rpm/docker
SHA256
1
0
Fork 0
forked from pool/docker
Code Pull Requests Activity

Accepting request 626441 from home:cyphar:containers:docker_pie

Browse Source 
- Build the client binary with -buildmode=pie to fix issues on POWER.
  bsc#1100727
  + bsc1100727-0001-build-add-buildmode-pie.patch

OBS-URL: https://build.opensuse.org/request/show/626441
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=256
This commit is contained in:
Aleksa Sarai 2018-07-31 05:45:06 +00:00 committed by Git OBS Bridge
parent b7f9caccb8
commit bac0493c26
3 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
bsc1100727-0001-build-add-buildmode-pie.patch Normal file
View File

@ -0,0 +1,29 @@
From d39172ffc6b245f02da1898793ccaef20bb6858a Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Mon, 30 Jul 2018 19:34:01 +1000
Subject: [PATCH] build: add -buildmode=pie
Make all dynbinary builds be position-independent (this adds both
security benefits and can help with flaky builds on POWER
architectures).
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
components/cli/scripts/build/dynbinary | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/components/cli/scripts/build/dynbinary b/components/cli/scripts/build/dynbinary
index 3c32ed342ef7..4feb7e71d852 100755
--- a/components/cli/scripts/build/dynbinary
+++ b/components/cli/scripts/build/dynbinary
@@ -9,6 +9,6 @@ source ./scripts/build/.variables
echo "Building dynamically linked $TARGET"
export CGO_ENABLED=1
-go build -o "${TARGET}" -tags pkcs11 --ldflags "${LDFLAGS}" "${SOURCE}"
+go build -o "${TARGET}" -tags pkcs11 --ldflags "${LDFLAGS}" -buildmode=pie "${SOURCE}"
ln -sf "$(basename "${TARGET}")" build/docker
--
2.18.0

7
docker.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Mon Jul 30 09:44:47 UTC 2018 - asarai@suse.com
- Build the client binary with -buildmode=pie to fix issues on POWER.
bsc#1100727
+ bsc1100727-0001-build-add-buildmode-pie.patch
-------------------------------------------------------------------
Fri Jun 29 08:35:56 UTC 2018 - asarai@suse.com

4
docker.spec
View File

@ -70,6 +70,8 @@ Patch401: bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_
Patch402: bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/37353. bsc#1099277
Patch403: bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
# SUSE-BACKPORT: Backport of https://github.com/docker/cli/pull/1242. bsc#1100727
Patch404: bsc1100727-0001-build-add-buildmode-pie.patch
BuildRequires: audit
BuildRequires: bash-completion
BuildRequires: ca-certificates
@ -202,6 +204,8 @@ Test package for docker. It contains the source code and the tests.
%patch402 -p1
# bsc#1099277
%patch403 -p1
# bsc#1100727
%patch404 -p1
cp %{SOURCE7} .
cp %{SOURCE9} .