Add FIPS support for RHEL targets
This commit is contained in:
parent
4716400a7f
commit
069f0dcbce
2
.gitignore
vendored
2
.gitignore
vendored
@ -133,3 +133,5 @@
|
|||||||
/go1.20.3.src.tar.gz
|
/go1.20.3.src.tar.gz
|
||||||
/go1.20.4.src.tar.gz
|
/go1.20.4.src.tar.gz
|
||||||
/go1.20.5.src.tar.gz
|
/go1.20.5.src.tar.gz
|
||||||
|
/go1.20.5-1-openssl-fips.tar.gz
|
||||||
|
/go1.20.4-3-openssl-fips.tar.gz
|
||||||
|
3
golang-prelink.conf
Normal file
3
golang-prelink.conf
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
# there are ELF files in src which are testdata and shouldn't be modified
|
||||||
|
-b /usr/lib/golang/src
|
||||||
|
-b /usr/lib64/golang/src
|
194
golang.spec
194
golang.spec
@ -38,6 +38,13 @@
|
|||||||
|
|
||||||
# Golang build options.
|
# Golang build options.
|
||||||
|
|
||||||
|
# Disable FIPS by default
|
||||||
|
%global fips 0
|
||||||
|
# Enable FIPS by default in RHEL
|
||||||
|
%if 0%{?rhel}
|
||||||
|
%global fips 1
|
||||||
|
%endif
|
||||||
|
|
||||||
# Build golang using external/internal(close to cgo disabled) linking.
|
# Build golang using external/internal(close to cgo disabled) linking.
|
||||||
%ifarch %{ix86} x86_64 ppc64le %{arm} aarch64 s390x
|
%ifarch %{ix86} x86_64 ppc64le %{arm} aarch64 s390x
|
||||||
%global external_linker 1
|
%global external_linker 1
|
||||||
@ -73,10 +80,6 @@
|
|||||||
%global shared 0
|
%global shared 0
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
# Pre build std lib with -race enabled
|
|
||||||
# Disabled due to 1.20 new cache usage, see 1.20 upstream release notes
|
|
||||||
%global race 0
|
|
||||||
|
|
||||||
# Fedora GOROOT
|
# Fedora GOROOT
|
||||||
%global goroot /usr/lib/%{name}
|
%global goroot /usr/lib/%{name}
|
||||||
|
|
||||||
@ -102,15 +105,16 @@
|
|||||||
%global gohostarch s390x
|
%global gohostarch s390x
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
# Comment out go_prerelease and go_patch as needed
|
|
||||||
%global go_api 1.20
|
%global go_api 1.20
|
||||||
|
# Use only for prerelease versions
|
||||||
#global go_prerelease rc3
|
#global go_prerelease rc3
|
||||||
%global go_patch 5
|
%global go_patch 4
|
||||||
|
|
||||||
%global go_version %{go_api}%{?go_patch:.%{go_patch}}%{?go_prerelease:~%{go_prerelease}}
|
%global go_version %{go_api}%{?go_patch:.%{go_patch}}%{?go_prerelease:~%{go_prerelease}}
