From 31c59fc8f20cffe6fc51da87fe59fcbc446548a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?= Date: Sat, 12 Sep 2020 07:07:13 +0700 Subject: [PATCH 01/19] build-style: go: default to pie, trimpath --- common/build-style/go.sh | 29 ++++++++++++++++++++-------- common/environment/build-style/go.sh | 1 - 2 files changed, 21 insertions(+), 9 deletions(-) diff --git a/common/build-style/go.sh b/common/build-style/go.sh index 33a5dcf3ee8240..64ac4e57f9cc25 100644 --- a/common/build-style/go.sh +++ b/common/build-style/go.sh @@ -5,7 +5,7 @@ do_configure() { # $go_import_path must be set, or we can't link $PWD into $GOSRCPATH # nor build from modules - if [ -z "$go_import_path" ]; then + if [ -z "${go_import_path}" ]; then msg_error "\"\$go_import_path\" not set on $pkgname template.\n" fi @@ -23,13 +23,26 @@ do_configure() { do_build() { # remove -s and -w from go_ldflags, we should let xbps-src strip binaries itself - for wd in $go_ldflags; do - if [ "$wd" == "-s" ] || [ "$wd" == "-w" ]; then - msg_error "$pkgname: remove -s and -w from go_ldflags\n" + for wd in ${go_ldflags}; do + if [ "${wd}" == "-s" ] || [ "$wd" == "-w" ]; then + msg_error "${pkgname}: remove -s and -w from go_ldflags\n" fi done : ${go_package:=$go_import_path} + local buildmode + if [ -z "${nopie}" ]; then + buildmode=-buildmode=pie + + # The linker checks the host sysroot, breaking static PIE musl cross builds + if [ -n "${CROSS_BUILD}" ] && [ "${XBPS_TARGET_LIBC}" = "musl" ]; then + case "${XBPS_TARGET_MACHINE}" in + aarch64*) + go_ldflags+=" -I /lib/ld-musl-aarch64.so.1" + ;; + esac + fi + fi # Build using Go modules if there's a go.mod file if [ "${go_mod_mode}" != "off" ] && [ -f go.mod ]; then @@ -38,7 +51,7 @@ do_build() { fi # Check if go_import_path matches module - if [ "module $go_import_path" != "$(grep '^module' go.mod | head -n1)" ]; then + if [ "module ${go_import_path}" != "$(grep '^module' go.mod | head -n1)" ]; then msg_error "\"\$go_import_path\" doesn't match the one defined in go.mod!\n" fi @@ -50,20 +63,20 @@ do_build() { # default behavior. go_mod_mode= fi - go install -p "$XBPS_MAKEJOBS" -mod="${go_mod_mode}" -modcacherw -v -tags "${go_build_tags}" -ldflags "${go_ldflags}" ${go_package} + go install -p "${XBPS_MAKEJOBS}" -mod="${go_mod_mode}" ${buildmode} -trimpath -modcacherw -v -tags "${go_build_tags}" -ldflags "${go_ldflags}" ${go_package} if [[ -n "${_go_mod_path}" ]]; then popd fi else # Otherwise, build using GOPATH - go install -p "$XBPS_MAKEJOBS" -v -tags "${go_build_tags}" -ldflags "${go_ldflags}" ${go_package} + go install -p "${XBPS_MAKEJOBS}" ${buildmode} -trimpath -v -tags "${go_build_tags}" -ldflags "${go_ldflags}" ${go_package} fi } do_check() { : ${make_check_target:=./...} - ${make_check_pre} go test -p "$XBPS_MAKEJOBS" -tags "${go_build_tags}" -ldflags "${go_ldflags}" ${make_check_args} ${make_check_target} + ${make_check_pre} go test -p "${XBPS_MAKEJOBS}" -tags "${go_build_tags}" -ldflags "${go_ldflags}" ${make_check_args} ${make_check_target} } do_install() { diff --git a/common/environment/build-style/go.sh b/common/environment/build-style/go.sh index 223bba83ff11b4..92a049411e0fbe 100644 --- a/common/environment/build-style/go.sh +++ b/common/environment/build-style/go.sh @@ -4,7 +4,6 @@ if [ -z "$hostmakedepends" -o "${hostmakedepends##*gcc-go-tools*}" ]; then archs="aarch64* armv[567]* i686* x86_64* ppc64le* riscv64*" fi hostmakedepends+=" go" - nopie=yes else # gccgo compiler if [ -z "$archs" ]; then From 32be6d38027d1d89ccf0482408cc06a887358043 Mon Sep 17 00:00:00 2001 From: dkwo Date: Tue, 28 Nov 2023 16:01:32 -0500 Subject: [PATCH 02/19] cni-plugins: set nopie --- srcpkgs/cni-plugins/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/cni-plugins/template b/srcpkgs/cni-plugins/template index 1227dacf55aa0d..7733c0c2407952 100644 --- a/srcpkgs/cni-plugins/template +++ b/srcpkgs/cni-plugins/template @@ -11,6 +11,7 @@ homepage="https://github.com/containernetworking/plugins" changelog="https://github.com/containernetworking/plugins/releases" distfiles="https://github.com/containernetworking/plugins/archive/refs/tags/v${version}.tar.gz" checksum=95b639f8ccbb714da98e331ef8813f790d447fce5417f2f8a575f3c62bfb1474 +nopie=unverified do_build() { ./build_linux.sh \ From c076feec66e060bac66070c19059c864f4995b0c Mon Sep 17 00:00:00 2001 From: dkwo Date: Tue, 28 Nov 2023 16:02:54 -0500 Subject: [PATCH 03/19] coyim: set nopie --- srcpkgs/coyim/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/coyim/template b/srcpkgs/coyim/template index 03d6d4f05cc905..6053f2a60082e4 100644 --- a/srcpkgs/coyim/template +++ b/srcpkgs/coyim/template @@ -12,6 +12,7 @@ license="GPL-3.0-only" homepage="https://coy.im" distfiles="https://github.com/coyim/coyim/archive/v${version}.tar.gz" checksum=f2bf1e73562fbcc3a0b264a30f92dfe427dffe2046e9f44459087ecac5890098 +nopie=unverified case "$XBPS_TARGET_MACHINE" in x86_64*) ;; From 3956448d58f1241af857f2ad6732a30d451dcd49 Mon Sep 17 00:00:00 2001 From: dkwo Date: Tue, 28 Nov 2023 16:03:42 -0500 Subject: [PATCH 04/19] kubernetes: set nopie --- srcpkgs/kubernetes/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/kubernetes/template b/srcpkgs/kubernetes/template index c6181fb375110b..075f9c9d63e686 100644 --- a/srcpkgs/kubernetes/template +++ b/srcpkgs/kubernetes/template @@ -17,6 +17,7 @@ nocross=yes system_accounts="kube" make_dirs="/var/lib/kubelet 0755 kube kube" conf_files="/etc/kubernetes/*" +nopie=unverified do_build() { make From 9dd58d5f5db5e4880feccd361106421a08af8ea1 Mon Sep 17 00:00:00 2001 From: dkwo Date: Tue, 28 Nov 2023 16:04:26 -0500 Subject: [PATCH 05/19] moby: set nopie --- srcpkgs/moby/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/moby/template b/srcpkgs/moby/template index 0fa44d4540b83f..d19025d65cb451 100644 --- a/srcpkgs/moby/template +++ b/srcpkgs/moby/template @@ -17,6 +17,7 @@ distfiles="https://github.com/moby/moby/archive/docker-v${version}.tar.gz" checksum=ac591291294da599e824f91d6a21a43bf93503b8ab608faa198899b3f973d7c5 system_groups="docker" make_check=no # no other tests are available +nopie=unverified do_build() { export AUTO_GOPATH=1 From ae57929ce767ad23f2db2f698f2bc27160f24960 Mon Sep 17 00:00:00 2001 From: dkwo Date: Tue, 28 Nov 2023 16:05:07 -0500 Subject: [PATCH 06/19] nncp: set nopie --- srcpkgs/nncp/template | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/srcpkgs/nncp/template b/srcpkgs/nncp/template index 788d9c4a0d4bb2..ea537719a7d74d 100644 --- a/srcpkgs/nncp/template +++ b/srcpkgs/nncp/template @@ -10,7 +10,8 @@ license="GPL-3.0-only" homepage="http://www.nncpgo.org/" distfiles="http://www.nncpgo.org/download/${pkgname}-${version}.tar.xz" checksum=8ce3680e98005198d8975e031760b3a9b33be6d2d61844c799f778ca233d05f4 -make_check=no +make_check=no # cannot find packages +nopie=unverified do_build() { ./build From 6a4d27c5b8660b81a52d823b28bcdc0480d4fe5d Mon Sep 17 00:00:00 2001 From: dkwo Date: Sun, 7 Jan 2024 20:59:34 +0100 Subject: [PATCH 07/19] grafana: set nopie --- srcpkgs/grafana/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/grafana/template b/srcpkgs/grafana/template index f44ea57bbe2e75..a556d733ffe948 100644 --- a/srcpkgs/grafana/template +++ b/srcpkgs/grafana/template @@ -29,6 +29,7 @@ make_dirs="/var/log/grafana 0755 _grafana _grafana conf_files="/etc/grafana/grafana.ini" go_ldflags="-X main.version=${version}" +nopie=unverified post_extract() { # remove prebuilt binaries From fdbdcc70165fe40f8cbdd3fa1a3bde9ff6c7274a Mon Sep 17 00:00:00 2001 From: dkwo Date: Sat, 14 Feb 2026 17:01:37 -0500 Subject: [PATCH 08/19] gofumpt: set nopie --- srcpkgs/gofumpt/template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/srcpkgs/gofumpt/template b/srcpkgs/gofumpt/template index 12dce0ec5bde73..e2f96727350f26 100644 --- a/srcpkgs/gofumpt/template +++ b/srcpkgs/gofumpt/template @@ -10,7 +10,7 @@ license="BSD-3-Clause" homepage="https://github.com/mvdan/gofumpt" distfiles="https://github.com/mvdan/gofumpt/archive/refs/tags/v${version}.tar.gz" checksum=acff9518cf4ad3550ca910b9254fc8a706494d6a105fe2e92948fedc52a42a5b - +nopie=unverified export CGO_ENABLED=0 post_install() { From 5bee39b3e083178bdf4b2ca0216f51be7055938b Mon Sep 17 00:00:00 2001 From: dkwo Date: Sat, 14 Feb 2026 17:02:54 -0500 Subject: [PATCH 09/19] rclone: set nopie --- srcpkgs/rclone/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/rclone/template b/srcpkgs/rclone/template index 29b503aea652c7..236405ccd529ab 100644 --- a/srcpkgs/rclone/template +++ b/srcpkgs/rclone/template @@ -17,6 +17,7 @@ changelog="https://raw.githubusercontent.com/rclone/rclone/master/docs/content/c distfiles="https://downloads.rclone.org/v${version}/rclone-v${version}.tar.gz" checksum=1f92b371acf7a41359154296939345f44509e492f8a5adf115da6ee6bf00d905 make_check_pre="env RCLONE_CONFIG=/notfound CI=1" +nopie=unverified pre_build() { if [ "$CROSS_BUILD" ] && [ "$XBPS_TARGET_LIBC" = musl ]; then From ed27f0abab0d56ea3b5ff47bb0552ff1db5da5de Mon Sep 17 00:00:00 2001 From: dkwo Date: Fri, 6 Mar 2026 11:11:58 +0800 Subject: [PATCH 10/19] walker: set nopie --- srcpkgs/walker/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/walker/template b/srcpkgs/walker/template index 87abb2a1394832..bc99c4473c89e2 100644 --- a/srcpkgs/walker/template +++ b/srcpkgs/walker/template @@ -17,6 +17,7 @@ changelog="https://github.com/abenz1267/walker/releases" distfiles="https://github.com/abenz1267/walker/archive/v${version}.tar.gz" checksum=ad8f3570b67bf27ecb42e647f65715ffda2212db58870e6b23ea206d209859d8 make_check=no # no tests and slog warnings make it fail +nopie=unverified do_build() { # build_style=go uses "go install" which has no -o flag and the From e76fa5c923413c75a4733c1a9d9c3389ff21a77a Mon Sep 17 00:00:00 2001 From: dkwo Date: Fri, 