golang-1.9.1-1.mga7 uploaded for Cauldron by Joseph.

CC: (none) => joequant
Version: Cauldron => 6
Whiteboard: MGA6TOO => (none)

Fedora advisory for 1.8.4 from October 17:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3SFCC7E7XZUSJKXFRXRASC4BKMRRGE2R/

mga5 has 1.6.4 so no update will be provided. Users should move to mga6 now as it's really stable enough.

version 1.8.4 uploaded for mga6.

Status: NEW => ASSIGNED

Bruno, 1.8.4 never built.  There's a 1.8.5 out now, maybe it fixes the tests.

Bruno, David.

I've just compiled 1.8.5 in mock for mga6 and it looks OK.

Would it be OK if I pushed the changes to svn and ask my mentor, Shlomi, to submit?

Cheers,
Stig (kekePower)

CC: (none) => smelror

Go for it.

MGA6 Golang 1.8.5 commited to svn r1193302.

David, want to submit it?

Cheers,
Stig

Tests still fail:
http://pkgsubmit.mageia.org/uploads/failure/6/core/updates_testing/20180114234631.luigiwalser.duvel.10391/log/golang-1.8.5-1.mga6/build.0.20180114234707.log

That's really strange.

Here is the build log from the run I did in mock.
https://github.com/kekePower/mageia-mock-build-logs/blob/master/golang/2018/01/14-234338/mock/build.log?raw=true

Are you sure everything is OK with the BS?

Both x86_64 and i586 runs all the tests fine in mock on my system, so I don't know what else needs to be done to get it to complete on the BS.

Cheers,
Stig

Looks like this kind of issue:
https://groups.google.com/forum/#!topic/golang-codereviews/auMQx53mxGg

CC: (none) => tmb

Thanks Thomas.

I've rebased the patch you pointed me to. Let's see if it the BS likes it and completes the last test.

SVN commit r1193564.

Cheers,
Stig

Well, that patch didn't work at all :*

Have to go look for something else.

Cheers,
Stig

golang 1.9.1 pushed to updates_testing for MGA6.

A lot of failures in the 1.8.x series made us decide to go for 1.9.x.
Version 1.9.2 is the latest release, but this also failed and since Cauldron has 1.9.1, I thought it'd be a good thing to have the same version.

Thanks a million to my mentor, Shlomi, and to Jani on #mga-mentoring for their guidance and help. Their expertise and kindness helped me get through this.

QA,
You can test this version of golang by building docker.

Cheers,
Stig

Assignee: bruno => smelror

Advisory:
========================

Updated golang packages fix security vulnerabilities:

An arbitrary command execution flaw was found in the way Go's "go get" command
handled the checkout of source code repositories. A remote attacker capable of
hosting malicious repositories could potentially use this flaw to cause
arbitrary command execution on the client side (CVE-2017-15041).

It was found that smtp.PlainAuth authentication scheme in Go did not verify the
TLS requirement properly. A remote man-in-the-middle attacker could potentially
use this flaw to sniff SMTP credentials sent by a Go application
(CVE-2017-15042).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15042
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/AHH5B4WHCPTVEM6APRVXRWLFOR325CCD/
========================

Updated packages in core/updates_testing:
========================
golang-1.9.1-1.mga6
golang-docs-1.9.1-1.mga6
golang-misc-1.9.1-1.mga6
golang-tests-1.9.1-1.mga6
golang-src-1.9.1-1.mga6
golang-bin-1.9.1-1.mga6
golang-shared-1.9.1-1.mga6

from golang-1.9.1-1.mga6.src.rpm

Starting on this for Mageia 6 :: x86_64.

We have seen golang before, and have also followed the build docker advice.
This time however I have been unable to follow through on the local-build instructions kindly provided by David Walser on an unrelated bug.

My own notes record: "Install magarepo and bm"
but bm does not seem to exist and does not seem to be provided by any other package.  Has there been a name change?
docker SOURCES and SPECS have been retrieved but as I am not a packager I cannot get any further without bm or whatever it is called now.

