From 39d9e98a6f9e51a1b2951055bbd60d6161715cd9 Mon Sep 17 00:00:00 2001
From: Sascha Grunert <sgrunert@redhat.com>
Date: Wed, 26 May 2021 09:45:44 +0200
Subject: [PATCH] Build non-static binaries with PIE buildmode

We now add the `-buildmode pie` flag when building non-static binaries,
which enables the ASLR security mechanism.

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
---
 hack/lib/golang.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/hack/lib/golang.sh b/hack/lib/golang.sh
index 5029bc18e67..a50a64af9c7 100755
--- a/hack/lib/golang.sh
+++ b/hack/lib/golang.sh
@@ -412,6 +412,10 @@ kube::golang::set_platform_envs() {
         export CGO_ENABLED=1
         export CC=${KUBE_LINUX_AMD64_CC:-x86_64-linux-gnu-gcc}
         ;;
+      "linux/386")
+        export CGO_ENABLED=1
+        export CC=${KUBE_LINUX_386_CC:-i686-linux-gnu-gcc}
+        ;;
       "linux/arm")
         export CGO_ENABLED=1
         export CC=${KUBE_LINUX_ARM_CC:-arm-linux-gnueabihf-gcc}
@@ -721,6 +725,7 @@ kube::golang::build_binaries_for_platform() {
       -gcflags "${gogcflags:-}"
       -asmflags "${goasmflags:-}"
       -ldflags "${goldflags:-}"
+      -buildmode pie
       -tags "${gotags:-}"
     )
     kube::golang::build_some_binaries "${nonstatics[@]}"