|
 |
b18f520 |
From aeaa8cd30a8c5ad33ee1fe6b9e84ecbb28f7264c Mon Sep 17 00:00:00 2001
|
|
|
b18f520 |
From: Debarshi Ray <rishi@fedoraproject.org>
|
|
|
b18f520 |
Date: Mon, 29 Jun 2020 17:57:47 +0200
|
|
|
b18f520 |
Subject: [PATCH] build: Make the build flags match RHEL's %{gobuildflags}
|
|
|
b18f520 |
|
|
|
b18f520 |
The Go toolchain doesn't like the LDFLAGS environment variable as
|
|
|
b18f520 |
exported by RHEL's %{meson} RPM macro, and RHEL's RPM toolchain doesn't
|
|
|
b18f520 |
like the compressed DWARF data generated by the Go toolchain.
|
|
|
b18f520 |
|
|
|
b18f520 |
Note that these flags are meant for every CPU architecture other than
|
|
|
b18f520 |
PPC64, and should be kept updated to match RHEL's Go guidelines. Use
|
|
|
b18f520 |
'rpm --eval "%{gobuildflags}"' to expand the %{gobuildflags} macro.
|
|
|
b18f520 |
---
|
|
|
b18f520 |
src/go-build-wrapper | 14 ++++++++++----
|
|
|
b18f520 |
1 file changed, 10 insertions(+), 4 deletions(-)
|
|
|
b18f520 |
|
|
|
b18f520 |
diff --git a/src/go-build-wrapper b/src/go-build-wrapper
|
|
|
b18f520 |
index c572d6dfb02b..d39764fda0c1 100755
|
|
|
b18f520 |
--- a/src/go-build-wrapper
|
|
|
b18f520 |
+++ b/src/go-build-wrapper
|
|
|
b18f520 |
@@ -33,9 +33,9 @@ if ! cd "$1"; then
|
|
|
b18f520 |
exit 1
|
|
|
b18f520 |
fi
|
|
|
b18f520 |
|
|
|
b18f520 |
-tags=""
|
|
|
b18f520 |
+tags="-tags rpm_crashtraceback,${BUILDTAGS:-},libtrust_openssl"
|
|
|
b18f520 |
if $7; then
|
|
|
b18f520 |
- tags="-tags migration_path_for_coreos_toolbox"
|
|
|
b18f520 |
+ tags="$tags,migration_path_for_coreos_toolbox"
|
|
|
b18f520 |
fi
|
|
|
b18f520 |
|
|
|
b18f520 |
if ! libc_dir=$("$5" --print-file-name=libc.so); then
|
|
|
b18f520 |
@@ -70,11 +70,17 @@ fi
|
|
|
b18f520 |
|
|
|
b18f520 |
dynamic_linker="/run/host$dynamic_linker_canonical_dirname/$dynamic_linker_basename"
|
|
|
b18f520 |
|
|
|
b18f520 |
+unset LDFLAGS
|
|
|
b18f520 |
+
|
|
|
b18f520 |
# shellcheck disable=SC2086
|
|
|
b18f520 |
go build \
|
|
|
b18f520 |
+ -buildmode pie \
|
|
|
b18f520 |
+ -compiler gc \
|
|
|
b18f520 |
$tags \
|
|
|
b18f520 |
- -trimpath \
|
|
|
b18f520 |
- -ldflags "-extldflags '-Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
|
|
|
b18f520 |
+ -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \n') -compressdwarf=false -extldflags '-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,-dynamic-linker,$dynamic_linker -Wl,-rpath,/run/host$libc_dir_canonical_dirname' -linkmode external -X github.com/containers/toolbox/pkg/version.currentVersion=$4" \
|
|
|
b18f520 |
+ -a \
|
|
|
b18f520 |
+ -v \
|
|
|
b18f520 |
+ -x \
|
|
|
b18f520 |
-o "$2/$3"
|
|
|
b18f520 |
|
|
|
b18f520 |
exit "$?"
|
|
|
b18f520 |
--
|
|
|
b18f520 |
2.39.2
|
|
|
b18f520 |
|