17 changed files with 220 additions and 4 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,101 @@
-SOURCES/go1.24.4-1-openssl-fips.tar.gz
-SOURCES/go1.24.4.tar.gz
+/go1.8.3.src.tar.gz
+/go1.8.4.src.tar.gz
+/go1.8.5.src.tar.gz
+/go1.10.src.tar.gz
+/go1.10.2.src.tar.gz
+/dev.boringcrypto.go1.10.tar.gz
+/go1.9.7.linux-amd64.tar.gz
+/go1.9.7.linux-386.tar.gz
+/go1.9.7.linux-ppc64le.tar.gz
+/go1.9.7.linux-s390x.tar.gz
+/go1.9.7.linux-arm64.tar.gz
+/go1.10.3-openssl-1-1-fips.tar.gz
+/go1.11-openssl-1.1-fips.tar.gz
+/go1.11.5-openssl-1.1.tar.gz
+/go-go1.11.5-openssl-1.1.tar.gz
+/go1.12.1-openssl-fips.tar.gz
+/go1.12.1-3-openssl-fips.tar.gz
+/go1.12.1-4-openssl-fips.tar.gz
+/go1.12.1-8-openssl-fips.tar.gz
+/go1.12.1-9-openssl-fips.tar.gz
+/go1.12.5-1-openssl-fips.tar.gz
+/go1.12.6-1-openssl-fips.tar.gz
+/go-go-1.12.6-2-openssl-fips.tar.gz
+/go-go-1.12.6-3-openssl-fips.tar.gz
+/go-go-1.12.8-2-openssl-fips.tar.gz
+/go-go-1.13.4-1-openssl-fips.tar.gz
+/go-go-1.14.2-1-openssl-fips.tar.gz
+/go-go-1.14.4-1-openssl-fips.tar.gz
+/go-go-1.14.6-1-openssl-fips.tar.gz
+/go-go-1.14.7-1-openssl-fips.tar.gz
+/go-go-1.14.7-2-openssl-fips.tar.gz
+/go-go-1.15.0-2-openssl-fips.tar.gz
+/go-go-1.15.2-1-openssl-fips.tar.gz
+/go-go-1.15.3-1-openssl-fips.tar.gz
+/go-go-1.15.5-1-openssl-fips.tar.gz
+/go-go-1.15.7-1-openssl-fips.tar.gz
+/go-go-1.16.1-1-openssl-fips.tar.gz
+/go-go-1.16.1-2-openssl-fips.tar.gz
+/go-go-1.16.4-1-openssl-fips.tar.gz
+/go-go-1.16.5-1-openssl-fips.tar.gz
+/go-go-1.16.6-1-openssl-fips.tar.gz
+/go-go-1.16.6-3-openssl-fips.tar.gz
+/go-go-1.16.7-1-openssl-fips.tar.gz
+/go-go-1.17.2-1-openssl-fips.tar.gz
+/go-go-1.17.3-1-openssl-fips.tar.gz
+/go-go-1.17.4-1-openssl-fips.tar.gz
+/go-go-1.17.5-1-openssl-fips.tar.gz
+/go-go-1.17.7-1-openssl-fips.tar.gz
+/go1.19.1.tar.gz
+/go1.19.2.tar.gz
+/go1.19.4-1-openssl-fips.tar.gz
+/go1.19.4.tar.gz
+/go1.19.6.tar.gz
+/go1.19.6-1-openssl-fips.tar.gz
+/go1.20.3.tar.gz
+/go1.20.3-1-openssl-fips.tar.gz
+/go1.20.4.tar.gz
+/go1.20.4-3-openssl-fips.tar.gz
+/go1.20.6.tar.gz
+/go1.20.6-1-openssl-fips.tar.gz
+/go1.20.8.tar.gz
+/go1.20.8-1-openssl-fips.tar.gz
+/go1.21.3-1-openssl-fips.tar.gz
+/go1.21.3.tar.gz
+/go1.21.4.tar.gz
+/go1.21.4-1-openssl-fips.tar.gz
+/go1.21.7.tar.gz
+/go1.21.7-1-openssl-fips.tar.gz
+/go1.22.1.tar.gz
+/go1.22.1-1-openssl-fips.tar.gz
+/go1.22.1-2-openssl-fips.tar.gz
+/go1.22.2.tar.gz
+/go1.22.2-1-openssl-fips.tar.gz
+/go1.22.3.src.tar.gz
+/go1.22.3-1-openssl-fips.tar.gz
+/go1.22.3.tar.gz
+/go1.22.3-2-openssl-fips.tar.gz
+/go1.22.3-3-openssl-fips.tar.gz
+/go1.22.4.tar.gz
+/go1.22.4-1-openssl-fips.tar.gz
