go_1_10: 1.10 -> 1.10.1, g_1_9: 1.9.4 -> 1.9.5

[andir]

Motivation for this change

This updates go to the latest version of the golang 1.9 & 1.10 branches.
A few minor (but important) things are fixed in this version(s).

Below are the details for the 1.10 changes. Read the commit message for details about the 1.9 changes.

• CVE-2018-7187 - arbitrary code execution in go get (when used with
  --insecure) [1]
• Extended Key Usage verification in client certificate scenarios [3]
• a bunch of stability changes

The full list of changes can se been on GitHub [2] & [4].

[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7187
[2] https://github.com/golang/go/issues?q=milestone%3AGo1.10.1
[3] golang/go#23884
[4] golang/go#24563

Currently running a (re)build of all affected expressions on x86_64-linux.

Things done

• Tested using sandboxing (nix.useSandbox on NixOS, or option build-use-sandbox in nix.conf on non-NixOS)
• Built on platform(s)
  • NixOS
  • macOS
  • other Linux distributions
• Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
• Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
• Tested execution of all binary files (usually in ./result/bin/)
• Fits CONTRIBUTING.md.

---

[GrahamcOfBorg]

Success on x86_64-linux (full log)

Attempted: go_1_10

Partial log (click to expand)

cannot find section .dynamic
cannot find section .dynamic
cannot find section .dynamic
cannot find section .dynamic
cannot find section .dynamic
cannot find section .dynamic
cannot find section .dynamic
cannot find section .dynamic
cannot find section .dynamic
/nix/store/bw0gaaplq0n4yyb7qjd40k6qhwra1c4h-go-1.10.1

[GrahamcOfBorg]

Success on x86_64-darwin (full log)

Attempted: go_1_10

Partial log (click to expand)

ALL TESTS PASSED
---
Installed Go for darwin/amd64 in /nix/store/mq3abn6w0larkrmjsk203x3cp451md4r-go-1.10.1/share/go
Installed commands in /nix/store/mq3abn6w0larkrmjsk203x3cp451md4r-go-1.10.1/share/go/bin
post-installation fixup
strip is /nix/store/0fzpxnsanc02i4jsb1yhchjp4p62b2n3-cctools-binutils-darwin/bin/strip
stripping (with command strip and flags -S) in /nix/store/mq3abn6w0larkrmjsk203x3cp451md4r-go-1.10.1/bin
patching script interpreter paths in /nix/store/mq3abn6w0larkrmjsk203x3cp451md4r-go-1.10.1
/nix/store/mq3abn6w0larkrmjsk203x3cp451md4r-go-1.10.1

[GrahamcOfBorg]

Success on aarch64-linux (full log)

Attempted: go_1_10

Partial log (click to expand)

wrong ELF type
wrong ELF type
wrong ELF type
wrong ELF type
wrong ELF type
wrong ELF type
cannot find section .dynamic
cannot find section .dynamic
cannot find section .dynamic
/nix/store/ndv4qr7zgi0jzbggird9979jzq5y6ia3-go-1.10.1

[andir]

Trying some other packages (to see what the other arches are like)

@GrahamcOfBorg build gopass docker prometheus

[GrahamcOfBorg]

Success on aarch64-linux (full log)

Attempted: gopass, docker, prometheus

Partial log (click to expand)

shrinking /nix/store/qq68fzbkfb0whq738py2hjib7qvvymq8-docker-18.03.0-ce/libexec/docker/dockerd
patching script interpreter paths in /nix/store/qq68fzbkfb0whq738py2hjib7qvvymq8-docker-18.03.0-ce
checking for references to /build in /nix/store/qq68fzbkfb0whq738py2hjib7qvvymq8-docker-18.03.0-ce...
shrinking RPATHs of ELF executables and libraries in /nix/store/n5v5hm0yn1gswqnhm73nsy2rf25iif7d-docker-18.03.0-ce-man
gzipping man pages under /nix/store/n5v5hm0yn1gswqnhm73nsy2rf25iif7d-docker-18.03.0-ce-man/share/man/
patching script interpreter paths in /nix/store/n5v5hm0yn1gswqnhm73nsy2rf25iif7d-docker-18.03.0-ce-man
checking for references to /build in /nix/store/n5v5hm0yn1gswqnhm73nsy2rf25iif7d-docker-18.03.0-ce-man...
/nix/store/whjpf09mxzwv69xralhczgh1vbpxg7ws-gopass-1.6.11-bin
/nix/store/qq68fzbkfb0whq738py2hjib7qvvymq8-docker-18.03.0-ce
/nix/store/q3m8rw4pdninx5wp0g703hr8xc2y0rdz-prometheus-1.8.1-bin

