x509roots/fallback: add //go:build go1.20 to bundle.go
Package fallback has no API; its only purpose is to automatically call
x509.SetFallbackRoots with a set of fallback roots. That API was added
in Go 1.20, hence the go1.20 build constraint in fallback.go.
Add that constraint to bundle.go too, so that it fails to build rather
than quietly being a no-op in Go 1.19.
Also simplify Write(fmt.Sprintf()) into fmt.Fprintf while here.
Add a temporary workaround for go.dev/issue/52287.
It has no effect on the public API in this module.
For golang/go#57792.
For golang/go#52287.
Change-Id: I1fe13f7d54b07b0b031e8bae685cffd7a8160165
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/505578
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
diff --git a/x509roots/fallback/bundle.go b/x509roots/fallback/bundle.go
index 3bea8b3..c5fb06e 100644
--- a/x509roots/fallback/bundle.go
+++ b/x509roots/fallback/bundle.go
@@ -1,5 +1,7 @@
// Code generated by gen_fallback_bundle.go; DO NOT EDIT.
+//go:build go1.20
+
package fallback
import "crypto/x509"
diff --git a/x509roots/fallback/fallback.go b/x509roots/fallback/fallback.go
index 6fcd714..3141359 100644
--- a/x509roots/fallback/fallback.go
+++ b/x509roots/fallback/fallback.go
@@ -3,7 +3,6 @@
// license that can be found in the LICENSE file.
//go:build go1.20
-// +build go1.20
// Package fallback embeds a set of fallback X.509 trusted roots in the
// application by automatically invoking [x509.SetFallbackRoots]. This allows
diff --git a/x509roots/fallback/internal/goissue52287/goissue52287.go b/x509roots/fallback/internal/goissue52287/goissue52287.go
new file mode 100644
index 0000000..d946a52
--- /dev/null
+++ b/x509roots/fallback/internal/goissue52287/goissue52287.go
@@ -0,0 +1,8 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package goissue52287 is an empty internal package.
+// It exists only to work around go.dev/issue/52287 and
+// can be removed after Go 1.19 stops being supported.
+package goissue52287
diff --git a/x509roots/gen_fallback_bundle.go b/x509roots/gen_fallback_bundle.go
index 8c2b3cc..761dfb9 100644
--- a/x509roots/gen_fallback_bundle.go
+++ b/x509roots/gen_fallback_bundle.go
@@ -27,6 +27,8 @@
const tmpl = `// Code generated by gen_fallback_bundle.go; DO NOT EDIT.
+//go:build go1.20
+
package fallback
import "crypto/x509"
@@ -41,7 +43,7 @@
break
}
if block.Type != "CERTIFICATE" {
- panic("unexpected PEM block type: "+block.Type)
+ panic("unexpected PEM block type: " + block.Type)
}
cert, err := x509.ParseCertificate(block.Bytes)
if err != nil {
@@ -97,9 +99,9 @@
return string(certs[i].X509.RawSubjectPublicKeyInfo) < string(certs[j].X509.RawSubjectPublicKeyInfo)
})
- b := bytes.NewBuffer(nil)
- b.Write([]byte(tmpl))
- b.Write([]byte("const pemRoots = `\n"))
+ b := new(bytes.Buffer)
+ b.WriteString(tmpl)
+ fmt.Fprintln(b, "const pemRoots = `")
for _, c := range certs {
if len(c.Constraints) > 0 {
// Until the constrained roots API lands, skip anything that has any
@@ -108,10 +110,10 @@
// new version.
continue
}
- b.Write([]byte(fmt.Sprintf("# %s\n# %x\n", c.X509.Subject.String(), sha256.Sum256(c.X509.Raw))))
+ fmt.Fprintf(b, "# %s\n# %x\n", c.X509.Subject.String(), sha256.Sum256(c.X509.Raw))
pem.Encode(b, &pem.Block{Type: "CERTIFICATE", Bytes: c.X509.Raw})
}
- b.Write([]byte("`\n"))
+ fmt.Fprintln(b, "`")
formatted, err := format.Source(b.Bytes())
if err != nil {
