From cd30c4de10376a7acca086a0f896405922258bbe Mon Sep 17 00:00:00 2001 From: Vanient Date: Mon, 13 Nov 2023 16:46:04 +0800 Subject: [PATCH] runtime: use buildmode pie to build containerd-shim-kata-v2 Signed-off-by: Vanient --- kata-containers.spec | 16 ++++--- ...dmode-pie-to-build-containerd-shim-k.patch | 43 +++++++++++++++++++ runtime/series.conf | 1 + 3 files changed, 55 insertions(+), 5 deletions(-) create mode 100644 runtime/patches/0097-kata-runtime-use-buildmode-pie-to-build-containerd-shim-k.patch diff --git a/kata-containers.spec b/kata-containers.spec index 026bfcc..ee368e1 100644 --- a/kata-containers.spec +++ b/kata-containers.spec @@ -2,7 +2,7 @@ %global debug_package %{nil} %define VERSION v1.11.1 -%define RELEASE 14 +%define RELEASE 15 Name: kata-containers Version: %{VERSION} @@ -92,6 +92,12 @@ install -p -m 640 -D ./runtime/cli/config/configuration-qemu.toml %{buildroot}/u %changelog +* Mon Nov 13 2023 Vanient - v1.11.1-15 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:use buildmode pie to build containerd-shim-kata-v2 + * Mon Sep 12 2022 Vanient - v1.11.1-14 - Type:bugfix - CVE:NA @@ -99,10 +105,10 @@ install -p -m 640 -D ./runtime/cli/config/configuration-qemu.toml %{buildroot}/u - DESC:sync bugfix patches, runtime 0078-0096 agent 0021-0024 * Fri Dec 17 2021 Lichang Zhao - 1.11.1-13 -+- Type:bugfix -+- ID:NA -+- SUG:NA -+- DESC:fix the problem that sandbox stratovirt with network devices fails to start +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix the problem that sandbox stratovirt with network devices fails to start * Fri Dec 17 2021 yangfeiyu - 1.11.1-12 - Type:bugfix diff --git a/runtime/patches/0097-kata-runtime-use-buildmode-pie-to-build-containerd-shim-k.patch b/runtime/patches/0097-kata-runtime-use-buildmode-pie-to-build-containerd-shim-k.patch new file mode 100644 index 0000000..6db7fd4 --- /dev/null +++ b/runtime/patches/0097-kata-runtime-use-buildmode-pie-to-build-containerd-shim-k.patch @@ -0,0 +1,43 @@ +From f1ce24ba789425db87b2a602cdbfe2b5e6169325 Mon Sep 17 00:00:00 2001 +From: Vanient +Date: Mon, 13 Nov 2023 17:21:41 +0800 +Subject: [PATCH] runtime: use buildmode pie to build containerd-shim-kata-v2 + +Signed-off-by: Vanient +--- + Makefile | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/Makefile b/Makefile +index 9957db9..cafa1b9 100644 +--- a/Makefile ++++ b/Makefile +@@ -522,7 +522,7 @@ containerd-shim-v2: $(SHIMV2_OUTPUT) + netmon: $(NETMON_TARGET_OUTPUT) + + $(NETMON_TARGET_OUTPUT): $(SOURCES) VERSION +- $(QUIET_BUILD)(cd $(NETMON_DIR) && \ ++ (cd $(NETMON_DIR) && \ + CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \ + CGO_LDFLAGS_ALLOW="-Wl,-z,relro,-z,now" \ + CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \ +@@ -564,14 +564,14 @@ GENERATED_FILES += $(CLI_DIR)/config-generated.go + GENERATED_FILES += pkg/katautils/config-settings.go + + $(TARGET_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST) | show-summary +- $(QUIET_BUILD)(cd $(CLI_DIR) && \ ++ (cd $(CLI_DIR) && \ + CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \ + CGO_LDFLAGS_ALLOW="-Wl,-z,relro,-z,now" \ + CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \ + go build $(KATA_LDFLAGS) $(BUILDFLAGS) -o $@ -ldflags "-linkmode=external" .) + + $(SHIMV2_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST) +- $(QUIET_BUILD)(cd $(SHIMV2_DIR)/ && go build $(KATA_LDFLAGS) -i -o $@ .) ++ (cd $(SHIMV2_DIR)/ && go build $(KATA_LDFLAGS) $(BUILDFLAGS) -i -o $@ .) + + .PHONY: \ + check \ +-- +2.27.0 + diff --git a/runtime/series.conf b/runtime/series.conf index 02a09e3..9cd7ad7 100644 --- a/runtime/series.conf +++ b/runtime/series.conf @@ -93,3 +93,4 @@ 0094-kata-runtime-fix-update-iface-clean-NIC-cause-route-.patch 0095-kata-runtime-fix-qemu-process-resource-resi.patch 0096-kata-containers-Move-from-query-cpus-to-query-cpus-f.patch +0097-kata-runtime-use-buildmode-pie-to-build-containerd-shim-k.patch