From 276d8c97bb1a3de52a4eabf696cfdf708d334e85 Mon Sep 17 00:00:00 2001 From: "Wael M. Nasreddine" Date: Fri, 15 Mar 2019 11:42:05 -0700 Subject: [PATCH] go_1_12: 1.12 -> 1.12.1 --- pkgs/development/compilers/go/1.12.nix | 5 +- .../compilers/go/ssl-cert-file-1.12.1.patch | 59 +++++++++++++++++++ 2 files changed, 62 insertions(+), 2 deletions(-) create mode 100644 pkgs/development/compilers/go/ssl-cert-file-1.12.1.patch diff --git a/pkgs/development/compilers/go/1.12.nix b/pkgs/development/compilers/go/1.12.nix index d7bbd4eaf0f..0b8eb2dc19d 100644 --- a/pkgs/development/compilers/go/1.12.nix +++ b/pkgs/development/compilers/go/1.12.nix @@ -29,11 +29,11 @@ in stdenv.mkDerivation rec { name = "go-${version}"; - version = "1.12"; + version = "1.12.1"; src = fetchurl { url = "https://dl.google.com/go/go${version}.src.tar.gz"; - sha256 = "1wl8kq21fbzmv4plnaza5acz8dhbaaq6smjzk3r6cf3l6qrkvi09"; + sha256 = "12l12mmgqvy3nbscy7sz83qj4m6iz5a322aq9sk45f7l9ml2gq8b"; }; # perl is used for testing go vet @@ -127,6 +127,7 @@ stdenv.mkDerivation rec { patches = [ ./remove-tools-1.11.patch + ./ssl-cert-file-1.12.1.patch ./remove-test-pie.patch ./creds-test.patch ./go-1.9-skip-flaky-19608.patch diff --git a/pkgs/development/compilers/go/ssl-cert-file-1.12.1.patch b/pkgs/development/compilers/go/ssl-cert-file-1.12.1.patch new file mode 100644 index 00000000000..aa3116d76c1 --- /dev/null +++ b/pkgs/development/compilers/go/ssl-cert-file-1.12.1.patch @@ -0,0 +1,59 @@ +diff -Naur a/src/crypto/x509/root_cgo_darwin.go b/src/crypto/x509/root_cgo_darwin.go +--- a/src/crypto/x509/root_cgo_darwin.go 2019-03-15 11:33:55.920232337 -0700 ++++ b/src/crypto/x509/root_cgo_darwin.go 2019-03-15 11:34:53.323180897 -0700 +@@ -270,11 +270,20 @@ + import "C" + import ( + "errors" ++ "io/ioutil" ++ "os" + "unsafe" + ) + + func loadSystemRoots() (*CertPool, error) { + roots := NewCertPool() ++ if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" { ++ data, err := ioutil.ReadFile(file) ++ if err == nil { ++ roots.AppendCertsFromPEM(data) ++ return roots, nil ++ } ++ } + + var data C.CFDataRef = 0 + var untrustedData C.CFDataRef = 0 +diff -Naur a/src/crypto/x509/root_darwin.go b/src/crypto/x509/root_darwin.go +--- a/src/crypto/x509/root_darwin.go 2019-03-15 11:33:55.920232337 -0700 ++++ b/src/crypto/x509/root_darwin.go 2019-03-15 11:36:21.205123541 -0700 +@@ -92,6 +92,14 @@ + verifyCh = make(chan rootCandidate) + ) + ++ if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" { ++ data, err := ioutil.ReadFile(file) ++ if err == nil { ++ roots.AppendCertsFromPEM(data) ++ return roots, nil ++ } ++ } ++ + // Using 4 goroutines to pipe into verify-cert seems to be + // about the best we can do. The verify-cert binary seems to + // just RPC to another server with coarse locking anyway, so +diff -Naur a/src/crypto/x509/root_unix.go b/src/crypto/x509/root_unix.go +--- a/src/crypto/x509/root_unix.go 2019-03-15 11:33:55.920232337 -0700 ++++ b/src/crypto/x509/root_unix.go 2019-03-15 11:37:15.737326340 -0700 +@@ -38,6 +38,13 @@ + + func loadSystemRoots() (*CertPool, error) { + roots := NewCertPool() ++ if file := os.Getenv("NIX_SSL_CERT_FILE"); file != "" { ++ data, err := ioutil.ReadFile(file) ++ if err == nil { ++ roots.AppendCertsFromPEM(data) ++ return roots, nil ++ } ++ } + + files := certFiles + if f := os.Getenv(certFileEnv); f != "" {