From b8461e39d80a2323dca4cd831f4cb41dbd5a0006 Mon Sep 17 00:00:00 2001
From: zhongjiawei <zhongjiawei1@huawei.com>
Date: Wed, 26 Jul 2023 14:48:37 +0800
Subject: [PATCH] runc:modify runc Makefile

---
 Makefile | 29 ++++++++++++++++++++++-------
 1 file changed, 22 insertions(+), 7 deletions(-)

diff --git a/Makefile b/Makefile
index e3af9bc..4475271 100644
--- a/Makefile
+++ b/Makefile
@@ -11,10 +11,13 @@ RUNC_IMAGE := runc_dev$(if $(GIT_BRANCH_CLEAN),:$(GIT_BRANCH_CLEAN))
 PROJECT := github.com/opencontainers/runc
 BUILDTAGS ?= seccomp
 
-COMMIT ?= $(shell git describe --dirty --long --always)
+COMMIT ?= $(shell cat ./git-commit | head -c 40)
 VERSION := $(shell cat ./VERSION)
 LDFLAGS_COMMON := -X main.gitCommit=$(COMMIT) -X main.version=$(VERSION)
 
+BEP_DIR := "/tmp/runc-build-bep"
+BEP_FLAG := "-tmpdir=${BEP_DIR}"
+
 GOARCH := $(shell $(GO) env GOARCH)
 
 GO_BUILDMODE :=
@@ -40,9 +43,7 @@ ifneq (,$(filter $(GOARCH),arm64 amd64))
 	endif
 endif
 # Enable static PIE binaries on supported platforms.
-GO_BUILD_STATIC := $(GO) build -trimpath $(GO_BUILDMODE_STATIC) \
-	$(EXTRA_FLAGS) -tags "$(BUILDTAGS) netgo osusergo" \
-	-ldflags "$(LDFLAGS_COMMON) $(LDFLAGS_STATIC) $(EXTRA_LDFLAGS)"
+GO_BUILD_STATIC := $(GO) build -buildmode=pie -trimpath $(EXTRA_FLAGS) -tags "$(BUILDTAGS) static_build cgo netgo osusergo"
 
 GPG_KEYID ?= asarai@suse.de
 
@@ -58,15 +59,26 @@ endif
 .DEFAULT: runc
 
 runc:
-	$(GO_BUILD) -o runc .
+	mkdir -p ${BEP_DIR}
+	$(GO_BUILD) $(BEP_FLAG) -buildid=IdByIsula -o runc .
 
 all: runc recvtty sd-helper seccompagent
 
 recvtty sd-helper seccompagent:
-	$(GO_BUILD) -o contrib/cmd/$@/$@ ./contrib/cmd/$@
+	$(GO_BUILD) $(BEP_FLAG) -buildid=IdByIsula -o contrib/cmd/$@/$@ ./contrib/cmd/$@
+
+LD_FLAGS='-buildid=none -tmpdir=/tmp/bep-runc -linkmode=external -extldflags=-Wl,-z,relro,-z,now \
+         -X main.gitCommit=$(COMMIT) -X main.version=$(VERSION) $(EXTRA_LDFLAGS) \
+         '
 
 static:
-	$(GO_BUILD_STATIC) -o runc .
+	rm -rf /tmp/bep-runc && mkdir /tmp/bep-runc
+	CGO_ENABLED=1 \
+	CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \
+	CGO_CPPFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \
+	CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \
+	CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \
+	$(GO_BUILD_STATIC) -ldflags '-extldflags=-static' -ldflags $(LD_FLAGS) -o runc .
 
 releaseall: RELEASE_ARGS := "-a arm64 -a armel -a armhf -a ppc64le -a riscv64 -a s390x"
 releaseall: release
@@ -98,6 +110,9 @@ runcimage:
 
 test: unittest integration rootlessintegration
 
+check:
+	go test -v ./libcontainer
+
 localtest: localunittest localintegration localrootlessintegration
 
 unittest: runcimage
-- 
2.33.0