New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

golang: support compiling go applications as PIEs #159

Open
lattera opened this Issue Sep 8, 2018 · 1 comment

Comments

Projects
None yet
1 participant
@lattera
Member

lattera commented Sep 8, 2018

Now that lang/go has been updated to 1.11, compiling golang applications as Position-Independent Executables (PIEs) is possible by specifying -buildmode=pie as an argument to go. We should now be able to take advantage of that in ports, compiling golang applications as PIEs.

lattera added a commit that referenced this issue Sep 8, 2018

HBSD: Add GO_PIE knob for per-port PIE opt-in
This enables building a golang-derived port as a Position-Independent
Executable (PIE). It's currently opt-in, meaning each port needs to
define GO_PIE in its Makefile.

With time, I hope we can make this feature opt-out rather than opt-in
like we do for normal PIE. An exp-run with opt-out functionality will
need to be run, and functionality tuned appropriately.

Signed-off-by:	Shawn Webb <shawn.webb@hardenedbsd.org>
Sponsored-by:	SoldierX
github-issue:	#159
@lattera

This comment has been minimized.

Show comment
Hide comment
@lattera

lattera Sep 8, 2018

Member

When -buildmode=pie is enabled for projects that install archive (.a) files, golang will not build the archive file:

laptop-dev-03[shawn]:/usr/ports/devel/go-metrics $ make BATCH=1
pkg-static: Bad argument on pkg_set 341574009
===>  License MIT accepted by the user
===>   go-metrics-20160521 depends on file: /usr/local/sbin/pkg - found
===> Fetching all distfiles required by go-metrics-20160521 for building
===>  Extracting for go-metrics-20160521
=> SHA256 Checksum OK for armon-go-metrics-20160521-fbf75676ee9c0a3a23eb0a4d9220a3612cfbd1ed_GH0.tar.gz.                                                                            
===>  Patching for go-metrics-20160521
===>   go-metrics-20160521 depends on file: /usr/local/bin/go - found
===>  Configuring for go-metrics-20160521
===>  Building for go-metrics-20160521
runtime/cgo
net
github.com/armon/go-metrics
===>  Staging for go-metrics-20160521
===>   Generating temporary packing list
====> Compressing man pages (compress-man)
laptop-dev-03[shawn]:/usr/ports/devel/go-metrics $ find work/stage -name \*.a
work/stage/usr/local/share/go/pkg/freebsd_amd64/github.com/armon/go-metrics.a
laptop-dev-03[shawn]:/usr/ports/devel/go-metrics $ make clean
===>  Cleaning for go-metrics-20160521
laptop-dev-03[shawn]:/usr/ports/devel/go-metrics $ make BATCH=1 GO_PIE=yes
===>  License MIT accepted by the user
===>   go-metrics-20160521 depends on file: /usr/local/sbin/pkg - found
===> Fetching all distfiles required by go-metrics-20160521 for building
===>  Extracting for go-metrics-20160521
=> SHA256 Checksum OK for armon-go-metrics-20160521-fbf75676ee9c0a3a23eb0a4d9220a3612cfbd1ed_GH0.tar.gz.
===>  Patching for go-metrics-20160521
===>   go-metrics-20160521 depends on file: /usr/local/bin/go - found
===>  Configuring for go-metrics-20160521
===>  Building for go-metrics-20160521
errors
internal/race
internal/cpu
runtime/internal/sys
runtime/internal/atomic
sync/atomic
unicode
unicode/utf8
internal/bytealg
math
internal/testlog
math/bits
vendor/golang_org/x/net/dns/dnsmessage
runtime
internal/nettrace
runtime/cgo
strconv
sync
io
internal/singleflight
reflect
syscall
math/rand
bytes
strings
bufio
time
internal/syscall/unix
internal/poll
os
os/signal
vendor/golang_org/x/net/route
sort
fmt
log
context
net
github.com/armon/go-metrics
===>  Staging for go-metrics-20160521
===>   Generating temporary packing list
====> Compressing man pages (compress-man)
laptop-dev-03[shawn]:/usr/ports/devel/go-metrics $ find work/stage -name \*.a
laptop-dev-03[shawn]:/usr/ports/devel/go-metrics $
Member

lattera commented Sep 8, 2018

When -buildmode=pie is enabled for projects that install archive (.a) files, golang will not build the archive file:

laptop-dev-03[shawn]:/usr/ports/devel/go-metrics $ make BATCH=1
pkg-static: Bad argument on pkg_set 341574009
===>  License MIT accepted by the user
===>   go-metrics-20160521 depends on file: /usr/local/sbin/pkg - found
===> Fetching all distfiles required by go-metrics-20160521 for building
===>  Extracting for go-metrics-20160521
=> SHA256 Checksum OK for armon-go-metrics-20160521-fbf75676ee9c0a3a23eb0a4d9220a3612cfbd1ed_GH0.tar.gz.                                                                            
===>  Patching for go-metrics-20160521
===>   go-metrics-20160521 depends on file: /usr/local/bin/go - found
===>  Configuring for go-metrics-20160521
===>  Building for go-metrics-20160521
runtime/cgo
net
github.com/armon/go-metrics
===>  Staging for go-metrics-20160521
===>   Generating temporary packing list
====> Compressing man pages (compress-man)
laptop-dev-03[shawn]:/usr/ports/devel/go-metrics $ find work/stage -name \*.a
work/stage/usr/local/share/go/pkg/freebsd_amd64/github.com/armon/go-metrics.a
laptop-dev-03[shawn]:/usr/ports/devel/go-metrics $ make clean
===>  Cleaning for go-metrics-20160521
laptop-dev-03[shawn]:/usr/ports/devel/go-metrics $ make BATCH=1 GO_PIE=yes
===>  License MIT accepted by the user
===>   go-metrics-20160521 depends on file: /usr/local/sbin/pkg - found
===> Fetching all distfiles required by go-metrics-20160521 for building
===>  Extracting for go-metrics-20160521
=> SHA256 Checksum OK for armon-go-metrics-20160521-fbf75676ee9c0a3a23eb0a4d9220a3612cfbd1ed_GH0.tar.gz.
===>  Patching for go-metrics-20160521
===>   go-metrics-20160521 depends on file: /usr/local/bin/go - found
===>  Configuring for go-metrics-20160521
===>  Building for go-metrics-20160521
errors
internal/race
internal/cpu
runtime/internal/sys
runtime/internal/atomic
sync/atomic
unicode
unicode/utf8
internal/bytealg
math
internal/testlog
math/bits
vendor/golang_org/x/net/dns/dnsmessage
runtime
internal/nettrace
runtime/cgo
strconv
sync
io
internal/singleflight
reflect
syscall
math/rand
bytes
strings
bufio
time
internal/syscall/unix
internal/poll
os
os/signal
vendor/golang_org/x/net/route
sort
fmt
log
context
net
github.com/armon/go-metrics
===>  Staging for go-metrics-20160521
===>   Generating temporary packing list
====> Compressing man pages (compress-man)
laptop-dev-03[shawn]:/usr/ports/devel/go-metrics $ find work/stage -name \*.a
laptop-dev-03[shawn]:/usr/ports/devel/go-metrics $
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment