Line 145: | Line 145: | ||
--> | --> | ||
[[Category: | [[Category:ChangeReadyForFesco]] | ||
<!-- When your change proposal page is completed and ready for review and announcement --> | <!-- When your change proposal page is completed and ready for review and announcement --> | ||
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler --> | <!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler --> |
Revision as of 13:44, 19 December 2016
Golang buildmode PIE
Summary
Change default build mode of golang in Fedora packaging macros to buildmode=pie, which results in packages using them to produce Position Independent Executables. Another part of the change is to pass the Fedora hardened linker flags to the external linker(regular system linker). In result reducing exploit-ability of binaries.
Owner
- Name: Jakub Čajka
- Email: <jcajka@fedoraproject.org>
- Release notes owner:
Current status
- Targeted release: Fedora 26
- Last updated: 2016-12-19
- Tracker bug: <will be assigned by the Wrangler>
Detailed Description
Change default build mode of golang in Fedora packaging macros to buildmode=pie, which results in packages using them to produce Position Independent Executables. Another part of the change is to pass the Fedora hardened linker flags to the external linker(regular system linker). This will only affect packages that depend on golang packaging macros for their build. This should be first step towards mandating this on all packages that provide binaries based on golang in whole distribution via Go packaging guidelines(which is out of scope for this change proposal).
Benefit to Fedora
Reducing exploit surface of golang based packages providing binaries.
Scope
- Proposal owners: change the Go packaging macros, resolve possible issue encountered
- Other developers: help with resolving any issues encountered
- Release engineering: none as mass-rebuild is scheduled
- List of deliverables: N/A (not a System Wide Change)
- Policies and guidelines: none
- Trademark approval: N/A (not needed for this Change)
Upgrade/compatibility impact
none
How To Test
N/A (not a System Wide Change)
User Experience
N/A (not a System Wide Change)
Dependencies
N/A (not a System Wide Change)
Contingency Plan
- Contingency mechanism: Either backing of the change to macros or changes to affected packages.
- Contingency deadline: BetaFreeze?
- Blocks release? No
- Blocks product? No
Documentation
N/A (not a System Wide Change)