From a67f03379878273c7c174cfebafd763b53822305 Mon Sep 17 00:00:00 2001
From: mzzhou <1362843687@qq.com>
Date: Mon, 10 Jul 2023 22:00:14 +0800
Subject: [PATCH] add secure compile macro

---
 0034-add-secure-compile-marco.patch | 65 +++++++++++++++++++++++++++++
 lxc.spec                            |  9 +++-
 2 files changed, 73 insertions(+), 1 deletion(-)
 create mode 100644 0034-add-secure-compile-marco.patch

diff --git a/0034-add-secure-compile-marco.patch b/0034-add-secure-compile-marco.patch
new file mode 100644
index 0000000..f6a2ed2
--- /dev/null
+++ b/0034-add-secure-compile-marco.patch
@@ -0,0 +1,65 @@
+From 728d921b36f07833470a284a55cbfea4baaab268 Mon Sep 17 00:00:00 2001
+From: mzzhou <1362843687@qq.com>
+Date: Mon, 10 Jul 2023 21:28:10 +0800
+Subject: [PATCH] add secure compile marco
+
+---
+ configure.ac        | 20 ++++++++++++++++++++
+ src/lxc/Makefile.am |  6 +++++-
+ 2 files changed, 25 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 2180586..e66bdf1 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -837,10 +837,30 @@ if test "x$adapt_isulad" = "xyes"; then
+ 	AC_DEFINE([HAVE_ISULAD], 1, [adapt to iSulad])
+ 	AC_MSG_RESULT([yes])
+ 
++	AC_MSG_CHECKING([Whether enable secure compile])
++	AC_ARG_ENABLE([secure-compile],
++		[AC_HELP_STRING([--enable-secure-compile], [enable secure compile [default=no]])],
++		[secure_compile=$enableval], [secure_compile=yes])
++	AM_CONDITIONAL([HAVE_SECURE_COMPILE], [test "x$secure_compile" = "xyes"])
++	AC_DEFINE([HAVE_SECURE_COMPILE], 1, [enable secure compile])
++	AC_MSG_RESULT([yes])
++
+ 	# Check yajl
+ 	PKG_CHECK_MODULES([YAJL], [yajl >= 2],[],[AC_MSG_ERROR([You must install yajl >= 2])])
+ else
+ 	AC_MSG_RESULT([no])
++
++	AC_MSG_CHECKING([Whether enable secure compile])
++	AC_ARG_ENABLE([secure-compile],
++		[AC_HELP_STRING([--enable-secure-compile], [enable secure compile [default=no]])],
++		[secure_compile=$enableval], [secure_compile=yes])
++	AM_CONDITIONAL([HAVE_SECURE_COMPILE], [test "x$secure_compile" = "xyes"])
++	if test "x$secure_compile" = "xyes"; then
++		AC_DEFINE([HAVE_SECURE_COMPILE], 1, [enable secure compile])
++		AC_MSG_RESULT([yes])
++	else
++		AC_MSG_RESULT([no])
++	fi
+ fi
+ 
+ # Files requiring some variable expansion
+diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am
+index 61a229f..c1d20f6 100644
+--- a/src/lxc/Makefile.am
++++ b/src/lxc/Makefile.am
+@@ -292,7 +292,11 @@ liblxc_la_LDFLAGS = -pthread \
+ 		    -version-info @LXC_ABI_MAJOR@
+ 
+ if HAVE_ISULAD
+-liblxc_la_LDFLAGS += @YAJL_LIBS@ -Wl,-z,relro \
++liblxc_la_LDFLAGS += @YAJL_LIBS@
++endif
++
++if HAVE_SECURE_COMPILE
++liblxc_la_LDFLAGS += -Wl,-z,relro \
+ 		    -Wl,-z,now \
+ 		    -Wl,-z,noexecstack
+ endif
+-- 
+2.41.0.windows.2
+
diff --git a/lxc.spec b/lxc.spec
index 44ead75..013d402 100644
--- a/lxc.spec
+++ b/lxc.spec
@@ -1,4 +1,4 @@
-%global _release 2022102420
+%global _release 2022102421
 
 Name:           lxc
 Version:        4.0.3
@@ -41,6 +41,7 @@ Patch0030:	0030-remove-unused-meminfo-stats.patch
 Patch0031:	0031-lxc-attach-Fix-lost-return-codes-of-spawned-processe.patch
 Patch0032:	0032-fix-load-bpf-failed.patch
 Patch0033:	0033-fix-mount-device-path-incorrect.patch
+Patch0034:	0034-add-secure-compile-macro.patch
 
 BuildRequires:  systemd-units git libtool graphviz docbook2X doxygen chrpath
 BuildRequires:  pkgconfig(libseccomp)
@@ -227,6 +228,12 @@ rm -rf %{buildroot}%{_sysconfdir}/default/%{name}
 %endif
 
 %changelog
+* Mon Jul 10 2023 mzzhou<1362843687@qq.com> - 4.0.3-2022102421
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC: add secure compile macro
+
 * Fri Jun 16 2023 zhangxiaoyu<zhangxiaoyu58@huawei.com> - 4.0.3-2022102420
 - Type:bugfix
 - ID:NA
-- 
Gitee