From 5e68a6d49af1b5354427b5795b7dbeee1df0db98 Mon Sep 17 00:00:00 2001 From: Carl Tashian Date: Wed, 21 Jun 2023 13:09:58 -0700 Subject: [PATCH 1/8] Check for gcc and pkg-config before building with cgo enabled --- Makefile | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/Makefile b/Makefile index 5d7995f4..13ed1395 100644 --- a/Makefile +++ b/Makefile @@ -63,6 +63,25 @@ DATE := $(shell date -u '+%Y-%m-%d %H:%M UTC') LDFLAGS := -ldflags='-w -X "main.Version=$(VERSION)" -X "main.BuildTime=$(DATE)"' GOFLAGS := CGO_ENABLED=0 +# Check for programs required for a CGO build +check_gcc := $(shell command -v gcc 2> /dev/null) +# pkg-config is run by the go-piv build on Linux, to discover +# properties of pcsclite library. +# See https://github.com/go-piv/piv-go/blob/5418a1a438791fc94745accde6c0f3cafac93311/piv/pcsc_unix.go#L23 +check_pkgconfig := $(shell command -v pkg-config 2> /dev/null) + +ifeq (,$(findstring CGO_ENABLED=0,$(GOFLAGS))) + ifeq (,$(check_gcc)) + $(error "Please install gcc before building with cgo enabled.") + endif + UNAME_S := $(shell uname -s) + ifeq ($(UNAME_S),Linux) + ifeq (,$(check_pkgconfig)) + $(error "Please install pkg-config before building with cgo enabled.") + endif + endif +endif + download: $Q go mod download From de52aee9b109b61e5caa380c9f8c99e60e181142 Mon Sep 17 00:00:00 2001 From: Carl Tashian Date: Wed, 21 Jun 2023 14:16:29 -0700 Subject: [PATCH 2/8] Trying a different approach --- Makefile | 28 +++++----------------------- 1 file changed, 5 insertions(+), 23 deletions(-) diff --git a/Makefile b/Makefile index 13ed1395..cb72f3b0 100644 --- a/Makefile +++ b/Makefile @@ -61,26 +61,8 @@ endif DATE := $(shell date -u '+%Y-%m-%d %H:%M UTC') LDFLAGS := -ldflags='-w -X "main.Version=$(VERSION)" -X "main.BuildTime=$(DATE)"' -GOFLAGS := CGO_ENABLED=0 - -# Check for programs required for a CGO build -check_gcc := $(shell command -v gcc 2> /dev/null) -# pkg-config is run by the go-piv build on Linux, to discover -# properties of pcsclite library. -# See https://github.com/go-piv/piv-go/blob/5418a1a438791fc94745accde6c0f3cafac93311/piv/pcsc_unix.go#L23 -check_pkgconfig := $(shell command -v pkg-config 2> /dev/null) - -ifeq (,$(findstring CGO_ENABLED=0,$(GOFLAGS))) - ifeq (,$(check_gcc)) - $(error "Please install gcc before building with cgo enabled.") - endif - UNAME_S := $(shell uname -s) - ifeq ($(UNAME_S),Linux) - ifeq (,$(check_pkgconfig)) - $(error "Please install pkg-config before building with cgo enabled.") - endif - endif -endif +GOFLAGS ?= +GO_ENVS := CGO_ENABLED=0 download: $Q go mod download @@ -90,7 +72,7 @@ build: $(PREFIX)bin/$(BINNAME) $(PREFIX)bin/$(BINNAME): download $(call rwildcard,*.go) $Q mkdir -p $(@D) - $Q $(GOOS_OVERRIDE) $(GOFLAGS) go build -v -o $(PREFIX)bin/$(BINNAME) $(LDFLAGS) $(PKG) + $Q $(GOOS_OVERRIDE) $(GO_ENVS) go build -v -o $(PREFIX)bin/$(BINNAME) $(LDFLAGS) $(PKG) # Target to force a build of step-ca without running tests simple: build @@ -112,7 +94,7 @@ generate: test: testdefault testtpmsimulator combinecoverage testdefault: - $Q $(GOFLAGS) gotestsum -- -coverprofile=defaultcoverage.out -short -covermode=atomic ./... + $Q $(GO_ENVS) gotestsum -- -coverprofile=defaultcoverage.out -short -covermode=atomic ./... testtpmsimulator: $Q CGO_ENALBED=1 gotestsum -- -coverprofile=tpmsimulatorcoverage.out -short -covermode=atomic -tags tpmsimulator ./acme @@ -128,7 +110,7 @@ combinecoverage: integrate: integration integration: bin/$(BINNAME) - $Q $(GOFLAGS) gotestsum -- -tags=integration ./integration/... + $Q $(GO_ENVS) gotestsum -- -tags=integration ./integration/... .PHONY: integrate integration From b2b8b489498398a7c9a0edae9f076570b978d6a1 Mon Sep 17 00:00:00 2001 From: Carl Tashian Date: Wed, 21 Jun 2023 14:34:29 -0700 Subject: [PATCH 3/8] Trying a different approach --- Makefile | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index cb72f3b0..0b429175 100644 --- a/Makefile +++ b/Makefile @@ -61,8 +61,15 @@ endif DATE := $(shell date -u '+%Y-%m-%d %H:%M UTC') LDFLAGS := -ldflags='-w -X "main.Version=$(VERSION)" -X "main.BuildTime=$(DATE)"' -GOFLAGS ?