certificate transparency fails to build with -os="darwin"

[mattrco]

Not sure if this is certificate transparency's issue or ours (I'm not familiar with gox):

$ go version
go version go1.7.1 linux/amd64

$ go env
GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/home/vagrant/src/go"
GORACE=""
GOROOT="/usr/local/src/go"
GOTOOLDIR="/usr/local/src/go/pkg/tool/linux_amd64"
CC="gcc"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build141194028=/tmp/go-build -gno-record-gcc-switches"
CXX="g++"
CGO_ENABLED="1"

$ script/build -os="darwin" -arch="amd64"
Number of parallel builds: 1

-->    darwin/amd64: github.com/cloudflare/cfssl/cmd/cfssl
-->    darwin/amd64: github.com/cloudflare/cfssl/cmd/multirootca
-->    darwin/amd64: github.com/cloudflare/cfssl/cmd/cfssl-bundle
-->    darwin/amd64: github.com/cloudflare/cfssl/cmd/cfssl-certinfo
-->    darwin/amd64: github.com/cloudflare/cfssl/cmd/cfssl-newkey
-->    darwin/amd64: github.com/cloudflare/cfssl/cmd/cfssl-scan
-->    darwin/amd64: github.com/cloudflare/cfssl/cmd/cfssljson
-->    darwin/amd64: github.com/cloudflare/cfssl/cmd/mkbundle

6 errors occurred:
--> darwin/amd64 error: exit status 2
Stderr: # github.com/cloudflare/cfssl/vendor/github.com/google/certificate-transparency/go/x509
vendor/github.com/google/certificate-transparency/go/x509/root_stub.go:9: (*Certificate).systemVerify redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency/go/x509/root_darwin.go:11
vendor/github.com/google/certificate-transparency/go/x509/root_stub.go:13: initSystemRoots redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency/go/x509/root.go:20

--> darwin/amd64 error: exit status 2
Stderr: # github.com/cloudflare/cfssl/vendor/github.com/google/certificate-transparency/go/x509
vendor/github.com/google/certificate-transparency/go/x509/root_stub.go:9: (*Certificate).systemVerify redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency/go/x509/root_darwin.go:11
vendor/github.com/google/certificate-transparency/go/x509/root_stub.go:13: initSystemRoots redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency/go/x509/root.go:20

--> darwin/amd64 error: exit status 2
Stderr: # github.com/cloudflare/cfssl/vendor/github.com/google/certificate-transparency/go/x509
vendor/github.com/google/certificate-transparency/go/x509/root_stub.go:9: (*Certificate).systemVerify redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency/go/x509/root_darwin.go:11
vendor/github.com/google/certificate-transparency/go/x509/root_stub.go:13: initSystemRoots redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency/go/x509/root.go:20

--> darwin/amd64 error: exit status 2
Stderr: # github.com/cloudflare/cfssl/vendor/github.com/google/certificate-transparency/go/x509
vendor/github.com/google/certificate-transparency/go/x509/root_stub.go:9: (*Certificate).systemVerify redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency/go/x509/root_darwin.go:11
vendor/github.com/google/certificate-transparency/go/x509/root_stub.go:13: initSystemRoots redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency/go/x509/root.go:20

--> darwin/amd64 error: exit status 2
Stderr: # github.com/cloudflare/cfssl/vendor/github.com/google/certificate-transparency/go/x509
vendor/github.com/google/certificate-transparency/go/x509/root_stub.go:9: (*Certificate).systemVerify redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency/go/x509/root_darwin.go:11
vendor/github.com/google/certificate-transparency/go/x509/root_stub.go:13: initSystemRoots redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency/go/x509/root.go:20

--> darwin/amd64 error: exit status 2
Stderr: # github.com/cloudflare/cfssl/vendor/github.com/google/certificate-transparency/go/x509
vendor/github.com/google/certificate-transparency/go/x509/root_stub.go:9: (*Certificate).systemVerify redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency/go/x509/root_darwin.go:11
vendor/github.com/google/certificate-transparency/go/x509/root_stub.go:13: initSystemRoots redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency/go/x509/root.go:20

Tagging @jacobhaven as he's previously fixed a darwin issue with this dependency.

