From 555f1ae516acccb818f1510af58e6098f24f3c42 Mon Sep 17 00:00:00 2001
From: Norwin <noerw@noreply.gitea.io>
Date: Fri, 24 Sep 2021 00:01:07 +0800
Subject: [PATCH] Makefile: add STATIC=true for static PIE builds (#349)

- `make build` + `make install` now support the `STATIC=true` parameter, creating statically linked builds that are also position independent executables
- this requires CGO and a static libc on the build system
- `CGO_ENABLED=0` is set for all make build targets, unless `STATIC=true` is set
- Debug symbols are stripped (`-s -w`) for all make build targets
- Release binaries are built statically by gox (no PIE), as before.

I also took the liberty to declutter the makefile from unused & duplicated variables.

Co-authored-by: Norwin Roosen <git@nroo.de>
Co-authored-by: 6543 <6543@obermui.de>
Reviewed-on: https://gitea.com/gitea/tea/pulls/349
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: 6543 <6543@obermui.de>
Co-authored-by: Norwin <noerw@noreply.gitea.io>
Co-committed-by: Norwin <noerw@noreply.gitea.io>
---
 .dockerignore |  2 ++
 Dockerfile    |  4 ++--
 Makefile      | 50 ++++++++++++++++++++++----------------------------
 README.md     |  2 +-
 4 files changed, 27 insertions(+), 31 deletions(-)
 create mode 100644 .dockerignore

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..d586e98
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,2 @@
+Dockerfile
+tea
diff --git a/Dockerfile b/Dockerfile
index 695f52d..8d90551 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,16 +2,16 @@ ARG GOVERSION="1.16.2"
 
 FROM golang:${GOVERSION}-alpine AS buildenv
 
-ARG CGO_ENABLED="0"
 ARG GOOS="linux"
 
 COPY . $GOPATH/src/
 WORKDIR $GOPATH/src
 
 RUN	apk add --quiet --no-cache \
+		build-base \
 		make \
 		git && \
-	make build
+	make clean build STATIC=true
 
 FROM scratch
 ARG VERSION="0.7.0"
diff --git a/Makefile b/Makefile
index 5149813..5a1c971 100644
--- a/Makefile
+++ b/Makefile
@@ -1,31 +1,15 @@
 DIST := dist
-IMPORT := code.gitea.io/tea
 export GO111MODULE=on
+export CGO_ENABLED=0
 
 GO ?= go
-SED_INPLACE := sed -i
 SHASUM ?= shasum -a 256
 
 export PATH := $($(GO) env GOPATH)/bin:$(PATH)
 
-ifeq ($(OS), Windows_NT)
-	EXECUTABLE := tea.exe
-else
-	EXECUTABLE := tea
-	UNAME_S := $(shell uname -s)
-	ifeq ($(UNAME_S),Darwin)
-		SED_INPLACE := sed -i ''
-	endif
-endif
-
 GOFILES := $(shell find . -name "*.go" -type f ! -path "./vendor/*" ! -path "*/bindata.go")
 GOFMT ?= gofmt -s
 
-GOFLAGS := -i -v
-EXTRA_GOFLAGS ?=
-
-MAKE_VERSION := $(shell make -v | head -n 1)
-
 ifneq ($(DRONE_TAG),)
 	VERSION ?= $(subst v,,$(DRONE_TAG))
 	TEA_VERSION ?= $(VERSION)
@@ -37,25 +21,31 @@ else
 	endif
 	TEA_VERSION ?= $(shell git describe --tags --always | sed 's/-/+/' | sed 's/^v//')
 endif
-
 TEA_VERSION_TAG ?= $(shell sed 's/+/_/' <<< $(TEA_VERSION))
 
-LDFLAGS := -X "main.Version=$(TEA_VERSION)" -X "main.Tags=$(TAGS)"
+TAGS ?=
+LDFLAGS := -X "main.Version=$(TEA_VERSION)" -X "main.Tags=$(TAGS)" -s -w
+
+ifeq ($(STATIC),true)
+	# NOTE: clean up this mess, when https://github.com/golang/go/issues/26492 is resolved
+	# static_build is a defacto standard tag used in go packages
+	TAGS := osusergo,netgo,static_build,$(TAGS)
+	LDFLAGS := $(LDFLAGS) -linkmode=external -extldflags "-static-pie" -X "main.Tags=$(TAGS)"
+	export CGO_ENABLED=1 # needed for linkmode=external
+endif
+
+# override to allow passing additional goflags via make CLI
+override GOFLAGS := $(GOFLAGS) -mod=vendor -tags '$(TAGS)' -ldflags '$(LDFLAGS)'
 
 PACKAGES ?= $(shell $(GO) list ./... | grep -v /vendor/)
 SOURCES ?= $(shell find . -name "*.go" -type f)
 
-TAGS ?=
-
 ifeq ($(OS), Windows_NT)
 	EXECUTABLE := tea.exe
 else
 	EXECUTABLE := tea
 endif
 
-# $(call strip-suffix,filename)
-strip-suffix = $(firstword $(subst ., ,$(1)))
-
 .PHONY: all
 all: build
 
@@ -132,14 +122,18 @@ test-vendor: vendor
 check: test
 
 .PHONY: install
-install: $(wildcard *.go)
-	$(GO) install -mod=vendor -v -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)'
+install: $(SOURCES)
+	@echo "installing to $(GOPATH)/bin/$(EXECUTABLE)"
+	$(GO) install -v -buildmode=pie $(GOFLAGS) 
 
 .PHONY: build
 build: $(EXECUTABLE)
 
 $(EXECUTABLE): $(SOURCES)
-	$(GO) build -mod=vendor $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@
+ifeq ($(STATIC),true)
+	@echo "enabling static build, make sure you have glibc-static (or equivalent) installed"
+endif
+	$(GO) build -buildmode=pie $(GOFLAGS) -o $@
 
 .PHONY: build-image
 build-image:
@@ -157,7 +151,7 @@ release-os:
 	@hash gox > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		cd /tmp && $(GO) get -u github.com/mitchellh/gox; \
 	fi
-	CGO_ENABLED=0 gox -verbose -cgo=false -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -osarch='!darwin/386 !darwin/arm' -os="windows linux darwin" -arch="386 amd64 arm arm64" -output="$(DIST)/release/tea-$(VERSION)-{{.OS}}-{{.Arch}}"
+	CGO_ENABLED=0 gox -verbose -cgo=false $(GOFLAGS) -osarch='!darwin/386 !darwin/arm' -os="windows linux darwin" -arch="386 amd64 arm arm64" -output="$(DIST)/release/tea-$(VERSION)-{{.OS}}-{{.Arch}}"
 
 .PHONY: release-compress
 release-compress:
diff --git a/README.md b/README.md
index cd1665c..d5e4c8b 100644
--- a/README.md
+++ b/README.md
@@ -100,7 +100,7 @@ To compile the sources yourself run the following:
 ```sh
 git clone https://gitea.com/gitea/tea.git
 cd tea
-make
+make STATIC=true
 ```
 
 ## Contributing