From 0077251f9360d5f7a7bb0b3018c91be273d0fcd6 Mon Sep 17 00:00:00 2001
From: "Lance R. Vick" <lance@lrvick.net>
Date: Tue, 28 Nov 2023 16:50:38 -0800
Subject: [PATCH] add sane cflags to musl build

---
 packages/musl/Dockerfile | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/packages/musl/Dockerfile b/packages/musl/Dockerfile
index 1e61ceb..f18d42c 100644
--- a/packages/musl/Dockerfile
+++ b/packages/musl/Dockerfile
@@ -3,13 +3,15 @@ FROM imgrep/bootstrap:latest as build
 ENV SRC_SITE http://musl.libc.org
 ENV SRC_VERSION 1.2.4
 ENV SRC_HASH 7a35eae33d5372a7c0da1188de798726f68825513b7ae3ebe97aaaa52114f039
+ENV CFLAGS="-Os -fstack-clash-protection -Wformat -Werror=format-security"
+ENV CXXFLAGS="-Os -fstack-clash-protection -Wformat -Werror=format-security -D_GLIBCXX_ASSERTIONS=1 -D_LIBCPP_ENABLE_THREAD_SAFETY_ANNOTATIONS=1 -D_LIBCPP_ENABLE_HARDENED_MODE=1"
+ENV LDFLAGS="-Wl,--as-needed,-O1,--sort-common -Wl,-soname,libc.musl-x86_64.so.1"
 
 RUN wget ${SRC_SITE}/releases/musl-$SRC_VERSION.tar.gz
 RUN echo "${SRC_HASH} musl-${SRC_VERSION}.tar.gz" | sha256sum -c
 RUN tar -xzf musl-${SRC_VERSION}.tar.gz
 WORKDIR musl-${SRC_VERSION}
 RUN set -eux; \
-    export LDFLAGS="-Wl,-soname,libc.musl-x86_64.so.1"; \
     ./configure \
         --build=x86_64-linux-musl \
         --host=x86_64-linux-musl \