From 658bdb1ecb68eb0f636bd57f4a9975ff7633e8ff Mon Sep 17 00:00:00 2001
From: Marco Vedovati <mvedovati@suse.com>
Date: Fri, 2 Nov 2018 16:08:12 +0100
Subject: [PATCH] runtime,netmon: build as Position-Independent-Executable

Build {runtime,netmon} as Position-Independent-Executable (PIE) for improved
security and compliancy with distros packaging guidelines.

Fixes: #875

Signed-off-by: Marco Vedovati <mvedovati@suse.com>
---
 Makefile | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 4f419b96..5087ec18 100644
--- a/Makefile
+++ b/Makefile
@@ -225,6 +225,7 @@ USER_VARS += DEFDISABLENESTINGCHECKS
 USER_VARS += DEFMSIZE9P
 USER_VARS += DEFHOTPLUGVFIOONROOTBUS
 USER_VARS += DEFENTROPYSOURCE
+USER_VARS += BUILDFLAGS
 
 
 V              = @
@@ -237,6 +238,9 @@ QUIET_GENERATE = $(Q:@=@echo    '     GENERATE '$@;)
 QUIET_INST     = $(Q:@=@echo    '     INSTALL '$@;)
 QUIET_TEST     = $(Q:@=@echo    '     TEST    '$@;)
 
+# go build common flags
+BUILDFLAGS := -buildmode=pie
+
 # Return non-empty string if specified directory exists
 define DIR_EXISTS
 $(shell test -d $(1) && echo "$(1)")
@@ -252,7 +256,7 @@ all: runtime netmon
 netmon: $(NETMON_TARGET_OUTPUT)
 
 $(NETMON_TARGET_OUTPUT): $(SOURCES)
-	$(QUIET_BUILD)(cd $(NETMON_DIR) && go build -i -o $@ -ldflags "-X main.version=$(VERSION)")
+	$(QUIET_BUILD)(cd $(NETMON_DIR) && go build $(BUILDFLAGS) -o $@ -ldflags "-X main.version=$(VERSION)")
 
 runtime: $(TARGET_OUTPUT) $(CONFIG)
 .DEFAULT: default
@@ -359,7 +363,7 @@ $(GENERATED_CONFIG): Makefile VERSION
 	$(QUIET_GENERATE)echo "$$GENERATED_CODE" >$@
 
 $(TARGET_OUTPUT): $(EXTRA_DEPS) $(SOURCES) $(GENERATED_GO_FILES) $(GENERATED_FILES) Makefile | show-summary
-	$(QUIET_BUILD)(cd $(CLI_DIR) && go build -i -o $@ .)
+	$(QUIET_BUILD)(cd $(CLI_DIR) && go build $(BUILDFLAGS) -o $@ .)
 
 .PHONY: \
 	check \