Hello,
when trying to complie something using the community/go package I'm
always getting this warning:
# foo
loadinternal: cannot find runtime/cgo
go package in community uses buildmode pie by default due to this patch:
https://gitlab.alpinelinux.org/alpine/aports/blob/master/community/go/default-buildmode-pie.patch
When looking into why I traced it down to
https://gitlab.alpinelinux.org/alpine/aports/commit/9515100a5f4a9ad7b6b1d44a5fb9a7b1a6083aa7
which sadly has no explanation *why* this was commited. Due to this
patch there is warning while compiling any go source without any flags.
Example project:
/tmp/repro # tree .
.
├── go.mod
└── test.go
0 directories, 2 files
/tmp/repro # cat go.mod
module foo
go 1.12
/tmp/repro # cat test.go
package main
func main() {
}
when one starts clean alpine container and tries to compile it
+ $ docker run --rm --init -it --mount type=bind,src=/tmp/repro,dst=/tmp/repro alpine
Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
89d9c30c1d48: Pull complete
Digest: sha256:c19173c5ada610a5989151111163d28a67368362762534d8a8121ce95cf2bd5a
Status: Downloaded newer image for alpine:latest
/ # apk update
fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/community/x86_64/APKINDEX.tar.gz
v3.10.3-66-g967440f6a7 [http://dl-cdn.alpinelinux.org/alpine/v3.10/main]
v3.10.3-64-g77cd149615 [http://dl-cdn.alpinelinux.org/alpine/v3.10/community]
OK: 10341 distinct packages available
/ # apk add go musl-dev
(1/12) Installing binutils (2.32-r0)
(2/12) Installing gmp (6.1.2-r1)
(3/12) Installing isl (0.18-r0)
(4/12) Installing libgomp (8.3.0-r0)
(5/12) Installing libatomic (8.3.0-r0)
(6/12) Installing libgcc (8.3.0-r0)
(7/12) Installing mpfr3 (3.1.5-r1)
(8/12) Installing mpc1 (1.1.0-r0)
(9/12) Installing libstdc++ (8.3.0-r0)
(10/12) Installing gcc (8.3.0-r0)
(11/12) Installing go (1.12.12-r0)
(12/12) Installing musl-dev (1.1.22-r3)
Executing busybox-1.30.1-r2.trigger
OK: 391 MiB in 26 packages
/ # cd /tmp/repro
/tmp/repro # go build ./...
# foo
loadinternal: cannot find runtime/cgo
Those last two lines are the issue.
I guess my question is how to proceed. Should I just post patch dropping
the default pie to aports mailing list? Or is this something that you
want to keep? If so, how to proceed about the warning?
Thanks for your time,
W.
--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.
This warning is harmless https://github.com/golang/go/issues/31544.
Will probably be fixed with linker updates in go1.15.
If you don't want to build pie binary use -buildmode=exe.