[GrahamcOfBorg]

Success on x86_64-linux (full log)

Attempted: gopass, docker, prometheus

Partial log (click to expand)

shrinking /nix/store/b39yib2lzarb2crdk34zg6ryq5nkhbgd-docker-18.03.0-ce/libexec/docker/dockerd
patching script interpreter paths in /nix/store/b39yib2lzarb2crdk34zg6ryq5nkhbgd-docker-18.03.0-ce
checking for references to /build in /nix/store/b39yib2lzarb2crdk34zg6ryq5nkhbgd-docker-18.03.0-ce...
shrinking RPATHs of ELF executables and libraries in /nix/store/jjkjfljx6l0zvcj3l3v6clf3wdq3m5xz-docker-18.03.0-ce-man
gzipping man pages under /nix/store/jjkjfljx6l0zvcj3l3v6clf3wdq3m5xz-docker-18.03.0-ce-man/share/man/
patching script interpreter paths in /nix/store/jjkjfljx6l0zvcj3l3v6clf3wdq3m5xz-docker-18.03.0-ce-man
checking for references to /build in /nix/store/jjkjfljx6l0zvcj3l3v6clf3wdq3m5xz-docker-18.03.0-ce-man...
/nix/store/49d3i06b6s4fdr894s5ar16mw1vjk2pc-gopass-1.6.11-bin
/nix/store/b39yib2lzarb2crdk34zg6ryq5nkhbgd-docker-18.03.0-ce
/nix/store/0zjs2xdsljsb4wm6y330q40l7ldwjylh-prometheus-1.8.1-bin

[GrahamcOfBorg]

Success on x86_64-darwin (full log)

Attempted: gopass, docker, prometheus

Partial log (click to expand)

patching script interpreter paths in /nix/store/lfr4ggr3j1v1ccyf9ww7vhvigw69i93i-prometheus-1.8.1-bin
strip is /nix/store/0fzpxnsanc02i4jsb1yhchjp4p62b2n3-cctools-binutils-darwin/bin/strip
patching script interpreter paths in /nix/store/cc209m56g48x1mx132fv1fhvjq1sjpcf-prometheus-1.8.1
/nix/store/cc209m56g48x1mx132fv1fhvjq1sjpcf-prometheus-1.8.1/share/go/src/github.com/prometheus/prometheus/scripts/check_license.sh: interpreter directive changed from "/bin/sh" to "/nix/store/x030a63qdilnv02pkivfjg44pdxsh5km-bash-4.4-p19/bin/sh"
/nix/store/cc209m56g48x1mx132fv1fhvjq1sjpcf-prometheus-1.8.1/share/go/src/github.com/prometheus/prometheus/vendor/google.golang.org/appengine/internal/regen.sh: interpreter directive changed from "/bin/bash -e" to "/nix/store/x030a63qdilnv02pkivfjg44pdxsh5km-bash-4.4-p19/bin/bash -e"
/nix/store/cc209m56g48x1mx132fv1fhvjq1sjpcf-prometheus-1.8.1/share/go/src/github.com/prometheus/prometheus/vendor/golang.org/x/sys/unix/mkall.sh: interpreter directive changed from "/usr/bin/env bash" to "/nix/store/x030a63qdilnv02pkivfjg44pdxsh5km-bash-4.4-p19/bin/bash"
/nix/store/cc209m56g48x1mx132fv1fhvjq1sjpcf-prometheus-1.8.1/share/go/src/github.com/prometheus/prometheus/vendor/golang.org/x/sys/unix/mkerrors.sh: interpreter directive changed from "/usr/bin/env bash" to "/nix/store/x030a63qdilnv02pkivfjg44pdxsh5km-bash-4.4-p19/bin/bash"
/nix/store/zwbg2v2chcksq201nzfa5jl6kd199nx4-gopass-1.6.11-bin
/nix/store/rhn5mn4zphwfv131cvkx01wk6q61xwyp-docker-18.03.0-ce
/nix/store/lfr4ggr3j1v1ccyf9ww7vhvigw69i93i-prometheus-1.8.1-bin

[Mic92]

Are older versions of go also affected?

[andir]

@Mic92 yes, according to https://go-review.googlesource.com/c/go/+/102776 there is also a patch for 1.9.5. I'll try to test that later tonight.

[andir]

I added the changes for golang 1.9.5 to this PR.

Running a rebuild of all affected packages right now.

[GrahamcOfBorg]

Success on x86_64-linux (full log)

Attempted: go_1_10, go_1_9

Partial log (click to expand)

cannot find section .dynamic
cannot find section .dynamic
cannot find section .dynamic
cannot find section .dynamic
cannot find section .dynamic
cannot find section .dynamic
cannot find section .dynamic
cannot find section .dynamic
/nix/store/bw0gaaplq0n4yyb7qjd40k6qhwra1c4h-go-1.10.1
/nix/store/ybmqsky9dx2lqixb1sghcbgymn8glbc2-go-1.9.5

[GrahamcOfBorg]

Success on aarch64-linux (full log)

Attempted: go_1_10, go_1_9

Partial log (click to expand)

wrong ELF type
wrong ELF type
wrong ELF type
wrong ELF type
wrong ELF type
cannot find section .dynamic
cannot find section .dynamic
cannot find section .dynamic
/nix/store/ndv4qr7zgi0jzbggird9979jzq5y6ia3-go-1.10.1
/nix/store/8x84s8yi9nry1ipa84dq81ryv129i63h-go-1.9.5

[GrahamcOfBorg]

Failure on x86_64-darwin (full log)

Attempted: go_1_10, go_1_9

Partial log (click to expand)

patching script interpreter paths in /nix/store/1cwykw0y69hfzg18rnyaaf09qmq8awa4-go-1.9.5

##### ../test/bench/go1
testing: warning: no tests to run
PASS
ok      _/nix/store/mq3abn6w0larkrmjsk203x3cp451md4r-go-1.10.1/share/go/test/bench/go1  29.334s

##### ../test
building of '/nix/store/j5glijam5hvnvwc3g6asd8yjf049nr9j-go-1.10.1.drv' timed out after 1800 seconds
�[31;1merror:�[0m build of '/nix/store/j5glijam5hvnvwc3g6asd8yjf049nr9j-go-1.10.1.drv' failed

[Mic92]

@GrahamcOfBorg build kubernetes
(for go 1.9)

[GrahamcOfBorg]

Success on x86_64-linux (full log)

Attempted: kubernetes

Partial log (click to expand)

strip is /nix/store/fzcs0fn6bb04m82frhlb78nc03ny3w55-binutils-2.28.1/bin/strip
patching script interpreter paths in /nix/store/4ipa16id665l3l6ws3ry2x81fyvvn961-kubernetes-1.9.1-man
checking for references to /build in /nix/store/4ipa16id665l3l6ws3ry2x81fyvvn961-kubernetes-1.9.1-man...
shrinking RPATHs of ELF executables and libraries in /nix/store/avswr6fgr1cbfqdf6pg1yi7xn4aw0i2z-kubernetes-1.9.1-pause
shrinking /nix/store/avswr6fgr1cbfqdf6pg1yi7xn4aw0i2z-kubernetes-1.9.1-pause/bin/pause
strip is /nix/store/fzcs0fn6bb04m82frhlb78nc03ny3w55-binutils-2.28.1/bin/strip
stripping (with command strip and flags -S) in /nix/store/avswr6fgr1cbfqdf6pg1yi7xn4aw0i2z-kubernetes-1.9.1-pause/bin
patching script interpreter paths in /nix/store/avswr6fgr1cbfqdf6pg1yi7xn4aw0i2z-kubernetes-1.9.1-pause
checking for references to /build in /nix/store/avswr6fgr1cbfqdf6pg1yi7xn4aw0i2z-kubernetes-1.9.1-pause...
/nix/store/iiyhx0gfal70mgia0db2jdk0acl7vdzx-kubernetes-1.9.1

