Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The new NIX_SSL_CERT_FILE changes break terraform (and probably other go projects) on Darwin #24124

Closed
copumpkin opened this issue Mar 20, 2017 · 4 comments
Closed

The new NIX_SSL_CERT_FILE changes break terraform (and probably other go projects) on Darwin #24124

copumpkin opened this issue Mar 20, 2017 · 4 comments
Labels
0.kind: regression Something that worked before working no longer 6.topic: golang

Comments

@copumpkin
Copy link
Member

I just upgraded to Nix 1.11.7 and found that terraform breaks in a hard-to-track manner as a result. I think it's because all Go projects reimplement everything from scratch so none of our patches to standard HTTP libraries like curl affect it.

The tricky problem that arises is that each Go project pulls in its own full set of dependencies, often "vendored" right into the project repository, so there's no single place for us to patch the Go http libraries. I can fix Terraform in a one-off way since it's pretty painful, but we'll probably need a better solution to teach Go about NIX_CERT_FILE.

cc @edolstra @kamilchm
@copumpkin copumpkin added 0.kind: regression Something that worked before working no longer 6.topic: golang labels Mar 20, 2017
@kamilchm
Copy link
Member

We can start with the patch for terraform and see if there's something that can be extracted to buildGoPackage or can be done as part of go2nix if we found that it can't be done in pure nix.

@copumpkin
Copy link
Member Author

See #24058 which might fix it

@copumpkin copumpkin changed the title The new NIX_CERT_FILE changes break terraform (and probably other go projects) on Darwin The new NIX_SSL_CERT_FILE changes break terraform (and probably other go projects) on Darwin Mar 20, 2017
@copumpkin
Copy link
Member Author

copumpkin commented Mar 20, 2017
edited
Loading

Apparently it's not as tricky as I thought since crypto/x509 doesn't usually get vendored. Let's just hope that we never have to patch anything less central 😁

@copumpkin copumpkin mentioned this issue Mar 20, 2017
Closed
@LnL7 LnL7 mentioned this issue Jul 23, 2017
Merged
15 tasks
@LnL7
Copy link
Member

LnL7 commented Oct 4, 2017

Fixed by #27598

@LnL7 LnL7 closed this as completed Oct 4, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0.kind: regression Something that worked before working no longer 6.topic: golang
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@copumpkin @LnL7 @kamilchm