On Sat, Nov 30, 2019 at 1:13 AM Wolf <wolf@wolfsden.cz> wrote:
>> Hello,> when trying to complie something using the community/go package I'm> always getting this warning:>> # foo> loadinternal: cannot find runtime/cgo>> go package in community uses buildmode pie by default due to this patch:>> https://gitlab.alpinelinux.org/alpine/aports/blob/master/community/go/default-buildmode-pie.patch>> When looking into why I traced it down to>> https://gitlab.alpinelinux.org/alpine/aports/commit/9515100a5f4a9ad7b6b1d44a5fb9a7b1a6083aa7>> which sadly has no explanation *why* this was commited. Due to this> patch there is warning while compiling any go source without any flags.> Example project:>> /tmp/repro # tree .> .> ├── go.mod> └── test.go>> 0 directories, 2 files> /tmp/repro # cat go.mod> module foo>> go 1.12> /tmp/repro # cat test.go> package main>> func main() {> }>> when one starts clean alpine container and tries to compile it>> + $ docker run --rm --init -it --mount type=bind,src=/tmp/repro,dst=/tmp/repro alpine> Unable to find image 'alpine:latest' locally> latest: Pulling from library/alpine> 89d9c30c1d48: Pull complete> Digest: sha256:c19173c5ada610a5989151111163d28a67368362762534d8a8121ce95cf2bd5a> Status: Downloaded newer image for alpine:latest> / # apk update> fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/main/x86_64/APKINDEX.tar.gz> fetch http://dl-cdn.alpinelinux.org/alpine/v3.10/community/x86_64/APKINDEX.tar.gz> v3.10.3-66-g967440f6a7 [http://dl-cdn.alpinelinux.org/alpine/v3.10/main]> v3.10.3-64-g77cd149615 [http://dl-cdn.alpinelinux.org/alpine/v3.10/community]> OK: 10341 distinct packages available> / # apk add go musl-dev> (1/12) Installing binutils (2.32-r0)> (2/12) Installing gmp (6.1.2-r1)> (3/12) Installing isl (0.18-r0)> (4/12) Installing libgomp (8.3.0-r0)> (5/12) Installing libatomic (8.3.0-r0)> (6/12) Installing libgcc (8.3.0-r0)> (7/12) Installing mpfr3 (3.1.5-r1)> (8/12) Installing mpc1 (1.1.0-r0)> (9/12) Installing libstdc++ (8.3.0-r0)> (10/12) Installing gcc (8.3.0-r0)> (11/12) Installing go (1.12.12-r0)> (12/12) Installing musl-dev (1.1.22-r3)> Executing busybox-1.30.1-r2.trigger> OK: 391 MiB in 26 packages> / # cd /tmp/repro> /tmp/repro # go build ./...> # foo> loadinternal: cannot find runtime/cgo>> Those last two lines are the issue.>> I guess my question is how to proceed. Should I just post patch dropping> the default pie to aports mailing list? Or is this something that you> want to keep? If so, how to proceed about the warning?>> Thanks for your time,> W.>> --> There are only two hard things in Computer Science:> cache invalidation, naming things and off-by-one errors.
Hello,
Timo Teras <timo.teras@iki.fi> wrote:
> Alpine standard is to ship PIE if possible because full ASLR does not> work without it.
While this is true and I definitely agree that this a good idea I would
like to point out that compiling all go packages as PIEs is possible
without the default-buildmode-pie.patch.
My solution to this issue is setting GOFLAGS to -buildmode=pie on the
builders using /etc/abuild.conf. This is also how we pass -Os for C/C++
software currently. Contrary to CFLAGS, GOFLAGS is actually picked up by
the go compiler itself (see `go help environment`).
This has the advantage that it fixes the warning mentioned by Wolf and
more importantly it would allows us to make more parts of the go
compiler testsuite pass in the future.
See: https://gitlab.alpinelinux.org/alpine/aports/merge_requests/4138
Timo, do you have any thoughts on this change?
Cheers,
Sören
On Sun, 16 Feb 2020 12:30:50 +0100
Sören Tempel <soeren@soeren-tempel.net> wrote:
> Timo Teras <timo.teras@iki.fi> wrote:> > Alpine standard is to ship PIE if possible because full ASLR does> > not work without it. > > While this is true and I definitely agree that this a good idea I> would like to point out that compiling all go packages as PIEs is> possible without the default-buildmode-pie.patch.> > My solution to this issue is setting GOFLAGS to -buildmode=pie on the> builders using /etc/abuild.conf. This is also how we pass -Os for> C/C++ software currently. Contrary to CFLAGS, GOFLAGS is actually> picked up by the go compiler itself (see `go help environment`).> > This has the advantage that it fixes the warning mentioned by Wolf and> more importantly it would allows us to make more parts of the go> compiler testsuite pass in the future.> > See: https://gitlab.alpinelinux.org/alpine/aports/merge_requests/4138> > Timo, do you have any thoughts on this change?
Sound OK idea. Prefer to set GOFLAGS also in function.sh as abuild.conf
might not get updated if it's modified. Should probably ship defaults
for all flags there. Commented in the MR also.
Timo