packages/kata-containers
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
kata-containers/patches/0033-optimize-compile-options.patch
Vanient 0c47c835f8 kata:optimize compile options 
1. add CGO compile options for
kata-runtime/kata-netmon/containerd-shim-kata-v2, including open
BIND_NOW, SP, FS compile options.
2. use pie mode to build kata-monitor

Signed-off-by: Vanient <xiadanni1@huawei.com>
(cherry picked from commit 91abc3917fa847ce1fea0273bc2d523534aee70c)
2022-09-09 16:17:07 +08:00

58 lines
2.5 KiB
Diff
Raw Blame History

From 443e65326eeccb3a4ad8170670d56c32931215f9 Mon Sep 17 00:00:00 2001
From: Vanient <xiadanni1@huawei.com>
Date: Thu, 8 Sep 2022 21:44:13 +0800
Subject: [PATCH] optimize compile options
Signed-off-by: Vanient <xiadanni1@huawei.com>
---
src/runtime/Makefile | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/src/runtime/Makefile b/src/runtime/Makefile
index bade196..ad421d9 100644
--- a/src/runtime/Makefile
+++ b/src/runtime/Makefile
@@ -566,7 +566,11 @@ monitor: $(MONITOR_OUTPUT)
netmon: $(NETMON_TARGET_OUTPUT)
$(NETMON_TARGET_OUTPUT): $(SOURCES) VERSION
- $(QUIET_BUILD)(cd $(NETMON_DIR) && go build $(BUILDFLAGS) -o $@ -ldflags "-X main.version=$(VERSION)" $(KATA_LDFLAGS))
+ $(QUIET_BUILD)(cd $(NETMON_DIR) && \
+ CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \
+ CGO_LDFLAGS_ALLOW="-Wl,-z,relro,-z,now" \
+ CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \
+ go build $(BUILDFLAGS) -o $@ -ldflags "-linkmode=external -X main.version=$(VERSION)" $(KATA_LDFLAGS))
runtime: $(TARGET_OUTPUT) $(CONFIGS)
.DEFAULT: default
@@ -605,15 +609,23 @@ GENERATED_FILES += $(GENERATED_CONFIG)
GENERATED_FILES += pkg/katautils/config-settings.go
$(TARGET_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST) | show-summary
- $(QUIET_BUILD)(cd $(CLI_DIR) && go build $(KATA_LDFLAGS) $(BUILDFLAGS) -o $@ .)
+ $(QUIET_BUILD)(cd $(CLI_DIR) && \
+ CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \
+ CGO_LDFLAGS_ALLOW="-Wl,-z,relro,-z,now" \
+ CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \
+ go build -ldflags "-linkmode=external" $(KATA_LDFLAGS) $(BUILDFLAGS) -o $@ .)
$(SHIMV2_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST)
$(QUIET_BUILD)(cd $(SHIMV2_DIR)/ && ln -fs $(GENERATED_CONFIG))
- $(QUIET_BUILD)(cd $(SHIMV2_DIR)/ && go build $(KATA_LDFLAGS) $(BUILDFLAGS) -o $@ .)
+ $(QUIET_BUILD)(cd $(SHIMV2_DIR)/ && \
+ CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \
+ CGO_LDFLAGS_ALLOW="-Wl,-z,relro,-z,now" \
+ CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \
+ go build -ldflags "-linkmode=external" $(KATA_LDFLAGS) $(BUILDFLAGS) -o $@ .)
$(MONITOR_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST) .git-commit
$(QUIET_BUILD)(cd $(MONITOR_DIR)/ && CGO_ENABLED=0 go build \
- --ldflags "-X main.GitCommit=$(shell cat .git-commit)" $(BUILDFLAGS) -buildmode=exe -o $@ .)
+ --ldflags "-linkmode=external -X main.GitCommit=$(shell cat .git-commit)" $(BUILDFLAGS) -o $@ .)
.PHONY: \
check \
--
2.27.0
Reference in New Issue View Git Blame Copy Permalink