Proposal: use same compilation flags as the Docker images

crazywhalecc / static-php-cli

Build standalone PHP binary on Linux, macOS, FreeBSD, Windows, with PHP project together, with popular extensions included.

https://static-php.dev

MIT License

1.33k stars 233 forks source link

Proposal: use same compilation flags as the Docker images #515

Open dunglas opened 3 months ago

dunglas commented 3 months ago

For improved security, what do you think about using by default the same flags as the Docker image? https://github.com/docker-library/php/blob/master/8.3/alpine3.20/zts/Dockerfile#L53-L55

crazywhalecc commented 3 months ago

It's useful to improve security, and now that the -fPIE flag is set, I think the only thing to consider is to keep -Os.

But I don't have a performance and security test plan at the moment, and these compilation parameters may also affect phpmicro. It would be better if there were more comprehensive tests on these flags.