Skip to content

Update build script to use GOFLAGS and CGO_LDFLAGS #460

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
max-baz wants to merge 3 commits into from
Closed

Update build script to use GOFLAGS and CGO_LDFLAGS #460

max-baz wants to merge 3 commits into from

Conversation

@max-baz
Copy link
Contributor

@max-baz max-baz commented Mar 15, 2020

This change makes use of GOFLAGS to simplify compiling with PIE, respecting LDFLAGS and trimming local paths to support reproducible builds.

Relevant: https://lists.archlinux.org/pipermail/arch-dev-public/2020-March/029898.html

Since you are already providing a source tarball that includes vendor dependencies (👍), all dependency-related items in the email do not apply to you:

  • -mod=vendor is used by default in Go 1.14
  • -modcacherw is only needed if our build system was fetching vendor dependencies itself

Tested by applying this patch on top of 1.7.1 release archive that contains vendor folder.

max-baz added 3 commits March 15, 2020 16:27
@max-baz
Update build script to use GOFLAGS and CGO_LDFLAGS
8c34f54 
This change makes use of GOFLAGS to simplify compiling with PIE, respecting LDFLAGS and trimming local paths to support reproducible builds.

Relevant: https://lists.archlinux.org/pipermail/arch-dev-public/2020-March/029898.html

Since you are already providing a source tarball that includes vendor dependencies (👍), all dependency-related items in the email do not apply to you:

* -mod=vendor is used by default in Go 1.14
* -modcacherw is only needed if our build system was fetching vendor dependencies itself

Tested by applying this patch on top of 1.7.1 release archive that contains vendor folder.
@max-baz
Allow to override default values from outside, if necessary
a29b6f5
@max-baz
Fix when LDFLAGS is unbound
f195449
@max-baz
Copy link
Contributor Author

max-baz commented Mar 15, 2020

Oh it seems your travis checks for older Go versions... Let me know how you want to proceed, maybe it's time to remove older Go versions? 😜

rfjakob added a commit that referenced this pull request Apr 13, 2020
@rfjakob
build.bash: use GOFLAGS -trimpath and enable PIE
a7d562d 
GOFLAGS exists since Go 1.11: https://golang.org/doc/go1.11

#460
@rfjakob
Copy link
Owner

rfjakob commented Apr 18, 2020

-buildmode=pie causes problems with static builds:

# github.com/rfjakob/gocryptfs
loadinternal: cannot find runtime/cgo
# github.com/rfjakob/gocryptfs/gocryptfs-xray
loadinternal: cannot find runtime/cgo
# github.com/rfjakob/gocryptfs/contrib/statfs
loadinternal: cannot find runtime/cgo

@max-baz
Copy link
Contributor Author

max-baz commented Apr 18, 2020

Hmm I didn't see this, do you do something special to reproduce?

@rfjakob
Copy link
Owner

rfjakob commented Apr 18, 2020 

$ ./build-without-openssl.bash 
# github.com/rfjakob/gocryptfs
loadinternal: cannot find runtime/cgo
# github.com/rfjakob/gocryptfs/gocryptfs-xray
loadinternal: cannot find runtime/cgo
# github.com/rfjakob/gocryptfs/contrib/statfs
loadinternal: cannot find runtime/cgo
gocryptfs v1.7.1-48-gf6b1c68 without_openssl; go-fuse v1.0.1-0.20190319092520-161a16484456; 2020-04-18 go1.13.6 linux/amd64

@rfjakob
Copy link
Owner

rfjakob commented Apr 18, 2020

Fixed via 5da5e9f . build.bash now uses both -buildmode=pie and -trimpath when possible.

@rfjakob rfjakob closed this Apr 18, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@max-baz @rfjakob