[aur-general] TU application: Maxim Baz
Bruno Pagani
bruno.n.pagani at gmail.com
Tue Nov 6 13:16:34 UTC 2018
Le 06/11/2018 à 10:36, Levente Polyak via aur-general a écrit :
> On November 6, 2018 10:24:43 AM GMT+01:00, Bruno Pagani <bruno.n.pagani at gmail.com> wrote:
>> Le 06/11/2018 à 02:13, Levente Polyak via aur-general a écrit :
>>> Hi Maxim,
>>>
>>> On 11/6/18 1:05 AM, Maxim Baz via aur-general wrote:
>>>>> You might want to use go-pie btw, to actually have PIE support
>>>>>
>>>>> browserpass W: ELF file ('usr/bin/browserpass') lacks FULL RELRO,
>> check LDFLAGS.
>>>>> browserpass W: ELF file ('usr/bin/browserpass') lacks PIE.
>>>> Nice, will investigate this.
>>> well replace go with go-pie is all you can do there, you can't (yet)
>> fix
>>> RELRO for go :/
>> is wrong. We have managed to do that in cozy-stack, gitea and
>> matterbridge to only cite a few (also in mattermost, but the
>> corresponding code is not committed anywhere since this is an AUR
>> package not maintained by one of us).
>>
>> We should update Go guidelines to tell about this and also trimming the
>> path (since the bug with it seems to have vanished somehow). *starts a
>> Foxboron invocation ritual*
>>
>
> That's awesome news, please indeed document the dark ritual needed
> to achieve this, there are lots of packages that can benefit from it.
>
> This would be good to have ready before jelle finishes the TODO list
> for PIE and RELRO that's been worked on.
Basically, you have to pass `-ldflags "-extldflags ${LDFLAGS}"` to the
go compiler. Theoretically, you should be able to do it using GOFLAGS
(env var that is carried over), but my experience shows that if they are
multiple instance of `-ldflags` on the line (e.g. those from GOFLAGS and
those added by the project), only the latest is taken into account
(Foxboron is currently looking at this to understand why this is
happening). So in practice, we had two cases so far:
1. Your PKGBUILD calls `go` directly to compile the project, then what
you want to do is something like this
https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/matterbridge
or that
https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/cozy-stack.
2. You use some sort of upstream Makefile, then you will likely need to
patch it if they use `-ldflags` in it (e.g.
https://git.archlinux.org/svntogit/community.git/tree/trunk/gitea-ldflags.patch?h=packages/gitea
or https://paste.xinu.at/Iatt/).
If we manage to understand why settings those things in GOFLAGS does not
work, we should be able to set the appropriate GOFLAGS in makepkg.conf. :)
Regards,
Bruno
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20181106/f3166685/attachment.asc>
More information about the aur-general
mailing list