From 07ad98c7f2fcf886e8567b010408d89d881a1cb1 Mon Sep 17 00:00:00 2001
From: Chris Gunn <chrisgun@microsoft.com>
Date: Fri, 19 Aug 2022 11:21:23 -0700
Subject: [PATCH 1/3] Update cert-manager to v1.7.3.

- Update cert-manager to v1.7.3.
- Split cert-manager binaries into separate packages.
- Remove cert-manager build dependency on Bazel and just build the
binaries directly using `go build`. This makes building easier. Also,
the latest upstream version of cert-manager does this.
- Use the Go "vendor" directory for Go dependencies instead of dumping
files in the global Go cache.
---
 .../Fix-dependency-checksum.patch             |  27 ---
 SPECS/cert-manager/Fix-os-WriteFile.patch     |  52 ----
 .../cert-manager/cert-manager.signatures.json |   5 +-
 SPECS/cert-manager/cert-manager.spec          | 141 ++++++-----
 SPECS/golang/golang-1.17.signatures.json      |   6 -
 SPECS/golang/golang-1.17.spec                 | 223 ------------------
 6 files changed, 83 insertions(+), 371 deletions(-)
 delete mode 100644 SPECS/cert-manager/Fix-dependency-checksum.patch
 delete mode 100644 SPECS/cert-manager/Fix-os-WriteFile.patch
 delete mode 100644 SPECS/golang/golang-1.17.signatures.json
 delete mode 100644 SPECS/golang/golang-1.17.spec

