x509roots/fallback: add //go:build go1.20 to bundle.go

Package fallback has no API; its only purpose is to automatically call x509.SetFallbackRoots with a set of fallback roots. That API was added in Go 1.20, hence the go1.20 build constraint in fallback.go. Add that constraint to bundle.go too, so that it fails to build rather than quietly being a no-op in Go 1.19. Also simplify Write(fmt.Sprintf()) into fmt.Fprintf while here. Add a temporary workaround for go.dev/issue/52287. It has no effect on the public API in this module. For golang/go#57792. For golang/go#52287. Change-Id: I1fe13f7d54b07b0b031e8bae685cffd7a8160165 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/505578 Auto-Submit: Dmitri Shuralyov <[email protected]> TryBot-Result: Gopher Robot <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]> Run-TryBot: Dmitri Shuralyov <[email protected]>
tailscale · awly · Jan 8, 2024 · Mar 2, 2022 · Oct 6, 2021 · Apr 11, 2022
commit a9e447dde7f8f364232efb5072e3ff89b24308da
diff --git a/x509roots/fallback/bundle.go b/x509roots/fallback/bundle.go
diff --git a/x509roots/fallback/fallback.go b/x509roots/fallback/fallback.go
@@ -3,7 +3,6 @@
 // license that can be found in the LICENSE file.
 
 //go:build go1.20
-// +build go1.20
 
 // Package fallback embeds a set of fallback X.509 trusted roots in the
 // application by automatically invoking [x509.SetFallbackRoots]. This allows

diff --git a/x509roots/fallback/internal/goissue52287/goissue52287.go b/x509roots/fallback/internal/goissue52287/goissue52287.go
@@ -0,0 +1,8 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package goissue52287 is an empty internal package.
+// It exists only to work around go.dev/issue/52287 and
+// can be removed after Go 1.19 stops being supported.
+package goissue52287
diff --git a/x509roots/gen_fallback_bundle.go b/x509roots/gen_fallback_bundle.go
@@ -27,6 +27,8 @@ import (
 
 const tmpl = `// Code generated by gen_fallback_bundle.go; DO NOT EDIT.
 
+//go:build go1.20
+
 package fallback
 
 import "crypto/x509"
@@ -41,7 +43,7 @@ func mustParse(b []byte) []*x509.Certificate {
  break
  }
  if block.Type != "CERTIFICATE" {
- panic("unexpected PEM block type: "+block.Type)
+ panic("unexpected PEM block type: " + block.Type)
  }
  cert, err := x509.ParseCertificate(block.Bytes)
  if err != nil {
@@ -97,9 +99,9 @@ func main() {
  return string(certs[i].X509.RawSubjectPublicKeyInfo) < string(certs[j].X509.RawSubjectPublicKeyInfo)
  })
 
- b := bytes.NewBuffer(nil)
- b.Write([]byte(tmpl))
- b.Write([]byte("const pemRoots = `\n"))
+ b := new(bytes.Buffer)
+ b.WriteString(tmpl)
+ fmt.Fprintln(b, "const pemRoots = `")
  for _, c := range certs {
  if len(c.Constraints) > 0 {
  // Until the constrained roots API lands, skip anything that has any
@@ -108,10 +110,10 @@ func main() {
  // new version.
  continue
  }
- b.Write([]byte(fmt.Sprintf("# %s\n# %x\n", c.X509.Subject.String(), sha256.Sum256(c.X509.Raw))))
+ fmt.Fprintf(b, "# %s\n# %x\n", c.X509.Subject.String(), sha256.Sum256(c.X509.Raw))
  pem.Encode(b, &pem.Block{Type: "CERTIFICATE", Bytes: c.X509.Raw})
  }
- b.Write([]byte("`\n"))
+ fmt.Fprintln(b, "`")
 
  formatted, err := format.Source(b.Bytes())
  if err != nil {