error build peer v2.5 with pkcs11

[pfi79]

make tools-docker GO_TAGS=pkcs11
or
CGO_ENABLED=0 go build -tags "pkcs11" -v

output:

# github.com/hyperledger/fabric/bccsp/pkcs11
bccsp/pkcs11/pkcs11.go:41:21: undefined: pkcs11.Ctx
bccsp/pkcs11/pkcs11.go:51:23: undefined: pkcs11.SessionHandle
bccsp/pkcs11/pkcs11.go:52:22: undefined: pkcs11.SessionHandle
bccsp/pkcs11/pkcs11.go:55:32: undefined: pkcs11.ObjectHandle
bccsp/pkcs11/pkcs11.go:326:51: undefined: pkcs11.SessionHandle
bccsp/pkcs11/pkcs11.go:338:46: undefined: pkcs11.SessionHandle
bccsp/pkcs11/pkcs11.go:370:50: undefined: pkcs11.SessionHandle
bccsp/pkcs11/pkcs11.go:385:51: undefined: pkcs11.SessionHandle
bccsp/pkcs11/pkcs11.go:684:72: undefined: pkcs11.ObjectHandle
bccsp/pkcs11/pkcs11.go:693:77: undefined: pkcs11.ObjectHandle
bccsp/pkcs11/pkcs11.go:693:77: too many errors

[pfi79]

the problem here:

https://github.com/hyperledger/fabric/blob/release-2.5/images/tools/Dockerfile#L27

github.com/hyperledger/fabric/images/tools/Dockerfile

ENV CGO_ENABLED 0

[pfi79]

@denyeart @jkneubuh FYI

these pool requesters have broken backward compatibility

#3856
#3857

[jkneubuh]

Hi @pfi79

Apologies for the regression. The tendrils between the Makefile, Dockerfile, and release.yaml GitHub are deeply intertwined. Working in this area of Fabric is like arm-wrestling an octopus.

Would you please check if the following additions will enable the pkcs11 / Docker images in your target environment? The code in this area is quite subject to customization - if you are running with an HSM or some other extensions in the Docker file, please describe them in this ticket.

Note that the following updates will BREAK some other area of the Fabric builds. What I would like to understand is if running a static link against libmusl for the libc on Alpine will work with your PKCS11-enabled Docker image.

1. At ~ line 224 of Makefile, add:

$(BUILD_DIR)/bin/%: GO_LDFLAGS += -linkmode external -extldflags '-static'

2. At ~ line 32 of the peer Dockerfile, change the env settings for the golang build:

ENV CC aarch64-alpine-linux-musl-gcc
ENV CGO_ENABLED 1

(Note that aarch64 will be used in the CC value if you are on an M1/arm64, or x86_64)

3. Build the peer Docker container, using gcc-musl to statically link the pkcs11 and libc objects into the peer:

make docker-clean
GO_TAGS=pkcs11 make peer-docker

4. Smoke test: (The peer binary will SIGSEGV immediately if something is wrong with the link)

docker run --rm hyperledger/fabric-peer 

[jkneubuh]

• Tangentially related to OSX Fabric binaries do not resolve DNS correctly  #3372

cc: @davidkel

[pfi79]

@jkneubuh Great. I will check your references. And I'll write.

[jkneubuh]

Hi @pfi79

An update (targeting the release-2.5 branch) is available at #3872.

[pfi79]

#3872

Thank you very much. I checked. I got everything together. I can close the issue