Revert "homedir: add cgo or osusergo buildtag constraints for unix"

[kolyshkin]

This reverts #39994 and slightly clarifies doc update of homedir.Get() added by #39975

Revert "homedir: add cgo or osusergo buildtag constraints for unix"

TL;DR: there is no way to do this right.

We do know that in some combination of build tags set (or unset),
linker flags, environment variables, and libc implementation, this package
won't work right. In fact, there is one specific combination:

1. CGO_ENABLED=1 (or unset)
2. static binary is being built (e.g. go build is run with -extldflags -static)
3. go build links the binary against glibc
4. osusergo is not set

This particular combination results in the following legitimate linker warning:

cgo_lookup_unix.go: warning: Using 'getpwuid_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking

If this warning is ignored and the resulting binary is used on a system
with files from a different glibc version (or without those files), it
could result in a segfault.

The commit being reverted tried to guard against such possibility,
but the problem is, we can only use build tags to account for items
1 and 4 from the above list, while items 2 and 3 do not result in
any build tags being set or unset, making this guard excessive.

Remove it.

This reverts commit 023b072.

pkg/homedir: clarify Get() docs wrt static linking

This clarifies comments about static linking made in commit a8608b5.

• There are two ways to create a static binary, one is to disable
  cgo, the other is to set linker flags. When cgo is disabled,
  there is no need to use osusergo build tag.

• osusergo only needs to be set when linking against glibc.

@tiborvass @thaJeztah @cpuguy83 PTAL

[kolyshkin]

2. static binary is being built (e.g. go build is run with -extldflags -static)
3. go build links the binary against glibc

<...>
...while items 2 and 3 do not result in any build tags being set or unset

Let me elaborate on this one.

It's a de-facto convention to set static_build build tag in such case, but it's entirely voluntarily (this might change in the future, see golang/go#26492), so we can't rely on it.

Even if we could, item 3 is still here.

[thaJeztah]

LGTM

[tiborvass]

Sorry I don't quite understand this, I need to think this through. Please don't merge yet

[kolyshkin]

@tonistiigi PTAL (as per @tiborvass you wanted #39994 in the first place)

[tonistiigi]

How about we add another build tag that could be enabled for building in musl or dynamic binaries in glibc if osusergo shouldn't be used? It seems risky to allow this panic in one of the default cases if the comment is not seen.

[thaJeztah]

the panic is in the go std library code; I'm not sure if we should do all that to work around an issue there; any package that uses that would have the same problem

[kolyshkin]

How about we add another build tag that could be enabled for building in musl or dynamic binaries in glibc if osusergo shouldn't be used? It seems risky to allow this panic in one of the default cases if the comment is not seen.

So are you suggesting something like i_am_aware_static_linking_has_dark_avenues build tag? I guess that won't work -- people will just set it everywhere without much understanding about the subject.

There's already a warning from a linker, which should not be ignored. We can even make it an error if we add -extldflags -Wl,--fatal-warnings.

[thaJeztah]

Perhaps we should add that option to make sure we don't make that mistake. For other consumers of this package, I think it's out of scope for us to prevent them from ignoring the warnings