With Foxboron's help I've disabled LTO and the package now reproduces (thanks!)
I also wrote a simple wrapper that:
- passes our buildflags to CGO
- sets all arguments necessary for reproducible builds
- without giving up hardening or debug symbols
- fails the build if an option was detected that would cause issues (LTO)
Before:
```
makedepends=('go')
build() {
cd "${pkgname}-${pkgver}"
export CGO_CPPFLAGS="${CPPFLAGS}"
export CGO_CFLAGS="${CFLAGS}"
export CGO_CXXFLAGS="${CXXFLAGS}"
export CGO_LDFLAGS="${LDFLAGS}"
export CGO_REQUIRED="1"
go build \
-o build/ \
-trimpath \
-buildmode=pie \
-mod=readonly \
-modcacherw
-ldflags "-compressdwarf=false -linkmode=external -X main.version=${pkgver}"
\
./...
}
```
After:
```
makedepends=('repro-go')
build() {
cd "${pkgname}-${pkgver}"
repro-go build \
-o build/ \
-modcacherw \
-X main.version="${pkgver}" \
./...
}
```
The shortest possible invocation (if the project setup allows), yet with all
binary hardening, reproducible builds options and debug symbols enabled:
```
build() {
cd "${pkgname}-${pkgver}"
repro-go build
}
```
It's implemented in ~120 lines of code and then 2x that amount in unit-tests.
The -X option is not part of -ldflags for technical reasons, the tool already
needs to set linker flags, and having to share this with an application
configuration interface is very clunky.
I also obviously consider this a stop-gap solution, not something that should
exist in the long run. In the meantime it may be useful for one packager or
another who struggles to get the flags right (even if just as a resource what to
set). I'm still interested in setting these by default through e.g.
/etc/pacman/makepkg.conf.d/go.conf.
cheers,
kpcyrd
