Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 702598

Summary: dev-lang/go should build PIE by default
Product: Gentoo Linux Reporter: Doppler <sevener.gentoo>
Component: Current packagesAssignee: William Hubbs <williamh>
Status: RESOLVED FIXED    
Severity: normal CC: hardened, ionen, jasmin+gentoo, sam
Priority: Normal Keywords: PATCH
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/golang/go/issues/36352
See Also: https://bugs.gentoo.org/show_bug.cgi?id=917577
Whiteboard:
Package list:
Runtime testing required: ---

Description Doppler 2019-12-12 13:16:09 UTC 
While looking through the binaries on my system, I found a small handful of non-PIE binaries, and a majority of them were Go-based. So I looked around and found this patch which appears to enable building binaries with PIE support by default (on all platforms):
https://git.archlinux.org/svntogit/community.git/tree/trunk/default-buildmode-pie.patch?h=packages/go

Would there be any interest in this on Gentoo? I imagine this would be simple to implement as a patch which is applied if a newly introduced "pie" USE flag is set on dev-lang/go

There are a couple of caveats, of course:
1) Go is designed to be memory safe, so unless the unsafe package is used, PIE might not be too important
2) I'm no expert on Go, but there's a non-zero chance that flipping something like this in the toolchain could potentially break *something* down the line in a subtle way
Comment 1 Sergei Trofimovich (RETIRED) gentoo-dev 2020-04-18 16:16:17 UTC 
*** Bug 718054 has been marked as a duplicate of this bug. ***
Comment 2 Larry the Git Cow gentoo-dev 2023-01-20 22:38:38 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f4dade77c0882aab06f35f8db1154d0a52f0ba1b

commit f4dade77c0882aab06f35f8db1154d0a52f0ba1b
Author:     William Hubbs <williamh@gentoo.org>
AuthorDate: 2023-01-20 22:35:09 +0000
Commit:     William Hubbs <williamh@gentoo.org>
CommitDate: 2023-01-20 22:38:25 +0000

    go-module.eclass: add -buildmode=pie
    
    Bug: https://bugs.gentoo.org/702598
    Signed-off-by: William Hubbs <williamh@gentoo.org>

 eclass/go-module.eclass | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
Comment 3 Doppler 2023-01-20 23:06:27 UTC 
Might be useful to add -buildmode= instead of -buildmod=
Comment 4 Larry the Git Cow gentoo-dev 2023-01-20 23:12:51 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=156c19492867660e906b3d4c79bece66fb102b78

commit 156c19492867660e906b3d4c79bece66fb102b78
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2023-01-20 23:09:40 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-01-20 23:09:40 +0000

    go-module.eclass: fix typo in buildmode
    
    Fixes: f4dade77c0882aab06f35f8db1154d0a52f0ba1b
    Bug: https://bugs.gentoo.org/702598
    Signed-off-by: Sam James <sam@gentoo.org>

 eclass/go-module.eclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 5 William Hubbs gentoo-dev 2023-01-21 01:06:36 UTC 
This is fixed.