= -GO_ENVS := CGO_ENABLED=0 +GOFLAGS := -v + +ifeq (,$(GOFLAGS)) + ifeq (,$(findstring CGO_ENABLED=0,$(GO_ENVS))) + GO_ENVS := $(GO_ENVS) CGO_ENABLED=1 + endif +else + GO_ENVS := $(GO_ENVS) CGO_ENABLED=0 +endif download: $Q go mod download @@ -72,7 +79,7 @@ build: $(PREFIX)bin/$(BINNAME) $(PREFIX)bin/$(BINNAME): download $(call rwildcard,*.go) $Q mkdir -p $(@D) - $Q $(GOOS_OVERRIDE) $(GO_ENVS) go build -v -o $(PREFIX)bin/$(BINNAME) $(LDFLAGS) $(PKG) + $Q $(GOOS_OVERRIDE) $(GO_ENVS) go build $(GOFLAGS) -o $(PREFIX)bin/$(BINNAME) $(LDFLAGS) $(PKG) # Target to force a build of step-ca without running tests simple: build From 73cb04318ade05d57f0eb269ab56dd7e4dd643f6 Mon Sep 17 00:00:00 2001 From: Carl Tashian Date: Wed, 21 Jun 2023 14:44:16 -0700 Subject: [PATCH 4/8] Trying a different approach --- CONTRIBUTING.md | 2 +- docker/Dockerfile.hsm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 35f75159..2c13828e 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -74,7 +74,7 @@ sudo yum install pcsc-lite-devel To build `step-ca`, clone this repository and run the following: ```shell -make bootstrap && make build GOFLAGS="" +make bootstrap && make build GO_ENVS="CGO_ENABLED=1" ``` When the build is complete, you will find binaries in `bin/`. diff --git a/docker/Dockerfile.hsm b/docker/Dockerfile.hsm index 8ae1e7c7..c5a54d8c 100644 --- a/docker/Dockerfile.hsm +++ b/docker/Dockerfile.hsm @@ -6,7 +6,7 @@ COPY . . RUN apt-get update RUN apt-get install -y --no-install-recommends \ gcc pkgconf libpcsclite-dev libcap2-bin -RUN make V=1 GOFLAGS="" bin/step-ca +RUN make V=1 GO_ENVS="CGO_ENABLED=1" bin/step-ca RUN setcap CAP_NET_BIND_SERVICE=+eip bin/step-ca FROM smallstep/step-kms-plugin:bullseye AS kms From f8b318bb90ee981ae903b25481d821de31d4e3c7 Mon Sep 17 00:00:00 2001 From: Carl Tashian Date: Thu, 22 Jun 2023 15:35:13 -0700 Subject: [PATCH 5/8] Post-review fixes --- Makefile | 20 ++++++++++++++------ README.md | 14 ++++---------- 2 files changed, 18 insertions(+), 16 deletions(-) diff --git a/Makefile b/Makefile index 0b429175..2b18d48d 100644 --- a/Makefile +++ b/Makefile @@ -61,14 +61,22 @@ endif DATE := $(shell date -u '+%Y-%m-%d %H:%M UTC') LDFLAGS := -ldflags='-w -X "main.Version=$(VERSION)" -X "main.BuildTime=$(DATE)"' -GOFLAGS := -v -ifeq (,$(GOFLAGS)) - ifeq (,$(findstring CGO_ENABLED=0,$(GO_ENVS))) +# Always explicitly enable or disable cgo, +# so that go doesn't silently fall back on +# non-cgo when gcc is not found. +ifeq (,$(findstring CGO_ENABLED,$(GO_ENVS))) + ifneq ($(origin GOFLAGS),undefined) + # This section is for backward compatibility with + # + # $ make build GOFLAGS="" + # + # which is how we recommended building step-ca with cgo support + # until June 2023. GO_ENVS := $(GO_ENVS) CGO_ENABLED=1 + else + GO_ENVS := $(GO_ENVS) CGO_ENABLED=0 endif -else - GO_ENVS := $(GO_ENVS) CGO_ENABLED=0 endif download: @@ -79,7 +87,7 @@ build: $(PREFIX)bin/$(BINNAME) $(PREFIX)bin/$(BINNAME): download $(call rwildcard,*.go) $Q mkdir -p $(@D) - $Q $(GOOS_OVERRIDE) $(GO_ENVS) go build $(GOFLAGS) -o $(PREFIX)bin/$(BINNAME) $(LDFLAGS) $(PKG) + $Q $(GOOS_OVERRIDE) GOFLAGS=$(GOFLAGS) $(GO_ENVS) go build -v -o $(PREFIX)bin/$(BINNAME) $(LDFLAGS) $(PKG) # Target to force a build of step-ca without running tests simple: build diff --git a/README.md b/README.md index 9544e7cd..d7f0f5ce 100644 --- a/README.md +++ b/README.md @@ -119,18 +119,12 @@ See our installation docs [here](https://smallstep.com/docs/step-ca/installation ## Documentation -Documentation can be found in a handful of different places: - -1. On the web at https://smallstep.com/docs/step-ca. - -2. On the command line with `step help ca xxx` where `xxx` is the subcommand -you are interested in. Ex: `step help ca provisioner list`. - -3. In your browser, by running `step help --http=:8080 ca` from the command line +* [Official documentation](https://smallstep.com/docs/step-ca) is on smallstep.com +* The `step` command reference is available via `step help`, +[or on smallstep.com](https://smallstep.com/docs/step-cli/reference/), +or by running `step help --http=:8080` from the command line and visiting http://localhost:8080. -4. The [docs](./docs/README.md) folder is being deprecated, but it still has some documentation and tutorials. - ## Feedback? * Tell us what you like and don't like about managing your PKI - we're eager to help solve problems in this space. From e38e632dca6738ca33e230d165476dc391765128 Mon Sep 17 00:00:00 2001 From: Carl Tashian Date: Thu, 22 Jun 2023 15:39:25 -0700 Subject: [PATCH 6/8] Post-review fixes --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 2b18d48d..e94ebc8c 100644 --- a/Makefile +++ b/Makefile @@ -87,7 +87,7 @@ build: $(PREFIX)bin/$(BINNAME) $(PREFIX)bin/$(BINNAME): download $(call rwildcard,*.go) $Q mkdir -p $(@D) - $Q $(GOOS_OVERRIDE) GOFLAGS=$(GOFLAGS) $(GO_ENVS) go build -v -o $(PREFIX)bin/$(BINNAME) $(LDFLAGS) $(PKG) + $Q $(GOOS_OVERRIDE) GOFLAGS="$(GOFLAGS)" $(GO_ENVS) go build -v -o $(PREFIX)bin/$(BINNAME) $(LDFLAGS) $(PKG) # Target to force a build of step-ca without running tests simple: build From 44f3b97e61aad04af39844bc8eff1fb676b51815 Mon Sep 17 00:00:00 2001 From: Carl Tashian Date: Sat, 8 Jul 2023 02:49:58 -0700 Subject: [PATCH 7/8] Update Makefile Co-authored-by: Herman Slatman --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index e94ebc8c..630b54b9 100644 --- a/Makefile +++ b/Makefile @@ -112,7 +112,7 @@ testdefault: $Q $(GO_ENVS) gotestsum -- -coverprofile=defaultcoverage.out -short -covermode=atomic ./... testtpmsimulator: - $Q CGO_ENALBED=1 gotestsum -- -coverprofile=tpmsimulatorcoverage.out -short -covermode=atomic -tags tpmsimulator ./acme + $Q CGO_ENABLED=1 gotestsum -- -coverprofile=tpmsimulatorcoverage.out -short -covermode=atomic -tags tpmsimulator ./acme testcgo: $Q gotestsum -- -coverprofile=coverage.out -short -covermode=atomic ./... From 18bc0f333b175d467ee5f4bb4f4f1971441cf4d9 Mon Sep 17 00:00:00 2001 From: Carl Tashian Date: Sat, 8 Jul 2023 02:50:05 -0700 Subject: [PATCH 8/8] Update README.md Co-authored-by: Herman Slatman --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d7f0f5ce..9b454f51 100644 --- a/README.md +++ b/README.md @@ -121,7 +121,7 @@ See our installation docs [here](https://smallstep.com/docs/step-ca/installation * [Official documentation](https://smallstep.com/docs/step-ca) is on smallstep.com * The `step` command reference is available via `step help`, -[or on smallstep.com](https://smallstep.com/docs/step-cli/reference/), +[on smallstep.com](https://smallstep.com/docs/step-cli/reference/), or by running `step help --http=:8080` from the command line and visiting http://localhost:8080.