CC: (none) => tarazed25

Panic over; found the source name at ibiblio.org and found that specifying the full string worked.
# urpmi bm-3.2-1.mga6

Situation before updates:

$ bm -ls
creating package list
processing package docker-%{dist_version}-%mkrel 4
building source package
Wrote: /home/lcl/qa/docker/before/docker/SRPMS/docker-17.03.1-4.mga6.src.rpm
succeeded!

$ sudo urpmi SRPMS/docker*.rpm
please use --buildrequires or --install-src, defaulting to --buildrequires
The following packages can't be installed because they depend on packages
that are older than the installed ones:
glibc-static-devel-2.22-26.mga6
docker-17.03.1-4.mga6
Continue installation anyway? (Y/n) 
To satisfy dependencies, the following packages are going to be installed:
  Package                        Version      Release       Arch    
(medium "Core Release (distrib1)")
  golang-net-devel               0.1.git84a4> 8.mga6        x86_64  
  lib64gpg-error-devel           1.24         1.mga6        x86_64  
(medium "Core Updates (distrib3)")
  lib64btrfs-devel               4.14         2.mga6        x86_64  
  lib64gcrypt-devel              1.7.8        1.1.mga6      x86_64  
  systemd-devel                  230          12.2.mga6     x86_64  
2.6MB of additional disk space will be used.
636KB of packages will be retrieved.
Proceed with the installation of the 5 packages? (Y/n) 


    $MIRRORLIST: media/core/release/golang-net-devel-0.1.git84a4013f96e0-8.mga6.x86_64.rpm
    $MIRRORLIST: media/core/release/lib64gpg-error-devel-1.24-1.mga6.x86_64.rpm
    $MIRRORLIST: media/core/updates/lib64btrfs-devel-4.14-2.mga6.x86_64.rpm    
    $MIRRORLIST: media/core/updates/systemd-devel-230-12.2.mga6.x86_64.rpm     
    $MIRRORLIST: media/core/updates/lib64gcrypt-devel-1.7.8-1.1.mga6.x86_64.rpm
installing lib64gcrypt-devel-1.7.8-1.1.mga6.x86_64.rpm systemd-devel-230-12.2.mga6.x86_64.rpm golang-net-devel-0.1.git84a4013f96e0-8.mga6.x86_64.rpm lib64btrfs-devel-4.14-2.mga6.x86_64.rpm lib64gpg-error-devel-1.24-1.mga6.x86_64.rpm from /var/cache/urpmi/rpms
Preparing...                     #############################################
      1/5: lib64gpg-error-devel  #############################################
      2/5: lib64gcrypt-devel     #############################################
      3/5: systemd-devel         #############################################
      4/5: lib64btrfs-devel      #############################################
      5/5: golang-net-devel      #############################################
While some packages may have been installed, there were failures.
The following packages can't be installed because they depend on packages
that are older than the installed ones:
glibc-static-devel-2.22-26.mga6
docker-17.03.1-4.mga6
Continue installation anyway?

[lcl@vega docker]$ bm -l
creating package list
processing package docker-%{dist_version}-%mkrel 4
building source and binary packages
error: Failed build dependencies:
	device-mapper-devel is needed by docker-17.03.1-4.mga6.x86_64
	glibc-static-devel is needed by docker-17.03.1-4.mga6.x86_64
	go-md2man is needed by docker-17.03.1-4.mga6.x86_64
	libsqlite3-devel is needed by docker-17.03.1-4.mga6.x86_64
error: failed!

Len,

What I usually do to get a package built is

sudo urpmi --buildrequires SPEC/file.spec

and if it fails, try again.

I guess it also works directly with src.rpm files as well.

AFAICS, it looks like the mirror used may be out of sync.


Cheers,
Stig

Here's my test.

