From: dkwo <dkwo@users.noreply.github.com>
To: ml@inbox.vuxu.org
Subject: Re: [PR PATCH] [Updated] [rfc] build-style: go: set buildmode=pie globally
Date: Thu, 15 Feb 2024 16:06:38 +0100 [thread overview]
Message-ID: <20240215150638.87F452238C@inbox.vuxu.org> (raw)
In-Reply-To: <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-46958@inbox.vuxu.org>
[-- Attachment #1: Type: text/plain, Size: 879 bytes --]
There is an updated pull request by dkwo against master on the void-packages repository
https://github.com/dkwo/void-packages gopie
https://github.com/void-linux/void-packages/pull/46958
[rfc] build-style: go: set buildmode=pie globally
I rebuilt all packages natively on x86_64-glibc.
Packages that failed to build with `pie` have `nopie` set.
Pending:
- sbctl #46165
- lxd, lxd-lts #47573
- booster #48122
Missing distfiles:
- clipman @travankor (builds fine with pie otherwise)
Building with pie may interfere with static binaries (e.g. if set CGO_ENABLED=0) and cross-compiling.
Up to now I disabled it for
- go-bindata
- go-md2man
- grafana
but further investigation/tests are needed.
See also https://go-review.googlesource.com/c/go/+/248199
[ci skip]
A patch file from https://github.com/void-linux/void-packages/pull/46958.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-gopie-46958.patch --]
[-- Type: text/x-diff, Size: 8532 bytes --]
From ea44de0b8fcb175d9f1cb5271adef991cf3945dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
<congdanhqx@gmail.com>
Date: Sat, 12 Sep 2020 07:07:13 +0700
Subject: [PATCH 01/10] build-style: go: allow -buildmode=pie
---
common/build-style/go.sh | 8 ++++++--
common/environment/build-style/go.sh | 1 -
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/common/build-style/go.sh b/common/build-style/go.sh
index 50524b07f768c7..a54f3813183ccf 100644
--- a/common/build-style/go.sh
+++ b/common/build-style/go.sh
@@ -29,7 +29,11 @@ do_build() {
fi
done
+ local buildmode
go_package=${go_package:-$go_import_path}
+ if [ -z "$nopie" ]; then
+ buildmode=-buildmode=pie
+ fi
# Build using Go modules if there's a go.mod file
if [ "${go_mod_mode}" != "off" ] && [ -f go.mod ]; then
@@ -50,13 +54,13 @@ do_build() {
# default behavior.
go_mod_mode=
fi
- go install -p "$XBPS_MAKEJOBS" -mod="${go_mod_mode}" -modcacherw -v -tags "${go_build_tags}" -ldflags "${go_ldflags}" ${go_package}
+ go install -p "$XBPS_MAKEJOBS" -mod="${go_mod_mode}" $buildmode -modcacherw -v -tags "${go_build_tags}" -ldflags "${go_ldflags}" ${go_package}
if [[ -n "${_go_mod_path}" ]]; then
popd
fi
else
# Otherwise, build using GOPATH
- go get -p "$XBPS_MAKEJOBS" -v -tags "${go_build_tags}" -ldflags "${go_ldflags}" ${go_package}
+ go get -p "$XBPS_MAKEJOBS" $buildmode -v -tags "${go_build_tags}" -ldflags "${go_ldflags}" ${go_package}
fi
}
diff --git a/common/environment/build-style/go.sh b/common/environment/build-style/go.sh
index 223bba83ff11b4..92a049411e0fbe 100644
--- a/common/environment/build-style/go.sh
+++ b/common/environment/build-style/go.sh
@@ -4,7 +4,6 @@ if [ -z "$hostmakedepends" -o "${hostmakedepends##*gcc-go-tools*}" ]; then
archs="aarch64* armv[567]* i686* x86_64* ppc64le* riscv64*"
fi
hostmakedepends+=" go"
- nopie=yes
else
# gccgo compiler
if [ -z "$archs" ]; then
From 3eb265b266d545ad5b291681d1ac0ff1d3d8854d Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Tue, 28 Nov 2023 16:01:32 -0500
Subject: [PATCH 02/10] cni-plugins: set nopie
---
srcpkgs/cni-plugins/template | 1 +
1 file changed, 1 insertion(+)
diff --git a/srcpkgs/cni-plugins/template b/srcpkgs/cni-plugins/template
index c88498d19dfbff..496433b8c73d04 100644
--- a/srcpkgs/cni-plugins/template
+++ b/srcpkgs/cni-plugins/template
@@ -10,6 +10,7 @@ license="Apache-2.0"
homepage="https://github.com/containernetworking/plugins"
distfiles="https://github.com/containernetworking/plugins/archive/v${version}.tar.gz"
checksum=f9871b9f6ccb51d2b264532e96521e44f926928f91434b56ce135c95becf2901
+nopie=unverified
do_build() {
./build_linux.sh \
From 794c44fd640fcd2b737b4ec1859e922991960366 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Tue, 28 Nov 2023 16:02:54 -0500
Subject: [PATCH 03/10] coyim: set nopie
---
srcpkgs/coyim/template | 1 +
1 file changed, 1 insertion(+)
diff --git a/srcpkgs/coyim/template b/srcpkgs/coyim/template
index 0d928b05cfde32..a8408d59fccdd8 100644
--- a/srcpkgs/coyim/template
+++ b/srcpkgs/coyim/template
@@ -12,6 +12,7 @@ license="GPL-3.0-only"
homepage="https://coy.im"
distfiles="https://github.com/coyim/coyim/archive/v${version}.tar.gz"
checksum=f2bf1e73562fbcc3a0b264a30f92dfe427dffe2046e9f44459087ecac5890098
+nopie=unverified
case "$XBPS_TARGET_MACHINE" in
x86_64*) ;;
From 316875b646ca069ccfcf0c9c0fa218514053032f Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Tue, 28 Nov 2023 16:03:42 -0500
Subject: [PATCH 04/10] kubernetes: set nopie
---
srcpkgs/kubernetes/template | 1 +
1 file changed, 1 insertion(+)
diff --git a/srcpkgs/kubernetes/template b/srcpkgs/kubernetes/template
index 79fcb0884f47e4..a05d4b519e7df0 100644
--- a/srcpkgs/kubernetes/template
+++ b/srcpkgs/kubernetes/template
@@ -17,6 +17,7 @@ nocross=yes
system_accounts="kube"
make_dirs="/var/lib/kubelet 0755 kube kube"
conf_files="/etc/kubernetes/*"
+nopie=unverified
do_build() {
make
From c8344cf6f32ef4169a0276be866da60e3cb141e3 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Tue, 28 Nov 2023 16:04:26 -0500
Subject: [PATCH 05/10] moby: set nopie
---
srcpkgs/moby/template | 1 +
1 file changed, 1 insertion(+)
diff --git a/srcpkgs/moby/template b/srcpkgs/moby/template
index 2aa2e426b02597..dff479e3cd566f 100644
--- a/srcpkgs/moby/template
+++ b/srcpkgs/moby/template
@@ -21,6 +21,7 @@ distfiles="https://github.com/moby/moby/archive/v${version}.tar.gz>moby-$version
checksum="4cdb516f5d6f5caf8b3bcf93c2962277ba727cfd2d1620176a3bb0cf153b3590
5c5e3aa7599e85036438a65016796aa11df4afb44d13b5927dcfb0ec5947a86b"
system_groups="docker"
+nopie=unverified
_moby_builddir="moby-$version"
_libnetwork_builddir="libnetwork-$_libnetwork_commit"
From 6b4c3140c0e80b703d42b7b8f5d3704a1ef575ae Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Tue, 28 Nov 2023 16:05:07 -0500
Subject: [PATCH 06/10] nncp: set nopie
---
srcpkgs/nncp/template | 1 +
1 file changed, 1 insertion(+)
diff --git a/srcpkgs/nncp/template b/srcpkgs/nncp/template
index 6975d7a51ef1ba..acc5f487aeb733 100644
--- a/srcpkgs/nncp/template
+++ b/srcpkgs/nncp/template
@@ -10,6 +10,7 @@ license="GPL-3.0-only"
homepage="http://www.nncpgo.org/"
distfiles="http://www.nncpgo.org/download/${pkgname}-${version}.tar.xz"
checksum=154e13ba15c0ea93f54525793b0699e496b2db7281e1555f08d785a528f3f7fc
+nopie=unverified
do_build() {
./bin/build
From a6be763acd9e783722e1ccb2220ec2a2e7ae0b98 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Tue, 28 Nov 2023 16:05:49 -0500
Subject: [PATCH 07/10] yggdrasil: set nopie
---
srcpkgs/yggdrasil/template | 1 +
1 file changed, 1 insertion(+)
diff --git a/srcpkgs/yggdrasil/template b/srcpkgs/yggdrasil/template
index c6f7a2395b9ba3..24a81e3d799ffb 100644
--- a/srcpkgs/yggdrasil/template
+++ b/srcpkgs/yggdrasil/template
@@ -11,6 +11,7 @@ homepage="https://yggdrasil-network.github.io/"
changelog="https://raw.githubusercontent.com/yggdrasil-network/yggdrasil-go/develop/CHANGELOG.md"
distfiles="https://github.com/yggdrasil-network/yggdrasil-go/archive/v${version}.tar.gz"
checksum=c1cceb9a7a4a8959536b1d930ca081bcfbc76ab655e4bcb55d5d0ab6520d9241
+nopie=unverified
do_build() {
PKGNAME=${pkgname} PKGVER=${version} ./build
From 0c72fa8c3627cdce3359ddab607266933d9af0ae Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Sun, 7 Jan 2024 18:33:20 +0100
Subject: [PATCH 08/10] go-bindata: set nopie
