From 66945defb9352ef4569f11710b4c4d663e3d9712 Mon Sep 17 00:00:00 2001 From: Nick Thomas Date: Fri, 16 Aug 2019 17:29:19 +0100 Subject: Explicitly use -buildmode=exe in the Makefile Pages has a built-in chroot mechanism which relies on the Pages binary being a proper statically-compiled binary with no need for a linker to run. For most go packages, this is the default when `CGO_ENABLED=0` is chosen. However, Arch Linux has a `go-pie` distribution of Go that changes the default build mode so they produce position-independent executables by default. These are still statically compiled, but operate by compiling the Go application code into a relocatable library, and statically compiling that library with a stub executable that jumps into the relocated code. On Linux, this produces a "type DYN" ELF instead of a "type EXEC" ELF, and requires a linker to be invoked. This is incompatible with the chroot mode, and - since Go is a managed language, and since we disable cgo in Pages - doesn't increase security as far as I can tell. Fixing Pages to work with `-buildmode=pie` seems too difficult as long as we include chroot support, so explicitly specify `-buildmode=exe` to produce a working binary when compiling under go-pie instead. --- Makefile.build.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Makefile.build.mk') diff --git a/Makefile.build.mk b/Makefile.build.mk index f04e343c..b58e2139 100644 --- a/Makefile.build.mk +++ b/Makefile.build.mk @@ -9,7 +9,7 @@ setup: clean .GOPATH/.ok go get github.com/fzipp/gocyclo build: .GOPATH/.ok - $Q go install $(if $V,-v) $(VERSION_FLAGS) $(IMPORT_PATH) + $Q go install $(if $V,-v) $(VERSION_FLAGS) -buildmode exe $(IMPORT_PATH) clean: $Q rm -rf bin .GOPATH gitlab-pages -- cgit v1.2.3