From 9a28d5edadbec84e07e64dc7fbb67543becf22a9 Mon Sep 17 00:00:00 2001 From: Changqing Li Date: Mon, 9 Feb 2026 16:30:43 +0800 Subject: recipes/golang: improve reproducibility Refer [1], cgo will embeded cgo_ldflags in the intermediary output, which make content ID will be incfluenced by cgo_ldflags. '--sysroot=xxx' includes build path, which will make the binary not reproducible, these recipes can build successfully without --sysroot, so remove it [1] https://git.openembedded.org/openembedded-core/commit/?id=1797741aad02b8bf429fac4b81e30cdda64b5448 Signed-off-by: Changqing Li Signed-off-by: Bruce Ashfield --- recipes-containers/containerd/containerd_git.bb | 4 ++-- recipes-containers/cri-tools/cri-tools_git.bb | 4 ++-- recipes-containers/docker-compose/docker-compose_git.bb | 6 +++--- recipes-containers/docker/docker.inc | 4 ++-- recipes-containers/kubernetes/kubernetes_git.bb | 7 +++++-- recipes-containers/nerdctl/nerdctl_git.bb | 4 ++-- recipes-containers/podman/podman_git.bb | 4 ++-- recipes-containers/runc/runc.inc | 4 ++-- 8 files changed, 20 insertions(+), 17 deletions(-) diff --git a/recipes-containers/containerd/containerd_git.bb b/recipes-containers/containerd/containerd_git.bb index 081cf354..4a6d26c3 100644 --- a/recipes-containers/containerd/containerd_git.bb +++ b/recipes-containers/containerd/containerd_git.bb @@ -48,8 +48,8 @@ do_compile() { # Pass the needed cflags/ldflags so that cgo # can find the needed headers files and libraries export CGO_ENABLED="1" - export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}" - export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export CGO_CFLAGS="${CFLAGS}" + export CGO_LDFLAGS="${LDFLAGS}" export BUILDTAGS="no_btrfs static_build netgo" export CFLAGS="${CFLAGS}" export LDFLAGS="${LDFLAGS}" diff --git a/recipes-containers/cri-tools/cri-tools_git.bb b/recipes-containers/cri-tools/cri-tools_git.bb index dad675e8..398c9ab0 100644 --- a/recipes-containers/cri-tools/cri-tools_git.bb +++ b/recipes-containers/cri-tools/cri-tools_git.bb @@ -50,8 +50,8 @@ do_compile() { export GOARCH="${TARGET_GOARCH}" # Pass the needed cflags/ldflags so that cgo can find the needed headers files and libraries export CGO_ENABLED="1" - export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}" - export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export CGO_CFLAGS="${CFLAGS}" + export CGO_LDFLAGS="${LDFLAGS}" export CFLAGS="" export LDFLAGS="" export CC="${CC}" diff --git a/recipes-containers/docker-compose/docker-compose_git.bb b/recipes-containers/docker-compose/docker-compose_git.bb index ccb36a16..1c39c862 100644 --- a/recipes-containers/docker-compose/docker-compose_git.bb +++ b/recipes-containers/docker-compose/docker-compose_git.bb @@ -58,8 +58,8 @@ do_compile() { # Pass the needed cflags/ldflags so that cgo # can find the needed headers files and libraries export GOARCH=${TARGET_GOARCH} - export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}" - export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export CGO_CFLAGS="${CFLAGS}" + export CGO_LDFLAGS="${LDFLAGS}" GO_LDFLAGS="-s -w -X internal.Version=${PV} -X ${COMPOSE_PKG}/internal.Version=${PV}" GO_BUILDTAGS="" @@ -85,4 +85,4 @@ INSANE_SKIP:${PN} += "ldflags already-stripped" # the AWS dependency is 8GB, try and control the # size of the clones -BB_GIT_SHALLOW = "1" \ No newline at end of file +BB_GIT_SHALLOW = "1" diff --git a/recipes-containers/docker/docker.inc b/recipes-containers/docker/docker.inc index 