search

Azathothas / Toolpacks

Official (pkgforge-edge) Repo 📦📀 & The Largest Collection of Pre-Compiled (+ UPXed) Linux Static Binaries (incl. Build Scripts) & Package Manager (rust) :: https://github.com/pkgforge/soar
https://bin.pkgforge.dev/
MIT License
151 stars 16 forks source link

Use GOFLAGS and GO_LDFLAGS to make the scripts cleaner. #17

Closed xplshn closed 6 months ago

xplshn commented 6 months ago

I propose using the following GO env vars:

CGO_ENABLED=0 # disables the use of the GCC compiler.
GOFLAGS=-ldflags=-static -ldflags=-s -ldflags=-w # Static + Strip. You could also add the SHA256 to the binary using binutils after compilation, making the binaries version traceable.
GO_LDFLAGS=-buildmode=pie # makes the compiled binaries be position independent. This is compatible with statically linked binaries that don't use CGO, if any binary requires CGO, you probably are already using a very specific set of flags and procedure to build it, so this is not something to worry about.

And using the following CFLAG also helps:

GOBIN="$HOME/bin"

If GOBIN were to be used, programs installed using go install source.com/username/reponame@branch_or_tag will be installed to $GOBIN, getting rid of the mv command.

There are also equivalents for Rust which would alleviate the amount of work that has to be done for each platform, like for example: RUSTFLAGS=-C link-arg=-s

Azathothas commented 6 months ago

I already use a variation of those flags, as described here in the docs (may not be uptodate): https://github.com/Azathothas/Toolpacks/blob/main/Docs/BUILD_NOTES.md

If a binary doesn't need cgo, then building using pie is actually not better, as it increases the binary size and breaks incompatibility with older systems. so the default in such case is 

GOOS="linux" GOARCH="amd64" CGO_ENABLED="0" go build -v -ldflags="-buildid= -s -w -extldflags '-static'"

and if it requires cgo, but doesn't link to external libs, then pie mode is used with zig

GOOS="linux" GOARCH="amd64" CGO_ENABLED="1" CGO_CFLAGS="-O2 -flto=auto -fPIE -fpie -static -w -pipe" CC="zig cc -target x86_64-linux-musl" CXX="zig c++ -target x86_64-linux-musl" go build -v -trimpath -buildmode="pie" -ldflags="-s -w -buildid= -linkmode=external -extldflags '-s -w -static-pie -Wl,--build-id=none'"

and if it rquires cgo + also links with external libs, then I use an alpine container with static libs and build in piemode

docker stop "alpine-builder" 2>/dev/null ; docker rm "alpine-builder" 2>/dev/null
docker run --privileged --net="host" --name "alpine-builder" "azathothas/alpine-builder:latest" \
        sh -c '
        #Setup ENV
         tempdir="$(mktemp -d)" ; mkdir -p "$tempdir" && cd "$tempdir"
         mkdir -p "/build-bins"
        #Build
         git clone --quiet --filter "blob:none" "https://github.com/etix/mirrorbits" && cd "./mirrorbits"
         GOOS="linux" GOARCH="amd64" CGO_ENABLED="1" CGO_CFLAGS="-O2 -flto=auto -fPIE -fpie -static -w -pipe" go build -v -trimpath -buildmode="pie" -ldflags="-s -w -buildid= -linkmode=external -extldflags '\''-s -w -static-pie -Wl,--build-id=none'\''"
        #strip & info
         strip "./mirrorbits"
         cp "./mirrorbits" "/build-bins/mirrorbits"
        '

likewise, for rust, it's similar. That is to say, it highly depends on each package and it's configuration + deps I recommend you look at the specific package you think isn't being built/compiled with the correct flags and point it out.

xplshn commented 6 months ago

Oh, sorry to bother then! I hadn't realized you had already taken this into consideration