diff --git a/bsc1100727-0001-build-add-buildmode-pie.patch b/bsc1100727-0001-build-add-buildmode-pie.patch new file mode 100644 index 0000000..61b1505 --- /dev/null +++ b/bsc1100727-0001-build-add-buildmode-pie.patch @@ -0,0 +1,29 @@ +From d39172ffc6b245f02da1898793ccaef20bb6858a Mon Sep 17 00:00:00 2001 +From: Aleksa Sarai +Date: Mon, 30 Jul 2018 19:34:01 +1000 +Subject: [PATCH] build: add -buildmode=pie + +Make all dynbinary builds be position-independent (this adds both +security benefits and can help with flaky builds on POWER +architectures). + +Signed-off-by: Aleksa Sarai +--- + components/cli/scripts/build/dynbinary | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/components/cli/scripts/build/dynbinary b/components/cli/scripts/build/dynbinary +index 3c32ed342ef7..4feb7e71d852 100755 +--- a/components/cli/scripts/build/dynbinary ++++ b/components/cli/scripts/build/dynbinary +@@ -9,6 +9,6 @@ source ./scripts/build/.variables + + echo "Building dynamically linked $TARGET" + export CGO_ENABLED=1 +-go build -o "${TARGET}" -tags pkcs11 --ldflags "${LDFLAGS}" "${SOURCE}" ++go build -o "${TARGET}" -tags pkcs11 --ldflags "${LDFLAGS}" -buildmode=pie "${SOURCE}" + + ln -sf "$(basename "${TARGET}")" build/docker +-- +2.18.0 + diff --git a/docker.changes b/docker.changes index 03b9b30..96803d4 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Jul 30 09:44:47 UTC 2018 - asarai@suse.com + +- Build the client binary with -buildmode=pie to fix issues on POWER. + bsc#1100727 + + bsc1100727-0001-build-add-buildmode-pie.patch + ------------------------------------------------------------------- Fri Jun 29 08:35:56 UTC 2018 - asarai@suse.com diff --git a/docker.spec b/docker.spec index 762dbb9..dd6857f 100644 --- a/docker.spec +++ b/docker.spec @@ -70,6 +70,8 @@ Patch401: bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_ Patch402: bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch # SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/37353. bsc#1099277 Patch403: bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch +# SUSE-BACKPORT: Backport of https://github.com/docker/cli/pull/1242. bsc#1100727 +Patch404: bsc1100727-0001-build-add-buildmode-pie.patch BuildRequires: audit BuildRequires: bash-completion BuildRequires: ca-certificates @@ -202,6 +204,8 @@ Test package for docker. It contains the source code and the tests. %patch402 -p1 # bsc#1099277 %patch403 -p1 +# bsc#1100727 +%patch404 -p1 cp %{SOURCE7} . cp %{SOURCE9} .