Bug 1379484

Summary: P224 support for golang
Product: [Fedora] Fedora Reporter: Martin Thomson <martin.thomson>
Component: golangAssignee: Jakub Čajka <jcajka>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: admiller, amurdaca, dma, golang-updates, jcajka, jeffschroeder, lemenkov, renich, s, vbatts
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: golang-1.7.3-2.fc25 golang-1.5.4-4.fc23 golang-1.6.3-4.fc24 golang-1.7.3-2.el6 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-24 16:30:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1038683    
Bug Blocks:    

Description Martin Thomson 2016-09-26 23:42:55 UTC 
Description of problem:

In golang 1.2, P224 was removed.  This prevents the use of the system golang with certain projects.  My particular problem is that it won't run boringssl tests.  I couldn't find the original rationale, but I hope that the reason is no longer valid.

Since NSS ships with secp224r1 (which isn't even in the NSS tree), I see no reason that this should be excluded.

Version-Release number of selected component (if applicable):
I'm using golang-1.7.1-2.fc26


How reproducible: Perfectly.


Steps to Reproduce:
1. git clone https://boringssl.googlesource.com/boringssl
2. cd boring/ssl/test/runner
3. go build

Actual results:
./key_agreement.go:349: undefined: elliptic.P224
(exit 1)

Expected results:
(exit 0)

Additional info:
I would have added a patch, but the repo doesn't even allow checkouts from unauthenticated users.  That's not very friendly to contributors.
Comment 1 Jakub Čajka 2016-09-27 08:18:40 UTC 
This is intentional due to legal reasons and there seems to be no indication that situation changed in a way that would allowed the p224 inclusion, so we can't drop the patch removing p224.

Please see BZ#1038683 for more details.

PS: I'm able to clone golang dist-git repo using "git clone git://pkgs.fedoraproject.org/rpms/golang.git" from machine that is not setup for my packaging work(without auth, fresh git installation).
Comment 2 Martin Thomson 2016-09-27 22:25:52 UTC 
The only mention of legal requirements is this:
> In Fedora, we only ship certain reviewed curves.

I would have to assume that it is permitted.  I work with the NSS maintainers closely and NSS ships on rawhide with P-224 (see certutil --help); they are acutely aware of legal constraints.  I guess we'll see what the legal folks say.
Comment 3 Antonio Murdaca 2016-11-18 10:04:57 UTC 
This will be fixed in F25 by https://bugzilla.redhat.com/show_bug.cgi?id=1038683
Comment 4 Fedora Update System 2016-11-18 10:06:42 UTC 
golang-1.7.3-2.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-0aae3021b3
Comment 5 Fedora Update System 2016-11-18 14:51:28 UTC 
golang-1.6.3-4.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-0eb27fee7a
Comment 6 Fedora Update System 2016-11-18 14:59:13 UTC 
golang-1.5.4-4.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-109c7b5f68
Comment 7 Fedora Update System 2016-11-18 20:27:08 UTC 
golang-1.7.3-2.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-0aae3021b3
Comment 8 Fedora Update System 2016-11-18 21:37:29 UTC 
golang-1.7.3-2.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-1300e04b7c
Comment 9 Fedora Update System 2016-11-19 07:48:13 UTC 
golang-1.7.3-2.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-1300e04b7c
Comment 10 Fedora Update System 2016-11-19 08:56:38 UTC 
golang-1.5.4-4.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-109c7b5f68
Comment 11 Fedora Update System 2016-11-19 18:50:52 UTC 
golang-1.6.3-4.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-0eb27fee7a
Comment 12 Fedora Update System 2016-11-24 16:30:36 UTC 
golang-1.7.3-2.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2016-11-29 23:52:55 UTC 
golang-1.5.4-4.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 14 Fedora Update System 2016-11-30 03:52:30 UTC 
golang-1.6.3-4.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Comment 15 Fedora Update System 2016-12-05 19:19:40 UTC 
golang-1.7.3-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.