1 # Copyright 2024 The Go Authors. All rights reserved.
2 # Use of this source code is governed by a BSD-style
3 # license that can be found in the LICENSE file.
4
5 # Rules for building and testing new FIPS snapshots.
6 # For example:
7 #
8 # make v1.2.3.zip
9 # make v1.2.3.test
10 #
11 # and then if changes are needed, check them into master
12 # and run 'make v1.2.3.rm' and repeat.
13 #
14 # Note that once published a snapshot zip file should never
15 # be modified. We record the sha256 hashes of the zip files
16 # in fips140.sum, and the cmd/go/internal/fips140 test checks
17 # that the zips match.
18 #
19 # When the zip file is finalized, run 'make updatesum' to update
20 # fips140.sum.
21
22 default:
23 @echo nothing to make
24
25 # make v1.2.3.zip builds a v1.2.3.zip file
26 # from the current origin/master.
27 # copy and edit the 'go run' command by hand to use a different branch.
28 v%.zip:
29 git fetch origin master
30 go run ../../src/cmd/go/internal/fips140/mkzip.go v$*
31
32 # normally mkzip refuses to overwrite an existing zip file.
33 # make v1.2.3.rm removes the zip file and and unpacked
34 # copy from the module cache.
35 v%.rm:
36 rm -f v$*.zip
37 chmod -R u+w $$(go env GOMODCACHE)/golang.org/fips140@v$* 2>/dev/null || true
38 rm -rf $$(go env GOMODCACHE)/golang.org/fips140@v$*
39
40 # make v1.2.3.test runs the crypto tests using that snapshot.
41 v%.test:
42 GOFIPS140=v$* go test -short crypto...
43
44 # make updatesum updates the fips140.sum file.
45 updatesum:
46 go test cmd/go/internal/fips140 -update
47
View as plain text