Makefile: add STATIC=true for static PIE builds (#349)

- `make build` + `make install` now support the `STATIC=true` parameter, creating statically linked builds that are also position independent executables
- this requires CGO and a static libc on the build system
- `CGO_ENABLED=0` is set for all make build targets, unless `STATIC=true` is set
- Debug symbols are stripped (`-s -w`) for all make build targets
- Release binaries are built statically by gox (no PIE), as before.

I also took the liberty to declutter the makefile from unused & duplicated variables.

Co-authored-by: Norwin Roosen <git@nroo.de>
Co-authored-by: 6543 <6543@obermui.de>
Reviewed-on: https://gitea.com/gitea/tea/pulls/349
Reviewed-by: Andrew Thornton <art27@cantab.net>
Reviewed-by: 6543 <6543@obermui.de>
Co-authored-by: Norwin <noerw@noreply.gitea.io>
Co-committed-by: Norwin <noerw@noreply.gitea.io>
This commit is contained in:
Norwin 2021-09-24 00:01:07 +08:00 committed by 6543
parent 1c690c5ff8
commit 555f1ae516
4 changed files with 27 additions and 31 deletions

2
.dockerignore Normal file
View File

@ -0,0 +1,2 @@
Dockerfile
tea

View File

@ -2,16 +2,16 @@ ARG GOVERSION="1.16.2"
FROM golang:${GOVERSION}-alpine AS buildenv FROM golang:${GOVERSION}-alpine AS buildenv
ARG CGO_ENABLED="0"
ARG GOOS="linux" ARG GOOS="linux"
COPY . $GOPATH/src/ COPY . $GOPATH/src/
WORKDIR $GOPATH/src WORKDIR $GOPATH/src
RUN apk add --quiet --no-cache \ RUN apk add --quiet --no-cache \
build-base \
make \ make \
git && \ git && \
make build make clean build STATIC=true
FROM scratch FROM scratch
ARG VERSION="0.7.0" ARG VERSION="0.7.0"

