Attempting to build go programs that import packages hosted by golang.org fails unless ca_root_nss is installed.
go: firstname.lastname@example.org: unrecognized import path "golang.org/x/sync" (https fetch: Get https://golang.org/x/sync?go-get=1: x509: certificate signed by unknown authority)
Presumably other sites that use unrecognized certs will also fail.
I tripped over this when building in synth, which sets up clean environments.
(In reply to hartzell from comment #0)
Network access is not allowed during build, so missing ca_root_nss shouldn't prevent building of any correctly written port. And even lang/go would have a dependency on security/ca_root_nss, the next step for go will be to fetch sources using git (or hg/svn/bzr, depending on the repo) which would be missing too.
> Network access is not allowed during the build, [...]
I wasn't clear, this is not a poudriere build, but as regular user of the go package, once it's been installed.
Your next point makes sense, the go port should no more have a dependency on the `security/ca_root_nss` that it should on the other bits involved in the `go build` step (or `go mod download`).
It's up the end user to install them separately if they're desired.
That makes sense.
I believe that this can be closed. Should I do it or should "someone else"?