[Docker-maint] Bug#823014: [pkg-golang-devel] Bug#823014: Bug#823014: Bug#823014: golang: Package compiled stdlib for PIE build mode
Michael Hudson-Doyle
michael.hudson at canonical.com
Thu Apr 5 23:11:12 UTC 2018
On 6 April 2018 at 10:32, Paride Legovini <pl at ninthfloor.org> wrote:
> Is manually specifying ‘-buildmode=pie’ in d/rules still the right and
> only way to build PIE hardened binaries?
>
Yes, currently.
> More specifically, what I'm doing is:
>
> export DEB_BUILD_MAINT_OPTIONS = hardening=+all
>
We should /probably/ implement processing of hardening flags in dh_golang.
It's not done yet though.
> export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
>
> GO_LINK_FLAGS += -extldflags "$(LDFLAGS)"
> GO_FLAGS += --ldflags '$(GO_LINK_FLAGS)'
>
> And then:
>
> dh_auto_build -O--buildsystem=golang -- -buildmode=pie $(GO_FLAGS)
>
> (Actual d/rules file: http://deb.li/igtuN).
>
> This builds fine on my amd64 system, but I'm not sure about other
> architectures, and the package hasn't been uploaded yet.
>
I don't think buildmode=pie has been implemented for mips*, and it's a bit
buggy on i386. The others should be fine though...
Cheers,
mwh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/docker-maint/attachments/20180406/47179de3/attachment.html>
More information about the Docker-maint
mailing list