profile
viewpoint
Andrew Bonventre andybons Google NYC https://andybons.com Engineering Lead on the @golang Team

dvyukov/go-fuzz 3312

Randomized testing for Go

PolymerElements/app-route 142

A modular client-side router

Medium/medium-sdk-go 122

A Golang SDK for Medium's OAuth2 API

prateekbh/preact-async-route 120

Async route component for preact-router

andybons/hipchat 108

This project implements a Go client library for the Hipchat API.

dvyukov/go-fuzz-corpus 65

Corpus for github.com/dvyukov/go-fuzz examples

andybons/gogif 21

The (no longer) missing GIF encoder for #golang

andybons/baseline 7

Starting point for Go web services

andybons/grge 4

iOS garage door opener compatible with https://github.com/bradfitz/android-garage-opener

andybons/propnotes 2

A tool to help generate Go proposal review meeting minutes

issue commentgolang/go

net/http: cannot set custom/special pseudo-headers when using HTTP/2

@fraenkel have any thoughts about this?

jaddr2line

comment created time in a day

issue commentgolang/lint

Disable "should have comment or be unexported" check

Thanks, everyone.

For now, we will keep this check unchanged. As documented This tool is meant to mechanically enforce rules laid out by Effective Go and CodeReviewComments, with this rule specifically enforcing comment sentences.

Additionally, the README states:

The suggestions made by golint are exactly that: suggestions. Golint is not perfect, and has both false positives and false negatives. Do not treat its output as a gold standard. We will not be adding pragmas or other knobs to suppress specific warnings, so do not expect or require code to be completely "lint-free". In short, this tool is not, and will never be, trustworthy enough for its suggestions to be enforced automatically, for example as part of a build process.

Changing this would mean changing Golint’s scope, Effective Go, and/or CodeReviewComments. There are appropriate forums to discuss those changes, but this issue is not one of them.

Thanks

oky2abbas

comment created time in 4 days

push eventandybons/cryptopals

Andrew Bonventre

commit sha cf5065b233d2580962b62a5a086f7e2e3a019996

set01: add solutions to set 1, challenges [1..5]

view details

push time in 7 days

MemberEvent

PR opened andybons/cryptopals

Reviewers
set01: add solutions to set 1, challenges 1 and 2
+97 -0

0 comment

5 changed files

pr created time in 8 days

create barnchandybons/cryptopals

branch : pr1

created branch time in 8 days

MemberEvent

issue closedgolang/lint

can't load package: package github.com/golang/lint/golint

Hi guys, Having a weird issue when I'm trying to: go get github.com/golang/lint/golint

LUSC02VL0A7HTDH:/ kraskoshnyi$ go get github.com/golang/lint/golint can't load package: package github.com/golang/lint/golint: code in directory /Users/kraskoshnyi/go/src/github.com/golang/lint/golint expects import "golang.org/x/lint/golint"

$ go env GOARCH="amd64" GOBIN="/Users/user1/go/bin" GOCACHE="/Users/user1/Library/Caches/go-build" GOEXE="" GOFLAGS="" GOHOSTARCH="amd64" GOHOSTOS="darwin" GOOS="darwin" GOPATH="/Users/user1/go" GOPROXY="" GORACE="" GOROOT="/usr/local/Cellar/go/1.12.4/libexec" GOTMPDIR="" GOTOOLDIR="/usr/local/Cellar/go/1.12.4/libexec/pkg/tool/darwin_amd64" GCCGO="gccgo" CC="clang" CXX="clang++" CGO_ENABLED="1" GOMOD="" CGO_CFLAGS="-g -O2" CGO_CPPFLAGS="" CGO_CXXFLAGS="-g -O2" CGO_FFLAGS="-g -O2" CGO_LDFLAGS="-g -O2" PKG_CONFIG="pkg-config" GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/p_/nvwm9chs1sjb48vdpz7ngm7c0000gn/T/go-build636080856=/tmp/go-build -gno-record-gcc-switches -fno-common"

Is anyone aware of this issue? Thanks

closed time in 8 days

kotyara85

issue closedgolang/go

access: request Trybot access for mengzhuo

Hi, core team guys.

I would like to have "trybot access" for MIPS porting since my MIPS box only has mips64le/mipsle ability.

my Gerrit email address: mengzhuo1203@gmail.com

https://go-review.googlesource.com/#/admin/groups/1030,members

closed time in 10 days

mengzhuo

issue commentgolang/go

access: request Trybot access for mengzhuo

Done.

mengzhuo

comment created time in 10 days

issue closedgolang/go

all: ensure that Go toolchain meets Apple’s notarization requirements

<!-- Please answer these questions before submitting your issue. Thanks! -->

What version of Go are you using (go version)?

<pre> $ go version go version go1.13.3 darwin/amd64 </pre>

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

<details><summary><code>go env</code> Output</summary><br><pre> $ go env GO111MODULE="on" GOARCH="amd64" GOBIN="" GOCACHE="/Users/artyom/Library/Caches/go-build" GOENV="/Users/artyom/Library/Application Support/go/env" GOEXE="" GOFLAGS="-ldflags=-w -trimpath" GOHOSTARCH="amd64" GOHOSTOS="darwin" GONOPROXY="" GONOSUMDB="" GOOS="darwin" GOPATH="/Users/artyom/go" GOPRIVATE="" GOPROXY="https://proxy.golang.org,direct" GOROOT="/Users/artyom/Library/go" GOSUMDB="sum.golang.org" GOTMPDIR="" GOTOOLDIR="/Users/artyom/Library/go/pkg/tool/darwin_amd64" GCCGO="gccgo" AR="ar" CC="clang" CXX="clang++" CGO_ENABLED="1" GOMOD="/Users/artyom/Repositories/artyom/rex/go.mod" CGO_CFLAGS="-g -O2" CGO_CPPFLAGS="" CGO_CXXFLAGS="-g -O2" CGO_FFLAGS="-g -O2" CGO_LDFLAGS="-g -O2" PKG_CONFIG="pkg-config" GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/lb/3rk8rqs53czgb4v35w_342xc0000gn/T/go-build499526677=/tmp/go-build -gno-record-gcc-switches -fno-common"

</pre></details>

What did you do?

Installed go from https://dl.google.com/go/go1.13.3.darwin-amd64.tar.gz and then tried to use it to build project. This is on macOS Catalina 10.15:

Darwin MacBook-Air.local 19.0.0 Darwin Kernel Version 19.0.0: Wed Sep 25 20:18:50 PDT 2019; root:xnu-6153.11.26~2/RELEASE_X86_64 x86_64

What did you expect to see?

Go works as usual.

What did you see instead?

On first go call I'm presented with OS pop-up that "macOS cannot verify that this app is free from malware", with options either to discard this window (the process is killed then) or move the binary to trash. After whitelisting this binary via Preferences → Security & Privacy → General → Allow Anyway, go can be called fine.

Next I tried to build project with go install and got the came pop-up for "compile" tool.

Screen Shot 2019-10-18 at 13 00 17

Screen Shot 2019-10-18 at 13 00 23

closed time in 18 days

artyom

issue commentgolang/go

all: ensure that Go toolchain meets Apple’s notarization requirements

Yes this looks to be fixed. If we discover any issues during the notarization stage of a release we'll open a new issue.

artyom

comment created time in 18 days

IssuesEvent

issue commentgolang/lint

Master doesn't build anymore: undefined: types.NewInterface2

Making a CL...

Soulou

comment created time in 23 days

issue commentgolang/go

proposal: x/website/cmd/golangorg: Add Content Security Policy

This doesn't need a proposal. Feel free to submit a fix :)

empijei

comment created time in 23 days

issue commentgolang/go

cmd/link: system linker warnings on OSX 1.14 when using cgo

@tjamet can you provide the output of go build -x?

tjamet

comment created time in 3 months

issue commentgolang/go

cmd/link: system linker warnings on OSX 1.14 when using cgo

@ianlancetaylor the release is built on 10.15, yes. It may be that we need to explicitly set a target of macOS when building. See #35459.

@cagedmantis @toothrot

tjamet

comment created time in 3 months

issue commentgolang/go

cmd/go: explicitly specify macOS base SDK version when compiling go binary

Removing release-blocker label since the default value for the base SDK is 10.10 using the 10_15 Catalina builder. Keeping open to track setting this explicitly.

andybons

comment created time in 3 months

issue commentgolang/go

proposal: review meeting minutes

2019-12-04 / @andybons, @bradfitz, @griesemer, @ianlancetaylor, @rsc, @spf13

  • #35593 all: make linux/arm64 a first-class port
    • no change in consensus; accepted 🎉
  • #34409 cmd/doc: add "// Unstable:" prefix convention
    • discussion ongoing
  • #35400 cmd/go: add .proxy endpoint to the module proxy spec
    • put on hold
  • #35699 cmd/go: add go cli version to the User-Agent string
    • no final comments; declined
  • #34293 cmd/go: add go doc -json
    • no change in consensus; accepted 🎉
  • #35008 cmd/go: add GOMIPS64=r2 for mips64r2 code generation
    • commented
  • #29062 cmd/go: fail tests that invoke os.Exit(0) explicitly
    • likely accept; last call for comments
  • #35510 cmd/go: have go get... look in vendored caches for dependencies
    • no change in consensus; declined
  • 14878 crypto/tls: add SetOCSPStaple function
    • likely decline; last call for comments
  • #35697 database/sql: expose convertAssign functionality in an Any type
    • discussion ongoing
  • #34593 database/sql: sql.IsNull
    • no change in consensus; declined
  • #22823 io/ioutil: add WriteNopCloser
    • discussion ongoing
  • #33920 io/ioutil: reject path separators in TempDir, TempFile pattern
    • no change in consensus; accepted 🎉
  • #34416 log: add flag to display ISO 8601 date and time format
    • no change in consensus; declined
  • #35696 os: add function to return environment var with default value
    • no change in consensus; declined
  • #29982 reflect: add constants for size of int, bool, etc.
    • commented
  • #35178 runtime: permit setting goroutine name to appear in stack dumps
    • likely decline; last call for comments
  • #34681 syscall: define Windows O_ALLOW_DELETE for use in os.OpenFile
    • commented
  • #34626 testing: print more precision in benchmark timings
    • likely accept; last call for comments
  • #35567 testing: move Internal types to internal package
    • no change in consensus; accepted 🎉
  • #35643 time: add a channel to time.Ticker to detect stopped tickers
    • no change in consensus; declined
  • #35346 x/crypto/nacl: Support for libsodium "sealed box"
    • no change in consensus; accepted 🎉
  • #22741 x/crypto/ssh: add package for Key Revocation Lists
    • likely decline; last call for comments
rsc

comment created time in 3 months

push eventandybons/propnotes

Andrew Bonventre

commit sha b2099d9ac555b832ee705cfd8cc874572dc0f350

add server

view details

push time in 3 months

push eventandybons/propnotes

Andrew Bonventre

commit sha b847de3ec42a8732aaa93a720979072b94d8a51c

add state clearing instructions

view details

push time in 3 months

push eventandybons/propnotes

Andrew Bonventre

commit sha ce52bf45e32cda8a16303535b5acc7744814114c

sort issues desc

view details

push time in 3 months

push eventandybons/propnotes

Andrew Bonventre

commit sha e29ac2ceba71ec617253bd38ef807ad69ece9928

add instructions

view details

push time in 3 months

issue closedgolang/go

Wiki: WebAssembly Examples Update

This about Wiki page addition:

On this page: https://github.com/golang/go/wiki/WebAssembly

I would like to add this entry under interacting-with-the-dom or Further examples

  • GoWebian A library to build pages with pure go and add WebAssembly bindings.

This project that I started for personal use and I would like to continue working on it to support easier WebAssembly integration and code generation.

closed time in 3 months

bgokden

issue commentgolang/go

all: ensure that Go toolchain meets Apple’s notarization requirements

I've run an altered all.bash that signs (with the hardened runtime enabled) the toolchain binaries and all tests passed.

We plan to enable the hardened runtime for the 1.14 beta (scheduled for early December) and see if anything breaks. If everything looks good, we'll enable it for all releases moving forward.

artyom

comment created time in 3 months

issue closedgolang/go

all: change macOS package/binary identifiers to org.golang.*

On macOS, we are updating our Go package identifier namespace from com.googlecode.* to org.golang.*. If your infrastructure relies on our installer having a specific identifier, you should use the new value starting with 1.13.5 and 1.12.14, which have yet to be released.

In addition, we are updating our binaries to have identifiers as well, primarily to help with logging. Any binaries in the distribution will have the identifier of org.golang.{binary name}. For example, the go command will have the identifier org.golang.go with /pkg/tool/darwin_amd64/compile having the identifier org.golang.compile.

This is a small piece of housekeeping that came up during our efforts to ensure we comply with Apple's notarization requirements. Google Code no longer exists, so it is more appropriate for us to use a more accurate identifier moving forward.

Placing in the Unreleased milestone but this affects every future release (creating a separate issue for each milestone seemed like overkill).

closed time in 3 months

andybons

issue commentgolang/go

all: change macOS package/binary identifiers to org.golang.*

This change has been made on our internal release infrastructure. Closing for now but please keep it pinned until after the next release. @toothrot @dmitshur @cagedmantis

andybons

comment created time in 3 months

issue openedgolang/go

all: change macOS package/binary identifiers to org.golang.*

On macOS, we are updating our Go package identifier namespace from com.googlecode.* to org.golang.*. If your infrastructure relies on our installer having a specific identifier, you should use the new value starting with 1.12.14 and 1.13.5, which have yet to be released.

In addition, we are updating our binaries to have identifiers as well, primarily to help with logging. Any binaries in the distribution will have the identifier of org.golang.{binary name}. For example, the go command will have the identifier org.golang.go with /pkg/tool/darwin_amd64/compile having the identifier org.golang.compile.

This is a small piece of housekeeping that came up during our efforts to ensure we comply with Apple's notarization requirements. Google Code no longer exists, so it is more appropriate for us to use a more accurate identifier moving forward.

Placing in the Unreleased milestone but this affects every future release (creating a separate issue for each milestone seemed like overkill).

created time in 3 months

pull request commentstripe-samples/checkout-subscription-and-add-on

Go server updates

Yay thanks, @adreyfus-stripe! Hope my lack of context in the suggestions or comments came off poorly. Sometimes I forget to say why I'm suggesting changes.

adreyfus-stripe

comment created time in 3 months

Pull request review commentstripe-samples/checkout-subscription-and-add-on

Go server updates

 func handlePublicKey(w http.ResponseWriter, r *http.Request) { 	}) } -func handleGetCheckoutSession(w http.ResponseWriter, r *http.Request) {+func handleCheckoutSession(w http.ResponseWriter, r *http.Request) { 	if r.Method != "GET" { 		http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed) 		return 	} -	keys, ok := r.URL.Query()["sessionId"]+	id := r.FormValue("sessionId") 
adreyfus-stripe

comment created time in 3 months

Pull request review commentstripe-samples/checkout-subscription-and-add-on

Go server updates

 func handlePublicKey(w http.ResponseWriter, r *http.Request) { 	}) } -func handleGetCheckoutSession(w http.ResponseWriter, r *http.Request) {+func handleCheckoutSession(w http.ResponseWriter, r *http.Request) { 	if r.Method != "GET" { 		http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed) 		return 	} -	keys, ok := r.URL.Query()["sessionId"]+	id := r.FormValue("sessionId") -    if !ok || len(keys[0]) < 1 {-        log.Println("CheckoutSession ID is missing from URL", r.URL.Query())-        return-    }+	if id == "" {+		log.Println("CheckoutSession ID is missing from URL", r.URL.Query())+		http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)+		return+	}  	// Fetch the CheckoutSession object from your success page 	// to get details about the order-	session, _ := session.Get(-		keys[0],-		nil,-	)+	session, err := session.Get(id, nil)++	if err != nil {+		log.Println("An error happened when getting the CheckoutSession "+id+" from Stripe:", err)
		log.Printf("An error happened when getting the CheckoutSession %q from Stripe: %v", id, err)
adreyfus-stripe

comment created time in 3 months

Pull request review commentstripe-samples/checkout-subscription-and-add-on

Go server updates

 func handlePublicKey(w http.ResponseWriter, r *http.Request) { 	}) } -func handleGetCheckoutSession(w http.ResponseWriter, r *http.Request) {+func handleCheckoutSession(w http.ResponseWriter, r *http.Request) { 	if r.Method != "GET" { 		http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed) 		return 	} -	keys, ok := r.URL.Query()["sessionId"]+	id := r.FormValue("sessionId") -    if !ok || len(keys[0]) < 1 {-        log.Println("CheckoutSession ID is missing from URL", r.URL.Query())-        return-    }+	if id == "" {+		log.Println("CheckoutSession ID is missing from URL", r.URL.Query())+		http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)+		return+	}  	// Fetch the CheckoutSession object from your success page 	// to get details about the order-	session, _ := session.Get(-		keys[0],-		nil,-	)+	session, err := session.Get(id, nil)+
adreyfus-stripe

comment created time in 3 months

Pull request review commentstripe-samples/checkout-subscription-and-add-on

Go server updates

 func handlePublicKey(w http.ResponseWriter, r *http.Request) { 	}) } -func handleGetCheckoutSession(w http.ResponseWriter, r *http.Request) {+func handleCheckoutSession(w http.ResponseWriter, r *http.Request) { 	if r.Method != "GET" { 		http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed) 		return 	} -	keys, ok := r.URL.Query()["sessionId"]+	id := r.FormValue("sessionId") -    if !ok || len(keys[0]) < 1 {-        log.Println("CheckoutSession ID is missing from URL", r.URL.Query())-        return-    }+	if id == "" {+		log.Println("CheckoutSession ID is missing from URL", r.URL.Query())+		http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)+		return+	}  	// Fetch the CheckoutSession object from your success page 	// to get details about the order-	session, _ := session.Get(-		keys[0],+	session, err := session.Get(+		id, 		nil, 	) +	if err != nil {+		log.Println("An error happened when getting the CheckoutSession from Stripe", id)

Print the error as well?

adreyfus-stripe

comment created time in 3 months

Pull request review commentstripe-samples/checkout-subscription-and-add-on

Go server updates

 func handlePublicKey(w http.ResponseWriter, r *http.Request) { 	}) } -func handleGetCheckoutSession(w http.ResponseWriter, r *http.Request) {+func handleCheckoutSession(w http.ResponseWriter, r *http.Request) { 	if r.Method != "GET" { 		http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed) 		return 	} -	keys, ok := r.URL.Query()["sessionId"]+	id := r.FormValue("sessionId") -    if !ok || len(keys[0]) < 1 {-        log.Println("CheckoutSession ID is missing from URL", r.URL.Query())-        return-    }+	if id == "" {+		log.Println("CheckoutSession ID is missing from URL", r.URL.Query())+		http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest)+		return+	}  	// Fetch the CheckoutSession object from your success page 	// to get details about the order-	session, _ := session.Get(-		keys[0],+	session, err := session.Get(+		id,

Put this all on one line?

adreyfus-stripe

comment created time in 3 months

pull request commentstripe-samples/checkout-subscription-and-add-on

Add a server example written in Go

SGTM. Happy to review just mention me.

andybons

comment created time in 3 months

pull request commentstripe-samples/checkout-subscription-and-add-on

Add a server example written in Go

Also I’m happy to put together a PR for the changes above. Just let me know.

andybons

comment created time in 3 months

Pull request review commentstripe-samples/checkout-subscription-and-add-on

Add a server example written in Go

 func handlePublicKey(w http.ResponseWriter, r *http.Request) { 	}) } +func handleGetCheckoutSession(w http.ResponseWriter, r *http.Request) {+	if r.Method != "GET" {+		http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)+		return+	}++	keys, ok := r.URL.Query()["sessionId"]++    if !ok || len(keys[0]) < 1 {+        log.Println("CheckoutSession ID is missing from URL", r.URL.Query())+        return+    }

the formatting looks like this file wasn’t run through gofmt.

andybons

comment created time in 3 months

Pull request review commentstripe-samples/checkout-subscription-and-add-on

Add a server example written in Go

 func handlePublicKey(w http.ResponseWriter, r *http.Request) { 	}) } +func handleGetCheckoutSession(w http.ResponseWriter, r *http.Request) {+	if r.Method != "GET" {+		http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)+		return+	}++	keys, ok := r.URL.Query()["sessionId"]++    if !ok || len(keys[0]) < 1 {+        log.Println("CheckoutSession ID is missing from URL", r.URL.Query())+        return+    }++	// Fetch the CheckoutSession object from your success page+	// to get details about the order+	session, _ := session.Get(

the error isn’t handled here.

