For a quick fix, change the line in src/cmd/link/internal/ld/lib.go

	argv = append(argv, ldflag...)

as the following,

	{
		added := map[string]bool{}
		for _, s := range ldflag {
			if added[s] {
				continue
			}
			added[s] = true
			argv = append(argv, s)
		}
	}

/cc @ianlancetaylor

The suggested fix above is unfortunately too simple, as some options like -Bstatic may appear multiple times, and eliminating them would change the meaning of the link command. I don't know how to fix this without understanding the external linker options.

While analyzing the code for a safe fix, I realized that using #cgo directive in one .go file also solves the problem. This directive will not be replicated for each imported package, so there is just one after all auto generated //go:cgo_ldflag ... directives are merged back from each package.

It looks like this,

/*
#cgo LDFLAGS: "-Wl,--version-script=${SRCDIR}/export.txt"
//...
*/
#import "C"
// ...

Note that this flag is not in the white list and requires the following environment variable,

CGO_LDFLAGS_ALLOW="-Wl,--version-script=[a-zA-Z0-9+-_/.]+"

It seems that CGO_LDFLAGS is about a global configuration option of the Go toolchain. It should better not be used for each project.

@ianlancetaylor, I got a new idea for a general fix.

1. Add a mark tag at the moment getting CGO_LDFLAGS array from env
2. Remove the tag and clean up all duplicated arrays at linking

Note that the tag format is (a const uuid + length of the whole CGO_LDFLAGS array with the tag prefix).

patch_cgo_ldflags.diff.txt

@albertjin For copyright reasons I prefer to look at patches submitted using as a PR or via Gerrit, to ensure that the CLA is signed.

It sounds like you are suggesting handling LDFLAGS that come from an environment variable differently than LDFLAGS listed in the file, and removing duplicates from the environment variable. That seems reasonable.

Is there any way to blacklist or remove certain ldflags from making it to the linker invocation?

For instance, src/runtime/cgo/cgo.go contains #cgo !android,linux LDFLAGS: -lpthread which is causing problems because I'm creating a static binary with some c++ code and it is very particular about where in the link line -lpthread will appear (and it also needs to be in the form of -Wl,--whole-archive -lpthread -Wl,--no-whole-archive). Is my only option to patch cgo.go?

Can you simply add the -Wl,--whole-archive ... to #cgo LDFLAGS in your own Go file?

If that doesn't work, the next fallback would be to write a little script that shuffles the arguments as you need, and pass that script as -ldflags=-extld=SCRIPT.

Can you simply add the -Wl,--whole-archive ... to #cgo LDFLAGS in your own Go file?

If that doesn't work, the next fallback would be to write a little script that shuffles the arguments as you need, and pass that script as -ldflags=-extld=SCRIPT.

For my situation, which was a generic build and deployment helper, I actually made a wrapper for the native compiler/linker without fixing the go toolchain. The method is the same as done in the previous patch, by adding a prefix mark in the environment variable CGO_LDFLAGS and getting rid of the duplicates later.

I tried to consolidate and submit the previous patch but hesitated. Maybe documenting the limitation of CGO_LDFLAGS is a final fix.

I also stumbled upon this while attempting to use:

CGO_LDFLAGS="-marm -static -ffreestanding -specs=nosys.specs"

Linking fails as the final host link gets the flags repeated multiple times:

host link: "arm-none-eabi-gcc" "-marm" "-s" "-o" "/tmp/go-build2721378602/b001/exe/a.out" "-static" "/tmp/go-link-871732654/go.o" "/tmp/go-link-871732654/000000.o" <cut for brevity>" "-marm" "-static" "-ffreestanding" "-specs=nosys.specs" "-marm" "-static" "-ffreestanding" "-specs=nosys.specs" "-marm" "-static" "-ffreestanding" "-specs=nosys.specs" "-marm" "-static" "-ffreestanding" "-specs=nosys.specs" "-specs=nosys.specs"
pkg/tool/linux_amd64/link: running arm-none-eabi-gcc failed: exit status 1
arm-none-eabi-gcc: fatal error: /usr/lib/gcc/arm-none-eabi/11.2.0/../../../../arm-none-eabi/lib/nosys.specs: attempt to rename spec 'link_gcc_c_sequence' to already defined spec 'nosys_link_gcc_c_sequence'

By adding de-duplication for argv in src/cmd/link/internal/ld/lib.go I am able to get past this issue, I cannot find any other easy way to solve it as the cgo I am pulling in is coming from an external import.

The workaround shown in #25930 (comment) also does not work as apparently there is an allowlist of flags (in src/cmd/go/internal/work/security.go) which does not consent the ones I'd like to use.