rpms / kubernetes

Clone
Source Code
GIT

#11 Add support for PIE and build-ids
Merged 4 months ago by buckaroogeek. Opened 4 months ago by buckaroogeek.
rpms/ buckaroogeek/kubernetes pie  into  rawhide

file modified
+22 -9 
@@ -71,6 +71,7 @@ 
 

  

  # build requirements for kubelet
 

  BuildRequires: golang >= %{golangver}
 

+ BuildRequires: go-rpm-macros
 

  BuildRequires: make
 

  BuildRequires: go-md2man
 

  BuildRequires: systemd
 
@@ -226,18 +227,30 @@ 
 

  export KUBE_GIT_VERSION=v%{version}
 

  export KUBE_EXTRA_GOPATH=$(pwd)/Godeps/_workspace
 

  

- # Use pie buildmode
 

- # export GOFLAGS="-buildmode=pie"
 

+ # macro that executes make all for given cmd argument
 

+ %define makecmd(o:) make all WHAT="cmd/%1" GOLDFLAGS="-B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') $GLINK"
 

+ 

+ # go internal linker does not provide build ids; use
 

+ # KUBE_CGO_OVERRIDES to force external linker; consistent
 

+ # with Fedora go standards
 

+ export KUBE_CGO_OVERRIDES="kube-proxy kubeadm kube-apiserver kube-controller-manager kubelet kube-scheduler kubectl"
 

+ 

+ # Use settings from gobuild macro to populate GOFLAGS and
 

+ # GOLDFLAGS - see Makefile (make help) for more information
 

+ export GOFLAGS="-buildmode=pie -compiler=gc -tags=rpm_crashtraceback${BUILDTAGS:+,}${BUILDTAGS:-}"
 

+ 

+ # define temporary linker options for use in GOLDFLAGS
 

+ GLINK="-compressdwarf=false -linkmode=external -extldflags '%{build_ldflags}'"
 

  

  # Build each binary separately to generate a unique build-id.
 

  # Otherwise: Duplicate build-ids /builddir/build/BUILDROOT/.../usr/bin/kube-apiserver and /builddir/build/BUILDROOT/.../usr/bin/kubeadm
 

- make WHAT="cmd/kube-proxy"
 

- make WHAT="cmd/kube-apiserver"
 

- make WHAT="cmd/kube-controller-manager"
 

- make WHAT="cmd/kubelet"
 

- make WHAT="cmd/kubeadm"
 

- make WHAT="cmd/kube-scheduler"
 

- make WHAT="cmd/kubectl"
 

+ %makecmd kube-proxy
 

+ %makecmd kube-apiserver
 

+ %makecmd kube-controller-manager
 

+ %makecmd kubelet
 

+ %makecmd kubeadm
 

+ %makecmd kube-scheduler
 

+ %makecmd kubectl
 

  

  # Gen docs
 

  make WHAT="cmd/gendocs"

file modified
+22 -9 
@@ -71,6 +71,7 @@ 
 

  

  # build requirements for kubelet
 

  BuildRequires: golang >= %{golangver}
 

+ BuildRequires: go-rpm-macros
 

  BuildRequires: make
 

  BuildRequires: go-md2man
 

  BuildRequires: systemd
 
@@ -226,18 +227,30 @@ 
 

  export KUBE_GIT_VERSION=v%{version}
 

  export KUBE_EXTRA_GOPATH=$(pwd)/Godeps/_workspace
 

  

- # Use pie buildmode
 

- # export GOFLAGS="-buildmode=pie"
 

+ # go internal linker does not provide build ids; use
 

+ # KUBE_CGO_OVERRIDES to force external linker; consistent
 

+ # with Fedora go standards
 

+ export KUBE_CGO_OVERRIDES="kube-proxy kubeadm kube-apiserver kube-controller-manager kubelet kube-scheduler kubectl"
 

+ 

+ # Use settings from gobuild macro to populate GOFLAGS and
 

+ # GOLDFLAGS - see Makefile (make help) for more information
 

+ export GOFLAGS="-buildmode=pie -compiler=gc -tags=rpm_crashtraceback${BUILDTAGS:+,}${BUILDTAGS:-}"
 

+ 

+ # define temporary linker options for use in GOLDFLAGS
 

+ GLINK="-compressdwarf=false -linkmode=external -extldflags '%{build_ldflags}'"
 

+ 

+ # macro that executes make all for given cmd argument
 

+ %define makecmd(o:) make all WHAT="cmd/%1" GOLDFLAGS="-B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') $GLINK"
 

  

  # Build each binary separately to generate a unique build-id.
 

  # Otherwise: Duplicate build-ids /builddir/build/BUILDROOT/.../usr/bin/kube-apiserver and /builddir/build/BUILDROOT/.../usr/bin/kubeadm
 

- make WHAT="cmd/kube-proxy"
 

- make WHAT="cmd/kube-apiserver"
 

- make WHAT="cmd/kube-controller-manager"
 

- make WHAT="cmd/kubelet"
 

- make WHAT="cmd/kubeadm"
 

- make WHAT="cmd/kube-scheduler"
 

- make WHAT="cmd/kubectl"
 

+ %makecmd kube-proxy
 

+ %makecmd kube-apiserver
 

+ %makecmd kube-controller-manager
 

+ %makecmd kubelet
 

+ %makecmd kubeadm
 

+ %makecmd kube-scheduler
 

+ %makecmd kubectl
 

  

  # Gen docs
 

  make WHAT="cmd/gendocs"

Implement support for PIE and build-id for all binaries in these packages. Implemented using information from golang macros and the GOFLAGS and GOLDFLAGS exports that the upstream makefile will use to adjust the local go lang build environment.

Pull-Request has been merged by buckaroogeek
4 months ago

Build succeeded.
https://fedora.softwarefactory-project.io/zuul/buildset/dd20f5967f1f4ec4a3c63d2fec34a3c6
Metadata
None
No Tags
Changes Summary 2
+22 -9
file changed
kubernetes.spec
+22 -9
file changed
template/kubernetes-template.spec
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.