Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

go get x509: failed to load system roots and no roots provided #10875

Closed
andrewrynhard opened this issue Nov 7, 2015 · 9 comments
Closed

go get x509: failed to load system roots and no roots provided #10875

andrewrynhard opened this issue Nov 7, 2015 · 9 comments
Labels
0.kind: bug 6.topic: darwin Running or building packages on Darwin

Comments

@andrewrynhard
Copy link

Installed go with nix in a nix-shell environment and I am getting errors when using go get. As the title explains the error is x509: failed to load system roots and no roots provided. I have made sure that the nix.sh environment variables are set but still get this error. This is on OS X.
@vcunat vcunat added the 6.topic: darwin Running or building packages on Darwin label Nov 7, 2015
@pikajude
Copy link
Contributor

go being unable to interoperate with the system keychain is a known issue (hub is also broken), though it needs more investigation. The keychain interface code has also changed drastically between go 1.4 and 1.5, so it might be worth whichever is the other version of the compiler?

@nbp
Copy link
Member

nbp commented Nov 21, 2015

cc @cstrahan @wkennington

@andrewrynhard
Copy link
Author

@pikajude this is with go1.5.

@zimbatm
Copy link
Member

zimbatm commented Jan 17, 2016

The nix profile sets the SSL_CERT_FILE environment variable but go doesn't seem to take that into account.

@layus layus mentioned this issue Feb 1, 2016
Closed
4 tasks
@sirn sirn mentioned this issue Jun 1, 2016
Open
@chrisfarms
Copy link
Contributor

There's an open Go issue to support SSL_CERT_FILE which should resolve this.

In the meantime I think you need to ensure /etc/ssl/certs/ca-bundle.crt exists, since Go appears to happily guess that location.

this did the trick for me:

ln -s $SSL_CERT_FILE /etc/ssl/certs/ca-bundle.crt

@zimbatm
Copy link
Member

zimbatm commented Jun 15, 2016

I actually have a patch to add SSL_CERT_FILE support to go but then decided it was too much work maintaining the patch. If you're interested it's at zimbatm@e5557a6 . Both go 1.4 and 1.5 are supported. I did it before go 1.6 so that would need to be adapted.

@ben0x539
Copy link
Contributor

ben0x539 commented Sep 6, 2016

yo I didn't get very far trying to figure this out. The thing with putting the certs into /etc didn't help for me. I've been using the following test case:

package main
import ( "fmt"; "net/http")
func main() { fmt.Println(http.Get("https://nixos.org/channels/nixos-unstable/git-revision")) }

It fails with the error message in the issue title.

Trying to dtrace (I'm not very good with OS X) it, I noticed that it works when running as root. Unclear what the deal is, looks like there's some certificate data scrolling past in the trace either way.

Does go1.7 change the behavior? I haven't been able to get it to build so far.

@mstone
Copy link
Contributor

mstone commented Sep 9, 2016
edited
Loading

@andrewrynhard does mstone@fc28879 work around the problem for you (perhaps if adjusted for go 1.5 instead of 1.6)?

@mstone mstone mentioned this issue Sep 9, 2016
Closed
@nixy nixy mentioned this issue Sep 10, 2016
Closed
@LnL7
Copy link
Member

LnL7 commented Sep 19, 2016

This is fixed for 1.7

@LnL7 LnL7 closed this as completed Sep 19, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0.kind: bug 6.topic: darwin Running or building packages on Darwin
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@zimbatm @ben0x539 @chrisfarms @pikajude @mstone @LnL7 @nbp @vcunat @andrewrynhard