andybons

comment created time in 3 months

Pull request review commentstripe-samples/checkout-subscription-and-add-on

Add a server example written in Go

 func handlePublicKey(w http.ResponseWriter, r *http.Request) { 	}) } +func handleGetCheckoutSession(w http.ResponseWriter, r *http.Request) {+	if r.Method != "GET" {+		http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)+		return+	}++	keys, ok := r.URL.Query()["sessionId"]

key := r.FormValue("sessionId")

it will be an empty string it it can’t find it. https://pkg.go.dev/net/http/?tab=doc#Request.FormValue

andybons

comment created time in 3 months

Pull request review commentstripe-samples/checkout-subscription-and-add-on

Add a server example written in Go

 func handlePublicKey(w http.ResponseWriter, r *http.Request) { 	}) } +func handleGetCheckoutSession(w http.ResponseWriter, r *http.Request) {+	if r.Method != "GET" {+		http.Error(w, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)+		return+	}++	keys, ok := r.URL.Query()["sessionId"]++    if !ok || len(keys[0]) < 1 {+        log.Println("CheckoutSession ID is missing from URL", r.URL.Query())

Put http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) as well? It will return a 200 status code in its current state.

andybons

comment created time in 3 months

Pull request review commentstripe-samples/checkout-subscription-and-add-on

Add a server example written in Go

 func main() { 	stripe.Key = os.Getenv("STRIPE_SECRET_KEY")  	http.Handle("/", http.FileServer(http.Dir(os.Getenv("STATIC_DIR"))))+	http.HandleFunc("/checkout-session", handleGetCheckoutSession)

to be consistent with the other handlers, I would replace handleGetCheckoutSession with handleCheckoutSession

andybons

comment created time in 3 months

issue closedgolang/go

cmd/link: keep MacOS binaries compatible with Apple Notary

Review this before each release, as the required SDK value will eventually change.

The minimum SDK is given by a pair of constant expressions, last seen at: https://github.com/golang/go/tree/master/src/cmd/link/internal/ld/macho.go#L418

// The version must be at least 10.9; see golang.org/issues/30488.
ml := newMachoLoad(ctxt.Arch, LC_VERSION_MIN_MACOSX, 2)
ml.data[0] = 10<<16 | 9<<8 | 0<<0 // OS X version 10.9.0
ml.data[1] = 10<<16 | 9<<8 | 0<<0 // SDK 10.9.0

See also https://developer.apple.com/documentation/security/notarizing_your_app_before_distribution/resolving_common_notarization_issues

Originally raised in #30488

closed time in 3 months

networkimprov

issue commentgolang/go

cmd/link: keep MacOS binaries compatible with Apple Notary

As we need to notarize every toolchain release and all toolchain binaries except for the go command are built using the internal linker, we’ll notice problems there quicker than we will by checking this issue during every release cycle. We have plans to do nightly notarization checks to catch issues, but that is being tracked internally as we’re using internal-only infrastructure (we need access to certain private Apple certs/keys).

Closing as binaries created by the current toolchain have the correct Mach-O header values for notarization. If new problems arise, we’ll create a new issue for them.

Thanks

networkimprov

comment created time in 3 months

issue commentgolang/go

proposal: flag: support comma-separated flag aliasing

Can you please use actual code snippets and not images? Images are a far less accessible medium for representing code.

turtletowerz

comment created time in 3 months

issue commentgolang/go

x/build/cmd/coordinator: gomote create doesn't work with older gomote clients

While not to derail this specific issue, testing and documentation are becoming more of a priority now that there are three additional people focused primarily on this codebase and changing things is very scary at the moment. Even if it comes at the cost of lower velocity in other areas.

andybons

comment created time in 3 months

pull request commentstripe-samples/checkout-subscription-and-add-on

Add a server example written in Go

I have no idea if you’re accepting PRs or even if the Stripe CLI config supports Go but I had to implement this workflow recently and the examples here were a really great starting point for me. Great work, @adreyfus-stripe!

Feel free to close out if you’re not accepting PRs or just don’t have the time to review. No expectations :)

andybons

comment created time in 3 months

issue commentgolang/go

x/build/cmd/coordinator: gomote create doesn't work with older gomote clients

Was there a regression test?

andybons

comment created time in 3 months

issue closedgolang/go

x/build/cmd/gomote: get error creating macOS buildlet but farmer shows it was created

$ gomote create darwin-amd64-10_10
Error running create: failed to create buildlet: buildlet: failed to create remote buildlet; unexpected missing name in response
$ gomote list
user-andybons-darwin-amd64-10_10-0	darwin-amd64-10_10	host-darwin-10_10	expires in 26m11.407191056s

@dmitshur @cagedmantis @bradfitz @toothrot

closed time in 3 months

andybons

issue commentgolang/go

x/build/cmd/gomote: get error creating macOS buildlet but farmer shows it was created

Ah that did it. Thanks, Brad!

andybons

comment created time in 3 months

issue openedgolang/go

x/build/cmd/gomote: get error creating macOS buildlet but farmer shows it was created

$ gomote create darwin-amd64-10_10
Error running create: failed to create buildlet: buildlet: failed to create remote buildlet; unexpected missing name in response
$ gomote list
user-andybons-darwin-amd64-10_10-0	darwin-amd64-10_10	host-darwin-10_10	expires in 26m11.407191056s

@dmitshur @cagedmantis @bradfitz @toothrot

created time in 3 months

push eventandybons/checkout-subscription-and-add-on

Andrew Bonventre

commit sha 6b43577c6ab851dc2a5642f2025ce54b088c4aa2

Add Go server example

view details

push time in 3 months

create barnchandybons/checkout-subscription-and-add-on

branch : goimpl

created branch time in 3 months

issue commentgolang/go

cmd/go: go binary not specifying macOS base SDK version causing warning in codesign validation

Confirmed that a toolchain built using the new 10.15 builder with Xcode installed and no changes to the min deployment target gets rid of the warning from codesign when validating the go command.

$ codesign -dvv go/bin/go
Executable=/private/tmp/go/bin/go
Identifier=go
Format=Mach-O thin (x86_64)
CodeDirectory v=20500 size=116526 flags=0x10000(runtime) hashes=3636+2 location=embedded
Signature size=9063
Authority=Developer ID Application: Andrew Bonventre (USS93J4HN5)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Nov 21, 2019 at 7:35:42 PM
Info.plist=not bound
TeamIdentifier=USS93J4HN5
Runtime Version=10.15.0
Sealed Resources=none
Internal requirements count=1 size=164

The issue may or may not affect notarization, since the min SDK version is still being set to 10.10 for the go command no matter what builder we’re using (I was misreading the Mach-O header values above) and the minimum for notarization is 10.9. Also, the notarization service is currently not reporting any errors or warnings with the go binary if it’s signed, has a secure timestamp, and has the hardened runtime enabled. Whether the notarization service would throw an error with the old SDK values is up for speculation, but it’s better to be safe than sorry.

It may be fine to leave the target SDK version at the default (10.10) and not set it explicitly, but I worry about defaults changing down the road.

andybons

comment created time in 3 months

issue commentgolang/go

x/build/cmd/gomote: 502 Bad Gateway error

My comment was a local issue. Sorry for the spam.

hyangah

comment created time in 3 months

issue commentgolang/go

x/build/cmd/gomote: 502 Bad Gateway error

Error: 502 Bad Gateway; body: (golang.org/issue/28365): gomote proxy error: Get http://macstadium_host04a/tgz?dir=pkg&pargzip=0: EOF

hyangah

comment created time in 3 months

IssuesEvent

issue commentgolang/go

all: ensure that Go toolchain meets Apple’s notarization requirements [1.12 backport]

Yay https://github.com/golang/go/issues/29599

gopherbot

comment created time in 3 months

issue commentgolang/go

all: ensure that Go toolchain meets Apple’s notarization requirements [1.12 backport]

Notarization is failing due to testdata present in vendored packages in 1.12. Since we moved to go mod vendor in 1.13, which does not include _test.go files or testdata folders, we have to make a 1.12-specific change that will emulate what go mod vendor would have done.

gopherbot

comment created time in 3 months

issue commentgolang/go

all: ensure that Go toolchain meets Apple’s notarization requirements

@gopherbot please open a backport for 1.12 and 1.13 since otherwise Apple will reject future point releases of those versions

artyom

comment created time in 3 months

issue closedgolang/go

x/build: trybot-result-changers Gerrit group doesn't allow removing TryBot-Result votes

I am a member of this group, yet I can't remove TryBot-Result votes right now. E.g.:

This is needed to be able to force a trybot re-run.

closed time in 3 months

dmitshur

issue commentgolang/go

proposal: review meeting minutes

2019-11-20 / @andybons, @bradfitz, @griesemer, @ianlancetaylor, @rsc

  • #34409 cmd/doc: add "// Unstable:" prefix convention
    • commented
  • #34707 cmd/go: add go test -long
    • retitled
    • likely decline; last call for comments
  • #35699 cmd/go: add go cli version to the User-Agent string
    • commented
  • #35258 cmd/go: add simplify (-s) flag from gofmt to go fmt
    • likely decline; last call for comments
  • #35283 cmd/go: allow replace directives in go.mod to work for standard libraries
    • likely decline; last call for comments
  • #29062 cmd/go: fail tests that invoke os.Exit(0) explicitly
    • discussion ongoing
  • #31064 cmd/vet: require explicit variable shadowing
    • likely decline; last call for comments
  • #20544 crypto/ecdsa: add SignASN1, VerifyASN1
    • likely accept; last call for comments
  • #34293 go docs in diverse formats like json instead of just plain text
    • commented
  • #34680 html/template: add ability to modify FuncMap after template parse
    • commented
  • #34502 net: add BufferedPipe (buffered Pipe)
    • discussion ongoing
  • #29678 net: add MarshalText/UnmarshalText to HardwareAddr
    • discussion ongoing
  • #33701 runtime/pprof: add new WithLabels* function that requires fewer allocations
    • placed on hold
  • #34681 syscall: define Windows O_ALLOW_DELETE for use in os.OpenFile
    • commented
  • #34698 time: Long/Short day and month names should start with Upper case to allow customization
    • likely decline; last call for comments
  • #34684 unsafe: clarify unsafe.Pointer rules for package syscall
    • discussion ongoing
rsc

comment created time in 3 months

issue commentgolang/go

x/mobile: bind framework not found by Xcode

@eliasnaur

pontusntengnas

comment created time in 3 months

issue commentgolang/go

crypto/x509: multi-value RDN sequence is not properly DER-ordered

@FiloSottile given this comment:

it's not a small enough change to push during the Go 1.13 code freeze.

I would assume this remains true for the 1.14 code freeze. Should this be pushed to 1.15 and marked early-in-cycle?

mrogers950

comment created time in 3 months

fork andybons/checkout-subscription-and-add-on

Uses Stripe Checkout to create a payment page that starts a subscription for a new customer.

fork in 3 months

push eventandybons/propnotes

Andrew Bonventre

commit sha ca1a3826e388b099844eb9f7f7a04f5f23056ba9

Save to localStorage

view details

push time in 3 months

issue commentgolang/go

net/http: Shutdown may lose an active connection

Hm. I didn’t notice that. Will remove release-blocker for now pending more context from @FiloSottile.

monkey92t

comment created time in 3 months

issue commentgolang/go

cmd/compile: invalid memory address or nil pointer dereference in gc.convlit1

@randall77 @griesemer @josharian @mdempsky @martisch

zikaeroh

comment created time in 3 months

issue closedgolang/go

encoding/json: map[string]interface performance

<!-- Please answer these questions before submitting your issue. Thanks! -->

What version of Go are you using (go version)?

<pre> go version go1.13.4 linux/amd64

</pre>

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

<details><summary><code>go env</code> Output</summary><br><pre> GOARCH="amd64" GOBIN="" GOCACHE="/home/ploffay/.cache/go-build" GOEXE="" GOFLAGS="" GOHOSTARCH="amd64" GOHOSTOS="linux" GOOS="linux" GOPATH="/home/ploffay/projects/golang" GOPROXY="" GORACE="" GOROOT="/home/ploffay/bin/go" GOTMPDIR="" GOTOOLDIR="/home/ploffay/bin/go/pkg/tool/linux_amd64" GCCGO="gccgo" CC="gcc" CXX="g++" CGO_ENABLED="1" GOMOD="" CGO_CFLAGS="-g -O2" CGO_CPPFLAGS="" CGO_CXXFLAGS="-g -O2" CGO_FFLAGS="-g -O2" CGO_LDFLAGS="-g -O2" PKG_CONFIG="pkg-config" GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build014168030=/tmp/go-build -gno-record-gcc-switches" </pre></details>

What did you do?

Benchmark JSON marshaling and unmarshaling for encoding/json, gojay, jsoninter, fastjson. The performance of stdlib is overall similar to other 3rd party libraries. However, marshaling produces substantially more allocations than gojay library for map[string]interface{} and two times ns/op.

For unmarshaling the allocations by gojay are 30% lower (my number not amount) and ns/op half time of stdlib.

marshaling:

GOMAXPROCS=1 go test -bench=Marshal -test.benchtime=3s -benchmem -cpuprofile profile_cpu.out ./pkg/jsontest
goos: linux
goarch: amd64
pkg: json-benchmark/pkg/jsontest
BenchmarkMarshalStdlib/default.json        	  558175	      5728 ns/op	    1536 B/op	       1 allocs/op
BenchmarkMarshalStdlib/default-unicode.json         	  768222	      4183 ns/op	    1024 B/op	       1 allocs/op
BenchmarkMarshalStdlib/default-tagmap.json          	  362587	      8962 ns/op	    2752 B/op	      37 allocs/op

BenchmarkMarshalGojay/default.json         	  516730	      6654 ns/op	    4240 B/op	       9 allocs/op
BenchmarkMarshalGojay/default-unicode.json 	  904315	      3617 ns/op	    1808 B/op	       8 allocs/op
BenchmarkMarshalGojay/default-tagmap.json  	  802406	      4899 ns/op	    2607 B/op	       8 allocs/op

