Commit 2fe4909b authored by Jacob Vosmaer's avatar Jacob Vosmaer

Merge branch 'add_gnu_build_id_to_workhorse' into 'master'

Add Gnu build-id to workhorse go binaries

See merge request gitlab-org/gitlab!78721
parents 59caaa78 748966bf
...@@ -12,7 +12,7 @@ ifdef SOURCE_DATE_EPOCH ...@@ -12,7 +12,7 @@ ifdef SOURCE_DATE_EPOCH
else else
BUILD_TIME := $(shell date -u "$(DATE_FMT)") BUILD_TIME := $(shell date -u "$(DATE_FMT)")
endif endif
GOBUILD := go build -ldflags "-X main.Version=$(VERSION_STRING) -X main.BuildTime=$(BUILD_TIME)" GO_BUILD_GENERIC_LDFLAGS := -X main.Version=$(VERSION_STRING) -X main.BuildTime=$(BUILD_TIME)
GITALY := tmp/tests/gitaly/_build/bin/gitaly GITALY := tmp/tests/gitaly/_build/bin/gitaly
GITALY_PID_FILE := gitaly.pid GITALY_PID_FILE := gitaly.pid
EXE_ALL := gitlab-resize-image gitlab-zip-cat gitlab-zip-metadata gitlab-workhorse EXE_ALL := gitlab-resize-image gitlab-zip-cat gitlab-zip-metadata gitlab-workhorse
...@@ -30,31 +30,35 @@ define message ...@@ -30,31 +30,35 @@ define message
@echo "### $(1)" @echo "### $(1)"
endef endef
# To compute a unique and deterministic value for GNU build-id, we build the Go binary a second time.
# From the first build, we extract its unique and deterministic Go build-id, and use that to derive
# a comparably unique and deterministic GNU build-id to inject into the final binary.
# If we cannot extract a Go build-id, we punt and fallback to using a random 32-byte hex string.
# This fallback is unique but non-deterministic. Uniqueness is critical, because the GNU build-id
# can be used as a cache key in a build cache. Without the fallback, we risk cache key collisions.
## Skip generation of the GNU build ID if set to speed up builds.
WITHOUT_BUILD_ID ?=
.NOTPARALLEL: .NOTPARALLEL:
.PHONY: all .PHONY: all
all: clean-build $(EXE_ALL) all: clean-build $(EXE_ALL)
.PHONY: gitlab-resize-image .PHONY: gitlab-resize-image gitlab-zip-cat gitlab-zip-metadata
gitlab-resize-image: gitlab-resize-image gitlab-zip-cat gitlab-zip-metadata:
$(call message,Building $@) $(call message,Building $@)
$(GOBUILD) -tags "$(BUILD_TAGS)" -o $(BUILD_DIR)/$@ $(PKG)/cmd/$@ go build -ldflags "$(GO_BUILD_GENERIC_LDFLAGS)" -tags "$(BUILD_TAGS)" -o $(BUILD_DIR)/$@ $(PKG)/cmd/$@
ifndef WITHOUT_BUILD_ID
.PHONY: gitlab-zip-cat go build -ldflags "$(GO_BUILD_GENERIC_LDFLAGS) -B 0x$$(_support/make-gnu-build-id.sh $(BUILD_DIR)/$@)" -tags "$(BUILD_TAGS)" -o $(BUILD_DIR)/$@ $(PKG)/cmd/$@
gitlab-zip-cat: endif
$(call message,Building $@)
$(GOBUILD) -tags "$(BUILD_TAGS)" -o $(BUILD_DIR)/$@ $(PKG)/cmd/$@
.PHONY: gitlab-zip-metadata
gitlab-zip-metadata:
$(call message,Building $@)
$(GOBUILD) -tags "$(BUILD_TAGS)" -o $(BUILD_DIR)/$@ $(PKG)/cmd/$@
.PHONY: gitlab-workhorse .PHONY: gitlab-workhorse
gitlab-workhorse: gitlab-workhorse:
$(call message,Building $@) $(call message,Building $@)
$(GOBUILD) -tags "$(BUILD_TAGS)" -o $(BUILD_DIR)/$@ $(PKG) go build -ldflags "$(GO_BUILD_GENERIC_LDFLAGS)" -tags "$(BUILD_TAGS)" -o $(BUILD_DIR)/$@ $(PKG)
ifndef WITHOUT_BUILD_ID
go build -ldflags "$(GO_BUILD_GENERIC_LDFLAGS) -B 0x$$(_support/make-gnu-build-id.sh $(BUILD_DIR)/$@)" -tags "$(BUILD_TAGS)" -o $(BUILD_DIR)/$@ $(PKG)
endif
.PHONY: install .PHONY: install
install: $(EXE_ALL) install: $(EXE_ALL)
......
#!/bin/sh
main()
{
GO_BINARY=$1
if [ $# -ne 1 ] || [ ! -f $GO_BINARY ] ; then
fail "Usage: $0 [path_to_go_binary]"
fi
GO_BUILD_ID=$( go tool buildid "$GO_BINARY" || openssl rand -hex 32 )
if [ -z "$GO_BUILD_ID" ] ; then
fail "ERROR: Could not extract Go build-id or generate a random hex string."
fi
GNU_BUILD_ID=$( echo $GO_BUILD_ID | sha1sum | cut -d' ' -f1 )
if [ -z "$GNU_BUILD_ID" ] ; then
fail "ERROR: Could not generate a GNU build-id"
fi
echo "$GNU_BUILD_ID"
}
fail()
{
echo "$@" 1>&2
exit 1
}
main "$@"
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment