search

veraison / services

Attestation verification services based on Veraison components
Apache License 2.0
26 stars 14 forks source link

build: enable cgo #273

Closed jraman567 closed 3 weeks ago

jraman567 commented 1 month ago

cgo allows the use of C libraries in GoLang. Some packages like sqlite3 depend on this feature.

We could allow this, barring any security issues (e.g., we can't confirm the hash of a C library before linking it).

thomas-fossati commented 1 month ago

cgo allows the use of C libraries in GoLang.

Skimming cgo documentation:

"The cgo tool is enabled by default for native builds on systems where it is expected to work. It is disabled by default when cross-compiling as well as when the CC environment variable is unset and the default C compiler (typically gcc or clang) cannot be found on the system PATH."

So this change would only have an effect either when cross-compiling or on pretty exotic platforms, right?

Some packages like sqlite3 depend on this feature.

I didn't know it (or I used to know and then I forgot :-)) but you are right. The fact we haven't observed any build failure (at least in the dev, CI and deployed platforms we know of) is likely because of the "default enable cgo" policy of the go build environment.

It seems to me that @jraman567's suggested change is correct and should be merged.

@setrofim WDYT?