From 606f135e4900c7d808341515b74811e3a3714cff Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match RHEL's %{gobuildflags} The Go toolchain doesn't like the LDFLAGS environment variable as exported by RHEL's %{meson} RPM macro, and RHEL's RPM toolchain doesn't like the compressed DWARF data generated by the Go toolchain. Note that these flags are meant for every CPU architecture other than PPC64, and should be kept updated to match RHEL's Go guidelines. Use 'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro. --- src/go-build-wrapper | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/go-build-wrapper b/src/go-build-wrapper index c572d6dfb02b..c492a4e73445 100755 --- a/src/go-build-wrapper +++ b/src/go-build-wrapper @@ -33,9 +33,9 @@ if ! cd "$1"; then exit 1 fi -tags="" +tags="-tags rpm_crashtraceback,${BUILDTAGS:-},libtrust_openssl" if $7; then - tags="-tags migration_path_for_coreos_toolbox" + tags="$tags,migration_path_for_coreos_toolbox" fi if ! libc_dir=$("$5" --print-file-name=libc.so); then @@ -70,11 +70,17 @@ fi dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename" +unset LDFLAGS + # shellcheck disable=SC2086 go build \ + -buildmode pie \ + -compiler gc \ $tags \ - -trimpath \ - -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ + -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ + -a \ + -v \ + -x \ -o "$2/$3" exit "$?" -- 2.39.2