From dbb57d8d86f6fcc92d28c3d6835a83d85bb5e4b5 Mon Sep 17 00:00:00 2001
From: Luna Nova <git@lunnova.dev>
Date: Tue, 7 Oct 2025 17:25:46 -0700
Subject: [PATCH] go: only enable PIE by default when building for GOARCH
 matching target

We rely on teaching go to use the correct ELF interpreter
for PIE in a way that can't work for packages that
go off and do their own GOARCH=something cross builds
without touching nixpkgs cross machinery,
so update the default pie patch to bake targetPlatform's
GOARCH and only activate for it.

tailscale works as a testcase for this as it cross compiles
many arches in tstest/archtest/qemu_test.go
---
 pkgs/development/compilers/go/1.24.nix             | 4 +++-
 pkgs/development/compilers/go/1.25.nix             | 4 +++-
 pkgs/development/compilers/go/go-default-pie.patch | 2 +-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/pkgs/development/compilers/go/1.24.nix b/pkgs/development/compilers/go/1.24.nix
index 653b14f6ca1e..8ee9c0f16725 100644
--- a/pkgs/development/compilers/go/1.24.nix
+++ b/pkgs/development/compilers/go/1.24.nix
@@ -65,7 +65,9 @@ stdenv.mkDerivation (finalAttrs: {
     ./remove-tools-1.11.patch
     ./go_no_vendor_checks-1.23.patch
     ./go-env-go_ldso.patch
-    ./go-default-pie.patch
+    (replaceVars ./go-default-pie.patch {
+      inherit (stdenv.targetPlatform.go) GOARCH;
+    })
   ];
 
   inherit (stdenv.targetPlatform.go) GOOS GOARCH GOARM;
diff --git a/pkgs/development/compilers/go/1.25.nix b/pkgs/development/compilers/go/1.25.nix
index e7676644128c..60a8c24ae425 100644
--- a/pkgs/development/compilers/go/1.25.nix
+++ b/pkgs/development/compilers/go/1.25.nix
@@ -75,7 +75,9 @@ stdenv.mkDerivation (finalAttrs: {
     ./remove-tools-1.11.patch
     ./go_no_vendor_checks-1.23.patch
     ./go-env-go_ldso.patch
-    ./go-default-pie.patch
+    (replaceVars ./go-default-pie.patch {
+      inherit (stdenv.targetPlatform.go) GOARCH;
+    })
   ];
 
   inherit (stdenv.targetPlatform.go) GOOS GOARCH GOARM;
diff --git a/pkgs/development/compilers/go/go-default-pie.patch b/pkgs/development/compilers/go/go-default-pie.patch
index d26ac8f6cd0c..bce8d8dafd3d 100644
--- a/pkgs/development/compilers/go/go-default-pie.patch
+++ b/pkgs/development/compilers/go/go-default-pie.patch
@@ -7,7 +7,7 @@ index f9706a6988..abac42d550 100644
  		return true
  	}
 -	return false
-+	return BuildModeSupported("gc", "pie", goos, goarch)
++	return goarch == "@GOARCH@" && BuildModeSupported("gc", "pie", goos, goarch)
  }
  
  // ExecutableHasDWARF reports whether the linked executable includes DWARF