Compiling for darwin w/ CGO_ENABLED=0 on OS X doesn't produce the same result as compiling on Linux #86
Comments
That known issue is unlikely to be fixed, ever. For your local Darwin builds, did you also build package crypto/x509
|
Yeah, I understand that it's not something that can really be fixed. And no, I used golang-crosscompile, which doesn't explicitly disable cgo if it's supported. So that's why it's working for me. How do you think we should deal with this? @ddollar did a hack to embed his CA's cert in dist, but that feels ugly & brittle to me. We could say that for the foreseeable future, all builds will be happening from OSX. That would probably get us by for a bit, and let us push the problem off until we really need to deal with it. |
I think you should use the same method that dist is using, but instead include the full compliment of trusted root certs that something like Firefox or Chrome uses. A hardcoded system root certificate store isn't brittle, it's the norm. |
If you compile everything on OSX will you have the same problem on the Windows and Linux cross compiled builds? |
@ddollar golang-crosscompile builds a cross compiling environment for all platforms, but it only disables cgo during those builds for non-native platforms. So since I built my cross-compilation environment using that script on OSX, my OSX target builds actually do include cgo dependencies. I guess one thing to fix here is that setting |
What I mean is will your builds for Linux compiled on OSX also be missing their root certificates? |
I think that Windows and Linux don't use cgo for looking up root certs. https://code.google.com/p/go/source/browse/src/pkg/crypto/x509/root_unix.go But there may be other packages, unrelated to x509 certs, that do require cgo |
I was helping @ddollar test his gobuild app yesterday. It does cross-compiled builds from a Heroku dyno for any platform.
So I fetched the
hk
binary from it and tried it out:$ wget -O hk-gobuild http://gobuild-dev.herokuapp.com/kr/hk/master/darwin/amd64 && chmod +x hk-gobuild ... $ ./hk-gobuild apps Get https://api.heroku.com/apps: x509: failed to load system roots and no roots provided
This is a known issue for binaries cross-compiled to darwin.
All of the other builds so far have been done from my OS X machine, so they are fine. But I don't really understand why. I thought that running the builds with
CGO_ENABLED=0
would give us the same result on any system we built from. Clearly that's not true, either because we're using it wrong, or because it doesn't do what I thought it did.The text was updated successfully, but these errors were encountered: