惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
C
CXSECURITY Database RSS Feed - CXSecurity.com
L
LINUX DO - 热门话题
S
Secure Thoughts
TaoSecurity Blog
TaoSecurity Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
T
Threat Research - Cisco Blogs
AI
AI
B
Blog RSS Feed
S
Schneier on Security
雷峰网
雷峰网
Schneier on Security
Schneier on Security
Help Net Security
Help Net Security
Cloudbric
Cloudbric
L
LINUX DO - 最新话题
罗磊的独立博客
有赞技术团队
有赞技术团队
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Apple Machine Learning Research
Apple Machine Learning Research
P
Proofpoint News Feed
酷 壳 – CoolShell
酷 壳 – CoolShell
The Hacker News
The Hacker News
博客园 - Franky
Attack and Defense Labs
Attack and Defense Labs
The Cloudflare Blog
Webroot Blog
Webroot Blog
Last Week in AI
Last Week in AI
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
博客园 - 叶小钗
美团技术团队
L
Lohrmann on Cybersecurity
T
The Blog of Author Tim Ferriss
The Last Watchdog
The Last Watchdog
T
Troy Hunt's Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Vercel News
Vercel News
Know Your Adversary
Know Your Adversary
O
OpenAI News
博客园 - 【当耐特】
Hacker News - Newest:
Hacker News - Newest: "LLM"
C
Cybersecurity and Infrastructure Security Agency CISA
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
www.infosecurity-magazine.com
www.infosecurity-magazine.com
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
PCI Perspectives
PCI Perspectives
H
Heimdal Security Blog
I
InfoQ
GbyAI
GbyAI
T
Threatpost
C
Cisco Blogs

博客园 - 川川籽

GO面试题:new 和 map 的区别 minikube dashboard ImagePullBackOff 失败问题的解决方法 hashicorp/raft模块实现的raft集群存在节点跨集群身份冲突问题 macos 13安装openvpn - 川川籽 [转发] Go pprof内存指标含义备忘录 自己搭建一个https的dns,让不同的浏览器使用不同的DNS,使用相同的域名访问到不同的主机上 记一次docker buildx build 推送到本地私有仓库出现 connection refused 的问题 Linux C 获取本机IPV4和IPV6地址列表 Mac M1 安装python3.6.x golang map 和 interface 的一些记录 MacOS M1 安装python3.5 使用php的openssl_encrypt和python的pycrypt进行跨语言的对称加密和解密问题 golang random string 【转载】coroutine 与 goroutine 区别 python简单的time ticker 记录一次python的mysqlclient依赖库报错问题 airflow当触发具有多层subDAG的任务的时候,出现[Duplicate entry ‘xxxx’ for key dag_id]的错误的问题处理 Python3并发写文件 python hash 每次调用结果不一样
'invalid flag in #cgo LDFLAGS: -w' 问题解决
川川籽 · 2020-11-30 · via 博客园 - 川川籽

当我们在go项目中使用C库,或者引用的第三方库有使用C库,有时候会遇到 invalid flag in #cgo LDFLAGS: -w 这种错误。

这是因为在项目代码中,使用了#cgo指令符(directive),对C/C++编译器添加了 CFLAGSCPPFLAGSCXXFLAGSLDFLAGS 等选项设置。

例如github.com/spacemonkeygo/openssl库的build.go中,则对各个特定平台的C/C++编译器,设置了不同的编译约束参数:

package openssl

// #cgo pkg-config: libssl libcrypto
// #cgo linux CFLAGS: -Wno-deprecated-declarations
// #cgo darwin CFLAGS: -I/usr/local/opt/openssl@1.1/include -I/usr/local/opt/openssl/include -Wno-deprecated-declarations
// #cgo darwin LDFLAGS: -w -L/usr/local/opt/openssl@1.1/lib -L/usr/local/opt/openssl/lib
// #cgo windows CFLAGS: -DWIN32_LEAN_AND_MEAN
import "C"

当我们使用go版本在1.10及其以上版本进行项目编译的时候,则会提示如下错误:

go build xxxx/vendor/github.com/spacemonkeygo/openssl: invalid flag in #cgo LDFLAGS: -w

原因是golang为了安全,在使用go get,go build和friends期间,禁止编译器/链接器使用LDFLAGS等连接参数,目的是防止编译器被攻击。

如果要使用LDFLAGS等连接参数,我们需要手动指定CGO_LDFLAGS_ALLOW等参数,例如:CGO_LDFLAGS_ALLOW='-w'

因此在命令行编译的时候,使用:

CGO_LDFLAGS_ALLOW='-w' go rum main.go

或者在IDE工具中,添加如上环境变量即可。

相关文章:https://github.com/golang/go/wiki/InvalidFlag

相关内容

InvalidFlag

Eddie Webb edited this page on 27 Feb 2019 · 2 revisions

invalid flag in #cgo CFLAGS

This page describes the background for build errors like invalid flag in #cgo CFLAGS and what you can do about them.

CVE-2018-6574 described a potential security violation in the go tool: running go get downloads and builds Go code from the Internet, Go code that uses cgo can specify options to pass to the compiler, so careful use of -fplugin can cause go get to execute arbitrary code. While it is difficult to block every possible way that the compiler might be attacked, we have chosen to block the obvious ones.

As described at issue 23672, this is done by using a safelist of compiler/linker options that are permitted during go get, go build, and friends. When cgo code tries to use to pass an option that is not on the safelist, the go tool will report an error invalid flag in #cgo CFLAGS (or #cgo LDFLAGS, pkg-config --cflags, pkg-config --ldflags, and so forth).

This safelist is new in releases 1.8.7, 1.9.4, and 1.10, and all subsequent releases.

What can I do?

If this happens to you, and the option is benign, you should do two things:

Set the environment variable CGO_CFLAGS_ALLOW (or CGO_LDFLAGS_ALLOW, CGO_CXXFLAGS_ALLOW, and so forth) to a regexp that matches the option.
File a bug requesting that the option be added to the safelist. Be sure to include the complete error message and, if possible, a description of the code you are building.

Why not use an unsafe list?

Because if some new unsafe option is added to a compiler, all existing Go releases will become immediately vulnerable.

Why not get a complete list of compiler options and safelist all of them?

Because there are hundreds of options, and there is no clear way to get a complete list. Many compiler and linker options are target dependent, and thus only reported on specific platforms or in specific configurations. The documentation is known to be incomplete.