+/go1.22.5.tar.gz
+/go1.22.5-1-openssl-fips.tar.gz
+/51bfeff0e4b0757ff773da6882f4d538996c9b04.tar.gz
+/compiler-rt-18.1.8.src.tar.xz
+/go1.23.2.tar.gz
+/go1.23.2-2-openssl-fips.tar.gz
+/go1.23.4.tar.gz
+/go1.23.4-1-openssl-fips.tar.gz
+/go1.23.6.tar.gz
+/go1.23.6-1-openssl-fips.tar.gz
+/go1.23.9.tar.gz
+/go1.23.9-1-openssl-fips.tar.gz
+/go1.23.10.tar.gz
+/go1.23.10-1-openssl-fips.tar.gz
+/go1.24.3.tar.gz
+/go1.24.3-1-openssl-fips.tar.gz
+/go1.24.3-2-openssl-fips.tar.gz
+/go1.24.3-3-openssl-fips.tar.gz
+/go1.24.4.src.tar.gz
+/go1.24.4-1-openssl-fips.tar.gz
+/go1.24.4.tar.gz
--- a/.golang.metadata
+++ b/.golang.metadata
@ -1,2 +0,0 @@
-17f42100ea9dfb490f9e01ceb202ed77de85af58 SOURCES/go1.24.4-1-openssl-fips.tar.gz
-c47e32e36f3bc042dde60d44908c0c78039a69a4 SOURCES/go1.24.4.tar.gz
--- a/README.md
+++ b/README.md
@ -0,0 +1,65 @@
+# Golang
+
+## Introduction
+
+This package holds the spec file and related patches for the Golang package.
+The golang package is part of the larger go-toolset meta package.
+
+## Sources
+
+This particular branch provides Go 1.16.x. The sources for this branch can be
+found at https://pagure.io/go/tree/go1.16-openssl-fips. The reason the source is
+coming from a pagure fork as opposed to an upstream tarball is due to certain
+patches we have written and currently maintain in order to claim FIPS compliance
+by calling into OpenSSL. Shipping a forked version of the toolchain is not the
+ideal scenario, and there is work in progress with upstream to enable us to
+instead ship a pure upstream toolchain and include a crypto module in go-toolset
+which will satisfy our FIPS requirements.
+
+The current fork is based on an upstream branch[[0]] which uses
+boringcrypto[[1]] instead of OpenSSL.
+
+If you need to make changes to the source for a rebase or bug fix, check out the
+pagure repo and switch to the branch listed above. Once you have made your
+changes you can test them locally with `./all.bash`. You may want to export
+`GOLANG_FIPS=1` before running that if you want to verify the FIPS codepaths are
+correct. Please note however that the test suite does not fully expect FIPS
+compliance, and will attempt to test non FIPS compliant code paths. The easiest
+way to test your changes correctly is to create a tarball locally and execute a
+mockbuild using this packge, which knows how to correctly run the testsuite in
+both FIPS and non-FIPS modes.
+
+NOTE: The way pagure previously handled uploaded releases has changed, and
+releases must be tagged in the appropriate branch, from which pagure will
+generate source tarballs.
