< Changes
(Initial draft) |
m (→Owner) |
||
| (7 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
<!-- Self Contained or System Wide Change Proposal? | <!-- Self Contained or System Wide Change Proposal? | ||
Use this guide to determine to which category your proposed change belongs to. | Use this guide to determine to which category your proposed change belongs to. | ||
| Line 37: | Line 35: | ||
<!-- Include you email address that you can be reached should people want to contact you about helping with your change, status is requested, or technical issues need to be resolved. If the change proposal is owned by a SIG, please also add a primary contact person. --> | <!-- Include you email address that you can be reached should people want to contact you about helping with your change, status is requested, or technical issues need to be resolved. If the change proposal is owned by a SIG, please also add a primary contact person. --> | ||
* Email: <jcajka@fedoraproject.org> | * Email: <jcajka@fedoraproject.org> | ||
* Release notes owner: <!--- To be assigned by docs team [[User:FASAccountName| Release notes owner name]] <email address> --> | * Release notes owner: <!--- To be assigned by docs team [[User:FASAccountName| Release notes owner name]] <email address> --> [mailto:sclark@fedoraproject.org Simon Clark] ([[User:sclark|sclark]]) | ||
<!--- UNCOMMENT only for Changes with assigned Shepherd (by FESCo) | <!--- UNCOMMENT only for Changes with assigned Shepherd (by FESCo) | ||
* FESCo shepherd: [[User:FASAccountName| Shehperd name]] <email address> | * FESCo shepherd: [[User:FASAccountName| Shehperd name]] <email address> | ||
| Line 57: | Line 55: | ||
CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development | CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development | ||
--> | --> | ||
* Tracker bug: | * Tracker bug: [https://bugzilla.redhat.com/show_bug.cgi?id=1413529 #1413529] | ||
== Detailed Description == | == Detailed Description == | ||
| Line 147: | Line 145: | ||
--> | --> | ||
[[Category: | [[Category:ChangeAcceptedF26]] | ||
<!-- When your change proposal page is completed and ready for review and announcement --> | <!-- When your change proposal page is completed and ready for review and announcement --> | ||
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler --> | <!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler --> | ||
Latest revision as of 21:57, 4 July 2017
Golang buildmode PIE
Summary
Change default build mode of golang in Fedora packaging macros to buildmode=pie, which results in packages using them to produce Position Independent Executables. Another part of the change is to pass the Fedora hardened linker flags to the external linker(regular system linker). In result reducing exploit-ability of binaries.
Owner
- Name: Jakub Čajka
- Email: <jcajka@fedoraproject.org>
- Release notes owner: Simon Clark (sclark)
Current status
Detailed Description
Change default build mode of golang in Fedora packaging macros to buildmode=pie, which results in packages using them to produce Position Independent Executables. Another part of the change is to pass the Fedora hardened linker flags to the external linker(regular system linker). This will only affect packages that depend on golang packaging macros for their build. This should be first step towards mandating this on all packages that provide binaries based on golang in whole distribution via Go packaging guidelines(which is out of scope for this change proposal).
Benefit to Fedora
Reducing exploit surface of golang based packages providing binaries.
Scope
- Proposal owners: change the Go packaging macros, resolve possible issue encountered
- Other developers: help with resolving any issues encountered
- Release engineering: none as mass-rebuild is scheduled
- List of deliverables: N/A (not a System Wide Change)
- Policies and guidelines: none
- Trademark approval: N/A (not needed for this Change)
Upgrade/compatibility impact
none
How To Test
N/A (not a System Wide Change)
User Experience
N/A (not a System Wide Change)
Dependencies
N/A (not a System Wide Change)
Contingency Plan
- Contingency mechanism: Either backing of the change to macros or changes to affected packages.
- Contingency deadline: BetaFreeze?
- Blocks release? No
- Blocks product? No
Documentation
N/A (not a System Wide Change)