|
 |
a1353c |
From 89129bd096c8bfac4ff84fc19726898cc901c1fc Mon Sep 17 00:00:00 2001
|
|
|
517389 |
From: Debarshi Ray <rishi@fedoraproject.org>
|
|
|
517389 |
Date: Mon, 29 Jun 2020 17:57:47 +0200
|
|
|
517389 |
Subject: [PATCH] build: Make the build flags match RHEL's %{gobuild}
|
|
|
517389 |
|
|
|
517389 |
The Go toolchain doesn't play well with passing compiler and linker
|
|
|
517389 |
flags via environment variables. The linker flags require a second
|
|
|
517389 |
level of quoting, which leaves the build system without a quote level
|
|
|
517389 |
to assign the flags to an environment variable like GOFLAGS.
|
|
|
517389 |
|
|
|
517389 |
This is one reason why RHEL doesn't have a RPM macro with only the
|
|
|
517389 |
flags. The %{gobuild} RPM macro includes the entire 'go build ...'
|
|
|
517389 |
invocation.
|
|
|
517389 |
|
|
|
517389 |
The Go toolchain also doesn't like the LDFLAGS environment variable as
|
|
|
517389 |
exported by RHEL's %{meson} RPM macro, and RHEL's RPM toolchain doesn't
|
|
|
517389 |
like the compressed DWARF data generated by the Go toolchain.
|
|
|
517389 |
|
|
|
517389 |
Note that these flags are meant for every CPU architecture other than
|
|
|
517389 |
PPC64, and should be kept updated to match RHEL's Go guidelines. Use
|
|
|
517389 |
'rpm --eval "%{gobuild}"' to expand the %{gobuild} macro.
|
|
|
517389 |
---
|
|
|
a1353c |
src/go-build-wrapper | 14 ++++++++++----
|
|
|
a1353c |
1 file changed, 10 insertions(+), 4 deletions(-)
|
|
|
517389 |
|
|
|
517389 |
diff --git a/src/go-build-wrapper b/src/go-build-wrapper
|
|
|
a1353c |
index ef4aafc8b024..e82e42ca8151 100755
|
|
|
517389 |
--- a/src/go-build-wrapper
|
|
|
517389 |
+++ b/src/go-build-wrapper
|
|
|
a1353c |
@@ -32,9 +32,9 @@ if ! cd "$1"; then
|
|
|
517389 |
exit 1
|
|
|
517389 |
fi
|
|
|
517389 |
|
|
|
a1353c |
-tags=""
|
|
|
a1353c |
+tags="-tags rpm_crashtraceback,${BUILDTAGS:-}"
|
|
|
a1353c |
if $6; then
|
|
|
a1353c |
- tags="-tags migration_path_for_coreos_toolbox"
|
|
|
a1353c |
+ tags="$tags,migration_path_for_coreos_toolbox"
|
|
|
a1353c |
fi
|
|
|
a1353c |
|
|
|
a1353c |
if ! libc_dir=$("$4" --print-file-name=libc.so); then
|
|
|
a1353c |
@@ -69,11 +69,17 @@ fi
|
|
|
a1353c |
|
|
|
a1353c |
dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename"
|
|
|
a1353c |
|
|
|
517389 |
+unset LDFLAGS
|
|
|
a1353c |
+
|
|
|
a1353c |
# shellcheck disable=SC2086
|
|
|
a1353c |
go build \
|
|
|
a1353c |
+ -buildmode pie \
|
|
|
a1353c |
+ -compiler gc \
|
|
|
a1353c |
$tags \
|
|
|
a1353c |
- -trimpath \
|
|
|
a1353c |
- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \
|
|
|
a1353c |
+ -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" \
|
|
|
a1353c |
+ -a \
|
|
|
a1353c |
+ -v \
|
|
|
a1353c |
+ -x \
|
|
|
a1353c |
-o "$2/toolbox"
|
|
|
a1353c |
|
|
|
517389 |
exit "$?"
|
|
|
517389 |
--
|
|
|
517389 |
2.31.1
|
|
|
517389 |
|