allow to compile go and go14 without COMPAT_FREEBSD32 and COMPAT_FREEBSD10 #17267
Comments
|
Is there any chance to MFC (cherry-pick) the patch from the #9627 issue to go 1.4 officially? |
|
@opntr, very unlikely. We only maintain the past release (Go 1.7) for critical bugs, and only the past two (Go 1.6 and Go 1.7) for security issues. Go 1.4 is very old. The only reason we'd patch it is for bootstrapping problems. Did FreeBSD change their default to no longer accept INT80 system calls? If not, and that's just your choice, we'll ask that you care the Go patches yourselves, or in the FreeBSD ports. |
|
The official FreeBSD keeps the COMPAT_FREEBSD32 in their kernel config, but in HardenedBSD removed them by default. We can live with patched go14 in our ports tree, but when this change is in upstream, then it's even better. The go1.4 have a special role in FreeBSD / HardenedBSD world, it is used as bootstrap compiler to compile newer GOs on these systems, and one the go1.4 isn't buildable, then we can't build the newest go anymore. The issue what's the basis of the int 80h change is already fixed in all of the currently supported FreeBSD version, as you can see on the https://www.freebsd.org/security/security.html#sup page. |
|
I sympathize with your position for bootstrapping reasons, but HardenedBSD is not a supported OS for Go at the moment. (See https://golang.org/wiki/PortingPolicy) You'll have to carry the Go 1.4 patches in your ports collection for now. If FreeBSD ever changes their defaults, we might consider a 1.4.x update then. We've never done such a 1.4 update but we're planning one soon for #16352 |
What version of Go are you using (
go version)?op@opn /tmp> /usr/local/go14/bin/go version
go version go1.4.3 freebsd/amd64
op@opn /tmp> go version
go version go1.7.1 freebsd/amd64
op@opn /tmp>
What operating system and processor architecture are you using (
go env)?op@opn /tmp> go env
GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="freebsd"
GOOS="freebsd"
GOPATH=""
GORACE=""
GOROOT="/usr/local/go"
GOTOOLDIR="/usr/local/go/pkg/tool/freebsd_amd64"
CC="cc"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build207787082=/tmp/go-build -gno-record-gcc-switches"
CXX="clang++"
CGO_ENABLED="1"
What did you do?
PoC-ed a working version on FreeBSD 11 without COMPAT_FREEBSD32 and COMPAT_FREEBSD10 in our kernel.
What did you expect to see?
Expected output will the compiled go on FreeBSD 10+ without COMPAT_FREEBSD32 (32 bit compatibility layer on x86-64) and without COMPAT_FREEBSD10 (FreeBSD 10 compatibility layer on FreeBSD 11+ system, this removes the old pipe implementation and only pipe2 exists in the kernel)
What did you see instead?
See the attached "dirty" patches as PoC.
XREF: https://github.com/HardenedBSD/hardenedbsd-ports/issues/30
0001-HBSD-make-it-compilable-without-COMPAT_FREEBSD32.patch.txt
0002-HBSD-make-go-compilable-without-COMPAT_FREEBSD10.patch.txt
The text was updated successfully, but these errors were encountered: