From a9e447dde7f8f364232efb5072e3ff89b24308da Mon Sep 17 00:00:00 2001 From: Dmitri Shuralyov Date: Wed, 21 Jun 2023 20:05:10 -0400 Subject: [PATCH] x509roots/fallback: add //go:build go1.20 to bundle.go Package fallback has no API; its only purpose is to automatically call x509.SetFallbackRoots with a set of fallback roots. That API was added in Go 1.20, hence the go1.20 build constraint in fallback.go. Add that constraint to bundle.go too, so that it fails to build rather than quietly being a no-op in Go 1.19. Also simplify Write(fmt.Sprintf()) into fmt.Fprintf while here. Add a temporary workaround for go.dev/issue/52287. It has no effect on the public API in this module. For golang/go#57792. For golang/go#52287. Change-Id: I1fe13f7d54b07b0b031e8bae685cffd7a8160165 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/505578 Auto-Submit: Dmitri Shuralyov TryBot-Result: Gopher Robot Reviewed-by: Dmitri Shuralyov Reviewed-by: Roland Shoemaker Run-TryBot: Dmitri Shuralyov --- x509roots/fallback/bundle.go | 2 ++ x509roots/fallback/fallback.go | 1 - .../fallback/internal/goissue52287/goissue52287.go | 8 ++++++++ x509roots/gen_fallback_bundle.go | 14 ++++++++------ 4 files changed, 18 insertions(+), 7 deletions(-) create mode 100644 x509roots/fallback/internal/goissue52287/goissue52287.go diff --git a/x509roots/fallback/bundle.go b/x509roots/fallback/bundle.go index 3bea8b388d..c5fb06e09a 100644 --- a/x509roots/fallback/bundle.go +++ b/x509roots/fallback/bundle.go @@ -1,5 +1,7 @@ // Code generated by gen_fallback_bundle.go; DO NOT EDIT. +//go:build go1.20 + package fallback import "crypto/x509" diff --git a/x509roots/fallback/fallback.go b/x509roots/fallback/fallback.go index 6fcd71424d..31413595fa 100644 --- a/x509roots/fallback/fallback.go +++ b/x509roots/fallback/fallback.go @@ -3,7 +3,6 @@ // license that can be found in the LICENSE file. //go:build go1.20 -// +build go1.20 // Package fallback embeds a set of fallback X.509 trusted roots in the // application by automatically invoking [x509.SetFallbackRoots]. This allows diff --git a/x509roots/fallback/internal/goissue52287/goissue52287.go b/x509roots/fallback/internal/goissue52287/goissue52287.go new file mode 100644 index 0000000000..d946a527db --- /dev/null +++ b/x509roots/fallback/internal/goissue52287/goissue52287.go @@ -0,0 +1,8 @@ +// Copyright 2023 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package goissue52287 is an empty internal package. +// It exists only to work around go.dev/issue/52287 and +// can be removed after Go 1.19 stops being supported. +package goissue52287 diff --git a/x509roots/gen_fallback_bundle.go b/x509roots/gen_fallback_bundle.go index 8c2b3cc6a0..761dfb996c 100644 --- a/x509roots/gen_fallback_bundle.go +++ b/x509roots/gen_fallback_bundle.go @@ -27,6 +27,8 @@ import ( const tmpl = `// Code generated by gen_fallback_bundle.go; DO NOT EDIT. +//go:build go1.20 + package fallback import "crypto/x509" @@ -41,7 +43,7 @@ func mustParse(b []byte) []*x509.Certificate { break } if block.Type != "CERTIFICATE" { - panic("unexpected PEM block type: "+block.Type) + panic("unexpected PEM block type: " + block.Type) } cert, err := x509.ParseCertificate(block.Bytes) if err != nil { @@ -97,9 +99,9 @@ func main() { return string(certs[i].X509.RawSubjectPublicKeyInfo) < string(certs[j].X509.RawSubjectPublicKeyInfo) }) - b := bytes.NewBuffer(nil) - b.Write([]byte(tmpl)) - b.Write([]byte("const pemRoots = `\n")) + b := new(bytes.Buffer) + b.WriteString(tmpl) + fmt.Fprintln(b, "const pemRoots = `") for _, c := range certs { if len(c.Constraints) > 0 { // Until the constrained roots API lands, skip anything that has any @@ -108,10 +110,10 @@ func main() { // new version. continue } - b.Write([]byte(fmt.Sprintf("# %s\n# %x\n", c.X509.Subject.String(), sha256.Sum256(c.X509.Raw)))) + fmt.Fprintf(b, "# %s\n# %x\n", c.X509.Subject.String(), sha256.Sum256(c.X509.Raw)) pem.Encode(b, &pem.Block{Type: "CERTIFICATE", Bytes: c.X509.Raw}) } - b.Write([]byte("`\n")) + fmt.Fprintln(b, "`") formatted, err := format.Source(b.Bytes()) if err != nil {