在 Linux-amd64 上构建的 Darwin-amd64 二进制文件无法使用 HTTPS。

huangapple go评论92阅读模式
英文:

cannot use https in darwin-amd64 binary built on a linux-amd64

问题

我在 Linux-amd64 上构建了一个 darwin-amd64 版本的程序,交叉编译命令是:

GOOS=darwin GOARCH=amd64 GOBIN=/tmp go install <myprogram>

在此之前,我使用以下命令准备了 darwin-amd64 的工具链:

sudo GOOS=darwin GOARCH=amd64 ./make.bash

然而,将这个 darwin-amd64 版本的二进制文件交给我的同事后,他们无法用它进行登录,因为登录会发送一个使用 CGO 的 HTTPS 请求。返回的错误消息是:

x509: failed to load system roots and no roots provided

对于如何解决这个问题,有什么建议吗?

英文:

I build a darwin-amd64 version of my program on linux-amd64, the cross-compiling command is:

GOOS=darwin GOARCH=amd64 GOBIN=/tmp go install &lt;myprogram&gt;

Before that I've prepared the darwin-amd64 tool-chain using:

sudo GOOS=darwin GOARCH=amd64 ./make.bash

However, after giving this darwin-amd64 version binary to my colleagues, they can't use it for login because login will send a HTTPS request, which will use CGO. Errmsg returned is:

x509: failed to load system roots and no roots provided

Any suggestions on how to fix this?

答案1

得分: 1

这看起来像是一个证书问题,就像在“为静态Go二进制文件构建Docker镜像”中提到的那样。

这是因为在Linux系统上,tls包从/etc/ssl/certs/ca-certificates.crt中读取根CA证书,而scratch镜像中缺少该文件。
Contributors应用程序通过捆绑根CA证书的副本并配置出站调用来解决了这个问题。

所以你可以检查一下你同事的工作站上是否有/etc/ssl/certs/ca-certificates.crt这个文件。

但是这个错误报告建议

刚刚从go-nuts中得到了一些澄清。这是由于交叉编译无法加载x509证书...

交叉编译器在编译过程中无法使用cgo,但在Darwin上访问根证书存储库需要cgo

我遇到了类似的问题,在从任何一个Linux发行版中复制crt文件后问题得到解决。为了让golang读取该文件,你必须将文件放置在完全相同的目录中。
crypto/x509将遍历所有可能的证书文件

另一种解决方案是使用“export CGO_ENABLED=0”进行交叉编译。

bug 8349也显示了一些最新的Go进展。

英文:

That looks like a certificate issue, as the one mentioned in "Building Docker Images for Static Go Binaries"

> The reason for this is that on Linux systems the tls package reads the root CA certificates from /etc/ssl/certs/ca-certificates.crt, which is missing from the scratch image.
The Contributors app gets around this problem by bundling a copy of the root CA certificates and configuring outbound calls to use them.

So you can check if that /etc/ssl/certs/ca-certificates.crt is there on your colleague's workstation.

But this bug report suggests:

> Just got some clarifications from go-nuts. It's due to cross-compile won't work for loading x509 cert...
>
> the cross-compiler can't use 'cgo' during compilation, but 'cgo' is required to access the root certificate store on Darwin.
>
> I had a similar issue, was solved after copying crt file from any of these linux distro. for golang to read the file, you have to place the file in the exact same directory.
crypto/x509 will loop over all the possible certificate files.

Another solution involves cross-compiling with "export CGO_ENABLED=0".

The bug 8349 shows some progress too with more recent Go.

huangapple
  • 本文由 发表于 2014年11月21日 14:28:20
  • 转载请务必保留本文链接:https://go.coder-hub.com/27055401.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定