$ sudo urpmi --buildrequires SPECS/docker.spec
To satisfy dependencies, the following packages are going to be installed:
  Package                        Version      Release       Arch
(medium "Core Release")
  golang-net-devel               0.1.git84a4> 8.mga6        x86_64
  lib64devmapper-devel           1.02.137     1.mga6        x86_64
(medium "Core Updates")
  glibc-static-devel             2.22         26.mga6       x86_64
  lib64btrfs-devel               4.14         2.mga6        x86_64
(medium "Core Updates Testing")
  golang                         1.9.1        1.mga6        x86_64
  golang-bin                     1.9.1        1.mga6        x86_64
  golang-src                     1.9.1        1.mga6        noarch
321MB of additional disk space will be used.
59MB of packages will be retrieved.
Proceed with the installation of the 7 packages? (Y/n)

Preparing...                     #############################################
      1/7: golang-src            #############################################
      2/7: golang-bin            #############################################
      3/7: golang                #############################################
      4/7: golang-net-devel      #############################################
      5/7: lib64btrfs-devel      #############################################
      6/7: lib64devmapper-devel  #############################################
      7/7: glibc-static-devel    #############################################

And bm -l proceeded without issues.

Cheers,
Stig

Len, it looks like either something is messed up with your media configuration (which ones are enabled) or you have some packages from updates_testing installed that you shouldn't.

Try double-checking that updates_testing is *not* enabled but core/release and core/updates are, and then running urpmq --not-available to find package versions that don't match what you should have installed.

I had already checked updates testing and have now checked it again - not enabled - but earlier I had updated glibc so that is probably where the problem is.  My mind is still extremely fuzzy after two weeks of a nasty 'flu so I am not at all sure how that happened.

That is a handy command, but whoa, so many!
$ urpmq --not-available
reports several glibc components so I guess I should downgrade them and reboot.
Back in a wee while.

Yes, either downgrade them *or* make sure you install glibc, glibc-devel, and glibc-static-devel from updates_testing all together before testing this (you probably had only the first two so it couldn't install the third).

Hmm.  Not possible to downgrade, neither to remove and reinstall.
Was going to say short of reinstalling mga6 the only other solution is to try on another system which has not been botched but your reinstall glibc sounds better.
# rpm -qa | grep glibc
lib64glibc_lsb-2.4.7-12.mga6
glibc-devel-2.22-27.mga6
glibc-2.22-27.mga6

No static-devel.

Yeah just install glibc-static-devel from updates_testing and you should be good.

Installed glibc-static-devel from Updates testing then went back to the beginning and ran Stig's buildrequires command.  That went fine, so did 'bm -ls'.
$ bm -l
proceeded without incident.
..................
Executing(%clean): /bin/sh -e /home/lcl/qa/docker/before/docker/BUILDROOT/rpm-tmp.giYOhq
+ umask 022
+ cd /home/lcl/qa/docker/before/docker/BUILD
+ cd moby-17.03.1-ce
+ /usr/bin/rm -rf /home/lcl/qa/docker/before/docker/BUILDROOT/docker-17.03.1-4.mga6.x86_64
+ exit 0
succeeded!

Thanks lads for your help.

So that is done for before the golang update.
Have created a parallel branch for the after update scenario.

Updated all the golang components and ran the local build in the after branch.  That went very smoothly and 'bm -l' ended with:
+ umask 022
+ cd /home/lcl/qa/docker/after/docker/BUILD
+ cd moby-17.03.1-ce
+ /usr/bin/rm -rf /home/lcl/qa/docker/after/docker/BUILDROOT/docker-17.03.1-4.mga6.x86_64
+ exit 0
succeeded!

Worth an OK but I shall run some user-side commands to ensure full functionality.

$ export GOPATH=/home/lcl/go/
$ go version
go version go1.8.1 linux/amd64
$ cd go
$ tree
.
└── src
    ├── hello_1.go
    ├── hello.go
    └── stringutil
        └── reverse.go
$ cd src
Classic one-liner:
$ go run hello_1.go
Good morning QA
$ go build hello.go
$ ll
total 1536
-rwxr-xr-x 1 lcl lcl 1560023 Jan 21 16:46 hello*
-rw-r--r-- 1 lcl lcl      80 Jan 21 15:22 hello_1.go
-rw-r--r-- 1 lcl lcl     155 Jan 21 15:21 hello.go
Use package function to reverse the message string.
$ ./hello
Good morning QA
!AQ gninrom dooG

This will do I think.

Whiteboard: (none) => MGA6-64-OK

Created attachment 9917 [details]
Hello world program written in go.

Created attachment 9918 [details]
String manipulation in go

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0089.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED