From e5cbee4500453efb9393b5c621e276fe06c6a395 Mon Sep 17 00:00:00 2001
From: wk333 <13474090681@163.com>
Date: Fri, 3 Mar 2023 11:07:27 +0800
Subject: [PATCH] Add PIE,BIND_NOW,RELRO secure compilation options

---
 k3s-containerd.spec | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/k3s-containerd.spec b/k3s-containerd.spec
index dad2672..9c9f7a8 100644
--- a/k3s-containerd.spec
+++ b/k3s-containerd.spec
@@ -3,7 +3,7 @@
 %global version_suffix k3s1
 Version:        1.6.6
 Name:           k3s-containerd
-Release:        3
+Release:        4
 Summary:        An industry-standard container runtime
 License:        Apache-2.0
 URL:            https://github.com/k3s-io/containerd
@@ -53,7 +53,7 @@ VERSIONFLAGS="
 TAGS="apparmor seccomp netgo osusergo providerless urfave_cli_no_docs"
 LDFLAGS=" -w -s"
 CGO_ENABLED=1 go build -tags "$TAGS" -ldflags "$VERSIONFLAGS $LDFLAGS" -o k3s-containerd/bin ./cmd/containerd
-CGO_ENABLED=1 go build -tags "$TAGS" -ldflags "$VERSIONFLAGS $LDFLAGS" -o k3s-containerd/bin ./cmd/containerd-shim-runc-v2
+CGO_ENABLED=1 go build -buildmode=pie -tags "$TAGS" -ldflags "$VERSIONFLAGS $LDFLAGS -linkmode=external -extldflags '-Wl,-z,relro -Wl,-z,now'" -o k3s-containerd/bin ./cmd/containerd-shim-runc-v2
 
 %install
 install -d -p %{buildroot}%{_libexecdir}/containerd/
@@ -68,6 +68,9 @@ cp -rf %{_builddir}/containerd-%{version}-%{version_suffix}/. %{buildroot}%{_lib
 
 
 %changelog
+* Fri Mar 03 2023 wangkai <wangkai385@h-partners.com> - 1.6.6-k3s1-4
+- Add PIE,BIND_NOW,RELRO secure compilation options
+
 * Wed Aug 03 2022 liukuo <liukuo@kylinos.cn> - 1.6.6-k3s1-3
 - License compliance rectification
 
-- 
Gitee