toolbox/toolbox-Make-the-build-flags-match-RHEL-9.patch

From ff1320fa869f1e4952836436ab2ad928cbba0987 Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org>
Date: Mon, 29 Jun 2020 17:57:47 +0200
Subject: [PATCH] build: Make the build flags match RHEL 9's %{gobuildflags}

These reflect the defaults for RHEL 9.5, because RHEL 9.6 is still early
in its development cycle and the defaults may be in a state of flux.

Note that these flags are meant for every CPU architecture other than
PPC64, and should be kept updated to match RHEL 9's Go guidelines. Use
'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
---
 src/go-build-wrapper | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/go-build-wrapper b/src/go-build-wrapper
index a5a1a6a508fb..0a2c7526f210 100755
--- a/src/go-build-wrapper
+++ b/src/go-build-wrapper
@@ -33,9 +33,9 @@ if ! cd "$1"; then
     exit 1
 fi
 
-tags=""
+tags="-tags rpm_crashtraceback,${GO_BUILDTAGS:-},libtrust_openssl"
 if $7; then
-    tags="-tags migration_path_for_coreos_toolbox"
+    tags="$tags,migration_path_for_coreos_toolbox"
 fi
 
 if ! libc_dir=$("$5" --print-file-name=libc.so); then
@@ -114,9 +114,14 @@ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basen
 
 # shellcheck disable=SC2086
 go build \
+        -buildmode pie \
+        -compiler gc \
         $tags \
         -trimpath \
-        -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+        -ldflags "${GO_LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
+        -a \
+        -v \
+        -x \
         -o "$2/$3"
 
 exit "$?"
-- 
2.46.1
Update to 0.0.99.6 Update the compiler and linker flags for RHEL 10 by incorporating the distribution's defaults from RHEL 10.0 Beta, because RHEL 10.0 is still early in its development cycle and the defaults may be in a state of flux. Some exceptions are mentioned below. The '-z pack-relative-relocs' linker flag was left out. It's currently not supported on s390x, so using it would require architecture specific patches, which is a hassle. Support for aarch64 was recently added [1], so hopefully s390x will also be supported soon. The change to use the RPM's %{name}, %{version}, %{release} and the SOURCE_DATE_EPOCH environment variable [2], instead of /dev/urandom, to generate the build ID annotation for the toolbox(1) binary [3] was left out. It will need more work to propagate the RPM's %{name}, %{version} and %{release} to Meson. The 'rpminspect --tests=elf' test run by the downstream CI was silenced because toolbox(1) is only built with the '-z relro' linker flag, but not '-z now' [4]. Otherwise, it fails with: /usr/bin/toolbox lost full GNU_RELRO security protection Stop carrying the downstream patch for the compiler and linker flags for PPC64. The architecture was already discontinued from Fedora 29 [5], even before the patch was added [6]. It was added purely for the sake of completeness, and in the last four years since it was introduced, it hasn't been tested or used. At this point it's becoming too much of a maintenance burden, and removing it silences the %ifarch-applied-patch warning from rpmlint. Fill in some of the missing Requires for the toolbox-tests sub-package. [1] CentOS Stream redhat-rpm-config commit 3c5a6b17540b2a0b https://gitlab.com/redhat/centos-stream/rpms/redhat-rpm-config/-/commit/3c5a6b17540b2a0b https://gitlab.com/redhat/centos-stream/rpms/redhat-rpm-config/-/merge_requests/42 https://issues.redhat.com/browse/RHEL-40379 [2] https://reproducible-builds.org/docs/source-date-epoch/ [3] go-rpm-macros commit 1980932bf3a21890 https://pagure.io/go-rpm-macros/c/1980932bf3a21890 https://fedoraproject.org/wiki/Changes/ReproduciblePackageBuilds [4] Upstream commit 83f28c52e47c2d44 https://github.com/containers/toolbox/commit/83f28c52e47c2d44 https://github.com/containers/toolbox/pull/1548 [5] https://fedoraproject.org/wiki/Changes/DiscontinuePPC64 [6] Fedora toolbox commit ba60453d216a9226 https://src.fedoraproject.org/rpms/toolbox/c/ba60453d216a9226 https://src.fedoraproject.org/rpms/toolbox/pull-request/2 Resolves: RHEL-61579 2024-10-04 13:59:13 +00:00			`From ff1320fa869f1e4952836436ab2ad928cbba0987 Mon Sep 17 00:00:00 2001`
			`From: Debarshi Ray <rishi@fedoraproject.org>`
			`Date: Mon, 29 Jun 2020 17:57:47 +0200`
			`Subject: [PATCH] build: Make the build flags match RHEL 9's %{gobuildflags}`

			`These reflect the defaults for RHEL 9.5, because RHEL 9.6 is still early`
			`in its development cycle and the defaults may be in a state of flux.`

			`Note that these flags are meant for every CPU architecture other than`
			`PPC64, and should be kept updated to match RHEL 9's Go guidelines. Use`
			`'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.`
			`---`
			`src/go-build-wrapper \| 11 ++++++++---`
			`1 file changed, 8 insertions(+), 3 deletions(-)`

			`diff --git a/src/go-build-wrapper b/src/go-build-wrapper`
			`index a5a1a6a508fb..0a2c7526f210 100755`
			`--- a/src/go-build-wrapper`
			`+++ b/src/go-build-wrapper`
			`@@ -33,9 +33,9 @@ if ! cd "$1"; then`
			`exit 1`
			`fi`

			`-tags=""`
			`+tags="-tags rpm_crashtraceback,${GO_BUILDTAGS:-},libtrust_openssl"`
			`if $7; then`
			`- tags="-tags migration_path_for_coreos_toolbox"`
			`+ tags="$tags,migration_path_for_coreos_toolbox"`
			`fi`

			`if ! libc_dir=$("$5" --print-file-name=libc.so); then`
			`@@ -114,9 +114,14 @@ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basen`

			`# shellcheck disable=SC2086`
			`go build \`
			`+ -buildmode pie \`
			`+ -compiler gc \`
			`$tags \`
			`-trimpath \`
			`- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \`
			`+ -ldflags "${GO_LDFLAGS:-} -B 0x$(head -c20 /dev/urandom\|od -An -tx1\|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \`
			`+ -a \`
			`+ -v \`
			`+ -x \`
			`-o "$2/$3"`

			`exit "$?"`
			`--`
			`2.46.1`