diff --git a/containerd.spec b/containerd.spec index 64cd3dd..42b4f31 100644 --- a/containerd.spec +++ b/containerd.spec @@ -2,7 +2,7 @@ %global debug_package %{nil} Version: 1.2.0 Name: containerd -Release: 107 +Release: 108 Summary: An industry-standard container runtime License: ASL 2.0 URL: https://containerd.io @@ -39,6 +39,7 @@ cd $GO_BUILD_PATH/src/%{goipath} export GOPATH=$GO_BUILD_PATH:%{gopath} export BUILDTAGS="no_btrfs no_cri" make +strip ./bin/containerd ./bin/containerd-shim %install install -d $RPM_BUILD_ROOT/%{_bindir} @@ -50,6 +51,12 @@ install -p -m 755 bin/containerd-shim $RPM_BUILD_ROOT/%{_bindir}/containerd-shim %{_bindir}/containerd-shim %changelog +* Thu Mar 18 2021 xiadanni - 1.2.0-108 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:compile option compliance + * Thu Mar 18 2021 xiadanni - 1.2.0-107 - Type:bugfix - ID:NA diff --git a/git-commit b/git-commit index 649a06e..f263050 100644 --- a/git-commit +++ b/git-commit @@ -1 +1 @@ -04eb93cb4ae835a46fbd7df3dbd29f78d2a082c8 +aec25f8e033c265f30268f7170d83095404adcef diff --git a/patch/0068-containerd-compile-option-compliance.patch b/patch/0068-containerd-compile-option-compliance.patch new file mode 100644 index 0000000..8f26e10 --- /dev/null +++ b/patch/0068-containerd-compile-option-compliance.patch @@ -0,0 +1,49 @@ +From 0cda15b8d0241f9c15c0efe12d19877761f7b387 Mon Sep 17 00:00:00 2001 +From: xiadanni +Date: Thu, 18 Mar 2021 10:29:02 +0800 +Subject: [PATCH] containerd: compile option compliance + +Signed-off-by: xiadanni +--- + Makefile | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +diff --git a/Makefile b/Makefile +index f69559b..102db9f 100644 +--- a/Makefile ++++ b/Makefile +@@ -82,7 +82,7 @@ BEP_DIR=/tmp/containerd-build-bep + BEP_FLAGS=-tmpdir=/tmp/containerd-build-bep + + GO_LDFLAGS=-ldflags ' -buildid=IdByIsula -extldflags=-zrelro -extldflags=-znow $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) $(EXTRA_LDFLAGS)' +-SHIM_GO_LDFLAGS=-ldflags ' -buildid=IdByIsula $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -extldflags "-static"' ++SHIM_GO_LDFLAGS=-ldflags '-extldflags=-static' -ldflags '-buildid=IdByIsula $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -linkmode=external -extldflags=-Wl,-z,relro,-z,now' + + #Replaces ":" (*nix), ";" (windows) with newline for easy parsing + GOPATHS=$(shell echo ${GOPATH} | tr ":" "\n" | tr ";" "\n") +@@ -171,11 +171,21 @@ FORCE: + bin/%: cmd/% FORCE + mkdir -p $(BEP_DIR) + @echo "$(WHALE) $@${BINARY_SUFFIX}" ++ CGO_ENABLED=1 \ ++ CGO_CFLAGS="-fstack-protector-strong -fPIE" \ ++ CGO_CPPFLAGS="-fstack-protector-strong -fPIE" \ ++ CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \ ++ CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \ + go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@${BINARY_SUFFIX} ${GO_LDFLAGS} ${GO_TAGS} ./$< + + bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 + @echo "$(WHALE) bin/containerd-shim" +- go build ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim ++ CGO_ENABLED=1 \ ++ CGO_CFLAGS="-fstack-protector-strong -fPIE" \ ++ CGO_CPPFLAGS="-fstack-protector-strong -fPIE" \ ++ CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \ ++ CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \ ++ go build -buildmode=pie ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim + + bin/containerd-shim-runc-v1: cmd/containerd-shim-runc-v1 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 + @echo "$(WHALE) bin/containerd-shim-runc-v1" +-- +1.8.3.1 + diff --git a/series.conf b/series.conf index c46e4a9..361555e 100644 --- a/series.conf +++ b/series.conf @@ -72,4 +72,5 @@ patch/0064-containerd-check-task-list-to-avoid-unnecessary-clea.patch patch/0065-containerd-fix-dead-loop.patch patch/0066-containerd-cleanup-dangling-shim-by-brand-new-context.patch patch/0067-containerd-fix-potential-panic-for-task-in-unknown-state.patch +patch/0068-containerd-compile-option-compliance.patch # end