Use Cgo instead of compiling external helper

[pquerna]

1284363

As a consumer of gopsutils, putting in a hard coded path to compile a C file at runtime is not an acceptable behavior. Is there any reason to not just use Cgo to call these functions?

[pquerna]

reasons the current /tmp C file solution isn't ok:

• It is a security vulnerability. Writing to a known path in /tmp can allow other users to write arbitrary files: https://en.wikipedia.org/wiki/Symlink_race
• gcc is not available on all darwin hosts: gcc is part of the Developer Tools, which means many end users do not actually have it installed.

[pquerna]

Example Cgo code for getting the data:
https://github.com/cloudfoundry/gosigar/blob/master/sigar_darwin.go#L112

(via @dougm)

[shirou]

Is there any reason to not just use Cgo to call these functions

If I use Cgo, cross compiling becomes hard.

gcc is not available on all darwin hosts

Yes. but I think better than nothing.

It is a security vulnerability

Agree. I was wrong. Thank you.
I changed it only enabled if ALLLOW_INSECURE_CPU_HELPER is "yes" at c195d77.

I will start looking for another way to get CPU times.

[sparrc]

+1 to this, I understand that it makes it hard to cross-compile, but I'd strongly prefer CGO over executing a binary compiled at runtime

[shirou]

Now, I have changed my mind.
Since 47f6760, start to use CGO for darwin.
I close this issue. Please move to #66.

Thank you.