From 90116f20215f0c97b0418835cf87d7a2f54d84c7 Mon Sep 17 00:00:00 2001 From: Hamza El-Saawy Date: Thu, 18 Sep 2025 13:00:29 -0400 Subject: [PATCH] Organize `Makefile` variables and fix Go flags bug Specifying Make variables via command line takes precedence over and overrides all assignments to it. This causes issues with `GO_FLAGS_EXTRA`, which may be updated to include `-tags` an `-mod` flags, as well as used to pass extra Go flags via command line (e.g., `make GO_FLAGS_EXTRA=-trimpath). Update `Makefile` to update `GO_FLAGS` instead, and leave `GO_FLAGS_EXTRA` unmodified. Move `Makefile` variables intended to be overridden in the command line to dedicated blocks, and add comments to them. Additionally, add fix for new Microsoft Go behavior (starting in go1.25) that requires CGo by default for crypto libraries. See: - https://www.gnu.org/software/make/manual/html_node/Overriding.html - https://github.com/microsoft/go/blob/microsoft/main/eng/doc/MigrationGuide.md#disabling-systemcrypto Signed-off-by: Hamza El-Saawy --- Makefile | 45 +++++++++++++++++++++++++++++++++++---------- 1 file changed, 35 insertions(+), 10 deletions(-) diff --git a/Makefile b/Makefile index 9a9f5b4014..cc44ba8ae5 100644 --- a/Makefile +++ b/Makefile @@ -1,9 +1,8 @@ include Makefile.bootfiles -GO:=go -GO_FLAGS:=-ldflags "-s -w" # strip Go binaries -CGO_ENABLED:=0 -GOMODVENDOR:= +# C settings + +# enable loading kernel modules in init KMOD:=0 CFLAGS:=-O2 -Wall @@ -11,20 +10,46 @@ LDFLAGS:=-static -s #strip C binaries LDLIBS:= PREPROCESSORFLAGS:= ifeq "$(KMOD)" "1" -LDFLAGS:= -s -LDLIBS:= -lkmod +LDFLAGS:=-s +LDLIBS:=-lkmod PREPROCESSORFLAGS:=-DMODULES=1 endif +# Go settings + +# if Go is from the Microsoft Go fork +MSGO:=0 +# explicitly use vendored modules when building +GOMODVENDOR:= +# Go tags to enable +GO_BUILD_TAGS:= +# additional Go build flags GO_FLAGS_EXTRA:= +# use CGO +CGO_ENABLED:=0 + +GO:=go +GO_FLAGS:=-ldflags "-s -w" # strip Go binaries ifeq "$(GOMODVENDOR)" "1" -GO_FLAGS_EXTRA += -mod=vendor +GO_FLAGS+=-mod=vendor endif -GO_BUILD_TAGS:= ifneq ($(strip $(GO_BUILD_TAGS)),) -GO_FLAGS_EXTRA += -tags="$(GO_BUILD_TAGS)" +GO_FLAGS+=-tags="$(GO_BUILD_TAGS)" +endif +GO_BUILD_ENV:=CGO_ENABLED=$(CGO_ENABLED) +# starting with ms-go1.25, systemcrypto (for FIPS compliance) is enabled by default, which +# requires CGo. +# disable it for non-CGo builds. +# +# https://github.com/microsoft/go/blob/microsoft/main/eng/doc/MigrationGuide.md#cgo-is-not-enabled +# https://github.com/microsoft/go/blob/microsoft/main/eng/doc/MigrationGuide.md#disabling-systemcrypto +ifeq "$(MSGO)" "1" +ifneq "$(CGO_ENABLED)" "1" +# MS_GO_NOSYSTEMCRYPTO only works for >=ms-go1.25.2 +GO_BUILD_ENV+=MS_GO_NOSYSTEMCRYPTO=1 GOEXPERIMENT=nosystemcrypto +endif endif -GO_BUILD:=CGO_ENABLED=$(CGO_ENABLED) $(GO) build $(GO_FLAGS) $(GO_FLAGS_EXTRA) +GO_BUILD:= $(GO_BUILD_ENV) $(GO) build $(GO_FLAGS) $(GO_FLAGS_EXTRA) SRCROOT=$(dir $(abspath $(firstword $(MAKEFILE_LIST)))) # additional directories to search for rule prerequisites and targets