+
+## Testing & building changes
+
+The first test you should run is a local mockbuild. This can be done with the
+rhpkg command:
+
+```
+rhpkg mockbuild
+```
+
+Once everything builds and passes locally you'll likely want to perform a
+scratch build. This will ensure that the changes you made build and run
+correctly on all architectures that this package supports. The best way to do
+this is to run a scratch build from your local sources without first having to
+push them. This ensures your changes are correct before commiting them to the
+repo. This can also be done via the following rhpkg command:
+
+```
+rhpkg scratch-build --srpm
+```
+
+Once your scratch build has passed you can execute a real build:
+
+```
+rhpkg build
+```
+
+---
+
+[0] https://github.com/golang/go/tree/dev.boringcrypto 
+[1] https://opensource.google.com/projects/boringssl
--- a/SOURCES/disable_static_tests_part1.patch
+++ b/SOURCES/disable_static_tests_part1.patch
--- a/SOURCES/disable_static_tests_part2.patch
+++ b/SOURCES/disable_static_tests_part2.patch
--- a/SOURCES/fedora.go
+++ b/SOURCES/fedora.go
--- a/SOURCES/fix_TestScript_list_std.patch
+++ b/SOURCES/fix_TestScript_list_std.patch
--- a/gating.yaml
+++ b/gating.yaml
@ -0,0 +1,6 @@
+--- !Policy
+product_versions:
+  - rhel-9
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
--- a/SOURCES/golang-gdbinit
+++ b/SOURCES/golang-gdbinit
--- a/SOURCES/golang-prelink.conf
+++ b/SOURCES/golang-prelink.conf
--- a/SPECS/golang.spec
+++ b/SPECS/golang.spec
--- a/SOURCES/modify_go.env.patch
+++ b/SOURCES/modify_go.env.patch
--- a/re-enable-cgo.patch
+++ b/re-enable-cgo.patch
@ -0,0 +1,30 @@
+From 09ff18f22def1766faa746df87e57d5b68454246 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= <asm@redhat.com>
+Date: Tue, 5 Mar 2024 10:03:13 +0100
+Subject: [PATCH] Re-enable CGO in cmd/go and cmd/pprof
+
+---
+ src/cmd/dist/build.go | 7 -------
+ 1 file changed, 7 deletions(-)
+
+diff --git a/src/cmd/dist/build.go b/src/cmd/dist/build.go
+index 32e59b446a..941abdcebd 100644
+--- a/src/cmd/dist/build.go
+++ b/src/cmd/dist/build.go
+@@ -1304,13 +1304,6 @@ func timelog(op, name string) {
+ // to switch between the host and target configurations when cross-compiling.
+ func toolenv() []string {
+ 	var env []string
+-	if !mustLinkExternal(goos, goarch, false) {
+-		// Unless the platform requires external linking,
+-		// we disable cgo to get static binaries for cmd/go and cmd/pprof,
+-		// so that they work on systems without the same dynamic libraries
+-		// as the original build system.
+-		env = append(env, "CGO_ENABLED=0")
+-	}
+ 	if isRelease || os.Getenv("GO_BUILDER_NAME") != "" {
+ 		// Add -trimpath for reproducible builds of releases.
+ 		// Include builders so that -trimpath is well-tested ahead of releases.
+-- 
+2.43.2
+
--- a/skip-test-overlong-message.patch
+++ b/skip-test-overlong-message.patch
@ -0,0 +1,15 @@
+diff --git a/src/crypto/rsa/pkcs1v15_test.go b/src/crypto/rsa/pkcs1v15_test.go
+index 0853178e3a..16eb37734b 100644
+--- a/src/crypto/rsa/pkcs1v15_test.go
+++ b/src/crypto/rsa/pkcs1v15_test.go
+@@ -247,6 +247,10 @@ func TestVerifyPKCS1v15(t *testing.T) {
+ }
+ 
+ func TestOverlongMessagePKCS1v15(t *testing.T) {
+	// OpenSSL now returns a random string instead of an error
+	if boring.Enabled() {
+		t.Skip("Not relevant in boring mode")
+	}
+ 	ciphertext := decodeBase64("fjOVdirUzFoLlukv80dBllMLjXythIf22feqPrNo0YoIjzyzyoMFiLjAc/Y4krkeZ11XFThIrEvw\nkRiZcCq5ng==")
+ 	_, err := DecryptPKCS1v15(nil, rsaPrivateKey, ciphertext)
+ 	if err == nil {
--- a/SOURCES/skip_TestCrashDumpsAllThreads.patch
+++ b/SOURCES/skip_TestCrashDumpsAllThreads.patch
--- a/SOURCES/skip_test_rhbz1939923.patch
+++ b/SOURCES/skip_test_rhbz1939923.patch
--- a/3
+++ b/3
@ -0,0 +1,3 @@
+SHA512 (go1.24.4.tar.gz) = fbf4e4d2e3641b1f7616ad3641e93582b71eb67d15aaf5eeda60ab5bff2949bf91ec57b5c1fd2fee83906c1c1c5303d8e2af5f06e3de9b3e1381a25218c902c8
+SHA512 (go1.24.4-1-openssl-fips.tar.gz) = d62905d51090a99b20d294e5e23cf2c8d807e620309602364ad30379e65d13ef69ef82666be891f1743c46608a8aa1ab95121db92f38ae5a7b933d242fa7c582
+SHA512 (compiler-rt-18.1.8.src.tar.xz) = fb8795bd51c9b005c2ad1975591e9e2715740d6407ccad41379f136ef2e8d24ded8b97b01165a3ae4bd377119a6a1049ca05d3220404fc12bee86114ff2bff0d