View File

@ -1,31 +1,15 @@
DIST := dist DIST := dist
IMPORT := code.gitea.io/tea
export GO111MODULE=on export GO111MODULE=on
export CGO_ENABLED=0
GO ?= go GO ?= go
SED_INPLACE := sed -i
SHASUM ?= shasum -a 256 SHASUM ?= shasum -a 256
export PATH := $($(GO) env GOPATH)/bin:$(PATH) export PATH := $($(GO) env GOPATH)/bin:$(PATH)
ifeq ($(OS), Windows_NT)
EXECUTABLE := tea.exe
else
EXECUTABLE := tea
UNAME_S := $(shell uname -s)
ifeq ($(UNAME_S),Darwin)
SED_INPLACE := sed -i ''
endif
endif
GOFILES := $(shell find . -name "*.go" -type f ! -path "./vendor/*" ! -path "*/bindata.go") GOFILES := $(shell find . -name "*.go" -type f ! -path "./vendor/*" ! -path "*/bindata.go")
GOFMT ?= gofmt -s GOFMT ?= gofmt -s
GOFLAGS := -i -v
EXTRA_GOFLAGS ?=
MAKE_VERSION := $(shell make -v | head -n 1)
ifneq ($(DRONE_TAG),) ifneq ($(DRONE_TAG),)
VERSION ?= $(subst v,,$(DRONE_TAG)) VERSION ?= $(subst v,,$(DRONE_TAG))
TEA_VERSION ?= $(VERSION) TEA_VERSION ?= $(VERSION)
@ -37,25 +21,31 @@ else
endif endif
TEA_VERSION ?= $(shell git describe --tags --always | sed 's/-/+/' | sed 's/^v//') TEA_VERSION ?= $(shell git describe --tags --always | sed 's/-/+/' | sed 's/^v//')
endif endif
TEA_VERSION_TAG ?= $(shell sed 's/+/_/' <<< $(TEA_VERSION)) TEA_VERSION_TAG ?= $(shell sed 's/+/_/' <<< $(TEA_VERSION))
LDFLAGS := -X "main.Version=$(TEA_VERSION)" -X "main.Tags=$(TAGS)" TAGS ?=
LDFLAGS := -X "main.Version=$(TEA_VERSION)" -X "main.Tags=$(TAGS)" -s -w
ifeq ($(STATIC),true)
# NOTE: clean up this mess, when https://github.com/golang/go/issues/26492 is resolved
# static_build is a defacto standard tag used in go packages
TAGS := osusergo,netgo,static_build,$(TAGS)
LDFLAGS := $(LDFLAGS) -linkmode=external -extldflags "-static-pie" -X "main.Tags=$(TAGS)"
export CGO_ENABLED=1 # needed for linkmode=external
endif
# override to allow passing additional goflags via make CLI
override GOFLAGS := $(GOFLAGS) -mod=vendor -tags '$(TAGS)' -ldflags '$(LDFLAGS)'
PACKAGES ?= $(shell $(GO) list ./... | grep -v /vendor/) PACKAGES ?= $(shell $(GO) list ./... | grep -v /vendor/)
SOURCES ?= $(shell find . -name "*.go" -type f) SOURCES ?= $(shell find . -name "*.go" -type f)
TAGS ?=
ifeq ($(OS), Windows_NT) ifeq ($(OS), Windows_NT)
EXECUTABLE := tea.exe EXECUTABLE := tea.exe
else else
EXECUTABLE := tea EXECUTABLE := tea
endif endif
# $(call strip-suffix,filename)
strip-suffix = $(firstword $(subst ., ,$(1)))
.PHONY: all .PHONY: all
all: build all: build
@ -132,14 +122,18 @@ test-vendor: vendor
check: test check: test
.PHONY: install .PHONY: install
install: $(wildcard *.go) install: $(SOURCES)
$(GO) install -mod=vendor -v -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' @echo "installing to $(GOPATH)/bin/$(EXECUTABLE)"
$(GO) install -v -buildmode=pie $(GOFLAGS)
.PHONY: build .PHONY: build
build: $(EXECUTABLE) build: $(EXECUTABLE)
$(EXECUTABLE): $(SOURCES) $(EXECUTABLE): $(SOURCES)
$(GO) build -mod=vendor $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@ ifeq ($(STATIC),true)
@echo "enabling static build, make sure you have glibc-static (or equivalent) installed"
endif
$(GO) build -buildmode=pie $(GOFLAGS) -o $@
.PHONY: build-image .PHONY: build-image
build-image: build-image:
@ -157,7 +151,7 @@ release-os:
@hash gox > /dev/null 2>&1; if [ $$? -ne 0 ]; then \ @hash gox > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
cd /tmp && $(GO) get -u github.com/mitchellh/gox; \ cd /tmp && $(GO) get -u github.com/mitchellh/gox; \
fi fi
CGO_ENABLED=0 gox -verbose -cgo=false -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -osarch='!darwin/386 !darwin/arm' -os="windows linux darwin" -arch="386 amd64 arm arm64" -output="$(DIST)/release/tea-$(VERSION)-{{.OS}}-{{.Arch}}" CGO_ENABLED=0 gox -verbose -cgo=false $(GOFLAGS) -osarch='!darwin/386 !darwin/arm' -os="windows linux darwin" -arch="386 amd64 arm arm64" -output="$(DIST)/release/tea-$(VERSION)-{{.OS}}-{{.Arch}}"
.PHONY: release-compress .PHONY: release-compress
release-compress: release-compress:

View File

@ -100,7 +100,7 @@ To compile the sources yourself run the following:
```sh ```sh
git clone https://gitea.com/gitea/tea.git git clone https://gitea.com/gitea/tea.git
cd tea cd tea
make make STATIC=true
``` ```
## Contributing ## Contributing