Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: app minification #988

Merged
merged 14 commits into from
Mar 4, 2025
Merged

feat: app minification #988

merged 14 commits into from
Mar 4, 2025
+739 −305

Conversation

jimcase
Copy link
Contributor

@jimcase jimcase commented Feb 28, 2025
edited
Loading

Description

Binary minification can help slow down attackers with access to the runtime and make it harder to know where to check memory for exploits.

We should minify the entire Capacitor app on production builds.

Checklist before requesting a review

Issue ticket number and link

  • This PR has a valid ticket number or issue: [link]

Testing & Validation

  • This PR has been tested/validated in IOS, Android and browser.
  • The code has been tested locally with test coverage match expectations.
  • Added new Unit/Component testing (if relevant).

Security

  • No secrets are being committed (i.e. credentials, PII)
  • This PR does not have any significant security implications

Code Review

  • There is no unused functionality or blocks of commented out code (otherwise, please explain below)
  • In addition to this PR, all relevant documentation (e.g. Confluence) and architecture diagrams (e.g. Miro) were updated

Design Review

  • If this PR contains changes to the UI, it has gone through a design review with UX Designer or Product owner.
  • In case PR contains changes to the UI, add some screenshots to notice the differences

@jimcase jimcase self-assigned this Feb 28, 2025
@jimcase jimcase marked this pull request as ready for review February 28, 2025 11:44
@jimcase jimcase requested a review from iFergal as a code owner February 28, 2025 11:44
iFergal
iFergal reviewed Feb 28, 2025
View reviewed changes
@jimcase
Copy link
Contributor Author

jimcase commented Mar 4, 2025
edited
Loading

ARC (Automatic Reference Counting), flag:
-fobjc-arc

NX (Non-Executable Stack), flag:
-Wl,-z,noexecstack

STACK CANARY, flag:
-fstack-protect or -fstack-protector-all

SYMBOLS STRIPPED, flags:

COPY_PHASE_STRIP = YES
DEPLOYMENT_POSTPROCESSING = YES
STRIP_INSTALLED_PRODUCT = YES

RELRO (Relocation Read-Only), flags:
-Wl,-z,relro

RPATH/RUNPATH, flags:
-Wl,-rpath,@executable_path/Frameworks

PIE, flag:
-pie

FORTIFY:

 -D_FORTIFY_SOURCE=2
GCC_OPTIMIZATION_LEVEL = -O2

@iFergal iFergal merged commit 43497c9 into main Mar 4, 2025
1 check passed
@iFergal iFergal deleted the feature/app-minification branch March 4, 2025 19:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iFergal iFergal iFergal approved these changes

Assignees

@jimcase jimcase

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jimcase @iFergal