e4c38fd245
Update the compiler and linker flags for RHEL 9 by keeping '-trimpath'.
Switch to using the GO_BUILDTAGS and GO_LDFLAGS environment variables,
because their unprefixed counterparts have been deprecated [1].
The 'rpminspect --tests=elf' test run by the downstream CI was silenced
because toolbox(1) is only built with the '-z relro' linker flag, but
not '-z now' [2]. Otherwise, it fails with:
/usr/bin/toolbox lost full GNU_RELRO security protection
Stop carrying the downstream patch for the compiler and linker flags for
PPC64. The architecture was already discontinued from Fedora 29 [3],
even before the patch was added [4]. It was added purely for the sake
of completeness, and in the last four years since it was introduced, it
hasn't been tested or used. At this point it's becoming too much of a
maintenance burden, and removing it silences the %ifarch-applied-patch
warning from rpmlint.
Fill in some of the missing Requires for the toolbox-tests sub-package.
[1] go-rpm-macros commit bc7e5cc55c4709e8
https://pagure.io/go-rpm-macros/c/bc7e5cc55c4709e8
[2] Upstream commit 83f28c52e47c2d44
https://github.com/containers/toolbox/commit/83f28c52e47c2d44
https://github.com/containers/toolbox/pull/1548
[3] https://fedoraproject.org/wiki/Changes/DiscontinuePPC64
[4] Fedora toolbox commit ba60453d21
https://src.fedoraproject.org/rpms/toolbox/c/ba60453d216a9226
https://src.fedoraproject.org/rpms/toolbox/pull-request/2
Resolves: RHEL-61578
48 lines
2.1 KiB
Diff
48 lines
2.1 KiB
Diff
From 7dc70160c8ff531473004e879dd57ec303789d71 Mon Sep 17 00:00:00 2001
|
|
From: Debarshi Ray <rishi@fedoraproject.org>
|
|
Date: Mon, 29 Jun 2020 17:57:47 +0200
|
|
Subject: [PATCH] build: Make the build flags match Fedora's %{gobuildflags}
|
|
|
|
Note that these flags are meant for every CPU architecture other than
|
|
PPC64, and should be kept updated to match Fedora's Go guidelines. Use
|
|
'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
|
|
---
|
|
src/go-build-wrapper | 11 ++++++++---
|
|
1 file changed, 8 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/src/go-build-wrapper b/src/go-build-wrapper
|
|
index a5a1a6a508fb..5978422e9aed 100755
|
|
--- a/src/go-build-wrapper
|
|
+++ b/src/go-build-wrapper
|
|
@@ -33,9 +33,9 @@ if ! cd "$1"; then
|
|
exit 1
|
|
fi
|
|
|
|
-tags=""
|
|
+tags="-tags rpm_crashtraceback,${GO_BUILDTAGS:-}"
|
|
if $7; then
|
|
- tags="-tags migration_path_for_coreos_toolbox"
|
|
+ tags="$tags,migration_path_for_coreos_toolbox"
|
|
fi
|
|
|
|
if ! libc_dir=$("$5" --print-file-name=libc.so); then
|
|
@@ -114,9 +114,14 @@ dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basen
|
|
|
|
# shellcheck disable=SC2086
|
|
go build \
|
|
+ -buildmode pie \
|
|
+ -compiler gc \
|
|
$tags \
|
|
-trimpath \
|
|
- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
|
|
+ -ldflags "${GO_LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname -Wl,--export-dynamic -Wl,--unresolved-symbols=ignore-in-object-files' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
|
|
+ -a \
|
|
+ -v \
|
|
+ -x \
|
|
-o "$2/$3"
|
|
|
|
exit "$?"
|
|
--
|
|
2.46.1
|
|
|