Re: Application gets hardened-no-pie lintian warning

To: debian-go@lists.debian.org
Subject: Re: Application gets hardened-no-pie lintian warning
From: Shengjing Zhu <zhsj@debian.org>
Date: Fri, 21 Feb 2020 12:45:52 +0800
Message-id: <[🔎] CAFyCLW_coEK4ONqr1rVn69k39mfGAOZp0bOcZonMjZVPX7zm8w@mail.gmail.com>
In-reply-to: <[🔎] 20200220213544.GB20997@hidden>
References: <[🔎] 20200220213544.GB20997@hidden>

On Fri, Feb 21, 2020 at 6:03 AM Ola Bini <ola@olabini.se> wrote:
>
> Hi,
>
> I have recently packaged a Golang application without any real
> problems. However, after finishing the packaging, when running lintian
> on the package, I get "hardening-no-pie" as a warning. Is there any
> way to fix this for Golang applications? (I'm using dh-make-golang to
> create the initial definition, and then "gbd buildpackage
> --git-pbuilder" to actually build it)

I think that's because we don't turn on pie mode when building Go programs.
And I don't think it's worth to address this problem in individual
package. We should address this in dh-golang.

I think we just don't know or haven't tried the pie mode when building.

I know Archlinux has a package could go-pie[1] which turns pie mode
the default[2]. But I don't know others.

[1] https://www.archlinux.org/packages/community/x86_64/go-pie/
[2] https://git.archlinux.org/svntogit/community.git/tree/trunk/default-buildmode-pie.patch?h=packages/go

-- 
Shengjing Zhu

Reply to:

References:
- Application gets hardened-no-pie lintian warning
  - From: Ola Bini <ola@olabini.se>

Prev by Date: Re: RFS for Delve and dependencies
Next by Date: Re: Current issues with the Go Ecosystem in Debian [Was: DebConf19 pkg-go BoF minutes (Finally!)]
Previous by thread: Re: Application gets hardened-no-pie lintian warning
Next by thread: Requesting access to the salsa Go group
Index(es):
- Date
- Thread