crypto/x509: add /usr/local/etc/ssl/certs for CA certificates on Linux #28199
Comments
|
hm, i am not sure that it's a good idea to add this, because even it's could be tested well. For your case you can set env variables go/src/crypto/x509/root_unix.go Line 28 in 29907b1 |
|
Added the symlink for now, but maybe those files can be added in e.g. profile ? Just seemed like it had a long list of other special cases hard-coded into it already ? |
FiloSottile
changed the title
FiloSottile
added
the
NeedsInvestigation
|
We already have a laundry list of possible locations, and by the nature of Linux distributions, that list could grow forever, which is not a manageable outcome. That's why |
|
Confirm that the workaround works fine, was also unnecessary to change export SSL_CERT_FILE=/usr/local/etc/ssl/certs/ca-certificates.crtI suppose I could always patch it downstream, if it is hard to get it into If interested, here are the complete build instructions for TCL: building_go.md |
|
Change https://golang.org/cl/141821 mentions this issue: |
|
I recommend using |
|
It's not so easy to use So it would have been easier, if the "crypto/x509" go module had just worked out-of-the-box ?
So it seems like patching Go to look in this standard location, will be the easiest way to support it. diff --git a/src/crypto/x509/root_linux.go b/src/crypto/x509/root_linux.go
index aa1785e..755af89 100644
--- a/src/crypto/x509/root_linux.go
+++ b/src/crypto/x509/root_linux.go
@@ -11,4 +11,5 @@
"/etc/ssl/ca-bundle.pem", // OpenSUSE
"/etc/pki/tls/cacert.pem", // OpenELEC
"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", // CentOS/RHEL 7
+ "/usr/local/etc/ssl/certs/ca-certificates.crt", // TinyCore
}
|
|
Go needs to be able to read the file. If permissions/ownership are a problem Go can't help. |
|
@adamdecaf : the file is there (readable) alright, it was the environment variable that went missing... i.e. one needs to either use |
|
@afbjorklund Oh, I see in your link that TinyCore installs Go 1.4? If so that version isn't supported anymore. https://github.com/boot2podman/boot2podman/blob/master/building_go.md#bootstrap |
|
@adamdecaf : I used go version 1.10.4. In order to build that, I used go-bootstrap version 1.4-20171003 |
|
I updated the patch, since it seems that you need both file and dir to be defined (for some uses) ? Or maybe I will just leave it here in this closed ticket, in case someone else stumbles into this later... |
What version of Go are you using (
go version)?go version go1.10.4 linux/amd64Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env)?linux-amd64
What did you do?
go get golang.org/x/tools/cmd/godocWhat did you expect to see?
(nothing)
What did you see instead?
package golang.org/x/tools/cmd/godoc: unrecognized import path "golang.org/x/tools/cmd/godoc" (https fetch: Get https://golang.org/x/tools/cmd/godoc?go-get=1: x509: failed to load system roots and no roots provided)Reason
Under TinyCore, the files are installed under
/usr/local/etc/ssl/certsrather than/etc/ssl/certs.It would be nice if both locations would be accepted (it is allowed, under the File Hierarchy Standard) ?
The text was updated successfully, but these errors were encountered: