Disabling CGO has two effects that I can identify:
On unix, os/user is largely disabled, though Current() is partially implemented. This package is used in certmgr to lookup the UIDs from the specs. A UID can be provided in the spec directly, which is used instead.
On darwin, the cfssl's linkage to Security.framework is disabled for looking up the system roots. cfssl instead calls /usr/bin/security with no reduction in functionality.
Disabling CGO has two effects that I can identify:
os/user
is largely disabled, thoughCurrent()
is partially implemented. This package is used in certmgr to lookup the UIDs from the specs. A UID can be provided in the spec directly, which is used instead.Security.framework
is disabled for looking up the system roots. cfssl instead calls/usr/bin/security
with no reduction in functionality.