BenchmarkMarshalJsoniter/default.json               	  499992	      6932 ns/op	    1800 B/op	       6 allocs/op
BenchmarkMarshalJsoniter/default-unicode.json       	  612794	      5121 ns/op	    1288 B/op	       6 allocs/op
BenchmarkMarshalJsoniter/default-tagmap.json        	  245335	     13910 ns/op	    7930 B/op	      50 allocs/op

unmarshaling

GOMAXPROCS=4 go test -bench=Unmarshal -test.benchtime=3s -benchmem -cpuprofile profile_cpu.out ./pkg/jsontest
goos: linux
goarch: amd64
pkg: json-benchmark/pkg/jsontest
BenchmarkUnmarshalStdlib/default.json-4           	  123186	     29579 ns/op	    1520 B/op	      73 allocs/op
BenchmarkUnmarshalStdlib/default-unicode.json-4   	  158065	     21486 ns/op	    1136 B/op	      53 allocs/op
BenchmarkUnmarshalStdlib/default-tagmap.json-4    	  146869	     21530 ns/op	    2192 B/op	      95 allocs/op

BenchmarkUnmarshalGojay/default.json-4            	  194344	     18322 ns/op	    9983 B/op	      75 allocs/op
BenchmarkUnmarshalGojay/default-unicode.json-4    	  285207	     11772 ns/op	    6932 B/op	      49 allocs/op
BenchmarkUnmarshalGojay/default-tagmap.json-4     	  287793	     12263 ns/op	    5470 B/op	      61 allocs/op

BenchmarkUnmarshalJsoninter/default.json-4        	  379986	      8116 ns/op	    1184 B/op	      76 allocs/op
BenchmarkUnmarshalJsoninter/default-unicode.json-4         	  571060	      5947 ns/op	     816 B/op	      56 allocs/op
BenchmarkUnmarshalJsoninter/default-tagmap.json-4          	  523004	      6824 ns/op	    1456 B/op	      85 allocs/op

BenchmarkUnmarshalFastjson/default.json-4         	  161304	     20712 ns/op	   29440 B/op	     158 allocs/op
BenchmarkUnmarshalFastjson/default-unicode.json-4 	  251964	     13733 ns/op	   16160 B/op	     115 allocs/op
BenchmarkUnmarshalFastjson/default-tagmap.json-4  	  332452	      9770 ns/op	   14416 B/op	      54 allocs/op

Benchmarks and results are here https://github.com/pavolloffay/golang-json-benchmark

What did you expect to see?

encoding/json the same performance as https://github.com/francoispqt/gojay

What did you see instead?

encoding/json is slower than https://github.com/francoispqt/gojay for marshaling map[string]interface{} and for unmarshaling it produces more allocations and is 2 times slower on ns/op.

closed time in 3 months

pavolloffay

issue commentgolang/go

encoding/json: map[string]interface performance

Closing as this doesn’t seem actionable.

pavolloffay

comment created time in 3 months

issue commentgolang/go

cmd/go: GOFLAGS=-mod=vendor affects result of `go list -m all`

@bcmills @jayconrod

pohly

comment created time in 3 months

issue closedgolang/go

pkg.go.dev: displays root package readme on sub-package page

What did you do?

Viewed @stellar's Ticker service package at https://pkg.go.dev/github.com/stellar/go/services/ticker?tab=overview which is a package inside our monorepo that is a web service that has its own readme file.

What did you expect to see?

I expected to see the readme file for the Ticker service's package, in the same way that other services like GitHub display the readme for the current package being viewed, https://github.com/stellar/go/tree/master/services/ticker.

Screen Shot 2019-11-14 at 10 56 26 AM

What did you see instead?

The readme for the root package of the module, which is confusing and unintuitive.

Screen Shot 2019-11-14 at 10 54 45 AM

closed time in 3 months

leighmcculloch

issue commentgolang/go

pkg.go.dev: displays root package readme on sub-package page

Thanks for the issue, but we are not currently tracking issues for pkg.go.dev here.

Per https://go.dev/about:

Sharing feedback / Reporting an issue On the footer of every page there are two links, “Share Feedback” and “Report an issue”. These links will enable you to capture a screenshot of the page you are on, annotate that screenshot, and then send this directly to the go.dev team.

Or you can send your bugs, ideas, feature requests and questions to go-discovery-feedback@google.com.

leighmcculloch

comment created time in 3 months

issue closedgolang/go

pkg.go.dev: known licenses are not recognised and the site misrepresents license status of packages

Note that I am aware that #35570 exists, however the method for providing feedback there is broken in that it will not work with firefox. Nor does it allow AFAICS nuanced conversation of issues, so I am reporting here.

It appears that the license recognition code used by pkg.go.dev has an unfortunately high false positive rate. Packages such as gonum.org/v1/gonum and modernc.org/cc, both of which have BSD-3-clause licenses (here and here) (note also that while the source code link for modernc.org/cc is provided on the overview at pkg.go.dev, even that is missing for the Gonum page).

This harms the packages where this happens by failing to present them to users and misrepresents the licensability of the packages potentially harming them by causing potential users to move on to other packages where the license is accepted.

Note also that it arguably does not properly cover the owner of go.dev since other packages that import and reflect the APIs of these lost packages may be rendered. For example k8s.io/kubernetes/pkg/controller/garbagecollector imports Gonum packages but does not present the Gonum license (and in fact shows the wrong license). In a clearer example, github.com/openshift/origin vendors a number of Gonum packages and pkg.go.dev thus misrepresents the license for openshift/origin by only showing the Apache license in its LICENSE file (and also in the search results).

closed time in 3 months

kortschak

issue commentgolang/go

pkg.go.dev: known licenses are not recognised and the site misrepresents license status of packages

Thanks for the issue. We are working to address the feedback widget issues on Firefox and we’re working to improve our license classification.

Please email go-discovery-feedback@google.com, as issues for pkg.go.dev are not tracked in this repository. I understand the desire to have an open, nuanced conversation, but it’s difficult to do so given the legal considerations surrounding licensing more generally. The moderators on that list are responsive and will do what they can to help.

Thanks for your patience on this.

kortschak

comment created time in 3 months

issue commentgolang/go

gollvm: undefined reference to C functions

@cherrymui @thanm

heylinn

comment created time in 3 months

issue commentgolang/go

runtime: unexpected return pc for runtime.(*mheap).alloc

@randall77 what do you think? Should this block the beta coming up in December?

mvdan

comment created time in 3 months

issue commentgolang/go

cmd/link: keep MacOS binaries compatible with Apple Notary

@thanm I don't believe so. For the internal linker, we're all set. For the external linker (cgo binaries), users can specify the right flag using CGO_CFLAGS when compiling. We're discussing on #35459 what to do for the go command specifically.

networkimprov

comment created time in 3 months

issue commentgolang/go

net/http/httputil: ReverseProxy - websocket connections cannot be canceled

@bradfitz @mikioh

piec

comment created time in 3 months

issue closedgolang/go

pkg.go.dev: recognize additional permissive licenses

pkg.go.dev looks great but unfortunately much of the software I write and consume is licensed under one of two permissive licenses -- the ISC License and Blue Oak Model License -- and the site refuses to display anything about these modules presumably because it does not recognize the licenses. For example, check these repos:

https://github.com/jrick/wsrpc

https://github.com/decred/cspp

That last repo is also an interesting case, because it contains internal packages copied from the Go project, which do not share the same license as the rest of the module. The Go BSD-style license was copied into the appropriate package directories, but there may need to be more sophisticated license detection and representation features on the pkg.go.dev site (as well as future license reporting added to the go tool?).

closed time in 3 months

jrick

issue commentgolang/go

pkg.go.dev: recognize additional permissive licenses

Thanks for the note.

