Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update build script to use GOFLAGS and CGO_LDFLAGS #460

Closed
wants to merge 3 commits into from
Closed

Update build script to use GOFLAGS and CGO_LDFLAGS #460

wants to merge 3 commits into from

Conversation

maximbaz
Copy link
Contributor

This change makes use of GOFLAGS to simplify compiling with PIE, respecting LDFLAGS and trimming local paths to support reproducible builds.

Relevant: https://lists.archlinux.org/pipermail/arch-dev-public/2020-March/029898.html

Since you are already providing a source tarball that includes vendor dependencies (👍), all dependency-related items in the email do not apply to you:

  • -mod=vendor is used by default in Go 1.14
  • -modcacherw is only needed if our build system was fetching vendor dependencies itself

Tested by applying this patch on top of 1.7.1 release archive that contains vendor folder.

@maximbaz
Update build script to use GOFLAGS and CGO_LDFLAGS
8c34f54 
This change makes use of GOFLAGS to simplify compiling with PIE, respecting LDFLAGS and trimming local paths to support reproducible builds.

Relevant: https://lists.archlinux.org/pipermail/arch-dev-public/2020-March/029898.html

Since you are already providing a source tarball that includes vendor dependencies (👍), all dependency-related items in the email do not apply to you:

* -mod=vendor is used by default in Go 1.14
* -modcacherw is only needed if our build system was fetching vendor dependencies itself

Tested by applying this patch on top of 1.7.1 release archive that contains vendor folder.
@maximbaz
Allow to override default values from outside, if necessary
a29b6f5
@maximbaz
Fix when LDFLAGS is unbound
f195449
@maximbaz
Copy link
Contributor Author

Oh it seems your travis checks for older Go versions... Let me know how you want to proceed, maybe it's time to remove older Go versions? 😜

rfjakob added a commit that referenced this pull request Apr 13, 2020
@rfjakob
build.bash: use GOFLAGS -trimpath and enable PIE
a7d562d 
GOFLAGS exists since Go 1.11: https://golang.org/doc/go1.11

#460
@rfjakob
Copy link
Owner

rfjakob commented Apr 18, 2020

-buildmode=pie causes problems with static builds:

# github.com/rfjakob/gocryptfs
loadinternal: cannot find runtime/cgo
# github.com/rfjakob/gocryptfs/gocryptfs-xray
loadinternal: cannot find runtime/cgo
# github.com/rfjakob/gocryptfs/contrib/statfs
loadinternal: cannot find runtime/cgo

@maximbaz
Copy link
Contributor Author

Hmm I didn't see this, do you do something special to reproduce?

@rfjakob
Copy link
Owner

rfjakob commented Apr 18, 2020 

$ ./build-without-openssl.bash 
# github.com/rfjakob/gocryptfs
loadinternal: cannot find runtime/cgo
# github.com/rfjakob/gocryptfs/gocryptfs-xray
loadinternal: cannot find runtime/cgo
# github.com/rfjakob/gocryptfs/contrib/statfs
loadinternal: cannot find runtime/cgo
gocryptfs v1.7.1-48-gf6b1c68 without_openssl; go-fuse v1.0.1-0.20190319092520-161a16484456; 2020-04-18 go1.13.6 linux/amd64

@rfjakob
Copy link
Owner

rfjakob commented Apr 18, 2020

Fixed via 5da5e9f . build.bash now uses both -buildmode=pie and -trimpath when possible.

@rfjakob rfjakob closed this Apr 18, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@maximbaz @rfjakob