* [master][scarthgap][meta-virtualization][PATCH] kubernetes: skip textrel QA warning
@ 2024-04-30 6:17 changqing.li
2024-05-02 18:00 ` Bruce Ashfield
0 siblings, 1 reply; 4+ messages in thread
From: changqing.li @ 2024-04-30 6:17 UTC (permalink / raw)
To: meta-virtualization
From: Changqing Li <changqing.li@windriver.com>
-buildmode=pie need cgo is enabled, but for kubernetes, some build
targets are static, and cgo is disable in build script directly, refer
[1]. If we add -buildmode=pie by default, will cause these static target
build failed with error "-buildmode=pie requires external (cgo) linking,
but cgo is not enabled".
This warning is acceptable, so just skip it.
[1] https://github.com/kubernetes/kubernetes/blob/master/hack/lib/golang.sh#L811
Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
recipes-containers/kubernetes/kubernetes_git.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/recipes-containers/kubernetes/kubernetes_git.bb b/recipes-containers/kubernetes/kubernetes_git.bb
index d7874dfa..044175eb 100644
--- a/recipes-containers/kubernetes/kubernetes_git.bb
+++ b/recipes-containers/kubernetes/kubernetes_git.bb
@@ -126,7 +126,7 @@ PACKAGES =+ "kubeadm kubectl kubelet kube-proxy ${PN}-misc ${PN}-host"
ALLOW_EMPTY:${PN} = "1"
INSANE_SKIP:${PN} += "ldflags already-stripped"
INSANE_SKIP:${PN}-misc += "ldflags already-stripped textrel"
-INSANE_SKIP:kubelet += "ldflags already-stripped"
+INSANE_SKIP:${MLPREFIX}kubelet += "ldflags already-stripped textrel"
# Note: we are explicitly *not* adding docker to the rdepends, since we allow
# backends like cri-o to be used.
--
2.25.1
^ permalink raw reply related [flat|nested] 4+ messages in thread* Re: [master][scarthgap][meta-virtualization][PATCH] kubernetes: skip textrel QA warning
2024-04-30 6:17 [master][scarthgap][meta-virtualization][PATCH] kubernetes: skip textrel QA warning changqing.li
@ 2024-05-02 18:00 ` Bruce Ashfield
2025-11-14 5:50 ` nvhieudt11
0 siblings, 1 reply; 4+ messages in thread
From: Bruce Ashfield @ 2024-05-02 18:00 UTC (permalink / raw)
To: changqing.li; +Cc: meta-virtualization
merged.
Bruce
In message: [master][scarthgap][meta-virtualization][PATCH] kubernetes: skip textrel QA warning
on 30/04/2024 Changqing Li via lists.yoctoproject.org wrote:
> From: Changqing Li <changqing.li@windriver.com>
>
> -buildmode=pie need cgo is enabled, but for kubernetes, some build
> targets are static, and cgo is disable in build script directly, refer
> [1]. If we add -buildmode=pie by default, will cause these static target
> build failed with error "-buildmode=pie requires external (cgo) linking,
> but cgo is not enabled".
>
> This warning is acceptable, so just skip it.
>
> [1] https://github.com/kubernetes/kubernetes/blob/master/hack/lib/golang.sh#L811
>
> Signed-off-by: Changqing Li <changqing.li@windriver.com>
> ---
> recipes-containers/kubernetes/kubernetes_git.bb | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/recipes-containers/kubernetes/kubernetes_git.bb b/recipes-containers/kubernetes/kubernetes_git.bb
> index d7874dfa..044175eb 100644
> --- a/recipes-containers/kubernetes/kubernetes_git.bb
> +++ b/recipes-containers/kubernetes/kubernetes_git.bb
> @@ -126,7 +126,7 @@ PACKAGES =+ "kubeadm kubectl kubelet kube-proxy ${PN}-misc ${PN}-host"
> ALLOW_EMPTY:${PN} = "1"
> INSANE_SKIP:${PN} += "ldflags already-stripped"
> INSANE_SKIP:${PN}-misc += "ldflags already-stripped textrel"
> -INSANE_SKIP:kubelet += "ldflags already-stripped"
> +INSANE_SKIP:${MLPREFIX}kubelet += "ldflags already-stripped textrel"
>
> # Note: we are explicitly *not* adding docker to the rdepends, since we allow
> # backends like cri-o to be used.