|
||||||
%global go_source %{go_api}%{?go_patch:.%{go_patch}}%{?go_prerelease}
|
%global go_source %{go_api}%{?go_patch:.%{go_patch}}%{?go_prerelease}
|
||||||
|
# Go FIPS package release
|
||||||
|
%global pkg_release 3
|
||||||
|
|
||||||
# For rpmdev-bumpspec and releng automation
|
# For rpmdev-bumpspec and releng automation.
|
||||||
%global baserelease 1
|
%global baserelease 1
|
||||||
|
|
||||||
Name: golang
|
Name: golang
|
||||||
@ -121,8 +125,16 @@ Summary: The Go Programming Language
|
|||||||
License: BSD and Public Domain
|
License: BSD and Public Domain
|
||||||
URL: https://go.dev
|
URL: https://go.dev
|
||||||
Source0: https://go.dev/dl/go%{go_source}.src.tar.gz
|
Source0: https://go.dev/dl/go%{go_source}.src.tar.gz
|
||||||
|
# Go's FIPS mode bindings are now provided as a standalone
|
||||||
|
# module instead of in tree. This makes it easier to see
|
||||||
|
# the actual changes vs upstream Go. The module source is
|
||||||
|
# located at https://github.com/golang-fips/openssl-fips,
|
||||||
|
# And pre-genetated patches to set up the module for a given
|
||||||
|
# Go release are located at https://github.com/golang-fips/go.
|
||||||
|
# making a source conditional creates odd behaviors so for now, include FIPS always
|
||||||
|
Source1: https://github.com/golang-fips/go/archive/refs/tags/go%{go_source}-%{pkg_release}-openssl-fips.tar.gz
|
||||||
# make possible to override default traceback level at build time by setting build tag rpm_crashtraceback
|
# make possible to override default traceback level at build time by setting build tag rpm_crashtraceback
|
||||||
Source1: fedora.go
|
Source2: fedora.go
|
||||||
|
|
||||||
# The compiler is written in Go. Needs go(1.4+) compiler for build.
|
# The compiler is written in Go. Needs go(1.4+) compiler for build.
|
||||||
%if !%{golang_bootstrap}
|
%if !%{golang_bootstrap}
|
||||||
@ -130,16 +142,34 @@ BuildRequires: gcc-go >= 5
|
|||||||
%else
|
%else
|
||||||
BuildRequires: golang > 1.4
|
BuildRequires: golang > 1.4
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
# Install hostname(1) or net-tools(1) depending on the OS version
|
||||||
%if 0%{?rhel} > 6 || 0%{?fedora} > 0
|
%if 0%{?rhel} > 6 || 0%{?fedora} > 0
|
||||||
BuildRequires: hostname
|
BuildRequires: hostname
|
||||||
%else
|
%else
|
||||||
BuildRequires: net-tools
|
BuildRequires: net-tools
|
||||||
%endif
|
%endif
|
||||||
# for tests
|
|
||||||
BuildRequires: pcre-devel, glibc-static, perl-interpreter, procps-ng
|
# If FIPS is enabled, we need openssl-devel
|
||||||
|
%if %{fips}
|
||||||
|
BuildRequires: openssl-devel
|
||||||
|
%endif
|
||||||
|
|
||||||
|
BuildRequires: pcre-devel, glibc-static
|
||||||
|
|
||||||
|
# For running the tests on Fedora
|
||||||
|
%if 0%{?fedora}
|
||||||
|
BuildRequires: perl-interpreter, procps-ng
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# For running the tests on RHEL
|
||||||
|
%if 0%{?rhel}
|
||||||
|
BuildRequires: perl
|
||||||
|
%endif
|
||||||
|
|
||||||
Provides: go = %{version}-%{release}
|
Provides: go = %{version}-%{release}
|
||||||
|
|
||||||
|
%if 0%{?fedora}
|
||||||
# Bundled/Vendored provides generated by bundled-deps.sh based on the in tree module data
|
# Bundled/Vendored provides generated by bundled-deps.sh based on the in tree module data
|
||||||
# - in version filed substituted with . per versioning guidelines
|
# - in version filed substituted with . per versioning guidelines
|
||||||
Provides: bundled(golang(github.com/google/pprof)) = 0.0.0.20221118152302.e6195bd50e26
|
Provides: bundled(golang(github.com/google/pprof)) = 0.0.0.20221118152302.e6195bd50e26
|
||||||
@ -153,6 +183,7 @@ Provides: bundled(golang(golang.org/x/sys)) = 0.3.0
|
|||||||
Provides: bundled(golang(golang.org/x/term)) = 0.2.0
|
Provides: bundled(golang(golang.org/x/term)) = 0.2.0
|
||||||
Provides: bundled(golang(golang.org/x/text)) = 0.5.0
|
Provides: bundled(golang(golang.org/x/text)) = 0.5.0
|
||||||
Provides: bundled(golang(golang.org/x/tools)) = 0.3.1.0.20230118190848.070db2996ebe
|
Provides: bundled(golang(golang.org/x/tools)) = 0.3.1.0.20230118190848.070db2996ebe