diff --git a/SPECS/cert-manager/Fix-dependency-checksum.patch b/SPECS/cert-manager/Fix-dependency-checksum.patch
deleted file mode 100644
index 243bee25e01..00000000000
--- a/SPECS/cert-manager/Fix-dependency-checksum.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-diff --git a/WORKSPACE b/home/henry/Downloads/cert-manager-1.5.3/WORKSPACE
-index 390d481b..7585465d 100644
---- a/WORKSPACE
-+++ b/home/henry/Downloads/cert-manager-1.5.3/WORKSPACE
-@@ -31,7 +31,7 @@ go_rules_dependencies()
- 
- go_register_toolchains(
-     nogo = "@//hack/build:nogo_vet",
--    version = "1.16.6",
-+    go_version = "host",
- )
- 
- ## Load gazelle and dependencies
-
-diff --git a/hack/bin/deps.bzl b/hack/bin/deps.bzl
-index 6938b50b..e5c439a8 100644
---- a/hack/bin/deps.bzl
-+++ b/hack/bin/deps.bzl
-@@ -55,7 +55,7 @@ filegroup(
- 
-     http_archive(
-         name = "co_honnef_go_tools_staticcheck_osx",
--        sha256 = "03b100561e3bc14db0b3b4004b102a00cb0197938d23cc40193f269f7b246d2d",
-+        sha256 = "7fb41768b8e68aaad397f666d7d5eb9c31abcc4180b5cb6fa7d091cef987eb77",
-         urls = ["https://github.com/dominikh/go-tools/releases/download/2021.1/staticcheck_darwin_amd64.tar.gz"],
-         build_file_content = """
- filegroup(
diff --git a/SPECS/cert-manager/Fix-os-WriteFile.patch b/SPECS/cert-manager/Fix-os-WriteFile.patch
deleted file mode 100644
index 8bfeed5b40a..00000000000
--- a/SPECS/cert-manager/Fix-os-WriteFile.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-diff --git a/cmd/ctl/pkg/create/certificaterequest/certificaterequest.go b/cmd/ctl/pkg/create/certificaterequest/certificaterequest.go
-index bc95f8fd..166a1689 100644
---- a/cmd/ctl/pkg/create/certificaterequest/certificaterequest.go
-+++ b/cmd/ctl/pkg/create/certificaterequest/certificaterequest.go
-@@ -22,7 +22,6 @@ import (
- 	"errors"
- 	"fmt"
- 	"io/ioutil"
--	"os"
- 	"time"
- 
- 	"github.com/spf13/cobra"
-@@ -362,7 +361,7 @@ func fetchCertificateFromCR(req *cmapi.CertificateRequest, certFileName string)
- 	}
- 
- 	// Store certificate to file
--	err := os.WriteFile(certFileName, req.Status.Certificate, 0600)
-+	err := ioutil.WriteFile(certFileName, req.Status.Certificate, 0600)
- 	if err != nil {
- 		return fmt.Errorf("error when writing certificate to file: %w", err)
- 	}
-diff --git a/cmd/ctl/pkg/create/certificatesigningrequest/certificatesigningrequest.go b/cmd/ctl/pkg/create/certificatesigningrequest/certificatesigningrequest.go
-index 82a78e3e..98834937 100644
---- a/cmd/ctl/pkg/create/certificatesigningrequest/certificatesigningrequest.go
-+++ b/cmd/ctl/pkg/create/certificatesigningrequest/certificatesigningrequest.go
-@@ -21,7 +21,7 @@ import (
- 	"encoding/pem"
- 	"errors"
- 	"fmt"
--	"os"
-+	"io/ioutil"
- 	"strconv"
- 	"time"
- 
-@@ -257,7 +257,7 @@ func (o *Options) Run(ctx context.Context, args []string) error {
- 	if o.KeyFilename != "" {
- 		keyFileName = o.KeyFilename
- 	}
--	if err := os.WriteFile(keyFileName, keyPEM, 0600); err != nil {
-+	if err := ioutil.WriteFile(keyFileName, keyPEM, 0600); err != nil {
- 		return fmt.Errorf("error when writing private key to file: %s", err)
- 	}
- 	fmt.Fprintf(o.Out, "Private key written to file %s\n", keyFileName)
-@@ -430,7 +430,7 @@ func storeCertificate(req *certificatesv1.CertificateSigningRequest, fileName st
- 	}
- 
- 	// Store certificate to file
--	err := os.WriteFile(fileName, req.Status.Certificate, 0600)
-+	err := ioutil.WriteFile(fileName, req.Status.Certificate, 0600)
- 	if err != nil {
- 		return fmt.Errorf("error when writing certificate to file: %s", err)
- 	}
diff --git a/SPECS/cert-manager/cert-manager.signatures.json b/SPECS/cert-manager/cert-manager.signatures.json
index aef954c0c0c..08a0ed6b31a 100644
--- a/SPECS/cert-manager/cert-manager.signatures.json
+++ b/SPECS/cert-manager/cert-manager.signatures.json
@@ -1,7 +1,6 @@
 {
  "Signatures": {
-  "cert-manager-1.5.3-gocache.tar.gz": "314222bf36a5a5b16f2f2b58099c0d19b1fa5da1c80f4057d2ad41f3043ebe0c",
-  "cert-manager-1.5.3-vendor.tar.gz": "b6c17ee4daee33ad980e5b41cb1d04cde33468f64400044d5d799c97edba8cf2",
-  "cert-manager-1.5.3.tar.gz": "48c451bfc87a9fadd575a05e586d80858ddf87e933c695293aff3f4782f3cbda"
+  "cert-manager-1.7.3-govendor.tar.gz": "48fe09366760fa4f450bdb7e3cd7ab9555a7685ed53543db738788236a50218c",
+  "cert-manager-1.7.3.tar.gz": "0519f0713d76044a348b0e33a2984d6b506f9f2683007f8487142127b09896d2"
  }
 }
\ No newline at end of file
diff --git a/SPECS/cert-manager/cert-manager.spec b/SPECS/cert-manager/cert-manager.spec
index 38c2a5096f3..4eec923ff33 100644
--- a/SPECS/cert-manager/cert-manager.spec
+++ b/SPECS/cert-manager/cert-manager.spec
@@ -1,7 +1,7 @@
 Summary:        Automatically provision and manage TLS certificates in Kubernetes
 Name:           cert-manager
-Version:        1.5.3
-Release:        2%{?dist}
+Version:        1.7.3
+Release:        1%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -9,88 +9,109 @@ URL:            https://github.com/jetstack/cert-manager
 #Source0:       https://github.com/jetstack/%{name}/archive/refs/tags/v%{version}.tar.gz
 Source0:        %{name}-%{version}.tar.gz
 # Below is a manually created tarball, no download link.
-# We're using pre-populated external dependencies from this tarball, since network is disabled during build time.
-#   1. wget https://github.com/jetstack/%{name}/archive/refs/tags/v%{version}.tar.gz -o %%{name}-%%{version}.tar.gz
-#   2. tar -xf %%{name}-%%{version}.tar.gz
-#   3. cd %%{name}-%%{version}
-#   4. patch -p1 < Fix-dependency-checksum.patch
-#   5. mkdir -p BAZEL_CACHE
-#   6. bazel fetch --repository_cache=BAZEL_CACHE //...
-#   7. tar  --sort=name \
-#           --mtime="2021-04-26 00:00Z" \
-#           --owner=0 --group=0 --numeric-owner \
-#           --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime \
-#           -cf %%{name}-%%{version}-vendor.tar.gz BAZEL_CACHE
-Source1:        %{name}-%{version}-vendor.tar.gz
-# Below is a manually created tarball, no download link.
 # We're using pre-populated GO dependencies from this tarball, since network is disabled during build time.
 #   1. wget https://github.com/jetstack/%{name}/archive/refs/tags/v%{version}.tar.gz -o %%{name}-%%{version}.tar.gz
 #   2. tar -xf %%{name}-%%{version}.tar.gz
 #   3. cd %%{name}-%%{version}
-#   4. go mod download
-#   5. cd $HOME
+#   4. go mod vendor
 #   5. tar  --sort=name \
-#           --mtime="2021-04-26 00:00Z" \
+#           --mtime="2022-08-10 00:00Z" \
 #           --owner=0 --group=0 --numeric-owner \
 #           --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime \
-#           -cf %%{name}-%%{version}-gocache.tar.gz go
-Source2:        %{name}-%{version}-gocache.tar.gz
-Patch0:         Fix-dependency-checksum.patch
-Patch1:         Fix-os-WriteFile.patch
-BuildRequires:  bazel
-BuildRequires:  git
-BuildRequires:  golang <= 1.17.10
+#           -cf %%{name}-%%{version}-govendor.tar.gz vendor
+Source1:        %{name}-%{version}-govendor.tar.gz
+BuildRequires:  golang
 BuildRequires:  patch
 
