From 4f68cbcb8890a06b94ad3db81bd003ba359d61e7 Mon Sep 17 00:00:00 2001 From: Aditya Dubey <110563293+Adub17030MS@users.noreply.github.com> Date: Fri, 6 Sep 2024 14:50:02 -0700 Subject: [PATCH 01/21] Update containerized-data-importer.spec --- .../containerized-data-importer.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/SPECS/containerized-data-importer/containerized-data-importer.spec b/SPECS/containerized-data-importer/containerized-data-importer.spec index 207bff5baa7..bdf582fc150 100644 --- a/SPECS/containerized-data-importer/containerized-data-importer.spec +++ b/SPECS/containerized-data-importer/containerized-data-importer.spec @@ -18,7 +18,7 @@ Summary: Container native virtualization Name: containerized-data-importer Version: 1.57.0 -Release: 4%{?dist} +Release: 5%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -156,6 +156,7 @@ install -p -m 0755 _out/cmd/cdi-uploadproxy/cdi-uploadproxy %{buildroot}%{_bindi install -p -m 0755 _out/cmd/cdi-uploadserver/cdi-uploadserver %{buildroot}%{_bindir}/virt-cdi-uploadserver install -p -m 0755 _out/tools/cdi-containerimage-server/cdi-containerimage-server %{buildroot}%{_bindir}/cdi-containerimage-server +install -p -m 0755 _out/tools/cdi-containerimage-server/cdi-containerimage-server /shared/server install -p -m 0755 _out/tools/cdi-image-size-detection/cdi-image-size-detection %{buildroot}%{_bindir}/cdi-image-size-detection @@ -191,6 +192,7 @@ install -m 0644 _out/manifests/release/cdi-cr.yaml %{buildroot}%{_datadir}/cdi/m %{_bindir}/cdi-containerimage-server %{_bindir}/cdi-image-size-detection %{_bindir}/cdi-source-update-poller +/shared/server %files operator %license LICENSE @@ -217,6 +219,9 @@ install -m 0644 _out/manifests/release/cdi-cr.yaml %{buildroot}%{_datadir}/cdi/m %{_datadir}/cdi/manifests %changelog +* Fri Sep 06 2024 Aditya Dubey - 1.57.0-5 +- Copying cdi-containerimage-server binary to /shared/server location + * Fri Jul 19 2024 Aditya Dubey - 1.57.0-4 - Building cdi tool binaries within package build From 6d5392c4d6185d8ee51ece8f0b6d8ef3fd89573e Mon Sep 17 00:00:00 2001 From: Aditya Dubey <110563293+Adub17030MS@users.noreply.github.com> Date: Fri, 6 Sep 2024 15:47:45 -0700 Subject: [PATCH 02/21] Update containerized-data-importer.spec --- .../containerized-data-importer.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SPECS/containerized-data-importer/containerized-data-importer.spec b/SPECS/containerized-data-importer/containerized-data-importer.spec index bdf582fc150..56202ffdcd6 100644 --- a/SPECS/containerized-data-importer/containerized-data-importer.spec +++ b/SPECS/containerized-data-importer/containerized-data-importer.spec @@ -156,7 +156,7 @@ install -p -m 0755 _out/cmd/cdi-uploadproxy/cdi-uploadproxy %{buildroot}%{_bindi install -p -m 0755 _out/cmd/cdi-uploadserver/cdi-uploadserver %{buildroot}%{_bindir}/virt-cdi-uploadserver install -p -m 0755 _out/tools/cdi-containerimage-server/cdi-containerimage-server %{buildroot}%{_bindir}/cdi-containerimage-server -install -p -m 0755 _out/tools/cdi-containerimage-server/cdi-containerimage-server /shared/server +install -p -m 0755 _out/tools/cdi-containerimage-server/cdi-containerimage-server %{buildroot}/shared/server install -p -m 0755 _out/tools/cdi-image-size-detection/cdi-image-size-detection %{buildroot}%{_bindir}/cdi-image-size-detection @@ -192,7 +192,7 @@ install -m 0644 _out/manifests/release/cdi-cr.yaml %{buildroot}%{_datadir}/cdi/m %{_bindir}/cdi-containerimage-server %{_bindir}/cdi-image-size-detection %{_bindir}/cdi-source-update-poller -/shared/server +%{buildroot}/shared/server %files operator %license LICENSE From 4de32d7c39cd4d11bec62294bed7b6ff1803a06d Mon Sep 17 00:00:00 2001 From: Aditya Dubey <110563293+Adub17030MS@users.noreply.github.com> Date: Mon, 9 Sep 2024 13:10:02 -0700 Subject: [PATCH 03/21] adding mkdir command --- .../containerized-data-importer/containerized-data-importer.