packages/containerd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
containerd/patch/0068-containerd-compile-option-compliance.patch

50 lines
2.5 KiB
Diff
Raw Normal View History

containerd: compile option compliance Signed-off-by: xiadanni <xiadanni1@huawei.com>
2021-03-18 10:37:38 +08:00
From 0cda15b8d0241f9c15c0efe12d19877761f7b387 Mon Sep 17 00:00:00 2001
From: xiadanni <xiadanni1@huawei.com>
Date: Thu, 18 Mar 2021 10:29:02 +0800
Subject: [PATCH] containerd: compile option compliance
Signed-off-by: xiadanni <xiadanni1@huawei.com>
---
Makefile | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/Makefile b/Makefile
index f69559b..102db9f 100644
--- a/Makefile
+++ b/Makefile
@@ -82,7 +82,7 @@ BEP_DIR=/tmp/containerd-build-bep
BEP_FLAGS=-tmpdir=/tmp/containerd-build-bep
GO_LDFLAGS=-ldflags ' -buildid=IdByIsula -extldflags=-zrelro -extldflags=-znow $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) $(EXTRA_LDFLAGS)'
-SHIM_GO_LDFLAGS=-ldflags ' -buildid=IdByIsula $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -extldflags "-static"'
+SHIM_GO_LDFLAGS=-ldflags '-extldflags=-static' -ldflags '-buildid=IdByIsula $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -linkmode=external -extldflags=-Wl,-z,relro,-z,now'
#Replaces ":" (*nix), ";" (windows) with newline for easy parsing
GOPATHS=$(shell echo ${GOPATH} | tr ":" "\n" | tr ";" "\n")
@@ -171,11 +171,21 @@ FORCE:
bin/%: cmd/% FORCE
mkdir -p $(BEP_DIR)
@echo "$(WHALE) $@${BINARY_SUFFIX}"
+ CGO_ENABLED=1 \
+ CGO_CFLAGS="-fstack-protector-strong -fPIE" \
+ CGO_CPPFLAGS="-fstack-protector-strong -fPIE" \
+ CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \
+ CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \
go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@${BINARY_SUFFIX} ${GO_LDFLAGS} ${GO_TAGS} ./$<
bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220
@echo "$(WHALE) bin/containerd-shim"
- go build ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim
+ CGO_ENABLED=1 \
+ CGO_CFLAGS="-fstack-protector-strong -fPIE" \
+ CGO_CPPFLAGS="-fstack-protector-strong -fPIE" \
+ CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \
+ CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \
+ go build -buildmode=pie ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim
bin/containerd-shim-runc-v1: cmd/containerd-shim-runc-v1 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220
@echo "$(WHALE) bin/containerd-shim-runc-v1"
--
1.8.3.1
Reference in New Issue Copy Permalink