Merge pull request #1446 from smallstep/carl/check-cgo-deps

Address Makefile issues around the cgo build

CONTRIBUTING.md

@@ -74,7 +74,7 @@ sudo yum install pcsc-lite-devel
 To build `step-ca`, clone this repository and run the following:
 
 ```shell
-make bootstrap && make build GOFLAGS=""
+make bootstrap && make build GO_ENVS="CGO_ENABLED=1"
 ```
 
 When the build is complete, you will find binaries in `bin/`.

Makefile

@@ -61,7 +61,23 @@ endif
 
 DATE    := $(shell date -u '+%Y-%m-%d %H:%M UTC')
 LDFLAGS := -ldflags='-w -X "main.Version=$(VERSION)" -X "main.BuildTime=$(DATE)"'
-GOFLAGS := CGO_ENABLED=0
+
+# Always explicitly enable or disable cgo,
+# so that go doesn't silently fall back on
+# non-cgo when gcc is not found.
+ifeq (,$(findstring CGO_ENABLED,$(GO_ENVS)))
+	ifneq ($(origin GOFLAGS),undefined)
+		# This section is for backward compatibility with 
+		# 
+		# $ make build GOFLAGS=""
+		#
+		# which is how we recommended building step-ca with cgo support
+		# until June 2023.
+		GO_ENVS := $(GO_ENVS) CGO_ENABLED=1
+	else
+		GO_ENVS := $(GO_ENVS) CGO_ENABLED=0
+	endif
+endif
 
 download:
 	$Q go mod download
@@ -71,7 +87,7 @@ build: $(PREFIX)bin/$(BINNAME)
 
 $(PREFIX)bin/$(BINNAME): download $(call rwildcard,*.go)
 	$Q mkdir -p $(@D)
-	$Q $(GOOS_OVERRIDE) $(GOFLAGS) go build -v -o $(PREFIX)bin/$(BINNAME) $(LDFLAGS) $(PKG)
+	$Q $(GOOS_OVERRIDE) GOFLAGS="$(GOFLAGS)" $(GO_ENVS) go build -v -o $(PREFIX)bin/$(BINNAME) $(LDFLAGS) $(PKG)
 
 # Target to force a build of step-ca without running tests
 simple: build
@@ -93,10 +109,10 @@ generate:
 test: testdefault testtpmsimulator combinecoverage
 
 testdefault:
-	$Q $(GOFLAGS) gotestsum -- -coverprofile=defaultcoverage.out -short -covermode=atomic ./...
+	$Q $(GO_ENVS) gotestsum -- -coverprofile=defaultcoverage.out -short -covermode=atomic ./...
 
 testtpmsimulator:
-	$Q CGO_ENALBED=1 gotestsum -- -coverprofile=tpmsimulatorcoverage.out -short -covermode=atomic -tags tpmsimulator ./acme 
+	$Q CGO_ENABLED=1 gotestsum -- -coverprofile=tpmsimulatorcoverage.out -short -covermode=atomic -tags tpmsimulator ./acme 
 
 testcgo:
 	$Q gotestsum -- -coverprofile=coverage.out -short -covermode=atomic ./...
@@ -109,7 +125,7 @@ combinecoverage:
 integrate: integration
 
 integration: bin/$(BINNAME)
-	$Q $(GOFLAGS) gotestsum -- -tags=integration ./integration/...
+	$Q $(GO_ENVS) gotestsum -- -tags=integration ./integration/...
 
 .PHONY: integrate integration
 

README.md

@@ -119,18 +119,12 @@ See our installation docs [here](https://smallstep.com/docs/step-ca/installation
 
 ## Documentation
 
-Documentation can be found in a handful of different places:
+* [Official documentation](https://smallstep.com/docs/step-ca) is on smallstep.com
-
+* The `step` command reference is available via `step help`,
-1. On the web at https://smallstep.com/docs/step-ca.
+[on smallstep.com](https://smallstep.com/docs/step-cli/reference/),
-
+or by running `step help --http=:8080` from the command line
-2. On the command line with `step help ca xxx` where `xxx` is the subcommand
-you are interested in. Ex: `step help ca provisioner list`.
-
-3. In your browser, by running `step help --http=:8080 ca` from the command line
 and visiting http://localhost:8080.
 
-4. The [docs](./docs/README.md) folder is being deprecated, but it still has some documentation and tutorials.
-
 ## Feedback?
 
 * Tell us what you like and don't like about managing your PKI - we're eager to help solve problems in this space.

docker/Dockerfile.hsm

@@ -6,7 +6,7 @@ COPY . .
 RUN apt-get update
 RUN apt-get install -y --no-install-recommends \
         gcc pkgconf libpcsclite-dev libcap2-bin
-RUN make V=1 GOFLAGS="" bin/step-ca
+RUN make V=1 GO_ENVS="CGO_ENABLED=1" bin/step-ca
 RUN setcap CAP_NET_BIND_SERVICE=+eip bin/step-ca
 
 FROM smallstep/step-kms-plugin:bullseye AS kms