New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/x509: add /usr/local/etc/ssl/certs for CA certificates on Linux #28199
Comments
hm, i am not sure that it's a good idea to add this, because even it's could be tested well. For your case you can set env variables go/src/crypto/x509/root_unix.go Line 28 in 29907b1
|
Added the symlink for now, but maybe those files can be added in e.g. profile ? Just seemed like it had a long list of other special cases hard-coded into it already ? |
We already have a laundry list of possible locations, and by the nature of Linux distributions, that list could grow forever, which is not a manageable outcome. That's why |
Confirm that the workaround works fine, was also unnecessary to change export SSL_CERT_FILE=/usr/local/etc/ssl/certs/ca-certificates.crt I suppose I could always patch it downstream, if it is hard to get it into If interested, here are the complete build instructions for TCL: building_go.md |
Change https://golang.org/cl/141821 mentions this issue: |
I recommend using |
It's not so easy to use So it would have been easier, if the "crypto/x509" go module had just worked out-of-the-box ?
So it seems like patching Go to look in this standard location, will be the easiest way to support it. diff --git a/src/crypto/x509/root_linux.go b/src/crypto/x509/root_linux.go
index aa1785e..755af89 100644
--- a/src/crypto/x509/root_linux.go
+++ b/src/crypto/x509/root_linux.go
@@ -11,4 +11,5 @@
"/etc/ssl/ca-bundle.pem", // OpenSUSE
"/etc/pki/tls/cacert.pem", // OpenELEC
"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", // CentOS/RHEL 7
+ "/usr/local/etc/ssl/certs/ca-certificates.crt", // TinyCore
}
|
Go needs to be able to read the file. If permissions/ownership are a problem Go can't help. |
@adamdecaf : the file is there (readable) alright, it was the environment variable that went missing... i.e. one needs to either use |
@afbjorklund Oh, I see in your link that TinyCore installs Go 1.4? If so that version isn't supported anymore. https://github.com/boot2podman/boot2podman/blob/master/building_go.md#bootstrap |
@adamdecaf : I used go version 1.10.4. In order to build that, I used go-bootstrap version 1.4-20171003 |
I updated the patch, since it seems that you need both file and dir to be defined (for some uses) ?
Or maybe I will just leave it here in this closed ticket, in case someone else stumbles into this later... |
What version of Go are you using (
go version
)?go version go1.10.4 linux/amd64
Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?linux-amd64
What did you do?
go get golang.org/x/tools/cmd/godoc
What did you expect to see?
(nothing)
What did you see instead?
package golang.org/x/tools/cmd/godoc: unrecognized import path "golang.org/x/tools/cmd/godoc" (https fetch: Get https://golang.org/x/tools/cmd/godoc?go-get=1: x509: failed to load system roots and no roots provided)
Reason
Under TinyCore, the files are installed under
/usr/local/etc/ssl/certs
rather than/etc/ssl/certs
.It would be nice if both locations would be accepted (it is allowed, under the File Hierarchy Standard) ?
The text was updated successfully, but these errors were encountered: