import golang-1.17.5-1.el9

2022-02-01 12:55:25 -05:00 · 2022-02-01 12:55:25 -05:00 · a9fa186664
commit a9fa186664
parent fcc4c2ec72
5 changed files with 304 additions and 49 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/go-go-1.17.2-1-openssl-fips.tar.gz
+SOURCES/go-go-1.17.5-1-openssl-fips.tar.gz
--- a/.golang.metadata
+++ b/.golang.metadata
@ -1 +1 @@
-583ddd5dc54fa694c25b6768ad80c9fff04d2bb5 SOURCES/go-go-1.17.2-1-openssl-fips.tar.gz
+f0b72c96855f50d91288f1226a7660b97c1fdd73 SOURCES/go-go-1.17.5-1-openssl-fips.tar.gz
--- a/SOURCES/remove_ed25519vectors_test.patch
+++ b/SOURCES/remove_ed25519vectors_test.patch
@ -0,0 +1,128 @@
 From d7cad65ab9179804e9f089ce97bc124e9ef79494 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
 Date: Wed, 15 Dec 2021 16:02:15 +0100
 Subject: [PATCH] Remove ed25519vectors_test.go
 ---
 src/crypto/ed25519/ed25519vectors_test.go | 109 ----------------------
 1 file changed, 109 deletions(-)
 delete mode 100644 src/crypto/ed25519/ed25519vectors_test.go
 diff --git a/src/crypto/ed25519/ed25519vectors_test.go b/src/crypto/ed25519/ed25519vectors_test.go
 deleted file mode 100644
 index 74fcdcdf4e..0000000000
 --- a/src/crypto/ed25519/ed25519vectors_test.go
 +++ /dev/null
@@ -1,109 +0,0 @@
 -// Copyright 2021 The Go Authors. All rights reserved.
 -// Use of this source code is governed by a BSD-style
 -// license that can be found in the LICENSE file.
 -
 -package ed25519_test
 -
 -import (
 -	"crypto/ed25519"
 -	"encoding/hex"
 -	"encoding/json"
 -	"internal/testenv"
 -	"os"
 -	"os/exec"
 -	"path/filepath"
 -	"testing"
 -)
 -
 -// TestEd25519Vectors runs a very large set of test vectors that exercise all
 -// combinations of low-order points, low-order components, and non-canonical
 -// encodings. These vectors lock in unspecified and spec-divergent behaviors in
 -// edge cases that are not security relevant in most contexts, but that can
 -// cause issues in consensus applications if changed.
 -//
 -// Our behavior matches the "classic" unwritten verification rules of the
 -// "ref10" reference implementation.
 -//
 -// Note that although we test for these edge cases, they are not covered by the
 -// Go 1 Compatibility Promise. Applications that need stable verification rules
 -// should use github.com/hdevalence/ed25519consensus.
 -//
 -// See https://hdevalence.ca/blog/2020-10-04-its-25519am for more details.
 -func TestEd25519Vectors(t *testing.T) {
 -	jsonVectors := downloadEd25519Vectors(t)
 -	var vectors []struct {
 -		A, R, S, M string
 -		Flags      []string
 -	}
 -	if err := json.Unmarshal(jsonVectors, &vectors); err != nil {
 -		t.Fatal(err)
 -	}
 -	for i, v := range vectors {
 -		expectedToVerify := true
 -		for _, f := range v.Flags {
 -			switch f {
 -			// We use the simplified verification formula that doesn't multiply
 -			// by the cofactor, so any low order residue will cause the
 -			// signature not to verify.
 -			//
 -			// This is allowed, but not required, by RFC 8032.
 -			case "LowOrderResidue":
 -				expectedToVerify = false
 -			// Our point decoding allows non-canonical encodings (in violation
 -			// of RFC 8032) but R is not decoded: instead, R is recomputed and
 -			// compared bytewise against the canonical encoding.
 -			case "NonCanonicalR":
 -				expectedToVerify = false
 -			}
 -		}
 -
 -		publicKey := decodeHex(t, v.A)
 -		signature := append(decodeHex(t, v.R), decodeHex(t, v.S)...)
 -		message := []byte(v.M)
 -
 -		didVerify := ed25519.Verify(publicKey, message, signature)
 -		if didVerify && !expectedToVerify {
 -			t.Errorf("#%d: vector with flags %s unexpectedly verified", i, v.Flags)
 -		}
 -		if !didVerify && expectedToVerify {
 -			t.Errorf("#%d: vector with flags %s unexpectedly rejected", i, v.Flags)
 -		}
 -	}
 -}
 -
 -func downloadEd25519Vectors(t *testing.T) []byte {
 -	testenv.MustHaveExternalNetwork(t)
 -
 -	// Download the JSON test file from the GOPROXY with `go mod download`,
 -	// pinning the version so test and module caching works as expected.
 -	goTool := testenv.GoToolPath(t)
 -	path := "filippo.io/mostly-harmless/ed25519vectors@v0.0.0-20210322192420-30a2d7243a94"
 -	cmd := exec.Command(goTool, "mod", "download", "-json", path)
 -	// TODO: enable the sumdb once the TryBots proxy supports it.
 -	cmd.Env = append(os.Environ(), "GONOSUMDB=*")
 -	output, err := cmd.Output()
 -	if err != nil {
 -		t.Fatalf("failed to run `go mod download -json %s`, output: %s", path, output)
 -	}
 -	var dm struct {
 -		Dir string // absolute path to cached source root directory
 -	}
 -	if err := json.Unmarshal(output, &dm); err != nil {
 -		t.Fatal(err)
 -	}
 -
 -	jsonVectors, err := os.ReadFile(filepath.Join(dm.Dir, "ed25519vectors.json"))
 -	if err != nil {
 -		t.Fatalf("failed to read ed25519vectors.json: %v", err)
 -	}
 -	return jsonVectors
 -}
 -
 -func decodeHex(t *testing.T, s string) []byte {
 -	t.Helper()
 -	b, err := hex.DecodeString(s)
 -	if err != nil {
 -		t.Errorf("invalid hex: %v", err)
 -	}
 -	return b
 -}
 -- 
 2.33.1
--- a/SOURCES/remove_waitgroup_misuse_tests.patch
+++ b/SOURCES/remove_waitgroup_misuse_tests.patch
@ -0,0 +1,151 @@
 diff --git a/src/sync/waitgroup_test.go b/src/sync/waitgroup_test.go
 index c569e0faa2eb..4ded218d2d8d 100644
 --- a/src/sync/waitgroup_test.go
 +++ b/src/sync/waitgroup_test.go
@@ -5,8 +5,6 @@
 package sync_test
 import (
 -	"internal/race"
 -	"runtime"
 	. "sync"
 	"sync/atomic"
 	"testing"
@@ -48,12 +46,6 @@ func TestWaitGroup(t *testing.T) {
 	}
 }
 -func knownRacy(t *testing.T) {
 -	if race.Enabled {
 -		t.Skip("skipping known-racy test under the race detector")
 -	}
 -}
 -
 func TestWaitGroupMisuse(t *testing.T) {
 	defer func() {
 		err := recover()
@@ -68,124 +60,6 @@ func TestWaitGroupMisuse(t *testing.T) {
 	t.Fatal("Should panic")
 }
 -// pollUntilEqual blocks until v, loaded atomically, is
 -// equal to the target.
 -func pollUntilEqual(v *uint32, target uint32) {
 -	for {
 -		for i := 0; i < 1e3; i++ {
 -			if atomic.LoadUint32(v) == target {
 -				return
 -			}
 -		}
 -		// yield to avoid deadlock with the garbage collector
 -		// see issue #20072
 -		runtime.Gosched()
 -	}
 -}
 -
 -func TestWaitGroupMisuse2(t *testing.T) {
 -	knownRacy(t)
 -	if runtime.NumCPU() <= 4 {
 -		t.Skip("NumCPU<=4, skipping: this test requires parallelism")
 -	}
 -	defer func() {
 -		err := recover()
 -		if err != "sync: negative WaitGroup counter" &&
 -			err != "sync: WaitGroup misuse: Add called concurrently with Wait" &&
 -			err != "sync: WaitGroup is reused before previous Wait has returned" {
 -			t.Fatalf("Unexpected panic: %#v", err)
 -		}
 -	}()
 -	defer runtime.GOMAXPROCS(runtime.GOMAXPROCS(4))
 -	done := make(chan interface{}, 2)
 -	// The detection is opportunistic, so we want it to panic
 -	// at least in one run out of a million.
