When compiling Go programs that use the MongoDB driver with the "cse" tag (to enable client-side encryption), static compilation will fail. To be clear, by static compilation I mean the following go build command is used:

GOOS=linux GOARCH=amd64 go build -tags cse --ldflags '-linkmode external -extldflags "-static"'

This results in the following error:

/usr/local/go/pkg/tool/linux_amd64/link: running gcc failed: exit status 1
/usr/lib/gcc/x86_64-alpine-linux-musl/9.3.0/../../../../x86_64-alpine-linux-musl/bin/ld: cannot find -lmongocrypt
collect2: error: ld returned 1 exit status

Static compilation is required to be able to package & deploy such programs as AWS Lambda functions (which are simple zip files).

The issue stems from line 11 at the x/mongo/driver/mongocrypt/mongocrypt.go file:

 // #cgo linux solaris darwin pkg-config: libmongocrypt

This can never statically compile because the installation process of libmongocrypt generates two separate pkg-config files: libmongocrypt.pc, and libmongocrypt-static.pc, when in fact one .pc file can be used for both, and the --static flag to pkg-config can be used to return appropriate flags for static compilation.

To be able to statically compile, I had to replace the aforementioned line with the following:

// #cgo linux CFLAGS: -I/usr/include/mongocrypt -I/usr/include/kms_message -I/usr/include/libbson-1.0 -DBSON_STATIC
// #cgo linux LDFLAGS: /usr/lib64/libmongocrypt-static.a /usr/lib64/libkms_message-static.a -L/usr/lib64 -lbson-static-1.0 /usr/lib/librt.a /usr/lib/libm.a -lssl -lcrypto -ldl -pthread

This is obviously very specific to my environment, but I am wondering if there is a way to allow static compilation without having to fork the driver and change this one line.