The other darwin architectures also fail with the same issue.

[dfevre]

I'm having the same issue using script/build-docker.

[rantoniuk]

Same on docker build:

$ script/build-docker -os="darwin" -arch="amd64"                                                                                       Sending build context to Docker daemon 35.98 MB
Step 1/6 : FROM golang:1.8.1
1.8.1: Pulling from library/golang
10a267c67f42: Already exists
fb5937da9414: Already exists
9021b2326a1e: Already exists
96109dbc0c87: Pull complete
57d8fbf72ff8: Pull complete
38d688423455: Pull complete
c9ade847cc74: Pull complete
Digest: sha256:fbc08ed49ead169a4e921192f739af69cb45871af3a51f1334e477482816e34e
Status: Downloaded newer image for golang:1.8.1
 ---> fcef75ee6be1
Step 2/6 : ENV USER root
 ---> Running in b8c642165783
 ---> 003fc52af965
Removing intermediate container b8c642165783
Step 3/6 : WORKDIR /go/src/github.com/cloudflare/cfssl
 ---> 797aab293b89
Removing intermediate container 7021cbf87c71
Step 4/6 : COPY . .
 ---> 369d9a1e5eb5
Removing intermediate container 19b294b8681e
Step 5/6 : RUN go get github.com/mitchellh/gox
 ---> Running in 148e68caec35
 ---> 7a8e38caba10
Removing intermediate container 148e68caec35
Step 6/6 : ENTRYPOINT gox
 ---> Running in 1e13024e4202
 ---> 3885116426df
Removing intermediate container 1e13024e4202
Successfully built 3885116426df
Number of parallel builds: 3

-->    darwin/amd64: github.com/cloudflare/cfssl/cmd/cfssl-newkey
-->    darwin/amd64: github.com/cloudflare/cfssl/cmd/multirootca
-->    darwin/amd64: github.com/cloudflare/cfssl/cmd/cfssl-bundle
-->    darwin/amd64: github.com/cloudflare/cfssl/cmd/cfssljson
-->    darwin/amd64: github.com/cloudflare/cfssl/cmd/cfssl-scan
-->    darwin/amd64: github.com/cloudflare/cfssl/cmd/cfssl-certinfo
-->    darwin/amd64: github.com/cloudflare/cfssl/cmd/cfssl
-->    darwin/amd64: github.com/cloudflare/cfssl/cmd/mkbundle

7 errors occurred:
--> darwin/amd64 error: exit status 2
Stderr: # github.com/cloudflare/cfssl/vendor/github.com/google/certificate-transparency-go/x509
vendor/github.com/google/certificate-transparency-go/x509/root_stub.go:9: (*Certificate).systemVerify redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency-go/x509/root_darwin.go:26
vendor/github.com/google/certificate-transparency-go/x509/root_stub.go:13: initSystemRoots redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency-go/x509/root.go:20

--> darwin/amd64 error: exit status 2
Stderr: # github.com/cloudflare/cfssl/vendor/github.com/google/certificate-transparency-go/x509
vendor/github.com/google/certificate-transparency-go/x509/root_stub.go:9: (*Certificate).systemVerify redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency-go/x509/root_darwin.go:26
vendor/github.com/google/certificate-transparency-go/x509/root_stub.go:13: initSystemRoots redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency-go/x509/root.go:20

--> darwin/amd64 error: exit status 2
Stderr: # github.com/cloudflare/cfssl/vendor/github.com/google/certificate-transparency-go/x509
vendor/github.com/google/certificate-transparency-go/x509/root_stub.go:9: (*Certificate).systemVerify redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency-go/x509/root_darwin.go:26
vendor/github.com/google/certificate-transparency-go/x509/root_stub.go:13: initSystemRoots redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency-go/x509/root.go:20