---
srcpkgs/go-bindata/template | 1 +
1 file changed, 1 insertion(+)
diff --git a/srcpkgs/go-bindata/template b/srcpkgs/go-bindata/template
index dad00443ee5298..8a85286c726cd4 100644
--- a/srcpkgs/go-bindata/template
+++ b/srcpkgs/go-bindata/template
@@ -12,3 +12,4 @@ license="Public Domain"
homepage="https://github.com/jteeuwen/go-bindata"
distfiles="https://github.com/jteeuwen/go-bindata/archive/${_commit}.tar.gz"
checksum=65cf65ac422fb8072abfaabec86c20a74e448a93b489e896a36642e7049f5d32
+nopie=static
From 08ffaaa55eb6032c71e2b3f19ee553e8abba96d8 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Sun, 7 Jan 2024 18:35:32 +0100
Subject: [PATCH 09/10] go-md2man: set nopie
---
srcpkgs/go-md2man/template | 1 +
1 file changed, 1 insertion(+)
diff --git a/srcpkgs/go-md2man/template b/srcpkgs/go-md2man/template
index 39e92c22803e0d..bbe0123ebaf33f 100644
--- a/srcpkgs/go-md2man/template
+++ b/srcpkgs/go-md2man/template
@@ -10,6 +10,7 @@ license="MIT"
homepage="https://github.com/cpuguy83/go-md2man"
distfiles="https://github.com/cpuguy83/go-md2man/archive/v${version}.tar.gz"
checksum=7ca3a04bb4ab83387538235decc42a535097a05d2fb9f2266d0c47b33119501f
+nopie=static
post_install() {
vlicense LICENSE.md
From 6dbe71be6d66730f21e8c9470f624c382db964d7 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Sun, 7 Jan 2024 20:59:34 +0100
Subject: [PATCH 10/10] grafana: set nopie
---
srcpkgs/grafana/template | 1 +
1 file changed, 1 insertion(+)
diff --git a/srcpkgs/grafana/template b/srcpkgs/grafana/template
index 9f634d6268d28c..13362ce761f927 100644
--- a/srcpkgs/grafana/template
+++ b/srcpkgs/grafana/template
@@ -22,6 +22,7 @@ make_dirs="/var/log/grafana 0755 _grafana _grafana"
conf_files="/etc/grafana/grafana.ini"
go_ldflags="-X main.version=${version}"
+nopie=static
post_extract() {
# remove prebuilt binaries
next prev parent reply other threads:[~2024-02-15 15:06 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-29 18:04 [PR PATCH] [rfc] build-style: go: allow pie (v2) dkwo
2023-10-29 18:12 ` [PR PATCH] [Updated] " dkwo
2023-10-31 21:01 ` dkwo
2023-11-21 16:41 ` dkwo
2023-11-21 16:42 ` dkwo
2023-11-22 15:04 ` leahneukirchen
2023-11-24 22:06 ` dkwo
2023-11-27 14:29 ` dkwo
2023-11-27 14:30 ` dkwo
2023-11-28 14:14 ` dkwo
2023-11-28 20:49 ` dkwo
2023-11-28 20:52 ` dkwo
2023-11-28 20:52 ` dkwo
2023-11-28 20:56 ` dkwo
2023-11-28 20:58 ` dkwo
2023-11-28 20:59 ` dkwo
2023-11-28 21:06 ` [PR PATCH] [Updated] " dkwo
2023-11-28 21:09 ` dkwo
2023-11-29 15:58 ` dkwo
2023-11-29 16:00 ` [PR PATCH] [Updated] " dkwo
2023-11-29 17:51 ` CameronNemo
2023-11-29 18:34 ` benalb
2023-11-29 20:59 ` benalb
2023-11-30 0:22 ` dkwo
2023-11-30 0:22 ` dkwo
2023-11-30 0:23 ` dkwo
2023-12-01 17:28 ` benalb
2023-12-02 15:17 ` [PR PATCH] [Updated] " dkwo
2023-12-02 15:20 ` dkwo
2023-12-02 22:00 ` dkwo
2023-12-03 19:47 ` [PR PATCH] [Updated] " dkwo
2023-12-04 15:42 ` dkwo
2023-12-06 21:25 ` dkwo
2023-12-06 21:28 ` dkwo
2023-12-07 15:04 ` [PR PATCH] [Updated] " dkwo
2023-12-07 15:07 ` dkwo
2023-12-07 15:12 ` dkwo
2023-12-08 21:35 ` leahneukirchen
2023-12-10 0:49 ` classabbyamp
2023-12-10 15:26 ` [PR PATCH] [Updated] " dkwo
2023-12-10 15:27 ` dkwo
2023-12-10 15:35 ` [PR PATCH] [Updated] " dkwo
2023-12-10 15:36 ` dkwo
2023-12-21 9:12 ` dkwo
2023-12-26 17:59 ` dkwo
2024-01-06 22:45 ` dkwo
2024-01-07 21:27 ` [PR PATCH] [Updated] [rfc] build-style: go: set pie globally dkwo
2024-01-08 14:15 ` [PR PATCH] [Updated] [rfc] build-style: go: set buildmode=pie globally dkwo
2024-02-15 15:06 ` dkwo [this message]
2024-05-16 1:46 ` github-actions
2024-05-16 14:18 ` [PR PATCH] [Updated] " dkwo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240215150638.87F452238C@inbox.vuxu.org \
--to=dkwo@users.noreply.github.com \
--cc=ml@inbox.vuxu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).