Support non-Unix OS - Githubissues

sigstore / sigstore-go

Go library for Sigstore signing and verification

Apache License 2.0

44 stars 21 forks source link

Support non-Unix OS #297

Open abstractionfactory opened 1 day ago

abstractionfactory commented 1 day ago

Hey folks, thank you for your work on this library. The documentation currently states that only Unix-like operating systems are supported, which seems to really only apply to the Makefile and other examples, but not for the library itself. The stated go run example passes without issues on Windows. In addition, the GitHub Actions workflows already seem to be running on Windows.

Officially supporting non-Unix operating systems would make it easier for cross-platform tools to adopt this library as a means of verification. For example, an explicit statement that only Unix operating systems are supported would likely block opentofu/opentofu#307 from even being considered.

On a similar note, there is currently no statement about supporting 32 bit operating systems and GHA is also not running tests on 32 bit.

haydentherapper commented 1 day ago

Hey @abstractionfactory, there should be no limitations I'm aware of for using sigstore-go on other operating systems. We can add tests though.

abstractionfactory commented 1 day ago

@haydentherapper thanks for the clarification. I believe, tests on 386 would be nice to have as that's something that presented an issue in OpenTofu for a while. It would also be nice to change the language in the README to make it explicit that non-Unix OS are supported.

steiza commented 1 day ago

We're constrained here a little bit by what GitHub offers for runners, which I don't think includes any x86 architectures.

We do currently run tests on Windows: https://github.com/sigstore/sigstore-go/blob/5845298281875c153f40da081466ca716ff1abc6/.github/workflows/build.yml#L30

Maybe I'm not fully thinking through this, but go's toolchain has pretty robust support for 386, and I'm not sure what sort of scenario would lead to it working on a platform for amd64 but not 386.

For other platforms, like Solaris, I would want to have some way to run regular tests before making any promises!

abstractionfactory commented 1 day ago

@steiza unfortunately, as we discovered, it's not enough to rely on Go because large hard coded numbers can cause overflows, etc. See for example opentofu/opentofu#1266 which blocked us from being stable on Alpine for quite a while. We solved the testing issue on GHA by using the setup-qemu-action for emulation.

Regarding Solaris, I think it would be enough if there's a willingness to merge PRs related to these platforms, we don't have a Solaris system to test on either.