import CS golang-1.22.5-2.el9
This commit is contained in:
parent
83d64ef82b
commit
78edc0efd1
5
.gitignore
vendored
5
.gitignore
vendored
@ -1,2 +1,3 @@
|
||||
SOURCES/go1.21.7-1-openssl-fips.tar.gz
|
||||
SOURCES/go1.21.7.tar.gz
|
||||
SOURCES/compiler-rt-18.1.8.src.tar.xz
|
||||
SOURCES/go1.22.5-1-openssl-fips.tar.gz
|
||||
SOURCES/go1.22.5.tar.gz
|
||||
|
||||
@ -1,2 +1,3 @@
|
||||
95372ec41602b3cbe44e4697a8aee799b7fcc9b2 SOURCES/go1.21.7-1-openssl-fips.tar.gz
|
||||
1b5c56fdf9030baaa0601ca6f2cbd36ae02433d0 SOURCES/go1.21.7.tar.gz
|
||||
6ecbfa5516b60adb4e4e60f991b0d8ddf5aab12a SOURCES/compiler-rt-18.1.8.src.tar.xz
|
||||
aa46d1a360c3c9e85a2c5b75dfa927d3d4ccf016 SOURCES/go1.22.5-1-openssl-fips.tar.gz
|
||||
38de97e677498c347fb7350e40a5d61be29973f9 SOURCES/go1.22.5.tar.gz
|
||||
|
||||
@ -1,288 +0,0 @@
|
||||
diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go
|
||||
index 5f258a2..5dbbc42 100644
|
||||
--- a/src/crypto/internal/backend/nobackend.go
|
||||
+++ b/src/crypto/internal/backend/nobackend.go
|
||||
@@ -2,8 +2,8 @@
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
-//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl
|
||||
-// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
|
||||
+//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static
|
||||
+// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static
|
||||
|
||||
package backend
|
||||
|
||||
diff --git a/src/crypto/internal/boring/goboringcrypto.h b/src/crypto/internal/boring/goboringcrypto.h
|
||||
index d6d99b1..f2fe332 100644
|
||||
--- a/src/crypto/internal/boring/goboringcrypto.h
|
||||
+++ b/src/crypto/internal/boring/goboringcrypto.h
|
||||
@@ -1,4 +1,5 @@
|
||||
// Copyright 2017 The Go Authors. All rights reserved.
|
||||
+// +build !static
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
diff --git a/src/crypto/internal/boring/syso/syso.go b/src/crypto/internal/boring/syso/syso.go
|
||||
index b338754..db5ea1e 100644
|
||||
--- a/src/crypto/internal/boring/syso/syso.go
|
||||
+++ b/src/crypto/internal/boring/syso/syso.go
|
||||
@@ -2,7 +2,7 @@
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
-//go:build boringcrypto
|
||||
+//go:build boringcrypto && !static
|
||||
|
||||
// This package only exists with GOEXPERIMENT=boringcrypto.
|
||||
// It provides the actual syso file.
|
||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go
|
||||
index 079fc3c..e826d0b 100644
|
||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go
|
||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/aes.go
|
||||
@@ -2,8 +2,8 @@
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
|
||||
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
|
||||
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
|
||||
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
|
||||
|
||||
package openssl
|
||||
|
||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
|
||||
index 0b61e79..94d0c98 100644
|
||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
|
||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdh.go
|
||||
@@ -2,8 +2,8 @@
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
|
||||
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
|
||||
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
|
||||
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
|
||||
|
||||
package openssl
|
||||
|
||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go
|
||||
index afec529..d822152 100644
|
||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go
|
||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go
|
||||
@@ -2,8 +2,8 @@
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
|
||||
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
|
||||
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
|
||||
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
|
||||
|
||||
package openssl
|
||||
|
||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h b/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
|
||||
index 6d6a562..17cc314 100644
|
||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
|
||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
|
||||
@@ -1,4 +1,5 @@
|
||||
// Copyright 2017 The Go Authors. All rights reserved.
|
||||
+// +build !static
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
// +build linux
|
||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go
|
||||
index ae40b93..17bc075 100644
|
||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go
|
||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go
|
||||
@@ -2,8 +2,8 @@
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
|
||||
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
|
||||
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
|
||||
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
|
||||
|
||||
package openssl
|
||||
|
||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go
|
||||
index 6f00177..f466b18 100644
|
||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go
|
||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go
|
||||
@@ -2,8 +2,8 @@
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
|
||||
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
|
||||
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
|
||||
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
|
||||
|
||||
package openssl
|
||||
|
||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go
|
||||
index 7c0b5d6..262af07 100644
|
||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go
|
||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go
|
||||
@@ -2,8 +2,8 @@
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
-//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl
|
||||
-// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
|
||||
+//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl || static
|
||||
+// +build !linux !cgo android cmd_go_bootstrap msan no_openssl static
|
||||
|
||||
package openssl
|
||||
|
||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go
|
||||
index d49194d..ff15054 100644
|
||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go
|
||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go
|
||||
@@ -2,8 +2,8 @@
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
|
||||
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
|
||||
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
|
||||
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
|
||||
|
||||
package openssl
|
||||
|
||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c
|
||||
index 2349db1..57fbb04 100644
|
||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c
|
||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_ecdsa_signature.c
|
||||
@@ -1,4 +1,5 @@
|
||||
// +build linux
|
||||
+// +build !static
|
||||
// +build !android
|
||||
// +build !no_openssl
|
||||
// +build !cmd_go_bootstrap
|
||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
|
||||
index 4379019..5034c46 100644
|
||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
|
||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_evp.c
|
||||
@@ -1,4 +1,5 @@
|
||||
// +build linux
|
||||
+// +build !static
|
||||
// +build !android
|
||||
// +build !no_openssl
|
||||
// +build !cmd_go_bootstrap
|
||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c
|
||||
index 49d40a7..3b3dbf8 100644
|
||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c
|
||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_lock_setup.c
|
||||
@@ -1,4 +1,5 @@
|
||||
// +build linux
|
||||
+// +build !static
|
||||
// +build !android
|
||||
// +build !no_openssl
|
||||
// +build !cmd_go_bootstrap
|
||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c
|
||||
index 7eb645e..1c3225a 100644
|
||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c
|
||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_aead_gcm.c
|
||||
@@ -1,4 +1,5 @@
|
||||
// This file contains a port of the BoringSSL AEAD interface.
|
||||
+// +build !static
|
||||
// +build linux
|
||||
// +build !android
|
||||
// +build !no_openssl
|
||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c
|
||||
index df4ebe3..876393b 100644
|
||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c
|
||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_ctr128.c
|
||||
@@ -1,4 +1,5 @@
|
||||
// +build linux
|
||||
+// +build !static
|
||||
// +build !android
|
||||
// +build !no_openssl
|
||||
// +build !cmd_go_bootstrap
|
||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c
|
||||
index 2eedd5b..04510d3 100644
|
||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c
|
||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_evp_md5_sha1.c
|
||||
@@ -1,4 +1,5 @@
|
||||
// This file contains a backport of the EVP_md5_sha1 method.
|
||||
+// +build !static
|
||||
// +build linux
|
||||
// +build !android
|
||||
// +build !no_openssl
|
||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c
|
||||
index 362d9e5..bebafef 100644
|
||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c
|
||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_hmac.c
|
||||
@@ -1,4 +1,5 @@
|
||||
// This file contains HMAC portability wrappers.
|
||||
+// +build !static
|
||||
// +build linux
|
||||
// +build !android
|
||||
// +build !no_openssl
|
||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c
|
||||
index 2824147..8bc1d85 100644
|
||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c
|
||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_port_rsa.c
|
||||
@@ -1,4 +1,5 @@
|
||||
// This file contains RSA portability wrappers.
