From 245e640e629357d76583f252432d64bfb6d4805b Mon Sep 17 00:00:00 2001 From: dongyuzhen Date: Tue, 18 Nov 2025 16:56:47 +0800 Subject: [PATCH] fix the missing secure compilation option (cherry picked from commit f7901231b6527f75c0534b1e0ea49c74bdb4f64b) --- kata-containers.spec | 8 +++- ...he-missing-secure-compilation-option.patch | 42 +++++++++++++++++++ series.conf | 1 + 3 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 patches/0012-fix-the-missing-secure-compilation-option.patch diff --git a/kata-containers.spec b/kata-containers.spec index b5fa382..8189ee8 100644 --- a/kata-containers.spec +++ b/kata-containers.spec @@ -2,7 +2,7 @@ %global debug_package %{nil} %define VERSION 3.2.0 -%define RELEASE 11 +%define RELEASE 12 Name: kata-containers Version: %{VERSION} @@ -139,6 +139,12 @@ strip %{buildroot}/usr/bin/containerd-shim-kata-v2 %doc %changelog +* Tue Nov 18 2025 dongyuzhen - 3.2.0-12 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix the missing secure compilation option + * Fri Sep 12 2025 dongyuzhen - 3.2.0-11 - Type:enhancement - ID:NA diff --git a/patches/0012-fix-the-missing-secure-compilation-option.patch b/patches/0012-fix-the-missing-secure-compilation-option.patch new file mode 100644 index 0000000..3350012 --- /dev/null +++ b/patches/0012-fix-the-missing-secure-compilation-option.patch @@ -0,0 +1,42 @@ +From 79e37561b96a01084b5381f9c416742d2c0bb243 Mon Sep 17 00:00:00 2001 +From: dongyuzhen +Date: Tue, 18 Nov 2025 16:49:04 +0800 +Subject: [PATCH] fix the missing secure compilation option + +--- + src/runtime/Makefile | 12 ------------ + 1 file changed, 12 deletions(-) + +diff --git a/src/runtime/Makefile b/src/runtime/Makefile +index 1af1fbe..db71e8d 100644 +--- a/src/runtime/Makefile ++++ b/src/runtime/Makefile +@@ -765,7 +765,6 @@ define BUILD_WITH_SECURITY_OPTS + go build $(KATA_LDFLAGS) $(BUILDFLAGS) -o $(2) -ldflags "$(3)" .) + endef + +-ifeq ($(ARCH),arm64) + $(RUNTIME_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST) | show-summary + $(call BUILD_WITH_SECURITY_OPTS,$(RUNTIME_DIR),$@,-linkmode=external) + +@@ -774,17 +773,6 @@ $(SHIMV2_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST) + + $(MONITOR_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST) .git-commit + $(call BUILD_WITH_SECURITY_OPTS,$(MONITOR_DIR),$@,-X 'main.GitCommit=$(shell git rev-parse HEAD)' -linkmode=external) +-else +-$(RUNTIME_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST) | show-summary +- $(QUIET_BUILD)(cd $(RUNTIME_DIR) && go build -ldflags "$(KATA_LDFLAGS)" $(BUILDFLAGS) -o $@ .) +- +-$(SHIMV2_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST) +- $(QUIET_BUILD)(cd $(SHIMV2_DIR)/ && go build -ldflags "$(KATA_LDFLAGS)" $(BUILDFLAGS) -o $@ .) +- +-$(MONITOR_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST) .git-commit +- $(QUIET_BUILD)(cd $(MONITOR_DIR)/ && go build \ +- --ldflags "-X main.GitCommit=$(shell git rev-parse HEAD)" $(BUILDFLAGS) -o $@ .) +-endif + + .PHONY: \ + check \ +-- +2.43.0 + diff --git a/series.conf b/series.conf index 661113a..21ef96e 100644 --- a/series.conf +++ b/series.conf @@ -7,3 +7,4 @@ 0007-Add-support-for-riscv64-platform.patch 0008-add-compilation-options-to-runtime-directory.patch 0009-kata-runtime-9p-use-cache-none.patch +0012-fix-the-missing-secure-compilation-option.patch -- Gitee