kumquat-buildroot/package/go/go.mk
Peter Korsgaard 5c9db62171 go: security bump to version 1.7.4
On Darwin, user's trust preferences for root certificates were not honored.
If the user had a root certificate loaded in their Keychain that was
explicitly not trusted, a Go program would still verify a connection using
that root certificate.  This is addressed by https://golang.org/cl/33721,
tracked in https://golang.org/issue/18141.  Thanks to Xy Ziemba for
identifying and reporting this issue.

The net/http package's Request.ParseMultipartForm method starts writing to
temporary files once the request body size surpasses the given "maxMemory"
limit.  It was possible for an attacker to generate a multipart request
crafted such that the server ran out of file descriptors.  This is addressed
by https://golang.org/cl/30410, tracked in https://golang.org/issue/17965.
Thanks to Simon Rawet for the report.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-23 23:01:27 +01:00

121 lines
3.6 KiB
Makefile

################################################################################
#
# go
#
################################################################################
GO_VERSION = 1.7.4
GO_SITE = https://storage.googleapis.com/golang
GO_SOURCE = go$(GO_VERSION).src.tar.gz
GO_LICENSE = BSD-3c
GO_LICENSE_FILES = LICENSE
ifeq ($(BR2_arm),y)
GO_GOARCH = arm
ifeq ($(BR2_ARM_CPU_ARMV5),y)
GO_GOARM = 5
else ifeq ($(BR2_ARM_CPU_ARMV6),y)
GO_GOARM = 6
else ifeq ($(BR2_ARM_CPU_ARMV7A),y)
GO_GOARM = 7
endif
else ifeq ($(BR2_aarch64),y)
GO_GOARCH = arm64
else ifeq ($(BR2_i386),y)
GO_GOARCH = 386
else ifeq ($(BR2_x86_64),y)
GO_GOARCH = amd64
else ifeq ($(BR2_powerpc64),y)
GO_GOARCH = ppc64
else ifeq ($(BR2_powerpc64le),y)
GO_GOARCH = ppc64le
else ifeq ($(BR2_mips64),y)
GO_GOARCH = mips64
else ifeq ($(BR2_mips64el),y)
GO_GOARCH = mips64le
endif
HOST_GO_DEPENDENCIES = host-go-bootstrap
HOST_GO_ROOT = $(HOST_DIR)/usr/lib/go
# For the convienience of target packages.
HOST_GO_TOOLDIR = $(HOST_GO_ROOT)/pkg/tool/linux_$(GO_GOARCH)
HOST_GO_TARGET_ENV = \
GOARCH=$(GO_GOARCH) \
GOROOT="$(HOST_GO_ROOT)" \
CC="$(TARGET_CC)" \
CXX="$(TARGET_CXX)" \
GOTOOLDIR="$(HOST_GO_TOOLDIR)"
# The go compiler's cgo support uses threads. If BR2_TOOLCHAIN_HAS_THREADS is
# set, build in cgo support for any go programs that may need it. Note that
# any target package needing cgo support must include
# 'depends on BR2_TOOLCHAIN_HAS_THREADS' in its config file.
ifeq (BR2_TOOLCHAIN_HAS_THREADS,y)
HOST_GO_CGO_ENABLED = 1
else
HOST_GO_CGO_ENABLED = 0
endif
# The go build system doesn't have the notion of cross compiling, but just the
# notion of architecture. When the host and target architectures are different
# it expects to be given a target cross compiler in CC_FOR_TARGET. When the
# architectures are the same it will use CC_FOR_TARGET for both host and target
# compilation. To work around this limitation build and install a set of
# compiler and tool binaries built with CC_FOR_TARGET set to the host compiler.
# Also, the go build system is not compatible with ccache, so use
# HOSTCC_NOCCACHE. See https://github.com/golang/go/issues/11685.
HOST_GO_MAKE_ENV = \
GOROOT_BOOTSTRAP=$(HOST_GO_BOOTSTRAP_ROOT) \
GOROOT_FINAL=$(HOST_GO_ROOT) \
GOROOT="$(@D)" \
GOBIN="$(@D)/bin" \
GOARCH=$(GO_GOARCH) \
$(if $(GO_GOARM),GOARM=$(GO_GOARM)) \
GOOS=linux \
CGO_ENABLED=$(HOST_GO_CGO_ENABLED) \
CC=$(HOSTCC_NOCCACHE)
HOST_GO_TARGET_CC = \
CC_FOR_TARGET="$(TARGET_CC)" \
CXX_FOR_TARGET="$(TARGET_CXX)"
HOST_GO_HOST_CC = \
CC_FOR_TARGET=$(HOSTCC_NOCCACHE) \
CXX_FOR_TARGET=$(HOSTCC_NOCCACHE)
HOST_GO_TMP = $(@D)/host-go-tmp
define HOST_GO_BUILD_CMDS
cd $(@D)/src && $(HOST_GO_MAKE_ENV) $(HOST_GO_HOST_CC) ./make.bash
mkdir -p $(HOST_GO_TMP)
mv $(@D)/pkg/tool $(HOST_GO_TMP)/
mv $(@D)/bin/ $(HOST_GO_TMP)/
cd $(@D)/src && $(HOST_GO_MAKE_ENV) $(HOST_GO_TARGET_CC) ./make.bash
endef
define HOST_GO_INSTALL_CMDS
$(INSTALL) -D -m 0755 $(HOST_GO_TMP)/bin/go $(HOST_GO_ROOT)/bin/go
$(INSTALL) -D -m 0755 $(HOST_GO_TMP)/bin/gofmt $(HOST_GO_ROOT)/bin/gofmt
ln -sf ../lib/go/bin/go $(HOST_DIR)/usr/bin/
ln -sf ../lib/go/bin/gofmt $(HOST_DIR)/usr/bin/
cp -a $(@D)/lib $(HOST_GO_ROOT)/
mkdir -p $(HOST_GO_ROOT)/pkg
cp -a $(@D)/pkg/include $(@D)/pkg/linux_* $(HOST_GO_ROOT)/pkg/
cp -a $(HOST_GO_TMP)/tool $(HOST_GO_ROOT)/pkg/
# There is a known issue which requires the go sources to be installed
# https://golang.org/issue/2775
cp -a $(@D)/src $(HOST_GO_ROOT)/
# Set all file timestamps to prevent the go compiler from rebuilding any
# built in packages when programs are built.
find $(HOST_GO_ROOT) -type f -exec touch -r $(HOST_GO_TMP)/bin/go {} \;
endef
$(eval $(host-generic-package))