From 132bac36689abd19728613b14e3458212fe30c1f Mon Sep 17 00:00:00 2001
From: xingweizheng <xingweizheng@huawei.com>
Date: Tue, 7 Mar 2023 19:51:33 +0800
Subject: [PATCH] add secure compile options

---
 VERSION-openeuler |  2 +-
 WasmEngine.spec   | 17 ++++++++++++++++-
 gen-version.sh    | 10 +++++-----
 git-commit        |  2 +-
 4 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/VERSION-openeuler b/VERSION-openeuler
index 944912a..dfecf3f 100644
--- a/VERSION-openeuler
+++ b/VERSION-openeuler
@@ -1 +1 @@
-0.1.2-1
+0.1.2-4
diff --git a/WasmEngine.spec b/WasmEngine.spec
index aa84f29..954c267 100644
--- a/WasmEngine.spec
+++ b/WasmEngine.spec
@@ -2,7 +2,7 @@
 
 Name:           WasmEngine
 Version:        v0.1.2
-Release:        3
+Release:        4
 Summary:        WasmEngine is a webassembly function engine, which provides high concurrency and sandbox security.
 
 License:        MulanPSL-2.0
@@ -43,8 +43,17 @@ replace-with = "vendored-sources"
 
 [source.vendored-sources]
 directory = "vendor"
+
+[build]
+rustflags = ["-Copt-level=3", "-Cdebuginfo=2", "-Clink-arg=-Wl,-z,relro,-z,now", "-Ccodegen-units=1", "--cap-lints=warn", ]
 EOF
 
+cat .cargo/config
+
+%ifarch aarch64
+sed -i 's/rustflags = \[/&"-Clink-arg=-lgcc", /' ./.cargo/config
+%endif
+
 CARGO_HOME=.cargo cargo build --release
 
 echo "build wasm success"
@@ -60,6 +69,12 @@ rm -rf %{buildroot}
 %attr(550,root,root) %{_bindir}/wasm_engine
 
 %changelog
+* Tue Mar 07 2023 xingweizheng <xingweizheng@huawei.com> - v0.1.2-2
+- Type: bugfix
+- CVE: NA
+- SUG: restart
+- DESC: add secure compile options
+
 * Mon Aug 08 2022 jiangpengfei <jiangpengfei9@huawei.com> - v0.1.2-3
 - Type: bugfix
 - CVE: NA
diff --git a/gen-version.sh b/gen-version.sh
index 9ec6d3e..73bcb7d 100755
--- a/gen-version.sh
+++ b/gen-version.sh
@@ -11,13 +11,13 @@
 # See the Mulan PSL v2 for more details.
 # Author: Xiang Li
 # Create: 2020-05-18
-# Description: This script used for update isula-build version and release. Enjoy and cherrs
+# Description: This script used for update WasmEngine version and release. Enjoy and cherrs
 ###################################################################################################
 
 # Basic info
 top_dir=$(git rev-parse --show-toplevel)
 version_file="${top_dir}/VERSION-openeuler"
-spec_file="${top_dir}/isula-build.spec"
+spec_file="${top_dir}/WasmEngine.spec"
 commit_file=${top_dir}/git-commit
 color=$(tput setaf 2) # red
 color_reset=$(tput sgr0)
@@ -75,13 +75,13 @@ new_version=${major_old_version}.${minor_old_version}.${revision_old_version}
 new_release="${new_release_num}"
 new_all=${new_version}-${new_release_num}
 new_changelog=$(cat << EOF
-* $(date '+%a %b %d %Y') $author <$email> - $new_all\n- Type:\n- CVE:\n- SUG:\n- DESC:\n
+* $(date '+%a %b %d %Y') $author <$email> - v$new_all\n- Type:\n- CVE:\n- SUG:\n- DESC:\n
 EOF
 )
 
 # Replace version and release for spec and VERSION files
-sed -i -e "s/^Version: .*$/Version: ${new_version}/g" "${spec_file}"
-sed -i -e "s/^Release: .*$/Release: ${new_release}/g" "${spec_file}"
+sed -i -e "s/^Version: .*$/Version:        v${new_version}/g" "${spec_file}"
+sed -i -e "s/^Release: .*$/Release:        ${new_release}/g" "${spec_file}"
 sed -i -e "/\%changelog/a$new_changelog" "${spec_file}"
 echo "${new_all}" > "${version_file}"
 
diff --git a/git-commit b/git-commit
index 9ddc646..5d38cc7 100644
--- a/git-commit
+++ b/git-commit
@@ -1 +1 @@
-72af9798974345d587fe8f3ea2c121adc1696651
+adc1bb28a7c07b7ea4e3eb3a6d4becf43392364f
-- 
Gitee