 %description
 cert-manager is a Kubernetes add-on to automate the management and issuance
 of TLS certificates from various issuing sources.
 
+%package acmesolver
+Summary: cert-manager's acmesolver binary
+
+%description acmesolver
+HTTP server used to solve ACME challenges.
+
+%package cainjector
+Summary: cert-manager's cainjector binary
+
+%description cainjector
+cert-manager CA injector is a Kubernetes addon to automate the injection of CA data into
+webhooks and APIServices from cert-manager certificates.
+
+%package controller
+Summary: cert-manager's controller binary
+
+%description controller
+cert-manager is a Kubernetes addon to automate the management and issuance of
+TLS certificates from various issuing sources.
+
+%package cmctl
+Summary: cert-manager's cmctl binary
+
+%description cmctl
+cmctl is a CLI tool manage and configure cert-manager resources for Kubernetes
+
+%package webhook
+Summary: cert-manager's webhook binary
+
+%description webhook
+Webhook component providing API validation, mutation and conversion functionality for cert-manager.
+
 %prep
 %autosetup -p1
 %setup -q -T -D -a 1
 
-%build
-export GO111MODULE=off
-mkdir -p %{_topdir}/go
-export GOPATH=%{_topdir}/go
-pushd $GOPATH
-tar -xvf %{SOURCE2} --strip-components=1 --no-same-owner
-popd
-
-export GO_REPOSITORY_USE_HOST_CACHE=1
-
-git config --global user.email you@example.com
-git config --global user.name "Your Name"
-git init
-git add .
-GIT_AUTHOR_DATE=2000-01-01T01:01:01 GIT_COMMITTER_DATE=2000-01-01T01:01:01 \
-git commit -m "Dummy commit just to satisfy bazel" &> /dev/null
-
-for cmd in cmd/* ; do
-  if [ "$cmd" != cmd/util ]; then
-    bazel --batch build --repository_cache=BAZEL_CACHE //$cmd
-  fi
-done
+go build -o bin/acmesolver cmd/acmesolver/main.go
+go build -o bin/cainjector cmd/cainjector/main.go
+go build -o bin/controller cmd/controller/main.go
+go build -o bin/cmctl cmd/ctl/main.go
+go build -o bin/webhook cmd/webhook/main.go
 
 %install
 mkdir -p %{buildroot}%{_bindir}
-%ifarch aarch64
-install -D -m0755 bazel-out/aarch64-fastbuild-ST-4c64f0b3d5c7/bin/cmd/ctl/kubectl-cert_manager %{buildroot}%{_bindir}/
-%else
-install -D -m0755 bazel-out/k8-fastbuild-ST-4c64f0b3d5c7/bin/cmd/ctl/kubectl-cert_manager %{buildroot}%{_bindir}/
-%endif
-install -D -m0755 bazel-bin/cmd/webhook/webhook_/webhook %{buildroot}%{_bindir}/
-install -D -m0755 bazel-bin/cmd/controller/controller_/controller %{buildroot}%{_bindir}/
-install -D -m0755 bazel-bin/cmd/cainjector/cainjector_/cainjector %{buildroot}%{_bindir}/
-install -D -m0755 bazel-bin/cmd/acmesolver/acmesolver_/acmesolver %{buildroot}%{_bindir}/
-
-%files
+install -D -m0755 bin/acmesolver %{buildroot}%{_bindir}/
+install -D -m0755 bin/cainjector %{buildroot}%{_bindir}/
+install -D -m0755 bin/controller %{buildroot}%{_bindir}/
+install -D -m0755 bin/cmctl %{buildroot}%{_bindir}/
+install -D -m0755 bin/webhook %{buildroot}%{_bindir}/
+
+%files acmesolver
+%license LICENSE
+%license LICENSES
+%doc README.md
+%{_bindir}/acmesolver
+
+%files cainjector
+%license LICENSE
+%license LICENSES
+%doc README.md
+%{_bindir}/cainjector
+
+%files controller
 %license LICENSE
+%license LICENSES
 %doc README.md
-%{_bindir}/*
+%{_bindir}/controller
+
+%files cmctl
+%license LICENSE
+%license LICENSES
+%doc README.md
+%{_bindir}/cmctl
+
+%files webhook
+%license LICENSE
+%license LICENSES
+%doc README.md
+%{_bindir}/webhook
 
