]> Cypherpunks repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 606a0bd) | patch
cmd/go: add GOFIPS140 snapshot support
authorRuss Cox <rsc@golang.org>
Sun, 17 Nov 2024 21:55:51 +0000 (16:55 -0500)
committerGopher Robot <gobot@golang.org>
Wed, 20 Nov 2024 12:49:28 +0000 (12:49 +0000)
commit01103d7af867a018da683c12128bc7cae6b28007
tree5a4bd0a3b61a233312ba0f72c44eed24bc48216dtree
parent606a0bd9c8ff275244ce308f29bb5ff4ff86dabdcommit | diff
cmd/go: add GOFIPS140 snapshot support

GOFIPS140 does two things: (1) control whether to build binaries that
run in FIPS-140 mode by default, and (2) control which version of the
crypto/internal/fips source tree to use during a build.

This CL implements part (2). The older snapshot source trees are
stored in GOROOT/lib/fips140 in module-formatted zip files,
even though crypto/internal/fips is not technically a module.
(Reusing the module packing and unpacking code avoids reinventing it.)

See cmd/go/internal/fips/fips.go for an overview.

The documentation for GOFIPS140 is in a follow-up CL.

For #70200.

Change-Id: I73a610fd2c9ff66d0cced37d51acd8053497238e
Reviewed-on: https://go-review.googlesource.com/c/go/+/629201
Reviewed-by: Michael Matloob <matloob@golang.org>
Auto-Submit: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
src/cmd/go/internal/fips/fips.go diff | blob | history
src/cmd/go/internal/fips/mkzip.go [new file with mode: 0644] blob
src/cmd/go/internal/load/pkg.go diff | blob | history
src/cmd/go/internal/modload/load.go diff | blob | history
src/cmd/go/testdata/script/fipssnap.txt [new file with mode: 0644] blob
Go GOST TLS 1.3