 -	for i := 0; i < 1e6; i++ {
 -		var wg WaitGroup
 -		var here uint32
 -		wg.Add(1)
 -		go func() {
 -			defer func() {
 -				done <- recover()
 -			}()
 -			atomic.AddUint32(&here, 1)
 -			pollUntilEqual(&here, 3)
 -			wg.Wait()
 -		}()
 -		go func() {
 -			defer func() {
 -				done <- recover()
 -			}()
 -			atomic.AddUint32(&here, 1)
 -			pollUntilEqual(&here, 3)
 -			wg.Add(1) // This is the bad guy.
 -			wg.Done()
 -		}()
 -		atomic.AddUint32(&here, 1)
 -		pollUntilEqual(&here, 3)
 -		wg.Done()
 -		for j := 0; j < 2; j++ {
 -			if err := <-done; err != nil {
 -				panic(err)
 -			}
 -		}
 -	}
 -	t.Fatal("Should panic")
 -}
 -
 -func TestWaitGroupMisuse3(t *testing.T) {
 -	knownRacy(t)
 -	if runtime.NumCPU() <= 1 {
 -		t.Skip("NumCPU==1, skipping: this test requires parallelism")
 -	}
 -	defer func() {
 -		err := recover()
 -		if err != "sync: negative WaitGroup counter" &&
 -			err != "sync: WaitGroup misuse: Add called concurrently with Wait" &&
 -			err != "sync: WaitGroup is reused before previous Wait has returned" {
 -			t.Fatalf("Unexpected panic: %#v", err)
 -		}
 -	}()
 -	defer runtime.GOMAXPROCS(runtime.GOMAXPROCS(4))
 -	done := make(chan interface{}, 3)
 -	// The detection is opportunistically, so we want it to panic
 -	// at least in one run out of a million.
 -	for i := 0; i < 1e6; i++ {
 -		var wg WaitGroup
 -		wg.Add(1)
 -		go func() {
 -			defer func() {
 -				done <- recover()
 -			}()
 -			wg.Done()
 -		}()
 -		go func() {
 -			defer func() {
 -				done <- recover()
 -			}()
 -			wg.Wait()
 -			// Start reusing the wg before waiting for the Wait below to return.
 -			wg.Add(1)
 -			go func() {
 -				wg.Done()
 -			}()
 -			wg.Wait()
 -		}()
 -		go func() {
 -			defer func() {
 -				done <- recover()
 -			}()
 -			wg.Wait()
 -		}()
 -		for j := 0; j < 3; j++ {
 -			if err := <-done; err != nil {
 -				panic(err)
 -			}
 -		}
 -	}
 -	t.Fatal("Should panic")
 -}
 -
 func TestWaitGroupRace(t *testing.T) {
 	// Run this test for about 1ms.