|
||||||
|
%endif
|
||||||
|
|
||||||
Requires: %{name}-bin = %{version}-%{release}
|
Requires: %{name}-bin = %{version}-%{release}
|
||||||
Requires: %{name}-src = %{version}-%{release}
|
Requires: %{name}-src = %{version}-%{release}
|
||||||
@ -171,14 +202,11 @@ Obsoletes: %{name}-data < 1.1.1-4
|
|||||||
Obsoletes: %{name}-vim < 1.4
|
Obsoletes: %{name}-vim < 1.4
|
||||||
Obsoletes: emacs-%{name} < 1.4
|
Obsoletes: emacs-%{name} < 1.4
|
||||||
|
|
||||||
# We stopped building the golang-race subpackage, so we need to to maintain the
|
|
||||||
# update path.
|
|
||||||
Obsoletes: golang-race < 1.20~rc3-2
|
|
||||||
|
|
||||||
# These are the only RHEL/Fedora architectures that we compile this package for
|
# These are the only RHEL/Fedora architectures that we compile this package for
|
||||||
ExclusiveArch: %{golang_arches}
|
ExclusiveArch: %{golang_arches}
|
||||||
|
|
||||||
Source100: golang-gdbinit
|
Source100: golang-gdbinit
|
||||||
|
Source101: golang-prelink.conf
|
||||||
|
|
||||||
%description
|
%description
|
||||||
%{summary}.
|
%{summary}.
|
||||||
@ -280,22 +308,35 @@ Summary: Golang shared object libraries
|
|||||||
%{summary}.
|
%{summary}.
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if %{race}
|
|
||||||
%package race
|
|
||||||
Summary: Golang std library with -race enabled
|
|
||||||
|
|
||||||
Requires: %{name} = %{version}-%{release}
|
|
||||||
|
|
||||||
%description race
|
|
||||||
%{summary}
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%autosetup -p1 -n go
|
%autosetup -p1 -n go
|
||||||
|
# Copy fedora.go to ./src/runtime/
|
||||||
|
cp %{SOURCE2} ./src/runtime/
|
||||||
|
|
||||||
cp %{SOURCE1} ./src/runtime/
|
# If FIPS is enabled, install the FIPS source
|
||||||
|
%if %{fips}
|
||||||
|
echo "Preparing FIPS patches"
|
||||||
|
pushd ..
|
||||||
|
tar -xf %{SOURCE1}
|
||||||
|
popd
|
||||||
|
# TODO Check here, this is failing due to the external linker flag? maybe, but it's clearly related to that according tho this commit:
|
||||||
|
# https://github.com/golang-fips/go/blob/main/patches/000-initial-setup.patch#L48
|
||||||
|
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/000-initial-setup.patch
|
||||||
|
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/001-initial-openssl-for-fips.patch
|
||||||
|
|
||||||
|
# Configure crypto tests
|
||||||
|
echo "Configure crypto tests"
|
||||||
|
pushd ../go-go%{version}-%{pkg_release}-openssl-fips
|
||||||
|
ln -s ../go go
|
||||||
|
./scripts/configure-crypto-tests.sh
|
||||||
|
popd
|
||||||
|
%endif
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
# -x: print commands as they are executed
|
||||||
|
# -e: exit immediately if a command exits with a non-zero status
|
||||||
|
set -xe
|
||||||
|
|
||||||
# print out system information
|
# print out system information
|
||||||
uname -a
|
uname -a
|
||||||
cat /proc/cpuinfo
|
cat /proc/cpuinfo
|
||||||
@ -322,12 +363,21 @@ export CC="gcc"
|
|||||||
export CC_FOR_TARGET="gcc"
|
export CC_FOR_TARGET="gcc"
|
||||||
export GOOS=linux
|
export GOOS=linux
|
||||||
export GOARCH=%{gohostarch}
|
export GOARCH=%{gohostarch}
|
||||||
|
|
||||||
|
DEFAULT_GO_LD_FLAGS=""
|
||||||
%if !%{external_linker}
|
%if !%{external_linker}
|
||||||
export GO_LDFLAGS="-linkmode internal"
|
export GO_LDFLAGS="-linkmode internal $DEFAULT_GO_LD_FLAGS"
|
||||||
|
%else
|
||||||
|
# Only pass a select subset of the external hardening flags. We do not pass along
|
||||||
|
# the default $RPM_LD_FLAGS as on certain arches Go does not fully, correctly support
|
||||||
|
# building in PIE mode.
|
||||||
|
export GO_LDFLAGS="\"-extldflags=-Wl,-z,now,-z,relro\" $DEFAULT_GO_LD_FLAGS"
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if !%{cgo_enabled}
|
%if !%{cgo_enabled}
|
||||||
export CGO_ENABLED=0
|
export CGO_ENABLED=0
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
./make.bash --no-clean -v
|
./make.bash --no-clean -v
|
||||||
popd
|
popd
|
||||||
|
|
||||||
@ -336,12 +386,7 @@ popd
|
|||||||
GOROOT=$(pwd) PATH=$(pwd)/bin:$PATH go install -buildmode=shared -v -x std
|
GOROOT=$(pwd) PATH=$(pwd)/bin:$PATH go install -buildmode=shared -v -x std
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if %{race}
|
|
||||||
GOROOT=$(pwd) PATH=$(pwd)/bin:$PATH go install -race -v -x std
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%install
|
%install
|
||||||
echo "== 1 =="
|
|
||||||
rm -rf $RPM_BUILD_ROOT
|
rm -rf $RPM_BUILD_ROOT
|
||||||
# remove GC build cache
|
# remove GC build cache
|
||||||
rm -rf pkg/obj/go-build/*
|
rm -rf pkg/obj/go-build/*
|
||||||
@ -354,7 +399,7 @@ mkdir -p $RPM_BUILD_ROOT%{goroot}
|
|||||||
# https://code.google.com/p/go/issues/detail?id=5830
|
# https://code.google.com/p/go/issues/detail?id=5830
|
||||||
cp -apv api bin doc lib pkg src misc test VERSION \
|
cp -apv api bin doc lib pkg src misc test VERSION \
|
||||||
$RPM_BUILD_ROOT%{goroot}
|
$RPM_BUILD_ROOT%{goroot}
|
||||||
echo "== 2 =="
|
|
||||||
# bz1099206
|
# bz1099206
|
||||||
find $RPM_BUILD_ROOT%{goroot}/src -exec touch -r $RPM_BUILD_ROOT%{goroot}/VERSION "{}" \;
|
find $RPM_BUILD_ROOT%{goroot}/src -exec touch -r $RPM_BUILD_ROOT%{goroot}/VERSION "{}" \;
|
||||||
# and level out all the built archives
|
# and level out all the built archives
|
||||||
@ -371,8 +416,11 @@ docs_list=$cwd/go-docs.list
|
|||||||
tests_list=$cwd/go-tests.list
|
tests_list=$cwd/go-tests.list
|
||||||
rm -f $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list $race_list
|
rm -f $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list $race_list
|
||||||
touch $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list $race_list
|
touch $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list $race_list
|
||||||
|
|
||||||
|
##################
|
||||||
|
# Register files #
|
||||||
|
##################
|
||||||
pushd $RPM_BUILD_ROOT%{goroot}
|
pushd $RPM_BUILD_ROOT%{goroot}
|
||||||
echo "== 3 =="
|
|
||||||
find src/ -type d -a \( ! -name testdata -a ! -ipath '*/testdata/*' \) -printf '%%%dir %{goroot}/%p\n' >> $src_list
|
find src/ -type d -a \( ! -name testdata -a ! -ipath '*/testdata/*' \) -printf '%%%dir %{goroot}/%p\n' >> $src_list
|
||||||
find src/ ! -type d -a \( ! -ipath '*/testdata/*' -a ! -name '*_test.go' \) -printf '%{goroot}/%p\n' >> $src_list
|
find src/ ! -type d -a \( ! -ipath '*/testdata/*' -a ! -name '*_test.go' \) -printf '%{goroot}/%p\n' >> $src_list
|
||||||
|
|
||||||
@ -386,7 +434,6 @@ pushd $RPM_BUILD_ROOT%{goroot}
|
|||||||
find misc/ ! -type d -printf '%{goroot}/%p\n' >> $misc_list
|
find misc/ ! -type d -printf '%{goroot}/%p\n' >> $misc_list
|
||||||
|
|
||||||
%if %{shared}
|
%if %{shared}
|
||||||
echo "== 4 =="
|
|
||||||
mkdir -p %{buildroot}/%{_libdir}/
|
mkdir -p %{buildroot}/%{_libdir}/
|
||||||
mkdir -p %{buildroot}/%{golibdir}/
|
mkdir -p %{buildroot}/%{golibdir}/
|
||||||
for file in $(find . -iname "*.so" ); do
|
for file in $(find . -iname "*.so" ); do
|
||||||
@ -402,16 +449,6 @@ echo "== 4 =="
|
|||||||
find pkg/*_dynlink/ -type d -printf '%%%dir %{goroot}/%p\n' >> $shared_list
|
find pkg/*_dynlink/ -type d -printf '%%%dir %{goroot}/%p\n' >> $shared_list
|
||||||
find pkg/*_dynlink/ ! -type d -printf '%{goroot}/%p\n' >> $shared_list
|
find pkg/*_dynlink/ ! -type d -printf '%{goroot}/%p\n' >> $shared_list
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
echo "== 5 =="
|
|
||||||
|
|
||||||
%if %{race}
|
|
||||||
|
|
||||||
find pkg/*_race/ -type d -printf '%%%dir %{goroot}/%p\n' >> $race_list
|
|
||||||
find pkg/*_race/ ! -type d -printf '%{goroot}/%p\n' >> $race_list
|
|
||||||
|
|
||||||
%endif
|
|
||||||
|
|
||||||
find test/ -type d -printf '%%%dir %{goroot}/%p\n' >> $tests_list
|
find test/ -type d -printf '%%%dir %{goroot}/%p\n' >> $tests_list
|
||||||
find test/ ! -type d -printf '%{goroot}/%p\n' >> $tests_list
|
find test/ ! -type d -printf '%{goroot}/%p\n' >> $tests_list
|
||||||
find src/ -type d -a \( -name testdata -o -ipath '*/testdata/*' \) -printf '%%%dir %{goroot}/%p\n' >> $tests_list
|
find src/ -type d -a \( -name testdata -o -ipath '*/testdata/*' \) -printf '%%%dir %{goroot}/%p\n' >> $tests_list
|
||||||
@ -420,7 +457,6 @@ echo "== 5 =="
|
|||||||
find lib/ -type d -printf '%%%dir %{goroot}/%p\n' >> $tests_list
|
find lib/ -type d -printf '%%%dir %{goroot}/%p\n' >> $tests_list
|
||||||
find lib/ ! -type d -printf '%{goroot}/%p\n' >> $tests_list
|
find lib/ ! -type d -printf '%{goroot}/%p\n' >> $tests_list
|
||||||
popd
|
popd
|
||||||
echo "== 6 =="
|
|
||||||
# remove the doc Makefile
|
# remove the doc Makefile
|
||||||
rm -rfv $RPM_BUILD_ROOT%{goroot}/doc/Makefile
|
rm -rfv $RPM_BUILD_ROOT%{goroot}/doc/Makefile
|
||||||
|
|
||||||
@ -435,7 +471,7 @@ mkdir -p $RPM_BUILD_ROOT%{gopath}/src/github.com
|
|||||||
mkdir -p $RPM_BUILD_ROOT%{gopath}/src/bitbucket.org
|
mkdir -p $RPM_BUILD_ROOT%{gopath}/src/bitbucket.org
|
||||||
mkdir -p $RPM_BUILD_ROOT%{gopath}/src/code.google.com/p
|
mkdir -p $RPM_BUILD_ROOT%{gopath}/src/code.google.com/p
|
||||||
mkdir -p $RPM_BUILD_ROOT%{gopath}/src/golang.org/x
|
mkdir -p $RPM_BUILD_ROOT%{gopath}/src/golang.org/x
|
||||||
echo "== 7 =="
|
|
||||||
# make sure these files exist and point to alternatives
|
# make sure these files exist and point to alternatives
|
||||||
rm -f $RPM_BUILD_ROOT%{_bindir}/go
|
rm -f $RPM_BUILD_ROOT%{_bindir}/go
|
||||||
ln -sf /etc/alternatives/go $RPM_BUILD_ROOT%{_bindir}/go
|
ln -sf /etc/alternatives/go $RPM_BUILD_ROOT%{_bindir}/go
|
||||||
@ -446,40 +482,74 @@ ln -sf /etc/alternatives/gofmt $RPM_BUILD_ROOT%{_bindir}/gofmt
|
|||||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/gdbinit.d
|
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/gdbinit.d
|
||||||
cp -av %{SOURCE100} $RPM_BUILD_ROOT%{_sysconfdir}/gdbinit.d/golang.gdb
|
cp -av %{SOURCE100} $RPM_BUILD_ROOT%{_sysconfdir}/gdbinit.d/golang.gdb
|
||||||
|
|
||||||
echo "== END OF INSTALL =="
|
# prelink blacklist
|
||||||
|
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/prelink.conf.d
|
||||||
|
cp -av %{SOURCE101} $RPM_BUILD_ROOT%{_sysconfdir}/prelink.conf.d/golang.conf
|
||||||
|
|
||||||
|
%if %{fips}
|
||||||
|
# Quick fix for the rhbz#2014704
|
||||||
|
sed -i 's/const defaultGO_LDSO = `.*`/const defaultGO_LDSO = ``/' $RPM_BUILD_ROOT%{goroot}/src/internal/buildcfg/zbootstrap.go
|
||||||
|
%endif
|
||||||
|
|
||||||
%check
|
%check
|
||||||
|
echo ">>> check <<<"
|
||||||
export GOROOT=$(pwd -P)
|
export GOROOT=$(pwd -P)
|
||||||
export PATH="$GOROOT"/bin:"$PATH"
|
export PATH="$GOROOT"/bin:"$PATH"
|
||||||
cd src
|
cd src
|
||||||
|
|
||||||
|
# Add some sanity checks.
|
||||||
|
echo "GO VERSION:"
|
||||||
|
go version
|
||||||
|
|
||||||
|
echo "GO ENVIRONMENT:"
|
||||||
|
go env
|
||||||
|
|
||||||
export CC="gcc"
|
export CC="gcc"
|
||||||
export CFLAGS="$RPM_OPT_FLAGS"
|
export CFLAGS="$RPM_OPT_FLAGS"
|
||||||
export LDFLAGS="$RPM_LD_FLAGS"
|
export LDFLAGS="$RPM_LD_FLAGS"
|
||||||
%if !%{external_linker}
|
%if !%{external_linker}
|
||||||
export GO_LDFLAGS="-linkmode internal"
|
export GO_LDFLAGS="-linkmode internal"
|
||||||
|
%else
|
||||||
|
export GO_LDFLAGS="-extldflags '$RPM_LD_FLAGS'"
|
||||||
%endif
|
%endif
|
||||||
%if !%{cgo_enabled} || !%{external_linker}
|
%if !%{cgo_enabled} || !%{external_linker}
|
||||||
export CGO_ENABLED=0
|
export CGO_ENABLED=0
|
||||||
%endif
|
%endif
|
||||||
# workaround for https://github.com/golang/go/issues/39466 until it gests fixed
|
|
||||||
# Commented until the patch is ready, this workaround suggested in the link above
|
|
||||||
# doesn't work properly
|
|
||||||
#ifarch aarch64
|
|
||||||
#export CGO_CFLAGS="-mno-outline-atomics"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
# make sure to not timeout
|
# make sure to not timeout
|
||||||
export GO_TEST_TIMEOUT_SCALE=2
|
export GO_TEST_TIMEOUT_SCALE=2
|
||||||
|
|
||||||
|
export GO_TEST_RUN=""
|
||||||
|
%ifarch aarch64
|
||||||
|
export GO_TEST_RUN="-run=!testshared"
|
||||||
|
%endif
|
||||||
|
|
||||||
%if %{fail_on_tests}
|
%if %{fail_on_tests}
|
||||||
./run.bash --no-rebuild -v -v -v -k
|
./run.bash --no-rebuild -v -v -v -k $go_test_run
|
||||||
|
|
||||||
|
%if %{fips}
|
||||||
|
# tested25519vectors needs network connectivity but it should be cover by
|
||||||
|
# this test https://pkgs.devel.redhat.com/cgit/tests/golang/tree/regression/internal-testsuite/runtest.sh#n127
|
||||||
|
|
||||||
|
# run tests with fips enabled.
|
||||||
|
export GOLANG_FIPS=1
|
||||||
|
export OPENSSL_FORCE_FIPS_MODE=1
|
||||||
|
pushd crypto
|
||||||
|
# run all crypto tests but skip tls, we will run fips specific tls tests later
|
||||||
|
go test $(go list ./... | grep -v tls) -v
|
||||||
|
# check that signature functions have parity between boring and notboring
|
||||||
|
cgo_enabled=0 go test $(go list ./... | grep -v tls) -v
|
||||||
|
popd
|
||||||
|
# run all fips specific tls tests
|
||||||
|
pushd crypto/tls
|
||||||
|
go test -v -run "Boring"
|
||||||
|
popd
|
||||||
|
%endif
|
||||||
%else
|
%else
|
||||||
./run.bash --no-rebuild -v -v -v -k || :
|
./run.bash --no-rebuild -v -v -v -k || :
|
||||||
%endif
|
%endif
|
||||||
cd ..
|
cd ..
|
||||||
|
|
||||||
|
|
||||||
%post bin
|
%post bin
|
||||||
%{_sbindir}/update-alternatives --install %{_bindir}/go \
|
%{_sbindir}/update-alternatives --install %{_bindir}/go \
|
||||||
go %{goroot}/bin/go 90 \
|
go %{goroot}/bin/go 90 \
|
||||||
@ -512,10 +582,12 @@ fi
|
|||||||
%dir %{gopath}/src/golang.org
|
%dir %{gopath}/src/golang.org
|
||||||
%dir %{gopath}/src/golang.org/x
|
%dir %{gopath}/src/golang.org/x
|
||||||
|
|
||||||
|
|
||||||
# gdbinit (for gdb debugging)
|
# gdbinit (for gdb debugging)
|
||||||
%{_sysconfdir}/gdbinit.d
|
%{_sysconfdir}/gdbinit.d
|
||||||
|
|
||||||
|
# prelink blacklist
|
||||||
|
%{_sysconfdir}/prelink.conf.d
|
||||||
|
|
||||||
%files src -f go-src.list
|
%files src -f go-src.list
|
||||||
|
|
||||||
%files docs -f go-docs.list
|
%files docs -f go-docs.list
|
||||||
@ -534,13 +606,9 @@ fi
|
|||||||
%files shared -f go-shared.list
|
%files shared -f go-shared.list
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if %{race}
|
|
||||||
%files race -f go-race.list
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Jun 06 2023 Alejandro Sáez <asm@redhat.com> - 1.20.5-1
|
* Tue Jun 13 2023 Alejandro Sáez <asm@redhat.com> - 1.20.4-3
|
||||||
- Update to go 1.20.5
|
- Add FIPS support for RHEL targets
|
||||||
|
|
||||||
* Tue May 02 2023 Alejandro Sáez <asm@redhat.com> - 1.20.4-1
|
* Tue May 02 2023 Alejandro Sáez <asm@redhat.com> - 1.20.4-1
|
||||||
- Update to go1.20.4
|
- Update to go1.20.4
|
||||||
|
3
sources
3
sources
@ -1 +1,2 @@
|
|||||||
SHA512 (go1.20.5.src.tar.gz) = 94cecb366cd9d9722b53e52ea3b0a5715a9e9dc21da0273dd3db9354557f71b9501b018125ef073dacc2e59125335f436cea1151cd8df0d60e2ad513f841905c
|
SHA512 (go1.20.4.src.tar.gz) = 43898325bab48c24e533f360a2c7de356a8a56946602e727b5bcd4a62ff4f64fd750e2650032f7e0525b0699e40e506d79446e16838f097e6bdc2a16f10d81be
|
||||||
|
SHA512 (go1.20.4-3-openssl-fips.tar.gz) = b3c3a61e44e61c0e4feb1c499d194630d0c9466cfd06daf86e523c0b54933f5a63d350dc0eef3f0f38dc30598fb1a636f14812a0d3d56f9673da1b9f373d5513
|
||||||
|
Loading…
Reference in New Issue
Block a user