From 5f7126329eab199e615612bec11a074d01c0fec8 Mon Sep 17 00:00:00 2001
From: Dongsu Park <dongsu@kinvolk.io>
Date: Fri, 13 Nov 2020 09:45:21 +0100
Subject: [PATCH] eclass: remove -Wl,-O1 from LDFLAGS passed to go_export

Go 1.15.5 fixed a security issue CVE-2020-28366, by rejecting certain
LDFLAGS for CGO. See https://github.com/golang/go/issues/42559.

However, that change breaks builds based on the Flatcar build chain,
because `go_export` sets `$LDFLAGS` to `-Wl,-O1 -Wl,--as-needed`.
As a result, Go build fails like:

```
go build runtime/cgo: invalid flag in go:cgo_ldflag: -Wl,-O1
```

We need to remove the flag `-Wl,-O1` from $LDFLAGS before building the
Go runtime, to fix the failure.
---
 .../third_party/coreos-overlay/eclass/coreos-go-utils.eclass | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/sdk_container/src/third_party/coreos-overlay/eclass/coreos-go-utils.eclass b/sdk_container/src/third_party/coreos-overlay/eclass/coreos-go-utils.eclass
index aff37573b3..c0b339d86b 100644
--- a/sdk_container/src/third_party/coreos-overlay/eclass/coreos-go-utils.eclass
+++ b/sdk_container/src/third_party/coreos-overlay/eclass/coreos-go-utils.eclass
@@ -84,6 +84,11 @@ go_export() {
 		append-ldflags -nopie
 	fi
 
+	# Remove certain flags from $LDFLAGS to fix validation errors in
+	# Go >= 1.15.5 like:
+	#   go build runtime/cgo: invalid flag in go:cgo_ldflag: -Wl,-O1
+	filter-ldflags "-Wl,-O1"
+
 	export CC=$(tc-getCC)
 	export CXX=$(tc-getCXX)
 	export CGO_ENABLED=${CGO_ENABLED:-1}