-
Notifications
You must be signed in to change notification settings - Fork 697
/
APKBUILD
312 lines (286 loc) · 9.1 KB
/
APKBUILD
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
# Contributor: Sören Tempel <[email protected]>
# Contributor: Eivind Uggedal <[email protected]>
# Contributor: Natanael Copa <[email protected]>
# Maintainer: Sören Tempel <[email protected]>
pkgname=go
# go binaries are statically linked, security updates require rebuilds
pkgver=1.21.6
pkgrel=0
pkgdesc="Go programming language compiler"
url="https://go.dev/"
arch="all"
license="BSD-3-Clause"
depends="binutils gcc musl-dev"
makedepends="bash go-bootstrap"
checkdepends="binutils-gold git git-daemon"
subpackages="$pkgname-doc"
source="https://go.dev/dl/go$pkgver.src.tar.gz
0001-cmd-link-prefer-musl-s-over-glibc-s-ld.so-during-dyn.patch
0002-misc-cgo-test-enable-setgid-tests-on-Alpine-Linux-ag.patch
0003-go.env-Don-t-switch-Go-toolchain-version-as-directed.patch
tests-filter-overflow-gid.patch
tests-unshare-enosys.patch
tests-unset-GCCGO.patch
"
case "$CARCH" in
arm*|aarch64) depends="binutils-gold";;
riscv64)
# Gold does not support RISC-V
checkdepends=""
;;
esac
# Go is bootstrapped initially with gcc-go and from that point onward
# compiled with the previous version of community/go (which is a bit
# faster then gcc-go on most architectures).
#
# See https://lists.alpinelinux.org/~alpine/devel/%3C33KG0XO61I4IL.2Z7RTAZ5J3SY6%408pit.net%3E
provides="go-bootstrap"
provider_priority=100 # highest
# secfixes:
# 0:
# - CVE-2022-41716
# - CVE-2022-41720
# - CVE-2022-41722
# 1.21.5-r0:
# - CVE-2023-39324
# - CVE-2023-39326
# 1.21.3-r0:
# - CVE-2023-39325
# - CVE-2023-44487
# 1.21.2-r0:
# - CVE-2023-39323
# 1.21.1-r0:
# - CVE-2023-39318
# - CVE-2023-39319
# - CVE-2023-39320
# - CVE-2023-39321
# - CVE-2023-39322
# 1.20.7-r0:
# - CVE-2023-29409
# 1.20.6-r0:
# - CVE-2023-29406
# 1.20.5-r0:
# - CVE-2023-29402
# - CVE-2023-29403
# - CVE-2023-29404
# - CVE-2023-29405
# 1.20.4-r0:
# - CVE-2023-24539
# - CVE-2023-24540
# - CVE-2023-29400
# 1.20.3-r0:
# - CVE-2023-24537
# - CVE-2023-24538
# - CVE-2023-24534
# - CVE-2023-24536
# 1.20.2-r0:
# - CVE-2023-24532
# 1.20.1-r0:
# - CVE-2022-41725
# - CVE-2022-41724
# - CVE-2022-41723
# 1.19.4-r0:
# - CVE-2022-41717
# 1.19.2-r0:
# - CVE-2022-2879
# - CVE-2022-2880
# - CVE-2022-41715
# 1.19.1-r0:
# - CVE-2022-27664
# - CVE-2022-32190
# 1.18.5-r0:
# - CVE-2022-32189
# 1.18.4-r0:
# - CVE-2022-1705
# - CVE-2022-1962
# - CVE-2022-28131
# - CVE-2022-30630
# - CVE-2022-30631
# - CVE-2022-30632
# - CVE-2022-30633
# - CVE-2022-30635
# - CVE-2022-32148
# 1.18.1-r0:
# - CVE-2022-28327
# - CVE-2022-27536
# - CVE-2022-24675
# 1.17.8-r0:
# - CVE-2022-24921
# 1.17.7-r0:
# - CVE-2022-23772
# - CVE-2022-23773
# - CVE-2022-23806
# 1.17.6-r0:
# - CVE-2021-44716
# - CVE-2021-44717
# 1.17.3-r0:
# - CVE-2021-41772
