packages/kata-containers
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

kata-containers:optimize compile options

Browse Source 
optimize compile options
fix build error permission denied, do not use -i in pie buildmode

Signed-off-by: Vanient <xiadanni1@huawei.com>
This commit is contained in:
Vanient 2023-11-20 16:29:19 +08:00
parent 9eb61f02d5
commit 8c4df606a2
2 changed files with 17 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
kata-containers.spec
View File

@ -2,7 +2,7 @@
%global debug_package %{nil}
%define VERSION v1.11.1
%define RELEASE 15
%define RELEASE 16
Name: kata-containers
Version: %{VERSION}
@ -92,6 +92,12 @@ install -p -m 640 -D ./runtime/cli/config/configuration-qemu.toml %{buildroot}/u
%changelog
* Mon Nov 20 2023 Vanient<xiadanni1@huawei.com> - v1.11.1-16
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:optimize compile options
* Mon Nov 13 2023 Vanient<xiadanni1@huawei.com> - v1.11.1-15
- Type:bugfix
- CVE:NA

16
runtime/patches/0097-kata-runtime-use-buildmode-pie-to-build-containerd-shim-k.patch
View File

@ -1,15 +1,15 @@
From f1ce24ba789425db87b2a602cdbfe2b5e6169325 Mon Sep 17 00:00:00 2001
From a769423a86b87fe9c1a819e0b6885ff1d2c472fe Mon Sep 17 00:00:00 2001
From: Vanient <xiadanni1@huawei.com>
Date: Mon, 13 Nov 2023 17:21:41 +0800
Subject: [PATCH] runtime: use buildmode pie to build containerd-shim-kata-v2
Signed-off-by: Vanient <xiadanni1@huawei.com>
---
Makefile | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
Makefile | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/Makefile b/Makefile
index 9957db9..cafa1b9 100644
index 9957db9..0d23e24 100644
--- a/Makefile
+++ b/Makefile
@@ -522,7 +522,7 @@ containerd-shim-v2: $(SHIMV2_OUTPUT)
@ -21,7 +21,7 @@ index 9957db9..cafa1b9 100644
CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \
CGO_LDFLAGS_ALLOW="-Wl,-z,relro,-z,now" \
CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \
@@ -564,14 +564,14 @@ GENERATED_FILES += $(CLI_DIR)/config-generated.go
@@ -564,14 +564,18 @@ GENERATED_FILES += $(CLI_DIR)/config-generated.go
GENERATED_FILES += pkg/katautils/config-settings.go
$(TARGET_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST) | show-summary
@ -34,7 +34,11 @@ index 9957db9..cafa1b9 100644
$(SHIMV2_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST)
- $(QUIET_BUILD)(cd $(SHIMV2_DIR)/ && go build $(KATA_LDFLAGS) -i -o $@ .)
+ (cd $(SHIMV2_DIR)/ && go build $(KATA_LDFLAGS) $(BUILDFLAGS) -i -o $@ .)
+ (cd $(SHIMV2_DIR) && \
+ CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \
+ CGO_LDFLAGS_ALLOW="-Wl,-z,relro,-z,now" \
+ CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \
+ go build $(KATA_LDFLAGS) $(BUILDFLAGS) -o $@ -ldflags "-linkmode=external" .)
.PHONY: \
check \