diff options
Diffstat (limited to 'main/abuild/0001-abuild.conf-enable-PIE-binaries-by-default-for-go-as.patch')
| -rw-r--r-- | main/abuild/0001-abuild.conf-enable-PIE-binaries-by-default-for-go-as.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/main/abuild/0001-abuild.conf-enable-PIE-binaries-by-default-for-go-as.patch b/main/abuild/0001-abuild.conf-enable-PIE-binaries-by-default-for-go-as.patch new file mode 100644 index 0000000000..a3c2643d14 --- /dev/null +++ b/main/abuild/0001-abuild.conf-enable-PIE-binaries-by-default-for-go-as.patch @@ -0,0 +1,37 @@ +From 828b826662638b78834332f9cf72f18ac1fbf86f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net> +Date: Sun, 17 Mar 2019 17:03:59 +0100 +Subject: [PATCH] abuild.conf: enable PIE binaries by default for go as well + +From `go help environment`: + + GOFLAGS + A space-separated list of -flag=value settings to apply + to go commands by default, when the given flag is known by + the current command. Flags listed on the command-line + are applied after this list and therefore override it. + +And from `go help build`: + + -buildmode mode + build mode to use. See 'go help buildmode' for more. + +Setting this environment variable in /etc/abuild.conf allows us to build +all go binaries on the builders as PIE without needing to patch the go +compiler itself. +--- + abuild.conf | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/abuild.conf b/abuild.conf +index 6721e7f..c00e31b 100644 +--- a/abuild.conf ++++ b/abuild.conf +@@ -2,6 +2,7 @@ export CFLAGS="-Os -fomit-frame-pointer" + export CXXFLAGS="$CFLAGS" + export CPPFLAGS="$CFLAGS" + export LDFLAGS="-Wl,--as-needed" ++export GOFLAGS="-buildmode=pie" + + export JOBS=2 + export MAKEFLAGS=-j$JOBS |