[pkg-golang-devel] Bug#823014: Bug#823014: Bug#823014: Bug#823014: golang: Package compiled stdlib for PIE build mode
Paride Legovini
pl at ninthfloor.org
Thu Apr 5 22:32:40 UTC 2018
Is manually specifying ‘-buildmode=pie’ in d/rules still the right and
only way to build PIE hardened binaries?
More specifically, what I'm doing is:
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
GO_LINK_FLAGS += -extldflags "$(LDFLAGS)"
GO_FLAGS += --ldflags '$(GO_LINK_FLAGS)'
And then:
dh_auto_build -O--buildsystem=golang -- -buildmode=pie $(GO_FLAGS)
(Actual d/rules file: http://deb.li/igtuN).
This builds fine on my amd64 system, but I'm not sure about other
architectures, and the package hasn't been uploaded yet.
Thank you,
Paride
More information about the pkg-golang-devel
mailing list