-
-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Go 1.6 on Darwin doesn't build #18223
Comments
This appears to be the same issue affecting the 1.7 build referenced in #18067. I don't understand the Go build process that well, but it looks like the issue is that it isn't able to pass the test for the crypto/x509 package as shown in this portion: FAIL crypto/x509 0.188s Looking at the stack trace with my limited understanding of Go it looks like the test is invoking a function (FetchPEMRoots) written in C using a foreign function interface which then fails, causing the test to fail. I would be interested in what the issue is, but I don't know enough Go to troubleshoot this. |
So I did some more digging and it looks like this may be an upstream issue regarding the way Go interacts with the SSL_CERT_FILE environmental variable. @mstone was trying to address an issue with Go regarding the crypto module in #10875, but his patch seems to resolve the build problems for Go 1.6 and 1.7 as well. His changes can be found at mstone/nixpkgs@fc28879. |
This can be fixed by porting the patches for 1.7 #18546 |
What happens is go calls into C.FetchPEMRoots() which then supposed to call into some MacOSX framework but instead it segfaults. Interestingly the segfault only happens with go built with nix. I am starting to suspect the underlying issue is somewhere around go linking to MacOSX Frameworks, then nix messing up those links. Just a theory. Of course if go just loads the certs from $SSL_CERT_FILE and avoids calling MacOSX code altogether, that will resolve this issue, but there is still something fishy going on. |
@sly010 I think this is some sort of signing/security issue, probably because of the way the darwin stdenv currently works. There are no issues with x509 when running as root IIRC. |
This is still an issue with go 1.8 and prevents me from using most go programs |
I'm pretty sure go 1.7 and 1.8 are patched correctly so |
SSL_CERT_FILE has been renamed to NIX_SSL_CERT_FILE recently. If I set |
Here is a minimal example to reproduce the issue: https://gist.github.com/zimbatm/8a67bd43242eaaed75924bd25e6fb5c6 |
Right, I forgot about that. I probably still set SSL_CERT_FILE somewhere in my dotfiles, I'll take a look and fix it. |
I'm not sure why, but after fixing the go_1_6 build at all on macOS Sierra (#27230), the test (The minimal example linked by @zimbatm above also works fine (as is, builds, and the executable executes happily), also after changing it to use |
@robx did you unset SSL_CERT_FILE and NIX_SSL_CERT_FILE? |
@zimbatm Ah yes that way it fails. Seems like it should be a separate issue though? |
Maybe. The go compilation error is fixed because we put some lipstick on it but the underlying issue is still there and ugly. |
But this is a ticket explicitly about outdated go1.6 not compiling, while your test case applies to the newer versions, too, right? Here I think it just gets (got) lost... |
Issue description
Building 1.6.3 on Darwin doesn't work ... full build log:
Steps to reproduce
nix-shell -p go_1_6
Technical details
OSX 10.11.6
"16.09pre90369.202d9e2"
nix-env (Nix) 1.11.2
The text was updated successfully, but these errors were encountered: