83 lines
2.6 KiB
Diff
83 lines
2.6 KiB
Diff
From b8461e39d80a2323dca4cd831f4cb41dbd5a0006 Mon Sep 17 00:00:00 2001
|
|
From: zhongjiawei <zhongjiawei1@huawei.com>
|
|
Date: Wed, 26 Jul 2023 14:48:37 +0800
|
|
Subject: [PATCH] runc:modify runc Makefile
|
|
|
|
---
|
|
Makefile | 29 ++++++++++++++++++++++-------
|
|
1 file changed, 22 insertions(+), 7 deletions(-)
|
|
|
|
diff --git a/Makefile b/Makefile
|
|
index e3af9bc..4475271 100644
|
|
--- a/Makefile
|
|
+++ b/Makefile
|
|
@@ -11,10 +11,13 @@ RUNC_IMAGE := runc_dev$(if $(GIT_BRANCH_CLEAN),:$(GIT_BRANCH_CLEAN))
|
|
PROJECT := github.com/opencontainers/runc
|
|
BUILDTAGS ?= seccomp
|
|
|
|
-COMMIT ?= $(shell git describe --dirty --long --always)
|
|
+COMMIT ?= $(shell cat ./git-commit | head -c 40)
|
|
VERSION := $(shell cat ./VERSION)
|
|
LDFLAGS_COMMON := -X main.gitCommit=$(COMMIT) -X main.version=$(VERSION)
|
|
|
|
+BEP_DIR := "/tmp/runc-build-bep"
|
|
+BEP_FLAG := "-tmpdir=${BEP_DIR}"
|
|
+
|
|
GOARCH := $(shell $(GO) env GOARCH)
|
|
|
|
GO_BUILDMODE :=
|
|
@@ -40,9 +43,7 @@ ifneq (,$(filter $(GOARCH),arm64 amd64))
|
|
endif
|
|
endif
|
|
# Enable static PIE binaries on supported platforms.
|
|
-GO_BUILD_STATIC := $(GO) build -trimpath $(GO_BUILDMODE_STATIC) \
|
|
- $(EXTRA_FLAGS) -tags "$(BUILDTAGS) netgo osusergo" \
|
|
- -ldflags "$(LDFLAGS_COMMON) $(LDFLAGS_STATIC) $(EXTRA_LDFLAGS)"
|
|
+GO_BUILD_STATIC := $(GO) build -buildmode=pie -trimpath $(EXTRA_FLAGS) -tags "$(BUILDTAGS) static_build cgo netgo osusergo"
|
|
|
|
GPG_KEYID ?= asarai@suse.de
|
|
|
|
@@ -58,15 +59,26 @@ endif
|
|
.DEFAULT: runc
|
|
|
|
runc:
|
|
- $(GO_BUILD) -o runc .
|
|
+ mkdir -p ${BEP_DIR}
|
|
+ $(GO_BUILD) $(BEP_FLAG) -buildid=IdByIsula -o runc .
|
|
|
|
all: runc recvtty sd-helper seccompagent
|
|
|
|
recvtty sd-helper seccompagent:
|
|
- $(GO_BUILD) -o contrib/cmd/$@/$@ ./contrib/cmd/$@
|
|
+ $(GO_BUILD) $(BEP_FLAG) -buildid=IdByIsula -o contrib/cmd/$@/$@ ./contrib/cmd/$@
|
|
+
|
|
+LD_FLAGS='-buildid=none -tmpdir=/tmp/bep-runc -linkmode=external -extldflags=-Wl,-z,relro,-z,now \
|
|
+ -X main.gitCommit=$(COMMIT) -X main.version=$(VERSION) $(EXTRA_LDFLAGS) \
|
|
+ '
|
|
|
|
static:
|
|
- $(GO_BUILD_STATIC) -o runc .
|
|
+ rm -rf /tmp/bep-runc && mkdir /tmp/bep-runc
|
|
+ CGO_ENABLED=1 \
|
|
+ CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \
|
|
+ CGO_CPPFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \
|
|
+ CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \
|
|
+ CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \
|
|
+ $(GO_BUILD_STATIC) -ldflags '-extldflags=-static' -ldflags $(LD_FLAGS) -o runc .
|
|
|
|
releaseall: RELEASE_ARGS := "-a arm64 -a armel -a armhf -a ppc64le -a riscv64 -a s390x"
|
|
releaseall: release
|
|
@@ -98,6 +110,9 @@ runcimage:
|
|
|
|
test: unittest integration rootlessintegration
|
|
|
|
+check:
|
|
+ go test -v ./libcontainer
|
|
+
|
|
localtest: localunittest localintegration localrootlessintegration
|
|
|
|
unittest: runcimage
|
|
--
|
|
2.33.0
|
|
|