Script to launch privileged container with podman
b5a0d2a45c
Toolbx doesn't seem to directly use any cryptography, but go.sum does list golang.org/x/crypto, which indicates that it's present somewhere in the dependency chain. Looking inside the vendored sources, there doesn't seem to be any actual use of golang.org/x/crypto but it's still listed in the go.sum files of some of the packages. Interestingly, github.com/godbus/dbus does use crypto/rand and crypto/sha1, and the former is a cryptographically secure random number generator [1], but note that these aren't part of golang.org/x/crypto. Anyway, it's better and easier to just rebuild the package than trying to decipher if Toolbx is affected by the FIPS-mode memory leak in the Go toolchain that affects cryptographic code. [1] https://pkg.go.dev/crypto/rand Resolves: #2060769 |
||
---|---|---|
tests | ||
.gitignore | ||
gating.yaml | ||
rpminspect.yaml | ||
sources | ||
toolbox-Add-migration-paths-for-coreos-toolbox-users.patch | ||
toolbox-Make-the-build-flags-match-RHEL-s-gobuild-for-PPC64.patch | ||
toolbox-Make-the-build-flags-match-RHEL-s-gobuild.patch | ||
toolbox.conf | ||
toolbox.spec |