6 Mar 2026 11:12:27 +0800 Subject: [PATCH 11/19] cri-tools: set nopie --- srcpkgs/cri-tools/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/cri-tools/template b/srcpkgs/cri-tools/template index a02954e9966ad2..0a67136a844e96 100644 --- a/srcpkgs/cri-tools/template +++ b/srcpkgs/cri-tools/template @@ -11,6 +11,7 @@ license="Apache-2.0" homepage="https://github.com/kubernetes-sigs/cri-tools" distfiles="https://github.com/kubernetes-sigs/cri-tools/archive/v${version}.tar.gz" checksum=2d48319be933df77c660fbfe7efef8c3d61bbde6787e2f33725bcc519858b287 +nopie=unverified do_build() { make ${makejobs} From 2457b9087a8f6693477b8a38e74d6c9cae41b441 Mon Sep 17 00:00:00 2001 From: dkwo Date: Fri, 6 Mar 2026 11:13:01 +0800 Subject: [PATCH 12/19] eduvpn-common: set nopie --- srcpkgs/eduvpn-common/template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/srcpkgs/eduvpn-common/template b/srcpkgs/eduvpn-common/template index c8479ad597c085..8bcb5e2fa848ed 100644 --- a/srcpkgs/eduvpn-common/template +++ b/srcpkgs/eduvpn-common/template @@ -11,7 +11,7 @@ license="MIT" homepage="https://www.eduvpn.org/" distfiles="https://codeberg.org/eduVPN/eduvpn-common/releases/download/${version}/eduvpn-common-${version}.tar.xz" checksum=a4cc5c1e25fa0ade90a54d77267a04caab7b6dde7c7663b1a27708a7a3c3be0a - +nopie=unverified subpackages="eduvpn-cli" if [ "$XBPS_TARGET_LIBC" = "glibc" ]; then From 823ff3cf347b21fa603fadb28eb9de391218f8e3 Mon Sep 17 00:00:00 2001 From: dkwo Date: Fri, 6 Mar 2026 11:13:27 +0800 Subject: [PATCH 13/19] podman: set nopie --- srcpkgs/podman/template | 1 + 1 file changed, 1 insertion(+) diff --git a/srcpkgs/podman/template b/srcpkgs/podman/template index bf08cce099ad53..785ef0ec9c8e5d 100644 --- a/srcpkgs/podman/template +++ b/srcpkgs/podman/template @@ -22,6 +22,7 @@ distfiles="https://github.com/containers/podman/archive/v${version}.tar.gz https://github.com/containers/container-libs/archive/refs/tags/common/v${_container_libs_common}.tar.gz" checksum="c04c12f90d1bf410ccc4d27a30cff188d6a9361bddb5fceb19659ae08257cc6f d008a3cc50d6f68fe84f139081c811384223665c273a520bee174f5b9f2f48af" +nopie=unverified case $XBPS_TARGET_MACHINE in aarch64* | x86_64*) ;; From 7f0dd84fb4191e5f4c9e744c6b2402cacfb0cc65 Mon Sep 17 00:00:00 2001 From: dkwo Date: Fri, 6 Mar 2026 11:15:25 +0800 Subject: [PATCH 14/19] booster: drop pie, it is default --- srcpkgs/booster/template | 1 - 1 file changed, 1 deletion(-) diff --git a/srcpkgs/booster/template b/srcpkgs/booster/template index cad01484f04d5a..0c5e0c577a5ce4 100644 --- a/srcpkgs/booster/template +++ b/srcpkgs/booster/template @@ -18,7 +18,6 @@ alternatives=" initramfs:/etc/kernel.d/post-install/20-initramfs:/usr/libexec/booster/kernel-hook-postinst initramfs:/etc/kernel.d/post-remove/20-initramfs:/usr/libexec/booster/kernel-hook-postrm " -export GOFLAGS="-buildmode=pie" post_build() { ( cd init && CGO_ENABLED=0 go install -p "${XBPS_MAKEJOBS}" -mod=readonly -v -buildmode=default ) From 020d8b23233b74ad54412f5b842ec781030052db Mon Sep 17 00:00:00 2001 From: dkwo Date: Fri, 6 Mar 2026 11:16:28 +0800 Subject: [PATCH 15/19] containerd: drop pie, it is default --- srcpkgs/containerd/template | 1 - 1 file changed, 1 deletion(-) diff --git a/srcpkgs/containerd/template