From 366abcc52c29700b0defb4d9430a2ae55c4fb535 Mon Sep 17 00:00:00 2001 From: zhongjiawei Date: Wed, 3 Apr 2024 10:40:40 +0800 Subject: [PATCH] containerd:modify Makefile for go build options --- containerd.spec | 8 ++- git-commit | 2 +- ...modify-Makefile-for-go-build-options.patch | 58 +++++++++++++++++++ series.conf | 1 + 4 files changed, 67 insertions(+), 2 deletions(-) create mode 100644 patch/0035-containerd-modify-Makefile-for-go-build-options.patch diff --git a/containerd.spec b/containerd.spec index 30fd3c0..856c33e 100644 --- a/containerd.spec +++ b/containerd.spec @@ -2,7 +2,7 @@ %global debug_package %{nil} Version: 1.6.22 Name: containerd -Release: 10 +Release: 11 Summary: An industry-standard container runtime License: ASL 2.0 URL: https://containerd.io @@ -68,6 +68,12 @@ install -D -p -m 0644 %{S:7} %{buildroot}%{_sysconfdir}/containerd/config.toml %exclude %{_bindir}/containerd-stress %changelog +* Wed Apr 03 2024 zhongjiawei - 1.6.22-11 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:modify Makefile for go build options + * Fri Mar 22 2024 zhongjiawei - 1.6.22-10 - Type:bugfix - ID:NA diff --git a/git-commit b/git-commit index 23e5588..4874ccd 100644 --- a/git-commit +++ b/git-commit @@ -1 +1 @@ -4d153fc0e0ed7a2cf8b54c7de8632cbe7a4281ec +f4a871dc0e393d74c7a8472afe234fa67b854e2e diff --git a/patch/0035-containerd-modify-Makefile-for-go-build-options.patch b/patch/0035-containerd-modify-Makefile-for-go-build-options.patch new file mode 100644 index 0000000..e91d05a --- /dev/null +++ b/patch/0035-containerd-modify-Makefile-for-go-build-options.patch @@ -0,0 +1,58 @@ +From 6986f40b9cb83e0daee2b430382fa686a07f1937 Mon Sep 17 00:00:00 2001 +From: zhongjiawei +Date: Wed, 3 Apr 2024 10:34:31 +0800 +Subject: [PATCH] containerd: modify Makefile for go build options + +--- + Makefile | 18 ++++++++++++++---- + 1 file changed, 14 insertions(+), 4 deletions(-) + +diff --git a/Makefile b/Makefile +index e1e8d7c..b9a2328 100644 +--- a/Makefile ++++ b/Makefile +@@ -97,7 +97,7 @@ GO_TAGS=$(if $(GO_BUILDTAGS),-tags "$(strip $(GO_BUILDTAGS))",) + BEP_DIR=/tmp/containerd-build-bep + BEP_FLAGS=-tmpdir=/tmp/containerd-build-bep + +-GO_LDFLAGS=-ldflags ' -buildid=IdByIsula -extldflags=-zrelro -extldflags=-znow $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) $(EXTRA_LDFLAGS)' ++GO_LDFLAGS=-ldflags ' -buildid=IdByIsula -extldflags=-zrelro -extldflags=-znow $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION)' + SHIM_GO_LDFLAGS=-ldflags '-extldflags=-static' -ldflags '-buildid=IdByIsula $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -linkmode=external -extldflags=-Wl,-z,relro,-z,now' + + # Project packages. +@@ -246,7 +246,7 @@ bin/%: cmd/% FORCE + CGO_CPPFLAGS="-fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2" \ + CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \ + CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \ +- go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@${BINARY_SUFFIX} ${GO_LDFLAGS} ${GO_TAGS} ./$< ++ go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@${BINARY_SUFFIX} ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./$< + + bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 + @echo "$(WHALE) $@" +@@ -259,11 +259,21 @@ bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a sta + + bin/containerd-shim-runc-v1: cmd/containerd-shim-runc-v1 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 + @echo "$(WHALE) $@" +- @CGO_ENABLED=${SHIM_CGO_ENABLED} $(GO) build ${GO_BUILD_FLAGS} -o $@ ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v1 ++ CGO_ENABLED=1 \ ++ CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \ ++ CGO_CPPFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \ ++ CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \ ++ CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \ ++ $(GO) build -buildmode=pie ${GO_BUILD_FLAGS} -o $@ ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v1 + + bin/containerd-shim-runc-v2: cmd/containerd-shim-runc-v2 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 + @echo "$(WHALE) $@" +- @CGO_ENABLED=${SHIM_CGO_ENABLED} $(GO) build ${GO_BUILD_FLAGS} -o $@ ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v2 ++ CGO_ENABLED=1 \ ++ CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \ ++ CGO_CPPFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \ ++ CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \ ++ CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \ ++ $(GO) build -buildmode=pie ${GO_BUILD_FLAGS} -o $@ ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v2 + + binaries: $(BINARIES) ## build binaries + @echo "$(WHALE) $@" +-- +2.33.0 + diff --git a/series.conf b/series.conf index ed23048..5aab0b1 100644 --- a/series.conf +++ b/series.conf @@ -31,3 +31,4 @@ patch/0031-containerd-fix-some-containerd-bug.patch patch/0032-containerd-vendor-golang.org-x-net-v0.17.0.patch patch/0033-containerd-Fix-missing-closed-fifo.patch patch/0034-containerd-disable-Transparent-HugePage-for-shim-pro.patch +patch/0035-containerd-modify-Makefile-for-go-build-options.patch -- Gitee