go1.22-openssl/go1.22-openssl.spec

475 lines
17 KiB
RPMSpec
Raw Normal View History

#
# spec file for package go1.22-openssl
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
# Specify Go toolchain version used to bootstrap this package's Go toolchain
# go_bootstrap_version bootstrap go toolchain with specific existing go1.x package
# gcc_go_version bootstrap go toolchain with specific version of gcc-go
%if 0%{?suse_version} > 1500
# openSUSE Tumbleweed
# Usually ahead of bootstrap version specified by upstream Go
# Use Tumbleweed default gccgo and N-1 go1.x for testing
%define gcc_go_version 13
%define go_bootstrap_version go1.20
%else
# Use gccgo and go1.x specified by upstream Go
%define gcc_go_version 11
%define go_bootstrap_version go1.20
%endif
# Bootstrap go toolchain using existing go package go_bootstrap_version
# To bootstrap using gccgo use '--with gccgo'
%bcond_with gccgo
# gccgo on ppc64le with default PIE enabled fails with:
# error while loading shared libraries:
# R_PPC64_ADDR16_HA re10143fb0c for symbol `' out of range
# track https://github.com/golang/go/issues/28531
# linuxppc-dev discussion:
# "PIE binaries are no longer mapped below 4 GiB on ppc64le"
# https://lists.ozlabs.org/pipermail/linuxppc-dev/2018-November/180862.html
%ifarch ppc64le
#!BuildIgnore: gcc-PIE
%endif
# Build go-race only on platforms where C++14 is supported (SLE-15)
%if 0%{?suse_version} >= 1500 || 0%{?sle_version} >= 150000
%define tsan_arch x86_64 aarch64 s390x ppc64le
%else
# Cannot use {nil} here (ifarch doesn't like it) so just make up a fake
# architecture that no build will ever match.
%define tsan_arch openSUSE_FAKE_ARCH
%endif
# Go has precompiled versions of LLVM's compiler-rt inside their source code.
# We cannot ship pre-compiled binaries so we have to recompile said source,
# however they vendor specific commits from upstream. This value comes from
# src/runtime/race/README (and we verify that it matches in check).
#
# In order to update the TSAN version, modify _service. See boo#1052528 for
# more details.
%define tsan_commit 51bfeff0e4b0757ff773da6882f4d538996c9b04
# go_api is the major version of Go.
# Used by go1.x packages and go metapackage for:
# RPM Provides: golang(API), RPM Requires: and rpm_vercmp
# as well as derived variables such as go_label.
%define go_api 1.22
# go_label is the configurable Go toolchain directory name.
# Used for packaging multiple Go toolchains with the same go_api.
# go_label should be defined as go_api with optional suffix, e.g.
# go_api or go_api-foo
%define go_label %{go_api}-openssl
# shared library support
%if "%{rpm_vercmp %{go_api} 1.5}" > "0"
%if %{with gccgo}
%define with_shared 1
%else
%ifarch %ix86 %arm x86_64 aarch64
%define with_shared 1
%else
%define with_shared 0
%endif
%endif
%else
%define with_shared 0
%endif
%ifarch ppc64
%define with_shared 0
%endif
# setup go_arch (BSD-like scheme)
%ifarch %ix86
%define go_arch 386
%endif
%ifarch x86_64
%define go_arch amd64
# set GOAMD64 consistently
%define go_amd64 v1
%endif
%ifarch aarch64
%define go_arch arm64
%endif
%ifarch %arm
%define go_arch arm
%endif
%ifarch ppc64
%define go_arch ppc64
%endif
%ifarch ppc64le
%define go_arch ppc64le
%endif
%ifarch s390x
%define go_arch s390x
%endif
%ifarch riscv64
%define go_arch riscv64
%endif
Name: go1.22-openssl
Version: 1.22.9.1
# Drop our added final dot and digit to define upstream version
%define shortversion 1.22.9
Release: 0
Summary: Go compiler with dynamic linkage to OpenSSL libcrypto for use in FIPS mode
License: BSD-3-Clause
Group: Development/Languages/Go
URL: https://go.dev/
Source: https://go.dev/dl/go%{shortversion}.src.tar.gz
Source1: go-rpmlintrc
Source4: README.SUSE
Source6: go.gdbinit
Source10: go%{version}-openssl.src.tar.gz
# We have to compile TSAN ourselves. boo#1052528
# Preferred form when all arches share llvm race version
# Source100: llvm-%{tsan_commit}.tar.xz
Source100: llvm-51bfeff0e4b0757ff773da6882f4d538996c9b04.tar.xz
# PATCH-FIX-OPENSUSE: https://go-review.googlesource.com/c/go/+/391115
Patch7: dont-force-gold-on-arm64.patch
# PATCH-FIX-UPSTREAM marguerite@opensuse.org - find /usr/bin/go-8 when bootstrapping with gcc8-go
Patch8: gcc-go.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
# boostrap
%if %{with gccgo}
BuildRequires: gcc%{gcc_go_version}-go
%else
# no gcc-go
BuildRequires: %{go_bootstrap_version}
%endif
BuildRequires: fdupes
Suggests: %{name}-doc = %{version}
%ifarch %{tsan_arch}
# Needed to compile compiler-rt/TSAN.
BuildRequires: gcc-c++
%endif
#BNC#818502 debug edit tool of rpm fails on i586 builds
BuildRequires: rpm >= 4.11.1
Requires(post): update-alternatives
Requires(postun): update-alternatives
Requires: gcc
BuildRequires: libopenssl-devel
Requires: libopenssl-devel
Provides: go = %{version}
Provides: go-devel = go%{version}
Provides: go-devel-static = go%{version}
Provides: golang(API) = %{go_api}
Obsoletes: go-devel < go%{version}
# go-vim/emacs were separate projects starting from 1.4
Obsoletes: go-emacs <= 1.3.3
Obsoletes: go-vim <= 1.3.3
ExclusiveArch: %ix86 x86_64 %arm aarch64 ppc64 ppc64le s390x riscv64
%description
Go is an expressive, concurrent, garbage collected systems programming language
that is type safe and memory safe. It has pointers but no pointer arithmetic.
Go has fast builds, clean syntax, garbage collection, methods for any type, and
run-time reflection. It feels like a dynamic language but has the speed and
safety of a static language.
This is a modified version of the Go compiler and tools. When the host is in
FIPS mode, the Go standard library crypto packages use a new openssl backend
which dynamically links to the OpenSSL libcrypto .so.
The OpenSSL functionality is a modification of the Go upstream experimental
support for boringcrypto as dynamically linked crypto backend.
%package doc
Summary: Go documentation
Group: Documentation/Other
Provides: go-doc = %{version}
%description doc
Go examples and documentation.
%ifarch %{tsan_arch}
# boo#1052528
%package race
Summary: Go runtime race detector
Group: Development/Languages/Go
URL: https://compiler-rt.llvm.org/
Requires: %{name} = %{version}
Supplements: %{name} = %{version}
ExclusiveArch: %{tsan_arch}
%description race
Go runtime race detector libraries. Install this package if you wish to use the
-race option, in order to detect race conditions present in your Go programs.
%endif
%prep
%ifarch %{tsan_arch}
# compiler-rt (from LLVM)
%setup -q -T -b 100 -n llvm-%{tsan_commit}
%endif
# go
%setup -q -n go
# Write go version into VERSION file in go source top level directory.
# Needed for go build scripts to operate without assuming .git/ present.
echo -n "go%{version}" > %{_builddir}/go/VERSION
%patch -P 7 -p1
%if %{with gccgo}
# Currently gcc-go does not manage an update-alternatives entry and will
# never be symlinked as "go", even if gcc-go is the only installed go toolchain.
# Patch go bootstrap scripts to find hardcoded go-(gcc-go-version) e.g. go-8
# Substitute defined gcc_go_version into gcc-go.patch
sed -i "s/\$gcc_go_version/%{gcc_go_version}/" $RPM_SOURCE_DIR/gcc-go.patch
%patch -P 8 -p1
%endif
cp %{SOURCE4} .
