SShortSingh.
Back to feed

How to Embed Version, Commit, and Build Time in Go Binaries at Build

0
·1 views

Go developers can inject version metadata into binaries at build time using the -ldflags -X flag, which sets package-level string variables before compilation. The flag requires the full import path of the target variable, and silently does nothing if the path is incorrect, making precision essential. A common pattern involves a dedicated build package holding Version, Commit, and Time variables, populated via a Makefile using git describe, git rev-parse, and the current UTC timestamp. Since Go 1.18, the toolchain also automatically embeds VCS metadata such as commit hash and dirty state, accessible at runtime through the runtime/debug package without any extra flags. Together, these approaches give teams reliable version traceability, which proves critical during incidents when identifying exactly which binary is running in production.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

Free Batch Image Converter Uses Photopea to Handle HEIC, WebP, JPG at Scale

Full-stack developer Mohamed ben mallessa has published a technical guide detailing how to batch-convert large volumes of images — including HEIC, WebP, and JPG formats — without paid tools or manual effort. The solution leverages Photopea, a free browser-based image editor, as a conversion engine driven by a custom script. Unlike ImageMagick, which requires specific codecs, or online converters with file-size limits, this approach handles hundreds of files locally without uploading them to any server. The script supports configurable output format, quality, and resizing, while preserving the original folder structure. Originally published as a GitHub Gist, the guide targets developers who regularly deal with bulk image processing workflows.

0
ProgrammingDEV Community ·

How the Linux Kernel Uses CPU Rings and Syscalls to Isolate Processes

Modern operating systems prevent processes from accessing arbitrary hardware or other processes' memory using built-in CPU architecture features, not software checks on every instruction. On x86, processors operate in privilege levels called rings: the kernel runs in Ring 0 with full hardware access, while user programs run in Ring 3 with restricted permissions. Whenever an interrupt or a system call occurs, the CPU automatically switches to Ring 0, returning control to the kernel's pre-configured handlers. When a user-space program needs hardware access — such as reading a file — it issues a syscall instruction, prompting the kernel to verify permissions and perform the operation on the process's behalf. Memory isolation between processes is enforced through virtual memory, another hardware-level feature that maps each process to its own address space without exposing others.

0
ProgrammingDEV Community ·

AI-Assisted Security Review of Ory Kratos Finds Authorization Boundaries Intact

A source-code-only security review of Ory Kratos, an open-source identity and user-management server licensed under Apache 2.0, used AI to generate five authorization-related hypotheses rather than produce direct vulnerability reports. The review methodology inverted the typical AI security workflow: the AI over-generated candidate weaknesses cheaply, while the human reviewer's task was to systematically eliminate each one. All five hypotheses — covering admin API authorization, cross-identity data leaks, token reuse, settings-flow identity confusion, and tenant boundary bypass — were killed after tracing the codebase and finding deliberate architectural safeguards. Key protections identified included deployment-layer admin API authorization, a centralized network-ID-based data filter enforced at the database layer, and server-side session identity binding. The review explicitly limits its claims to the public OSS repository and does not assert that Kratos is vulnerability-free, emphasizing that the value lies in the method and the documented kill table rather than any finding.

0
ProgrammingDEV Community ·

Guide Released for Compiling OBS Studio 32.x from Source on Debian Trixie

A technical guide has been published detailing how to build OBS Studio version 32.1.2 and above from source code on Debian Trixie (version 13). The process covers enabling advanced features including Browser Source via the Chromium Embedded Framework, WebSocket, WebRTC through libdatachannel, and NVIDIA NVENC hardware encoding using SDK 12.2. Because Debian Trixie does not package all required library versions, several dependencies such as libdatachannel and FFnvcodec headers must be compiled manually from source. The guide also notes that users running NVIDIA's 550.x driver branch should specifically use the sdk/12.2 branch of nv-codec-headers to prevent runtime crashes. The build uses the Ninja build system alongside Qt6, FFmpeg, Wayland, and PipeWire support, with OBS configured to install into a local directory rather than system-wide.

How to Embed Version, Commit, and Build Time in Go Binaries at Build · ShortSingh