Explicitly use -buildmode=exe in the Makefile (!167) · Merge requests · GitLab.org / gitlab-pages

The source project of this merge request has been removed.

Nick Thomas requested to merge (removed):239-specify-buildmode-exe into master Aug 16, 2019

Pages has a built-in chroot mechanism which relies on the Pages binary being a proper statically-compiled binary with no need for a linker to run.

For most go packages, this is the default when CGO_ENABLED=0 is chosen. However, Arch Linux has a go-pie distribution of Go that changes the default build mode so they produce position-independent executables by default.

These are still statically compiled, but operate by compiling the Go application code into a relocatable library, and statically compiling that library with a stub executable that jumps into the relocated code. On Linux, this produces a "type DYN" ELF instead of a "type EXEC" ELF, and requires a linker to be invoked.

This is incompatible with the chroot mode, and - since Go is a managed language, and since we disable cgo in Pages - doesn't increase security as far as I can tell.

Fixing Pages to work with -buildmode=pie seems too difficult as long as we include chroot support, so explicitly specify -buildmode=exe to produce a working binary when compiling under go-pie instead.

Closes #239 (closed)

Edited Aug 19, 2019 by Nick Thomas

Explicitly use -buildmode=exe in the Makefile

Merge request reports