# Apply golang-fips OpenSSL patch set to upstream go1.x sources
%setup -q -D -T -b 10 -n go
# The patchset is comprised of two large primary patches plus accumulated fixes
for file in patches/*.patch; do
if [ -f "$file" ]; then
patch -p1 <"$file"
fi
done
%build
# Remove the pre-included .sysos, to avoid shipping things we didn't compile
# (which is against the openSUSE guidelines for packaging).
# FIPS: retain boringcrypto .syso for now, not in use case for FIPS mode
# go/src/crypto/internal/boring/nboringcrypto/goboringcrypto_linux_amd64.syso
find . -type f -name '*.syso' ! -name '*boring*.syso' -print -delete
# TODO: Rebuild using
# BuildRequire: boringssl-devel
# GO_LDFLAGS pkg-config(libboringssl1) (spelling TBD)
# boringssl packages are currently present in Factory, not in SLE
# First, compile LLVM's TSAN, and replace the built-in with it. We can only do
# this for amd64.
%ifarch %{tsan_arch}
TSAN_DIR="../llvm-%{tsan_commit}/compiler-rt/lib/tsan/go"
pushd "$TSAN_DIR"
./buildgo.sh
popd
cp -v "$TSAN_DIR/race_linux_%{go_arch}.syso" src/runtime/race/
%endif
# Now, compile Go.
%if %{with gccgo}
export GOROOT_BOOTSTRAP=%{_prefix}
%else
export GOROOT_BOOTSTRAP=%{_libdir}/%{go_bootstrap_version}
%endif
# Ensure ARM arch is set properly - boo#1169832
%ifarch armv6l armv6hl
export GOARCH=arm
export GOARM=6
%endif
%ifarch armv7l armv7hl
export GOARCH=arm
export GOARM=7
%endif
%ifarch x86_64 %{?x86_64}
# use the baseline defined above. Other option is GOAMD64=v3 for x86_64_v3 support
export GOAMD64=%go_amd64
%endif
export GOROOT="`pwd`"
export GOROOT_FINAL=%{_libdir}/go/%{go_label}
export GOBIN="$GOROOT/bin"
mkdir -p "$GOBIN"
cd src
HOST_EXTRA_CFLAGS="%{optflags} -Wno-error" ./make.bash -v
cd ../
%ifarch %{tsan_arch}
# Install TSAN-friendly version of the std libraries.
bin/go install -race std
%endif
%check
%ifarch %{tsan_arch}
# Make sure that we have the right TSAN checked out.
# As of go1.20, README x86_64 race_linux.syso
# includes path prefix and omits arch in filename e.g.
# internal/amd64v1/race_linux.syso
%ifarch x86_64 %{?x86_64}
grep "^internal/amd64%{go_amd64}/race_linux.syso built with LLVM %{tsan_commit}" src/runtime/race/README
%else
grep "^race_linux_%{go_arch}.syso built with LLVM %{tsan_commit}" src/runtime/race/README
%endif
%endif
%install
export GOROOT="%{buildroot}%{_libdir}/go/%{go_label}"
# remove pre-compiled .a package archives no longer used as of go1.20
# find %{_builddir}/go/pkg -name "*.a" -type f |wc -l
# 259
# TODO isolate the build step where .a files are created and delete then
find %{_builddir}/go/pkg -name "*.a" -type f -delete
# locations for third party libraries, see README-openSUSE for info about locations.
install -d %{buildroot}%{_datadir}/go/%{go_label}/contrib
install -d $GOROOT/contrib/pkg/linux_%{go_arch}
ln -s %{_libdir}/go/%{go_label}/contrib/pkg/ %{buildroot}%{_datadir}/go/%{go_label}/contrib/pkg
install -d %{buildroot}%{_datadir}/go/%{go_label}/contrib/cmd
install -d %{buildroot}%{_datadir}/go/%{go_label}/contrib/src
ln -s %{_datadir}/go/%{go_label}/contrib/src/ %{buildroot}%{_libdir}/go/%{go_label}/contrib/src
install -Dm644 README.SUSE $GOROOT/contrib/
ln -s %{_libdir}/go/%{go_label}/contrib/README.SUSE %{buildroot}%{_datadir}/go/%{go_label}/contrib/README.SUSE