--> darwin/amd64 error: exit status 2
Stderr: # github.com/cloudflare/cfssl/vendor/github.com/google/certificate-transparency-go/x509
vendor/github.com/google/certificate-transparency-go/x509/root_stub.go:9: (*Certificate).systemVerify redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency-go/x509/root_darwin.go:26
vendor/github.com/google/certificate-transparency-go/x509/root_stub.go:13: initSystemRoots redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency-go/x509/root.go:20

--> darwin/amd64 error: exit status 2
Stderr: # github.com/cloudflare/cfssl/vendor/github.com/google/certificate-transparency-go/x509
vendor/github.com/google/certificate-transparency-go/x509/root_stub.go:9: (*Certificate).systemVerify redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency-go/x509/root_darwin.go:26
vendor/github.com/google/certificate-transparency-go/x509/root_stub.go:13: initSystemRoots redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency-go/x509/root.go:20

--> darwin/amd64 error: exit status 2
Stderr: # github.com/cloudflare/cfssl/vendor/github.com/google/certificate-transparency-go/x509
vendor/github.com/google/certificate-transparency-go/x509/root_stub.go:9: (*Certificate).systemVerify redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency-go/x509/root_darwin.go:26
vendor/github.com/google/certificate-transparency-go/x509/root_stub.go:13: initSystemRoots redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency-go/x509/root.go:20

--> darwin/amd64 error: exit status 2
Stderr: # github.com/cloudflare/cfssl/vendor/github.com/google/certificate-transparency-go/x509
vendor/github.com/google/certificate-transparency-go/x509/root_stub.go:9: (*Certificate).systemVerify redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency-go/x509/root_darwin.go:26
vendor/github.com/google/certificate-transparency-go/x509/root_stub.go:13: initSystemRoots redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency-go/x509/root.go:20

What's interesting it actually builds OK on 1.8.3 native, but still fails in docker go 1.8.3:

script/build-docker -os="darwin" -arch="amd64"                                                                                       [16:31:49]
Sending build context to Docker daemon 39.41 MB
Step 1/6 : FROM golang:1.8.3
1.8.3: Pulling from library/golang
10a267c67f42: Already exists
fb5937da9414: Already exists
9021b2326a1e: Already exists
96109dbc0c87: Already exists
b01dfb81dcfe: Pull complete
2887fcab405b: Pull complete
42bcf38edfe0: Pull complete
Digest: sha256:51f988b1a86f528c2e40681175088b5312b96bba9bea0f05bdb7ab504425c52d
Status: Downloaded newer image for golang:1.8.3
 ---> a0c61f0b0796
Step 2/6 : ENV USER root
 ---> Running in 8fedd0c7014a
 ---> b41ed553c944
Removing intermediate container 8fedd0c7014a
Step 3/6 : WORKDIR /go/src/github.com/cloudflare/cfssl
 ---> 33e16025f5da
Removing intermediate container 78ae5576abb8
Step 4/6 : COPY . .
 ---> 0dad511adb69
Removing intermediate container 4dd75b2cfaec
Step 5/6 : RUN go get github.com/mitchellh/gox
 ---> Running in 7c8d75348bd0
 ---> 3b795498c5c4
Removing intermediate container 7c8d75348bd0
Step 6/6 : ENTRYPOINT gox
 ---> Running in 1488d103ea2e
 ---> 7b2960964cb8
Removing intermediate container 1488d103ea2e
Successfully built 7b2960964cb8
Number of parallel builds: 3

-->    darwin/amd64: github.com/cloudflare/cfssl/cmd/multirootca
-->    darwin/amd64: github.com/cloudflare/cfssl/cmd/cfssl-newkey
-->    darwin/amd64: github.com/cloudflare/cfssl/cmd/cfssl-bundle
-->    darwin/amd64: github.com/cloudflare/cfssl/cmd/cfssljson
-->    darwin/amd64: github.com/cloudflare/cfssl/cmd/cfssl-scan
-->    darwin/amd64: github.com/cloudflare/cfssl/cmd/cfssl
-->    darwin/amd64: github.com/cloudflare/cfssl/cmd/cfssl-certinfo
-->    darwin/amd64: github.com/cloudflare/cfssl/cmd/mkbundle

7 errors occurred:
--> darwin/amd64 error: exit status 2
Stderr: # github.com/cloudflare/cfssl/vendor/github.com/google/certificate-transparency-go/x509
vendor/github.com/google/certificate-transparency-go/x509/root_stub.go:9: (*Certificate).systemVerify redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency-go/x509/root_darwin.go:26
vendor/github.com/google/certificate-transparency-go/x509/root_stub.go:13: initSystemRoots redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency-go/x509/root.go:20

--> darwin/amd64 error: exit status 2
Stderr: # github.com/cloudflare/cfssl/vendor/github.com/google/certificate-transparency-go/x509
vendor/github.com/google/certificate-transparency-go/x509/root_stub.go:9: (*Certificate).systemVerify redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency-go/x509/root_darwin.go:26
vendor/github.com/google/certificate-transparency-go/x509/root_stub.go:13: initSystemRoots redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency-go/x509/root.go:20

--> darwin/amd64 error: exit status 2
Stderr: # github.com/cloudflare/cfssl/vendor/github.com/google/certificate-transparency-go/x509
vendor/github.com/google/certificate-transparency-go/x509/root_stub.go:9: (*Certificate).systemVerify redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency-go/x509/root_darwin.go:26
vendor/github.com/google/certificate-transparency-go/x509/root_stub.go:13: initSystemRoots redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency-go/x509/root.go:20

--> darwin/amd64 error: exit status 2
Stderr: # github.com/cloudflare/cfssl/vendor/github.com/google/certificate-transparency-go/x509
vendor/github.com/google/certificate-transparency-go/x509/root_stub.go:9: (*Certificate).systemVerify redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency-go/x509/root_darwin.go:26
vendor/github.com/google/certificate-transparency-go/x509/root_stub.go:13: initSystemRoots redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency-go/x509/root.go:20

--> darwin/amd64 error: exit status 2
Stderr: # github.com/cloudflare/cfssl/vendor/github.com/google/certificate-transparency-go/x509
vendor/github.com/google/certificate-transparency-go/x509/root_stub.go:9: (*Certificate).systemVerify redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency-go/x509/root_darwin.go:26
vendor/github.com/google/certificate-transparency-go/x509/root_stub.go:13: initSystemRoots redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency-go/x509/root.go:20

--> darwin/amd64 error: exit status 2
Stderr: # github.com/cloudflare/cfssl/vendor/github.com/google/certificate-transparency-go/x509
vendor/github.com/google/certificate-transparency-go/x509/root_stub.go:9: (*Certificate).systemVerify redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency-go/x509/root_darwin.go:26
vendor/github.com/google/certificate-transparency-go/x509/root_stub.go:13: initSystemRoots redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency-go/x509/root.go:20

--> darwin/amd64 error: exit status 2
Stderr: # github.com/cloudflare/cfssl/vendor/github.com/google/certificate-transparency-go/x509
vendor/github.com/google/certificate-transparency-go/x509/root_stub.go:9: (*Certificate).systemVerify redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency-go/x509/root_darwin.go:26
vendor/github.com/google/certificate-transparency-go/x509/root_stub.go:13: initSystemRoots redeclared in this block
    previous declaration at vendor/github.com/google/certificate-transparency-go/x509/root.go:20

[Pensu]

I am also facing the same issue, any solution?

[bobrik]

The current solution to importing system roots was copied from go ~1.6 back in 2015. You can see similarities:

• https://github.com/golang/go/blob/go1.6/src/crypto/x509/root_darwin_armx.go go1.6 version upstream
• https://github.com/cloudflare/cfssl/blob/master/transport/roots/system/root_darwin_armx.go matching cfssl version

Since then the upstream internal API changed and it no longer exposes easy access to individual certificates.

Support for exporting individual Certificate structs from the system pool would've solved this:

• https://github.com/golang/go/issues/26614

There might be a simple fix for x86_64 darwin, but probably not for aarch64-darwin with the current code. Plus you need to keep in mind that it's a code from the Go version from 7 years ago.