英文:
cannot use https in darwin-amd64 binary built on a linux-amd64
问题
我在 Linux-amd64 上构建了一个 darwin-amd64 版本的程序,交叉编译命令是:
GOOS=darwin GOARCH=amd64 GOBIN=/tmp go install <myprogram>
在此之前,我使用以下命令准备了 darwin-amd64 的工具链:
sudo GOOS=darwin GOARCH=amd64 ./make.bash
然而,将这个 darwin-amd64 版本的二进制文件交给我的同事后,他们无法用它进行登录,因为登录会发送一个使用 CGO 的 HTTPS 请求。返回的错误消息是:
x509: failed to load system roots and no roots provided
对于如何解决这个问题,有什么建议吗?
英文:
I build a darwin-amd64 version of my program on linux-amd64, the cross-compiling command is:
GOOS=darwin GOARCH=amd64 GOBIN=/tmp go install <myprogram>
Before that I've prepared the darwin-amd64 tool-chain using:
sudo GOOS=darwin GOARCH=amd64 ./make.bash
However, after giving this darwin-amd64 version binary to my colleagues, they can't use it for login because login will send a HTTPS request, which will use CGO. Errmsg returned is:
x509: failed to load system roots and no roots provided
Any suggestions on how to fix this?
答案1
得分: 1
这看起来像是一个证书问题,就像在“为静态Go二进制文件构建Docker镜像”中提到的那样。
这是因为在Linux系统上,tls包从
/etc/ssl/certs/ca-certificates.crt
中读取根CA证书,而scratch镜像中缺少该文件。
Contributors应用程序通过捆绑根CA证书的副本并配置出站调用来解决了这个问题。
所以你可以检查一下你同事的工作站上是否有/etc/ssl/certs/ca-certificates.crt
这个文件。
但是这个错误报告建议:
刚刚从go-nuts中得到了一些澄清。这是由于交叉编译无法加载x509证书...
交叉编译器在编译过程中无法使用
cgo
,但在Darwin上访问根证书存储库需要cgo
。我遇到了类似的问题,在从任何一个Linux发行版中复制
crt
文件后问题得到解决。为了让golang读取该文件,你必须将文件放置在完全相同的目录中。
crypto/x509
将遍历所有可能的证书文件。
另一种解决方案是使用“export CGO_ENABLED=0
”进行交叉编译。
bug 8349也显示了一些最新的Go进展。
英文:
That looks like a certificate issue, as the one mentioned in "Building Docker Images for Static Go Binaries"
> The reason for this is that on Linux systems the tls package reads the root CA certificates from /etc/ssl/certs/ca-certificates.crt
, which is missing from the scratch image.
The Contributors app gets around this problem by bundling a copy of the root CA certificates and configuring outbound calls to use them.
So you can check if that /etc/ssl/certs/ca-certificates.crt
is there on your colleague's workstation.
> Just got some clarifications from go-nuts. It's due to cross-compile won't work for loading x509 cert...
>
> the cross-compiler can't use 'cgo' during compilation, but 'cgo' is required to access the root certificate store on Darwin.
>
> I had a similar issue, was solved after copying crt
file from any of these linux distro. for golang to read the file, you have to place the file in the exact same directory.
crypto/x509
will loop over all the possible certificate files.
Another solution involves cross-compiling with "export CGO_ENABLED=0
".
The bug 8349 shows some progress too with more recent Go.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论