Skip to content

cmd/go/internal/work/security: add -ftls-model=(.*) to safelist #69711

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
pdecat opened this issue Sep 30, 2024 · 6 comments
Closed

cmd/go/internal/work/security: add -ftls-model=(.*) to safelist #69711

pdecat opened this issue Sep 30, 2024 · 6 comments
Assignees
@matloob
Labels
GoCommand cmd/go NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Backlog

Comments

@pdecat
Copy link

pdecat commented Sep 30, 2024

Go version

go version go1.23.1 linux/amd64

Output of go env in your module/workspace:

GO111MODULE=''
GOARCH='amd64'
GOBIN=''
GOCACHE='/root/.cache/go-build'
GOENV='/root/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/go/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/go'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='local'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.23.1'
GODEBUG=''
GOTELEMETRY='local'
GOTELEMETRYDIR='/root/.config/go/telemetry'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/build/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build198491779=/tmp/go-build -gno-record-gcc-switches'

What did you do?

Added -ftls-model=local-dynamic to a # cgo CFLAGS: directive to work-around issues with initial-exec thread-local storage model on alpine with musl.

What did you see happen?

CGO_ENABLED=1 go build -v -o steampipe_postgres_fdw.a  -tags "netgo" -buildmode=c-archive ../*.go
runtime/cgo
os/user
command-line-arguments
command-line-arguments: invalid flag in #cgo CFLAGS: -ftls-model=local-dynamic

What did you expect to see?

Build should work normally.

Work-around: define CGO_CFLAGS_ALLOW='-ftls-model=(.*)' environment variable.
@gabyhelp
Copy link

Related Issues and Documentation

(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)

@mknyszek
Copy link
Contributor

@golang/tools-team

@mknyszek mknyszek added NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. GoCommand cmd/go labels Sep 30, 2024
@mknyszek mknyszek added this to the Backlog milestone Sep 30, 2024
@matloob
Copy link
Contributor

matloob commented Sep 30, 2024

Is there a list of valid values of ftls-model? Could we make the regexp more restrictive? I think it should at least be '-ftls-model=([a-z-]*)' assuming that all the valid values match? (Doing a quick search they seem to?)

@pdecat
Copy link
Author

pdecat commented Sep 30, 2024

According to GCC docs, valid values are: global-dynamic, local-dynamic, initial-exec and local-exec.

@matloob
Copy link
Contributor

matloob commented Sep 30, 2024

Okay, then I think we should we add -ftls-model=(global-dynamic|local-dynamic|initial-exec|local-exec)

@matloob matloob self-assigned this Oct 1, 2024
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/617136 mentions this issue: cmd/go/internal/security: add -ftls-model to valid compiler flags

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@matloob matloob

Labels
GoCommand cmd/go NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
5 participants
@pdecat @mknyszek @gopherbot @matloob @gabyhelp