17 changed files with 157 additions and 4 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,39 @@
-SOURCES/go1.23.9-1-openssl-fips.tar.gz
-SOURCES/go1.23.9.tar.gz
+SOURCES/go1.19.4-1-openssl-fips.tar.gz
+SOURCES/go1.19.4.tar.gz
+/go1.19.4-1-openssl-fips.tar.gz
+/go1.19.4.tar.gz
+/go1.19.6-1-openssl-fips.tar.gz
+/go1.19.6.tar.gz
+/go1.20.3.tar.gz
+/go1.20.3-1-openssl-fips.tar.gz
+/go1.20.4.tar.gz
+/go1.20.4-3-openssl-fips.tar.gz
+/go1.20.6.tar.gz
+/go1.20.6-1-openssl-fips.tar.gz
+/go1.21.3-1-openssl-fips.tar.gz
+/go1.21.3.tar.gz
+/go1.21.7.tar.gz
+/go1.21.7-1-openssl-fips.tar.gz
+/go1.22.2.tar.gz
+/go1.22.2-1-openssl-fips.tar.gz
+/go1.22.3-1-openssl-fips.tar.gz
+/go1.22.3.tar.gz
+/go1.22.3-2-openssl-fips.tar.gz
+/go1.22.3.src.tar.gz
+/go1.22.3-3-openssl-fips.tar.gz
+/go1.22.4.tar.gz
+/go1.22.4-1-openssl-fips.tar.gz
+/go1.22.5.tar.gz
+/go1.22.5-1-openssl-fips.tar.gz
+/go1.22.5-2-openssl-fips.tar.gz
+/go1.22.5-3-openssl-fips.tar.gz
+/go1.22.7.tar.gz
+/go1.22.7-1-openssl-fips.tar.gz
+/go1.22.9.tar.gz
+/go1.22.9-1-openssl-fips.tar.gz
+/go1.22.11.tar.gz
+/go1.22.11-1-openssl-fips.tar.gz
+/go1.23.6.tar.gz
+/go1.23.6-1-openssl-fips.tar.gz
+/go1.23.9.tar.gz
+/go1.23.9-1-openssl-fips.tar.gz
--- a/.golang.metadata
+++ b/.golang.metadata
@ -1,2 +0,0 @@
-f88e1a017f8abb82764e1340b858268b8beca1d8 SOURCES/go1.23.9-1-openssl-fips.tar.gz
-ac7c4463e6f0e61fceb6c4e73d7c7d9da61d6a5d SOURCES/go1.23.9.tar.gz
--- a/README.md
+++ b/README.md
@ -0,0 +1,65 @@
+# Golang
+
+## Introduction
+
+This package holds the spec file and related patches for the Golang package.
+The golang package is part of the larger go-toolset meta package.
+
+## Sources
+
+This particular branch provides Go 1.16.x. The sources for this branch can be
+found at https://pagure.io/go/tree/go1.16-openssl-fips. The reason the source is
+coming from a pagure fork as opposed to an upstream tarball is due to certain
+patches we have written and currently maintain in order to claim FIPS compliance
+by calling into OpenSSL. Shipping a forked version of the toolchain is not the
+ideal scenario, and there is work in progress with upstream to enable us to
+instead ship a pure upstream toolchain and include a crypto module in go-toolset
+which will satisfy our FIPS requirements.
+
+The current fork is based on an upstream branch[[0]] which uses
+boringcrypto[[1]] instead of OpenSSL.
+
+If you need to make changes to the source for a rebase or bug fix, check out the
+pagure repo and switch to the branch listed above. Once you have made your
+changes you can test them locally with `./all.bash`. You may want to export
+`GOLANG_FIPS=1` before running that if you want to verify the FIPS codepaths are
+correct. Please note however that the test suite does not fully expect FIPS
+compliance, and will attempt to test non FIPS compliant code paths. The easiest
+way to test your changes correctly is to create a tarball locally and execute a
+mockbuild using this packge, which knows how to correctly run the testsuite in
+both FIPS and non-FIPS modes.
+
+NOTE: The way pagure previously handled uploaded releases has changed, and
+releases must be tagged in the appropriate branch, from which pagure will
+generate source tarballs.
