Use Polarix Hardened Malloc

2024-09-16 14:14:42 -04:00 · 2024-08-11 12:50:01 -07:00 · 2024-08-11 12:50:01 -07:00 · 05298dcb6c
commit 05298dcb6c
parent d54e386a39
1 changed files with 3 additions and 24 deletions
--- a/27
+++ b/27
@ -1,25 +1,3 @@
-ARG HARDENED_MALLOC_VERSION=2024060400
-
-### Build Hardened Malloc
-FROM alpine:latest as hmalloc-builder
-
-ARG HARDENED_MALLOC_VERSION
-ARG CONFIG_NATIVE=false
-ARG VARIANT=default
-
-RUN apk -U upgrade \
-    && apk --no-cache add build-base git gnupg openssh-keygen
-    
-RUN cd /tmp \
-    && git clone --depth 1 --branch ${HARDENED_MALLOC_VERSION} https://github.com/GrapheneOS/hardened_malloc \
-    && cd hardened_malloc \
-    && wget -q https://grapheneos.org/allowed_signers -O grapheneos_allowed_signers \
-    && git config gpg.ssh.allowedSignersFile grapheneos_allowed_signers \
-    && git verify-tag $(git describe --tags) \
-    && make CONFIG_NATIVE=${CONFIG_NATIVE} VARIANT=${VARIANT}
-
-### Build Production
-
 FROM node:alpine

 LABEL maintainer="Thien Tran contact@tommytran.io"
@ -27,6 +5,9 @@ LABEL maintainer="Thien Tran contact@tommytran.io"
 ARG UID=992
 ARG GID=992

+COPY --from=ghcr.io/polarix-containers/hardened_malloc:latest /install /usr/local/lib/
+ENV LD_PRELOAD="/usr/local/lib/libhardened_malloc.so"
+
 RUN apk -U upgrade \
    && apk --no-cache add git \
    && adduser -g ${GID} -u ${UID} --disabled-password --gecos "" matrix-to
@ -48,8 +29,6 @@ RUN git apply /home/matrix-to/matrix.to/element.patch \
    && yarn cache clean \
    && yarn build

-COPY --from=hmalloc-builder /tmp/hardened_malloc/out/libhardened_malloc.so /usr/local/lib/
-
 ENV LD_PRELOAD="/usr/local/lib/libhardened_malloc.so"

 EXPOSE 5000