SSL cert verification error trying to download helm

[kingdonb]

I am virtually certain that there is something misconfigured on my (MacOS 10.14 Catalina) system, but I haven't had this problem before with any other tools so far, and I couldn't find any docs or code at all about how SSL certificates are verified in gofish, or related issues, so I'm opening an issue for it.

$ gofish --log-level 9999 install helm
==> Installing helm...
ERRO[0001] Get "https://get.helm.sh/helm-v3.5.4-darwin-amd64.tar.gz": x509: certificate signed by unknown authority
Error: failed to download package for OS/arch darwin/amd64 with URL https://get.helm.sh/helm-v3.5.4-darwin-amd64.tar.gz to filepath /Users/kingdonb/Library/Caches/gofish/helm-3.5.4-darwin-amd64.tar.gz

I'm not certain how to diagnose this further, and I thought it might be quicker to ask a question, if you might have seen this before. I'll keep trying in case you haven't seen it.

[bacongobbler]

Hey! The only case I've seen this crop up before was in Helm, of all places. It has something to do with macOS and Go's crypto/tls package.

https://github.com/helm/helm/issues/3384

I have not seen this issue with gofish, but that would be my first guess.

How did you install gofish? Were you compiling from source or were you following the Install Guide?

[bacongobbler]

Here is where Gofish pulls down the package. It's using Go's default HTTP client, so there's no specific setup involved on Gofish's end regarding TLS. I would refer to net/http for assistance.

https://github.com/fishworks/gofish/blob/235b7acf6a7062669dc874be2361cf0e46a90ac2/food.go#L331-L334

[kingdonb]

I followed the install instructions a couple of days ago, downloading the binaries with the curl|bash install method, when I realized I could use gofish to install flux (which worked great, btw!)

I see you've already supported this for a long time. Thanks for the pointers. Will update again soon with the root cause.

[bacongobbler]

It is also possible that the latest release of gofish is compiled against a very old version of Go. We’re due for an update. I’ll schedule a release for tomorrow and ping you when it’s available. :)

[kingdonb]

This will work!

I went ahead and compiled my own copy of gofish with a relatively recent go 1.16, and it indeed resolves the issue.

$ gofish install helm
==> Installing helm...
🐠  helm 3.5.4: installed in 2.760856118s

🌮 🎉

[bacongobbler]

Should be fixed with https://github.com/fishworks/gofish/commit/313faece77b4fe5645def5fe2da996dd7c20efd5. Just waiting on Github Actions to restore so I can cut a release. Thanks for the report!