From c13679ce13c0e65dca864e8542a63b9a8a15255f Mon Sep 17 00:00:00 2001 From: dongyuzhen Date: Fri, 6 Jun 2025 18:52:27 +0800 Subject: [PATCH] add compilation options to runtime directory (cherry picked from commit 4a52ce6d27819d567dae12d6ec0a20911b46f659) --- kata-containers.spec | 8 ++- ...ilation-options-to-runtime-directory.patch | 50 +++++++++++++++++++ series.conf | 1 + 3 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 patches/0008-add-compilation-options-to-runtime-directory.patch diff --git a/kata-containers.spec b/kata-containers.spec index caf8dce..9675496 100644 --- a/kata-containers.spec +++ b/kata-containers.spec @@ -2,7 +2,7 @@ %global debug_package %{nil} %define VERSION 3.2.0 -%define RELEASE 6 +%define RELEASE 7 Name: kata-containers Version: %{VERSION} @@ -117,6 +117,12 @@ strip %{buildroot}/usr/bin/containerd-shim-kata-v2 %doc %changelog +* Fri Jun 6 2025 dongyuzhen - 3.2.0-7 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:add compilation options to runtime directory + * Fri Dec 27 2024 laokz - 3.2.0-6 - Type:bugfix - ID:NA diff --git a/patches/0008-add-compilation-options-to-runtime-directory.patch b/patches/0008-add-compilation-options-to-runtime-directory.patch new file mode 100644 index 0000000..94db5a6 --- /dev/null +++ b/patches/0008-add-compilation-options-to-runtime-directory.patch @@ -0,0 +1,50 @@ +From 4e3d132d5cf929115893ae3bd3dcbd5d4e2353ff Mon Sep 17 00:00:00 2001 +From: dongyuzhen +Date: Mon, 9 Jun 2025 16:24:54 +0800 +Subject: [PATCH] add compilation options to runtime directory + +--- + src/runtime/Makefile | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/src/runtime/Makefile b/src/runtime/Makefile +index fb35a2c6..1af1fbe3 100644 +--- a/src/runtime/Makefile ++++ b/src/runtime/Makefile +@@ -756,6 +756,25 @@ endef + + GENERATED_FILES += pkg/katautils/config-settings.go + ++#Define security option compilation function (arguments: $1=directory path, $2=output filename, $3=extra ldflags) ++define BUILD_WITH_SECURITY_OPTS ++ (cd $(1) && \ ++ CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \ ++ CGO_LDFLAGS_ALLOW="-Wl,-z,relro,-z,now" \ ++ CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \ ++ go build $(KATA_LDFLAGS) $(BUILDFLAGS) -o $(2) -ldflags "$(3)" .) ++endef ++ ++ifeq ($(ARCH),arm64) ++$(RUNTIME_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST) | show-summary ++ $(call BUILD_WITH_SECURITY_OPTS,$(RUNTIME_DIR),$@,-linkmode=external) ++ ++$(SHIMV2_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST) ++ $(call BUILD_WITH_SECURITY_OPTS,$(SHIMV2_DIR),$@,-linkmode=external) ++ ++$(MONITOR_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST) .git-commit ++ $(call BUILD_WITH_SECURITY_OPTS,$(MONITOR_DIR),$@,-X 'main.GitCommit=$(shell git rev-parse HEAD)' -linkmode=external) ++else + $(RUNTIME_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST) | show-summary + $(QUIET_BUILD)(cd $(RUNTIME_DIR) && go build -ldflags "$(KATA_LDFLAGS)" $(BUILDFLAGS) -o $@ .) + +@@ -765,6 +784,7 @@ $(SHIMV2_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST) + $(MONITOR_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST) .git-commit + $(QUIET_BUILD)(cd $(MONITOR_DIR)/ && go build \ + --ldflags "-X main.GitCommit=$(shell git rev-parse HEAD)" $(BUILDFLAGS) -o $@ .) ++endif + + .PHONY: \ + check \ +-- +2.43.0 + diff --git a/series.conf b/series.conf index 48859ad..b1be77e 100644 --- a/series.conf +++ b/series.conf @@ -5,3 +5,4 @@ 0005-mount-Reduce-the-mount-points-with-namespace-isolati.patch 0006-Allow-swappiness-to-be-1-as-default.patch 0007-Add-support-for-riscv64-platform.patch +0008-add-compilation-options-to-runtime-directory.patch -- Gitee