On 27 April 2016 at 04:53, Peter Colberg <pe...@colberg.org> wrote: > Hi Michael, > > On Tue, Apr 26, 2016 at 10:29:51PM +1200, Michael Hudson-Doyle wrote: >> override_dh_auto_build: >> - dh_auto_build -O--buildsystem=golang -- -ldflags "$(GO_LDFLAGS)" >> + dh_auto_build -O--buildsystem=golang -- -buildmode=pie >> -pkgdir=$$(mktemp -d -p $(CURDIR)) -ldflags "$(GO_LDFLAGS)" > > I am wondering if dh-golang could set -pkgdir by default.
That's a reasonable thing to wonder :-) > Does it have to be a random path? No. > dh-golang could set a fixed path that is cleaned up with dh_auto_clean. Yes, having it be cleaned up is obviously a requirement for a real use... Probably just using a directory inside the builddir would make most sense. >> (we could probably make dh-golang do something like this by default...) > > Ideally dh-golang would support dpkg hardening flags such as > > export DEB_BUILD_MAINT_OPTIONS = hardening=+all > > export DEB_BUILD_MAINT_OPTIONS = hardening=+pie Yeah, that seems reasonable. I think only pie, bindnow and relro make sense for Go. > Another issue is that when using -buildmode=pie as above, the standard > library is rebuilt, which increases compile time if enabled for every > package. If you use -pkgdir, the standard library is rebuilt whatever you do. But yeah, that's not ideal. We could (presumably) symlink-mirror $GOROOT/pkg into the gopkg directory before building to alleviate this. > golang-go should provide the -buildmode=pie variant of the > standard and runtime libraries out of the box. Yes, probably. The performance and binary size hit of PIE on i386 in particular is likely to be large. Do you care at all about that? Cheers, mwh
