diff options
| author | Michael Matloob <matloob@golang.org> | 2026-04-03 15:03:36 -0400 |
|---|---|---|
| committer | Michael Matloob <matloob@golang.org> | 2026-04-09 10:46:10 -0700 |
| commit | be193f3a97dce50bad1cf6100aa662c2f6ba57f7 (patch) | |
| tree | c2625127cacc05a725ab678a82e012f676b3fd47 | |
| parent | 28c56bb5fb438d46d921a37f2e172ecf198f75c2 (diff) | |
| download | go-be193f3a97dce50bad1cf6100aa662c2f6ba57f7.tar.xz | |
cmd/go: use fsys.ReadDir for IsStandardPackage
FIPS140 crypto files will be bound into the virtual filesystem using the
fsys package. So IsStandardPackage needs to use fsys.ReadDir to check
that the fips140 packages are standard packages rather than os.ReadDir
because os.ReadDir doesn't know about the overlay.
It would be nice if we could pass in a io/fs.FS to IsStandardPackage but
the FS paths are slash paths and don't play well with windows paths. So
we pass in ReadDir instead. Maybe in the future we could create an
alternative interface to pass the filesystem through but that's a bigger
project.
Fixes #73649
Change-Id: I576f03cfc52a63cec0598e058e1354676a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/762581
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Michael Matloob <matloob@google.com>
Auto-Submit: Michael Matloob <matloob@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
| -rw-r--r-- | src/cmd/go/internal/modindex/read.go | 4 | ||||
| -rw-r--r-- | src/cmd/go/testdata/mod/example.com_importcrypto_v1.0.0.txt | 19 | ||||
| -rw-r--r-- | src/cmd/go/testdata/script/mod_get_fips140_issue73649.txt | 10 | ||||
| -rw-r--r-- | src/go/build/build.go | 2 | ||||
| -rw-r--r-- | src/internal/goroot/gc.go | 6 |
5 files changed, 35 insertions, 6 deletions
diff --git a/src/cmd/go/internal/modindex/read.go b/src/cmd/go/internal/modindex/read.go index 399e89eca3..a31e09d233 100644 --- a/src/cmd/go/internal/modindex/read.go +++ b/src/cmd/go/internal/modindex/read.go @@ -680,7 +680,7 @@ func (rp *IndexPackage) Import(bctxt build.Context, mode build.ImportMode) (p *b // and otherwise falling back to internal/goroot.IsStandardPackage func IsStandardPackage(goroot_, compiler, path string) bool { if !enabled || compiler != "gc" { - return goroot.IsStandardPackage(goroot_, compiler, path) + return goroot.IsStandardPackage(fsys.ReadDir, goroot_, compiler, path) } reldir := filepath.FromSlash(path) // relative dir path in module index for package @@ -695,7 +695,7 @@ func IsStandardPackage(goroot_, compiler, path string) bool { } else if errors.Is(err, ErrNotIndexed) { // Fall back because package isn't indexable. (Probably because // a file was modified recently) - return goroot.IsStandardPackage(goroot_, compiler, path) + return goroot.IsStandardPackage(fsys.ReadDir, goroot_, compiler, path) } return false } diff --git a/src/cmd/go/testdata/mod/example.com_importcrypto_v1.0.0.txt b/src/cmd/go/testdata/mod/example.com_importcrypto_v1.0.0.txt new file mode 100644 index 0000000000..0ca0f35bf2 --- /dev/null +++ b/src/cmd/go/testdata/mod/example.com_importcrypto_v1.0.0.txt @@ -0,0 +1,19 @@ +example.com/importcrypto contains a package that imports crypto/sha256 +It's used by the script test case mod_get_fips140_issue73649 + +-- .info -- +{"Version":"v1.0.0"} +-- .mod -- +module example.com/importcrypto + +go 1.27 +-- go.mod -- +module example.com/importcrypto + +go 1.27 +-- importcypto.go -- +package p + +import _ "crypto/sha256" + +func main() {} diff --git a/src/cmd/go/testdata/script/mod_get_fips140_issue73649.txt b/src/cmd/go/testdata/script/mod_get_fips140_issue73649.txt new file mode 100644 index 0000000000..4ab176cb7a --- /dev/null +++ b/src/cmd/go/testdata/script/mod_get_fips140_issue73649.txt @@ -0,0 +1,10 @@ +[GOEXPERIMENT:boringcrypto] skip + +env GOFIPS140=v1.0.0 +env GOCACHE=$WORK/cache +go get example.com/importcrypto + +-- go.mod -- +module m + +go 1.27 diff --git a/src/go/build/build.go b/src/go/build/build.go index 157461d1af..4c6be413ab 100644 --- a/src/go/build/build.go +++ b/src/go/build/build.go @@ -746,7 +746,7 @@ func (ctxt *Context) Import(path string, srcDir string, mode ImportMode) (*Packa } tried.goroot = dir } - if ctxt.Compiler == "gccgo" && goroot.IsStandardPackage(ctxt.GOROOT, ctxt.Compiler, path) { + if ctxt.Compiler == "gccgo" && goroot.IsStandardPackage(os.ReadDir, ctxt.GOROOT, ctxt.Compiler, path) { // TODO(bcmills): Setting p.Dir here is misleading, because gccgo // doesn't actually load its standard-library packages from this // directory. See if we can leave it unset. diff --git a/src/internal/goroot/gc.go b/src/internal/goroot/gc.go index 534ad57e70..d2581b0425 100644 --- a/src/internal/goroot/gc.go +++ b/src/internal/goroot/gc.go @@ -15,12 +15,12 @@ import ( ) // IsStandardPackage reports whether path is a standard package, -// given goroot and compiler. -func IsStandardPackage(goroot, compiler, path string) bool { +// given goroot and compiler. readDir accepts OS filesystem paths. +func IsStandardPackage(readDir func(string) ([]os.DirEntry, error), goroot, compiler, path string) bool { switch compiler { case "gc": dir := filepath.Join(goroot, "src", path) - dirents, err := os.ReadDir(dir) + dirents, err := readDir(dir) if err != nil { return false } |