Skip to content

cmd/go/internal/work/security: add -ftls-model=(.*) to safelist #69711

Closed
@pdecat

Description

@pdecat

Go version

go version go1.23.1 linux/amd64

Output of go env in your module/workspace:

GO111MODULE=''
GOARCH='amd64'
GOBIN=''
GOCACHE='/root/.cache/go-build'
GOENV='/root/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/go/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/go'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='local'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.23.1'
GODEBUG=''
GOTELEMETRY='local'
GOTELEMETRYDIR='/root/.config/go/telemetry'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/build/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build198491779=/tmp/go-build -gno-record-gcc-switches'

What did you do?

Added -ftls-model=local-dynamic to a # cgo CFLAGS: directive to work-around issues with initial-exec thread-local storage model on alpine with musl.

What did you see happen?

CGO_ENABLED=1 go build -v -o steampipe_postgres_fdw.a  -tags "netgo" -buildmode=c-archive ../*.go
runtime/cgo
os/user
command-line-arguments
command-line-arguments: invalid flag in #cgo CFLAGS: -ftls-model=local-dynamic

What did you expect to see?

Build should work normally.

Work-around: define CGO_CFLAGS_ALLOW='-ftls-model=(.*)' environment variable.

Activity

mknyszek

mknyszek commented on Sep 30, 2024

@mknyszek
Contributor

@golang/tools-team

added
NeedsInvestigationSomeone must examine and confirm this is a valid issue and not a duplicate of an existing one.
on Sep 30, 2024
added this to the Backlog milestone on Sep 30, 2024
matloob

matloob commented on Sep 30, 2024

@matloob
Contributor

Is there a list of valid values of ftls-model? Could we make the regexp more restrictive? I think it should at least be '-ftls-model=([a-z-]*)' assuming that all the valid values match? (Doing a quick search they seem to?)

pdecat

pdecat commented on Sep 30, 2024

@pdecat
Author

According to GCC docs, valid values are: global-dynamic, local-dynamic, initial-exec and local-exec.

matloob

matloob commented on Sep 30, 2024

@matloob
Contributor

Okay, then I think we should we add -ftls-model=(global-dynamic|local-dynamic|initial-exec|local-exec)

self-assigned this
on Oct 1, 2024
gopherbot

gopherbot commented on Oct 1, 2024

@gopherbot
Contributor

Change https://go.dev/cl/617136 mentions this issue: cmd/go/internal/security: add -ftls-model to valid compiler flags

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

Labels

GoCommandcmd/goNeedsInvestigationSomeone must examine and confirm this is a valid issue and not a duplicate of an existing one.

Type

No type

Projects

No projects

Relationships

None yet

    Development

    No branches or pull requests

      Participants

      @pdecat@mknyszek@gopherbot@matloob@gabyhelp

      Issue actions

        cmd/go/internal/work/security: add `-ftls-model=(.*)` to safelist · Issue #69711 · golang/go