From 37f27fbecd422da9fefb8ae1cc601bc5b4fec44b Mon Sep 17 00:00:00 2001 From: Russ Cox Date: Sun, 17 Nov 2024 17:17:50 -0500 Subject: [PATCH] cmd/go: enable fips test and fix caching bug Enable the cmd/go fips test now that v1.0.0.zip has been checked in. Will still need to enable the alias half when the alias is checked in. Also fix a problem that was causing spurious failures, by fixing repeated unpackings and also disabling modindex reads of the virtual fips140 snapshot directories. Fixes #71491. Change-Id: I7fa21e9bde07ff4eb6c3483e99d49316ee0ea7f0 Reviewed-on: https://go-review.googlesource.com/c/go/+/645835 Reviewed-by: Michael Matloob Reviewed-by: Sam Thanawalla LUCI-TryBot-Result: Go LUCI --- src/cmd/go/internal/modfetch/cache.go | 7 +++++++ src/cmd/go/internal/modindex/read.go | 11 +++++++---- src/cmd/go/testdata/script/fipssnap.txt | 9 +++------ 3 files changed, 17 insertions(+), 10 deletions(-) diff --git a/src/cmd/go/internal/modfetch/cache.go b/src/cmd/go/internal/modfetch/cache.go index 02d3849314..9c34581a91 100644 --- a/src/cmd/go/internal/modfetch/cache.go +++ b/src/cmd/go/internal/modfetch/cache.go @@ -113,6 +113,13 @@ func DownloadDir(ctx context.Context, m module.Version) (string, error) { return dir, err } + // Special case: ziphash is not required for the golang.org/fips140 module, + // because it is unpacked from a file in GOROOT, not downloaded. + // We've already checked that it's not a partial unpacking, so we're happy. + if m.Path == "golang.org/fips140" { + return dir, nil + } + // Check if a .ziphash file exists. It should be created before the // zip is extracted, but if it was deleted (by another program?), we need // to re-calculate it. Note that checkMod will repopulate the ziphash diff --git a/src/cmd/go/internal/modindex/read.go b/src/cmd/go/internal/modindex/read.go index 4c1fbd8359..76216f35ba 100644 --- a/src/cmd/go/internal/modindex/read.go +++ b/src/cmd/go/internal/modindex/read.go @@ -33,10 +33,7 @@ import ( "cmd/internal/par" ) -// enabled is used to flag off the behavior of the module index on tip. -// It will be removed before the release. -// TODO(matloob): Remove enabled once we have more confidence on the -// module index. +// enabled is used to flag off the behavior of the module index on tip, for debugging. var enabled = godebug.New("#goindex").Value() != "0" // Module represents and encoded module index file. It is used to @@ -126,6 +123,7 @@ var ErrNotIndexed = errors.New("not in module index") var ( errDisabled = fmt.Errorf("%w: module indexing disabled", ErrNotIndexed) errNotFromModuleCache = fmt.Errorf("%w: not from module cache", ErrNotIndexed) + errFIPS140 = fmt.Errorf("%w: fips140 snapshots not indexed", ErrNotIndexed) ) // GetPackage returns the IndexPackage for the directory at the given path. @@ -143,6 +141,11 @@ func GetPackage(modroot, pkgdir string) (*IndexPackage, error) { if cfg.BuildContext.Compiler == "gccgo" && str.HasPathPrefix(modroot, cfg.GOROOTsrc) { return nil, err // gccgo has no sources for GOROOT packages. } + // The pkgdir for fips140 has been replaced in the fsys overlay, + // but the module index does not see that. Do not try to use the module index. + if strings.Contains(filepath.ToSlash(pkgdir), "internal/fips140/v") { + return nil, errFIPS140 + } return openIndexPackage(modroot, pkgdir) } diff --git a/src/cmd/go/testdata/script/fipssnap.txt b/src/cmd/go/testdata/script/fipssnap.txt index 465f304c46..9888bc82f1 100644 --- a/src/cmd/go/testdata/script/fipssnap.txt +++ b/src/cmd/go/testdata/script/fipssnap.txt @@ -1,10 +1,6 @@ -## Note: Need a snapshot in lib/fips140 to run this test. -## For local testing, can run 'cd lib/fips140; make v0.0.1.test' -## and then remove the skip. -env snap=v0.0.1 +env snap=v1.0.0 env alias=inprocess -skip 'no snapshots yet' env GOFIPS140=$snap # Go+BoringCrypto conflicts with GOFIPS140. @@ -27,7 +23,8 @@ stdout crypto/internal/fips140/$snap/sha256 ! stdout crypto/internal/fips140/check # again with GOFIPS140=$alias -env GOFIPS140=$alias +# TODO: enable when we add inprocess.txt +# env GOFIPS140=$alias # default GODEBUG includes fips140=on go list -f '{{.DefaultGODEBUG}}' -- 2.48.1