Le 06/11/2018 à 10:36, Levente Polyak via aur-general a écrit :
On November 6, 2018 10:24:43 AM GMT+01:00, Bruno Pagani <bruno.n.pagani@gmail.com> wrote:
Hi Maxim,
On 11/6/18 1:05 AM, Maxim Baz via aur-general wrote:
You might want to use go-pie btw, to actually have PIE support
browserpass W: ELF file ('usr/bin/browserpass') lacks FULL RELRO, check LDFLAGS. browserpass W: ELF file ('usr/bin/browserpass') lacks PIE. Nice, will investigate this. well replace go with go-pie is all you can do there, you can't (yet) fix RELRO for go :/ is wrong. We have managed to do that in cozy-stack, gitea and matterbridge to only cite a few (also in mattermost, but the corresponding code is not committed anywhere since this is an AUR
Le 06/11/2018 à 02:13, Levente Polyak via aur-general a écrit : package not maintained by one of us).
We should update Go guidelines to tell about this and also trimming the path (since the bug with it seems to have vanished somehow). *starts a Foxboron invocation ritual*
That's awesome news, please indeed document the dark ritual needed to achieve this, there are lots of packages that can benefit from it.
This would be good to have ready before jelle finishes the TODO list for PIE and RELRO that's been worked on.
Basically, you have to pass `-ldflags "-extldflags ${LDFLAGS}"` to the go compiler. Theoretically, you should be able to do it using GOFLAGS (env var that is carried over), but my experience shows that if they are multiple instance of `-ldflags` on the line (e.g. those from GOFLAGS and those added by the project), only the latest is taken into account (Foxboron is currently looking at this to understand why this is happening). So in practice, we had two cases so far: 1. Your PKGBUILD calls `go` directly to compile the project, then what you want to do is something like this https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packa... or that https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packa.... 2. You use some sort of upstream Makefile, then you will likely need to patch it if they use `-ldflags` in it (e.g. https://git.archlinux.org/svntogit/community.git/tree/trunk/gitea-ldflags.pa... or https://paste.xinu.at/Iatt/). If we manage to understand why settings those things in GOFLAGS does not work, we should be able to set the appropriate GOFLAGS in makepkg.conf. :) Regards, Bruno