Build go binaries as PIE
AbandonedPublic
Actions

Authored by freebsd_igalic.co on Sep 1 2021, 3:06 PM.

Tags

None

Referenced Files

	F82226969: D31773.diff
	Fri, Apr 26, 6:02 PM

	Unknown Object (File)
	Dec 31 2023, 1:54 PM

	Unknown Object (File)
	Dec 3 2023, 5:00 AM

	Unknown Object (File)
	Nov 4 2023, 3:14 PM

	Unknown Object (File)
	Oct 22 2023, 11:25 PM

	Unknown Object (File)
	Oct 6 2023, 6:46 AM

	Unknown Object (File)
	Oct 4 2023, 8:06 AM

	Unknown Object (File)
	Sep 26 2023, 8:10 AM

View All 25 Files

Subscribers

emaste

orangewinds_gmail.com

swills

Details

Reviewers: None

Summary

We adapt GO_BUILDFLAGS to change the default build mode for executables from exe to pie.
This allows executables build with the go toolchain now to run on systems with PIE, ASLR or WX enabled.

Or, failing so, at least have the appropriate ELF section embedded which elfctl can use to disable what doesn't work.

See https://github.com/golang/go/issues/48112 for reference.

Diff Detail

Repository

R11 FreeBSD ports repository

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

freebsd_igalic.co requested review of this revision.Sep 1 2021, 3:06 PM

freebsd_igalic.co created this revision.

modify net/syncthing build to build the binaries as pie

emaste added a subscriber: emaste.Sep 1 2021, 3:17 PM

freebsd_igalic.co added a subscriber: swills.Sep 1 2021, 3:19 PM

orangewinds_gmail.com added a subscriber: orangewinds_gmail.com.Sep 8 2022, 4:59 AM

Hello! I do not see GOFLAGS in the Makefile anymore (where -buildmode=pie is inserted here). Does that mean this is already implemented elsewhere, or just that how this would be done on FBSD 13/ports has changed? We are currently building Syncthing with Go 1.18, so I think all parts of this are otherwise ready. Thank you!

Given the fixes the go toolchain has received, this blanket fix should no longer be necessary

Revision Contents
Changeset List

Path

Size

net/

syncthing/

Makefile

9 lines

Diff 94497

View Options

Build go binaries as PIEAbandonedPublicActions