Skip to content
This repository has been archived by the owner on Jun 20, 2018. It is now read-only.

Compiling for darwin w/ CGO_ENABLED=0 on OS X doesn't produce the same result as compiling on Linux #86

Open
bgentry opened this issue Oct 16, 2013 · 7 comments

Comments

@bgentry
Copy link
Collaborator

bgentry commented Oct 16, 2013

I was helping @ddollar test his gobuild app yesterday. It does cross-compiled builds from a Heroku dyno for any platform.

So I fetched the hk binary from it and tried it out:

$ wget -O hk-gobuild http://gobuild-dev.herokuapp.com/kr/hk/master/darwin/amd64 && chmod +x hk-gobuild

...

$ ./hk-gobuild apps
Get https://api.heroku.com/apps: x509: failed to load system roots and no roots provided

This is a known issue for binaries cross-compiled to darwin.

All of the other builds so far have been done from my OS X machine, so they are fine. But I don't really understand why. I thought that running the builds with CGO_ENABLED=0 would give us the same result on any system we built from. Clearly that's not true, either because we're using it wrong, or because it doesn't do what I thought it did.

@kr
Copy link
Owner

kr commented Oct 16, 2013

That known issue is unlikely to be fixed, ever.

For your local Darwin builds, did you also build package crypto/x509
(so, the entire stdlib) with cgo disabled?

$ CGO_ENABLED=0 ./make.bash

@bgentry
Copy link
Collaborator Author

bgentry commented Oct 16, 2013

Yeah, I understand that it's not something that can really be fixed. And no, I used golang-crosscompile, which doesn't explicitly disable cgo if it's supported. So that's why it's working for me.

How do you think we should deal with this? @ddollar did a hack to embed his CA's cert in dist, but that feels ugly & brittle to me.

We could say that for the foreseeable future, all builds will be happening from OSX. That would probably get us by for a bit, and let us push the problem off until we really need to deal with it.

@ddollar
Copy link

ddollar commented Oct 16, 2013

I think you should use the same method that dist is using, but instead include the full compliment of trusted root certs that something like Firefox or Chrome uses. A hardcoded system root certificate store isn't brittle, it's the norm.

@ddollar
Copy link

ddollar commented Oct 16, 2013

If you compile everything on OSX will you have the same problem on the Windows and Linux cross compiled builds?

@bgentry
Copy link
Collaborator Author

bgentry commented Oct 16, 2013

If you compile everything on OSX will you have the same problem on the Windows and Linux cross compiled builds?

@ddollar golang-crosscompile builds a cross compiling environment for all platforms, but it only disables cgo during those builds for non-native platforms. So since I built my cross-compilation environment using that script on OSX, my OSX target builds actually do include cgo dependencies.

I guess one thing to fix here is that setting CGO_ENABLED=0 doesn't actually have a purpose when building from the environment I have.

@ddollar
Copy link

ddollar commented Oct 16, 2013

What I mean is will your builds for Linux compiled on OSX also be missing their root certificates?

@kr
Copy link
Owner

kr commented Oct 16, 2013

If you compile everything on OSX will you have the same problem on the Windows and Linux cross compiled builds?

I think that Windows and Linux don't use cgo for looking up root certs.

https://code.google.com/p/go/source/browse/src/pkg/crypto/x509/root_unix.go
https://code.google.com/p/go/source/browse/src/pkg/crypto/x509/root_windows.go

But there may be other packages, unrelated to x509 certs, that do require cgo
on those platforms.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants