packages/containerd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
containerd/patch/0076-containerd-add-CGO-security-build-options.patch
zhongjiawei 750d0bfb56 containerd: bugfix and add CGO serurity build option 
(cherry picked from commit ec5896c6deaa050bfc185cfc9b464f7c8b859fe2)
2022-09-22 17:30:49 +08:00

30 lines
992 B
Diff
Raw Blame History

From fb499f406340e142e6996b05772b5661938fefa5 Mon Sep 17 00:00:00 2001
From: xiadanni <xiadanni1@huawei.com>
Date: Mon, 22 Feb 2021 15:09:53 +0800
Subject: [PATCH] containerd: add CGO security build options
Signed-off-by: xiadanni <xiadanni1@huawei.com>
---
Makefile | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/Makefile b/Makefile
index 96c2370..102db9f 100644
--- a/Makefile
+++ b/Makefile
@@ -171,6 +171,11 @@ FORCE:
bin/%: cmd/% FORCE
mkdir -p $(BEP_DIR)
@echo "$(WHALE) $@${BINARY_SUFFIX}"
+ CGO_ENABLED=1 \
+ CGO_CFLAGS="-fstack-protector-strong" \
+ CGO_CPPFLAGS="-fstack-protector-strong" \
+ CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \
+ CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \
go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@${BINARY_SUFFIX} ${GO_LDFLAGS} ${GO_TAGS} ./$<
bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220
--
1.8.3.1
Reference in New Issue View Git Blame Copy Permalink