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/SPECS/containerized-data-importer/containerized-data-importer.spec b/SPECS/containerized-data-importer/containerized-data-importer.spec index 56202ffdcd6..3e1d760d5ee 100644 --- a/SPECS/containerized-data-importer/containerized-data-importer.spec +++ b/SPECS/containerized-data-importer/containerized-data-importer.spec @@ -156,6 +156,7 @@ install -p -m 0755 _out/cmd/cdi-uploadproxy/cdi-uploadproxy %{buildroot}%{_bindi install -p -m 0755 _out/cmd/cdi-uploadserver/cdi-uploadserver %{buildroot}%{_bindir}/virt-cdi-uploadserver install -p -m 0755 _out/tools/cdi-containerimage-server/cdi-containerimage-server %{buildroot}%{_bindir}/cdi-containerimage-server +mkdir -p %{buildroot}/shared/server install -p -m 0755 _out/tools/cdi-containerimage-server/cdi-containerimage-server %{buildroot}/shared/server install -p -m 0755 _out/tools/cdi-image-size-detection/cdi-image-size-detection %{buildroot}%{_bindir}/cdi-image-size-detection From 46d1196c0f7dc971c0c77ac5de307a10068e6847 Mon Sep 17 00:00:00 2001 From: Aditya Dubey <110563293+Adub17030MS@users.noreply.github.com> Date: Mon, 9 Sep 2024 13:23:04 -0700 Subject: [PATCH 04/21] Update containerized-data-importer.spec --- .../containerized-data-importer.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SPECS/containerized-data-importer/containerized-data-importer.spec b/SPECS/containerized-data-importer/containerized-data-importer.spec index 3e1d760d5ee..a91e1c5d6d6 100644 --- a/SPECS/containerized-data-importer/containerized-data-importer.spec +++ b/SPECS/containerized-data-importer/containerized-data-importer.spec @@ -156,7 +156,7 @@ install -p -m 0755 _out/cmd/cdi-uploadproxy/cdi-uploadproxy %{buildroot}%{_bindi install -p -m 0755 _out/cmd/cdi-uploadserver/cdi-uploadserver %{buildroot}%{_bindir}/virt-cdi-uploadserver install -p -m 0755 _out/tools/cdi-containerimage-server/cdi-containerimage-server %{buildroot}%{_bindir}/cdi-containerimage-server -mkdir -p %{buildroot}/shared/server +mkdir -p %{buildroot}/shared install -p -m 0755 _out/tools/cdi-containerimage-server/cdi-containerimage-server %{buildroot}/shared/server install -p -m 0755 _out/tools/cdi-image-size-detection/cdi-image-size-detection %{buildroot}%{_bindir}/cdi-image-size-detection From 1c30053806d4baa7edda4da411c95e1d14e4929f Mon Sep 17 00:00:00 2001 From: Aditya Dubey <110563293+Adub17030MS@users.noreply.github.com> Date: Mon, 9 Sep 2024 13:32:16 -0700 Subject: [PATCH 05/21] Update containerized-data-importer.spec --- .../containerized-data-importer.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SPECS/containerized-data-importer/containerized-data-importer.spec b/SPECS/containerized-data-importer/containerized-data-importer.spec index a91e1c5d6d6..52bf084720b 100644 --- a/SPECS/containerized-data-importer/containerized-data-importer.spec +++ b/SPECS/containerized-data-importer/containerized-data-importer.spec @@ -193,7 +193,7 @@ install -m 0644 _out/manifests/release/cdi-cr.yaml %{buildroot}%{_datadir}/cdi/m %{_bindir}/cdi-containerimage-server %{_bindir}/cdi-image-size-detection %{_bindir}/cdi-source-update-poller -%{buildroot}/shared/server +/shared/server %files operator %license LICENSE From 9735f899c39818ebd40c45cb93f83d13628a28cf Mon Sep 17 00:00:00 2001 From: Aditya Dubey <110563293+Adub17030MS@users.noreply.github.com> Date: Tue, 15 Oct 2024 16:58:14 -0700 Subject: [PATCH 06/21] attempting to statically build binary --- .../containerized-data-importer.spec | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/SPECS/containerized-data-importer/containerized-data-importer.spec b/SPECS/containerized-data-importer/containerized-data-importer.spec