From 8c4df606a2afcec331465dc689fcd137af2f5ff8 Mon Sep 17 00:00:00 2001
From: Vanient <xiadanni1@huawei.com>
Date: Mon, 20 Nov 2023 16:29:19 +0800
Subject: [PATCH] kata-containers:optimize compile options

optimize compile options
fix build error permission denied, do not use -i in pie buildmode

Signed-off-by: Vanient <xiadanni1@huawei.com>
---
 kata-containers.spec                             |  8 +++++++-
 ...uildmode-pie-to-build-containerd-shim-k.patch | 16 ++++++++++------
 2 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/kata-containers.spec b/kata-containers.spec
index ee368e1..b5f7f69 100644
--- a/kata-containers.spec
+++ b/kata-containers.spec
@@ -2,7 +2,7 @@
 %global debug_package %{nil}
 
 %define VERSION v1.11.1
-%define RELEASE 15
+%define RELEASE 16
 
 Name:           kata-containers
 Version:        %{VERSION}
@@ -92,6 +92,12 @@ install -p -m 640 -D ./runtime/cli/config/configuration-qemu.toml %{buildroot}/u
 
 
 %changelog
+* Mon Nov 20 2023 Vanient<xiadanni1@huawei.com> - v1.11.1-16
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:optimize compile options
+
 * Mon Nov 13 2023 Vanient<xiadanni1@huawei.com> - v1.11.1-15
 - Type:bugfix
 - CVE:NA
diff --git a/runtime/patches/0097-kata-runtime-use-buildmode-pie-to-build-containerd-shim-k.patch b/runtime/patches/0097-kata-runtime-use-buildmode-pie-to-build-containerd-shim-k.patch
index 6db7fd4..c3d0f48 100644
--- a/runtime/patches/0097-kata-runtime-use-buildmode-pie-to-build-containerd-shim-k.patch
+++ b/runtime/patches/0097-kata-runtime-use-buildmode-pie-to-build-containerd-shim-k.patch
@@ -1,15 +1,15 @@
-From f1ce24ba789425db87b2a602cdbfe2b5e6169325 Mon Sep 17 00:00:00 2001
+From a769423a86b87fe9c1a819e0b6885ff1d2c472fe Mon Sep 17 00:00:00 2001
 From: Vanient <xiadanni1@huawei.com>
 Date: Mon, 13 Nov 2023 17:21:41 +0800
 Subject: [PATCH] runtime: use buildmode pie to build containerd-shim-kata-v2
 
 Signed-off-by: Vanient <xiadanni1@huawei.com>
 ---
- Makefile | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
+ Makefile | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
 
 diff --git a/Makefile b/Makefile
-index 9957db9..cafa1b9 100644
+index 9957db9..0d23e24 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -522,7 +522,7 @@ containerd-shim-v2: $(SHIMV2_OUTPUT)
@@ -21,7 +21,7 @@ index 9957db9..cafa1b9 100644
  	CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \
  	CGO_LDFLAGS_ALLOW="-Wl,-z,relro,-z,now" \
  	CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \
-@@ -564,14 +564,14 @@ GENERATED_FILES += $(CLI_DIR)/config-generated.go
+@@ -564,14 +564,18 @@ GENERATED_FILES += $(CLI_DIR)/config-generated.go
  GENERATED_FILES += pkg/katautils/config-settings.go
  
  $(TARGET_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST) | show-summary
@@ -34,7 +34,11 @@ index 9957db9..cafa1b9 100644
  
  $(SHIMV2_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST)
 -	$(QUIET_BUILD)(cd $(SHIMV2_DIR)/ && go build $(KATA_LDFLAGS) -i -o $@ .)
-+	(cd $(SHIMV2_DIR)/ && go build $(KATA_LDFLAGS) $(BUILDFLAGS) -i -o $@ .)
++	(cd $(SHIMV2_DIR) && \
++	CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \
++	CGO_LDFLAGS_ALLOW="-Wl,-z,relro,-z,now" \
++	CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \
++	go build $(KATA_LDFLAGS) $(BUILDFLAGS) -o $@ -ldflags "-linkmode=external" .)
  
  .PHONY: \
  	check \
-- 
Gitee