat \ + && LDFLAGS= make KERNEL_SOURCE_DIR=/usr/src/qat/quickassist/qat \ && install -D adf_ctl /install_root/usr/local/bin/adf_ctl -RUN (cd cmd/$CMD && GO111MODULE=${GO111MODULE} CGO_ENABLED=1 go install -tags kerneldrv) +RUN (cd cmd/$CMD && GOFLAGS=${GOFLAGS} GO111MODULE=${GO111MODULE} CGO_ENABLED=1 go install "${GCFLAGS}" "${ASMFLAGS}" "${LDFLAGS}" -tags kerneldrv) RUN chmod a+x /go/bin/$CMD \ && install -D /go/bin/$CMD /install_root/usr/local/bin/intel_qat_device_plugin