index 52bf084720b..74a4e9c266d 100644 --- a/SPECS/containerized-data-importer/containerized-data-importer.spec +++ b/SPECS/containerized-data-importer/containerized-data-importer.spec @@ -114,6 +114,7 @@ tar --strip-components=1 -xf %{SOURCE0} %build +export GO_EXTLINK_ENABLED=0 export GOPATH=%{_builddir}/go export GOFLAGS+="-buildmode=pie -mod=vendor" env \ @@ -121,6 +122,7 @@ CDI_SOURCE_DATE_EPOCH="$(date -r LICENSE +%s)" \ CDI_GIT_COMMIT='v%{version}' \ CDI_GIT_VERSION='v%{version}' \ CDI_GIT_TREE_STATE="clean" \ +CGO_ENABLED=0 \ ./hack/build/build-go.sh build \ cmd/cdi-apiserver \ cmd/cdi-cloner \ @@ -156,8 +158,6 @@ install -p -m 0755 _out/cmd/cdi-uploadproxy/cdi-uploadproxy %{buildroot}%{_bindi install -p -m 0755 _out/cmd/cdi-uploadserver/cdi-uploadserver %{buildroot}%{_bindir}/virt-cdi-uploadserver install -p -m 0755 _out/tools/cdi-containerimage-server/cdi-containerimage-server %{buildroot}%{_bindir}/cdi-containerimage-server -mkdir -p %{buildroot}/shared -install -p -m 0755 _out/tools/cdi-containerimage-server/cdi-containerimage-server %{buildroot}/shared/server install -p -m 0755 _out/tools/cdi-image-size-detection/cdi-image-size-detection %{buildroot}%{_bindir}/cdi-image-size-detection @@ -193,7 +193,6 @@ install -m 0644 _out/manifests/release/cdi-cr.yaml %{buildroot}%{_datadir}/cdi/m %{_bindir}/cdi-containerimage-server %{_bindir}/cdi-image-size-detection %{_bindir}/cdi-source-update-poller -/shared/server %files operator %license LICENSE @@ -221,7 +220,7 @@ install -m 0644 _out/manifests/release/cdi-cr.yaml %{buildroot}%{_datadir}/cdi/m %changelog * Fri Sep 06 2024 Aditya Dubey - 1.57.0-5 -- Copying cdi-containerimage-server binary to /shared/server location +- Statically building binaries * Fri Jul 19 2024 Aditya Dubey - 1.57.0-4 - Building cdi tool binaries within package build From fe0a2e1e03bfd8e8f0126d8ca7715aecf0e1b6a4 Mon Sep 17 00:00:00 2001 From: Aditya Dubey <110563293+Adub17030MS@users.noreply.github.com> Date: Wed, 16 Oct 2024 16:12:14 -0700 Subject: [PATCH 07/21] revert changes --- .../containerized-data-importer.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/SPECS/containerized-data-importer/containerized-data-importer.spec b/SPECS/containerized-data-importer/containerized-data-importer.spec index 74a4e9c266d..98193d50ddf 100644 --- a/SPECS/containerized-data-importer/containerized-data-importer.spec +++ b/SPECS/containerized-data-importer/containerized-data-importer.spec @@ -114,7 +114,6 @@ tar --strip-components=1 -xf %{SOURCE0} %build -export GO_EXTLINK_ENABLED=0 export GOPATH=%{_builddir}/go export GOFLAGS+="-buildmode=pie -mod=vendor" env \ @@ -122,7 +121,6 @@ CDI_SOURCE_DATE_EPOCH="$(date -r LICENSE +%s)" \ CDI_GIT_COMMIT='v%{version}' \ CDI_GIT_VERSION='v%{version}' \ CDI_GIT_TREE_STATE="clean" \ -CGO_ENABLED=0 \ ./hack/build/build-go.sh build \ cmd/cdi-apiserver \ cmd/cdi-cloner \ From f5cc252de397f016f04939e7cf8aa7931d58ff3b Mon Sep 17 00:00:00 2001 From: Aditya Dubey <110563293+Adub17030MS@users.noreply.github.com> Date: Wed, 16 Oct 2024 16:17:17 -0700 Subject: [PATCH 08/21] Create allow-static-build.patch --- .../allow-static-build.patch | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 SPECS/containerized-data-importer/allow-static-build.patch diff --git a/SPECS/containerized-data-importer/allow-static-build.patch b/SPECS/containerized-data-importer/allow-static-build.patch new file mode 100644 index 00000000000..46fb7abd9cd --- /dev/null +++ b/SPECS/containerized-data-importer/allow-static-build.patch @@ -0,0 +1,13 @@ +diff --git a/hack/build/build-go.sh b/hack/build/build-go.sh +index 9ab28a434..d89b07762 100755 +--- a/hack/build/build-go.sh ++++ b/hack/build/build-go.sh +@@ -61,7 +61,7 @@ elif [ "${go_opt}" == "build" ]; then + ( + cd $tgt + # Only build executables for linux +- GOOS=linux go build -o ${outFile} -tags strictfipsruntime -ldflags '-extldflags $static_flag' -ldflags "$(cdi::version::ldflags)" ++ GOOS=linux go build -o ${outFile} -tags netgo,strictfipsruntime -ldflags '-extldflags $static_flag' -ldflags "$(cdi::version::ldflags)" + + ln -sf ${outFile} ${outLink} + ) From 3a2ca74416ebe03da7d5def16448867a35b3b70d Mon Sep 17 00:00:00 2001 From: Aditya Dubey <110563293+Adub17030MS@users.noreply.github.com> Date: Wed, 16 Oct 2024 16:19:32 -0700 Subject: [PATCH 09/21] add patch file to spec --- .../containerized-data-importer/containerized-data-importer.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/SPECS/containerized-data-importer/containerized-data-importer.spec b/SPECS/containerized-data-importer/containerized-data-importer.spec index 98193d50ddf..d55a8d6f64f 100644 --- a/SPECS/containerized-data-importer/containerized-data-importer.spec +++ b/SPECS/containerized-data-importer/containerized-data-importer.spec @@ -27,6 +27,7 @@ URL: https://github.com/kubevirt/containerized-data-importer Source0: https://github.com/kubevirt/containerized-data-importer/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Patch0: CVE-2024-3727.patch Patch1: CVE-2022-2879.patch +Patch2: allow-static-build.patch BuildRequires: golang BuildRequires: golang-packaging BuildRequires: libnbd-devel From 6f89bec571bc685fc0adafc9a6bb3c3b2d512536 Mon Sep 17 00:00:00 2001 From: Aditya Dubey <110563293+Adub17030MS@users.noreply.github.com> Date: Mon, 21 Oct 2024 12:23:19 -0700 Subject: [PATCH 10/21] adding CGO_ENABLED=0 --- SPECS/containerized-data-importer/allow-static-build.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SPECS/containerized-data-importer/allow-static-build.patch b/SPECS/containerized-data-importer/allow-static-build.patch index 46fb7abd9cd..1f443958495 100644 --- a/SPECS/containerized-data-importer/allow-static-build.patch +++ b/SPECS/containerized-data-importer/allow-static-build.patch @@ -7,7 +7,7 @@ index 9ab28a434..d89b07762 100755 cd $tgt # Only build executables for linux - GOOS=linux go build -o ${outFile} -tags strictfipsruntime -ldflags '-extldflags $static_flag' -ldflags "$(cdi::version::ldflags)" -+ GOOS=linux go build -o ${outFile} -tags netgo,strictfipsruntime -ldflags '-extldflags $static_flag' -ldflags "$(cdi::version::ldflags)" ++ GOOS=linux CGO_ENABLED=0 go build -o ${outFile} -tags strictfipsruntime -ldflags '-extldflags $static_flag' -ldflags "$(cdi::version::ldflags)" ln -sf ${outFile} ${outLink} ) From 0d50d8f789fc03a73e4d469e0d4a1788cbff5cdb Mon Sep 17 00:00:00 2001 From: Aditya Dubey <110563293+Adub17030MS@users.noreply.github.com> Date: Mon, 21 Oct 2024 12:37:28 -0700 Subject: [PATCH 11/21] Update allow-static-build.patch --- SPECS/containerized-data-importer/allow-static-build.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SPECS/containerized-data-importer/allow-static-build.patch b/SPECS/containerized-data-importer/allow-static-build.patch index 1f443958495..2ad3af0b0de 100644 --- a/SPECS/containerized-data-importer/allow-static-build.patch +++ b/SPECS/containerized-data-importer/allow-static-build.patch @@ -7,7 +7,7 @@ index 9ab28a434..d89b07762 100755 cd $tgt # Only build executables for linux - GOOS=linux go build -o ${outFile} -tags strictfipsruntime -ldflags '-extldflags $static_flag' -ldflags "$(cdi::version::ldflags)" -+ GOOS=linux CGO_ENABLED=0 go build -o ${outFile} -tags strictfipsruntime -ldflags '-extldflags $static_flag' -ldflags "$(cdi::version::ldflags)" ++ GOOS=linux go build -o ${outFile} -tags strictfipsruntime -ldflags '-extldflags $static_flag' -ldflags "$(cdi::version::ldflags)" ln -sf ${outFile} ${outLink} ) From 932a519018db0606733bde0d9e2366ffbf6a0e09 Mon Sep 17 00:00:00 2001 From: Aditya Dubey <110563293+Adub17030MS@users.noreply.github.com> Date: Mon, 21 Oct 2024 12:38:52 -0700 Subject: [PATCH 12/21] Update containerized-data-importer.spec --- .../containerized-data-importer.