# - CVE-2021-41771
# 1.17.2-r0:
# - CVE-2021-38297
# 1.17.1-r0:
# - CVE-2021-39293
# 1.17-r0:
# - CVE-2020-29509
# - CVE-2020-29511
# - CVE-2021-29923
# 1.16.7-r0:
# - CVE-2021-36221
# 1.16.6-r0:
# - CVE-2021-34558
# 1.16.5-r0:
# - CVE-2021-33195
# - CVE-2021-33196
# - CVE-2021-33197
# - CVE-2021-33198
# 1.16.4-r0:
# - CVE-2021-31525
# 1.16.2-r0:
# - CVE-2021-27918
# - CVE-2021-27919
# 1.15.7-r0:
# - CVE-2021-3114
# - CVE-2021-3115
# 1.15.5-r0:
# - CVE-2020-28362
# - CVE-2020-28366
# - CVE-2020-28367
# 1.15.2-r0:
# - CVE-2020-24553
# 1.15-r0:
# - CVE-2020-16845
# 1.14.5-r0:
# - CVE-2020-15586
# 1.13.7-r0:
# - CVE-2020-7919
# 1.13.2-r0:
# - CVE-2019-17596
# 1.13.1-r0:
# - CVE-2019-16276
# 1.12.8-r0:
# - CVE-2019-9512
# - CVE-2019-9514
# - CVE-2019-14809
# 1.11.5-r0:
# - CVE-2019-6486
# 1.9.4-r0:
# - CVE-2018-6574
case "$CTARGET_ARCH" in
aarch64) export GOARCH="arm64" ;;
armel) export GOARCH="arm" GOARM=5 ;;
armhf) export GOARCH="arm" GOARM=6 ;;
armv7) export GOARCH="arm" GOARM=7 ;;
s390x) export GOARCH="s390x" ;;
x86) export GOARCH="386" ;;
x86_64) export GOARCH="amd64" ;;
ppc64) export GOARCH="ppc64" ;;
ppc64le) export GOARCH="ppc64le" ;;
riscv64) export GOARCH="riscv64" ;;
*) export GOARCH="unsupported";;
esac
# compile go itself as a PIE on supported arches.
case "$CARCH" in
x86_64|s390x|aarch64) export GO_LDFLAGS=-buildmode=pie ;;
esac
prepare() {
default_prepare
# The GitLab CI builds aports in a container. On ppc64le, ASLR
# needs to be disabled in order to have the following test case
# pass. However, the container doesn't have permissions to
# disable ASLR, hence we just disable this test for now.
#
# See https://github.com/golang/go/issues/49066#issuecomment-1252948861
if [ "$CTARGET_ARCH" = "ppc64le" ]; then
rm test/fixedbugs/bug513.go
fi
# gccgo test failures are explained below.
rm -f src/cmd/go/testdata/script/gccgo*.txt
}
builddir="$srcdir"/go
build() {
cd "$builddir/src"
export GOOS="linux"
export GOPATH="$srcdir"
export GOROOT="$builddir"
export GOBIN="$GOROOT"/bin
export GOROOT_FINAL=/usr/lib/go
# GOROOT_BOOTSTRAP differs depending on bootstrap with gcc-go or go.
if command -v gccgo >/dev/null 2>&1; then
export GOROOT_BOOTSTRAP=/usr
else
export GOROOT_BOOTSTRAP=/usr/lib/go
fi
# on 32-bit arches gcc-go runs out-of-memory without limiting
# the number of OS threads, needs further investigation. When
# go-bootstrap is provided by community/go (i.e. when gccgo
# isn't installed) then this is not a problem.
if command -v gccgo >/dev/null 2>&1; then
case "$CARCH" in
armhf|armv7|x86) export GOMAXPROCS=1 ;;
esac
fi
./make.bash -v
unset GOMAXPROCS
}
check() {
cd "$builddir/src"
if [ "$CTARGET_ARCH" = "armhf" ]; then
export GO_TEST_TIMEOUT_SCALE=2
fi
# Test suite does not pass with ccache, thus remove it form $PATH.
export PATH="$(echo "$PATH" | sed 's|/usr/lib/ccache/bin:||g')"
