From 719e8af44211394e7b9b4282894750a6c2bf3006 Mon Sep 17 00:00:00 2001 From: James Antill Date: Mon, 8 Aug 2022 12:28:34 -0400 Subject: [PATCH] Import rpm: ec522a5d51384d88d0ee6bcc4755dee91a61007c --- .gitignore | 1 + README.md | 65 ++ cgo-lto-fix.patch | 289 +++++ disable_static_external_tests.patch | 310 ++++++ fedora.go | 7 + fix_TestScript_list_std.patch | 13 + gating.yaml | 6 + go1.5-zoneinfo_testing_only.patch | 73 ++ golang-gdbinit | 1 + golang-prelink.conf | 3 + golang.spec | 1242 ++++++++++++++++++++++ openssl_deprecated_algorithm_tests.patch | 112 ++ remove_ed25519vectors_test.patch | 128 +++ rhbz1955035.patch | 42 + skip_test_rhbz1939923.patch | 12 + sources | 1 + 16 files changed, 2305 insertions(+) create mode 100644 .gitignore create mode 100644 README.md create mode 100644 cgo-lto-fix.patch create mode 100644 disable_static_external_tests.patch create mode 100644 fedora.go create mode 100644 fix_TestScript_list_std.patch create mode 100644 gating.yaml create mode 100644 go1.5-zoneinfo_testing_only.patch create mode 100644 golang-gdbinit create mode 100644 golang-prelink.conf create mode 100644 golang.spec create mode 100644 openssl_deprecated_algorithm_tests.patch create mode 100644 remove_ed25519vectors_test.patch create mode 100644 rhbz1955035.patch create mode 100644 skip_test_rhbz1939923.patch create mode 100644 sources diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c5f42e5 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/go1.18.2-1-openssl-fips.tar.gz diff --git a/README.md b/README.md new file mode 100644 index 0000000..8cef4e4 --- /dev/null +++ b/README.md @@ -0,0 +1,65 @@ +# Golang + +## Introduction + +This package holds the spec file and related patches for the Golang package. +The golang package is part of the larger go-toolset meta package. + +## Sources + +This particular branch provides Go 1.16.x. The sources for this branch can be +found at https://pagure.io/go/tree/go1.16-openssl-fips. The reason the source is +coming from a pagure fork as opposed to an upstream tarball is due to certain +patches we have written and currently maintain in order to claim FIPS compliance +by calling into OpenSSL. Shipping a forked version of the toolchain is not the +ideal scenario, and there is work in progress with upstream to enable us to +instead ship a pure upstream toolchain and include a crypto module in go-toolset +which will satisfy our FIPS requirements. + +The current fork is based on an upstream branch[[0]] which uses +boringcrypto[[1]] instead of OpenSSL. + +If you need to make changes to the source for a rebase or bug fix, check out the +pagure repo and switch to the branch listed above. Once you have made your +changes you can test them locally with `./all.bash`. You may want to export +`GOLANG_FIPS=1` before running that if you want to verify the FIPS codepaths are +correct. Please note however that the test suite does not fully expect FIPS +compliance, and will attempt to test non FIPS compliant code paths. The easiest +way to test your changes correctly is to create a tarball locally and execute a +mockbuild using this packge, which knows how to correctly run the testsuite in +both FIPS and non-FIPS modes. + +NOTE: The way pagure previously handled uploaded releases has changed, and +releases must be tagged in the appropriate branch, from which pagure will +generate source tarballs. + +## Testing & building changes + +The first test you should run is a local mockbuild. This can be done with the +rhpkg command: + +``` +rhpkg mockbuild +``` + +Once everything builds and passes locally you'll likely want to perform a +scratch build. This will ensure that the changes you made build and run +correctly on all architectures that this package supports. The best way to do +this is to run a scratch build from your local sources without first having to +push them. This ensures your changes are correct before commiting them to the +repo. This can also be done via the following rhpkg command: + +``` +rhpkg scratch-build --srpm +``` + +Once your scratch build has passed you can execute a real build: + +``` +rhpkg build +``` + +--- + +[0] https://github.com/golang/go/tree/dev.boringcrypto +[1] https://opensource.google.com/projects/boringssl diff --git a/cgo-lto-fix.patch b/cgo-lto-fix.patch new file mode 100644 index 0000000..2aca0e3 --- /dev/null +++ b/cgo-lto-fix.patch @@ -0,0 +1,289 @@ +From 24e9707cbfa6b1ed6abdd4b11f9ddaf3aac5ad88 Mon Sep 17 00:00:00 2001 +From: Ian Lance Taylor +Date: Tue, 25 May 2021 16:31:41 -0700 +Subject: [PATCH] cmd/link, cmd/cgo: support -flto in CFLAGS + +The linker now accepts unrecognized object files in external linking mode. +These objects will simply be passed to the external linker. +This permits using -flto which can generate pure byte code objects, +whose symbol table the linker does not know how to read. + +The cgo tool now passes -fno-lto when generating objects whose symbols +it needs to read. The cgo tool now emits matching types in different +objects, so that the lto linker does not report a mismatch. + +This is based on https://golang.org/cl/293290 by Derek Parker. + +For #43505 +Fixes #43830 +Fixes #46295 + +Change-Id: I6787de213417466784ddef5af8899e453b4ae1ad +Reviewed-on: https://go-review.googlesource.com/c/go/+/322614 +Trust: Ian Lance Taylor +Run-TryBot: Ian Lance Taylor +TryBot-Result: Go Bot +Reviewed-by: Michael Hudson-Doyle +--- + +diff --git a/src/cmd/cgo/gcc.go b/src/cmd/cgo/gcc.go +index ae61725..a73e998 100644 +--- a/src/cmd/cgo/gcc.go ++++ b/src/cmd/cgo/gcc.go +@@ -1638,6 +1638,8 @@ + c = append(c, "-maix64") + c = append(c, "-mcmodel=large") + } ++ // disable LTO so we get an object whose symbols we can read ++ c = append(c, "-fno-lto") + c = append(c, "-") //read input from standard input + return c + } +diff --git a/src/cmd/cgo/out.go b/src/cmd/cgo/out.go +index 8c31d5b..94152f4 100644 +--- a/src/cmd/cgo/out.go ++++ b/src/cmd/cgo/out.go +@@ -168,8 +168,18 @@ + if *gccgo { + fmt.Fprintf(fc, "extern byte *%s;\n", n.C) + } else { +- fmt.Fprintf(fm, "extern char %s[];\n", n.C) +- fmt.Fprintf(fm, "void *_cgohack_%s = %s;\n\n", n.C, n.C) ++ // Force a reference to all symbols so that ++ // the external linker will add DT_NEEDED ++ // entries as needed on ELF systems. ++ // Treat function variables differently ++ // to avoid type confict errors from LTO ++ // (Link Time Optimization). ++ if n.Kind == "fpvar" { ++ fmt.Fprintf(fm, "extern void %s();\n", n.C) ++ } else { ++ fmt.Fprintf(fm, "extern char %s[];\n", n.C) ++ fmt.Fprintf(fm, "void *_cgohack_%s = %s;\n\n", n.C, n.C) ++ } + fmt.Fprintf(fgo2, "//go:linkname __cgo_%s %s\n", n.C, n.C) + fmt.Fprintf(fgo2, "//go:cgo_import_static %s\n", n.C) + fmt.Fprintf(fgo2, "var __cgo_%s byte\n", n.C) +@@ -1042,7 +1052,7 @@ + fmt.Fprintf(fgo2, "//go:cgo_export_static _cgoexp%s_%s\n", cPrefix, exp.ExpName) + fmt.Fprintf(fgo2, "func _cgoexp%s_%s(a *%s) {\n", cPrefix, exp.ExpName, gotype) + +- fmt.Fprintf(fm, "int _cgoexp%s_%s;\n", cPrefix, exp.ExpName) ++ fmt.Fprintf(fm, "void _cgoexp%s_%s(void* p){}\n", cPrefix, exp.ExpName) + + if gccResult != "void" { + // Write results back to frame. +diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go +index 50bf80b..bc49c6d 100644 +--- a/src/cmd/dist/test.go ++++ b/src/cmd/dist/test.go +@@ -722,14 +722,29 @@ + }, + }) + if t.hasCxx() { +- t.tests = append(t.tests, distTest{ +- name: "swig_callback", +- heading: "../misc/swig/callback", +- fn: func(dt *distTest) error { +- t.addCmd(dt, "misc/swig/callback", t.goTest()) +- return nil ++ t.tests = append(t.tests, ++ distTest{ ++ name: "swig_callback", ++ heading: "../misc/swig/callback", ++ fn: func(dt *distTest) error { ++ t.addCmd(dt, "misc/swig/callback", t.goTest()) ++ return nil ++ }, + }, +- }) ++ distTest{ ++ name: "swig_callback_lto", ++ heading: "../misc/swig/callback", ++ fn: func(dt *distTest) error { ++ cmd := t.addCmd(dt, "misc/swig/callback", t.goTest()) ++ cmd.Env = append(os.Environ(), ++ "CGO_CFLAGS=-flto", ++ "CGO_CXXFLAGS=-flto", ++ "CGO_LDFLAGS=-flto", ++ ) ++ return nil ++ }, ++ }, ++ ) + } + } + } +diff --git a/src/cmd/go/testdata/script/cgo_lto2_issue43830.txt b/src/cmd/go/testdata/script/cgo_lto2_issue43830.txt +new file mode 100644 +index 0000000..e2483ba +--- /dev/null ++++ b/src/cmd/go/testdata/script/cgo_lto2_issue43830.txt +@@ -0,0 +1,33 @@ ++# tests golang.org/issue/43830 ++ ++[!cgo] skip 'skipping test without cgo' ++[openbsd] env CC='clang' ++[openbsd] [!exec:clang] skip 'skipping test without clang present' ++[!openbsd] env CC='gcc' ++[!openbsd] [!exec:gcc] skip 'skipping test without gcc present' ++ ++env CGO_CFLAGS='-Wno-ignored-optimization-argument -flto -ffat-lto-objects' ++ ++go build main.go ++ ++-- main.go -- ++ ++package main ++ ++import "fmt" ++ ++// #include "hello.h" ++import "C" ++ ++func main() { ++ hello := C.hello ++ fmt.Printf("%v\n", hello) ++} ++ ++-- hello.h -- ++ ++#include ++ ++void hello(void) { ++ printf("hello\n"); ++} +diff --git a/src/cmd/go/testdata/script/cgo_lto_issue43830.txt b/src/cmd/go/testdata/script/cgo_lto_issue43830.txt +new file mode 100644 +index 0000000..06ab2f3 +--- /dev/null ++++ b/src/cmd/go/testdata/script/cgo_lto_issue43830.txt +@@ -0,0 +1,39 @@ ++# tests golang.org/issue/43830 ++ ++[!cgo] skip 'skipping test without cgo' ++[openbsd] env CC='clang' ++[openbsd] [!exec:clang] skip 'skipping test without clang present' ++[!openbsd] env CC='gcc' ++[!openbsd] [!exec:gcc] skip 'skipping test without gcc present' ++ ++env CGO_CFLAGS='-Wno-ignored-optimization-argument -flto -ffat-lto-objects' ++ ++go build main.go add.go ++ ++-- main.go -- ++ ++package main ++ ++/* ++int c_add(int a, int b) { ++ return myadd(a, b); ++} ++*/ ++import "C" ++ ++func main() { ++ println(C.c_add(1, 2)) ++} ++ ++-- add.go -- ++ ++package main ++ ++import "C" ++ ++/* test */ ++ ++//export myadd ++func myadd(a C.int, b C.int) C.int { ++ return a + b ++} +diff --git a/src/cmd/link/internal/ld/ar.go b/src/cmd/link/internal/ld/ar.go +index 22f53a4..23915f9 100644 +--- a/src/cmd/link/internal/ld/ar.go ++++ b/src/cmd/link/internal/ld/ar.go +@@ -124,6 +124,10 @@ + + libgcc := sym.Library{Pkg: "libgcc"} + h := ldobj(ctxt, f, &libgcc, l, pname, name) ++ if h.ld == nil { ++ Errorf(nil, "%s unrecognized object file at offset %d", name, off) ++ continue ++ } + f.MustSeek(h.off, 0) + h.ld(ctxt, f, h.pkg, h.length, h.pn) + } +diff --git a/src/cmd/link/internal/ld/config.go b/src/cmd/link/internal/ld/config.go +index ae0d752..20f1d0b 100644 +--- a/src/cmd/link/internal/ld/config.go ++++ b/src/cmd/link/internal/ld/config.go +@@ -241,6 +241,10 @@ + return true, "dynamically linking with a shared library" + } + ++ if unknownObjFormat { ++ return true, "some input objects have an unrecognized file format" ++ } ++ + return false, "" + } + +@@ -248,7 +252,7 @@ + // + // It is called after flags are processed and inputs are processed, + // so the ctxt.LinkMode variable has an initial value from the -linkmode +-// flag and the iscgo externalobj variables are set. ++// flag and the iscgo, externalobj, and unknownObjFormat variables are set. + func determineLinkMode(ctxt *Link) { + extNeeded, extReason := mustLinkExternal(ctxt) + via := "" +diff --git a/src/cmd/link/internal/ld/lib.go b/src/cmd/link/internal/ld/lib.go +index e8f001b..644faeb 100644 +--- a/src/cmd/link/internal/ld/lib.go ++++ b/src/cmd/link/internal/ld/lib.go +@@ -343,10 +343,16 @@ + const pkgdef = "__.PKGDEF" + + var ( +- // Set if we see an object compiled by the host compiler that is not +- // from a package that is known to support internal linking mode. ++ // externalobj is set to true if we see an object compiled by ++ // the host compiler that is not from a package that is known ++ // to support internal linking mode. + externalobj = false +- theline string ++ ++ // unknownObjFormat is set to true if we see an object whose ++ // format we don't recognize. ++ unknownObjFormat = false ++ ++ theline string + ) + + func Lflag(ctxt *Link, arg string) { +@@ -1065,6 +1071,10 @@ + } + + f.MustSeek(h.off, 0) ++ if h.ld == nil { ++ Errorf(nil, "%s: unrecognized object file format", h.pn) ++ continue ++ } + h.ld(ctxt, f, h.pkg, h.length, h.pn) + f.Close() + } +@@ -1855,6 +1865,14 @@ + return ldhostobj(ldxcoff, ctxt.HeadType, f, pkg, length, pn, file) + } + ++ if c1 != 'g' || c2 != 'o' || c3 != ' ' || c4 != 'o' { ++ // An unrecognized object is just passed to the external linker. ++ // If we try to read symbols from this object, we will ++ // report an error at that time. ++ unknownObjFormat = true ++ return ldhostobj(nil, ctxt.HeadType, f, pkg, length, pn, file) ++ } ++ + /* check the header */ + line, err := f.ReadString('\n') + if err != nil { diff --git a/disable_static_external_tests.patch b/disable_static_external_tests.patch new file mode 100644 index 0000000..55181ca --- /dev/null +++ b/disable_static_external_tests.patch @@ -0,0 +1,310 @@ +diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go +index d9eb9c3..506f979 100644 +--- a/src/cmd/dist/test.go ++++ b/src/cmd/dist/test.go +@@ -1180,18 +1180,20 @@ func (t *tester) cgoTest(dt *distTest) error { + fmt.Println("No support for static linking found (lacks libc.a?), skip cgo static linking test.") + } else { + if goos != "android" { +- t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`) ++ t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, "-tags=no_openssl") + } + t.addCmd(dt, "misc/cgo/nocgo", t.goTest()) + t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external`) + if goos != "android" { +- t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`) ++ t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-ldflags", `-linkmode=external -extldflags "-static -pthread"`, "-tags=no_openssl") ++ /* + t.addCmd(dt, "misc/cgo/test", t.goTest(), "-tags=static", "-ldflags", `-linkmode=external -extldflags "-static -pthread"`) + // -static in CGO_LDFLAGS triggers a different code path + // than -static in -extldflags, so test both. + // See issue #16651. + cmd := t.addCmd(dt, "misc/cgo/test", t.goTest(), "-tags=static") + setEnv(cmd, "CGO_LDFLAGS", "-static -pthread") ++ */ + } + } + +@@ -1201,7 +1203,7 @@ func (t *tester) cgoTest(dt *distTest) error { + t.addCmd(dt, "misc/cgo/test", t.goTest(), "-buildmode=pie", "-ldflags=-linkmode=internal", "-tags=internal,internal_pie") + } + t.addCmd(dt, "misc/cgo/testtls", t.goTest(), "-buildmode=pie") +- t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-buildmode=pie") ++ t.addCmd(dt, "misc/cgo/nocgo", t.goTest(), "-buildmode=pie", "-tags=no_openssl") + } + } + } +diff --git a/src/crypto/internal/boring/aes.go b/src/crypto/internal/boring/aes.go +index a495bd7..2c6107b 100644 +--- a/src/crypto/internal/boring/aes.go ++++ b/src/crypto/internal/boring/aes.go +@@ -2,8 +2,8 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl +-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl ++//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static ++// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static + + package boring + +diff --git a/src/crypto/internal/boring/aes_test.go b/src/crypto/internal/boring/aes_test.go +index 3b4c364..371bc20 100644 +--- a/src/crypto/internal/boring/aes_test.go ++++ b/src/crypto/internal/boring/aes_test.go +@@ -1,9 +1,5 @@ +-// +build linux +-// +build !android +-// +build !no_openssl +-// +build !cmd_go_bootstrap +-// +build !msan +-// +build cgo ++//go:build linux && !android && !no_openssl && !cmd_go_bootstrap && !msan && cgo && !static ++// +build linux,!android,!no_openssl,!cmd_go_bootstrap,!msan,cgo,!static + + package boring + +diff --git a/src/crypto/internal/boring/boring.go b/src/crypto/internal/boring/boring.go +index ec6e80c..05431b1 100644 +--- a/src/crypto/internal/boring/boring.go ++++ b/src/crypto/internal/boring/boring.go +@@ -2,8 +2,8 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl +-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl ++//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static ++// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static + + package boring + +diff --git a/src/crypto/internal/boring/ecdsa.go b/src/crypto/internal/boring/ecdsa.go +index f72da41..33ee442 100644 +--- a/src/crypto/internal/boring/ecdsa.go ++++ b/src/crypto/internal/boring/ecdsa.go +@@ -2,8 +2,8 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl +-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl ++//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static ++// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static + + package boring + +diff --git a/src/crypto/internal/boring/goboringcrypto.h b/src/crypto/internal/boring/goboringcrypto.h +index 4547ade..b8aaae4 100644 +--- a/src/crypto/internal/boring/goboringcrypto.h ++++ b/src/crypto/internal/boring/goboringcrypto.h +@@ -1,6 +1,12 @@ + // Copyright 2017 The Go Authors. All rights reserved. + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. ++// +build linux ++// +build !android ++// +build !no_openssl ++// +build !cmd_go_bootstrap ++// +build !msan ++// +build !static + + // This header file describes the BoringCrypto ABI as built for use in Go. + // The BoringCrypto build for Go (which generates goboringcrypto_*.syso) +diff --git a/src/crypto/internal/boring/goopenssl.h b/src/crypto/internal/boring/goopenssl.h +index 4820385..ac41482 100644 +--- a/src/crypto/internal/boring/goopenssl.h ++++ b/src/crypto/internal/boring/goopenssl.h +@@ -6,6 +6,7 @@ + // +build !no_openssl + // +build !cmd_go_bootstrap + // +build !msan ++// +build !static + + // This header file describes the OpenSSL ABI as built for use in Go. + +diff --git a/src/crypto/internal/boring/hmac.go b/src/crypto/internal/boring/hmac.go +index 4e913c3..10cfbb3 100644 +--- a/src/crypto/internal/boring/hmac.go ++++ b/src/crypto/internal/boring/hmac.go +@@ -2,8 +2,8 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl +-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl ++//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static ++// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static + + package boring + +diff --git a/src/crypto/internal/boring/notboring.go b/src/crypto/internal/boring/notboring.go +index e513834..08c5245 100644 +--- a/src/crypto/internal/boring/notboring.go ++++ b/src/crypto/internal/boring/notboring.go +@@ -2,8 +2,8 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl +-// +build !linux !cgo android cmd_go_bootstrap msan no_openssl ++//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static ++// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static + + package boring + +diff --git a/src/crypto/internal/boring/openssl_ecdsa_signature.c b/src/crypto/internal/boring/openssl_ecdsa_signature.c +index 710d074..853be3d 100644 +--- a/src/crypto/internal/boring/openssl_ecdsa_signature.c ++++ b/src/crypto/internal/boring/openssl_ecdsa_signature.c +@@ -3,6 +3,7 @@ + // +build !no_openssl + // +build !cmd_go_bootstrap + // +build !msan ++// +build !static + + #include "goboringcrypto.h" + +diff --git a/src/crypto/internal/boring/openssl_evp.c b/src/crypto/internal/boring/openssl_evp.c +index 36be702..331dfd3 100644 +--- a/src/crypto/internal/boring/openssl_evp.c ++++ b/src/crypto/internal/boring/openssl_evp.c +@@ -3,6 +3,7 @@ + // +build !no_openssl + // +build !cmd_go_bootstrap + // +build !msan ++// +build !static + + #include "goboringcrypto.h" + +diff --git a/src/crypto/internal/boring/openssl_lock_setup.c b/src/crypto/internal/boring/openssl_lock_setup.c +index 955924e..c0f3435 100644 +--- a/src/crypto/internal/boring/openssl_lock_setup.c ++++ b/src/crypto/internal/boring/openssl_lock_setup.c +@@ -3,6 +3,7 @@ + // +build !no_openssl + // +build !cmd_go_bootstrap + // +build !msan ++// +build !static + + #include "goboringcrypto.h" + #include +diff --git a/src/crypto/internal/boring/openssl_port_aead_gcm.c b/src/crypto/internal/boring/openssl_port_aead_gcm.c +index b39bf54..80c933a 100644 +--- a/src/crypto/internal/boring/openssl_port_aead_gcm.c ++++ b/src/crypto/internal/boring/openssl_port_aead_gcm.c +@@ -4,6 +4,7 @@ + // +build !no_openssl + // +build !cmd_go_bootstrap + // +build !msan ++// +build !static + + #include "goboringcrypto.h" + #include +diff --git a/src/crypto/internal/boring/openssl_port_ctr128.c b/src/crypto/internal/boring/openssl_port_ctr128.c +index abaff5c..e2263a5 100644 +--- a/src/crypto/internal/boring/openssl_port_ctr128.c ++++ b/src/crypto/internal/boring/openssl_port_ctr128.c +@@ -3,6 +3,7 @@ + // +build !no_openssl + // +build !cmd_go_bootstrap + // +build !msan ++// +build !static + + #include "goboringcrypto.h" + +diff --git a/src/crypto/internal/boring/openssl_port_evp_md5_sha1.c b/src/crypto/internal/boring/openssl_port_evp_md5_sha1.c +index 8418c38..39bf3ae 100644 +--- a/src/crypto/internal/boring/openssl_port_evp_md5_sha1.c ++++ b/src/crypto/internal/boring/openssl_port_evp_md5_sha1.c +@@ -4,6 +4,7 @@ + // +build !no_openssl + // +build !cmd_go_bootstrap + // +build !msan ++// +build !static + + // The following is a partial backport of crypto/evp/m_md5_sha1.c, + // commit cbc8a839959418d8a2c2e3ec6bdf394852c9501e on the +diff --git a/src/crypto/internal/boring/openssl_port_hmac.c b/src/crypto/internal/boring/openssl_port_hmac.c +index be7c71a..35e1860 100644 +--- a/src/crypto/internal/boring/openssl_port_hmac.c ++++ b/src/crypto/internal/boring/openssl_port_hmac.c +@@ -4,6 +4,8 @@ + // +build !no_openssl + // +build !cmd_go_bootstrap + // +build !msan ++// +build !static ++ + + #include "goboringcrypto.h" + +diff --git a/src/crypto/internal/boring/openssl_port_rsa.c b/src/crypto/internal/boring/openssl_port_rsa.c +index 5174f66..a8008e9 100644 +--- a/src/crypto/internal/boring/openssl_port_rsa.c ++++ b/src/crypto/internal/boring/openssl_port_rsa.c +@@ -4,6 +4,7 @@ + // +build !no_openssl + // +build !cmd_go_bootstrap + // +build !msan ++// +build !static + + #include "goboringcrypto.h" + +diff --git a/src/crypto/internal/boring/openssl_stub_rand.c b/src/crypto/internal/boring/openssl_stub_rand.c +index 18d6777..e8ac53b 100644 +--- a/src/crypto/internal/boring/openssl_stub_rand.c ++++ b/src/crypto/internal/boring/openssl_stub_rand.c +@@ -3,6 +3,7 @@ + // +build !no_openssl + // +build !cmd_go_bootstrap + // +build !msan ++// +build !static + + #include "goboringcrypto.h" + #include +diff --git a/src/crypto/internal/boring/rand.go b/src/crypto/internal/boring/rand.go +index e9c334f..3adbd4d 100644 +--- a/src/crypto/internal/boring/rand.go ++++ b/src/crypto/internal/boring/rand.go +@@ -2,8 +2,8 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl +-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl ++//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static ++// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static + + package boring + +diff --git a/src/crypto/internal/boring/rsa.go b/src/crypto/internal/boring/rsa.go +index b1a2f57..0cabadb 100644 +--- a/src/crypto/internal/boring/rsa.go ++++ b/src/crypto/internal/boring/rsa.go +@@ -2,8 +2,8 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl +-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl ++//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static ++// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static + + package boring + +diff --git a/src/crypto/internal/boring/sha.go b/src/crypto/internal/boring/sha.go +index bdcc782..6184d6c 100644 +--- a/src/crypto/internal/boring/sha.go ++++ b/src/crypto/internal/boring/sha.go +@@ -2,8 +2,8 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl +-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl ++//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static ++// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static + + package boring + diff --git a/fedora.go b/fedora.go new file mode 100644 index 0000000..81b28ba --- /dev/null +++ b/fedora.go @@ -0,0 +1,7 @@ +// +build rpm_crashtraceback + +package runtime + +func init() { + setTraceback("crash") +} diff --git a/fix_TestScript_list_std.patch b/fix_TestScript_list_std.patch new file mode 100644 index 0000000..ade3711 --- /dev/null +++ b/fix_TestScript_list_std.patch @@ -0,0 +1,13 @@ +diff --git a/src/cmd/go/testdata/script/list_std.txt b/src/cmd/go/testdata/script/list_std.txt +index 6ab1bd1..4a00e43 100644 +--- a/src/cmd/go/testdata/script/list_std.txt ++++ b/src/cmd/go/testdata/script/list_std.txt +@@ -6,7 +6,7 @@ env GO111MODULE=off + # Listing GOROOT should only find standard packages. + cd $GOROOT/src + go list -f '{{if not .Standard}}{{.ImportPath}}{{end}}' ./... +-! stdout . ++stdout _$GOROOT + + # Standard packages should include cmd, but not cmd/vendor. + go list ./... diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..c190bde --- /dev/null +++ b/gating.yaml @@ -0,0 +1,6 @@ +--- !Policy +product_versions: + - rhel-9 +decision_context: osci_compose_gate +rules: + - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional} diff --git a/go1.5-zoneinfo_testing_only.patch b/go1.5-zoneinfo_testing_only.patch new file mode 100644 index 0000000..5f0046e --- /dev/null +++ b/go1.5-zoneinfo_testing_only.patch @@ -0,0 +1,73 @@ +diff --git a/src/time/internal_test.go b/src/time/internal_test.go +index f0dddb7..415949a 100644 +--- a/src/time/internal_test.go ++++ b/src/time/internal_test.go +@@ -4,13 +4,15 @@ + + package time + ++import "runtime" ++ + func init() { + // force US/Pacific for time zone tests + ForceUSPacificForTesting() + } + + func initTestingZone() { +- z, err := loadLocation("America/Los_Angeles", zoneSources[len(zoneSources)-1:]) ++ z, err := loadLocation("America/Los_Angeles", zoneSources) + if err != nil { + panic("cannot load America/Los_Angeles for testing: " + err.Error() + "; you may want to use -tags=timetzdata") + } +@@ -21,8 +23,9 @@ func initTestingZone() { + var OrigZoneSources = zoneSources + + func forceZipFileForTesting(zipOnly bool) { +- zoneSources = make([]string, len(OrigZoneSources)) ++ zoneSources = make([]string, len(OrigZoneSources)+1) + copy(zoneSources, OrigZoneSources) ++ zoneSources = append(zoneSources, runtime.GOROOT()+"/lib/time/zoneinfo.zip") + if zipOnly { + zoneSources = zoneSources[len(zoneSources)-1:] + } +diff --git a/src/time/zoneinfo_test.go b/src/time/zoneinfo_test.go +index f032aa7..e3e5547 100644 +--- a/src/time/zoneinfo_test.go ++++ b/src/time/zoneinfo_test.go +@@ -9,6 +9,7 @@ import ( + "fmt" + "os" + "reflect" ++ "runtime" + "testing" + "time" + ) +@@ -137,7 +138,7 @@ func TestLoadLocationFromTZData(t *testing.T) { + t.Fatal(err) + } + +- tzinfo, err := time.LoadTzinfo(locationName, time.OrigZoneSources[len(time.OrigZoneSources)-1]) ++ tzinfo, err := time.LoadTzinfo(locationName, runtime.GOROOT()+"/lib/time/zoneinfo.zip") + if err != nil { + t.Fatal(err) + } +diff --git a/src/time/zoneinfo_unix.go b/src/time/zoneinfo_unix.go +index 23f8b3c..228db1b 100644 +--- a/src/time/zoneinfo_unix.go ++++ b/src/time/zoneinfo_unix.go +@@ -12,7 +12,6 @@ + package time + + import ( +- "runtime" + "syscall" + ) + +@@ -22,7 +21,6 @@ var zoneSources = []string{ + "/usr/share/zoneinfo/", + "/usr/share/lib/zoneinfo/", + "/usr/lib/locale/TZ/", +- runtime.GOROOT() + "/lib/time/zoneinfo.zip", + } + + func initLocal() { diff --git a/golang-gdbinit b/golang-gdbinit new file mode 100644 index 0000000..4ef690b --- /dev/null +++ b/golang-gdbinit @@ -0,0 +1 @@ +add-auto-load-safe-path /usr/lib/golang/src/pkg/runtime/runtime-gdb.py diff --git a/golang-prelink.conf b/golang-prelink.conf new file mode 100644 index 0000000..471e8e6 --- /dev/null +++ b/golang-prelink.conf @@ -0,0 +1,3 @@ +# there are ELF files in src which are testdata and shouldn't be modified +-b /usr/lib/golang/src +-b /usr/lib64/golang/src diff --git a/golang.spec b/golang.spec new file mode 100644 index 0000000..0beb42b --- /dev/null +++ b/golang.spec @@ -0,0 +1,1242 @@ +%undefine _missing_build_ids_terminate_build + +%global bcond_with strict_fips + +# build ids are not currently generated: +# https://code.google.com/p/go/issues/detail?id=5238 +# +# also, debuginfo extraction currently fails with +# "Failed to write file: invalid section alignment" +%global debug_package %{nil} + +# we are shipping the full contents of src in the data subpackage, which +# contains binary-like things (ELF data for tests, etc) +%global _binaries_in_noarch_packages_terminate_build 0 + +# Do not check any files in doc or src for requires +%global __requires_exclude_from ^(%{_datadir}|/usr/lib)/%{name}/(doc|src)/.*$ + +# Don't alter timestamps of especially the .a files (or else go will rebuild later) +# Actually, don't strip at all since we are not even building debug packages and this corrupts the dwarf testdata +%global __strip /bin/true + +# rpmbuild magic to keep from having meta dependency on libc.so.6 +%define _use_internal_dependency_generator 0 +%define __find_requires %{nil} +%global __spec_install_post /usr/lib/rpm/check-rpaths /usr/lib/rpm/check-buildroot \ + /usr/lib/rpm/brp-compress + +# Define GOROOT macros +%global goroot %{_prefix}/lib/%{name} +%global gopath %{_datadir}/gocode +%global golang_arches x86_64 aarch64 ppc64le s390x +%global golibdir %{_libdir}/%{name} + +# Golang build options. + +# Build golang using external/internal(close to cgo disabled) linking. +%ifarch x86_64 ppc64le %{arm} aarch64 s390x +%global external_linker 1 +%else +%global external_linker 0 +%endif + +# Build golang with cgo enabled/disabled(later equals more or less to internal linking). +%ifarch x86_64 ppc64le %{arm} aarch64 s390x +%global cgo_enabled 1 +%else +%global cgo_enabled 0 +%endif + +# Use golang/gcc-go as bootstrap compiler +%ifarch %{golang_arches} +%global golang_bootstrap 1 +%else +%global golang_bootstrap 0 +%endif + +# Controls what ever we fail on failed tests +%ifarch x86_64 %{arm} aarch64 ppc64le +%global fail_on_tests 1 +%else +%global fail_on_tests 0 +%endif + +# Build golang shared objects for stdlib +%ifarch 0 +%global shared 1 +%else +%global shared 0 +%endif + +# Pre build std lib with -race enabled +%ifarch x86_64 +%global race 1 +%else +%global race 0 +%endif + +%ifarch x86_64 +%global gohostarch amd64 +%endif +%ifarch %{arm} +%global gohostarch arm +%endif +%ifarch aarch64 +%global gohostarch arm64 +%endif +%ifarch ppc64 +%global gohostarch ppc64 +%endif +%ifarch ppc64le +%global gohostarch ppc64le +%endif +%ifarch s390x +%global gohostarch s390x +%endif + +%global go_api 1.18 +%global go_version 1.18.2 +%global pkg_release 1 + +Name: golang +Version: %{go_version} +Release: 1%{?dist} +Summary: The Go Programming Language +# source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain +License: BSD and Public Domain +URL: http://golang.org/ +Source0: https://github.com/golang-fips/go/archive/refs/tags/go%{go_version}-%{pkg_release}-openssl-fips.tar.gz +# make possible to override default traceback level at build time by setting build tag rpm_crashtraceback +Source1: fedora.go + +# The compiler is written in Go. Needs go(1.4+) compiler for build. +# Actual Go based bootstrap compiler provided by above source. +%if !%{golang_bootstrap} +BuildRequires: gcc-go >= 5 +%else +BuildRequires: golang +%endif +%if 0%{?rhel} > 6 || 0%{?fedora} > 0 +BuildRequires: hostname +%else +BuildRequires: net-tools +%endif +# For OpenSSL FIPS +BuildRequires: openssl-devel +# for tests +BuildRequires: pcre-devel, glibc-static, perl + +Provides: go = %{version}-%{release} +Requires: %{name}-bin = %{version}-%{release} +Requires: %{name}-src = %{version}-%{release} +Requires: openssl-devel +Requires: diffutils + +# we had been just removing the zoneinfo.zip, but that caused tests to fail for users that +# later run `go test -a std`. This makes it only use the zoneinfo.zip where needed in tests. +Patch215: go1.5-zoneinfo_testing_only.patch + +# Proposed patch by jcajka https://golang.org/cl/86541 +Patch221: fix_TestScript_list_std.patch + +# static linking of dlopen is unsupported +Patch226: disable_static_external_tests.patch + +Patch223: remove_ed25519vectors_test.patch + +# Having documentation separate was broken +Obsoletes: %{name}-docs < 1.1-4 + +# RPM can't handle symlink -> dir with subpackages, so merge back +Obsoletes: %{name}-data < 1.1.1-4 + +# These are the only RHEL/Fedora architectures that we compile this package for +ExclusiveArch: %{golang_arches} + +Source100: golang-gdbinit +Source101: golang-prelink.conf + +%description +%{summary}. + +%package docs +Summary: Golang compiler docs +Requires: %{name} = %{version}-%{release} +BuildArch: noarch +Obsoletes: %{name}-docs < 1.1-4 + +%description docs +%{summary}. + +%package misc +Summary: Golang compiler miscellaneous sources +Requires: %{name} = %{version}-%{release} +BuildArch: noarch + +%description misc +%{summary}. + +%package tests +Summary: Golang compiler tests for stdlib +Requires: %{name} = %{version}-%{release} +BuildArch: noarch + +%description tests +%{summary}. + +%package src +Summary: Golang compiler source tree +BuildArch: noarch + +%description src +%{summary} + +%package bin +Summary: Golang core compiler tools +Requires: %{name} = %{version}-%{release} + +# We strip the meta dependency, but go does require glibc. +# This is an odd issue, still looking for a better fix. +Requires: glibc +Requires: /usr/bin/gcc +%description bin +%{summary} + +# Workaround old RPM bug of symlink-replaced-with-dir failure +%pretrans -p +for _,d in pairs({"api", "doc", "include", "lib", "src"}) do + path = "%{goroot}/" .. d + if posix.stat(path, "type") == "link" then + os.remove(path) + posix.mkdir(path) + end +end + +%if %{shared} +%package shared +Summary: Golang shared object libraries + +%description shared +%{summary}. +%endif + +%if %{race} +%package race +Summary: Golang std library with -race enabled + +Requires: %{name} = %{version}-%{release} + +%description race +%{summary} +%endif + +%prep +%setup -q -n go-go%{go_version}-%{pkg_release}-openssl-fips + +%patch215 -p1 +%patch221 -p1 +%patch223 -p1 +%patch226 -p1 + +cp %{SOURCE1} ./src/runtime/ + +%build +set -xe +# print out system information +uname -a +cat /proc/cpuinfo +cat /proc/meminfo + +# bootstrap compiler GOROOT +%if !%{golang_bootstrap} +export GOROOT_BOOTSTRAP=/ +%else +export GOROOT_BOOTSTRAP=/opt/rh/go-toolset-1.10/root/usr/lib/go-toolset-1.10-golang +%endif + +# set up final install location +export GOROOT_FINAL=%{goroot} + +export GOHOSTOS=linux +export GOHOSTARCH=%{gohostarch} + +pushd src +# use our gcc options for this build, but store gcc as default for compiler +export CFLAGS="$RPM_OPT_FLAGS" +export LDFLAGS="$RPM_LD_FLAGS" +export CC="gcc" +export CC_FOR_TARGET="gcc" +export GOOS=linux +export GOARCH=%{gohostarch} + +DEFAULT_GO_LD_FLAGS="" +%if !%{external_linker} +export GO_LDFLAGS="-linkmode internal $DEFAULT_GO_LD_FLAGS" +%else +# Only pass a select subset of the external hardening flags. We do not pass along +# the default $RPM_LD_FLAGS as on certain arches Go does not fully, correctly support +# building in PIE mode. +export GO_LDFLAGS="\"-extldflags=-Wl,-z,now,-z,relro\" $DEFAULT_GO_LD_FLAGS" +%endif +%if !%{cgo_enabled} +export CGO_ENABLED=0 +%endif +./make.bash --no-clean +popd + +# build shared std lib +%if %{shared} +GOROOT=$(pwd) PATH=$(pwd)/bin:$PATH go install -buildmode=shared std +%endif + +%if %{race} +GOROOT=$(pwd) PATH=$(pwd)/bin:$PATH go install -race std +%endif + + +%install + +rm -rf $RPM_BUILD_ROOT + +# create the top level directories +mkdir -p $RPM_BUILD_ROOT%{_bindir} +mkdir -p $RPM_BUILD_ROOT%{goroot} + +# remove bootstrap binaries +rm -rf pkg/bootstrap/bin + +# install everything into libdir (until symlink problems are fixed) +# https://code.google.com/p/go/issues/detail?id=5830 +cp -apv api bin doc lib pkg src misc test VERSION \ + $RPM_BUILD_ROOT%{goroot} + +# bz1099206 +find $RPM_BUILD_ROOT%{goroot}/src -exec touch -r $RPM_BUILD_ROOT%{goroot}/VERSION "{}" \; +# and level out all the built archives +touch $RPM_BUILD_ROOT%{goroot}/pkg +find $RPM_BUILD_ROOT%{goroot}/pkg -exec touch -r $RPM_BUILD_ROOT%{goroot}/pkg "{}" \; +# generate the spec file ownership of this source tree and packages +cwd=$(pwd) +src_list=$cwd/go-src.list +pkg_list=$cwd/go-pkg.list +shared_list=$cwd/go-shared.list +race_list=$cwd/go-race.list +misc_list=$cwd/go-misc.list +docs_list=$cwd/go-docs.list +tests_list=$cwd/go-tests.list +rm -f $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list $race_list +touch $src_list $pkg_list $docs_list $misc_list $tests_list $shared_list $race_list +pushd $RPM_BUILD_ROOT%{goroot} + find src/ -type d -a \( ! -name testdata -a ! -ipath '*/testdata/*' \) -printf '%%%dir %{goroot}/%p\n' >> $src_list + find src/ ! -type d -a \( ! -ipath '*/testdata/*' -a ! -name '*_test*.go' \) -printf '%{goroot}/%p\n' >> $src_list + + find bin/ pkg/ -type d -a ! -path '*_dynlink/*' -a ! -path '*_race/*' -printf '%%%dir %{goroot}/%p\n' >> $pkg_list + find bin/ pkg/ ! -type d -a ! -path '*_dynlink/*' -a ! -path '*_race/*' -printf '%{goroot}/%p\n' >> $pkg_list + + find doc/ -type d -printf '%%%dir %{goroot}/%p\n' >> $docs_list + find doc/ ! -type d -printf '%{goroot}/%p\n' >> $docs_list + + find misc/ -type d -printf '%%%dir %{goroot}/%p\n' >> $misc_list + find misc/ ! -type d -printf '%{goroot}/%p\n' >> $misc_list + +%if %{shared} + mkdir -p %{buildroot}/%{_libdir}/ + mkdir -p %{buildroot}/%{golibdir}/ + for file in $(find . -iname "*.so" ); do + chmod 755 $file + mv $file %{buildroot}/%{golibdir} + pushd $(dirname $file) + ln -fs %{golibdir}/$(basename $file) $(basename $file) + popd + echo "%%{goroot}/$file" >> $shared_list + echo "%%{golibdir}/$(basename $file)" >> $shared_list + done + + find pkg/*_dynlink/ -type d -printf '%%%dir %{goroot}/%p\n' >> $shared_list + find pkg/*_dynlink/ ! -type d -printf '%{goroot}/%p\n' >> $shared_list +%endif + +%if %{race} + + find pkg/*_race/ -type d -printf '%%%dir %{goroot}/%p\n' >> $race_list + find pkg/*_race/ ! -type d -printf '%{goroot}/%p\n' >> $race_list + +%endif + + find test/ -type d -printf '%%%dir %{goroot}/%p\n' >> $tests_list + find test/ ! -type d -printf '%{goroot}/%p\n' >> $tests_list + find src/ -type d -a \( -name testdata -o -ipath '*/testdata/*' \) -printf '%%%dir %{goroot}/%p\n' >> $tests_list + find src/ ! -type d -a \( -ipath '*/testdata/*' -o -name '*_test*.go' \) -printf '%{goroot}/%p\n' >> $tests_list + # this is only the zoneinfo.zip + find lib/ -type d -printf '%%%dir %{goroot}/%p\n' >> $tests_list + find lib/ ! -type d -printf '%{goroot}/%p\n' >> $tests_list +popd + +# remove the doc Makefile +rm -rfv $RPM_BUILD_ROOT%{goroot}/doc/Makefile + +# put binaries to bindir, linked to the arch we're building, +# leave the arch independent pieces in {goroot} +mkdir -p $RPM_BUILD_ROOT%{goroot}/bin/linux_%{gohostarch} +ln -sf %{goroot}/bin/go $RPM_BUILD_ROOT%{_bindir}/go +ln -sf %{goroot}/bin/gofmt $RPM_BUILD_ROOT%{_bindir}/gofmt + +# ensure these exist and are owned +mkdir -p $RPM_BUILD_ROOT%{gopath}/src/github.com +mkdir -p $RPM_BUILD_ROOT%{gopath}/src/bitbucket.org +mkdir -p $RPM_BUILD_ROOT%{gopath}/src/code.google.com/p +mkdir -p $RPM_BUILD_ROOT%{gopath}/src/golang.org/x + +# gdbinit +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/gdbinit.d +cp -av %{SOURCE100} $RPM_BUILD_ROOT%{_sysconfdir}/gdbinit.d/golang.gdb + +# prelink blacklist +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/prelink.conf.d +cp -av %{SOURCE101} $RPM_BUILD_ROOT%{_sysconfdir}/prelink.conf.d/golang.conf + +# Quick fix for the rhbz#2014704 +sed -i 's/const defaultGO_LDSO = `.*`/const defaultGO_LDSO = ``/' $RPM_BUILD_ROOT%{goroot}/src/internal/buildcfg/zbootstrap.go + +%check +export GOROOT=$(pwd -P) +export PATH="$GOROOT"/bin:"$PATH" +cd src + +# Add some sanity checks. +echo "GO VERSION:" +go version + +echo "GO ENVIRONMENT:" +go env + +export CC="gcc" +export CFLAGS="$RPM_OPT_FLAGS" +export LDFLAGS="$RPM_LD_FLAGS" +%if !%{external_linker} +export GO_LDFLAGS="-linkmode internal" +%else +export GO_LDFLAGS="-extldflags '$RPM_LD_FLAGS'" +%endif +%if !%{cgo_enabled} || !%{external_linker} +export CGO_ENABLED=0 +%endif + +# make sure to not timeout +export GO_TEST_TIMEOUT_SCALE=2 + +export GO_TEST_RUN="" +%ifarch aarch64 + export GO_TEST_RUN="-run=!testshared" +%endif + +%if %{fail_on_tests} + +# TestEd25519Vectors needs network connectivity but it should be cover by +# this test https://pkgs.devel.redhat.com/cgit/tests/golang/tree/Regression/internal-testsuite/runtest.sh#n127 +export DISABLE_Ed25519_TEST="-run=!^TestEd25519Vectors$" + +./run.bash --no-rebuild -v -v -v -k $GO_TEST_RUN $DISABLE_Ed25519_TEST + +# Run tests with FIPS enabled. +export GOLANG_FIPS=1 +pushd crypto + # Run all crypto tests but skip TLS, we will run FIPS specific TLS tests later + go test $(go list ./... | grep -v tls) -v $DISABLE_Ed25519_TEST + # Check that signature functions have parity between boring and notboring + CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v $DISABLE_Ed25519_TEST +popd +# Run all FIPS specific TLS tests +pushd crypto/tls + go test -v -run "Boring" $DISABLE_Ed25519_TEST +popd +%else +./run.bash --no-rebuild -v -v -v -k || : +%endif +cd .. + +%files + +%doc AUTHORS CONTRIBUTORS LICENSE PATENTS +# VERSION has to be present in the GOROOT, for `go install std` to work +%doc %{goroot}/VERSION +%dir %{goroot}/doc +%doc %{goroot}/doc/* + +# go files +%dir %{goroot} +%exclude %{goroot}/bin/ +%exclude %{goroot}/pkg/ +%exclude %{goroot}/src/ +%exclude %{goroot}/doc/ +%exclude %{goroot}/misc/ +%exclude %{goroot}/test/ +%{goroot}/* + +# ensure directory ownership, so they are cleaned up if empty +%dir %{gopath} +%dir %{gopath}/src +%dir %{gopath}/src/github.com/ +%dir %{gopath}/src/bitbucket.org/ +%dir %{gopath}/src/code.google.com/ +%dir %{gopath}/src/code.google.com/p/ +%dir %{gopath}/src/golang.org +%dir %{gopath}/src/golang.org/x + +# gdbinit (for gdb debugging) +%{_sysconfdir}/gdbinit.d + +# prelink blacklist +%{_sysconfdir}/prelink.conf.d + + +%files -f go-src.list src + +%files -f go-docs.list docs + +%files -f go-misc.list misc + +%files -f go-tests.list tests + +%files -f go-pkg.list bin +%{_bindir}/go +%{_bindir}/gofmt + +%if %{shared} +%files -f go-shared.list shared +%endif + +%if %{race} +%files -f go-race.list race +%endif + +%changelog +* Thu Jun 16 2022 David Benoit - 1.18.2-1 +- Update to Go 1.18.2 +- Related: rhbz#2075162 + +* Mon Apr 18 2022 David Benoit - 1.18.0-2 +- Enable SHA1 in some contexts +- Related: rhbz#2075162 + +* Wed Apr 13 2022 David Benoit - 1.18.0-1 +- Update Go to 1.18.0 +- Resolves: rhbz#2075162 + +* Thu Feb 17 2022 David Benoit - 1.17.7-1 +- Rebase to Go 1.17.7 +- Remove fips memory leak patch (fixed in tree) +- Resolves: rhbz#2015930 + +* Fri Dec 10 2021 David Benoit - 1.17.5-1 +- Rebase to Go 1.17.5 +- Remove vdso_s390x_gettime patch +- Resolves: rhbz#2031112 +- Related: rhbz#2028570 + +* Fri Dec 03 2021 David Benoit - 1.17.4-1 +- Rebase Go to 1.17.4 +- Add remove_waitgroup_misuse_tests patch +- Related: rhbz#2014088 +- Resolves: rhbz#2028570 +- Resolves: rhbz#2022828 +- Resolves: rhbz#2024686 +- Resolves: rhbz#2028662 + +* Wed Oct 27 2021 Alejandro Sáez - 1.17.2-2 +- Resolves: rhbz#2014704 + +* Tue Oct 12 2021 Alejandro Sáez - 1.17.2-1 +- Rebase to Go 1.17.2 +- Related: rhbz#2014088 +- Remove golang-1.15-warnCN.patch +- Remove reject-leading-zeros.patch +- Remove favicon.ico and robots.txt references +- Exclude TestEd25519Vectors test + +* Tue Aug 17 2021 David Benoit - 1.16.7-1 +- Rebase to Go 1.16.7 +- Resolves: rhbz#1994079 +- Add reject leading zeros patch +- Resolves: rhbz#1993314 + +* Wed Jul 21 2021 Derek Parker - 1.16.6-2 +- Fix TestBoringServerCurves failure when run by itself +- Resolves: rhbz#1976168 + +* Thu Jul 15 2021 David Benoit - 1.16.6-1 +- Rebase to go-1.16.6-1-openssl-fips +- Resolves: rhbz#1982281 +- Addresses CVE-2021-34558 + +* Tue Jul 06 2021 Alejandro Sáez - 1.16.5-1 +- Rebase to 1.16.5 +- Removes rhbz#1955032 patch, it's already included in this release +- Removes rhbz#1956891 patch, it's already included in this release +- Related: rhbz#1979677 +- Related: rhbz#1968738 +- Related: rhbz#1972420 + +* Thu Jun 17 2021 David Benoit - 1.16.4-3 +- Fix zero-size allocation memory leak. +- Related: rhbz#1951877 + +* Tue Jun 08 2021 David Benoit - 1.16.4-2 +- Resolves: rhbz#1951877 + +* Mon May 24 2021 Alejandro Sáez - 1.16.4-1 +- Rebase to go-1.16.4-1-openssl-fips + +* Tue May 04 2021 Alejandro Sáez - 1.16.1-3 +- Resolves: rhbz#1956891 + +* Thu Apr 29 2021 Alejandro Sáez - 1.16.1-2 +- Resolves: rhbz#1955032 + +* Wed Mar 17 2021 Alejandro Sáez - 1.16.1-1 +- Rebase to go-1.16.1-2-openssl-fips +- Resolves: rhbz#1938071 +- Adds a workaround for rhbz#1939923 +- Removes Patch224, it's on upstream -> rhbz#1888673 +- Removes Patch225, it's on upstream -> https://go-review.googlesource.com/c/text/+/238238 +- Removes old patches for cleaning purposes + +* Fri Jan 22 2021 David Benoit - 1.15.7-1 +- Rebase to 1.15.7 +- Resolves: rhbz#1870531 +- Resolves: rhbz#1919261 + +* Tue Nov 24 2020 David Benoit - 1.15.5-1 +- Rebase to 1.15.5 +- Resolves: rhbz#1898652 +- Resolves: rhbz#1898660 +- Resolves: rhbz#1898649 + +* Mon Nov 16 2020 David Benoit - 1.15.3-2 +- fix typo in patch file name +- Related: rhbz#1881539 + +* Thu Nov 12 2020 David Benoit - 1.15.3-1 +- Rebase to 1.15.3 +- fix x/text infinite loop +- Resolves: rhbz#1881539 + +* Tue Nov 03 2020 Alejandro Sáez - 1.15.2-2 +- Resolves: rhbz#1850045 + +* Mon Oct 19 2020 David Benoit - 1.15.2-1 +- Rebase to 1.15.2 +- fix rhbz#1872622 in commit af9a1b1f6567a1c5273a134d395bfe7bb840b7f8 +- Resolves: rhbz#1872622 +- add net/http graceful shutdown patch +- Resolves: rhbz#1888673 +- add x509warnCN patch +- Resolves: rhbz#1889437 + +* Wed Sep 09 2020 Alejandro Sáez - 1.15.0-1 +- Rebase to 1.15.0 +- Related: rhbz#1870531 + +* Thu Aug 27 2020 Alejandro Sáez - 1.14.7-2 +- Improve test suite +- Resolves: rhbz#1854693 + +* Tue Aug 18 2020 Alejandro Sáez - 1.14.7-1 +- Rebase to 1.14.7 + +* Mon Aug 03 2020 Alejandro Sáez - 1.14.6-1 +- Rebase to 1.14.6 +- Resolves: rhbz#1820596 + +* Wed Jul 08 2020 Alejandro Sáez - 1.14.4-2 +- Include patch to fix missing deferreturn on linux/ppc64le +- Resolves: rhbz#1854836 + +* Thu Jun 25 2020 Alejandro Sáez - 1.14.4-1 +- Rebase to 1.14.4 + +* Thu May 21 2020 Alejandro Sáez - 1.14.2-2 +- Remove i686 references +- Related: rhbz#1752991 + +* Wed May 06 2020 Alejandro Sáez - 1.14.2-1 +- Rebase to 1.14.2 +- Related: rhbz#1820596 + +* Wed Nov 27 2019 Alejandro Sáez - 1.13.4-2 +- Remove patches +- Related: rhbz#1747150 + +* Mon Nov 25 2019 Alejandro Sáez - 1.13.4-1 +- Rebase to 1.13.4 +- Related: rhbz#1747150 + +* Tue Sep 17 2019 Tom Stellard - 1.12.8-4 +- Reduce number of threads when testing on i686 + +* Wed Sep 11 2019 Tom Stellard - 1.12.8-3 +- Relax FIPS requirements to unblock OpenShift testing + +* Wed Aug 28 2019 Tom Stellard - 1.12.8-2 +- Rebase to 1.12.8 +- Resolves: rhbz#1745706 +- Resolves: rhbz#1745712 + +* Mon Aug 5 2019 Derek Parker - 1.12.6-3 +- Add README for more documentation +- Resolves: rhbz#1734788 + +* Fri Aug 2 2019 Derek Parker - 1.12.6-3 +- Revert some TLS FIPS changes for now +- Resolves: rhbz#1734788 + +* Thu Aug 1 2019 Derek Parker - 1.12.6-2 +- Updates to be less strict on key size in FIPS mode +- Resolves: rhbz#1734788 + +* Thu Jun 13 2019 Derek Parker - 1.12.6-1 +- Rebase to 1.12.6 +- Resolves: rhbz#1677819 + +* Thu Jun 13 2019 Derek Parker - 1.12.5-2 +- Remove macros present in go-compiler +- Resolves: rhbz#1700109 + +* Wed Jun 12 2019 Derek Parker - 1.12.5-1 +- Rebase to 1.12.5 +- Resolves: rhbz#1677819 + +* Wed May 29 2019 Derek Parker - 1.12.1-2 +- Lock OpenSSL to specific built version and include more initialization. +- Resolves: rhbz#1709603 + +* Fri May 10 2019 Derek Parker - 1.12.1-1 +- Rebase to 1.12.1 +- Include FIPS compliance updates +- Resolves: rhbz#1709603 + +* Thu Apr 4 2019 Derek Parker - 1.11.5-2 +- Include patch to fix CVE-2019-9741 +- Resolves: rhbz#1690443 + +* Mon Feb 18 2019 Derek Parker - 1.11.5-2 +- Switch to pagure fork for Go FIPS + +* Thu Feb 7 2019 Derek Parker - 1.11.5-1 +- Rebase to Go 1.11.5 +- Resolves: rhbz#1671277 +- Fixes CVE-2019-6486 + +* Thu Jan 3 2019 Derek Parker - 1.11.4-1 +- Rebase to Go 1.11.4 +- Fixes CVE-2018-16873, CVE-2018-16874, CVE-2018-16875 + +* Thu Dec 6 2018 Derek Parker - 1.11.2-1 +- Rebase to Go 1.11.2 + +* Fri Nov 16 2018 Derek Parker - 1.10.3-18 +- Remove SCL from macros + +* Wed Nov 7 2018 Derek Parker - 1.10.3-17 +- Prefer go-toolset over go-toolset-1.10 +- Resolves: rhbz#1630786 + +* Mon Nov 5 2018 Derek Parker - 1.10.3-16 +- Fix implicit syscall declaration warning + +* Mon Nov 5 2018 Derek Parker - 1.10.3-15 +- Remove usage of redhat hardening flag file, just pass a select few manually +- Resolves: rhbz#1642798 + +* Wed Oct 31 2018 Derek Parker - 1.10.3-14 +- Do not build toolchain in PIE mode +- Resolves: rhbz#1642798 + +* Fri Oct 26 2018 Derek Parker - 1.10.3-13 +- Fix setting of internal FIPS enabled flag +- Resolves: rhbz#1643653 + +* Wed Oct 10 2018 Derek Parker - 1.10.3-12 +- Pass external linker flags to fix annocheck errors +- Resolves: rhbz#1624421 + +* Wed Oct 10 2018 Derek Parker - 1.10.3-11 +- Fix UnreachableExceptTests false panic +- Resolves: rhbz#1634748 + +* Fri Oct 5 2018 Derek Parker - 1.10.3-10 +- Remove SCL, fix bug in boringcrypto with ecdsa +- Related: rhbz#1635066 +- Resolves: rhbz#1636221 + +* Wed Sep 26 2018 Derek Parker - 1.10.3-9 +- Add runtime FIPS detection patches +- Resolves: rhbz#1633351 + +* Fri Sep 21 2018 Derek Parker - 1.10.3-8 +- Add `gobuild` and `gotest` macros from go-compilers +- Resolves: rhbz#1631846 + +* Thu Sep 20 2018 Derek Parker - 1.10.3-7 +- Bootstrap package using old build of same package +- Resolves: rhbz#1630786 + +* Mon Aug 13 2018 Derek Parker - 1.10.3-6 +- Update stack allocation of OpenSSL type patch +- Resolves: rhbz#1615032 + +* Sat Aug 11 2018 Troy Dawson - 1.10.3-5 +- Build on i686 +- Related: bug#1614611 + +* Tue Aug 7 2018 Derek Parker - 1.10.3-4 +- Add patch fixing stack allocation of opaque OpenSSL type bug. +- Resolves: rhbz#1613538 + +* Thu Aug 2 2018 Derek Parker - 1.10.3-3 +- Add patch with tag to opt out of OpenSSL during build + +* Wed Jul 25 2018 Derek Parker - 1.10.3-2 +- Add runtime requirement for openssl-devel and misc updates + +* Tue Jul 24 2018 Derek Parker - 1.10.3-1 +- Bump to 1.10.3 + +* Tue Jul 24 2018 Derek Parker - 1.10.2-3 +- Prepare for module build + +* Wed Jun 27 2018 Derek Parker - 1.10.2-2 +- Include FIPS patches + +* Wed May 23 2018 Derek Parker - 1.10.2-1 +- Bump to Go 1.10.2 + +* Thu Mar 15 2018 Derek Parker - 1.10-1 +- Bump to Go 1.10 + +* Wed Oct 18 2017 Jakub Čajka - 1.8.5-1 +- Fix CVE-2017-15041 and CVE-2017-15042 +- Resolves: BZ#1499160, BZ#1498073, BZ#1512063 + +* Thu Aug 31 2017 Tom Stellard - 1.8.3-4 +- Explicitly require /usr/bin/gcc +- Resolves: #1487345 + +* Thu Jun 22 2017 Jakub Čajka - 1.8.3-3 +- apply asn1 patch +- add ppc64le trampolines patch + +* Wed Jun 14 2017 Jakub Čajka - 1.8.3-2 +- regular GTS build + +* Tue Jun 06 2017 Jakub Čajka - 1.8.3-1 +- initial GTS build + +* Fri Feb 10 2017 Fedora Release Engineering - 1.8-0.rc3.2.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Fri Jan 27 2017 Jakub Čajka - 1.8-0.rc3.2 +- make possible to override default traceback level at build time +- add sub-package race containing std lib built with -race enabled +- Related: BZ#1411242 + +* Fri Jan 27 2017 Jakub Čajka - 1.8-0.rc3.1 +- rebase to go1.8rc3 +- Resolves: BZ#1411242 + +* Fri Jan 20 2017 Jakub Čajka - 1.7.4-2 +- Resolves: BZ#1404679 +- expose IfInfomsg.X__ifi_pad on s390x + +* Fri Dec 02 2016 Jakub Čajka - 1.7.4-1 +- Bump to 1.7.4 +- Resolves: BZ#1400732 + +* Thu Nov 17 2016 Tom Callaway - 1.7.3-2 +- re-enable the NIST P-224 curve + +* Thu Oct 20 2016 Jakub Čajka - 1.7.3-1 +- Resolves: BZ#1387067 - golang-1.7.3 is available +- added fix for tests failing with latest tzdata + +* Fri Sep 23 2016 Jakub Čajka - 1.7.1-2 +- fix link failure due to relocation overflows on PPC64X + +* Thu Sep 08 2016 Jakub Čajka - 1.7.1-1 +- rebase to 1.7.1 +- Resolves: BZ#1374103 + +* Tue Aug 23 2016 Jakub Čajka - 1.7-1 +- update to released version +- related: BZ#1342090, BZ#1357394 + +* Mon Aug 08 2016 Jakub Čajka - 1.7-0.3.rc5 +- Obsolete golang-vet and golang-cover from golang-googlecode-tools package + vet/cover binaries are provided by golang-bin rpm (thanks to jchaloup) +- clean up exclusive arch after s390x boostrap +- resolves: #1268206 + +* Wed Aug 03 2016 Jakub Čajka - 1.7-0.2.rc5 +- rebase to go1.7rc5 +- Resolves: BZ#1342090 + +* Thu Jul 21 2016 Fedora Release Engineering - 1.7-0.1.rc2 +- https://fedoraproject.org/wiki/Changes/golang1.7 + +* Tue Jul 19 2016 Jakub Čajka - 1.7-0.0.rc2 +- rebase to 1.7rc2 +- added s390x build +- improved shared lib packaging +- Resolves: bz1357602 - CVE-2016-5386 +- Resolves: bz1342090, bz1342090 + +* Tue Apr 26 2016 Jakub Čajka - 1.6.2-1 +- rebase to 1.6.2 +- Resolves: bz1329206 - golang-1.6.2.src is available + +* Wed Apr 13 2016 Jakub Čajka - 1.6.1-1 +- rebase to 1.6.1 +- Resolves: bz1324344 - CVE-2016-3959 +- Resolves: bz1324951 - prelink is gone, /etc/prelink.conf.d/* is no longer used +- Resolves: bz1326366 - wrong epoll_event struct for ppc64le/ppc64 + +* Mon Feb 22 2016 Jakub Čajka - 1.6-1 +- Resolves: bz1304701 - rebase to go1.6 release +- Resolves: bz1304591 - fix possible stack miss-alignment in callCgoMmap + +* Wed Feb 03 2016 Fedora Release Engineering - 1.6-0.3.rc1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Fri Jan 29 2016 Jakub Čajka - 1.6-0.2.rc1 +- disabled cgo and external linking on ppc64 + +* Thu Jan 28 2016 Jakub Čajka - 1.6-0.1.rc1 +- Resolves bz1292640, rebase to pre-release 1.6 +- bootstrap for PowerPC +- fix rpmlint errors/warning + +* Thu Jan 14 2016 Jakub Čajka - 1.5.3-1 +- rebase to 1.5.3 +- resolves bz1293451, CVE-2015-8618 +- apply timezone patch, avoid using bundled data +- print out rpm build system info + +* Fri Dec 11 2015 Jakub Čajka - 1.5.2-2 +- bz1290543 Accept x509 certs with negative serial + +* Tue Dec 08 2015 Jakub Čajka - 1.5.2-1 +- bz1288263 rebase to 1.5.2 +- spec file clean up +- added build options +- scrubbed "Project Gutenberg License" + +* Mon Oct 19 2015 Vincent Batts - 1.5.1-1 +- bz1271709 include patch from upstream fix + +* Wed Sep 09 2015 Vincent Batts - 1.5.1-0 +- update to go1.5.1 + +* Fri Sep 04 2015 Vincent Batts - 1.5-8 +- bz1258166 remove srpm macros, for go-srpm-macros + +* Thu Sep 03 2015 Vincent Batts - 1.5-7 +- bz1258166 remove srpm macros, for go-srpm-macros + +* Thu Aug 27 2015 Vincent Batts - 1.5-6 +- starting a shared object subpackage. This will be x86_64 only until upstream supports more arches shared objects. + +* Thu Aug 27 2015 Vincent Batts - 1.5-5 +- bz991759 gdb path fix + +* Wed Aug 26 2015 Vincent Batts - 1.5-4 +- disable shared object until linux/386 is ironned out +- including the test/ directory for tests + +* Tue Aug 25 2015 Vincent Batts - 1.5-3 +- bz1256910 only allow the golang zoneinfo.zip to be used in tests +- bz1166611 add golang.org/x directory +- bz1256525 include stdlib shared object. This will let other libraries and binaries + build with `go build -buildmode=shared -linkshared ...` or similar. + +* Sun Aug 23 2015 Peter Robinson 1.5-2 +- Enable aarch64 +- Minor cleanups + +* Thu Aug 20 2015 Vincent Batts - 1.5-1 +- updating to go1.5 + +* Thu Aug 06 2015 Vincent Batts - 1.5-0.11.rc1 +- fixing the sources reference + +* Thu Aug 06 2015 Vincent Batts - 1.5-0.10.rc1 +- updating to go1.5rc1 +- checks are back in place + +* Tue Aug 04 2015 Vincent Batts - 1.5-0.9.beta3 +- pull in upstream archive/tar fix + +* Thu Jul 30 2015 Vincent Batts - 1.5-0.8.beta3 +- updating to go1.5beta3 + +* Thu Jul 30 2015 Vincent Batts - 1.5-0.7.beta2 +- add the patch .. + +* Thu Jul 30 2015 Vincent Batts - 1.5-0.6.beta2 +- increase ELFRESERVE (bz1248071) + +* Tue Jul 28 2015 Lokesh Mandvekar - 1.5-0.5.beta2 +- correct package version and release tags as per naming guidelines + +* Fri Jul 17 2015 Vincent Batts - 1.4.99-4.1.5beta2 +- adding test output, for visibility + +* Fri Jul 10 2015 Vincent Batts - 1.4.99-3.1.5beta2 +- updating to go1.5beta2 + +* Fri Jul 10 2015 Vincent Batts - 1.4.99-2.1.5beta1 +- add checksum to sources and fixed one patch + +* Fri Jul 10 2015 Vincent Batts - 1.4.99-1.1.5beta1 +- updating to go1.5beta1 + +* Wed Jun 17 2015 Fedora Release Engineering - 1.4.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Wed Mar 18 2015 Vincent Batts - 1.4.2-2 +- obsoleting deprecated packages + +* Wed Feb 18 2015 Vincent Batts - 1.4.2-1 +- updating to go1.4.2 + +* Fri Jan 16 2015 Vincent Batts - 1.4.1-1 +- updating to go1.4.1 + +* Fri Jan 02 2015 Vincent Batts - 1.4-2 +- doc organizing + +* Thu Dec 11 2014 Vincent Batts - 1.4-1 +- update to go1.4 release + +* Wed Dec 03 2014 Vincent Batts - 1.3.99-3.1.4rc2 +- update to go1.4rc2 + +* Mon Nov 17 2014 Vincent Batts - 1.3.99-2.1.4rc1 +- update to go1.4rc1 + +* Thu Oct 30 2014 Vincent Batts - 1.3.99-1.1.4beta1 +- update to go1.4beta1 + +* Thu Oct 30 2014 Vincent Batts - 1.3.3-3 +- macros will need to be in their own rpm + +* Fri Oct 24 2014 Vincent Batts - 1.3.3-2 +- split out rpm macros (bz1156129) +- progress on gccgo accomodation + +* Wed Oct 01 2014 Vincent Batts - 1.3.3-1 +- update to go1.3.3 (bz1146882) + +* Mon Sep 29 2014 Vincent Batts - 1.3.2-1 +- update to go1.3.2 (bz1147324) + +* Thu Sep 11 2014 Vincent Batts - 1.3.1-3 +- patching the tzinfo failure + +* Sat Aug 16 2014 Fedora Release Engineering - 1.3.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Wed Aug 13 2014 Vincent Batts - 1.3.1-1 +- update to go1.3.1 + +* Wed Aug 13 2014 Vincent Batts - 1.3-11 +- merged a line wrong + +* Wed Aug 13 2014 Vincent Batts - 1.3-10 +- more work to get cgo.a timestamps to line up, due to build-env +- explicitly list all the files and directories for the source and packages trees +- touch all the built archives to be the same + +* Mon Aug 11 2014 Vincent Batts - 1.3-9 +- make golang-src 'noarch' again, since that was not a fix, and takes up more space + +* Mon Aug 11 2014 Vincent Batts - 1.3-8 +- update timestamps of source files during %%install bz1099206 + +* Fri Aug 08 2014 Vincent Batts - 1.3-7 +- update timestamps of source during %%install bz1099206 + +* Wed Aug 06 2014 Vincent Batts - 1.3-6 +- make the source subpackage arch'ed, instead of noarch + +* Mon Jul 21 2014 Vincent Batts - 1.3-5 +- fix the writing of pax headers + +* Tue Jul 15 2014 Vincent Batts - 1.3-4 +- fix the loading of gdb safe-path. bz981356 + +* Tue Jul 08 2014 Vincent Batts - 1.3-3 +- `go install std` requires gcc, to build cgo. bz1105901, bz1101508 + +* Mon Jul 07 2014 Vincent Batts - 1.3-2 +- archive/tar memory allocation improvements + +* Thu Jun 19 2014 Vincent Batts - 1.3-1 +- update to go1.3 + +* Fri Jun 13 2014 Vincent Batts - 1.3rc2-1 +- update to go1.3rc2 + +* Sat Jun 07 2014 Fedora Release Engineering - 1.3rc1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Tue Jun 03 2014 Vincent Batts 1.3rc1-1 +- update to go1.3rc1 +- new arch file shuffling + +* Wed May 21 2014 Vincent Batts 1.3beta2-1 +- update to go1.3beta2 +- no longer provides go-mode for xemacs (emacs only) + +* Wed May 21 2014 Vincent Batts 1.2.2-7 +- bz1099206 ghost files are not what is needed + +* Tue May 20 2014 Vincent Batts 1.2.2-6 +- bz1099206 more fixing. The packages %%post need golang-bin present first + +* Tue May 20 2014 Vincent Batts 1.2.2-5 +- bz1099206 more fixing. Let go fix its own timestamps and freshness + +* Tue May 20 2014 Vincent Batts 1.2.2-4 +- fix the existence and alternatives of `go` and `gofmt` + +* Mon May 19 2014 Vincent Batts 1.2.2-3 +- bz1099206 fix timestamp issue caused by koji builders + +* Fri May 09 2014 Vincent Batts 1.2.2-2 +- more arch file shuffling + +* Fri May 09 2014 Vincent Batts 1.2.2-1 +- update to go1.2.2 + +* Thu May 08 2014 Vincent Batts 1.2.1-8 +- RHEL6 rpm macros can't %%exlude missing files + +* Wed May 07 2014 Vincent Batts 1.2.1-7 +- missed two arch-dependent src files + +* Wed May 07 2014 Vincent Batts 1.2.1-6 +- put generated arch-dependent src in their respective RPMs + +* Fri Apr 11 2014 Vincent Batts 1.2.1-5 +- skip test that is causing a SIGABRT on fc21 bz1086900 + +* Thu Apr 10 2014 Vincent Batts 1.2.1-4 +- fixing file and directory ownership bz1010713 + +* Wed Apr 09 2014 Vincent Batts 1.2.1-3 +- including more to macros (%%go_arches) +- set a standard goroot as /usr/lib/golang, regardless of arch +- include sub-packages for compiler toolchains, for all golang supported architectures + +* Wed Mar 26 2014 Vincent Batts 1.2.1-2 +- provide a system rpm macros. Starting with gopath + +* Tue Mar 04 2014 Adam Miller 1.2.1-1 +- Update to latest upstream + +* Thu Feb 20 2014 Adam Miller 1.2-7 +- Remove _BSD_SOURCE and _SVID_SOURCE, they are deprecated in recent + versions of glibc and aren't needed + +* Wed Feb 19 2014 Adam Miller 1.2-6 +- pull in upstream archive/tar implementation that supports xattr for + docker 0.8.1 + +* Tue Feb 18 2014 Vincent Batts 1.2-5 +- provide 'go', so users can yum install 'go' + +* Fri Jan 24 2014 Vincent Batts 1.2-4 +- skip a flaky test that is sporadically failing on the build server + +* Thu Jan 16 2014 Vincent Batts 1.2-3 +- remove golang-godoc dependency. cyclic dependency on compiling godoc + +* Wed Dec 18 2013 Vincent Batts - 1.2-2 +- removing P224 ECC curve + +* Mon Dec 2 2013 Vincent Batts - 1.2-1 +- Update to upstream 1.2 release +- remove the pax tar patches + +* Tue Nov 26 2013 Vincent Batts - 1.1.2-8 +- fix the rpmspec conditional for rhel and fedora + +* Thu Nov 21 2013 Vincent Batts - 1.1.2-7 +- patch tests for testing on rawhide +- let the same spec work for rhel and fedora + +* Wed Nov 20 2013 Vincent Batts - 1.1.2-6 +- don't symlink /usr/bin out to ../lib..., move the file +- seperate out godoc, to accomodate the go.tools godoc + +* Fri Sep 20 2013 Adam Miller - 1.1.2-5 +- Pull upstream patches for BZ#1010271 +- Add glibc requirement that got dropped because of meta dep fix + +* Fri Aug 30 2013 Adam Miller - 1.1.2-4 +- fix the libc meta dependency (thanks to vbatts [at] redhat.com for the fix) + +* Tue Aug 27 2013 Adam Miller - 1.1.2-3 +- Revert incorrect merged changelog + +* Tue Aug 27 2013 Adam Miller - 1.1.2-2 +- This was reverted, just a placeholder changelog entry for bad merge + +* Tue Aug 20 2013 Adam Miller - 1.1.2-1 +- Update to latest upstream + +* Sat Aug 03 2013 Fedora Release Engineering - 1.1.1-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Wed Jul 17 2013 Petr Pisar - 1.1.1-6 +- Perl 5.18 rebuild + +* Wed Jul 10 2013 Adam Goode - 1.1.1-5 +- Blacklist testdata files from prelink +- Again try to fix #973842 + +* Fri Jul 5 2013 Adam Goode - 1.1.1-4 +- Move src to libdir for now (#973842) (upstream issue https://code.google.com/p/go/issues/detail?id=5830) +- Eliminate noarch data package to work around RPM bug (#975909) +- Try to add runtime-gdb.py to the gdb safe-path (#981356) + +* Wed Jun 19 2013 Adam Goode - 1.1.1-3 +- Use lua for pretrans (http://fedoraproject.org/wiki/Packaging:Guidelines#The_.25pretrans_scriptlet) + +* Mon Jun 17 2013 Adam Goode - 1.1.1-2 +- Hopefully really fix #973842 +- Fix update from pre-1.1.1 (#974840) + +* Thu Jun 13 2013 Adam Goode - 1.1.1-1 +- Update to 1.1.1 +- Fix basically useless package (#973842) + +* Sat May 25 2013 Dan Horák - 1.1-3 +- set ExclusiveArch + +* Fri May 24 2013 Adam Goode - 1.1-2 +- Fix noarch package discrepancies + +* Fri May 24 2013 Adam Goode - 1.1-1 +- Initial Fedora release. +- Update to 1.1 + +* Thu May 9 2013 Adam Goode - 1.1-0.3.rc3 +- Update to rc3 + +* Thu Apr 11 2013 Adam Goode - 1.1-0.2.beta2 +- Update to beta2 + +* Tue Apr 9 2013 Adam Goode - 1.1-0.1.beta1 +- Initial packaging. diff --git a/openssl_deprecated_algorithm_tests.patch b/openssl_deprecated_algorithm_tests.patch new file mode 100644 index 0000000..46f8822 --- /dev/null +++ b/openssl_deprecated_algorithm_tests.patch @@ -0,0 +1,112 @@ +diff --git a/src/crypto/rsa/pkcs1v15_test.go b/src/crypto/rsa/pkcs1v15_test.go +index a4f2e2dbbe..76701d2e2b 100644 +--- a/src/crypto/rsa/pkcs1v15_test.go ++++ b/src/crypto/rsa/pkcs1v15_test.go +@@ -52,6 +52,7 @@ var decryptPKCS1v15Tests = []DecryptPKCS1v15Test{ + } + + func TestDecryptPKCS1v15(t *testing.T) { ++ t.Skip("not supported in FIPS mode") + decryptionFuncs := []func([]byte) ([]byte, error){ + func(ciphertext []byte) (plaintext []byte, err error) { + return DecryptPKCS1v15(nil, testRSA2048PrivateKey, ciphertext) +@@ -76,6 +77,7 @@ func TestDecryptPKCS1v15(t *testing.T) { + } + + func TestEncryptPKCS1v15(t *testing.T) { ++ t.Skip("not supported in FIPS mode") + random := rand.Reader + k := (testRSA2048PrivateKey.N.BitLen() + 7) / 8 + +@@ -137,6 +139,7 @@ var decryptPKCS1v15SessionKeyTests = []DecryptPKCS1v15Test{ + } + + func TestEncryptPKCS1v15SessionKey(t *testing.T) { ++ t.Skip("not supported in FIPS mode") + for i, test := range decryptPKCS1v15SessionKeyTests { + key := []byte("FAIL") + err := DecryptPKCS1v15SessionKey(nil, testRSA2048PrivateKey, decodeBase64(test.in), key) +@@ -151,6 +154,7 @@ func TestEncryptPKCS1v15SessionKey(t *testing.T) { + } + + func TestEncryptPKCS1v15DecrypterSessionKey(t *testing.T) { ++ t.Skip("not supported in FIPS mode") + for i, test := range decryptPKCS1v15SessionKeyTests { + plaintext, err := testRSA2048PrivateKey.Decrypt(rand.Reader, decodeBase64(test.in), &PKCS1v15DecryptOptions{SessionKeyLen: 4}) + if err != nil { +@@ -270,6 +274,7 @@ func TestUnpaddedSignature(t *testing.T) { + } + + func TestShortSessionKey(t *testing.T) { ++ t.Skip("not supported in FIPS mode") + // This tests that attempting to decrypt a session key where the + // ciphertext is too small doesn't run outside the array bounds. + ciphertext, err := EncryptPKCS1v15(rand.Reader, &testRSA2048PrivateKey.PublicKey, []byte{1}) +diff --git a/src/crypto/rsa/pss_test.go b/src/crypto/rsa/pss_test.go +index b547a87c71..99e7882866 100644 +--- a/src/crypto/rsa/pss_test.go ++++ b/src/crypto/rsa/pss_test.go +@@ -77,6 +77,7 @@ func TestEMSAPSS(t *testing.T) { + // TestPSSGolden tests all the test vectors in pss-vect.txt from + // ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1-vec.zip + func TestPSSGolden(t *testing.T) { ++ t.Skip("SHA1 not supported in boring mode") + inFile, err := os.Open("testdata/pss-vect.txt.bz2") + if err != nil { + t.Fatalf("Failed to open input file: %s", err) +diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go +index 9aa67655ab..2f4e666abb 100644 +--- a/src/crypto/rsa/rsa_test.go ++++ b/src/crypto/rsa/rsa_test.go +@@ -123,28 +123,29 @@ func testKeyBasics(t *testing.T, priv *PrivateKey) { + t.Errorf("private exponent too large") + } + +- if boring.Enabled() { +- // Cannot call encrypt/decrypt directly. Test via PKCS1v15. +- msg := []byte("hi!") +- if priv.Size() >= 256 { +- enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg) +- if err != nil { +- t.Errorf("EncryptPKCS1v15: %v", err) +- return +- } +- dec, err := DecryptPKCS1v15(rand.Reader, priv, enc) +- if err != nil { +- t.Errorf("DecryptPKCS1v15: %v", err) +- return +- } +- if !bytes.Equal(dec, msg) { +- t.Errorf("got:%x want:%x (%+v)", dec, msg, priv) +- } +- } else { +- t.Logf("skipping check for unsupported key less than 2048 bits") +- } +- return +- } ++ if boring.Enabled() { ++ // Cannot call encrypt/decrypt directly. Test via EncryptOAEP. ++ sha256 := sha256.New() ++ msg := []byte("hi!") ++ if priv.Size() >= 256 { ++ enc, err := EncryptOAEP(sha256, rand.Reader, &priv.PublicKey, msg, nil) ++ if err != nil { ++ t.Errorf("EncryptOAEP: %v", err) ++ return ++ } ++ dec, err := DecryptOAEP(sha256, rand.Reader, priv, enc, nil) ++ if err != nil { ++ t.Errorf("DecryptOAEP: %v", err) ++ return ++ } ++ if !bytes.Equal(dec, msg) { ++ t.Errorf("got:%x want:%x (%+v)", dec, msg, priv) ++ } ++ } else { ++ t.Logf("skipping check for unsupported key less than 2048 bits") ++ } ++ return ++ } + + pub := &priv.PublicKey + m := big.NewInt(42) diff --git a/remove_ed25519vectors_test.patch b/remove_ed25519vectors_test.patch new file mode 100644 index 0000000..45e3182 --- /dev/null +++ b/remove_ed25519vectors_test.patch @@ -0,0 +1,128 @@ +From d7cad65ab9179804e9f089ce97bc124e9ef79494 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= +Date: Wed, 15 Dec 2021 16:02:15 +0100 +Subject: [PATCH] Remove ed25519vectors_test.go + +--- + src/crypto/ed25519/ed25519vectors_test.go | 109 ---------------------- + 1 file changed, 109 deletions(-) + delete mode 100644 src/crypto/ed25519/ed25519vectors_test.go + +diff --git a/src/crypto/ed25519/ed25519vectors_test.go b/src/crypto/ed25519/ed25519vectors_test.go +deleted file mode 100644 +index 74fcdcdf4e..0000000000 +--- a/src/crypto/ed25519/ed25519vectors_test.go ++++ /dev/null +@@ -1,109 +0,0 @@ +-// Copyright 2021 The Go Authors. All rights reserved. +-// Use of this source code is governed by a BSD-style +-// license that can be found in the LICENSE file. +- +-package ed25519_test +- +-import ( +- "crypto/ed25519" +- "encoding/hex" +- "encoding/json" +- "internal/testenv" +- "os" +- "os/exec" +- "path/filepath" +- "testing" +-) +- +-// TestEd25519Vectors runs a very large set of test vectors that exercise all +-// combinations of low-order points, low-order components, and non-canonical +-// encodings. These vectors lock in unspecified and spec-divergent behaviors in +-// edge cases that are not security relevant in most contexts, but that can +-// cause issues in consensus applications if changed. +-// +-// Our behavior matches the "classic" unwritten verification rules of the +-// "ref10" reference implementation. +-// +-// Note that although we test for these edge cases, they are not covered by the +-// Go 1 Compatibility Promise. Applications that need stable verification rules +-// should use github.com/hdevalence/ed25519consensus. +-// +-// See https://hdevalence.ca/blog/2020-10-04-its-25519am for more details. +-func TestEd25519Vectors(t *testing.T) { +- jsonVectors := downloadEd25519Vectors(t) +- var vectors []struct { +- A, R, S, M string +- Flags []string +- } +- if err := json.Unmarshal(jsonVectors, &vectors); err != nil { +- t.Fatal(err) +- } +- for i, v := range vectors { +- expectedToVerify := true +- for _, f := range v.Flags { +- switch f { +- // We use the simplified verification formula that doesn't multiply +- // by the cofactor, so any low order residue will cause the +- // signature not to verify. +- // +- // This is allowed, but not required, by RFC 8032. +- case "LowOrderResidue": +- expectedToVerify = false +- // Our point decoding allows non-canonical encodings (in violation +- // of RFC 8032) but R is not decoded: instead, R is recomputed and +- // compared bytewise against the canonical encoding. +- case "NonCanonicalR": +- expectedToVerify = false +- } +- } +- +- publicKey := decodeHex(t, v.A) +- signature := append(decodeHex(t, v.R), decodeHex(t, v.S)...) +- message := []byte(v.M) +- +- didVerify := ed25519.Verify(publicKey, message, signature) +- if didVerify && !expectedToVerify { +- t.Errorf("#%d: vector with flags %s unexpectedly verified", i, v.Flags) +- } +- if !didVerify && expectedToVerify { +- t.Errorf("#%d: vector with flags %s unexpectedly rejected", i, v.Flags) +- } +- } +-} +- +-func downloadEd25519Vectors(t *testing.T) []byte { +- testenv.MustHaveExternalNetwork(t) +- +- // Download the JSON test file from the GOPROXY with `go mod download`, +- // pinning the version so test and module caching works as expected. +- goTool := testenv.GoToolPath(t) +- path := "filippo.io/mostly-harmless/ed25519vectors@v0.0.0-20210322192420-30a2d7243a94" +- cmd := exec.Command(goTool, "mod", "download", "-json", path) +- // TODO: enable the sumdb once the TryBots proxy supports it. +- cmd.Env = append(os.Environ(), "GONOSUMDB=*") +- output, err := cmd.Output() +- if err != nil { +- t.Fatalf("failed to run `go mod download -json %s`, output: %s", path, output) +- } +- var dm struct { +- Dir string // absolute path to cached source root directory +- } +- if err := json.Unmarshal(output, &dm); err != nil { +- t.Fatal(err) +- } +- +- jsonVectors, err := os.ReadFile(filepath.Join(dm.Dir, "ed25519vectors.json")) +- if err != nil { +- t.Fatalf("failed to read ed25519vectors.json: %v", err) +- } +- return jsonVectors +-} +- +-func decodeHex(t *testing.T, s string) []byte { +- t.Helper() +- b, err := hex.DecodeString(s) +- if err != nil { +- t.Errorf("invalid hex: %v", err) +- } +- return b +-} +-- +2.33.1 + diff --git a/rhbz1955035.patch b/rhbz1955035.patch new file mode 100644 index 0000000..024eafe --- /dev/null +++ b/rhbz1955035.patch @@ -0,0 +1,42 @@ +From 4ec78a579cc3c83a7d0afc7483fb3e69e2fd87a7 Mon Sep 17 00:00:00 2001 +From: "Paul E. Murphy" +Date: Tue, 27 Apr 2021 15:05:51 -0500 +Subject: [PATCH] cmd/link: disable plugin support if cgo is disabled + +Functional plugin support requires cgo to be enabled. Disable +it if the environment has disabled cgo. + +This prevents unexpected linker failures when linking large +binaries with cgo disabled which use the plugin package. + +Fixes #45564 + +Change-Id: Ib71f0e089f7373b7b3e3cd53da3612291e7bc473 +Reviewed-on: https://go-review.googlesource.com/c/go/+/314449 +Run-TryBot: Paul Murphy +Reviewed-by: Cherry Zhang +TryBot-Result: Go Bot +Trust: Lynn Boger +--- + src/cmd/link/internal/ld/lib.go | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/cmd/link/internal/ld/lib.go b/src/cmd/link/internal/ld/lib.go +index 0e77424884..f7a32aebae 100644 +--- a/src/cmd/link/internal/ld/lib.go ++++ b/src/cmd/link/internal/ld/lib.go +@@ -533,7 +533,10 @@ func (ctxt *Link) loadlib() { + // up symbol by name may not get expected result. + + iscgo = ctxt.LibraryByPkg["runtime/cgo"] != nil +- ctxt.canUsePlugins = ctxt.LibraryByPkg["plugin"] != nil ++ ++ // Plugins a require cgo support to function. Similarly, plugins may require additional ++ // internal linker support on some platforms which may not be implemented. ++ ctxt.canUsePlugins = ctxt.LibraryByPkg["plugin"] != nil && iscgo + + // We now have enough information to determine the link mode. + determineLinkMode(ctxt) +-- +2.30.2 + diff --git a/skip_test_rhbz1939923.patch b/skip_test_rhbz1939923.patch new file mode 100644 index 0000000..80302d0 --- /dev/null +++ b/skip_test_rhbz1939923.patch @@ -0,0 +1,12 @@ +diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go +index 51dda16815..2d1e1b1e6e 100644 +--- a/src/crypto/x509/x509_test.go ++++ b/src/crypto/x509/x509_test.go +@@ -2880,6 +2880,7 @@ func (bs *brokenSigner) Sign(_ io.Reader, _ []byte, _ crypto.SignerOpts) ([]byte + } + + func TestCreateCertificateBrokenSigner(t *testing.T) { ++ t.Skip("TODO Fix me: rhbz#1939923") + template := &Certificate{ + SerialNumber: big.NewInt(10), + DNSNames: []string{"example.com"}, diff --git a/sources b/sources new file mode 100644 index 0000000..a6c470e --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA1 (go1.18.2-1-openssl-fips.tar.gz) = 2982f1fe39b59089eab5469bb6b3bb9f462abe45