From ce5a6de7443581480f3a7abeb1f425e644fe7432 Mon Sep 17 00:00:00 2001 From: zhongjiawei Date: Fri, 9 Jun 2023 11:30:07 +0800 Subject: [PATCH] runc:modify runc make command to satisfy the compile options (cherry picked from commit e0e4251b85b4e05e8e9a6998bcd30204677923ba) --- git-commit | 2 +- ...-make-command-to-satisfy-the-compile.patch | 43 +++++++++++++++++++ runc.spec | 8 +++- series.conf | 1 + 4 files changed, 52 insertions(+), 2 deletions(-) create mode 100644 patch/0037-runc-modify-runc-make-command-to-satisfy-the-compile.patch diff --git a/git-commit b/git-commit index 01f612a..2f2d04a 100644 --- a/git-commit +++ b/git-commit @@ -1 +1 @@ -5eea4318c9f09e182936b04e4e516c5eae8e020c +1413e5c37e7705de18736dd2c364bf5506855149 diff --git a/patch/0037-runc-modify-runc-make-command-to-satisfy-the-compile.patch b/patch/0037-runc-modify-runc-make-command-to-satisfy-the-compile.patch new file mode 100644 index 0000000..d271f82 --- /dev/null +++ b/patch/0037-runc-modify-runc-make-command-to-satisfy-the-compile.patch @@ -0,0 +1,43 @@ +From e6f2993d5dd72e20728512b8829b5e679b1a26a6 Mon Sep 17 00:00:00 2001 +From: zhongjiawei +Date: Thu, 8 Jun 2023 19:16:45 +0800 +Subject: [PATCH] runc:modify runc make command to satisfy the compile options + +--- + Makefile | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/Makefile b/Makefile +index 34b5347d..564ad70a 100644 +--- a/Makefile ++++ b/Makefile +@@ -25,7 +25,7 @@ ifeq ($(shell $(GO) env GOOS),linux) + endif + GO_BUILD := $(GO) build -trimpath $(GO_BUILDMODE) $(EXTRA_FLAGS) -tags "$(BUILDTAGS)" \ + -ldflags "-X main.gitCommit=$(COMMIT) -X main.version=$(VERSION) $(EXTRA_LDFLAGS)" +-GO_BUILD_STATIC := $(GO) build -trimpath $(EXTRA_FLAGS) -tags "$(BUILDTAGS) static_build cgo netgo osusergo" ++GO_BUILD_STATIC := $(GO) build -buildmode=pie -trimpath $(EXTRA_FLAGS) -tags "$(BUILDTAGS) static_build cgo netgo osusergo" + + GPG_KEYID ?= asarai@suse.de + +@@ -41,7 +41,7 @@ recvtty sd-helper seccompagent: + $(GO_BUILD) $(BEP_FLAG) -buildid=IdByIsula -o contrib/cmd/$@/$@ ./contrib/cmd/$@ + + LD_FLAGS='-buildid=none -tmpdir=/tmp/bep-runc -linkmode=external -extldflags=-Wl,-z,relro,-z,now \ +- -extldflags -static -X main.gitCommit=$(COMMIT) -X main.version=$(VERSION) $(EXTRA_LDFLAGS) \ ++ -X main.gitCommit=$(COMMIT) -X main.version=$(VERSION) $(EXTRA_LDFLAGS) \ + ' + + static: +@@ -51,7 +51,7 @@ static: + CGO_CPPFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \ + CGO_LDFLAGS_ALLOW='-Wl,-z,relro,-z,now' \ + CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \ +- $(GO_BUILD_STATIC) -buildmode=pie -ldflags $(LD_FLAGS) -o runc . ++ $(GO_BUILD_STATIC) -ldflags '-extldflags=-static' -ldflags $(LD_FLAGS) -o runc . + + releaseall: RELEASE_ARGS := "-a arm64 -a armel -a armhf -a ppc64le -a s390x" + releaseall: release +-- +2.33.0 + diff --git a/runc.spec b/runc.spec index 6e7bce9..dd10033 100644 --- a/runc.spec +++ b/runc.spec @@ -3,7 +3,7 @@ Name: docker-runc Version: 1.1.3 -Release: 13 +Release: 14 Summary: runc is a CLI tool for spawning and running containers according to the OCI specification. License: ASL 2.0 @@ -54,6 +54,12 @@ install -p -m 755 runc $RPM_BUILD_ROOT/%{_bindir}/runc %{_bindir}/runc %changelog +* Fri Jun 09 2023 zhongjiawei - 1.1.3-14 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:modify runc make command to satisfy the compile options + * Tue Apr 4 2023 zhongjiawei - 1.1.3-13 - Type:bugfix - CVE:NA diff --git a/series.conf b/series.conf index 6662256..3e12a18 100644 --- a/series.conf +++ b/series.conf @@ -34,3 +34,4 @@ patch/0033-runc-libcontainer-skip-chown-of-dev-null-caused-by-fd-red.patch patch/0034-runc-Fixed-init-state-error-variable.patch patch/0035-runc-rootless-fix-sys-fs-cgroup-mounts.patch patch/0036-runc-Prohibit-proc-and-sys-to-be-symlinks.patch +patch/0037-runc-modify-runc-make-command-to-satisfy-the-compile.patch