[arch-dev-public] RFC: go-pie removal in favour of GOFLAGS
Morten Linderud
foxboron at archlinux.org
Thu May 14 07:46:27 UTC 2020
On Thu, May 14, 2020 at 09:39:58AM +0200, Levente Polyak via arch-dev-public wrote:
> > At the end of the month I'll make a todo with the remaining packages depending
> > on `go-pie`.
> >
> > The complete future Go PKGBUILD is attached to this email below.
> >
> PS: shouldn't we look into Go getting those flags as well? The Go
> compiler itself doesn't have RELRO and fortified sources :)
Because everything, sadly, breaks. I'd much rather try look into reproducibility
before actually caring about binary hardening.
If we PIE compile the test suite upstream fails quite badly. Evidently upstream
doesn't test the go compiler with PIE/RELRO enabled. Unsure if they care at all
even. If we also try define `CGO_CFLAGS` we end up with errors like:
/usr/include/features.h:397:4: error: #warning _FORTIFY_SOURCE requires compiling with optimization (-O) [-Werror=cpp]
`-buildmode=pie` is also going to land you in trouble with the race detection in
their test suite.
So not quite there yet for the compiler itself.
--
Morten Linderud
PGP: 9C02FF419FECBE16
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-dev-public/attachments/20200514/5739c57a/attachment.sig>
More information about the arch-dev-public
mailing list