diff --git a/containerd.spec b/containerd.spec index 86eb9fec9ee307c9e26a996d3727cedd988bc9ee..b414c54283a40ca2ca795536474b719a1146b275 100644 --- a/containerd.spec +++ b/containerd.spec @@ -2,7 +2,7 @@ %global debug_package %{nil} Version: 1.6.22 Name: containerd -Release: 11 +Release: 12 Summary: An industry-standard container runtime License: ASL 2.0 URL: https://containerd.io @@ -68,6 +68,12 @@ install -D -p -m 0644 %{S:7} %{buildroot}%{_sysconfdir}/containerd/config.toml %exclude %{_bindir}/containerd-stress %changelog +* Mon Apr 07 2024 zhongjiawei - 1.6.22-12 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:modify Makefile for go build options + * Thu Mar 21 2024 tiberium - 1.6.22-11 - Type:bugfix - ID:NA diff --git a/git-commit b/git-commit index 23e55888262a7f57dba29a527285cedd7686268d..18344d5b6e4c845bb54da0f6ca7f4ca02464ebb1 100644 --- a/git-commit +++ b/git-commit @@ -1 +1 @@ -4d153fc0e0ed7a2cf8b54c7de8632cbe7a4281ec +bb347b1bec7ed8dc34c91ee87dde406691c5080e diff --git a/patch/0035-containerd-modify-Makefile-for-go-build-options.patch b/patch/0035-containerd-modify-Makefile-for-go-build-options.patch new file mode 100644 index 0000000000000000000000000000000000000000..7f84e06b2fa2f204155d2290fa1d8f89c330365f --- /dev/null +++ b/patch/0035-containerd-modify-Makefile-for-go-build-options.patch @@ -0,0 +1,62 @@ +From 9683e5c946c3f72aaa13822e485b17197f5e3ff7 Mon Sep 17 00:00:00 2001 +From: zhongjiawei +Date: Sun, 7 Apr 2024 09:54:07 +0800 +Subject: [PATCH] =?UTF-8?q?containerd=EF=BC=9Amodify=20Makefile=20for=20go?= + =?UTF-8?q?=20build=20options?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +--- + Makefile | 18 ++++++++++++++---- + 1 file changed, 14 insertions(+), 4 deletions(-) + +diff --git a/Makefile b/Makefile +index 8bf9530..9d3b3e5 100644 +--- a/Makefile ++++ b/Makefile +@@ -97,7 +97,7 @@ GO_TAGS=$(if $(GO_BUILDTAGS),-tags "$(strip $(GO_BUILDTAGS))",) + BEP_DIR=/tmp/containerd-build-bep + BEP_FLAGS=-tmpdir=/tmp/containerd-build-bep + +-GO_LDFLAGS=-ldflags ' -buildid=IdByIsula -extldflags=-Wl,-z,relro,-z,now $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) $(EXTRA_LDFLAGS)' ++GO_LDFLAGS=-ldflags ' -buildid=IdByIsula -extldflags=-Wl,-z,relro,-z,now $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION)' + SHIM_GO_LDFLAGS=-ldflags '-extldflags=-static' -ldflags '-buildid=IdByIsula $(BEP_FLAGS) -X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -linkmode=external -extldflags=-Wl,-z,relro,-z,now' + + # Project packages. +@@ -246,7 +246,7 @@ bin/%: cmd/% FORCE + CGO_CPPFLAGS="-fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2" \ + CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \ + CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \ +- go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@${BINARY_SUFFIX} ${GO_LDFLAGS} ${GO_TAGS} ./$< ++ go build ${GO_GCFLAGS} ${GO_BUILD_FLAGS} -o $@${BINARY_SUFFIX} ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./$< + + bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 + @echo "$(WHALE) $@" +@@ -259,11 +259,21 @@ bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a sta + + bin/containerd-shim-runc-v1: cmd/containerd-shim-runc-v1 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 + @echo "$(WHALE) $@" +- @CGO_ENABLED=${SHIM_CGO_ENABLED} $(GO) build ${GO_BUILD_FLAGS} -o $@ ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v1 ++ CGO_ENABLED=1 \ ++ CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \ ++ CGO_CPPFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \ ++ CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \ ++ CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \ ++ $(GO) build -buildmode=pie ${GO_BUILD_FLAGS} -o $@ ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v1 + + bin/containerd-shim-runc-v2: cmd/containerd-shim-runc-v2 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220 + @echo "$(WHALE) $@" +- @CGO_ENABLED=${SHIM_CGO_ENABLED} $(GO) build ${GO_BUILD_FLAGS} -o $@ ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v2 ++ CGO_ENABLED=1 \ ++ CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \ ++ CGO_CPPFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \ ++ CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \ ++ CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \ ++ $(GO) build -buildmode=pie ${GO_BUILD_FLAGS} -o $@ ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v2 + + binaries: $(BINARIES) ## build binaries + @echo "$(WHALE) $@" +-- +2.33.0 + diff --git a/series.conf b/series.conf index ed2304883d2976d301ae4239fdbf8d1c0af0674e..5aab0b1c74682cbe0caf5728ce813597b4262e1f 100644 --- a/series.conf +++ b/series.conf @@ -31,3 +31,4 @@ patch/0031-containerd-fix-some-containerd-bug.patch patch/0032-containerd-vendor-golang.org-x-net-v0.17.0.patch patch/0033-containerd-Fix-missing-closed-fifo.patch patch/0034-containerd-disable-Transparent-HugePage-for-shim-pro.patch +patch/0035-containerd-modify-Makefile-for-go-build-options.patch