!25 [sync] PR-24: 增加 PIE,BIND_NOW,RELRO,STRIP安全编译选项

From: @openeuler-sync-bot 
Reviewed-by: @jxy_git 
Signed-off-by: @jxy_git

containernetworking-plugins.spec

@@ -16,7 +16,7 @@
  
 Name: %{project}-%{repo}
 Version: 1.1.1
-Release: 1
+Release: 2
 Summary: Libraries for use by writing CNI plugin
 License: ASL 2.0
 URL: https://github.com/containernetworking/plugins
@@ -119,7 +119,7 @@ for d in $PLUGINS; do
     if [ -d "$d" ]; then
         plugin="$(basename "$d")"
         echo "  $plugin"
-        go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d '  \n') -extldflags '%__global_ldflags %{?__golang_extldflags}'" -a -v -x -o "${PWD}/bin/$plugin" "$@" github.com/containernetworking/plugins/$d
+        go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d '  \n') -s -w -linkmode=external -extldflags '%__global_ldflags %{?__golang_extldflags} -Wl,-z,now ' " -a -v -x -o "${PWD}/bin/$plugin" "$@" github.com/containernetworking/plugins/$d
     fi
 done
 
@@ -192,7 +192,7 @@ VERSIONFLAGS="
 "
 TAGS="apparmor seccomp netcgo osusergo providerless"
 STATIC="-extldflags '-static -lm -ldl -lz -lpthread'"
-GO111MODULE=off CGO_ENABLED=0 GOPATH=$TMPDIR go build -tags "$TAGS" -ldflags "$VERSIONFLAGS $LDFLAGS $STATIC" -o %{_builddir}/cni
+GO111MODULE=off CGO_ENABLED=0 GOPATH=$TMPDIR go build -tags "$TAGS" -buildmode=pie -ldflags "$VERSIONFLAGS $LDFLAGS $STATIC -s -w -linkmode=external -extldflags '-Wl,-z,relro  -Wl,-z,now  ' " -o %{_builddir}/cni
  
 %install
 install -d -p %{buildroot}%{_libexecdir}/cni/
@@ -313,6 +313,9 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
 
 
 %changelog
+* Thu Feb 09 2023 yaoxin <yaoxin30@h-partners.com> - 1.1.1-2
+- Add PIE,BIND_NOW,RELRO,STRIP secure compilation options
+
 * Wed Jul 20 2022 Ge Wang <wangge20@h-partners.com> - 1.1.1-1
 - update to version 1.1.1