Use gc-sections when compiling with musl to reduce executable size

CMakeLists.txt

@@ -135,6 +135,10 @@ if(ICHOR_MUSL)
     target_compile_definitions(ichor PUBLIC ICHOR_MUSL)
     target_compile_options(ichor PUBLIC -static)
     target_link_options(ichor PUBLIC -static-libgcc -static-libstdc++ -static)
+    # reduce filesize of produced binaries greatly
+    # does not work with glibc, as that relies on magic sections
+    target_compile_options(ichor PUBLIC -ffunction-sections -fdata-sections)
+    target_link_options(ichor PUBLIC -Wl,--gc-sections)
 endif()
 if(ICHOR_AARCH64)
     target_compile_definitions(ichor PUBLIC ICHOR_AARCH64)

Dockerfile-musl-aarch64

@@ -10,9 +10,9 @@ RUN wget https://boostorg.jfrog.io/artifactory/main/release/1.81.0/source/boost_
 RUN wget https://github.com/redis/hiredis/archive/refs/tags/v1.2.0.tar.gz
 RUN wget https://www.openssl.org/source/openssl-3.0.11.tar.gz
 
-ENV CFLAGS="-O2 -fstack-protector-strong -mbranch-protection=standard -fstack-clash-protection -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3"
-ENV CXXFLAGS="-O2 -std=c++20 -fstack-protector-strong -mbranch-protection=standard -fstack-clash-protection -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 -D_GLIBCXX_ASSERTIONS -D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_FAST"
-ENV LDFLAGS="-static-libgcc -static-libstdc++ -static -Wl,-z,nodlopen -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now"
+ENV CFLAGS="-O2 -fstack-protector-strong -mbranch-protection=standard -fstack-clash-protection -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 -ffunction-sections -fdata-sections"
+ENV CXXFLAGS="-O2 -std=c++20 -fstack-protector-strong -mbranch-protection=standard -fstack-clash-protection -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 -D_GLIBCXX_ASSERTIONS -D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_FAST -ffunction-sections -fdata-sections"
+ENV LDFLAGS="-static-libgcc -static-libstdc++ -static -Wl,-z,nodlopen -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now -Wl,--gc-sections"
 #Build openssl statically, alpine (and probably most distros) only provide shared libraries. Might be a security thing?
 RUN tar xf openssl-3.0.11.tar.gz
 WORKDIR /opt/openssl-3.0.11
@@ -28,8 +28,8 @@ RUN tar xf boost_1_81_0.tar.bz2
 WORKDIR /opt/boost_1_81_0
 
 RUN ./bootstrap.sh --prefix=/usr
-RUN ./b2 variant=release link=static threading=multi cxxflags="-O2 -std=c++20 -static -fstack-protector-strong -mbranch-protection=standard -fstack-clash-protection -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 -D_GLIBCXX_ASSERTIONS -D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_FAST" linkflags="-static-libgcc -static-libstdc++ -static -Wl,-z,nodlopen -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now"
-RUN ./b2 variant=release link=static threading=multi cxxflags="-O2 -std=c++20 -static -fstack-protector-strong -mbranch-protection=standard -fstack-clash-protection -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 -D_GLIBCXX_ASSERTIONS -D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_FAST" linkflags="-static-libgcc -static-libstdc++ -static -Wl,-z,nodlopen -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now" install
+RUN ./b2 variant=release link=static threading=multi cxxflags="-O2 -std=c++20 -static -fstack-protector-strong -mbranch-protection=standard -fstack-clash-protection -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 -D_GLIBCXX_ASSERTIONS -D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_FAST -ffunction-sections -fdata-sections" linkflags="-static-libgcc -static-libstdc++ -static -Wl,-z,nodlopen -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now -Wl,--gc-sections"
+RUN ./b2 variant=release link=static threading=multi cxxflags="-O2 -std=c++20 -static -fstack-protector-strong -mbranch-protection=standard -fstack-clash-protection -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 -D_GLIBCXX_ASSERTIONS -D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_FAST -ffunction-sections -fdata-sections" linkflags="-static-libgcc -static-libstdc++ -static -Wl,-z,nodlopen -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now -Wl,--gc-sections" install
 
 WORKDIR /opt