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#8706): https://lists.yoctoproject.org/g/meta-virtualization/message/8706
> Mute This Topic: https://lists.yoctoproject.org/mt/105816435/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [master][scarthgap][meta-virtualization][PATCH] kubernetes: skip textrel QA warning
2024-05-02 18:00 ` Bruce Ashfield
@ 2025-11-14 5:50 ` nvhieudt11
2025-11-19 23:39 ` Bruce Ashfield
0 siblings, 1 reply; 4+ messages in thread
From: nvhieudt11 @ 2025-11-14 5:50 UTC (permalink / raw)
To: meta-virtualization
[-- Attachment #1: Type: text/plain, Size: 612 bytes --]
Hi Changqing Li, Bruce!
My understanding is that CGO is disabled directly in the build script
because building statically can fail on certain environments that don’t
have all the required static libraries. However, for meta-layer builds
with Yocto, could we enable CGO and set -extldflags "-static"
so that we can apply some default security flags from Yocto, such as PIE and RELRO?
https://git.yoctoproject.org/poky/plain/meta/conf/distro/include/security_flags.inc?h=scarthgap
Could there be any runtime issues when enabling CGO and building statically?
I hope to receive your feedback.
Hieu
[-- Attachment #2: Type: text/html, Size: 10581 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [master][scarthgap][meta-virtualization][PATCH] kubernetes: skip textrel QA warning
2025-11-14 5:50 ` nvhieudt11
@ 2025-11-19 23:39 ` Bruce Ashfield
0 siblings, 0 replies; 4+ messages in thread
From: Bruce Ashfield @ 2025-11-19 23:39 UTC (permalink / raw)
To: nvhieudt11; +Cc: meta-virtualization
[-- Attachment #1: Type: text/plain, Size: 1836 bytes --]
On Fri, Nov 14, 2025 at 12:50 AM nvhieudt11 via lists.yoctoproject.org
<nvhieudt11=gmail.com@lists.yoctoproject.org> wrote:
> Hi Changqing Li, Bruce!
>
> My understanding is that CGO is disabled directly in the build script
> because building statically can fail on certain environments that don’t
> have all the required static libraries. However, for meta-layer builds
> with Yocto, could we enable CGO and set -extldflags "-static"
> so that we can apply some default security flags from Yocto, such as PIE
> and RELRO?
>
>
> https://git.yoctoproject.org/poky/plain/meta/conf/distro/include/security_flags.inc?h=scarthgap
>
> Could there be any runtime issues when enabling CGO and building
> statically?
>
I used to build most of the go applications using -static, but have moved
away from it in most
cases as it was causing other integration issues (and possible security and
footprint issues).
I'm not pulling up all the runtime issues from memory but can dig more
another time.
If we do want this to be something enabled via an image or distro feature
(or even packageconfig)
that is possible, but I wouldn't make it the default.
Bruce
> I hope to receive your feedback.
> Hieu
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#9440):
> https://lists.yoctoproject.org/g/meta-virtualization/message/9440
> Mute This Topic: https://lists.yoctoproject.org/mt/105816435/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [
> bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>
--
- Thou shalt not follow the NULL pointer, for chaos and madness await thee
at its end
- "Use the force Harry" - Gandalf, Star Trek II
[-- Attachment #2: Type: text/html, Size: 13985 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-11-19 23:39 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-04-30 6:17 [master][scarthgap][meta-virtualization][PATCH] kubernetes: skip textrel QA warning changqing.li
2024-05-02 18:00 ` Bruce Ashfield
2025-11-14 5:50 ` nvhieudt11
2025-11-19 23:39 ` Bruce Ashfield
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.