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/SPECS/containerized-data-importer/containerized-data-importer.spec b/SPECS/containerized-data-importer/containerized-data-importer.spec index d55a8d6f64f..393e3b85025 100644 --- a/SPECS/containerized-data-importer/containerized-data-importer.spec +++ b/SPECS/containerized-data-importer/containerized-data-importer.spec @@ -130,12 +130,15 @@ CDI_GIT_TREE_STATE="clean" \ cmd/cdi-uploadproxy \ cmd/cdi-uploadserver \ cmd/cdi-operator \ - tools/cdi-containerimage-server \ tools/cdi-image-size-detection \ tools/cdi-source-update-poller \ tools/csv-generator \ %{nil} +export GO_EXTLINK_ENABLED=0 +CGO_ENABLED=0 ./hack/build/build-go.sh build tools/cdi-containerimage-server + + ./hack/build/build-manifests.sh %install From f2f38ef19e9cfc0120254026a035c4e5f4a469b0 Mon Sep 17 00:00:00 2001 From: Aditya Dubey <110563293+Adub17030MS@users.noreply.github.com> Date: Mon, 21 Oct 2024 15:00:48 -0700 Subject: [PATCH 13/21] Update containerized-data-importer.spec --- .../containerized-data-importer.spec | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/SPECS/containerized-data-importer/containerized-data-importer.spec b/SPECS/containerized-data-importer/containerized-data-importer.spec index 393e3b85025..d17f4e6e389 100644 --- a/SPECS/containerized-data-importer/containerized-data-importer.spec +++ b/SPECS/containerized-data-importer/containerized-data-importer.spec @@ -117,6 +117,9 @@ tar --strip-components=1 -xf %{SOURCE0} export GOPATH=%{_builddir}/go export GOFLAGS+="-buildmode=pie -mod=vendor" + +CGO_ENABLED=0 ./hack/build/build-go.sh build tools/cdi-containerimage-server + env \ CDI_SOURCE_DATE_EPOCH="$(date -r LICENSE +%s)" \ CDI_GIT_COMMIT='v%{version}' \ @@ -135,10 +138,6 @@ CDI_GIT_TREE_STATE="clean" \ tools/csv-generator \ %{nil} -export GO_EXTLINK_ENABLED=0 -CGO_ENABLED=0 ./hack/build/build-go.sh build tools/cdi-containerimage-server - - ./hack/build/build-manifests.sh %install From 7447e99183ae84f971419c4e248ed9c9671a7104 Mon Sep 17 00:00:00 2001 From: Aditya Dubey <110563293+Adub17030MS@users.noreply.github.com> Date: Mon, 21 Oct 2024 15:02:17 -0700 Subject: [PATCH 14/21] Update containerized-data-importer.spec --- .../containerized-data-importer.spec | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/SPECS/containerized-data-importer/containerized-data-importer.spec b/SPECS/containerized-data-importer/containerized-data-importer.spec index d17f4e6e389..8ab81d5eda5 100644 --- a/SPECS/containerized-data-importer/containerized-data-importer.spec +++ b/SPECS/containerized-data-importer/containerized-data-importer.spec @@ -117,15 +117,12 @@ tar --strip-components=1 -xf %{SOURCE0} export GOPATH=%{_builddir}/go export GOFLAGS+="-buildmode=pie -mod=vendor" - -CGO_ENABLED=0 ./hack/build/build-go.sh build tools/cdi-containerimage-server - env \ CDI_SOURCE_DATE_EPOCH="$(date -r LICENSE +%s)" \ CDI_GIT_COMMIT='v%{version}' \ CDI_GIT_VERSION='v%{version}' \ CDI_GIT_TREE_STATE="clean" \ -./hack/build/build-go.sh build \ +CGO_ENABLED=0 ./hack/build/build-go.sh build \ cmd/cdi-apiserver \ cmd/cdi-cloner \ cmd/cdi-controller \ @@ -133,6 +130,7 @@ CDI_GIT_TREE_STATE="clean" \ cmd/cdi-uploadproxy \ cmd/cdi-uploadserver \ cmd/cdi-operator \ + tools/cdi-containerimage-server \ tools/cdi-image-size-detection \ tools/cdi-source-update-poller \ tools/csv-generator \ From e0ac90d827df0752f963fc121d16abb7ccdcc976 Mon Sep 17 00:00:00 2001 From: Aditya Dubey <110563293+Adub17030MS@users.noreply.github.com> Date: Mon, 21 Oct 2024 15:27:53 -0700 Subject: [PATCH 15/21] Update