packages/isula-build
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

improve security compile option of isula-build binary

Browse Source
This commit is contained in:
xingweizheng 2022-09-14 11:07:15 +08:00
parent 61e7efba4c
commit 1ba6007281
6 changed files with 38 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION-openeuler
View File

@ -1 +1 @@
0.9.6-11 0.9.6-12

4
apply-patches
View File

@ -9,7 +9,7 @@ set -ex
pkg=isula-build pkg=isula-build
cwd=${PWD} cwd=${PWD}
src=${cwd}/${pkg} src=${cwd}/${pkg}
tar_file=v"$(awk -F"-" '{print $1}' < VERSION-openeuler)".tar.gz tar_file=v"$(awk -F"-" '{print $1}' <VERSION-openeuler)".tar.gz
mkdir ${src} && tar -zxvf "${tar_file}" -C ${src} --strip-components 1 mkdir ${src} && tar -zxvf "${tar_file}" -C ${src} --strip-components 1
if [ ! -d patch ]; then if [ ! -d patch ]; then
@ -25,7 +25,7 @@ git commit -m 'init build'
cd "${cwd}" cd "${cwd}"
series=${cwd}/series.conf series=${cwd}/series.conf
while IPF= read -r line; do while IPF= read -r line || [ -n "$line" ]; do
if [[ "${line}" =~ ^patch* ]]; then if [[ "${line}" =~ ^patch* ]]; then
echo "git apply ${cwd}/${line}" echo "git apply ${cwd}/${line}"
cd "${src}" && git apply "${cwd}/${line}" cd "${src}" && git apply "${cwd}/${line}"

2
git-commit
View File

@ -1 +1 @@
e88af88d105b4a5f68bd3a816ced949c3958353c 716dbdd867b5ee948f741de9958525531b59a31e

8
isula-build.spec
View File

@ -2,7 +2,7 @@
Name: isula-build Name: isula-build
Version: 0.9.6 Version: 0.9.6
Release: 11 Release: 12
Summary: A tool to build container images Summary: A tool to build container images
License: Mulan PSL V2 License: Mulan PSL V2
URL: https://gitee.com/openeuler/isula-build URL: https://gitee.com/openeuler/isula-build
@ -85,6 +85,12 @@ fi
/usr/share/bash-completion/completions/isula-build /usr/share/bash-completion/completions/isula-build
%changelog %changelog
* Wed Sep 14 2022 xingweizheng <xingweizheng@huawei.com> - 0.9.6-12
- Type:bugfix
- CVE:NA
- SUG:restart
- DESC:improve security compile option of isula-build binary
* Fri Aug 19 2022 daisicheng <daisicheng@huawei.com> - 0.9.6-11 * Fri Aug 19 2022 daisicheng <daisicheng@huawei.com> - 0.9.6-11
- Type:bugfix - Type:bugfix
- CVE:NA - CVE:NA

25
patch/0126-improve-security-compile-option-of-isula-build-binar.patch Normal file
View File

@ -0,0 +1,25 @@
From bdbd4b3136d57ef5e8d30f8537d03693cc11c481 Mon Sep 17 00:00:00 2001
From: xingweizheng <xingweizheng@huawei.com>
Date: Tue, 13 Sep 2022 23:07:28 +0800
Subject: [PATCH] improve security compile option of isula-build binary
---
Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 4bdb064..0d6bd01 100644
--- a/Makefile
+++ b/Makefile
@@ -23,7 +23,7 @@ BUILDFLAGS := -tags "$(BUILDTAGS)"
TMPDIR := /tmp/isula_build_tmpdir
BEFLAG := -tmpdir=${TMPDIR}
SAFEBUILDFLAGS := -buildid=IdByIsula -buildmode=pie -extldflags=-ftrapv -extldflags=-zrelro -extldflags=-znow $(BEFLAG) $(LDFLAGS)
-STATIC_LDFLAGS := -linkmode=external -extldflags=-static
+STATIC_LDFLAGS := -linkmode=external -extldflags "-static-pie -Wl,-z,now"
IMAGE_BUILDARGS := $(if $(http_proxy), --build-arg http_proxy=$(http_proxy))
IMAGE_BUILDARGS += $(if $(https_proxy), --build-arg https_proxy=$(https_proxy))
--
2.27.0

3
series.conf
View File

@ -33,4 +33,5 @@ patch/0121-print-first-and-second-error-when-dockerfile-not-fou.patch
patch/0122-registries.toml-could-not-be-empty-hosts-resolv.conf.patch patch/0122-registries.toml-could-not-be-empty-hosts-resolv.conf.patch
patch/0123-modify-the-Makefile-and-README-document.patch patch/0123-modify-the-Makefile-and-README-document.patch
patch/0124-add-the-constraints-and-limitations-of-the-doc.patch patch/0124-add-the-constraints-and-limitations-of-the-doc.patch
patch/0125-fix-the-possible-file-leakage-problem-in-util-cipher.patch patch/0125-fix-the-possible-file-leakage-problem-in-util-cipher.patch
patch/0126-improve-security-compile-option-of-isula-build-binar.patch