99535a77..717874b7 100644 --- a/recipes-containers/docker/docker.inc +++ b/recipes-containers/docker/docker.inc @@ -82,8 +82,8 @@ do_compile() { # can find the needed headers files and libraries export GOARCH=${TARGET_GOARCH} export CGO_ENABLED="1" - export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}" - export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export CGO_CFLAGS="${CFLAGS}" + export CGO_LDFLAGS="${LDFLAGS}" export DOCKER_BUILDTAGS='${BUILD_TAGS} ${PACKAGECONFIG_CONFARGS}' export GO111MODULE=off diff --git a/recipes-containers/kubernetes/kubernetes_git.bb b/recipes-containers/kubernetes/kubernetes_git.bb index f7b6940a..092b2475 100644 --- a/recipes-containers/kubernetes/kubernetes_git.bb +++ b/recipes-containers/kubernetes/kubernetes_git.bb @@ -54,6 +54,9 @@ inherit cni_networking COMPATIBLE_HOST = '(x86_64.*|arm.*|aarch64.*)-linux' +CGO_LDFLAGS ?= "${LDFLAGS}" +CGO_LDFLAGS:remove = "${DEBUG_PREFIX_MAP}" + do_compile() { export GOPATH="${S}/src/import/.gopath:${S}/src/import/vendor:${STAGING_DIR_TARGET}/${prefix}/local/go:${UNPACKDIR}/git/" cd ${S} @@ -85,8 +88,8 @@ do_compile() { export GOARCH="${TARGET_GOARCH}" # Pass the needed cflags/ldflags so that cgo can find the needed headers files and libraries export CGO_ENABLED="1" - export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}" - export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export CGO_CFLAGS="${CFLAGS}" + export CGO_LDFLAGS="${LDFLAGS}" export CFLAGS="" export LDFLAGS="" export CC="${CC}" diff --git a/recipes-containers/nerdctl/nerdctl_git.bb b/recipes-containers/nerdctl/nerdctl_git.bb index 295925d5..203e84e6 100644 --- a/recipes-containers/nerdctl/nerdctl_git.bb +++ b/recipes-containers/nerdctl/nerdctl_git.bb @@ -74,8 +74,8 @@ do_compile() { # Pass the needed cflags/ldflags so that cgo # can find the needed headers files and libraries export GOARCH=${TARGET_GOARCH} - export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}" - export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export CGO_CFLAGS="${CFLAGS}" + export CGO_LDFLAGS="${LDFLAGS}" # -trimpath removes build paths from the binary (required for reproducible builds) oe_runmake GO=${GO} BUILDTAGS="${BUILDTAGS}" GO_BUILD_FLAGS="-trimpath -buildmode=pie" binaries diff --git a/recipes-containers/podman/podman_git.bb b/recipes-containers/podman/podman_git.bb index f09e01f8..87e694e5 100644 --- a/recipes-containers/podman/podman_git.bb +++ b/recipes-containers/podman/podman_git.bb @@ -88,8 +88,8 @@ do_compile() { # can find the needed headers files and libraries export GOARCH=${TARGET_GOARCH} export CGO_ENABLED="1" - export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}" - export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export CGO_CFLAGS="${CFLAGS}" + export CGO_LDFLAGS="${LDFLAGS}" # podman now builds go-md2man and requires the host/build details export NATIVE_GOOS=${BUILD_GOOS} diff --git a/recipes-containers/runc/runc.inc b/recipes-containers/runc/runc.inc index b834ab14..b7e9d72e 100644 --- a/recipes-containers/runc/runc.inc +++ b/recipes-containers/runc/runc.inc @@ -58,8 +58,8 @@ do_compile() { # Pass the needed cflags/ldflags so that cgo # can find the needed headers files and libraries export CGO_ENABLED="1" - export CGO_CFLAGS="${CFLAGS} --sysroot=${STAGING_DIR_TARGET}" - export CGO_LDFLAGS="${LDFLAGS} --sysroot=${STAGING_DIR_TARGET}" + export CGO_CFLAGS="${CFLAGS}" + export CGO_LDFLAGS="${LDFLAGS}" export GO=${GO} export CFLAGS="" -- cgit v1.2.3-54-g00ecf