packages/runc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!80 [sync] PR-79: runc: add CGO security build option

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @Vanient, @duguhaotian 
Signed-off-by: @duguhaotian
This commit is contained in:
openeuler-ci-bot 2022-09-22 10:40:16 +00:00 committed by Gitee
commit c1ead8c4c0
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
4 changed files with 36 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
git-commit
View File

@ -1 +1 @@
efce815f50e77075d10070d724aeec93660630a7 3cd040ca87658befd016fb613b3e9e8ad6a528a6

27
patch/0133-runc-add-CGO-sercuity-build-options.patch Normal file
View File

@ -0,0 +1,27 @@
From 70ec40e866f056f071e3df73e8f82608c9c1b741 Mon Sep 17 00:00:00 2001
From: zhongjiawei <zhongjiawei1@huawei.com>
Date: Thu, 22 Sep 2022 09:31:43 +0800
Subject: [PATCH] runc: add CGO sercuity build options
---
Makefile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Makefile b/Makefile
index 94cf3f8..2f6bb17 100644
--- a/Makefile
+++ b/Makefile
@@ -45,8 +45,8 @@ LD_FLAGS='-w -buildid=none -tmpdir=/tmp/bep-runc -linkmode=external -extldflags=
static: $(SOURCES)
rm -rf /tmp/bep-runc && mkdir /tmp/bep-runc
CGO_ENABLED=1 \
- CGO_CFLAGS="-fstack-protector-strong -fPIE" \
- CGO_CPPFLAGS="-fstack-protector-strong -fPIE" \
+ CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \
+ CGO_CPPFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \
CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \
CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \
go build -buildmode=pie -tags "$(BUILDTAGS) cgo static_build" -ldflags '-extldflags=-static' -ldflags $(LD_FLAGS) -o runc .
--
2.30.0

8
runc-openeuler.spec
View File

@ -4,7 +4,7 @@
Name: docker-runc Name: docker-runc
Version: 1.0.0.rc3 Version: 1.0.0.rc3
Release: 303 Release: 304
Summary: runc is a CLI tool for spawning and running containers according to the OCI specification. Summary: runc is a CLI tool for spawning and running containers according to the OCI specification.
License: ASL 2.0 License: ASL 2.0
@ -53,6 +53,12 @@ install -p -m 755 runc $RPM_BUILD_ROOT/%{_bindir}/runc
%{_bindir}/runc %{_bindir}/runc
%changelog %changelog
* Thu Sep 22 2022 zhongjiawei<zhongjiawei1@huawei.com> - 1.0.0.rc3-304
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:add CGO security build option
* Tue Aug 16 2022 zhongjiawei<zhongjiawei1@huawei.com> - 1.0.0.rc3-303 * Tue Aug 16 2022 zhongjiawei<zhongjiawei1@huawei.com> - 1.0.0.rc3-303
- Type:bugfix - Type:bugfix
- CVE:NA - CVE:NA

1
series.conf
View File

@ -131,4 +131,5 @@ patch/0130-runc-fix-cgroup-info-print-error.patch
patch/0128-runc-fix-CVE-2022-29162.patch patch/0128-runc-fix-CVE-2022-29162.patch
patch/0131-runc-change-Umask-to-0022.patch patch/0131-runc-change-Umask-to-0022.patch
patch/0132-runc-fix-systemd-cgroup-after-memory-type-changed.patch patch/0132-runc-fix-systemd-cgroup-after-memory-type-changed.patch
patch/0133-runc-add-CGO-sercuity-build-options.patch
#end #end