docker/bsc1100727-0001-build-add-buildmode-pie.patch

31 lines
1.0 KiB
Diff

From 6cba061d6d42e2e40267dbf8628480ec0c5d376a Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Mon, 30 Jul 2018 19:34:01 +1000
Subject: [PATCH] build: add -buildmode=pie
Make all dynbinary builds be position-independent (this adds both
security benefits and can help with flaky builds on POWER
architectures).
SUSE-Bugs: bsc#1100727
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
components/cli/scripts/build/dynbinary | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/components/cli/scripts/build/dynbinary b/components/cli/scripts/build/dynbinary
index 3c32ed342ef7..4feb7e71d852 100755
--- a/components/cli/scripts/build/dynbinary
+++ b/components/cli/scripts/build/dynbinary
@@ -9,6 +9,6 @@ source ./scripts/build/.variables
echo "Building dynamically linked $TARGET"
export CGO_ENABLED=1
-go build -o "${TARGET}" -tags pkcs11 --ldflags "${LDFLAGS}" "${SOURCE}"
+go build -o "${TARGET}" -tags pkcs11 --ldflags "${LDFLAGS}" -buildmode=pie "${SOURCE}"
ln -sf "$(basename "${TARGET}")" build/docker
--
2.18.0