containerized-data-importer.spec --- .../containerized-data-importer.spec | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/SPECS/containerized-data-importer/containerized-data-importer.spec b/SPECS/containerized-data-importer/containerized-data-importer.spec index 8ab81d5eda5..ebf57af74ef 100644 --- a/SPECS/containerized-data-importer/containerized-data-importer.spec +++ b/SPECS/containerized-data-importer/containerized-data-importer.spec @@ -122,7 +122,7 @@ CDI_SOURCE_DATE_EPOCH="$(date -r LICENSE +%s)" \ CDI_GIT_COMMIT='v%{version}' \ CDI_GIT_VERSION='v%{version}' \ CDI_GIT_TREE_STATE="clean" \ -CGO_ENABLED=0 ./hack/build/build-go.sh build \ +./hack/build/build-go.sh build \ cmd/cdi-apiserver \ cmd/cdi-cloner \ cmd/cdi-controller \ @@ -135,7 +135,15 @@ CGO_ENABLED=0 ./hack/build/build-go.sh build \ tools/cdi-source-update-poller \ tools/csv-generator \ %{nil} - + +env \ +CDI_SOURCE_DATE_EPOCH="$(date -r LICENSE +%s)" \ +CDI_GIT_COMMIT='v%{version}' \ +CDI_GIT_VERSION='v%{version}' \ +CDI_GIT_TREE_STATE="clean" \ +CGO_ENABLED=0 ./hack/build/build-go.sh build tools/cdi-containerimage-server \ + %{nil} + ./hack/build/build-manifests.sh %install From da5c93753839b7a796cb0295b093b4ef2ff4a81a Mon Sep 17 00:00:00 2001 From: Aditya Dubey <110563293+Adub17030MS@users.noreply.github.com> Date: Mon, 21 Oct 2024 17:01:33 -0700 Subject: [PATCH 16/21] Update containerized-data-importer.spec --- .../containerized-data-importer.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/SPECS/containerized-data-importer/containerized-data-importer.spec b/SPECS/containerized-data-importer/containerized-data-importer.spec index ebf57af74ef..df96a20811a 100644 --- a/SPECS/containerized-data-importer/containerized-data-importer.spec +++ b/SPECS/containerized-data-importer/containerized-data-importer.spec @@ -135,7 +135,9 @@ CDI_GIT_TREE_STATE="clean" \ tools/cdi-source-update-poller \ tools/csv-generator \ %{nil} - + +echo $CGO_ENABLED +echo $(cdi::version::ldflags) env \ CDI_SOURCE_DATE_EPOCH="$(date -r LICENSE +%s)" \ CDI_GIT_COMMIT='v%{version}' \ @@ -143,6 +145,7 @@ CDI_GIT_VERSION='v%{version}' \ CDI_GIT_TREE_STATE="clean" \ CGO_ENABLED=0 ./hack/build/build-go.sh build tools/cdi-containerimage-server \ %{nil} +echo $static_flag ./hack/build/build-manifests.sh From 916ea563280d96eff729f18f75b45eae6f798ac9 Mon Sep 17 00:00:00 2001 From: Aditya Dubey <110563293+Adub17030MS@users.noreply.github.com> Date: Mon, 21 Oct 2024 17:37:51 -0700 Subject: [PATCH 17/21] Update allow-static-build.patch --- SPECS/containerized-data-importer/allow-static-build.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SPECS/containerized-data-importer/allow-static-build.patch b/SPECS/containerized-data-importer/allow-static-build.patch index 2ad3af0b0de..16e992e261e 100644 --- a/SPECS/containerized-data-importer/allow-static-build.patch +++ b/SPECS/containerized-data-importer/allow-static-build.patch @@ -7,7 +7,7 @@ index 9ab28a434..d89b07762 100755 cd $tgt # Only build executables for linux - GOOS=linux go build -o ${outFile} -tags strictfipsruntime -ldflags '-extldflags $static_flag' -ldflags "$(cdi::version::ldflags)" -+ GOOS=linux go build -o ${outFile} -tags strictfipsruntime -ldflags '-extldflags $static_flag' -ldflags "$(cdi::version::ldflags)" ++ GOOS=linux go build -o ${outFile} -tags osusergo,netgo,strictfipsruntime -ldflags '-extldflags=-static' -ldflags "$(cdi::version::ldflags)" ln -sf ${outFile} ${outLink} ) From a99cc5f0bf170bf525149b90eb9714e1335a78f2 Mon Sep 17 00:00:00 2001 From: Aditya Dubey <110563293+Adub17030MS@users.noreply.github.com> Date: Tue, 22 Oct 2024 11:29:00 -0700 Subject: [PATCH 18/21] adding new build format --- .../allow-static-build.patch | 13 ++--- .../containerized-data-importer.spec | 52 ++++++++----------- 2 files