From 856a7f524b63f9033c47a8169fbf8a1cfdf69683 Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org>
Date: Mon, 29 Jun 2020 17:57:47 +0200
Subject: [PATCH] build: Make the build flags match RHEL's %{gobuild}

The Go toolchain doesn't play well with passing compiler and linker
flags via environment variables. The linker flags require a second
level of quoting, which leaves the build system without a quote level
to assign the flags to an environment variable like GOFLAGS.

This is one reason why RHEL doesn't have a RPM macro with only the
flags. The %{gobuild} RPM macro includes the entire 'go build ...'
invocation.

The Go toolchain also doesn't like the LDFLAGS environment variable as
exported by RHEL's %{meson} RPM macro, and RHEL's RPM toolchain doesn't
like the compressed DWARF data generated by the Go toolchain.

Note that these flags are meant for every CPU architecture other than
PPC64, and should be kept updated to match RHEL's Go guidelines. Use
'rpm --eval "%{gobuild}"' to expand the %{gobuild} macro.
---
 src/go-build-wrapper | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/go-build-wrapper b/src/go-build-wrapper
index 515e1d8a0670..453b4cfa872b 100755
--- a/src/go-build-wrapper
+++ b/src/go-build-wrapper
@@ -27,5 +27,6 @@ if ! cd "$1"; then
     exit 1
 fi
 
-go build -trimpath -ldflags "-extldflags '-Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -o "$2/toolbox"
+unset LDFLAGS
+go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -extldflags '-Wl,-z,relro -Wl,--as-needed  -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--wrap,pthread_sigmask $4' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$3" -a -v -x -o "$2/toolbox"
 exit "$?"
-- 
2.29.2