65 lines
2.5 KiB
Diff
65 lines
2.5 KiB
Diff
From 89129bd096c8bfac4ff84fc19726898cc901c1fc Mon Sep 17 00:00:00 2001
|
|
From: Debarshi Ray <rishi@fedoraproject.org>
|
|
Date: Mon, 29 Jun 2020 17:57:47 +0200
|
|
Subject: [PATCH] build: Make the build flags match RHEL's %{gobuild}
|
|
|
|
The Go toolchain doesn't play well with passing compiler and linker
|
|
flags via environment variables. The linker flags require a second
|
|
level of quoting, which leaves the build system without a quote level
|
|
to assign the flags to an environment variable like GOFLAGS.
|
|
|
|
This is one reason why RHEL doesn't have a RPM macro with only the
|
|
flags. The %{gobuild} RPM macro includes the entire 'go build ...'
|
|
invocation.
|
|
|
|
The Go toolchain also doesn't like the LDFLAGS environment variable as
|
|
exported by RHEL's %{meson} RPM macro, and RHEL's RPM toolchain doesn't
|
|
like the compressed DWARF data generated by the Go toolchain.
|
|
|
|
Note that these flags are meant for every CPU architecture other than
|
|
PPC64, and should be kept updated to match RHEL's Go guidelines. Use
|
|
'rpm --eval "%{gobuild}"' to expand the %{gobuild} macro.
|
|
---
|
|
src/go-build-wrapper | 14 ++++++++++----
|
|
1 file changed, 10 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/src/go-build-wrapper b/src/go-build-wrapper
|
|
index ef4aafc8b024..e82e42ca8151 100755
|
|
--- a/src/go-build-wrapper
|
|
+++ b/src/go-build-wrapper
|
|
@@ -32,9 +32,9 @@ if ! cd "$1"; then
|
|
exit 1
|
|
fi
|
|
|
|
-tags=""
|
|
+tags="-tags rpm_crashtraceback,${BUILDTAGS:-}"
|
|
if $6; then
|
|
- tags="-tags migration_path_for_coreos_toolbox"
|
|
+ tags="$tags,migration_path_for_coreos_toolbox"
|
|
fi
|
|
|
|
if ! libc_dir=$("$4" --print-file-name=libc.so); then
|
|
@@ -69,11 +69,17 @@ fi
|
|
|
|
dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename"
|
|
|
|
+unset LDFLAGS
|
|
+
|
|
# shellcheck disable=SC2086
|
|
go build \
|
|
+ -buildmode pie \
|
|
+ -compiler gc \
|
|
$tags \
|
|
- -trimpath \
|
|
- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \
|
|
+ -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \
|
|
+ -a \
|
|
+ -v \
|
|
+ -x \
|
|
-o "$2/toolbox"
|
|
|
|
exit "$?"
|
|
--
|
|
2.31.1
|
|
|