From 55cd0c89d89c3a34c5969f0e33cb8b6be4fceef5 Mon Sep 17 00:00:00 2001
From: "James O. D. Hunt" <james.o.hunt@intel.com>
Date: Thu, 3 Mar 2022 10:41:26 +0000
Subject: [PATCH] runtime: Build golang components with extra security options

Enable stack protector and fortify source for golang builds.

Fixes: #3817.

Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
---
 src/runtime/Makefile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/runtime/Makefile b/src/runtime/Makefile
index ea0f4eb35..c6e7ce16d 100644
--- a/src/runtime/Makefile
+++ b/src/runtime/Makefile
@@ -28,6 +28,9 @@ ARCH_FILE = $(ARCH_DIR)/$(ARCH)$(ARCH_FILE_SUFFIX)
 ARCH_FILES = $(wildcard arch/*$(ARCH_FILE_SUFFIX))
 ALL_ARCHES = $(patsubst $(ARCH_DIR)/%$(ARCH_FILE_SUFFIX),%,$(ARCH_FILES))
 
+# Build as safely as possible
+export CGO_CPPFLAGS = -D_FORTIFY_SOURCE=2 -fstack-protector
+
 ifeq (,$(realpath $(ARCH_FILE)))
     $(error "ERROR: invalid architecture: '$(ARCH)'")
 else