Skip to content

Commit

Permalink
Remove no-pic patch
Browse files Browse the repository at this point in the history 
For two reasons:
1) Alpine has fixed the issue (http://git.alpinelinux.org/cgit/aports/tree/community/go/default-buildmode-pie.patch)
2) The patch doesn't work for some platforms where Golang adopts external linker (golang/go#17847). Although Golang developers has fixed the issue with disabling PIE, above Alpine solution is more secure

So, Alpine Go (installed by apk) is better choice.
  • Loading branch information
wei xiao committed Dec 1, 2016
1 parent 4fd5df8 commit b2765b3
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 43 deletions.
29 changes: 2 additions & 27 deletions 1.7/alpine/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,36 +2,11 @@ FROM alpine:3.4

RUN apk add --no-cache ca-certificates

ENV GOLANG_VERSION 1.7.3
ENV GOLANG_SRC_URL https://golang.org/dl/go$GOLANG_VERSION.src.tar.gz
ENV GOLANG_SRC_SHA256 79430a0027a09b0b3ad57e214c4c1acfdd7af290961dd08d322818895af1ef44

# https://golang.org/issue/14851
COPY no-pic.patch /

RUN set -ex \
&& apk add --no-cache --virtual .build-deps \
bash \
gcc \
musl-dev \
openssl \
go \
\
&& export GOROOT_BOOTSTRAP="$(go env GOROOT)" \
\
&& wget -q "$GOLANG_SRC_URL" -O golang.tar.gz \
&& echo "$GOLANG_SRC_SHA256 golang.tar.gz" | sha256sum -c - \
&& tar -C /usr/local -xzf golang.tar.gz \
&& rm golang.tar.gz \
&& cd /usr/local/go/src \
&& patch -p2 -i /no-pic.patch \
&& ./make.bash \
\
&& rm -rf /*.patch \
&& apk del .build-deps
&& apk add --no-cache go

ENV GOPATH /go
ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
ENV PATH $GOPATH/bin:$PATH

RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 777 "$GOPATH"
WORKDIR $GOPATH
Expand Down
16 changes: 0 additions & 16 deletions 1.7/alpine/no-pic.patch
View file

This file was deleted.

0 comments on commit b2765b3

Please sign in to comment.