Skip to content
This repository has been archived by the owner on Jul 4, 2023. It is now read-only.

Compiling go with --cross-compile-common breaks x509 certificates #17758

Closed
wants to merge 1 commit into from
Closed

Compiling go with --cross-compile-common breaks x509 certificates #17758

wants to merge 1 commit into from

Conversation

joeshaw
Copy link
Contributor

@joeshaw joeshaw commented Feb 11, 2013

This breaks validation of SSL certificates, and prevents the go get tool from working, since it uses SSL to fetch from code.google.com and GitHub, among others.

$ brew install go --cross-compile-common
$ go get code.google.com/p/goprotobuf/proto
package code.google.com/p/goprotobuf/proto: Get https://code.google.com/p/goprotobuf/source/checkout?repo=: x509: certificate signed by unknown authority
$

$ brew install go --fresh
$ go get code.google.com/p/goprotobuf/proto
$

Go cannot get any certificates from the OS X keychain when built with --cross-compile-common. This is because it uses cgo to compile some native C code to access the keychain. For whatever reason, cgo seems to be disabled when the toolchain is built, despite :cgo => true in the formula. I haven't yet debugged it futher.

@joeshaw
Copy link
Contributor Author

joeshaw commented Feb 11, 2013

Reordering the build order seems to fix it, although i am not sure why.

diff --git i/Library/Formula/go.rb w/Library/Formula/go.rb
index 3390fa9..0c6dd57 100644
--- i/Library/Formula/go.rb
+++ w/Library/Formula/go.rb
@@ -30,9 +30,9 @@ class Go < Formula
       ]
     elsif build.include? 'cross-compile-common'
       targets = [
-        ['darwin',  ['386', 'amd64'],        { :cgo => true  }],
         ['linux',   ['386', 'amd64', 'arm'], { :cgo => false }],
         ['windows', ['386', 'amd64'],        { :cgo => false }],
+        ['darwin',  ['386', 'amd64'],        { :cgo => true  }],
       ]
     else
       targets = [

@joeshaw joeshaw mentioned this pull request Feb 11, 2013
Closed
@joeshaw
go: host platform must always be the last one built
afdd9ae 
Each cross-compiler step also rebuilds the host platform.  If
ENABLE_CGO=0 in a later build step, important OS routines (like looking
up x509 certificates in the keychain) are not implemented even for the
host platform.
@joeshaw
Copy link
Contributor Author

joeshaw commented Feb 11, 2013

Each cross-compile build also rebuilds the host platform. So since the code previously built windows/amd64 last, darwin/amd64 was built with ENABLE_CGO=0, which breaks x509 among probably others.

The solution (or workaround, unless this inefficiency is fixed upstream) is to always build darwin/amd64 last. Attached commit does that.

@MikeMcQuaid
Copy link
Member

Can/have you filed this upstream?

@joeshaw
Copy link
Contributor Author

joeshaw commented Feb 11, 2013

Just did: https://code.google.com/p/go/issues/detail?id=4791

@MikeMcQuaid
Copy link
Member

I suggest attaching a patch to it too.

@MikeMcQuaid
Copy link
Member

(Thanks!)

@joeshaw
Copy link
Contributor Author

joeshaw commented Feb 12, 2013

Regardless of the outcome upstream, is there any reason not to merge the patch in homebrew? Build order is determined entirely by the formula.

@adamv adamv closed this in 92850b3 Feb 12, 2013
@joeshaw joeshaw mentioned this pull request Feb 5, 2014
Closed
@joeshaw joeshaw mentioned this pull request Dec 8, 2014
Closed
@Homebrew Homebrew locked and limited conversation to collaborators Feb 16, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
upstream issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@joeshaw @MikeMcQuaid @adamv