b/srcpkgs/containerd/template index d4500021e4a4fc..3b3d0aafa1d6f2 100644 --- a/srcpkgs/containerd/template +++ b/srcpkgs/containerd/template @@ -26,7 +26,6 @@ make_dirs="/var/lib/containerd 0755 root root" # Cross builds fail with -fuse-ld=gold LDFLAGS="-fuse-ld=bfd" -export GOFLAGS="-buildmode=pie" post_build() { # Build the man pages From 60b2de319e42418216ae9d40af806cb4359a760b Mon Sep 17 00:00:00 2001 From: dkwo Date: Fri, 6 Mar 2026 11:17:18 +0800 Subject: [PATCH 16/19] gopass: drop pie, it is default --- srcpkgs/gopass/template | 2 -- 1 file changed, 2 deletions(-) diff --git a/srcpkgs/gopass/template b/srcpkgs/gopass/template index ad40740556dcf3..7e0bd17240b1ce 100644 --- a/srcpkgs/gopass/template +++ b/srcpkgs/gopass/template @@ -17,8 +17,6 @@ distfiles="https://github.com/gopasspw/gopass/archive/refs/tags/v${version}.tar. checksum=33451a782b66266c59560a5ec7f4e34c104c501a36b445fc574fad71e3b3d884 make_check_pre="env GOPASS_BINARY=${GOPATH}/bin/gopass" -export GOFLAGS="-buildmode=pie" - post_install() { vlicense LICENSE vman gopass.1 From e2816ab6f5efb0eda10968159f2394caf4632c5b Mon Sep 17 00:00:00 2001 From: dkwo Date: Fri, 6 Mar 2026 11:18:02 +0800 Subject: [PATCH 17/19] incus: drop pie, it is default --- srcpkgs/incus/template | 1 - 1 file changed, 1 deletion(-) diff --git a/srcpkgs/incus/template b/srcpkgs/incus/template index bca6658811b50a..8de51b6b66e89d 100644 --- a/srcpkgs/incus/template +++ b/srcpkgs/incus/template @@ -25,7 +25,6 @@ make_dirs=" /var/log/incus 0755 root root" export CGO_LDFLAGS_ALLOW="(-Wl,-wrap,pthread_create)|(-Wl,-z,now)" -export GOFLAGS="-buildmode=pie" post_build() { CGO_ENABLED=0 go install -p "${XBPS_MAKEJOBS}" -v -tags netgo -buildmode=default "${go_import_path}/cmd/incus-migrate" From 2c833bc48f4ce0e8e91c4daaeb73bbc311412c62 Mon Sep 17 00:00:00 2001 From: dkwo Date: Fri, 6 Mar 2026 11:18:22 +0800 Subject: [PATCH 18/19] sbctl: drop pie, it is default --- srcpkgs/sbctl/template | 1 - 1 file changed, 1 deletion(-) diff --git a/srcpkgs/sbctl/template b/srcpkgs/sbctl/template index ee66ad1db41b14..5b6a38fbbdf0da 100644 --- a/srcpkgs/sbctl/template +++ b/srcpkgs/sbctl/template @@ -17,7 +17,6 @@ homepage="https://github.com/Foxboron/sbctl" distfiles="https://github.com/Foxboron/sbctl/archive/${version}.tar.gz" checksum=7aa2af7b50d42abe39eb4875069ae5cd3fb8406d067d7a58b029c8270bacd14d make_dirs="/var/lib/sbctl 0700 root root" -export GOFLAGS="-buildmode=pie" post_install() { make man From b88c1c092bfd5e9802bb2b0143ec443339469ee1 Mon Sep 17 00:00:00 2001 From: dkwo Date: Fri, 6 Mar 2026 11:27:05 +0800 Subject: [PATCH 19/19] docker-machine: fix SHA256 mismatch --- srcpkgs/docker-machine/template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/srcpkgs/docker-machine/template b/srcpkgs/docker-machine/template index bb86a7854ee4f5..1566da5e6d25bd 100644 --- a/srcpkgs/docker-machine/template +++ b/srcpkgs/docker-machine/template @@ -10,4 +10,4 @@ maintainer="Sergi Alvarez " license="Apache-2.0" homepage="https://github.com/docker/machine/" distfiles="https://github.com/docker/machine/archive/v${version}.tar.gz" -checksum=af8bff768cd1746c787e2f118a3a8af45ed11679404b6e45d5199e343e550059 +checksum=f333d6dc8976d2c5b0c5e62fb46bce50423e72e3c9210aa77dd6363683db24bf