# go.env sets defaults for: GOPROXY GOSUMDB GOTOOLCHAIN
install -Dm644 go.env $GOROOT/
# Change go.env GOTOOLCHAIN default to "local" so Go app builds never
# automatically download newer toolchains as specified by go.mod files.
# When GOTOOLCHAIN is set to local, the go command always runs the bundled Go toolchain.
# See https://go.dev/doc/toolchain for details.
# The default behavior "auto":
# a) Assumes network access that is not available in OBS
# b) Downloads third-party toolchain binaries that would be used in build
# Need for "auto" is rare as openSUSE and SUSE ship go1.x versions near their release date.
# The user can override the defaults in ~/.config/go/env.
sed -i "s/GOTOOLCHAIN=auto/GOTOOLCHAIN=local/" $GOROOT/go.env
# source files for go install, godoc, etc
install -d %{buildroot}%{_datadir}/go/%{go_label}
for ext in *.{go,c,h,s,S,py,syso,bin}; do
find src -name ${ext} -exec install -Dm644 \{\} %{buildroot}%{_datadir}/go/%{go_label}/\{\} \;
done
# executable bash scripts called by go tool, etc
find src -name "*.bash" -exec install -Dm655 \{\} %{buildroot}%{_datadir}/go/%{go_label}/\{\} \;
# VERSION file referenced by go tool dist and go tool distpack
find . -name VERSION -exec install -Dm655 \{\} %{buildroot}%{_datadir}/go/%{go_label}/\{\} \;
# Trace viewer html and javascript files have moved in recent Go versions
# Prior to go1.19 misc/trace
# go1.19 to go1.21 src/cmd/trace/static
# go1.22 src/internal/trace/traceviewer/static
# Static contains pprof trace viewer html javascript and markdown
install -d %{buildroot}%{_datadir}/go/%{go_label}/src/internal/trace/traceviewer/static
install -Dm644 src/internal/trace/traceviewer/static/* %{buildroot}%{_datadir}/go/%{go_label}/src/internal/trace/traceviewer/static
# pprof viewer html templates are needed for import runtime/pprof
install -d %{buildroot}%{_datadir}/go/%{go_label}/src/cmd/vendor/github.com/google/pprof/internal/driver/html
install -Dm644 src/cmd/vendor/github.com/google/pprof/internal/driver/html/* %{buildroot}%{_datadir}/go/%{go_label}/src/cmd/vendor/github.com/google/pprof/internal/driver/html