Please see https://pkg.go.dev/license-policy for more information and a method to provide feedback.

jrick

comment created time in 3 months

issue commentgolang/go

proposal: review meeting minutes

2019-11-13 / @andybons, @bradfitz, @griesemer, @ianlancetaylor, @rsc

  • #35283 cmd/go: allow replace directives in go.mod to work for standard libraries
    • commented
    • likely decline; last call for comments
  • #34877 cmd/go: be consistent about not giving tests direct access to the terminal
    • commented
    • likely decline; last call for comments
  • #35192 cmd/go: default to -buildmode=pie on Windows
    • no change in consensu; accepted 🎉
  • #29062 cmd/go: fail tests that invoke os.Exit(0) explicitly
    • commented
  • #34701 encoding/json: new MarshalAppender interface to make custom marshallers more efficient
    • commented
    • no change in consensus; declined
  • #34293 go docs in diverse formats like json instead of just plain text
    • commented
  • #34680 html/template: add ability to modify FuncMap after template parse
    • commented
  • #34502 net: add BufferedPipe (buffered Pipe)
    • discussion ongoing
  • #29678 net: add MarshalText/UnmarshalText to HardwareAddr
    • discussion ongoing
  • #35305 net: prefer /etc/hosts over DNS when no /etc/nsswitch.conf is present
    • likely accept; last call for comments
  • #34855 net/url: add URL.Redacted to return password-free string
    • commented
    • no change in consensus; accepted 🎉
  • #32558 os: allow Chtimes with time.Time{} to avoid setting time
    • commented
    • likely accept; last call for comments
  • #34313 runes: create new package analogous to bytes, for rune slices
    • no change in consensus; declined
  • #33701 runtime/pprof: add new WithLabels* function that requires fewer allocations
    • waiting for information
  • #6977 spec: allow embedding overlapping interfaces
    • no change in consensus; accepted 🎉
  • #34409 cmd/doc: add "// Unstable:" prefix convention
    • retitled
    • commented
  • #34681 syscall: define Windows O_ALLOW_DELETE for use in os.OpenFile
    • commented
  • #34684 unsafe: clarify unsafe.Pointer rules for package syscall
    • discussion ongoing
rsc

comment created time in 3 months

issue commentgolang/go

cmd/go: go binary not specifying min macOS SDK version (needs 10.9)

@ianlancetaylor for cgo.

It may be OK to specify the MACOSX_DEPLOYMENT_TARGET env var when building the toolchain only and not for every cgo binary.

andybons

comment created time in 3 months

issue commentgolang/go

cmd/go: go binary not specifying min macOS SDK version (needs 10.9)

The fact that the SDK isn’t specified in the Mach-O headers makes me wonder if the xcode toolchain we’re using to compile cgo binaries at release time may need to be updated. When I build the toolchain on a darwin-amd64-10_11 machine, I get the same results, while when I build the toolchain locally, I get:

$ otool -l ../bin/go | grep -B1 -A3 MIN_MAC
Load command 5
      cmd LC_VERSION_MIN_MACOSX
  cmdsize 16
  version 10.10
      sdk 10.15

When running xcode-select -p on the gomote builder I get /Library/Developer/CommandLineTools while when I run it locally, I get /Applications/Xcode.app/Contents/Developer. It may be that without the full Xcode install, we won’t get the SDK version set because we don’t have the SDK installed. Yay.

@cagedmantis @toothrot @dmitshur.

andybons

comment created time in 3 months

issue commentgolang/go

cmd/go: go binary not specifying min macOS SDK version (needs 10.9)

It seems that we want to specify the -mmacosx-version-min when compiling the go binary.

#18400 is related.

andybons

comment created time in 3 months

issue commentgolang/go

x/net/http2: unable to read DNS responses

@bradfitz @tombergan

albrro

comment created time in 3 months

issue commentgolang/go

x/review: pickup URL specific http.cookieFile from the git config

@josharian @kevinburke

quite

comment created time in 3 months

create barnchandybons/cryptopals

branch : master

created branch time in 3 months

created repositoryandybons/cryptopals

🔒🔑

created time in 3 months

issue closedgolang/go

x/build/cmd/gerritbot: add magic comment or label to pause Gerritbot on a PR

When I want to take over a CL in Gerrit, I can forge the author and work in peace.

If I want to take over a CL in Gerrit that originated from Gerritbot, I need to race and get my change +2'ed and submitted before Gerritbot wakes up and overwrites my work.

I'd like to be able to leave a comment or set a label on a GitHub PR to disable Gerritbot for that PR.

/cc @andybons @dmitshur @cagedmantis @bcmills

closed time in 3 months

bradfitz

issue commentgolang/go

x/build/cmd/gerritbot: add magic comment or label to pause Gerritbot on a PR

Duplicate of #24887

bradfitz

comment created time in 3 months

issue openedgolang/go

cmd/go: go binary not specifying min macOS SDK version (needs 10.9)

This is needed to ensure that Apple’s notarization service can check that the go binary is using (at minimum) the 10.9 SDK.

$ codesign -dvv /usr/local/go/bin/go
Executable=/usr/local/go/bin/go
Identifier=go
Format=Mach-O thin (x86_64)
CodeDirectory v=20200 size=116482 flags=0x0(none) hashes=3636+2 location=embedded
Library validation warning=OS X SDK version before 10.9 does not support Library Validation
Signature size=9042
Authority=Developer ID Application: Google, Inc. (EQHXZ8M8AV)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Oct 31, 2019 at 7:23:46 PM
Info.plist=not bound
TeamIdentifier=EQHXZ8M8AV
Sealed Resources=none
Internal requirements count=1 size=164

Notice Library validation warning=OS X SDK version before 10.9 does not support Library Validation

The SDK is not properly specified in the go binary:

$ otool -l /usr/local/go/bin/go | grep -B1 -A3 MIN_MACOS
Load command 5
      cmd LC_VERSION_MIN_MACOSX
  cmdsize 16
  version 10.10
      sdk n/a

All other binaries built with the toolchain have the correct values:

$ otool -l /usr/local/go/pkg/tool/darwin_amd64/vet | grep -B1 -A3 MIN_MACOS
Load command 5
      cmd LC_VERSION_MIN_MACOSX
  cmdsize 16
  version 10.9
      sdk 10.9

The fix for this will likely need to be backported. Hopefully it’s simple. 🤞

Related issues:

