Received: from magnesium.8pit.net (magnesium.8pit.net [45.76.88.171])
	by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id 7CBED780FB6
	for <~alpine/devel@lists.alpinelinux.org>; Sun, 16 Feb 2020 11:30:55 +0000 (UTC)
Received: from magnesium.8pit.net (localhost [127.0.0.1])
	by magnesium.8pit.net (OpenSMTPD) with ESMTP id f6870f8e;
	Sun, 16 Feb 2020 12:30:54 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=soeren-tempel.net; h=date
	:to:cc:subject:from:references:in-reply-to:message-id
	:mime-version:content-type:content-transfer-encoding; s=
	opensmtpd; bh=Mp2N1adW5tUN96HMKmVni+32miU=; b=uhbqBVQ6ZS07LDvhiB
	3ZfgWrg5xAg/XHTTfsmfzDp7Fj1VFbQ0J4vGUB9SEMJl0aOeysXujqz7D3t2fNdU
	G/po1wmAI7gPiQJN0OodQ79vbNH+tag/sH+28ZkWL+8U+/CeBZNW7kAGbPUotM+r
	L3xGPn6tPD02NC/xIeZwGFS+g=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=soeren-tempel.net; h=date:to
	:cc:subject:from:references:in-reply-to:message-id:mime-version
	:content-type:content-transfer-encoding; q=dns; s=opensmtpd; b=Y
	7S14j8kFlnK8PTSEdA8Umb8mq5dKGDEw8nDNlh1gdSaQyrs7zzhD/WNVOYZlugQz
	jFzks3FVg5covayuG3r3Atq9zIwwB6qpbf5ighsYbhTxX7YsgLYIVh3s63Mn0x6V
	TB3DV8URDgGMCbjXaUbHMhuMgn6N2gkJRXjrD6/lc0=
Received: from localhost (ip4d140a9e.dynamic.kabel-deutschland.de [77.20.10.158])
	by magnesium.8pit.net (OpenSMTPD) with ESMTPSA id 0b48bf6b (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:YES);
	Sun, 16 Feb 2020 12:30:54 +0100 (CET)
Date: Sun, 16 Feb 2020 12:30:50 +0100
To: Timo Teras <timo.teras@iki.fi>
Cc: Wolf <wolf@wolfsden.cz>, ~alpine/devel@lists.alpinelinux.org
Subject: Re: community/go and buildmode pie
From: =?UTF-8?Q?S=C3=B6ren?= Tempel <soeren@soeren-tempel.net>
References: <20191129221308.hy6ybayxu2nsu5dy@wolfsden.cz>
 <20191202121828.5ba2a735@vostro>
In-Reply-To: <20191202121828.5ba2a735@vostro>
Message-Id: <36NQ9KC6PLT7B.30TAJMQSFWPSF@8pit.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.8.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hello,

Timo Teras <timo.teras@iki.fi> wrote:
> Alpine standard is to ship PIE if possible because full ASLR does not
> work without it.

While this is true and I definitely agree that this a good idea I would
like to point out that compiling all go packages as PIEs is possible
without the default-buildmode-pie.patch.

My solution to this issue is setting GOFLAGS to -buildmode=3Dpie on the
builders using /etc/abuild.conf. This is also how we pass -Os for C/C++
software currently. Contrary to CFLAGS, GOFLAGS is actually picked up by
the go compiler itself (see `go help environment`).

This has the advantage that it fixes the warning mentioned by Wolf and
more importantly it would allows us to make more parts of the go
compiler testsuite pass in the future.

See: https://gitlab.alpinelinux.org/alpine/aports/merge_requests/4138

Timo, do you have any thoughts on this change?

Cheers,
S=C3=B6ren