File pie.patch of Package snapd-git

Build position-independent binaries per hardening policy
This is only supported on some architectures and only wth recent glibc (where rcrt1.o is present).

--- snapd-2.63/cmd/Makefile.am.orig
+++ snapd-2.63/cmd/Makefile.am
@@ -524,7 +524,7 @@ snap_gdb_shim_snap_gdb_shim_SOURCES = \
 	snap-gdb-shim/snap-gdb-shim.c
 
 snap_gdb_shim_snap_gdb_shim_LDADD = libsnap-confine-private.a
-snap_gdb_shim_snap_gdb_shim_LDFLAGS = -static
+snap_gdb_shim_snap_gdb_shim_LDFLAGS = -static-pie
 
 ##
 ## snap-gdbserver-shim
@@ -536,7 +536,7 @@ snap_gdb_shim_snap_gdbserver_shim_SOURCE
 	snap-gdb-shim/snap-gdbserver-shim.c
 
 snap_gdb_shim_snap_gdbserver_shim_LDADD = libsnap-confine-private.a
-snap_gdb_shim_snap_gdbserver_shim_LDFLAGS = -static
+snap_gdb_shim_snap_gdbserver_shim_LDFLAGS = -static-pie
 
 ##
 ## snapd-generator
--- snapd-2.63/packaging/snapd.mk
+++ snapd-2.63/packaging/snapd.mk.pie
@@ -77,9 +77,9 @@ $(builddir)/snap $(builddir)/snap-seccom
 $(builddir)/snap-update-ns $(builddir)/snap-exec $(builddir)/snapctl:
 	# Explicit request to use an external linker, otherwise extldflags may not be
 	# used
-	go build -o $@ -buildmode=default -mod=vendor \
+	go build -o $@ -buildmode=pie -mod=vendor \
 		$(if $(GO_TAGS),-tags "$(GO_TAGS)") \
-		-v -x -ldflags '--compressdwarf=false -linkmode external -extldflags "-static"' \
+		-v -x -ldflags '--compressdwarf=false -linkmode external -extldflags "-static-pie"' \
 		$(import_path)/cmd/$(notdir $@)
 
 # Snapd can be built with test keys. This is only used by the internal test