go/build: sourcehut requires characters considered unsafe for cgo names

[ddevault]

build.go has a set of safe characters which can be present in CFLAGS:

go/src/go/build/build.go

Lines 1553 to 1559 in c290cb6

	// NOTE: $ is not safe for the shell, but it is allowed here because of linker options like -Wl,$ORIGIN.
	// We never pass these arguments to a shell (just to programs we construct argv for), so this should be okay.
	// See golang.org/issue/6038.
	// The @ is for OS X. See golang.org/issue/13720.
	// The % is for Jenkins. See golang.org/issue/16959.
	// The ! is because module paths may use them. See golang.org/issue/26716.
	const safeString = "+-.,/0123456789=ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz:$@%! "

Sourcehut packages always have ~ in the URL, and in the future will likely have ^ as well. Importing a package from sr.ht which uses ${SRCDIR} in its CFLAGS accordingly causes this error:

widgets/terminal.go:11:2: /home/sircmpwn/.local/share/go/pkg/mod/git.sr.ht/~sircmpwn/go-libvterm@v0.0.0-20190526184212-d093d527d591/vterm.go: malformed #cgo argument: -I/home/sircmpwn/.local/share/go/pkg/mod/git.sr.ht/~sircmpwn/go-libvterm@v0.0.0-20190526184212-d093d527d591/libvterm/include/

~ has a special meaning in the shell, but it is URL safe and, per the comments in build.go, this string is never expanded with a shell.

EDIT: added permalink

[AlexRouSg]

ping @ianlancetaylor

[ddevault]

Bump? This should be easy to fix, is definitely a bug in golang, and shows unfair favoritism towards other platforms.

[ianlancetaylor]

Want to send in a patch?

[ddevault]

I don't really want to sign the CLA to be honest :/ I've pointed out the line of code which needs updating and it should be a one-line change, nay, a one-character change.

[gopherbot]

Change https://golang.org/cl/199918 mentions this issue: go/build: add ~ and ^ to safe character whitelist

[mvdan]

Please note that these changes often aren't a trivial one-line fix. At minimum, it should include a small regression test. And the author should ensure that no other features or tests break because of the change.

[ddevault]

Please note that these changes often aren't a trivial one-line fix. At minimum, it should include a small regression test. And the author should ensure that no other features or tests break because of the change.

Yeah, I know. The point I was getting at is that this is about as simple of a change as Golang can get. Thanks a lot for putting up the patch, I appreciate it!

[ddevault]

Thank you!

[ThreeFx]

FWIW: This does not affect only sourcehut repositories, it also comes up when packaging Go libraries and programs which use cgo in Debian, since in some cases the version will include tilde characters (e.g. 0.0~git20190526.b7d861d-1), which will in turn mess with git-buildpackage.

[zhangyoufu]

This also affects 8.3 short path on Windows. Glad to see it was fixed.

--- FAIL: TestScript (0.01s)
    --- FAIL: TestScript/mod_case_cgo (0.31s)
        script_test.go:183:
            > [!cgo] skip
            > env GO111MODULE=on
            > go get rsc.io/CGO
            [stderr]
            go: finding rsc.io/CGO v1.0.0
            go: downloading rsc.io/CGO v1.0.0
            go: extracting rsc.io/CGO v1.0.0
            package rsc.io/CGO: $WORK\gopath\pkg\mod\rsc.io\!c!g!o@v1.0.0\cgo.go: malformed #cgo argument: -IC:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/cmd-go-test-056881027/script-mod_case_cgo/gopath/pkg/mod/rsc.io/!c!g!o@v1.0.0
            [exit status 1]
            FAIL: testdata\script\mod_case_cgo.txt:5: unexpected command failure