The Go Programming Language
Go to file
David Benoit ac2304cf1d Fix CVE-2023-45288
Resolves: RHEL-31915
2024-04-12 10:36:57 -04:00
.gitignore Fix CVE-2023-45288 2024-04-12 10:36:57 -04:00
cgo-lto-fix.patch Import rpm: ec522a5d51384d88d0ee6bcc4755dee91a61007c 2022-08-08 12:28:34 -04:00
cmd-link-use-correct-path-for-dynamic-loader-on-ppc6.patch Import rpm: ec522a5d51384d88d0ee6bcc4755dee91a61007c 2023-02-23 12:41:14 -05:00
disable_static_external_tests.patch Import rpm: ec522a5d51384d88d0ee6bcc4755dee91a61007c 2022-08-08 12:28:34 -04:00
disable_static_tests_part1.patch Import rpm: ec522a5d51384d88d0ee6bcc4755dee91a61007c 2023-02-23 12:41:14 -05:00
disable_static_tests_part2.patch - Rebase disable_static_tests_part2.patch to Go 1.21.3 2023-10-31 21:17:36 +05:30
fedora.go Import rpm: ec522a5d51384d88d0ee6bcc4755dee91a61007c 2022-08-08 12:28:34 -04:00
fix_TestScript_list_std.patch Import rpm: ec522a5d51384d88d0ee6bcc4755dee91a61007c 2022-08-08 12:28:34 -04:00
fix-memleak-setupRSA.patch - Fix CVE-2024-1394 2024-04-01 20:59:01 +05:30
fix-memory-leak-evp-sign-verify.patch Rebase to Go 1.20.3 2023-04-13 09:10:44 -04:00
gating.yaml Import rpm: ec522a5d51384d88d0ee6bcc4755dee91a61007c 2022-08-08 12:28:34 -04:00
go1.5-zoneinfo_testing_only.patch Import rpm: ec522a5d51384d88d0ee6bcc4755dee91a61007c 2022-08-08 12:28:34 -04:00
golang-gdbinit Import rpm: ec522a5d51384d88d0ee6bcc4755dee91a61007c 2022-08-08 12:28:34 -04:00
golang-prelink.conf Import rpm: ec522a5d51384d88d0ee6bcc4755dee91a61007c 2022-08-08 12:28:34 -04:00
golang.spec Fix CVE-2023-45288 2024-04-12 10:36:57 -04:00
modify_go.env.patch Rebase to Go 1.21.7 2024-02-13 21:09:23 +01:00
openssl_deprecated_algorithm_tests.patch Import rpm: ec522a5d51384d88d0ee6bcc4755dee91a61007c 2022-08-08 12:28:34 -04:00
README.md Import rpm: ec522a5d51384d88d0ee6bcc4755dee91a61007c 2022-08-08 12:28:34 -04:00
remove_ed25519vectors_test.patch Import rpm: ec522a5d51384d88d0ee6bcc4755dee91a61007c 2022-08-08 12:28:34 -04:00
rhbz1955035.patch Import rpm: ec522a5d51384d88d0ee6bcc4755dee91a61007c 2022-08-08 12:28:34 -04:00
skip_test_rhbz1939923.patch Import rpm: ec522a5d51384d88d0ee6bcc4755dee91a61007c 2023-02-23 12:41:14 -05:00
skip-test-overlong-message.patch Rebase to Go 1.21.7 2024-02-13 21:09:23 +01:00
sources Fix CVE-2023-45288 2024-04-12 10:36:57 -04:00

Golang

Introduction

This package holds the spec file and related patches for the Golang package. The golang package is part of the larger go-toolset meta package.

Sources

This particular branch provides Go 1.16.x. The sources for this branch can be found at https://pagure.io/go/tree/go1.16-openssl-fips. The reason the source is coming from a pagure fork as opposed to an upstream tarball is due to certain patches we have written and currently maintain in order to claim FIPS compliance by calling into OpenSSL. Shipping a forked version of the toolchain is not the ideal scenario, and there is work in progress with upstream to enable us to instead ship a pure upstream toolchain and include a crypto module in go-toolset which will satisfy our FIPS requirements.

The current fork is based on an upstream branch0 which uses boringcrypto1 instead of OpenSSL.

If you need to make changes to the source for a rebase or bug fix, check out the pagure repo and switch to the branch listed above. Once you have made your changes you can test them locally with ./all.bash. You may want to export GOLANG_FIPS=1 before running that if you want to verify the FIPS codepaths are correct. Please note however that the test suite does not fully expect FIPS compliance, and will attempt to test non FIPS compliant code paths. The easiest way to test your changes correctly is to create a tarball locally and execute a mockbuild using this packge, which knows how to correctly run the testsuite in both FIPS and non-FIPS modes.

NOTE: The way pagure previously handled uploaded releases has changed, and releases must be tagged in the appropriate branch, from which pagure will generate source tarballs.

Testing & building changes

The first test you should run is a local mockbuild. This can be done with the rhpkg command:

rhpkg mockbuild

Once everything builds and passes locally you'll likely want to perform a scratch build. This will ensure that the changes you made build and run correctly on all architectures that this package supports. The best way to do this is to run a scratch build from your local sources without first having to push them. This ensures your changes are correct before commiting them to the repo. This can also be done via the following rhpkg command:

rhpkg scratch-build --srpm

Once your scratch build has passed you can execute a real build:

rhpkg build

[0] https://github.com/golang/go/tree/dev.boringcrypto [1] https://opensource.google.com/projects/boringssl