scripts/build/.variables: don't use "netgo" when building Windows binaries#6801
Merged
thaJeztah merged 1 commit intodocker:masterfrom Feb 16, 2026
Merged
scripts/build/.variables: don't use "netgo" when building Windows binaries#6801thaJeztah merged 1 commit intodocker:masterfrom
thaJeztah merged 1 commit intodocker:masterfrom
Conversation
thaJeztah
added
status/2-code-review
platform/windows
kind/bugfix
thaJeztah
force-pushed
the
no_no_netgo
branch
from
c8db4fa to
d079f89
Compare
There was a problem hiding this comment.
Pull request overview
This PR adjusts the build-tag logic in scripts/build/.variables to avoid enabling Go’s netgo resolver when building Windows binaries, mitigating DNS resolution issues reported for Windows clients behind VPNs.
Changes:
- Keep
osusergo netgofor static CGO builds in general. - Remove the
netgobuild tag specifically whenGOOS=windowsto prefer the Windows system resolver.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
thaJeztah
force-pushed
the
no_no_netgo
branch
2 times, most recently
from
d34f98f to
5c6ab35
Compare
…aries commit 880ef75 fixed static builds with CGO, which included setting the `netgo` build-tag for static builds. Starting with go1.19, the Go runtime on Windows now supports the `netgo` build- flag to use a native Go DNS resolver. Prior to that version, the build-flag only had an effect on non-Windows platforms. From the go1.19 release notes: https://go.dev/doc/go1.19#net > Resolver.PreferGo is now implemented on Windows and Plan 9. It previously > only worked on Unix platforms. Combined with Dialer.Resolver and Resolver.Dial, > it's now possible to write portable programs and be in control of all DNS name > lookups when dialing. > > The net package now has initial support for the netgo build tag on Windows. > When used, the package uses the Go DNS client (as used by Resolver.PreferGo) > instead of asking Windows for DNS results. The upstream DNS server it discovers > from Windows may not yet be correct with complex system network configurations, > however. This originally caused issues in the daemon, because the pure-go implementation did not respect file-based resolution (`C:\Windows\System32\Drivers\etc\hosts`), resulting in `localhost` not being resolvable, and custom entries in `.etc/hosts` not being used. That specific problem was resolved in go1.22 (through [golang/go@33d4a51]), but other limitations may still apply, and resolver ordering may not respect VPN adaptors (such as Twingate) and queries sent through the local network adapter instead of the VPN tunnel, resulting in DNS resolution failures; Get "https://example.com:2376/v1.52/containers/json": dial tcp: lookup example.com: i/o timeout This patch unsets the `netgo` option when (cross-)compiling for Windows, similar to the patch used for the daemon (see [moby/moby@53d1b12]). [golang/go@33d4a51]: golang/go@33d4a51 [moby/moby@53d1b12]: moby/moby@53d1b12 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah
force-pushed
the
no_no_netgo
branch
from
5c6ab35 to
2fa6b73
Compare
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Member
Author
robmry
approved these changes
Feb 16, 2026
Member
Author
|
Thx; did a quick check in docker/packaging and docker/docker-ce-packaging, and I don't think we override the option there. Let me bring this one in. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
relates to:
scripts/build/.variables: don't use "netgo" when building Windows binaries
commit 880ef75 fixed static builds with CGO, which included setting the
netgobuild-tag for static builds.Starting with go1.19, the Go runtime on Windows now supports the
netgobuild- flag to use a native Go DNS resolver. Prior to that version, the build-flag only had an effect on non-Windows platforms. From the go1.19 release notes: https://go.dev/doc/go1.19#netThis originally caused issues in the daemon, because the pure-go implementation did not respect file-based resolution (
C:\Windows\System32\Drivers\etc\hosts), resulting inlocalhostnot being resolvable, and custom entries in.etc/hostsnot being used.That specific problem was resolved in go1.22 (through golang/go@33d4a51), but other limitations may still apply, and resolver ordering may not respect VPN adaptors (such as Twingate) and queries sent through the local network adapter instead of the VPN tunnel, resulting in DNS resolution failures;
This patch unsets the
netgooption when (cross-)compiling for Windows, similar to the patch used for the daemon (see moby/moby@53d1b12).- What I did
- How I did it
- How to verify it
- Human readable description for the release notes
- A picture of a cute animal (not mandatory but encouraged)