Closed xnox closed 1 week ago
trimpath reduces binary size a lot by stripping filepaths from binaries.
For privacy reasons it also strips ldflags from binaries; even if they don't contain any paths.
That hides useful information - ie.
build -ldflags="-s -w -w -X main.version=0.27.2 -X main.commit=29919209f2a1088a754fe050a5416ee1b203edcb -X main.date=2024-04-03T17:06:41Z"
We should patch our golang toolchain to not hide ldflags from binaries, when they are built using trimpath.
As this hides information from security scanners.
See also:
https://github.com/golang/go/issues/50603 https://github.com/golang/go/issues/63432
In order to potentially upstream this, should we split the functionality into -trimpath and -trimflags (and we just won't use -trimflags)?
Proposing https://github.com/golang/go/pull/67072
trimpath reduces binary size a lot by stripping filepaths from binaries.
For privacy reasons it also strips ldflags from binaries; even if they don't contain any paths.
That hides useful information - ie.
We should patch our golang toolchain to not hide ldflags from binaries, when they are built using trimpath.
As this hides information from security scanners.
See also:
https://github.com/golang/go/issues/50603 https://github.com/golang/go/issues/63432