From 92c732876497f6d6d70a590cdc3610543c28834c Mon Sep 17 00:00:00 2001
From: Claes Mogren <mogren@amazon.com>
Date: Mon, 30 Mar 2020 14:28:07 -0700
Subject: [PATCH] Use -buildmode=pie for binaries

---
 .circleci/config.yml | 2 ++
 Makefile             | 6 +++---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 868abf3f35..a6fd22b119 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -34,6 +34,7 @@ jobs:
       <<: *env
       # Target the GOARCH for x86_64
       ARCH: amd64
+      BUILD_MODE: "-buildmode=pie"
 
   build_aarch64:
     <<: *build
@@ -41,6 +42,7 @@ jobs:
       <<: *env
       # Target the GOARCH for aarch64
       ARCH: arm64
+      BUILD_MODE: ""
 
   integration_test:
     docker:
diff --git a/Makefile b/Makefile
index 1b3be73206..063755de66 100644
--- a/Makefile
+++ b/Makefile
@@ -55,8 +55,7 @@ DOCKER_ARCH = $(lastword $(subst :, ,$(filter $(ARCH):%,amd64:amd64 arm64:arm64v
 IMAGE_ARCH_SUFFIX = $(addprefix -,$(filter $(ARCH),arm64))
 # GOLANG_IMAGE is the building golang container image used.
 GOLANG_IMAGE = golang:1.13-stretch
-# For the requseted build, these are the set of Go specific build environment
-# variables.
+# For the requested build, these are the set of Go specific build environment variables.
 export GOARCH ?= $(ARCH)
 export GOOS = linux
 export CGO_ENABLED = 0
@@ -94,7 +93,8 @@ dist: all
 	docker save $(METRICS_IMAGE_NAME) | gzip > $(METRICS_IMAGE_DIST)
 
 # Build the VPC CNI plugin agent using the host's Go toolchain.
-build-linux: BUILD_FLAGS = -ldflags '-s -w $(LDFLAGS)'
+BUILD_MODE ?= -buildmode=pie
+build-linux: BUILD_FLAGS = $(BUILD_MODE) -ldflags '-s -w $(LDFLAGS)'
 build-linux:
 	go build $(BUILD_FLAGS) -o aws-k8s-agent     ./cmd/aws-k8s-agent
 	go build $(BUILD_FLAGS) -o aws-cni           ./cmd/routed-eni-cni-plugin