mkdir -p $GOROOT/src
for i in $(ls %{buildroot}/usr/share/go/%{go_label}/src);do
ln -s /usr/share/go/%{go_label}/src/$i $GOROOT/src/$i
done
# add lib files that are needed (such as the timezone database).
install -d $GOROOT/lib
find lib -type f -exec install -D -m644 {} $GOROOT/{} \;
# copy document templates, packages, obj libs and command utilities
mkdir -p $GOROOT/bin
# remove bootstrap
rm -rf pkg/bootstrap
mv pkg $GOROOT
mv bin/* $GOROOT/bin
# add wasm (Web Assembly) boo#1139210
mkdir -p $GOROOT/misc/wasm
mv misc/wasm/* $GOROOT/misc/wasm
rm -f %{buildroot}%{_bindir}/{hgpatch,quietgcc}
# gdbinit
install -Dm644 %{SOURCE6} $GOROOT/bin/gdbinit.d/go.gdb
%if "%{_lib}" == "lib64"
sed -i "s/lib/lib64/" $GOROOT/bin/gdbinit.d/go.gdb
sed -i "s/\$go_label/%{go_label}/" $GOROOT/bin/gdbinit.d/go.gdb
%endif
# update-alternatives
mkdir -p %{buildroot}%{_sysconfdir}/alternatives
mkdir -p %{buildroot}%{_bindir}
mkdir -p %{buildroot}%{_sysconfdir}/profile.d
mkdir -p %{buildroot}%{_sysconfdir}/gdbinit.d
touch %{buildroot}%{_sysconfdir}/alternatives/{go,gofmt,go.gdb}
ln -sf %{_sysconfdir}/alternatives/go %{buildroot}%{_bindir}/go
ln -sf %{_sysconfdir}/alternatives/gofmt %{buildroot}%{_bindir}/gofmt
ln -sf %{_sysconfdir}/alternatives/go.gdb %{buildroot}%{_sysconfdir}/gdbinit.d/go.gdb
# documentation and examples
# fix documetation permissions (rpmlint warning)
find doc/ misc/ -type f -exec chmod 0644 '{}' +
# remove unwanted arch-dependant binaries (rpmlint warning)
rm -rf misc/cgo/test/{_*,*.o,*.out,*.6,*.8}
# prepare go-doc
mkdir -p %{buildroot}%{_docdir}/go/%{go_label}
cp -r CONTRIBUTING.md LICENSE PATENTS README.md README.OpenSSL README.SUSE %{buildroot}%{_docdir}/go/%{go_label}
cp -r doc/* %{buildroot}%{_docdir}/go/%{go_label}
%fdupes -s %{buildroot}%{_prefix}
%post
update-alternatives \
--install %{_bindir}/go go %{_libdir}/go/%{go_label}/bin/go $((21+$(echo %{go_label} | cut -d. -f2))) \
--slave %{_bindir}/gofmt gofmt %{_libdir}/go/%{go_label}/bin/gofmt \
--slave %{_sysconfdir}/gdbinit.d/go.gdb go.gdb %{_libdir}/go/%{go_label}/bin/gdbinit.d/go.gdb
%postun
if [ $1 -eq 0 ] ; then
update-alternatives --remove go %{_libdir}/go/%{go_label}/bin/go
fi
%files
%{_bindir}/go
%{_bindir}/gofmt
%dir %{_libdir}/go
%{_libdir}/go/%{go_label}
%dir %{_datadir}/go
%{_datadir}/go/%{go_label}
%dir %{_sysconfdir}/gdbinit.d/
%config %{_sysconfdir}/gdbinit.d/go.gdb
%ghost %{_sysconfdir}/alternatives/go
%ghost %{_sysconfdir}/alternatives/gofmt
%ghost %{_sysconfdir}/alternatives/go.gdb
%dir %{_docdir}/go
%dir %{_docdir}/go/%{go_label}
%doc %{_docdir}/go/%{go_label}/CONTRIBUTING.md
%doc %{_docdir}/go/%{go_label}/PATENTS
%doc %{_docdir}/go/%{go_label}/README.md
%doc %{_docdir}/go/%{go_label}/README.SUSE
%doc %{_docdir}/go/%{go_label}/README.OpenSSL
%if 0%{?suse_version} < 1500
%doc %{_docdir}/go/%{go_label}/LICENSE
%else
%license %{_docdir}/go/%{go_label}/LICENSE
%endif
# We don't include TSAN in the main Go package.
%ifarch %{tsan_arch}
%exclude %{_datadir}/go/%{go_label}/src/runtime/race/race_linux_%{go_arch}.syso
%endif
# We don't include libstd.so in the main Go package.
%if %{with_shared}
%if 0%{?suse_version} > 1500
# openSUSE Tumbleweed
# ./go/1.22/pkg/linux_amd64_dynlink/libstd.so
%exclude %{_libdir}/go/%{go_label}/pkg/linux_%{go_arch}_dynlink/libstd.so
%endif
%endif
%files doc
# SLE-12 SP5 rpm macro environment does not work with single glob {*.html,godebug.md}
%doc %{_docdir}/go/%{go_label}/*.html
%doc %{_docdir}/go/%{go_label}/godebug.md
%ifarch %{tsan_arch}
%files race
%{_datadir}/go/%{go_label}/src/runtime/race/race_linux_%{go_arch}.syso
%endif
%changelog