Bug#823014: marked as done (golang: Package compiled stdlib for PIE build mode)

[Debian Bug Tracking System]

Your message dated Tue, 08 Feb 2022 17:40:56 +0000
with message-id <e1nhuu4-000dhk...@fasolo.debian.org>
and subject line Bug#998747: Removed package(s) from unstable
has caused the Debian Bug report #823014,
regarding golang: Package compiled stdlib for PIE build mode
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
823014: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823014
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: golang
Version: 2:1.6.1-2
Severity: normal
Tags: patch

Dear Maintainer,

Please consider adding the following patch, which builds an optional
package containing the compiled standard library for PIE build mode.

This is a prerequisite for building position-independent executables
for the purpose of hardening Go binaries against memory corruption
vulnerabilities [1].

[1] https://bugs.debian.org/821454

A package maintainer who wishes to ship hardened binaries shall add
a Build-Depends: golang-std-pie, and a debian/rules stanza such as

override_dh_auto_build:
        dh_auto_build -O--buildsystem=golang -- -buildmode=pie -ldflags 
-extldflags=-Wl,-z,now,-z,relro

In the future dh-golang could be extended to pass the above flags.

Regards,
Peter

>From 8622c71c744b7099d1a8b5ddd553cdb736351dcc Mon Sep 17 00:00:00 2001
From: Peter Colberg <pe...@colberg.org>
Date: Fri, 29 Apr 2016 08:01:02 -0400
Subject: [PATCH] Package compiled stdlib for PIE build mode

---
 debian/control                | 17 +++++++++++++++++
 debian/golang-std-pie.install |  1 +
 debian/rules                  |  3 +++
 3 files changed, 21 insertions(+)
 create mode 100644 debian/golang-std-pie.install

diff --git a/debian/control b/debian/control
index d08c525..c51864b 100644
--- a/debian/control
+++ b/debian/control
@@ -86,6 +86,23 @@ Description: Go programming language - source files
  This package provides the Go programming language source files needed for
  cross-compilation.
 
+Package: golang-std-pie
+Depends: golang-go (>= ${source:Version}), ${misc:Depends}, ${shlibs:Depends}
+Architecture: amd64 arm64 armel armhf i386 ppc64 ppc64el
+Build-Profiles: <!cross>
+Description: Go programming language - compiled stdlib for PIE build mode
+ The Go programming language is an open source project to make programmers more
+ productive. Go is expressive, concise, clean, and efficient. Its concurrency
+ mechanisms make it easy to write programs that get the most out of multicore
+ and networked machines, while its novel type system enables flexible and
+ modular program construction. Go compiles quickly to machine code yet has the
+ convenience of garbage collection and the power of run-time reflection. It's a
+ fast, statically typed, compiled language that feels like a dynamically typed,
+ interpreted language.
+ .
+ This package provides the compiled standard library for the Go programming
+ language for the purpose of building position-independent executables (PIE).
+
 Package: golang-doc
 Depends: golang-go, ${misc:Depends}
 Architecture: all
diff --git a/debian/golang-std-pie.install b/debian/golang-std-pie.install
new file mode 100644
index 0000000..ef62e13
--- /dev/null
+++ b/debian/golang-std-pie.install
@@ -0,0 +1 @@
+pkg/*_*_shared /usr/lib/go/pkg/
diff --git a/debian/rules b/debian/rules
index cb30d52..1e17ee1 100755
--- a/debian/rules
+++ b/debian/rules
@@ -76,6 +76,9 @@ override_dh_auto_build-arch:
 		&& cd src \
 		&& $(CURDIR)/debian/helpers/goenv.sh \
 			bash ./make.bash --no-banner
+ifeq (,$(filter cross,$(DEB_BUILD_PROFILES)))
+	$(GOROOT)/bin/go install -v -buildmode=pie std
+endif
 
 opt_no_act :=
 ifneq (,$(findstring n,$(MAKEFLAGS)))
-- 
2.8.1

--- End Message ---

--- Begin Message ---

Version: 1.15.15-5+rm

Dear submitter,

as the package golang-1.15 has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/998747

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)

--- End Message ---