-
Bug
-
Resolution: Unresolved
-
Blocker
-
CentOS Stream 9
-
golang-1.22.3-1.el9
-
ZStream
-
1
-
sst_pt_llvm_rust_go
-
ssg_platform_tools
-
2
-
Dev ack
-
False
-
None
-
CentOS Stream
-
Sprint 4
-
Approved Blocker
-
x86_64
-
None
What were you trying to do that didn't work?
I need to build a pure static binary called `snapctl` which is a part of the `snapd` package available in EPEL. For this I need to disable the FIPS compliance support which loads openssl through dlopen at runtime. This isn't a problem, as snapctl only even communicates with snapd over a local UNIX socket, but it does however use HTTP to do so, which pulls in Go's net/http (and crypto/* as a dependency). The binary needs to be a pure static binary as it will be executed in a mount namspace of a snap, which may not carry compatible libraries (or any libraries at all for that matter too).
Please provide the package NVR for which bug is seen:
golang-1.22.2-1.el9.x86_64
How reproducible:
always
Steps to reproduce
- use a minimal sample:
- `go build -ldflags=-extldflags=-static -tags no_openssl -v mini.go
the minimal sample:
```
package main
import "net/http"
func main() {
_, err := http.Get("http://google.com")
if err != nil
}
```
Expected results
a pure static binary
Actual results
build error
```
google:centos-9-64 .../mini/hello# go build -ldflags=-extldflags=-static -tags no_openssl -v mini.go
crypto/internal/boring
crypto/internal/backend
crypto/rand
crypto/aes
crypto/ecdh
crypto/sha512
crypto/ecdsa
crypto/ed25519
crypto/hmac
crypto/rsa
crypto/sha1
crypto/sha256
crypto/x509
vendor/golang.org/x/crypto/hkdf
crypto/tls
- crypto/tls
/usr/lib/golang/src/crypto/tls/handshake_client_tls13.go:44:20: undefined: supportsHKDF
mime/multipart
```
- links to
-
RHSA-2024:130214
golang bug fix and enhancement update
