go-fips-1.20.yaml

package:
  name: go-fips-1.20
  version: 1.20.14
  epoch: 0
  description: "the Go programming language with OpenSSL cryptography"
  copyright:
    - license: BSD-3-Clause
  dependencies:
    provides:
      - go-fips=1.20.999 # This should be go-fips=${{package.version}}-${{package.epoch}}
    runtime:
      - '!go-1.20'
      - bash
      - binutils-gold # Needed for cgo linking due to upstream issue #15696 which forces use of the gold linker.
      - build-base
      - openssl-dev # Needed for building against cryptographic packages.

environment:
  contents:
    packages:
      - bash
      - build-base
      - busybox
      - ca-certificates-bundle
      # We always use the equivalent non-FIPS branch of Go to build this.
      - go~1.20
      - openssl-dev

pipeline:
  - uses: fetch
    with:
      uri: https://go.dev/dl/go${{package.version}}.src.tar.gz
      expected-sha256: 1aef321a0e3e38b7e91d2d7eb64040666cabdcc77d383de3c9522d0d69b67f4e
      strip-components: 0

  - working-directory: /home/build/go
    pipeline:
      - uses: patch
        with:
          patches: /home/build/000-initial-setup.patch
      - uses: patch
        with:
          patches: /home/build/001-initial-openssl-for-fips.patch
      - uses: patch
        with:
          patches: /home/build/0003-openssl-fips-unconditionally-use-openssl-backend.patch
      - uses: patch
        with:
          patches: /home/build/0004-boring-always-enable-access-to-boring.Enabled-functi.patch

  - runs: |
      cd go/src
      ./make.bash -v

  - runs: |
      cd go

      mkdir -p "${{targets.destdir}}"/usr/bin "${{targets.destdir}}"/usr/lib/go/bin "${{targets.destdir}}"/usr/share/doc/go

      for bin in go gofmt; do
        install -Dm755 bin/$bin "${{targets.destdir}}"/usr/lib/go/bin/$bin
        ln -s /usr/lib/go/bin/$bin "${{targets.destdir}}"/usr/bin/
      done

      cp -a pkg lib "${{targets.destdir}}"/usr/lib/go/
      cp -r doc misc "${{targets.destdir}}"/usr/share/doc/go
      cp -a src "${{targets.destdir}}"/usr/lib/go/

      rm -rf "${{targets.destdir}}"/usr/lib/go/pkg/obj
      rm -rf "${{targets.destdir}}"/usr/lib/go/pkg/bootstrap
      rm -rf "${{targets.destdir}}"/usr/lib/go/pkg/tool/*/api
      rm -rf "${{targets.destdir}}"/usr/lib/go/pkg/*/cmd
      rm -rf "${{targets.destdir}}"/usr/lib/go/pkg/tool/*/api
      rm -rf "${{targets.destdir}}"/usr/lib/go/pkg/tool/*/go_bootstrap
      rm -rf "${{targets.destdir}}"/usr/lib/go/src/cmd/dist/dist

      # Remove tests from /usr/lib/go/src, not needed at runtime
      find "${{targets.destdir}}"/usr/lib/go/src \( -type f -a -name "*_test.go" \) \
        -exec rm -rf \{\} \+
      find "${{targets.destdir}}"/usr/lib/go/src \( -type d -a -name "testdata" \) \
        -exec rm -rf \{\} \+
      find "${{targets.destdir}}"/usr/lib/go/src \( -type f -a -name "*.rc" \) \
        -exec rm -rf \{\} \+
      find "${{targets.destdir}}"/usr/lib/go/src \( -type f -a -name "*.bat" \) \
        -exec rm -rf \{\} \+

  - uses: strip

subpackages:
  - name: "go-fips-1.20-doc"
    description: "go documentation"
    pipeline:
      - runs: |
          mkdir -p "${{targets.subpkgdir}}"/usr/share
          mv "${{targets.destdir}}"/usr/share/doc "${{targets.subpkgdir}}"/usr/share/

update:
  enabled: true
  shared: true
  github:
    identifier: golang/go
    strip-prefix: go
    tag-filter: go1.20
    use-tag: true