github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-07-04 11:06:21 +00:00
Code Issues Projects Releases Wiki Activity

runtime,netmon: build as Position-Independent-Executable

Browse Source 
Build {runtime,netmon} as Position-Independent-Executable (PIE) for improved
security and compliancy with distros packaging guidelines.

Fixes: #875

Signed-off-by: Marco Vedovati <mvedovati@suse.com>
This commit is contained in:
Marco Vedovati 2018-11-02 16:08:12 +01:00
parent e90dc35e51
commit 658bdb1ecb
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Makefile
View File

@ -225,6 +225,7 @@ USER_VARS += DEFDISABLENESTINGCHECKS
USER_VARS += DEFMSIZE9P USER_VARS += DEFMSIZE9P
USER_VARS += DEFHOTPLUGVFIOONROOTBUS USER_VARS += DEFHOTPLUGVFIOONROOTBUS
USER_VARS += DEFENTROPYSOURCE USER_VARS += DEFENTROPYSOURCE
USER_VARS += BUILDFLAGS
V = @ V = @
@ -237,6 +238,9 @@ QUIET_GENERATE = $(Q:@=@echo ' GENERATE '$@;)
QUIET_INST = $(Q:@=@echo ' INSTALL '$@;) QUIET_INST = $(Q:@=@echo ' INSTALL '$@;)
QUIET_TEST = $(Q:@=@echo ' TEST '$@;) QUIET_TEST = $(Q:@=@echo ' TEST '$@;)
# go build common flags
BUILDFLAGS := -buildmode=pie
# Return non-empty string if specified directory exists # Return non-empty string if specified directory exists
define DIR_EXISTS define DIR_EXISTS
$(shell test -d $(1) && echo "$(1)") $(shell test -d $(1) && echo "$(1)")
@ -252,7 +256,7 @@ all: runtime netmon
netmon: $(NETMON_TARGET_OUTPUT) netmon: $(NETMON_TARGET_OUTPUT)
$(NETMON_TARGET_OUTPUT): $(SOURCES) $(NETMON_TARGET_OUTPUT): $(SOURCES)
$(QUIET_BUILD)(cd $(NETMON_DIR) && go build -i -o $@ -ldflags "-X main.version=$(VERSION)") $(QUIET_BUILD)(cd $(NETMON_DIR) && go build $(BUILDFLAGS) -o $@ -ldflags "-X main.version=$(VERSION)")
runtime: $(TARGET_OUTPUT) $(CONFIG) runtime: $(TARGET_OUTPUT) $(CONFIG)
.DEFAULT: default .DEFAULT: default
@ -359,7 +363,7 @@ $(GENERATED_CONFIG): Makefile VERSION
$(QUIET_GENERATE)echo "$$GENERATED_CODE" >$@ $(QUIET_GENERATE)echo "$$GENERATED_CODE" >$@
$(TARGET_OUTPUT): $(EXTRA_DEPS) $(SOURCES) $(GENERATED_GO_FILES) $(GENERATED_FILES) Makefile | show-summary $(TARGET_OUTPUT): $(EXTRA_DEPS) $(SOURCES) $(GENERATED_GO_FILES) $(GENERATED_FILES) Makefile | show-summary
$(QUIET_BUILD)(cd $(CLI_DIR) && go build -i -o $@ .) $(QUIET_BUILD)(cd $(CLI_DIR) && go build $(BUILDFLAGS) -o $@ .)
.PHONY: \ .PHONY: \
check \ check \