runtime: use buildmode pie to build containerd-shim-kata-v2

Signed-off-by: Vanient <xiadanni1@huawei.com>
2023-11-13 16:46:04 +08:00 · 2023-11-13 16:46:04 +08:00 · cd30c4de10
commit cd30c4de10
parent 1c721c5190
3 changed files with 55 additions and 5 deletions
--- a/kata-containers.spec
+++ b/kata-containers.spec
@ -2,7 +2,7 @@
 %global debug_package %{nil}

 %define VERSION v1.11.1
-%define RELEASE 14
+%define RELEASE 15

 Name:           kata-containers
 Version:        %{VERSION}
@ -92,6 +92,12 @@ install -p -m 640 -D ./runtime/cli/config/configuration-qemu.toml %{buildroot}/u


 %changelog
+* Mon Nov 13 2023 Vanient<xiadanni1@huawei.com> - v1.11.1-15
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:use buildmode pie to build containerd-shim-kata-v2
+
 * Mon Sep 12 2022 Vanient<xiadanni1@huawei.com> - v1.11.1-14
 - Type:bugfix
 - CVE:NA
@ -99,10 +105,10 @@ install -p -m 640 -D ./runtime/cli/config/configuration-qemu.toml %{buildroot}/u
 - DESC:sync bugfix patches, runtime 0078-0096 agent 0021-0024

 * Fri Dec 17 2021 Lichang Zhao<zhaolichang@huawei.com> - 1.11.1-13
-+- Type:bugfix
-+- ID:NA
-+- SUG:NA
-+- DESC:fix the problem that sandbox stratovirt with network devices fails to start
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:fix the problem that sandbox stratovirt with network devices fails to start

 * Fri Dec 17 2021 yangfeiyu <yangfeiyu2@huawei.com> - 1.11.1-12
 - Type:bugfix
--- a/runtime/patches/0097-kata-runtime-use-buildmode-pie-to-build-containerd-shim-k.patch
+++ b/runtime/patches/0097-kata-runtime-use-buildmode-pie-to-build-containerd-shim-k.patch
@ -0,0 +1,43 @@
+From f1ce24ba789425db87b2a602cdbfe2b5e6169325 Mon Sep 17 00:00:00 2001
+From: Vanient <xiadanni1@huawei.com>
+Date: Mon, 13 Nov 2023 17:21:41 +0800
+Subject: [PATCH] runtime: use buildmode pie to build containerd-shim-kata-v2
+
+Signed-off-by: Vanient <xiadanni1@huawei.com>
+---
+ Makefile | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 9957db9..cafa1b9 100644
+--- a/Makefile
+++ b/Makefile
+@@ -522,7 +522,7 @@ containerd-shim-v2: $(SHIMV2_OUTPUT)
+ netmon: $(NETMON_TARGET_OUTPUT)
+ 
+ $(NETMON_TARGET_OUTPUT): $(SOURCES) VERSION
+-	$(QUIET_BUILD)(cd $(NETMON_DIR) && \
+	(cd $(NETMON_DIR) && \
+ 	CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \
+ 	CGO_LDFLAGS_ALLOW="-Wl,-z,relro,-z,now" \
+ 	CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \
+@@ -564,14 +564,14 @@ GENERATED_FILES += $(CLI_DIR)/config-generated.go
+ GENERATED_FILES += pkg/katautils/config-settings.go
+ 
+ $(TARGET_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST) | show-summary
+-	$(QUIET_BUILD)(cd $(CLI_DIR) && \
+	(cd $(CLI_DIR) && \
+ 	CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \
+ 	CGO_LDFLAGS_ALLOW="-Wl,-z,relro,-z,now" \
+ 	CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \
+ 	go build $(KATA_LDFLAGS) $(BUILDFLAGS) -o $@ -ldflags "-linkmode=external" .)
+ 
+ $(SHIMV2_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST)
+-	$(QUIET_BUILD)(cd $(SHIMV2_DIR)/ && go build $(KATA_LDFLAGS) -i -o $@ .)
+	(cd $(SHIMV2_DIR)/ && go build $(KATA_LDFLAGS) $(BUILDFLAGS) -i -o $@ .)
+ 
+ .PHONY: \
+ 	check \
+-- 
+2.27.0
+
--- a/runtime/series.conf
+++ b/runtime/series.conf
@ -93,3 +93,4 @@
 0094-kata-runtime-fix-update-iface-clean-NIC-cause-route-.patch
 0095-kata-runtime-fix-qemu-process-resource-resi.patch         
 0096-kata-containers-Move-from-query-cpus-to-query-cpus-f.patch
+0097-kata-runtime-use-buildmode-pie-to-build-containerd-shim-k.patch