 	for i := 0; i < 1000; i++ {
--- a/SPECS/golang.spec
+++ b/SPECS/golang.spec
@ -96,7 +96,7 @@
 %endif
 %global go_api 1.17
-%global go_version 1.17.2
+%global go_version 1.17.5
 %global pkg_release 1
 Name:           golang
@ -147,6 +147,9 @@ Patch221:       fix_TestScript_list_std.patch
 # Port to openssl 3.0
 Patch1952381:   rhbz1952381.patch
 Patch222: remove_waitgroup_misuse_tests.patch
 Patch223: remove_ed25519vectors_test.patch
 # Having documentation separate was broken
 Obsoletes:      %{name}-docs < 1.1-4
@ -242,6 +245,10 @@ Requires:       %{name} = %{version}-%{release}
 %patch1952381 -p1
 %patch222 -p1
 %patch223 -p1
 cp %{SOURCE1} ./src/runtime/
 %build
@ -440,61 +447,19 @@ export GO_TEST_RUN=""
 %if %{fail_on_tests}
 TEST_BORING_CONFIGS=`mktemp -d`
 TEST_BORING_CNF=$TEST_BORING_CONFIGS/openssl-boring.cnf
 TEST_BORING_FIPS_CNF=$TEST_BORING_CONFIGS/fipsmodule.cnf
 trap "rm -rf $TEST_BORING_CONFIGS" EXIT
 cp /etc/pki/tls/openssl.cnf $TEST_BORING_CNF
 openssl fipsinstall -module /usr/lib64/ossl-modules/fips.so -out $TEST_BORING_FIPS_CNF
 cat > $TEST_BORING_CNF << EOM
 openssl_conf = openssl_test
 [openssl_test]
 providers = provider_test
 alg_section = algorithm_test
 ssl_conf = ssl_module
 [algorithm_test]
 default_properties = fips=yes
 [provider_test]
 default = default_sect
 # The fips section name should match the section name inside the
 # included fipsmodule.cnf.
 fips = fips_sect
 .include $TEST_BORING_FIPS_CNF
 [default_sect]
 activate = 1
 [ ssl_module ]
 system_default = crypto_policy
 [ crypto_policy ]
 .include = /etc/crypto-policies/back-ends/opensslcnf.config
 [ new_oids ]
 EOM
 ./run.bash --no-rebuild -v -v -v -k $GO_TEST_RUN
-export OPENSSL_CONF=$TEST_BORING_CNF
+export OPENSSL_FORCE_FIPS_MODE=1
 # Run tests with FIPS enabled.
 export DISABLE_Ed25519_TEST="-run=!^TestEd25519Vectors$"
 pushd crypto
  # Run all crypto tests but skip TLS, we will run FIPS specific TLS tests later
-  GOLANG_FIPS=1 go test $(go list ./... | grep -v tls) -v $DISABLE_Ed25519_TEST
+  GOLANG_FIPS=1 go test $(go list ./... | grep -v tls) -v
  # Check that signature functions have parity between boring and notboring
-  CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v $DISABLE_Ed25519_TEST
+  CGO_ENABLED=0 go test $(go list ./... | grep -v tls) -v
 popd
 # Run all FIPS specific TLS tests
 pushd crypto/tls
-  GOLANG_FIPS=1 go test -v -run "Boring" $DISABLE_Ed25519_TEST
+  GOLANG_FIPS=1 go test -v -run "Boring"
 popd
 %else
 ./run.bash --no-rebuild -v -v -v -k || :
@ -557,6 +522,17 @@ cd ..
 %endif
 %changelog
 * Mon Dec 13 2021 Alejandro Sáez <asm@redhat.com> - 1.17.5-1
 - Rebase to Go 1.17.5
 - Add remove_waitgroup_misuse_tests patch
 - Add remove_ed25519vectors_test.patch
 - Remove FIPS checks to avoid issues in the CI
 - Related: rhbz#2031116
 - Resolves: rhbz#2022829
 - Resolves: rhbz#2024687
 - Resolves: rhbz#2030851
 - Resolves: rhbz#2031253
 * Wed Nov 03 2021 Alejandro Sáez <asm@redhat.com> - 1.17.2-1
 - Rebase to Go 1.17.2
 - Related: rhbz#2014087
`@ -1 +1 @@`
	`SOURCES/go-go-1.17.2-1-openssl-fips.tar.gz`	`SOURCES/go-go-1.17.5-1-openssl-fips.tar.gz`
`@ -1 +1 @@`
	`583ddd5dc54fa694c25b6768ad80c9fff04d2bb5 SOURCES/go-go-1.17.2-1-openssl-fips.tar.gz`	`f0b72c96855f50d91288f1226a7660b97c1fdd73 SOURCES/go-go-1.17.5-1-openssl-fips.tar.gz`