changed, 29 insertions(+), 36 deletions(-) diff --git a/SPECS/containerized-data-importer/allow-static-build.patch b/SPECS/containerized-data-importer/allow-static-build.patch index 16e992e261e..44661a975b2 100644 --- a/SPECS/containerized-data-importer/allow-static-build.patch +++ b/SPECS/containerized-data-importer/allow-static-build.patch @@ -1,13 +1,14 @@ diff --git a/hack/build/build-go.sh b/hack/build/build-go.sh -index 9ab28a434..d89b07762 100755 +index 9ab28a434..d03e23ebe 100755 --- a/hack/build/build-go.sh +++ b/hack/build/build-go.sh -@@ -61,7 +61,7 @@ elif [ "${go_opt}" == "build" ]; then +@@ -61,6 +61,9 @@ elif [ "${go_opt}" == "build" ]; then ( cd $tgt # Only build executables for linux -- GOOS=linux go build -o ${outFile} -tags strictfipsruntime -ldflags '-extldflags $static_flag' -ldflags "$(cdi::version::ldflags)" -+ GOOS=linux go build -o ${outFile} -tags osusergo,netgo,strictfipsruntime -ldflags '-extldflags=-static' -ldflags "$(cdi::version::ldflags)" ++ echo $CGO_ENABLED ++ echo $(cdi::version::ldflags) ++ echo $static_flag + GOOS=linux go build -o ${outFile} -tags strictfipsruntime -ldflags '-extldflags $static_flag' -ldflags "$(cdi::version::ldflags)" - ln -sf ${outFile} ${outLink} - ) + ln -sf ${outFile} ${outLink} \ No newline at end of file diff --git a/SPECS/containerized-data-importer/containerized-data-importer.spec b/SPECS/containerized-data-importer/containerized-data-importer.spec index df96a20811a..e1d22906539 100644 --- a/SPECS/containerized-data-importer/containerized-data-importer.spec +++ b/SPECS/containerized-data-importer/containerized-data-importer.spec @@ -116,36 +116,28 @@ tar --strip-components=1 -xf %{SOURCE0} %build export GOPATH=%{_builddir}/go -export GOFLAGS+="-buildmode=pie -mod=vendor" -env \ -CDI_SOURCE_DATE_EPOCH="$(date -r LICENSE +%s)" \ -CDI_GIT_COMMIT='v%{version}' \ -CDI_GIT_VERSION='v%{version}' \ -CDI_GIT_TREE_STATE="clean" \ -./hack/build/build-go.sh build \ - cmd/cdi-apiserver \ - cmd/cdi-cloner \ - cmd/cdi-controller \ - cmd/cdi-importer \ - cmd/cdi-uploadproxy \ - cmd/cdi-uploadserver \ - cmd/cdi-operator \ - tools/cdi-containerimage-server \ - tools/cdi-image-size-detection \ - tools/cdi-source-update-poller \ - tools/csv-generator \ - %{nil} - -echo $CGO_ENABLED -echo $(cdi::version::ldflags) -env \ -CDI_SOURCE_DATE_EPOCH="$(date -r LICENSE +%s)" \ -CDI_GIT_COMMIT='v%{version}' \ -CDI_GIT_VERSION='v%{version}' \ -CDI_GIT_TREE_STATE="clean" \ -CGO_ENABLED=0 ./hack/build/build-go.sh build tools/cdi-containerimage-server \ - %{nil} -echo $static_flag +export GOFLAGS="-mod=vendor" +export CDI_SOURCE_DATE_EPOCH="$(date -r LICENSE +%s)" +export CDI_GIT_COMMIT='v%{version}' +export CDI_GIT_VERSION='v%{version}' +export CDI_GIT_TREE_STATE="clean" + +GOFLAGS="-buildmode=pie ${GOFLAGS}" ./hack/build/build-go.sh build \ + cmd/cdi-apiserver \ + cmd/cdi-cloner \ + cmd/cdi-controller \ + cmd/cdi-importer \ + cmd/cdi-uploadproxy \ + cmd/cdi-uploadserver \ + cmd/cdi-operator \ + tools/cdi-image-size-detection \ + tools/cdi-source-update-poller \ + %{nil} + +# Disable cgo to build static binaries, so they can run on scratch images +CGO_ENABLED=0 ./hack/build/build-go.sh build \ + tools/cdi-containerimage-server \ + %{nil} ./hack/build/build-manifests.sh From a382dcb744147e8d0fddff4d14047cf5a0cab279 Mon Sep 17 00:00:00 2001 From: Aditya Dubey <110563293+Adub17030MS@users.noreply.github.com> Date: Tue, 22 Oct 2024 11:42:02 -0700 Subject: [PATCH 19/21] patch fix --- .../allow-static-build.patch | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/SPECS/containerized-data-importer/allow-static-build.patch b/SPECS/containerized-data-importer/allow-static-build.patch index 44661a975b2..dad21a97419 100644 --- a/SPECS/containerized-data-importer/allow-static-build.patch +++ b/SPECS/containerized-data-importer/allow-static-build.patch @@ -1,12 +1,16 @@ diff --git a/hack/build/build-go.sh b/hack/build/build-go.sh -index 9ab28a434..d03e23ebe 100755 +index 9ab28a434..b8ab48d48 100755 --- a/hack/build/build-go.sh +++ b/hack/build/build-go.sh -@@ -61,6 +61,9 @@ elif [ "${go_opt}" == "build" ]; then +@@ -57,10 +57,13 @@ elif [ "${go_opt}" == "build" ]; then + static_flag="" + if [ "$tgt" == "tools/cdi-containerimage-server" ]; then + static_flag="static" ++ echo $CGO_ENABLED + fi ( cd $tgt # Only build executables for linux -+ echo $CGO_ENABLED + echo $(cdi::version::ldflags) + echo $static_flag GOOS=linux go build -o ${outFile} -tags strictfipsruntime -ldflags '-extldflags $static_flag' -ldflags "$(cdi::version::ldflags)" From a7e57c9784829cabd3ebe769d7c02c88610bf7d4 Mon Sep 17 00:00:00 2001 From: Aditya Dubey <110563293+Adub17030MS@users.noreply.github.com> Date: Tue, 22 Oct 2024 11:49:37 -0700 Subject: [PATCH 20/21] remove patch --- .../containerized-data-importer/containerized-data-importer.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/SPECS/containerized-data-importer/containerized-data-importer.spec b/SPECS/containerized-data-importer/containerized-data-importer.spec index e1d22906539..e7f69ba9cde 100644 --- a/SPECS/containerized-data-importer/containerized-data-importer.spec +++ b/SPECS/containerized-data-importer/containerized-data-importer.spec @@ -27,7 +27,6 @@ URL: https://github.com/kubevirt/containerized-data-importer Source0: https://github.com/kubevirt/containerized-data-importer/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Patch0: CVE-2024-3727.patch Patch1: CVE-2022-2879.patch -Patch2: allow-static-build.patch BuildRequires: golang BuildRequires: golang-packaging BuildRequires: libnbd-devel From 5947df94dc6ddaec027a0422a81dfb3fdcc0a12c Mon Sep 17 00:00:00 2001 From: Aditya Dubey <110563293+Adub17030MS@users.noreply.github.com> Date: Tue, 22 Oct 2024 11:58:15 -0700 Subject: [PATCH 21/21] adding missing binary --- .../allow-static-build.patch | 18 ------------------ .../containerized-data-importer.spec | 1 + 2 files changed, 1 insertion(+), 18 deletions(-) delete mode 100644 SPECS/containerized-data-importer/allow-static-build.patch diff --git a/SPECS/containerized-data-importer/allow-static-build.patch b/SPECS/containerized-data-importer/allow-static-build.patch deleted file mode 100644 index dad21a97419..00000000000 --- a/SPECS/containerized-data-importer/allow-static-build.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff --git a/hack/build/build-go.sh b/hack/build/build-go.sh -index 9ab28a434..b8ab48d48 100755 ---- a/hack/build/build-go.sh -+++ b/hack/build/build-go.sh -@@ -57,10 +57,13 @@ elif [ "${go_opt}" == "build" ]; then - static_flag="" - if [ "$tgt" == "tools/cdi-containerimage-server" ]; then - static_flag="static" -+ echo $CGO_ENABLED - fi - ( - cd $tgt - # Only build executables for linux -+ echo $(cdi::version::ldflags) -+ echo $static_flag - GOOS=linux go build -o ${outFile} -tags strictfipsruntime -ldflags '-extldflags $static_flag' -ldflags "$(cdi::version::ldflags)" - - ln -sf ${outFile} ${outLink} \ No newline at end of file diff --git a/SPECS/containerized-data-importer/containerized-data-importer.spec b/SPECS/containerized-data-importer/containerized-data-importer.spec index e7f69ba9cde..b82b8bf50b2 100644 --- a/SPECS/containerized-data-importer/containerized-data-importer.spec +++ b/SPECS/containerized-data-importer/containerized-data-importer.spec @@ -131,6 +131,7 @@ GOFLAGS="-buildmode=pie ${GOFLAGS}" ./hack/build/build-go.sh build \ cmd/cdi-operator \ tools/cdi-image-size-detection \ tools/cdi-source-update-poller \ + tools/csv-generator \ %{nil} # Disable cgo to build static binaries, so they can run on scratch images