From fd03e31c7d789413700db84af02894d5be70b5ee Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Jun 2020 17:57:47 +0200 Subject: [PATCH] build: Make the build flags match Fedora's %{gobuild} The Go toolchain doesn't play well with passing compiler and linker flags via environment variables. The linker flags require a second level of quoting, which leaves the build system without a quote level to assign the flags to an environment variable like GOFLAGS. This is one reason why Fedora doesn't have a RPM macro with only the flags. The %{gobuild} RPM macro includes the entire 'go build ...' invocation. The Go toolchain also doesn't like the LDFLAGS environment variable as exported by Fedora's %{meson} RPM macro. Note that these flags are meant for every CPU architecture other than PPC64, and should be kept updated to match Fedora's Go guidelines. Use 'rpm --eval "%{gobuild}"' to expand the %{gobuild} macro. --- src/go-build-wrapper | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/go-build-wrapper b/src/go-build-wrapper index c572d6dfb02b..0e6a2efa6853 100755 --- a/src/go-build-wrapper +++ b/src/go-build-wrapper @@ -33,9 +33,9 @@ if ! cd "$1"; then exit 1 fi -tags="" +tags="-tags rpm_crashtraceback,${BUILDTAGS:-}" if $7; then - tags="-tags migration_path_for_coreos_toolbox" + tags="$tags,migration_path_for_coreos_toolbox" fi if ! libc_dir=$("$5" --print-file-name=libc.so); then @@ -70,11 +70,17 @@ fi dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename" +unset LDFLAGS + # shellcheck disable=SC2086 go build \ + -buildmode pie \ + -compiler gc \ $tags \ - -trimpath \ - -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ + -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \ + -a \ + -v \ + -x \ -o "$2/$3" exit "$?" -- 2.39.1