|
||||
+// +build !static
|
||||
// +build linux
|
||||
// +build !android
|
||||
// +build !no_openssl
|
||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c
|
||||
index 22bd865..b7aa26b 100644
|
||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c
|
||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl_stub_rand.c
|
||||
@@ -1,4 +1,5 @@
|
||||
// +build linux
|
||||
+// +build !static
|
||||
// +build !android
|
||||
// +build !no_openssl
|
||||
// +build !cmd_go_bootstrap
|
||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go
|
||||
index b3668b8..dcdae70 100644
|
||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go
|
||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go
|
||||
@@ -2,8 +2,8 @@
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
|
||||
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
|
||||
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
|
||||
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
|
||||
|
||||
package openssl
|
||||
|
||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
|
||||
index 915c840..8623d9d 100644
|
||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
|
||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go
|
||||
@@ -2,8 +2,8 @@
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
|
||||
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
|
||||
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
|
||||
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
|
||||
|
||||
package openssl
|
||||
|
||||
diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go
|
||||
index 0b55ced..57309c0 100644
|
||||
--- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go
|
||||
+++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go
|
||||
@@ -2,8 +2,8 @@
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
-//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl
|
||||
-// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl
|
||||
+//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl && !static
|
||||
+// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl,!static
|
||||
|
||||
package openssl
|
||||
|
||||
@ -1,13 +0,0 @@
|
||||
diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go
|
||||
index 36a20e8b2a..8c2dd1b44b 100644
|
||||
--- a/src/cmd/dist/test.go
|
||||
+++ b/src/cmd/dist/test.go
|
||||
@@ -1125,7 +1125,7 @@ func (t *tester) registerCgoTests(heading string) {
|
||||
} else {
|
||||
panic("unknown linkmode with static build: " + linkmode)
|
||||
}
|
||||
- gt.tags = append(gt.tags, "static")
|
||||
+ gt.tags = append(gt.tags, "static", "no_openssl")
|
||||
}
|
||||
gt.ldflags = strings.Join(ldflags, " ")
|
||||
|
||||
44
SOURCES/fix-standard-crypto-panic.patch
Normal file
44
SOURCES/fix-standard-crypto-panic.patch
Normal file
@ -0,0 +1,44 @@
|
||||
diff --git a/src/crypto/internal/backend/openssl.go b/src/crypto/internal/backend/openssl.go
|
||||
index 3d3a9a36ee..8dc2d46b52 100644
|
||||
--- a/src/crypto/internal/backend/openssl.go
|
||||
+++ b/src/crypto/internal/backend/openssl.go
|
||||
@@ -25,6 +25,22 @@ var enabled bool
|
||||
var knownVersions = [...]string{"3", "1.1", "11", "111", "1.0.2", "1.0.0", "10"}
|
||||
|
||||
func init() {
|
||||
+ // 0: FIPS opt-out: abort the process if it is enabled and can't be disabled.
|
||||
+ // 1: FIPS required: abort the process if it is not enabled and can't be enabled.
|
||||
+ // other values: do not override OpenSSL configured FIPS mode.
|
||||
+ var fips string
|
||||
+ if v, ok := syscall.Getenv("GOLANG_FIPS"); ok {
|
||||
+ fips = v
|
||||
+ } else if hostFIPSModeEnabled() {
|
||||
+ // System configuration can only force FIPS mode.
|
||||
+ fips = "1"
|
||||
+ }
|
||||
+
|
||||
+ // Use Go standard crypto, do not load openssl
|
||||
+ if (fips != "1") {
|
||||
+ return
|
||||
+ }
|
||||
+
|
||||
version, _ := syscall.Getenv("GO_OPENSSL_VERSION_OVERRIDE")
|
||||
if version == "" {
|
||||
var fallbackVersion string
|
||||
@@ -49,16 +65,6 @@ func init() {
|
||||
if err := openssl.Init(version); err != nil {
|
||||
panic("opensslcrypto: can't initialize OpenSSL " + version + ": " + err.Error())
|
||||
}
|
||||
- // 0: FIPS opt-out: abort the process if it is enabled and can't be disabled.
|
||||
- // 1: FIPS required: abort the process if it is not enabled and can't be enabled.
|
||||
- // other values: do not override OpenSSL configured FIPS mode.
|
||||
- var fips string
|
||||
- if v, ok := syscall.Getenv("GOLANG_FIPS"); ok {
|
||||
- fips = v
|
||||
- } else if hostFIPSModeEnabled() {
|
||||
- // System configuration can only force FIPS mode.
|
||||
- fips = "1"
|
||||
- }
|
||||
switch fips {
|
||||
case "0":
|
||||
if openssl.FIPS() {
|
||||
@ -1,22 +1,27 @@
|
||||
From eab9004c072200e58df83ab94678bda1faa7b229 Mon Sep 17 00:00:00 2001
|
||||
From d6e201910aa29262851c9274a4cd3645022d3539 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
|
||||
Date: Fri, 9 Feb 2024 20:06:16 +0100
|
||||
Subject: [PATCH] Set GOTOOLCHAIN to local
|
||||
Date: Tue, 9 Apr 2024 10:05:46 +0200
|
||||
Subject: [PATCH] Modify environment variables defaults
|
||||
|
||||
- Set GOTOOLCHAIN to local
|
||||
- Set GOAMD64 to v2
|
||||
---
|
||||
go.env | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
go.env | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/go.env b/go.env
|
||||
index 6ff2b921d4..e87f6e7b6d 100644
|
||||
index 6ff2b921d4..aadcda023b 100644
|
||||
--- a/go.env
|
||||
+++ b/go.env
|
||||
@@ -9,4 +9,4 @@ GOSUMDB=sum.golang.org
|
||||
@@ -9,4 +9,7 @@ GOSUMDB=sum.golang.org
|
||||
|
||||
# Automatically download newer toolchains as directed by go.mod files.
|
||||
# See https://go.dev/doc/toolchain for details.
|
||||
-GOTOOLCHAIN=auto
|
||||
+GOTOOLCHAIN=local
|
||||
+
|
||||
+# The AMD64 baseline for RHEL9 is v2.
|
||||
+GOAMD64=v2
|
||||
--
|
||||
2.43.0
|
||||
2.44.0
|
||||
|
||||
|
||||
27
SOURCES/skip_TestCrashDumpsAllThreads.patch
Normal file
27
SOURCES/skip_TestCrashDumpsAllThreads.patch
Normal file
@ -0,0 +1,27 @@
|
||||
From fdcaf4e6876cfd910c3da672564be4a6e829047c Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
|
||||
Date: Wed, 27 Mar 2024 17:15:48 +0100
|
||||
Subject: [PATCH] Skip TestCrashDumpsAllThreads
|
||||
|
||||
---
|
||||
src/runtime/crash_unix_test.go | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/src/runtime/crash_unix_test.go b/src/runtime/crash_unix_test.go
|
||||
index 123a462423..a0034d6455 100644
|
||||
--- a/src/runtime/crash_unix_test.go
|
||||
+++ b/src/runtime/crash_unix_test.go
|
||||
@@ -74,6 +74,10 @@ func TestCrashDumpsAllThreads(t *testing.T) {
|
||||
t.Skip("skipping; SIGQUIT is blocked, see golang.org/issue/19196")
|
||||
}
|
||||
|
||||
+ if runtime.GOOS == "linux" && runtime.GOARCH == "s390x" {
|
||||
+ t.Skip("skipping; frequent TestCrashDumpsAllThreads failures on linux/s390x, see golang.org/issue/64650")
|
||||
+ }
|
||||
+
|
||||
testenv.MustHaveGoBuild(t)
|
||||
|
||||
if strings.Contains(os.Getenv("GOFLAGS"), "mayMoreStackPreempt") {
|
||||
--
|
||||
2.44.0
|
||||
|
||||
@ -92,14 +92,17 @@
|
||||
%global gohostarch s390x
|
||||
%endif
|
||||
|
||||
%global go_api 1.21
|
||||
%global go_version 1.21.7
|
||||
%global go_api 1.22
|
||||
%global go_version 1.22.5
|
||||
%global version %{go_version}
|
||||
%global pkg_release 1
|
||||
|
||||
# LLVM compiler-rt version for race detector
|
||||
%global llvm_compiler_rt_version 18.1.8
|
||||
|
||||
Name: golang
|
||||
Version: %{version}
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: The Go Programming Language
|
||||
# source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
|
||||
License: BSD and Public Domain
|
||||
@ -114,6 +117,7 @@ Source0: https://github.com/golang/go/archive/refs/tags/go%{version}.tar.
|
||||
Source1: https://github.com/golang-fips/go/archive/refs/tags/go%{version}-%{pkg_release}-openssl-fips.tar.gz
|
||||
# make possible to override default traceback level at build time by setting build tag rpm_crashtraceback
|
||||
Source2: fedora.go
|
||||
Source3: https://github.com/llvm/llvm-project/releases/download/llvmorg-%{llvm_compiler_rt_version}/compiler-rt-%{llvm_compiler_rt_version}.src.tar.xz
|
||||
|
||||
# The compiler is written in Go. Needs go(1.4+) compiler for build.
|
||||
# Actual Go based bootstrap compiler provided by above source.
|
||||
@ -132,9 +136,14 @@ BuildRequires: openssl-devel
|
||||
# for tests
|
||||
BuildRequires: pcre-devel, glibc-static, perl
|
||||
|
||||
# Necessary for building llvm address sanitizer for Go race detector
|
||||
BuildRequires: libstdc++-devel
|
||||
BuildRequires: clang
|
||||
|
||||
Provides: go = %{version}-%{release}
|
||||
Requires: %{name}-bin = %{version}-%{release}
|
||||
Requires: %{name}-src = %{version}-%{release}
|
||||
Requires: %{name}-race = %{version}-%{release}
|
||||
Requires: openssl-devel
|
||||
Requires: diffutils
|
||||
|
||||
@ -143,11 +152,9 @@ Patch221: fix_TestScript_list_std.patch
|
||||
|
||||
Patch1939923: skip_test_rhbz1939923.patch
|
||||
|
||||
# Disables libc static linking tests which
|
||||
# are incompatible with dlopen in golang-fips
|
||||
Patch2: disable_static_tests_part1.patch
|
||||
Patch3: disable_static_tests_part2.patch
|
||||
Patch4: modify_go.env.patch
|
||||
Patch6: skip_TestCrashDumpsAllThreads.patch
|
||||
Patch7: fix-standard-crypto-panic.patch
|
||||
|
||||
# Having documentation separate was broken
|
||||
Obsoletes: %{name}-docs < 1.1-4
|
||||
@ -155,9 +162,6 @@ Obsoletes: %{name}-docs < 1.1-4
|
||||
# RPM can't handle symlink -> dir with subpackages, so merge back
|
||||
Obsoletes: %{name}-data < 1.1.1-4
|
||||
|
||||
# We don't build golang-race anymore, rhbz#2230705
|
||||
Obsoletes: golang-race < 1.20.0
|
||||
|
||||
# These are the only RHEL/Fedora architectures that we compile this package for
|
||||
ExclusiveArch: %{golang_arches}
|
||||
|
||||
@ -228,16 +232,6 @@ Summary: Golang shared object libraries
|
||||
%{summary}.
|
||||
%endif
|
||||
|
||||
%if %{race}
|
||||
%package race
|
||||
Summary: Golang std library with -race enabled
|
||||
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
|
||||
%description race
|
||||
%{summary}
|
||||
%endif
|
||||
|
||||
%package -n go-toolset
|
||||
Summary: Package that installs go-toolset
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
@ -248,15 +242,26 @@ Requires: delve
|
||||
%description -n go-toolset
|
||||
This is the main package for go-toolset.
|
||||
|
||||
|
||||
%package race
|
||||
Summary: Race detetector library object files.
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
|
||||
%description race
|
||||
Binary library objects for Go's race detector.
|
||||
|
||||
%prep
|
||||
%setup -q -n go-go%{version}
|
||||
|
||||
pushd ..
|
||||
tar -xf %{SOURCE1}
|
||||
popd
|
||||
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/000-initial-setup.patch
|
||||
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/001-initial-openssl-for-fips.patch
|
||||
patch -p1 < ../go-go%{version}-%{pkg_release}-openssl-fips/patches/002-strict-fips-runtime-detection.patch
|
||||
patch_dir="../go-go%{version}-%{pkg_release}-openssl-fips/patches"
|
||||
# Add --no-backup-if-mismatch option to avoid creating .orig temp files
|
||||
for p in "$patch_dir"/*.patch; do
|
||||
echo "Applying $p"
|
||||
patch --no-backup-if-mismatch -p1 < $p
|
||||
done
|
||||
|
||||
# Configure crypto tests
|
||||
pushd ../go-go%{version}-%{pkg_release}-openssl-fips
|
||||
@ -269,6 +274,11 @@ popd
|
||||
sed -i '1s/$/ (%{?rhel:Red Hat} %{version}-%{release})/' VERSION
|
||||
|
||||
cp %{SOURCE2} ./src/runtime/
|
||||
# Delete the bundled race detector objects.
|
||||
find ./src/runtime/race/ -name "race_*.syso" -exec rm {} \;
|
||||
|
||||
# Delete the boring binary blob. We use the system OpenSSL instead.
|
||||
rm -rf src/crypto/internal/boring/syso
|
||||
|
||||
%build
|
||||
set -xe
|
||||
@ -277,6 +287,38 @@ uname -a
|
||||
cat /proc/cpuinfo
|
||||
cat /proc/meminfo
|
||||
|
||||
# Build race detector .syso's from llvm sources
|
||||
%global tsan_buildflags %(echo %{build_cflags} | sed 's/-mtls-dialect=gnu2//')
|
||||
mkdir ../llvm
|
||||
|
||||
tar -xf %{SOURCE3} -C ../llvm
|
||||
tsan_go_dir="../llvm/compiler-rt-%{llvm_compiler_rt_version}.src/lib/tsan/go"
|
||||
|
||||
# The script uses uname -a and grep to set the GOARCH. This
|
||||
# is unreliable and can get the wrong architecture in
|
||||
# circumstances like cross-architecture emulation. We fix it
|
||||
# by just reading GOARCH directly from Go.
|
||||
export GOARCH=$(go env GOARCH)
|
||||
|
||||
%ifarch x86_64
|
||||
pushd "${tsan_go_dir}"
|
||||
CFLAGS="${tsan_buildflags}" CC=clang GOAMD64=v3 ./buildgo.sh
|
||||
popd
|
||||
cp "${tsan_go_dir}"/race_linux_amd64.syso ./src/runtime/race/internal/amd64v3/race_linux.syso
|
||||
|
||||
pushd "${tsan_go_dir}"
|
||||
CFLAGS="${tsan_buildflags}" CC=clang GOAMD64=v1 ./buildgo.sh
|
||||
popd
|
||||
cp "${tsan_go_dir}"/race_linux_amd64.syso ./src/runtime/race/internal/amd64v1/race_linux.syso
|
||||
|
||||
%else
|
||||
pushd "${tsan_go_dir}"
|
||||
CFLAGS="${tsan_buildflags}" CC=clang ./buildgo.sh
|
||||
popd
|
||||
cp "${tsan_go_dir}"/race_linux_%{gohostarch}.syso ./src/runtime/race/race_linux_%{gohostarch}.syso
|
||||
%endif
|
||||
|
||||
|
||||
# bootstrap compiler GOROOT
|
||||
%if !%{golang_bootstrap}
|
||||
export GOROOT_BOOTSTRAP=/
|
||||
@ -508,8 +550,13 @@ cd ..
|
||||
# prelink blacklist
|
||||
%{_sysconfdir}/prelink.conf.d
|
||||
|
||||
|
||||
%files -f go-src.list src
|
||||
%ifarch x86_64
|
||||
%exclude %{goroot}/src/runtime/race/internal/amd64v1/race_linux.syso
|
||||
%exclude %{goroot}/src/runtime/race/internal/amd64v3/race_linux.syso
|
||||
%else
|
||||
%exclude %{goroot}/src/runtime/race/race_linux_%{gohostarch}.syso
|
||||
%endif
|
||||
|
||||
%files -f go-docs.list docs
|
||||
|
||||
@ -528,7 +575,63 @@ cd ..
|
||||
|
||||
%files -n go-toolset
|
||||
|
||||
%files race
|
||||
%ifarch x86_64
|
||||
%{goroot}/src/runtime/race/internal/amd64v1/race_linux.syso
|
||||
%{goroot}/src/runtime/race/internal/amd64v3/race_linux.syso
|
||||
%else
|
||||
%{goroot}/src/runtime/race/race_linux_%{gohostarch}.syso
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Aug 14 2024 David Benoit <dbenoit@redhat.com> - 1.22.5-2
|
||||
- Rebuild race detector archives from LLVM sources
|
||||
- Add golang-race subpackage
|
||||
- Resolves: RHEL-33421
|
||||
- Remove unused crypto/internal/boring/syso package
|
||||
- Resolves: RHEL-54335
|
||||
|
||||
* Thu Jul 11 2024 Archana <aravinda@redhat.com> - 1.22.5-1
|
||||
- Rebase to Go1.22.5 to address CVE-2024-24791
|
||||
- Resolves: RHEL-46973
|
||||
|
||||
* Thu Jun 27 2024 David Benoit <dbenoit@redhat.com> - 1.22.4-2
|
||||
- Fix panic in standard crypto mode without openssl
|
||||
- Resolves: RHEL-45359
|
||||
|
||||
* Thu Jun 6 2024 Archana Ravindar <aravinda@redhat.com> - 1.22.4-1
|
||||
- Rebase to Go1.22.4 that includes fixes for CVE-2024-24789 and CVE-2024-24790
|
||||
- Resolves: RHEL-40156
|
||||
|
||||
* Thu May 30 2024 Derek Parker <deparker@redhat.com> - 1.22.3-3
|
||||
- Update openssl backend
|
||||
- Resolves: RHEL-36101
|
||||
|
||||
* Thu May 23 2024 Derek Parker <deparker@redhat.com> - 1.22.3-2
|
||||
- Restore HashSign / HashVerify API
|
||||
- Resolves: RHEL-35883
|
||||
|
||||
* Wed May 22 2024 Alejandro Sáez <asm@redhat.com> - 1.22.3-1
|
||||
- Rebase to 1.22.3
|
||||
- Removes re-enable-cgo.patch
|
||||
- Resolves: RHEL-35634
|
||||
- Resolves: RHEL-35883
|
||||
- Resolves: RHEL-10068
|
||||
- Resolves: RHEL-34924
|
||||
|
||||
* Thu Apr 18 2024 Derek Parker <deparker@redhat.com> - 1.22.2-1
|
||||
- Rebase to 1.22.2
|
||||
- Resolves: RHEL-28941
|
||||
|
||||
* Tue Apr 09 2024 Alejandro Sáez <asm@redhat.com> - 1.22.1-2
|
||||
- Set the AMD64 baseline to v2
|
||||
|
||||
* Tue Mar 19 2024 Alejandro Sáez <asm@redhat.com> - 1.22.1-1
|
||||
- Rebase to Go 1.22.1
|
||||
- Re-enable CGO
|
||||
- Resolves: RHEL-29527
|
||||
- Resolves: RHEL-28175
|
||||
|
||||
* Fri Feb 09 2024 Alejandro Sáez <asm@redhat.com> - 1.21.7-1
|
||||
- Rebase to Go 1.21.7
|
||||
- Set GOTOOLCHAIN to local
|
||||
|
||||
Loading…
Reference in New Issue
Block a user