[GrahamcOfBorg]

Success on aarch64-linux (full log)

Attempted: kubernetes

Partial log (click to expand)

strip is /nix/store/3zq400fri5dv7d30lpxlqm2v9y1iis6j-binutils-2.28.1/bin/strip
patching script interpreter paths in /nix/store/sgnj49qy8blb634g1vi6n1lq09nfmc1i-kubernetes-1.9.1-man
checking for references to /build in /nix/store/sgnj49qy8blb634g1vi6n1lq09nfmc1i-kubernetes-1.9.1-man...
shrinking RPATHs of ELF executables and libraries in /nix/store/icbqlq7pcyfkv1d0rszgmd77ldf17gp9-kubernetes-1.9.1-pause
shrinking /nix/store/icbqlq7pcyfkv1d0rszgmd77ldf17gp9-kubernetes-1.9.1-pause/bin/pause
strip is /nix/store/3zq400fri5dv7d30lpxlqm2v9y1iis6j-binutils-2.28.1/bin/strip
stripping (with command strip and flags -S) in /nix/store/icbqlq7pcyfkv1d0rszgmd77ldf17gp9-kubernetes-1.9.1-pause/bin
patching script interpreter paths in /nix/store/icbqlq7pcyfkv1d0rszgmd77ldf17gp9-kubernetes-1.9.1-pause
checking for references to /build in /nix/store/icbqlq7pcyfkv1d0rszgmd77ldf17gp9-kubernetes-1.9.1-pause...
/nix/store/y4gybxhf7j1zd9baaq1vpvp6acv30rc5-kubernetes-1.9.1

[GrahamcOfBorg]

Failure on x86_64-darwin (full log)

Attempted: kubernetes

Partial log (click to expand)

    cmd/kubectl
    cmd/kubelet
    cmd/kube-apiserver
    cmd/kube-controller-manager
    cmd/kube-proxy
    plugin/cmd/kube-scheduler
    test/e2e/e2e.test
    *******
building of '/nix/store/0gjv8l2lp1ryn2a4z9p3saqqd1zscw19-kubernetes-1.9.1.drv' timed out after 1800 seconds
�[31;1merror:�[0m build of '/nix/store/0gjv8l2lp1ryn2a4z9p3saqqd1zscw19-kubernetes-1.9.1.drv' failed

[Mic92]

18.03:

[detached HEAD ba49d72] go_1_10: 1.10 -> 1.10.1
Author: Andreas Rammhold andreas@rammhold.de
Date: Sat Mar 31 16:53:10 2018 +0200
1 file changed, 2 insertions(+), 2 deletions(-)
[detached HEAD 41164d9] go_1_9: 1.9.4 -> 1.9.5
Author: Andreas Rammhold andreas@rammhold.de
Date: Sun Apr 1 12:44:08 2018 +0200
1 file changed, 2 insertions(+), 2 deletions(-)

17.09 could also need a backport ...

[Mic92]

17.09:

[detached HEAD aa63817] go: 1.9.2 -> 1.9.3
Author: adisbladis adis@blad.is
Date: Wed Jan 24 18:05:55 2018 +0800
1 file changed, 2 insertions(+), 2 deletions(-)
[detached HEAD 121df5f] go: Scale up test timeouts
Author: Tuomas Tynkkynen tuomas@tuxera.com
Date: Fri Jan 26 03:49:24 2018 +0200
1 file changed, 2 insertions(+)
[detached HEAD 357efa3] go_1_9: 1.9.3 -> 1.9.4
Author: adisbladis adis@blad.is
Date: Sun Feb 11 00:47:50 2018 +0800
1 file changed, 2 insertions(+), 2 deletions(-)
warning: inexact rename detection was skipped due to too many files.
warning: you may want to set your merge.renamelimit variable to at least 2332 and retry the command.
[detached HEAD 4e9fa5c] go_1_9: 1.9.4 -> 1.9.5
Author: Andreas Rammhold andreas@rammhold.de
Date: Sun Apr 1 12:44:08 2018 +0200