!117 [sync] PR-116: add secure complie option and code improve

From: @openeuler-sync-bot Reviewed-by: @xuxuepeng Signed-off-by: @xuxuepeng
2024-04-11 01:37:43 +00:00 · 2024-04-11 01:37:43 +00:00 · 0fb3734d82
commit 0fb3734d82
parent 60c0b4b248 536c47cfc7
3 changed files with 26 additions and 14 deletions
--- a/0001-add-secure-compile-option.patch
+++ b/0001-add-secure-compile-option.patch
@ -1,26 +1,27 @@
-From bc32151458494ce41b4ccc0e0e87999ce27a15fc Mon Sep 17 00:00:00 2001
+From 4cf6dc9f628fc2c5b3478d70e15d4fab8a32ae86 Mon Sep 17 00:00:00 2001
 From: zhongtao <zhongtao17@huawei.com>
-Date: Wed, 10 Jan 2024 16:21:07 +0800
+Date: Wed, 10 Apr 2024 11:43:51 +0800
 Subject: [PATCH] add secure compile option

 Signed-off-by: zhongtao <zhongtao17@huawei.com>
 ---
- CMakeLists.txt | 2 ++
- 1 file changed, 2 insertions(+)
+ CMakeLists.txt | 3 +++
+ 1 file changed, 3 insertions(+)

 diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 4137ce2..05ee303 100644
+index 4137ce2..d17f09d 100644
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
-@@ -2,6 +2,8 @@
+@@ -2,6 +2,9 @@
 # to 3.26.
 cmake_minimum_required(VERSION 3.10...3.26)
 
-+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wl,-z,now -fstack-check")
+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wl,-z,now -fstack-check -fPIE")
+set(CMAKE_EXE_LINKER_FLAGS "-pie")
 +
 # Revert to old behavior for MSVC debug symbols.
 if(POLICY CMP0141)
   cmake_policy(SET CMP0141 OLD)
 -- 
-2.43.0
+2.25.1

--- a/0002-Fix-CC-compiler-support.patch
+++ b/0002-Fix-CC-compiler-support.patch
--- a/protobuf.spec
+++ b/protobuf.spec
@ -7,7 +7,7 @@
 Summary:        Protocol Buffers - Google's data interchange format
 Name:           protobuf
 Version:        25.1
-Release:        2
+Release:        3
 License:        BSD
 URL:            https://github.com/protocolbuffers/protobuf
 Source:         https://github.com/protocolbuffers/protobuf/releases/download/v%{version}%{?rcver}/%{name}-all-%{version}%{?rcver}.tar.gz
@ -15,7 +15,7 @@ Source1:        protobuf-init.el
 %global so_version 25.1

 Patch9000:      0001-add-secure-compile-option.patch
-Patch9001:      0001-Fix-CC-compiler-support.patch
+Patch9001:      0002-Fix-CC-compiler-support.patch

 BuildRequires:  cmake gcc-c++ emacs zlib-devel gmock-devel gtest-devel jsoncpp-devel
 BuildRequires:  fdupes pkgconfig python-rpm-macros pkgconfig(zlib) ninja-build
@ -233,8 +233,9 @@ pushd build
 	-DCMAKE_MODULE_LINKER_FLAGS=-Wl,--as-needed \
 	-DCMAKE_SHARED_LINKER_FLAGS=-Wl,--as-needed \
 	-DCMAKE_CXX_FLAGS="-g -O2" \
-        -DCMAKE_C_COMPILER=%{__cc} \
-        -DCMAKE_CXX_COMPILER=%{__cxx} \
+	-DCMAKE_C_COMPILER=%{__cc} \
+	-DCMAKE_CXX_COMPILER=%{__cxx} \
+	-DCMAKE_SKIP_RPATH=TRUE \
 	-G Ninja \
 	../
 popd
@ -250,8 +251,9 @@ export CMAKE_BUILD_DIR=build-static
 	-Dprotobuf_ABSL_PROVIDER=package \
 	-Dprotobuf_BUILD_TESTS:BOOL=OFF \
 	-DCMAKE_CXX_FLAGS="-fPIC" \
-        -DCMAKE_C_COMPILER=%{__cc} \
-        -DCMAKE_CXX_COMPILER=%{__cxx} \
+	-DCMAKE_C_COMPILER=%{__cc} \
+	-DCMAKE_CXX_COMPILER=%{__cxx} \
+	-DCMAKE_SKIP_RPATH=TRUE \
 	-G Ninja \
 	../
 popd
@ -260,6 +262,9 @@ popd
 %ninja_build -C build
 %ninja_build -C build-static

+# we have to override LD_LIBRARY_PATH because we eliminated rpath
+export LD_LIBRARY_PATH="${PWD}/build":$LD_LIBRARY_PATH
+
 %if %{with python}
 # Use the just built protoc instead of any
 # system version for python and/or java bindings
@ -392,6 +397,12 @@ install -p -m 0644 %{SOURCE1} %{buildroot}%{_emacs_sitestartdir}
 %endif

 %changelog
+* Tue Apr 09 2024 zhongtao <zhongtao17@huawei.com> - 25.1-3
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC: add secure complie option and code improve
+
 * Wed Mar 20 2024 wangqiang <wangqiang1@kylinos.cn> - 25.1-2
 - Support package build with clang