From 80e338a18db0acce00653a176d82a567eafb0c79 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 24 Oct 2019 12:57:03 -0700 Subject: [PATCH 1/2] Revert "homedir: add cgo or osusergo buildtag constraints for unix" TL;DR: there is no way to do this right. We do know that in some combination of build tags set (or unset), linker flags, environment variables, and libc implementation, this package won't work right. In fact, there is one specific combination: 1. `CGO_ENABLED=1` (or unset) 2. static binary is being built (e.g. `go build` is run with `-extldflags -static`) 3. `go build` links the binary against glibc 4. `osusergo` is not set This particular combination results in the following legitimate linker warning: > cgo_lookup_unix.go: warning: Using 'getpwuid_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking If this warning is ignored and the resulting binary is used on a system with files from a different glibc version (or without those files), it could result in a segfault. The commit being reverted tried to guard against such possibility, but the problem is, we can only use build tags to account for items 1 and 4 from the above list, while items 2 and 3 do not result in any build tags being set or unset, making this guard excessive. Remove it. This reverts commit 023b072288eab3c9e768d4aeeb917f27f06034c7. Signed-off-by: Kir Kolyshkin --- pkg/homedir/homedir_unix.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/homedir/homedir_unix.go b/pkg/homedir/homedir_unix.go index dcdce40615..284e8be7ca 100644 --- a/pkg/homedir/homedir_unix.go +++ b/pkg/homedir/homedir_unix.go @@ -1,4 +1,4 @@ -// +build !windows,cgo !windows,osusergo +// +build !windows package homedir // import "github.com/docker/docker/pkg/homedir" From 7ef475fc1698e34b1ffe0f666021060e566abf94 Mon Sep 17 00:00:00 2001 From: Kir Kolyshkin Date: Thu, 24 Oct 2019 16:39:24 -0700 Subject: [PATCH 2/2] pkg/homedir: clarify Get() docs wrt static linking This clarifies comments about static linking made in commit a8608b5b67c. 1. There are two ways to create a static binary, one is to disable cgo, the other is to set linker flags. When cgo is disabled, there is no need to use osusergo build tag. 2. osusergo only needs to be set when linking against glibc. Signed-off-by: Kir Kolyshkin --- pkg/homedir/homedir_unix.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/pkg/homedir/homedir_unix.go b/pkg/homedir/homedir_unix.go index 284e8be7ca..441bd727b6 100644 --- a/pkg/homedir/homedir_unix.go +++ b/pkg/homedir/homedir_unix.go @@ -16,8 +16,11 @@ func Key() string { // Get returns the home directory of the current user with the help of // environment variables depending on the target operating system. // Returned path should be used with "path/filepath" to form new paths. -// If compiling statically, ensure the osusergo build tag is used. -// If needing to do nss lookups, do not compile statically. +// +// If linking statically with cgo enabled against glibc, ensure the +// osusergo build tag is used. +// +// If needing to do nss lookups, do not disable cgo or set osusergo. func Get() string { home := os.Getenv(Key()) if home == "" {