Port to OpenSSL 3.0
Resolves: rhbz#1952381
This commit is contained in:
parent
b7c185ab01
commit
8a80e27879
64
golang.spec
64
golang.spec
@ -101,7 +101,7 @@
|
||||
|
||||
Name: golang
|
||||
Version: %{go_version}
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: The Go Programming Language
|
||||
# source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain
|
||||
License: BSD and Public Domain
|
||||
@ -124,6 +124,10 @@ BuildRequires: net-tools
|
||||
%endif
|
||||
# For OpenSSL FIPS
|
||||
BuildRequires: openssl-devel
|
||||
|
||||
# For openssl-fipsinstall
|
||||
BuildRequires: openssl
|
||||
|
||||
# for tests
|
||||
BuildRequires: pcre-devel, glibc-static, perl
|
||||
|
||||
@ -155,6 +159,9 @@ Patch1957961: rhbz1957961.patch
|
||||
# https://go-review.googlesource.com/c/go/+/314449/
|
||||
Patch1955035: rhbz1955035.patch
|
||||
|
||||
# Port to openssl 3.0
|
||||
Patch1952381: rhbz1952381.patch
|
||||
|
||||
# Having documentation separate was broken
|
||||
Obsoletes: %{name}-docs < 1.1-4
|
||||
|
||||
@ -250,6 +257,8 @@ Requires: %{name} = %{version}-%{release}
|
||||
|
||||
%patch223 -p1
|
||||
|
||||
%patch1952381 -p1
|
||||
|
||||
%patch1939923 -p1
|
||||
|
||||
%patch1957961 -p1
|
||||
@ -453,19 +462,60 @@ export GO_TEST_RUN=""
|
||||
|
||||
%if %{fail_on_tests}
|
||||
|
||||
TEST_BORING_CONFIGS=`mktemp -d`
|
||||
TEST_BORING_CNF=$TEST_BORING_CONFIGS/openssl-boring.cnf
|
||||
TEST_BORING_FIPS_CNF=$TEST_BORING_CONFIGS/fipsmodule.cnf
|
||||
trap "rm -rf $TEST_BORING_CONFIGS" EXIT
|
||||
|
||||
cp /etc/pki/tls/openssl.cnf $TEST_BORING_CNF
|
||||
openssl fipsinstall -module /usr/lib64/ossl-modules/fips.so -out $TEST_BORING_FIPS_CNF
|
||||
|
||||
cat > $TEST_BORING_CNF << EOM
|
||||
openssl_conf = openssl_test
|
||||
|
||||
[openssl_test]
|
||||
providers = provider_test
|
||||
alg_section = algorithm_test
|
||||
ssl_conf = ssl_module
|
||||
|
||||
[algorithm_test]
|
||||
default_properties = fips=yes
|
||||
|
||||
[provider_test]
|
||||
default = default_sect
|
||||
# The fips section name should match the section name inside the
|
||||
# included fipsmodule.cnf.
|
||||
fips = fips_sect
|
||||
.include $TEST_BORING_FIPS_CNF
|
||||
|
||||
[default_sect]
|
||||
activate = 1
|
||||
|
||||
[ ssl_module ]
|
||||
|
||||
system_default = crypto_policy
|
||||
|
||||
[ crypto_policy ]
|
||||
|
||||
.include = /etc/crypto-policies/back-ends/opensslcnf.config
|
||||
|
||||
[ new_oids ]
|
||||
|
||||
EOM
|
||||
|
||||
./run.bash --no-rebuild -v -v -v -k $GO_TEST_RUN
|
||||
|
||||
export OPENSSL_CONF=$TEST_BORING_CNF
|
||||
# Run tests with FIPS enabled.
|
||||
export GOLANG_FIPS=1
|
||||
pushd crypto
|
||||
# Run all crypto tests but skip TLS, we will run FIPS specific TLS tests later
|
||||
go test $(go list ./... | grep -v tls) -v
|
||||
GOLANG_FIPS=1 go test $(go list ./... | grep -v tls) -v
|
||||
# Check that signature functions have parity between boring and notboring
|
||||
CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v
|
||||
popd
|
||||
# Run all FIPS specific TLS tests
|
||||
pushd crypto/tls
|
||||
go test -v -run "Boring"
|
||||
GOLANG_FIPS=1 go test -v -run "Boring"
|
||||
popd
|
||||
%else
|
||||
./run.bash --no-rebuild -v -v -v -k || :
|
||||
@ -528,7 +578,11 @@ cd ..
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri May 14 2021 Alejandro Sáez <asm@redhat.com> - 1.16.1-4
|
||||
* Fri May 28 2021 David Benoit <dbenoit@redhat.com> - 1.16.4-2
|
||||
- Port to OpenSSL 3.0
|
||||
- Resolves: rhbz#1952381
|
||||
|
||||
* Fri May 14 2021 Alejandro Sáez <asm@redhat.com> - 1.16.4-1
|
||||
- Rebase to 1.16.4
|
||||
- Resolves: rhbz#1955035
|
||||
- Resolves: rhbz#1957961
|
||||
|
1099
rhbz1952381.patch
Normal file
1099
rhbz1952381.patch
Normal file
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user