478 lines
17 KiB
RPMSpec
478 lines
17 KiB
RPMSpec
#
|
|
# spec file for package go1.23-openssl
|
|
#
|
|
# Copyright (c) 2024 SUSE LLC
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
# Specify Go toolchain version used to bootstrap this package's Go toolchain
|
|
# go_bootstrap_version bootstrap go toolchain with specific existing go1.x package
|
|
# gcc_go_version bootstrap go toolchain with specific version of gcc-go
|
|
%if 0%{?suse_version} > 1500
|
|
# openSUSE Tumbleweed
|
|
# Usually ahead of bootstrap version specified by upstream Go
|
|
# Use Tumbleweed default gccgo and N-1 go1.x for testing
|
|
%define gcc_go_version 13
|
|
%define go_bootstrap_version go1.20
|
|
%else
|
|
# Use gccgo and go1.x specified by upstream Go
|
|
%define gcc_go_version 11
|
|
%define go_bootstrap_version go1.20
|
|
%endif
|
|
|
|
# Bootstrap go toolchain using existing go package go_bootstrap_version
|
|
# To bootstrap using gccgo use '--with gccgo'
|
|
%bcond_with gccgo
|
|
|
|
# gccgo on ppc64le with default PIE enabled fails with:
|
|
# error while loading shared libraries:
|
|
# R_PPC64_ADDR16_HA re10143fb0c for symbol `' out of range
|
|
# track https://github.com/golang/go/issues/28531
|
|
# linuxppc-dev discussion:
|
|
# "PIE binaries are no longer mapped below 4 GiB on ppc64le"
|
|
# https://lists.ozlabs.org/pipermail/linuxppc-dev/2018-November/180862.html
|
|
%ifarch ppc64le
|
|
#!BuildIgnore: gcc-PIE
|
|
%endif
|
|
|
|
# Build go-race only on platforms where C++14 is supported (SLE-15)
|
|
%if 0%{?suse_version} >= 1500 || 0%{?sle_version} >= 150000
|
|
%define tsan_arch x86_64 aarch64 s390x ppc64le
|
|
%else
|
|
# Cannot use {nil} here (ifarch doesn't like it) so just make up a fake
|
|
# architecture that no build will ever match.
|
|
%define tsan_arch openSUSE_FAKE_ARCH
|
|
%endif
|
|
|
|
# Go has precompiled versions of LLVM's compiler-rt inside their source code.
|
|
# We cannot ship pre-compiled binaries so we have to recompile said source,
|
|
# however they vendor specific commits from upstream. This value comes from
|
|
# src/runtime/race/README (and we verify that it matches in check).
|
|
#
|
|
# In order to update the TSAN version, modify _service. See boo#1052528 for
|
|
# more details.
|
|
%define tsan_commit 51bfeff0e4b0757ff773da6882f4d538996c9b04
|
|
|
|
# go_api is the major version of Go.
|
|
# Used by go1.x packages and go metapackage for:
|
|
# RPM Provides: golang(API), RPM Requires: and rpm_vercmp
|
|
# as well as derived variables such as go_label.
|
|
%define go_api 1.23
|
|
|
|
# go_label is the configurable Go toolchain directory name.
|
|
# Used for packaging multiple Go toolchains with the same go_api.
|
|
# go_label should be defined as go_api with optional suffix, e.g.
|
|
# go_api or go_api-foo
|
|
%define go_label %{go_api}-openssl
|
|
|
|
# shared library support
|
|
%if "%{rpm_vercmp %{go_api} 1.5}" > "0"
|
|
%if %{with gccgo}
|
|
%define with_shared 1
|
|
%else
|
|
%ifarch %ix86 %arm x86_64 aarch64
|
|
%define with_shared 1
|
|
%else
|
|
%define with_shared 0
|
|
%endif
|
|
%endif
|
|
%else
|
|
%define with_shared 0
|
|
%endif
|
|
%ifarch ppc64
|
|
%define with_shared 0
|
|
%endif
|
|
# setup go_arch (BSD-like scheme)
|
|
%ifarch %ix86
|
|
%define go_arch 386
|
|
%endif
|
|
%ifarch x86_64
|
|
%define go_arch amd64
|
|
# set GOAMD64 consistently
|
|
%define go_amd64 v1
|
|
%endif
|
|
%ifarch aarch64
|
|
%define go_arch arm64
|
|
%endif
|
|
%ifarch %arm
|
|
%define go_arch arm
|
|
%endif
|
|
%ifarch ppc64
|
|
%define go_arch ppc64
|
|
%endif
|
|
%ifarch ppc64le
|
|
%define go_arch ppc64le
|
|
%endif
|
|
%ifarch s390x
|
|
%define go_arch s390x
|
|
%endif
|
|
%ifarch riscv64
|
|
%define go_arch riscv64
|
|
%endif
|
|
|
|
Name: go1.23-openssl
|
|
Version: 1.23.2.2
|
|
# Drop our added final dot and digit to define upstream version
|
|
%define shortversion 1.23.2
|
|
Release: 0
|
|
Summary: Go compiler with dynamic linkage to OpenSSL libcrypto for use in FIPS mode
|
|
License: BSD-3-Clause
|
|
Group: Development/Languages/Go
|
|
URL: https://go.dev/
|
|
Source: https://go.dev/dl/go%{shortversion}.src.tar.gz
|
|
Source1: go-rpmlintrc
|
|
Source4: README.SUSE
|
|
Source6: go.gdbinit
|
|
Source10: go%{version}-openssl.src.tar.gz
|
|
# We have to compile TSAN ourselves. boo#1052528
|
|
# Preferred form when all arches share llvm race version
|
|
# Source100: llvm-%{tsan_commit}.tar.xz
|
|
Source100: llvm-51bfeff0e4b0757ff773da6882f4d538996c9b04.tar.xz
|
|
# PATCH-FIX-OPENSUSE: https://go-review.googlesource.com/c/go/+/391115
|
|
Patch7: dont-force-gold-on-arm64.patch
|
|
# PATCH-FIX-UPSTREAM marguerite@opensuse.org - find /usr/bin/go-8 when bootstrapping with gcc8-go
|
|
Patch8: gcc-go.patch
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
# boostrap
|
|
%if %{with gccgo}
|
|
BuildRequires: gcc%{gcc_go_version}-go
|
|
%else
|
|
# no gcc-go
|
|
BuildRequires: %{go_bootstrap_version}
|
|
%endif
|
|
BuildRequires: fdupes
|
|
Suggests: %{name}-doc = %{version}
|
|
%ifarch %{tsan_arch}
|
|
# Needed to compile compiler-rt/TSAN.
|
|
BuildRequires: gcc-c++
|
|
%endif
|
|
#BNC#818502 debug edit tool of rpm fails on i586 builds
|
|
BuildRequires: rpm >= 4.11.1
|
|
Requires(post): update-alternatives
|
|
Requires(postun): update-alternatives
|
|
Requires: gcc
|
|
BuildRequires: libopenssl-devel
|
|
Requires: libopenssl-devel
|
|
Provides: go = %{version}
|
|
Provides: go-devel = go%{version}
|
|
Provides: go-devel-static = go%{version}
|
|
Provides: golang(API) = %{go_api}
|
|
Obsoletes: go-devel < go%{version}
|
|
# go-vim/emacs were separate projects starting from 1.4
|
|
Obsoletes: go-emacs <= 1.3.3
|
|
Obsoletes: go-vim <= 1.3.3
|
|
ExclusiveArch: %ix86 x86_64 %arm aarch64 ppc64 ppc64le s390x riscv64 loongarch64
|
|
|
|
%description
|
|
Go is an expressive, concurrent, garbage collected systems programming language
|
|
that is type safe and memory safe. It has pointers but no pointer arithmetic.
|
|
Go has fast builds, clean syntax, garbage collection, methods for any type, and
|
|
run-time reflection. It feels like a dynamic language but has the speed and
|
|
safety of a static language.
|
|
|
|
This is a modified version of the Go compiler and tools. When the host is in
|
|
FIPS mode, the Go standard library crypto packages use a new openssl backend
|
|
which dynamically links to the OpenSSL libcrypto .so.
|
|
|
|
The OpenSSL functionality is a modification of the Go upstream experimental
|
|
support for boringcrypto as dynamically linked crypto backend.
|
|
|
|
%package doc
|
|
Summary: Go documentation
|
|
Group: Documentation/Other
|
|
Provides: go-doc = %{version}
|
|
|
|
%description doc
|
|
Go examples and documentation.
|
|
|
|
%ifarch %{tsan_arch}
|
|
# boo#1052528
|
|
%package race
|
|
Summary: Go runtime race detector
|
|
Group: Development/Languages/Go
|
|
URL: https://compiler-rt.llvm.org/
|
|
Requires: %{name} = %{version}
|
|
Supplements: %{name} = %{version}
|
|
ExclusiveArch: %{tsan_arch}
|
|
|
|
%description race
|
|
Go runtime race detector libraries. Install this package if you wish to use the
|
|
-race option, in order to detect race conditions present in your Go programs.
|
|
%endif
|
|
|
|
%prep
|
|
%ifarch %{tsan_arch}
|
|
# compiler-rt (from LLVM)
|
|
%setup -q -T -b 100 -n llvm-%{tsan_commit}
|
|
%endif
|
|
|
|
# go
|
|
%setup -q -n go
|
|
# Write go version into VERSION file in go source top level directory.
|
|
# Needed for go build scripts to operate without assuming .git/ present.
|
|
echo -n "go%{shortversion}" > %{_builddir}/go/VERSION
|
|
%patch -P 7 -p1
|
|
%if %{with gccgo}
|
|
# Currently gcc-go does not manage an update-alternatives entry and will
|
|
# never be symlinked as "go", even if gcc-go is the only installed go toolchain.
|
|
# Patch go bootstrap scripts to find hardcoded go-(gcc-go-version) e.g. go-8
|
|
# Substitute defined gcc_go_version into gcc-go.patch
|
|
sed -i "s/\$gcc_go_version/%{gcc_go_version}/" $RPM_SOURCE_DIR/gcc-go.patch
|
|
%patch -P 8 -p1
|
|
%endif
|
|
|
|
cp %{SOURCE4} .
|
|
|
|
# Apply golang-fips OpenSSL patch set to upstream go1.x sources
|
|
%setup -q -D -T -b 10 -n go
|
|
# The patchset is comprised of two large primary patches plus accumulated fixes
|
|
for file in patches/*.patch; do
|
|
if [ -f "$file" ]; then
|
|
patch -p1 <"$file"
|
|
fi
|
|
done
|
|
|
|
%build
|
|
# Remove the pre-included .sysos, to avoid shipping things we didn't compile
|
|
# (which is against the openSUSE guidelines for packaging).
|
|
# FIPS: retain boringcrypto .syso for now, not in use case for FIPS mode
|
|
# go/src/crypto/internal/boring/nboringcrypto/goboringcrypto_linux_amd64.syso
|
|
find . -type f -name '*.syso' ! -name '*boring*.syso' -print -delete
|
|
# TODO: Rebuild using
|
|
# BuildRequire: boringssl-devel
|
|
# GO_LDFLAGS pkg-config(libboringssl1) (spelling TBD)
|
|
# boringssl packages are currently present in Factory, not in SLE
|
|
|
|
# First, compile LLVM's TSAN, and replace the built-in with it. We can only do
|
|
# this for amd64.
|
|
%ifarch %{tsan_arch}
|
|
TSAN_DIR="../llvm-%{tsan_commit}/compiler-rt/lib/tsan/go"
|
|
pushd "$TSAN_DIR"
|
|
./buildgo.sh
|
|
popd
|
|
cp -v "$TSAN_DIR/race_linux_%{go_arch}.syso" src/runtime/race/
|
|
%endif
|
|
|
|
# Now, compile Go.
|
|
%if %{with gccgo}
|
|
export GOROOT_BOOTSTRAP=%{_prefix}
|
|
%else
|
|
export GOROOT_BOOTSTRAP=%{_libdir}/%{go_bootstrap_version}
|
|
%endif
|
|
# Ensure ARM arch is set properly - boo#1169832
|
|
%ifarch armv6l armv6hl
|
|
export GOARCH=arm
|
|
export GOARM=6
|
|
%endif
|
|
%ifarch armv7l armv7hl
|
|
export GOARCH=arm
|
|
export GOARM=7
|
|
%endif
|
|
%ifarch x86_64 %{?x86_64}
|
|
# use the baseline defined above. Other option is GOAMD64=v3 for x86_64_v3 support
|
|
export GOAMD64=%go_amd64
|
|
%endif
|
|
export GOROOT="`pwd`"
|
|
export GOROOT_FINAL=%{_libdir}/go/%{go_label}
|
|
export GOBIN="$GOROOT/bin"
|
|
mkdir -p "$GOBIN"
|
|
cd src
|
|
HOST_EXTRA_CFLAGS="%{optflags} -Wno-error" ./make.bash -v
|
|
|
|
cd ../
|
|
%ifarch %{tsan_arch}
|
|
# Install TSAN-friendly version of the std libraries.
|
|
bin/go install -race std
|
|
%endif
|
|
|
|
%check
|
|
%ifarch %{tsan_arch}
|
|
# Make sure that we have the right TSAN checked out.
|
|
# As of go1.20, README x86_64 race_linux.syso
|
|
# includes path prefix and omits arch in filename e.g.
|
|
# internal/amd64v1/race_linux.syso
|
|
%ifarch x86_64 %{?x86_64}
|
|
grep "^internal/amd64%{go_amd64}/race_linux.syso built with LLVM %{tsan_commit}" src/runtime/race/README
|
|
%else
|
|
grep "^race_linux_%{go_arch}.syso built with LLVM %{tsan_commit}" src/runtime/race/README
|
|
%endif
|
|
%endif
|
|
|
|
%install
|
|
export GOROOT="%{buildroot}%{_libdir}/go/%{go_label}"
|
|
|
|
# remove pre-compiled .a package archives no longer used as of go1.20
|
|
# find %{_builddir}/go/pkg -name "*.a" -type f |wc -l
|
|
# 259
|
|
# TODO isolate the build step where .a files are created and delete then
|
|
find %{_builddir}/go/pkg -name "*.a" -type f -delete
|
|
|
|
# locations for third party libraries, see README-openSUSE for info about locations.
|
|
install -d %{buildroot}%{_datadir}/go/%{go_label}/contrib
|
|
install -d $GOROOT/contrib/pkg/linux_%{go_arch}
|
|
ln -s %{_libdir}/go/%{go_label}/contrib/pkg/ %{buildroot}%{_datadir}/go/%{go_label}/contrib/pkg
|
|
install -d %{buildroot}%{_datadir}/go/%{go_label}/contrib/cmd
|
|
install -d %{buildroot}%{_datadir}/go/%{go_label}/contrib/src
|
|
ln -s %{_datadir}/go/%{go_label}/contrib/src/ %{buildroot}%{_libdir}/go/%{go_label}/contrib/src
|
|
install -Dm644 README.SUSE $GOROOT/contrib/
|
|
ln -s %{_libdir}/go/%{go_label}/contrib/README.SUSE %{buildroot}%{_datadir}/go/%{go_label}/contrib/README.SUSE