  • #30488
  • #31918
  • #34986

created time in 3 months

issue commentgolang/go

proposal: review meeting minutes

2019-11-06 / @andybons, @bradfitz, @griesemer, @ianlancetaylor, @rsc

  • #34877 cmd/go: be consistent about not giving tests direct access to the terminal
    • discussion ongoing
  • #29062 cmd/go: fail tests that invoke os.Exit(0) explicitly
    • commented
  • #35192 cmd/go: default to -buildmode=pie on Windows
    • retitled
    • commented
    • likely accept; last call for comments
  • #34313 create a package runes with functionality similar to bytes to work with rune slices
    • commented
    • likely decline; last call for comments
  • #33323 create contribution guidelines for technical writers
    • closed as done
  • #34701 encoding/json: new MarshalAppender interface to make custom marshallers more efficient
    • commented
    • likely decline; last call for comments
  • #34293 go docs in diverse formats like json instead of just plain text
    • commented
  • #34680 html/template: add ability to modify FuncMap after template parse
    • retitled
    • commented
  • #34502 net: add BufferedPipe (buffered Pipe)
    • discussion ongoing
  • #29678 net: add MarshalText/UnmarshalText to HardwareAddr
    • commented
  • #35305 net: prefer /etc/hosts over DNS when no /etc/nsswitch.conf is present
    • retitled
    • commented
  • #34855 net/url: add URL.Redacted to return password-free string
    • commented
    • likely accept; last call for comments
  • #35150 os, syscall: CreateFile() needs FILE_SHARE_*
    • commented
  • #33701 runtime/pprof: add new WithLabels* function that requires fewer allocations
    • commented
  • #6977 spec: allow embedding overlapping interfaces
    • commented
    • likely accept; last call for comments
  • #34681 syscall: define Windows O_ALLOW_DELETE for use in os.OpenFile
    • commented
  • #28592 testing: add -shuffle and -shuffleseed to shuffle tests
    • no final comments; accepted 🥳
  • #34684 unsafe: clarify unsafe.Pointer rules for package syscall
    • retitled
    • commented
rsc

comment created time in 4 months

issue commentgolang/go

Bad .asc signatures for go{1.12.13,1.13.4}.darwin-amd64.tar.gz

@jeffreytolar great!

jeffreytolar

comment created time in 4 months

issue closedgolang/go

Bad .asc signatures for go{1.12.13,1.13.4}.darwin-amd64.tar.gz

What version of Go are you using (go version)?

n/a - this relates to downloading the Darwin release tarballs for 1.12.13 and 1.13.4

Does this issue reproduce with the latest release?

yes

What operating system and processor architecture are you using (go env)?

n/a

What did you do?

As part of our internal mirroring of Go release tarballs, we check the signatures as detailed in https://github.com/golang/go/issues/14739. This process failed for the newly released go1.12.13.darwin-amd64.tar.gz and go1.13.4.darwin-amd64.tar.gz; here's a quick script to reproduce:

#!/bin/bash

set -e

file=$1
gpghome=$(mktemp -d)
trap '[[ -d "$gpghome" ]] && rm -rf "$gpghome"' EXIT

rm -f "$file" "$file.asc"
curl -s --remote-name-all "https://dl.google.com/go/$file"{,.asc}
curl -s 'https://dl.google.com/dl/linux/linux_signing_key.pub' | gpg --homedir "$gpghome" --import
gpg --homedir "$gpghome" --verify "$file.asc" "$file"

(run as bash go-verify go1.13.4.darwin-amd64.tar.gz)

What did you expect to see?

A valid signature when running the above script for go1.12.13.darwin-amd64.tar.gz and go1.13.4.darwin-amd64.tar.gz

Checking the Linux tarballs for 1.12.13 and 1.13.4 both result in good signatures, and the Darwin tarballs for 1.12.12 and 1.13.3 both have good signatures as well; as an example:

$ bash go-verify go1.12.12.darwin-amd64.tar.gz
gpg: keybox '/var/folders/v5/svyb92cj4kl63m9x1l040txc0000gn/T/tmp.WwzhdEphpI/pubring.kbx' created
gpg: /var/folders/v5/svyb92cj4kl63m9x1l040txc0000gn/T/tmp.WwzhdEphpI/trustdb.gpg: trustdb created
gpg: key A040830F7FAC5991: public key "Google, Inc. Linux Package Signing Key <linux-packages-keymaster@google.com>" imported
gpg: key 7721F63BD38B4796: 1 signature not checked due to a missing key
gpg: key 7721F63BD38B4796: public key "Google Inc. (Linux Packages Signing Authority) <linux-packages-keymaster@google.com>" imported
gpg: Total number processed: 2
gpg:               imported: 2
gpg: no ultimately trusted keys found
gpg: Signature made Thu Oct 17 17:18:54 2019 CDT
gpg:                using RSA key 6494C6D6997C215E
gpg: Good signature from "Google Inc. (Linux Packages Signing Authority) <linux-packages-keymaster@google.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: EB4C 1BFD 4F04 2F6D DDCC  EC91 7721 F63B D38B 4796
     Subkey fingerprint: 3E50 F6D3 EC27 8FDE B655  C8CA 6494 C6D6 997C 215E

What did you see instead?

$ bash go-verify go1.13.4.darwin-amd64.tar.gz
gpg: keybox '/var/folders/v5/svyb92cj4kl63m9x1l040txc0000gn/T/tmp.sJJEYaZWG3/pubring.kbx' created
gpg: /var/folders/v5/svyb92cj4kl63m9x1l040txc0000gn/T/tmp.sJJEYaZWG3/trustdb.gpg: trustdb created
gpg: key A040830F7FAC5991: public key "Google, Inc. Linux Package Signing Key <linux-packages-keymaster@google.com>" imported
gpg: key 7721F63BD38B4796: 1 signature not checked due to a missing key
gpg: key 7721F63BD38B4796: public key "Google Inc. (Linux Packages Signing Authority) <linux-packages-keymaster@google.com>" imported
gpg: Total number processed: 2
gpg:               imported: 2
gpg: no ultimately trusted keys found
gpg: Signature made Thu Oct 31 18:25:48 2019 CDT
gpg:                using RSA key 6494C6D6997C215E
gpg: BAD signature from "Google Inc. (Linux Packages Signing Authority) <linux-packages-keymaster@google.com>" [unknown]
$ bash go-verify go1.12.13.darwin-amd64.tar.gz
gpg: keybox '/var/folders/v5/svyb92cj4kl63m9x1l040txc0000gn/T/tmp.w2AmgcB3YR/pubring.kbx' created
gpg: /var/folders/v5/svyb92cj4kl63m9x1l040txc0000gn/T/tmp.w2AmgcB3YR/trustdb.gpg: trustdb created
gpg: key A040830F7FAC5991: public key "Google, Inc. Linux Package Signing Key <linux-packages-keymaster@google.com>" imported
gpg: key 7721F63BD38B4796: 1 signature not checked due to a missing key
gpg: key 7721F63BD38B4796: public key "Google Inc. (Linux Packages Signing Authority) <linux-packages-keymaster@google.com>" imported
gpg: Total number processed: 2
gpg:               imported: 2
gpg: no ultimately trusted keys found
gpg: Signature made Thu Oct 31 18:25:33 2019 CDT
gpg:                using RSA key 6494C6D6997C215E
gpg: BAD signature from "Google Inc. (Linux Packages Signing Authority) <linux-packages-keymaster@google.com>" [unknown]

We use golang.org/x/crypto/openpgp for checking signatures as part of the mirroring process; it fails with

could not validate signature for go1.12.13.darwin-amd64.tar.gz: openpgp: invalid signature: hash tag doesn't match

closed time in 4 months

jeffreytolar
more