From 4d9de00e2b446a2fdc3f800d3f2a0cfaa1f696d2 Mon Sep 17 00:00:00 2001 From: Bradley G Smith Date: Feb 23 2024 21:56:23 +0000 Subject: Resolve PIE and missing build-id error messages Long standing rpmlint (fedpkg lint) error messages concerning the lack of PIE and missing build-ids are resolved. Syntax from %gobuildid macro combined with information from upstream makefile and golang code base resulted in the use of GOFLAGS export for the compiler and GOLDFLAGS export for the external linker. Binaries in these rpms are in much better conformance with fedora standards. --- diff --git a/kubernetes.spec b/kubernetes.spec index cb5e06b..9a54c07 100644 --- a/kubernetes.spec +++ b/kubernetes.spec @@ -9,11 +9,6 @@ %global debug_package %{nil} %endif -# macro that executes make all for given cmd argument -%define makecmd(o:) %{expand: - make all WHAT="cmd/%1" GOLDFLAGS="-B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') $GLINK" -} - %global provider github %global provider_tld com %global owner kubernetes @@ -232,6 +227,9 @@ export KUBE_GIT_TREE_STATE="clean" export KUBE_GIT_VERSION=v%{version} export KUBE_EXTRA_GOPATH=$(pwd)/Godeps/_workspace +# macro that executes make all for given cmd argument +%define makecmd(o:) make all WHAT="cmd/%1" GOLDFLAGS="-B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') $GLINK" + # go internal linker does not provide build ids; use # KUBE_CGO_OVERRIDES to force external linker; consistent # with Fedora go standards @@ -239,26 +237,20 @@ export KUBE_CGO_OVERRIDES="kube-proxy kubeadm kube-apiserver kube-controller-man # Use settings from gobuild macro to populate GOFLAGS and # GOLDFLAGS - see Makefile (make help) for more information -# export GOFLAGS="% { gobuildflags }" - -# GBUILD="-buildmode=pie -compiler=gc -tags=rpm_crashtraceback" export GOFLAGS="-buildmode=pie -compiler=gc -tags=rpm_crashtraceback${BUILDTAGS:+,}${BUILDTAGS:-}" +# define temporary linker options for use in GOLDFLAGS GLINK="-compressdwarf=false -linkmode=external -extldflags '%{build_ldflags}'" -# -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -# -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -# -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1'" - # Build each binary separately to generate a unique build-id. # Otherwise: Duplicate build-ids /builddir/build/BUILDROOT/.../usr/bin/kube-apiserver and /builddir/build/BUILDROOT/.../usr/bin/kubeadm -make WHAT="cmd/kube-proxy" GOLDFLAGS="$GLINK -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n')" -make WHAT="cmd/kube-apiserver" GOLDFLAGS="$GLINK -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n')" -make WHAT="cmd/kube-controller-manager" GOLDFLAGS="$GLINK -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n')" -make WHAT="cmd/kubelet" GOLDFLAGS="$GLINK -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n')" -make WHAT="cmd/kubeadm" GOLDFLAGS="$GLINK -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n')" -make WHAT="cmd/kube-scheduler" GOLDFLAGS="$GLINK -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n')" -make WHAT="cmd/kubectl" GOLDFLAGS="$GLINK -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n')" +%makecmd kube-proxy +%makecmd kube-apiserver +%makecmd kube-controller-manager +%makecmd kubelet +%makecmd kubeadm +%makecmd kube-scheduler +%makecmd kubectl # Gen docs make WHAT="cmd/gendocs" diff --git a/template/kubernetes-template.spec b/template/kubernetes-template.spec index 9847879..ce0e5fb 100644 --- a/template/kubernetes-template.spec +++ b/template/kubernetes-template.spec @@ -71,6 +71,7 @@ Patch3: build-with-debug-info.patch # build requirements for kubelet BuildRequires: golang >= %{golangver} +BuildRequires: go-rpm-macros BuildRequires: make BuildRequires: go-md2man BuildRequires: systemd @@ -226,18 +227,30 @@ export KUBE_GIT_TREE_STATE="clean" export KUBE_GIT_VERSION=v%{version} export KUBE_EXTRA_GOPATH=$(pwd)/Godeps/_workspace -# Use pie buildmode -# export GOFLAGS="-buildmode=pie" +# go internal linker does not provide build ids; use +# KUBE_CGO_OVERRIDES to force external linker; consistent +# with Fedora go standards +export KUBE_CGO_OVERRIDES="kube-proxy kubeadm kube-apiserver kube-controller-manager kubelet kube-scheduler kubectl" + +# Use settings from gobuild macro to populate GOFLAGS and +# GOLDFLAGS - see Makefile (make help) for more information +export GOFLAGS="-buildmode=pie -compiler=gc -tags=rpm_crashtraceback${BUILDTAGS:+,}${BUILDTAGS:-}" + +# define temporary linker options for use in GOLDFLAGS +GLINK="-compressdwarf=false -linkmode=external -extldflags '%{build_ldflags}'" + +# macro that executes make all for given cmd argument +%define makecmd(o:) make all WHAT="cmd/%1" GOLDFLAGS="-B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') $GLINK" # Build each binary separately to generate a unique build-id. # Otherwise: Duplicate build-ids /builddir/build/BUILDROOT/.../usr/bin/kube-apiserver and /builddir/build/BUILDROOT/.../usr/bin/kubeadm -make WHAT="cmd/kube-proxy" -make WHAT="cmd/kube-apiserver" -make WHAT="cmd/kube-controller-manager" -make WHAT="cmd/kubelet" -make WHAT="cmd/kubeadm" -make WHAT="cmd/kube-scheduler" -make WHAT="cmd/kubectl" +%makecmd kube-proxy +%makecmd kube-apiserver +%makecmd kube-controller-manager +%makecmd kubelet +%makecmd kubeadm +%makecmd kube-scheduler +%makecmd kubectl # Gen docs make WHAT="cmd/gendocs"