From a86b2da38d029c434dd234f59d1f602c23b56bc9 Mon Sep 17 00:00:00 2001 From: joaks Date: Mon, 8 Jul 2024 19:49:02 +0000 Subject: [PATCH] Clear GOROOT when linking Due to https://github.com/golang/go/issues/62047, Go 1.23 won't support `GOROOT_FINAL`. This means that #971 will no longer fix #969, meaning linked binaries will contain full GOROOT paths, making them non-reproducible. Instead of using `GOROOT_FINAL`, this change sets `GOROOT` when invoking the linker, which will cause the linker to continue to write `GOROOT` into the binary, keeping builds consistent. This works on Go 1.23rc1 as well. I'm not a rules_go expert and I'm not married to this particular solution, I just wanted to bring attention to the issue. If there's a clever way we can set `-trimpath` when invoking the compiler, that might be better - but we already use that flag to trim off the bazel sandbox I believe. --- go/private/context.bzl | 1 - go/tools/builders/link.go | 7 +++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/go/private/context.bzl b/go/private/context.bzl index b318908f3..ef054a596 100644 --- a/go/private/context.bzl +++ b/go/private/context.bzl @@ -487,7 +487,6 @@ def go_context(ctx, attr = None): "GOOS": mode.goos, "GOEXPERIMENT": ",".join(toolchain.sdk.experiments), "GOROOT": goroot, - "GOROOT_FINAL": "GOROOT", "CGO_ENABLED": "0" if mode.pure else "1", # If we use --action_env=GOPATH, or in other cases where environment diff --git a/go/tools/builders/link.go b/go/tools/builders/link.go index bf0f696bc..6f97eaf7e 100644 --- a/go/tools/builders/link.go +++ b/go/tools/builders/link.go @@ -149,6 +149,13 @@ func link(args []string) error { // add in the unprocess pass through options goargs = append(goargs, toolArgs...) goargs = append(goargs, *main) + + // Explicitly set GOROOT to a dummy value when running linker. + // This ensures that the GOROOT written into the binary + // is constant and thus builds are reproducible. + oldroot := os.Getenv("GOROOT") + defer os.Setenv("GOROOT", oldroot) + os.Setenv("GOROOT", "GOROOT") if err := goenv.runCommand(goargs); err != nil { return err }