On Fri, Nov 14, 2025 at 12:50 AM nvhieudt11 via lists.yoctoproject.org <[email protected]> wrote:
> Hi Changqing Li, Bruce! > > My understanding is that CGO is disabled directly in the build script > because building statically can fail on certain environments that don’t > have all the required static libraries. However, for meta-layer builds > with Yocto, could we enable CGO and set -extldflags "-static" > so that we can apply some default security flags from Yocto, such as PIE > and RELRO? > > > https://git.yoctoproject.org/poky/plain/meta/conf/distro/include/security_flags.inc?h=scarthgap > > Could there be any runtime issues when enabling CGO and building > statically? > I used to build most of the go applications using -static, but have moved away from it in most cases as it was causing other integration issues (and possible security and footprint issues). I'm not pulling up all the runtime issues from memory but can dig more another time. If we do want this to be something enabled via an image or distro feature (or even packageconfig) that is possible, but I wouldn't make it the default. Bruce > I hope to receive your feedback. > Hieu > > > > -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#9452): https://lists.yoctoproject.org/g/meta-virtualization/message/9452 Mute This Topic: https://lists.yoctoproject.org/mt/105816435/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