+
+## Testing & building changes
+
+The first test you should run is a local mockbuild. This can be done with the
+rhpkg command:
+
+```
+rhpkg mockbuild
+```
+
+Once everything builds and passes locally you'll likely want to perform a
+scratch build. This will ensure that the changes you made build and run
+correctly on all architectures that this package supports. The best way to do
+this is to run a scratch build from your local sources without first having to
+push them. This ensures your changes are correct before commiting them to the
+repo. This can also be done via the following rhpkg command:
+
+```
+rhpkg scratch-build --srpm
+```
+
+Once your scratch build has passed you can execute a real build:
+
+```
+rhpkg build
+```
+
+---
+
+[0] https://github.com/golang/go/tree/dev.boringcrypto 
+[1] https://opensource.google.com/projects/boringssl
--- a/SOURCES/disable_static_tests_part1.patch
+++ b/SOURCES/disable_static_tests_part1.patch
--- a/SOURCES/disable_static_tests_part2.patch
+++ b/SOURCES/disable_static_tests_part2.patch
--- a/SOURCES/fedora.go
+++ b/SOURCES/fedora.go
--- a/SOURCES/fix_TestScript_list_std.patch
+++ b/SOURCES/fix_TestScript_list_std.patch
--- a/gating.yaml
+++ b/gating.yaml
@ -0,0 +1,6 @@
+--- !Policy
+product_versions:
+  - rhel-9
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
--- a/SOURCES/golang-gdbinit
+++ b/SOURCES/golang-gdbinit
--- a/SOURCES/golang-prelink.conf
+++ b/SOURCES/golang-prelink.conf
--- a/SPECS/golang.spec
+++ b/SPECS/golang.spec
--- a/SOURCES/modify_go.env.patch
+++ b/SOURCES/modify_go.env.patch
--- a/re-enable-cgo.patch
+++ b/re-enable-cgo.patch
@ -0,0 +1,30 @@
+From 09ff18f22def1766faa746df87e57d5b68454246 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
+Date: Tue, 5 Mar 2024 10:03:13 +0100
+Subject: [PATCH] Re-enable CGO in cmd/go and cmd/pprof
+
+---
+ src/cmd/dist/build.go | 7 -------
+ 1 file changed, 7 deletions(-)
+
+diff --git a/src/cmd/dist/build.go b/src/cmd/dist/build.go
+index 32e59b446a..941abdcebd 100644
+--- a/src/cmd/dist/build.go
+++ b/src/cmd/dist/build.go
+@@ -1304,13 +1304,6 @@ func timelog(op, name string) {
+ // to switch between the host and target configurations when cross-compiling.
+ func toolenv() []string {
+ 	var env []string
+-	if !mustLinkExternal(goos, goarch, false) {
+-		// Unless the platform requires external linking,
+-		// we disable cgo to get static binaries for cmd/go and cmd/pprof,
+-		// so that they work on systems without the same dynamic libraries
+-		// as the original build system.
+-		env = append(env, "CGO_ENABLED=0")
+-	}
+ 	if isRelease || os.Getenv("GO_BUILDER_NAME") != "" {
+ 		// Add -trimpath for reproducible builds of releases.
+ 		// Include builders so that -trimpath is well-tested ahead of releases.
+-- 
+2.43.2
+
--- a/skip-test-overlong-message.patch
+++ b/skip-test-overlong-message.patch
@ -0,0 +1,15 @@
+diff --git a/src/crypto/rsa/pkcs1v15_test.go b/src/crypto/rsa/pkcs1v15_test.go
+index 0853178e3a..16eb37734b 100644
+--- a/src/crypto/rsa/pkcs1v15_test.go
+++ b/src/crypto/rsa/pkcs1v15_test.go
+@@ -247,6 +247,10 @@ func TestVerifyPKCS1v15(t *testing.T) {
+ }
+ 
+ func TestOverlongMessagePKCS1v15(t *testing.T) {
+	// OpenSSL now returns a random string instead of an error
+	if boring.Enabled() {
+		t.Skip("Not relevant in boring mode")
+	}
+ 	ciphertext := decodeBase64("fjOVdirUzFoLlukv80dBllMLjXythIf22feqPrNo0YoIjzyzyoMFiLjAc/Y4krkeZ11XFThIrEvw\nkRiZcCq5ng==")
+ 	_, err := DecryptPKCS1v15(nil, rsaPrivateKey, ciphertext)
+ 	if err == nil {
--- a/SOURCES/skip_TestCrashDumpsAllThreads.patch
+++ b/SOURCES/skip_TestCrashDumpsAllThreads.patch
--- a/SOURCES/skip_test_rhbz1939923.patch
+++ b/SOURCES/skip_test_rhbz1939923.patch
--- a/2
+++ b/2
@ -0,0 +1,2 @@
+SHA512 (go1.23.9-1-openssl-fips.tar.gz) = 6c8713bcdffa7d6a53d99d0ffcaa5936da25ac6d6254d92f7e93cf1ca8b2d235eaea74f1c732638ddabde1ace8fcf3e337629bc52e750712b0032633dc0a5c24
+SHA512 (go1.23.9.tar.gz) = 1ff4cd59f08f7090f9d7f70c18645574f31b72ac75b5a3277e88f4eea83b2554a0f59150b3e4876f4920db39e2f471f64de8adc56f5cfb931a1808d49800f4d4