Skip to content

fix(build): enable lazy binding to resolve symbol lookup errors #1350

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kongfei605 merged 1 commit into from
Nov 27, 2025
Merged

fix(build): enable lazy binding to resolve symbol lookup errors #1350

kongfei605 merged 1 commit into from
Nov 27, 2025

Conversation

@kongfei605
Copy link
Collaborator

@kongfei605 kongfei605 commented Nov 27, 2025

No description provided.

Copilot AI review requested due to automatic review settings November 27, 2025 06:04
Copilot AI reviewed Nov 27, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds a lazy binding linker flag to the CGO-enabled Linux AMD64 build configuration to resolve symbol lookup errors during the build process.

Key Changes

  • Added -extldflags "-Wl,-z,lazy" to the linux-amd64-cgo build configuration's ldflags to enable lazy symbol binding

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.goreleaser.yaml
ldflags:
- -s -w
- -X flashcat.cloud/categraf/config.Version={{ .Tag }}-{{.Commit}}
- -extldflags "-Wl,-z,lazy"
Copy link

Copilot AI Nov 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using -Wl,-z,lazy enables lazy symbol binding, which defers symbol resolution until functions are called. While this may resolve build-time symbol lookup errors, it has security implications:

  1. Security concern: Lazy binding is vulnerable to GOT (Global Offset Table) hijacking attacks. Modern security best practices recommend using -Wl,-z,now (immediate binding) instead, which is often combined with RELRO (read-only relocations) for hardening.

  2. Trade-off: Lazy binding provides faster startup time but weaker security, while immediate binding (-z,now) provides better security at the cost of slightly slower startup.

If symbol lookup errors are occurring, consider investigating the root cause rather than using lazy binding. Common solutions include:

  • Ensuring all required libraries are properly linked
  • Verifying library paths and dependencies
  • Using -Wl,--no-as-needed if symbols are being incorrectly stripped

If lazy binding is intentionally required for this CGO build, consider documenting the rationale and security trade-off.

Suggested change
- -extldflags "-Wl,-z,lazy"
- -extldflags "-Wl,-z,now"

Copilot uses AI. Check for mistakes.
@kongfei605 kongfei605 merged commit 974b2ca into flashcatcloud:main Nov 27, 2025
9 checks passed
@kongfei605 kongfei605 deleted the cgo branch November 27, 2025 06:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kongfei605