|
|
|
|
# go.env sets defaults for: GOPROXY GOSUMDB GOTOOLCHAIN
|
|
install -Dm644 go.env $GOROOT/
|
|
|
|
# Change go.env GOTOOLCHAIN default to "local" so Go app builds never
|
|
# automatically download newer toolchains as specified by go.mod files.
|
|
# When GOTOOLCHAIN is set to local, the go command always runs the bundled Go toolchain.
|
|
# See https://go.dev/doc/toolchain for details.
|
|
# The default behavior "auto":
|
|
# a) Assumes network access that is not available in OBS
|
|
# b) Downloads third-party toolchain binaries that would be used in build
|
|
# Need for "auto" is rare as openSUSE and SUSE ship go1.x versions near their release date.
|
|
# The user can override the defaults in ~/.config/go/env.
|
|
sed -i "s/GOTOOLCHAIN=auto/GOTOOLCHAIN=local/" $GOROOT/go.env
|
|
|
|
# source files for go install, godoc, etc
|
|
install -d %{buildroot}%{_datadir}/go/%{go_label}
|
|
for ext in *.{go,c,h,s,S,py,syso,bin}; do
|
|
find src -name ${ext} -exec install -Dm644 \{\} %{buildroot}%{_datadir}/go/%{go_label}/\{\} \;
|
|
done
|
|
# executable bash scripts called by go tool, etc
|
|
find src -name "*.bash" -exec install -Dm655 \{\} %{buildroot}%{_datadir}/go/%{go_label}/\{\} \;
|
|
# VERSION file referenced by go tool dist and go tool distpack
|
|
find . -name VERSION -exec install -Dm655 \{\} %{buildroot}%{_datadir}/go/%{go_label}/\{\} \;
|
|
# Trace viewer html and javascript files have moved in recent Go versions
|
|
# Prior to go1.19 misc/trace
|
|
# go1.19 to go1.21 src/cmd/trace/static
|
|
# go1.22 src/internal/trace/traceviewer/static
|
|
# Static contains pprof trace viewer html javascript and markdown
|
|
install -d %{buildroot}%{_datadir}/go/%{go_label}/src/internal/trace/traceviewer/static
|
|
install -Dm644 src/internal/trace/traceviewer/static/* %{buildroot}%{_datadir}/go/%{go_label}/src/internal/trace/traceviewer/static
|
|
# pprof viewer html templates are needed for import runtime/pprof
|
|
install -d %{buildroot}%{_datadir}/go/%{go_label}/src/cmd/vendor/github.com/google/pprof/internal/driver/html
|
|
install -Dm644 src/cmd/vendor/github.com/google/pprof/internal/driver/html/* %{buildroot}%{_datadir}/go/%{go_label}/src/cmd/vendor/github.com/google/pprof/internal/driver/html
|
|
|
|
mkdir -p $GOROOT/src
|
|
for i in $(ls %{buildroot}/usr/share/go/%{go_label}/src);do
|
|
ln -s /usr/share/go/%{go_label}/src/$i $GOROOT/src/$i
|
|
done
|
|
# add lib files that are needed (such as the timezone database).
|
|
install -d $GOROOT/lib
|
|
find lib -type f -exec install -D -m644 {} $GOROOT/{} \;
|
|
|
|
# copy document templates, packages, obj libs and command utilities
|
|
mkdir -p $GOROOT/bin
|
|
# remove bootstrap
|
|
rm -rf pkg/bootstrap
|
|
mv pkg $GOROOT
|
|
mv bin/* $GOROOT/bin
|
|
# add wasm (Web Assembly) boo#1139210
|
|
mkdir -p $GOROOT/misc/wasm
|
|
mv misc/wasm/* $GOROOT/misc/wasm
|
|
rm -f %{buildroot}%{_bindir}/{hgpatch,quietgcc}
|
|
|
|
# gdbinit
|
|
install -Dm644 %{SOURCE6} $GOROOT/bin/gdbinit.d/go.gdb
|
|
%if "%{_lib}" == "lib64"
|
|
sed -i "s/lib/lib64/" $GOROOT/bin/gdbinit.d/go.gdb
|
|
sed -i "s/\$go_label/%{go_label}/" $GOROOT/bin/gdbinit.d/go.gdb
|
|
%endif
|
|
|
|
# update-alternatives
|
|
mkdir -p %{buildroot}%{_sysconfdir}/alternatives
