-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent unexpected Go crypto fallback: fail instead #965
Conversation
The bootstrap builds fail because they always fall back to Go standard crypto. Instead of adding code in various places of the bootstrap process to allow the fallback, don't enable the experiment at this point in the build process. Enable the experiment for the test run specifically.
eng/_core/cmd/build/build.go
Outdated
// build is clean. The problem is that the build doesn't include cgo, which is | ||
// required for some crypto backends. Set this variable to promise that our build is | ||
// fresh and avoid the non-cgo build. | ||
os.Setenv("GO_BUILD_FRESH", "1") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
GO_BUILD_FRESH
seems like an upstream env var and it keeps me wondering if we are reusing some already existing functionality. I'll prefer to name is something like GO_MSFT_BUILD_FRESH
so the scope is clearer.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ended up as GO_MSFT_SCRIPTED_BUILD
--realized that "BUILD_FRESH" sounds more like a request to run a fresh build, not something that indicates current status.
…ith patch revert performed manually This reverts commit 2eb34d1.
nobackend.go
build constraint an inverse of the other backends (and add test) #953Once this is merged, something like
GOEXPERIMENT=opensslcrypto GOOS=windows go build .
will fail with:Adding
-tags=allow_missing_crypto_backend_fallback
removes the error, allowing fallback. This is only intended for specific cases in our CI job where we e.g. enableGOEXPERIMENT=opensslcrypto
globally and then run the whole test suite. A number of tests have innergo build
commands that either disable cgo or use a different GOOS and needed the tag.If someone needs to use Go crypto in their own app, it makes more sense to remove the
GOEXPERIMENT
value. Then, it's clear what the intent is by looking at the build command, and our toolset then makes sure the intent is followed.This PR also changes the cngcrypto/opensslcrypto/boringcrypto CI jobs to build normally and run the tests with the target GOEXPERIMENT. The toolchain (at various levels of bootstrapping) builds without cgo, so the "accidental fallback" error would show up. Since the toolchain is using fallback Go crypto, we aren't meaningfully testing the goexperiment in these cases, so it makes more sense disable the goexperiment for the initial build rather than feed
allow_missing_crypto_backend_fallback
into many places.(The build of Go we ship is built with no GOEXPERIMENT, so it isn't necessarily important to test that building Go with a crypto experiment works, only that tests built with our Go toolset and the crypto experiments work.)