Script to launch privileged container with podman
Go to file
Debarshi Ray b5a0d2a45c Rebuild for FIPS-mode memory leak in the Go toolchain
Toolbx doesn't seem to directly use any cryptography, but go.sum does
list golang.org/x/crypto, which indicates that it's present somewhere
in the dependency chain.

Looking inside the vendored sources, there doesn't seem to be any
actual use of golang.org/x/crypto but it's still listed in the go.sum
files of some of the packages.

Interestingly, github.com/godbus/dbus does use crypto/rand and
crypto/sha1, and the former is a cryptographically secure random number
generator [1], but note that these aren't part of golang.org/x/crypto.

Anyway, it's better and easier to just rebuild the package than trying
to decipher if Toolbx is affected by the FIPS-mode memory leak in the
Go toolchain that affects cryptographic code.

[1] https://pkg.go.dev/crypto/rand

Resolves: #2060769
2022-05-16 23:22:39 +02:00
tests tests: Fix the tag of the default image 2021-12-16 23:46:53 +01:00
.gitignore toolbox-0.0.99.2-2.el9 2021-07-05 13:14:16 +02:00
gating.yaml Added missing gating tests files and patch for tests 2021-09-03 17:42:09 +01:00
rpminspect.yaml rpminspec: rhel-policy -> hardened 2022-02-09 16:02:50 +01:00
sources Update to 0.0.99.3 2021-12-10 14:29:33 +01:00
toolbox-Add-migration-paths-for-coreos-toolbox-users.patch Update to 0.0.99.3 2021-12-10 14:29:33 +01:00
toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch Update to 0.0.99.3 2021-12-10 14:29:33 +01:00
toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch Update to 0.0.99.3 2021-12-10 14:29:33 +01:00
toolbox.conf Use the Toolbox-specific UBI image for RHEL 9 2021-09-22 15:20:48 +02:00
toolbox.spec Rebuild for FIPS-mode memory leak in the Go toolchain 2022-05-16 23:22:39 +02:00