|
|
mkdir -p %{buildroot}%{_bindir}
|
|
mkdir -p %{buildroot}%{_sysconfdir}/profile.d
|
|
mkdir -p %{buildroot}%{_sysconfdir}/gdbinit.d
|
|
touch %{buildroot}%{_sysconfdir}/alternatives/{go,gofmt,go.gdb}
|
|
ln -sf %{_sysconfdir}/alternatives/go %{buildroot}%{_bindir}/go
|
|
ln -sf %{_sysconfdir}/alternatives/gofmt %{buildroot}%{_bindir}/gofmt
|
|
ln -sf %{_sysconfdir}/alternatives/go.gdb %{buildroot}%{_sysconfdir}/gdbinit.d/go.gdb
|
|
|
|
# documentation and examples
|
|
# fix documetation permissions (rpmlint warning)
|
|
find doc/ misc/ -type f -exec chmod 0644 '{}' +
|
|
# remove markdown doc source templates new in go1.23
|
|
# templates do not appear to be rendered markdown content
|
|
rm -rf doc/{initial,next}
|
|
# remove unwanted arch-dependant binaries (rpmlint warning)
|
|
rm -rf misc/cgo/test/{_*,*.o,*.out,*.6,*.8}
|
|
# prepare go-doc
|
|
mkdir -p %{buildroot}%{_docdir}/go/%{go_label}
|
|
cp -r CONTRIBUTING.md LICENSE PATENTS README.md README.OpenSSL README.SUSE %{buildroot}%{_docdir}/go/%{go_label}
|
|
cp -r doc/* %{buildroot}%{_docdir}/go/%{go_label}
|
|
|
|
%fdupes -s %{buildroot}%{_prefix}
|
|
|
|
%post
|
|
|
|
update-alternatives \
|
|
--install %{_bindir}/go go %{_libdir}/go/%{go_label}/bin/go $((21+$(echo %{go_label} | cut -d. -f2))) \
|
|
--slave %{_bindir}/gofmt gofmt %{_libdir}/go/%{go_label}/bin/gofmt \
|
|
--slave %{_sysconfdir}/gdbinit.d/go.gdb go.gdb %{_libdir}/go/%{go_label}/bin/gdbinit.d/go.gdb
|
|
|
|
%postun
|
|
if [ $1 -eq 0 ] ; then
|
|
update-alternatives --remove go %{_libdir}/go/%{go_label}/bin/go
|
|
fi
|
|
|
|
%files
|
|
%{_bindir}/go
|
|
%{_bindir}/gofmt
|
|
%dir %{_libdir}/go
|
|
%{_libdir}/go/%{go_label}
|
|
%dir %{_datadir}/go
|
|
%{_datadir}/go/%{go_label}
|
|
%dir %{_sysconfdir}/gdbinit.d/
|
|
%config %{_sysconfdir}/gdbinit.d/go.gdb
|
|
%ghost %{_sysconfdir}/alternatives/go
|
|
%ghost %{_sysconfdir}/alternatives/gofmt
|
|
%ghost %{_sysconfdir}/alternatives/go.gdb
|
|
%dir %{_docdir}/go
|
|
%dir %{_docdir}/go/%{go_label}
|
|
%doc %{_docdir}/go/%{go_label}/CONTRIBUTING.md
|
|
%doc %{_docdir}/go/%{go_label}/PATENTS
|
|
%doc %{_docdir}/go/%{go_label}/README.md
|
|
%doc %{_docdir}/go/%{go_label}/README.SUSE
|
|
%doc %{_docdir}/go/%{go_label}/README.OpenSSL
|
|
%if 0%{?suse_version} < 1500
|
|
%doc %{_docdir}/go/%{go_label}/LICENSE
|
|
%else
|
|
%license %{_docdir}/go/%{go_label}/LICENSE
|
|
%endif
|
|
|
|
# We don't include TSAN in the main Go package.
|
|
%ifarch %{tsan_arch}
|
|
%exclude %{_datadir}/go/%{go_label}/src/runtime/race/race_linux_%{go_arch}.syso
|
|
%endif
|
|
|
|
# We don't include libstd.so in the main Go package.
|
|
%if %{with_shared}
|
|
%if 0%{?suse_version} > 1500
|
|
# openSUSE Tumbleweed
|
|
# ./go/1.23/pkg/linux_amd64_dynlink/libstd.so
|
|
%exclude %{_libdir}/go/%{go_label}/pkg/linux_%{go_arch}_dynlink/libstd.so
|
|
%endif
|
|
%endif
|
|
|
|
%files doc
|
|
# SLE-12 SP5 rpm macro environment does not work with single glob {*.html,godebug.md}
|
|
%doc %{_docdir}/go/%{go_label}/*.html
|
|
%doc %{_docdir}/go/%{go_label}/godebug.md
|
|
|
|
%ifarch %{tsan_arch}
|
|
%files race
|
|
%{_datadir}/go/%{go_label}/src/runtime/race/race_linux_%{go_arch}.syso
|
|
%endif
|
|
|
|
%changelog
|