Skip to content

Commit 1e4e8c2

Browse files
neoaggelosneoaggelos
authored
Fix runc builds (#4425)
* revert runc strict patches on latest * do not produce static PIE runc executables on arm64
1 parent 8b3a384 commit 1e4e8c2

File tree

5 files changed

+34
-4
lines changed

5 files changed

+34
-4
lines changed

build-scripts/components/runc/build.sh

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,12 @@
11
#!/bin/bash
22

3+
VERSION="${2}"
4+
35
export INSTALL="${1}/bin"
46
mkdir -p "${INSTALL}"
57

8+
# Ensure `runc --version` prints the correct release commit
9+
export COMMIT="$(git describe --always --long "${VERSION}")"
10+
611
make BUILDTAGS="seccomp apparmor" EXTRA_LDFLAGS="-s -w" static
712
cp runc "${INSTALL}/runc"

build-scripts/components/runc/patches/default/0001-Disable-static-PIE-on-arm64.patch

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
From bcf130f097781d162c0461105a12f4c9f412d3e8 Mon Sep 17 00:00:00 2001
2+
From: Angelos Kolaitis <[email protected]>
3+
Date: Tue, 20 Feb 2024 12:32:27 +0200
4+
Subject: [PATCH] Disable static PIE on arm64
5+
6+
Ubuntu does not currently have the rcrt1.o file on arm64
7+
---
8+
Makefile | 2 +-
9+
1 file changed, 1 insertion(+), 1 deletion(-)
10+
11+
diff --git a/Makefile b/Makefile
12+
index e3af9bc1..b2b07720 100644
13+
--- a/Makefile
14+
+++ b/Makefile
15+
@@ -33,7 +33,7 @@ LDFLAGS_STATIC := -extldflags -static
16+
# Enable static PIE executables on supported platforms.
17+
# This (among the other things) requires libc support (rcrt1.o), which seems
18+
# to be available only for arm64 and amd64 (Debian Bullseye).
19+
-ifneq (,$(filter $(GOARCH),arm64 amd64))
20+
+ifneq (,$(filter $(GOARCH),amd64))
21+
ifeq (,$(findstring -race,$(EXTRA_FLAGS)))
22+
GO_BUILDMODE_STATIC := -buildmode=pie
23+
LDFLAGS_STATIC := -linkmode external -extldflags --static-pie
24+
--
25+
2.34.1

build-scripts/components/runc/strict-patches/0001-apparmor-change-profile-immediately-not-on-exec.patch renamed to build-scripts/components/runc/strict-patches/v1.1.12/0001-apparmor-change-profile-immediately-not-on-exec.patch

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ index 8b1483c..292cfa6 100644
1414
@@ -48,9 +48,9 @@ func setProcAttr(attr, value string) error {
1515
return err
1616
}
17-
17+
1818
-// changeOnExec reimplements aa_change_onexec from libapparmor in Go
1919
-func changeOnExec(name string) error {
2020
- if err := setProcAttr("exec", "exec "+name); err != nil {
@@ -27,9 +27,9 @@ index 8b1483c..292cfa6 100644
2727
@@ -64,5 +64,5 @@ func applyProfile(name string) error {
2828
return nil
2929
}
30-
30+
3131
- return changeOnExec(name)
3232
+ return changeProfile(name)
3333
}
34-
--
35-
2.34.1
34+
--
35+
2.34.1

build-scripts/components/runc/strict-patches/0002-setns_init_linux-set-the-NNP-flag-after-changing-the.patch renamed to build-scripts/components/runc/strict-patches/v1.1.12/0002-setns_init_linux-set-the-NNP-flag-after-changing-the.patch

File renamed without changes.

build-scripts/components/runc/strict-patches/0003-standard_init_linux-change-AppArmor-profile-as-late-.patch renamed to build-scripts/components/runc/strict-patches/v1.1.12/0003-standard_init_linux-change-AppArmor-profile-as-late-.patch

File renamed without changes.

0 commit comments

Comments
 (0)