# Tests which use GCCGO test building shared library and c-archives
# using -compiler=gccgo, this does presently not work with musl,
# hence disable these tests by setting GCCGO to a bogus value.
#
# See:
#
# • https://github.com/golang/go/issues/13492
# • https://github.com/golang/go/pull/52541
# • https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/39618
export GCCGO=/does/not/exist
PATH="$builddir/bin:$PATH" ./run.bash -no-rebuild
}
package() {
mkdir -p "$pkgdir"/usr/bin "$pkgdir"/usr/lib/go/bin "$pkgdir"/usr/share/doc/go
for binary in go gofmt; do
install -Dm755 bin/"$binary" "$pkgdir"/usr/lib/go/bin/"$binary"
ln -s /usr/lib/go/bin/"$binary" "$pkgdir"/usr/bin/
done
cp -a pkg lib "$pkgdir"/usr/lib/go
cp -r doc misc "$pkgdir"/usr/share/doc/go
rm -rf "$pkgdir"/usr/lib/go/pkg/obj
rm -rf "$pkgdir"/usr/lib/go/pkg/bootstrap
rm -f "$pkgdir"/usr/lib/go/pkg/tool/*/api
mkdir -p "$pkgdir"/usr/lib/go/
cp -a "$builddir"/src "$pkgdir"/usr/lib/go
# Install go.env, see https://go.dev/doc/toolchain#GOTOOLCHAIN.
install -Dm644 "$builddir"/go.env "$pkgdir"/usr/lib/go/go.env
install -Dm644 VERSION "$pkgdir/usr/lib/go/VERSION"
# Remove tests from /usr/lib/go/src to reduce package size,
# these should not be needed at run-time by any program.
find "$pkgdir"/usr/lib/go/src \( -type f -a -name "*_test.go" \) \
-exec rm -rf \{\} \+
find "$pkgdir"/usr/lib/go/src \( -type d -a -name "testdata" \) \
-exec rm -rf \{\} \+
# Remove rc (plan 9) and bat scripts (windows) to reduce package
# size further. The bash scripts are actually needed at run-time.
#
# See: https://gitlab.alpinelinux.org/alpine/aports/issues/11091
find "$pkgdir"/usr/lib/go/src -type f -a \( -name "*.rc" -o -name "*.bat" \) \
-exec rm -rf \{\} \+
# cgo test files will be removed from misc/ in Go 1.21.
# Removing them from now decreases the size of -doc below 2 MiB.
#
# See https://github.com/golang/go/issues/37486#issuecomment-1321364279
rm -r "$pkgdir"/usr/share/doc/go/misc/cgo
}
sha512sums="
8472c1c6c3fae9fecfb512a16f18ed531c04c087429a75086b9999069330c1b1e4a01a30c6561b5092169144cbc0d787ec2f5f4a50dfc4f79e74398f16423cfd go1.21.6.src.tar.gz
34dbe032c5f08dd8a7aad36fc4d54e746a876fdadc25466888a2f04f5a9d53103190ebd68d3cf978d3a041976185e30ffb25611fb577d031c159810d2d4c7c41 0001-cmd-link-prefer-musl-s-over-glibc-s-ld.so-during-dyn.patch
89ab4fbb2901d3907e9661dce877ee45b4a4ee07b964dca341235420ee08764f49aed5da1596d28c649e349af19ea49c03ab6f2c2ad7588a4cf950a619c10e9b 0002-misc-cgo-test-enable-setgid-tests-on-Alpine-Linux-ag.patch
8061e4ef9d7dd31804bd8d98c95afa5dd82567940b3436f45f874e0419e324b49713d8a814df04617e575ec3c6155199c4661352ea8aef63ead81ca3020f3dc4 0003-go.env-Don-t-switch-Go-toolchain-version-as-directed.patch
9f656adb00d174aeae3fc09eeeba1931a290e8cf9e1d3f5e0f232dcf121d45dba04210f88afbb3915b0d7e21dad5c165de9307f4b53e33ba718d312153391571 tests-filter-overflow-gid.patch
6017caacf77c2911e9e882878fdaa2ed066b76b7e97b2ad776bc33d96b21cabc802966473946642c86a8f985c69adcc5e7ea61684f6d0dbacd468a6aad687229 tests-unshare-enosys.patch
4f3f9dfca1d5b9e8219475aea4b25784c7d9c65ade69e38df4210d8c0115fa62771ff44033bca26b4e53f4efcb350aa9fbbddb69780cdef47000a505ea81a79a tests-unset-GCCGO.patch
"