Set noexecstack on snapcraft builds
We're currently failing the auoptmated security review on snapcraft because the lotus binary has the execstack value set: https://linux.die.net/man/8/execstack This commit passes the appropriate flags to ld to disable the execstack flag when building the binaries for snapcraft: https://linux.die.net/man/1/ld We may want to consider disabling this as part of the main build. Research seems to indicate that allow the executable stack can lead to security issues, but I am not enough of a security expert to know for sure what the right call here is: https://f0rm2l1n.github.io/2022-04-02-What-is-happended-to-execstack/
This commit is contained in:
Ian Davis
parent
f3830b60ae
commit
ab611199fd
@ -36,7 +36,7 @@ parts:
|
|||||||
- libhwloc15
|
- libhwloc15
|
||||||
- ocl-icd-libopencl1
|
- ocl-icd-libopencl1
|
||||||
override-build: |
|
override-build: |
|
||||||
LDFLAGS="" make lotus lotus-miner lotus-worker
|
LDFLAGS="-z noexecstack" make lotus lotus-miner lotus-worker
|
||||||
cp lotus lotus-miner lotus-worker $SNAPCRAFT_PART_INSTALL
|
cp lotus lotus-miner lotus-worker $SNAPCRAFT_PART_INSTALL
|
||||||
cp scripts/snap-lotus-entrypoint.sh $SNAPCRAFT_PART_INSTALL
|
cp scripts/snap-lotus-entrypoint.sh $SNAPCRAFT_PART_INSTALL
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user