 %changelog
+* Fri Aug 05 2022 Chris Gunn <chrisgun@microsoft.com> - 1.7.3-1
+- Update to v1.7.3
+- Split binaries into separate packages.
+
 * Tue Jun 14 2022 Muhammad Falak <mwani@microsoft.com> - 1.5.3-2
 - Add a hard BR on golang <= 1.17.10
 - Bump release to rebuild with golang 1.17.10
diff --git a/SPECS/golang/golang-1.17.signatures.json b/SPECS/golang/golang-1.17.signatures.json
deleted file mode 100644
index 7134223a452..00000000000
--- a/SPECS/golang/golang-1.17.signatures.json
+++ /dev/null
@@ -1,6 +0,0 @@
-{
- "Signatures": {
-  "go1.17.10.src.tar.gz": "299e55af30f15691b015d8dcf8ecae72412412569e5b2ece20361753a456f2f9",
-  "go1.4-bootstrap-20171003.tar.gz": "f4ff5b5eb3a3cae1c993723f3eab519c5bae18866b5e5f96fe1102f0cb5c3e52"
- }
-}
\ No newline at end of file
diff --git a/SPECS/golang/golang-1.17.spec b/SPECS/golang/golang-1.17.spec
deleted file mode 100644
index d9e5bf0ebd8..00000000000
--- a/SPECS/golang/golang-1.17.spec
+++ /dev/null
@@ -1,223 +0,0 @@
-%global goroot          %{_libdir}/golang
-%global gopath          %{_datadir}/gocode
-%ifarch aarch64
-%global gohostarch      arm64
-%else
-%global gohostarch      amd64
-%endif
-%define debug_package %{nil}
-%define __strip /bin/true
-# rpmbuild magic to keep from having meta dependency on libc.so.6
-%define _use_internal_dependency_generator 0
-%define __find_requires %{nil}
-Summary:        Go
-Name:           golang
-Version:        1.17.10
-Release:        1%{?dist}
-License:        BSD
-Vendor:         Microsoft Corporation
-Distribution:   Mariner
-Group:          System Environment/Security
-URL:            https://golang.org
-Source0:        https://golang.org/dl/go%{version}.src.tar.gz
-Source1:        https://dl.google.com/go/go1.4-bootstrap-20171003.tar.gz
-Patch0:         go14_bootstrap_aarch64.patch
-Obsoletes:      %{name} < %{version}
-Provides:       %{name} = %{version}
-Provides:       go = %{version}-%{release}
-
-%description
-Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.
-
-%prep
-# Setup go 1.4 bootstrap source
-tar xf %{SOURCE1} --no-same-owner
-patch -Np1 --ignore-whitespace < %{PATCH0}
-mv -v go go-bootstrap
-
-%setup -q -n go
-
-%build
-# Build go 1.4 bootstrap
-pushd %{_topdir}/BUILD/go-bootstrap/src
-CGO_ENABLED=0 ./make.bash
-popd
-mv -v %{_topdir}/BUILD/go-bootstrap %{_libdir}/golang
-export GOROOT=%{_libdir}/golang
-
-# Build current go version
-export GOHOSTOS=linux
-export GOHOSTARCH=%{gohostarch}
-export GOROOT_BOOTSTRAP=%{goroot}
-
-export GOROOT="`pwd`"
-export GOPATH=%{gopath}
-export GOROOT_FINAL=%{_bindir}/go
-rm -f  %{gopath}/src/runtime/*.c
-pushd src
-./make.bash --no-clean
-popd
-
-%install
-
-mkdir -p %{buildroot}%{_bindir}
-mkdir -p %{buildroot}%{goroot}
-
-cp -R api bin doc lib pkg src misc VERSION %{buildroot}%{goroot}
-
-# remove the unnecessary zoneinfo file (Go will always use the system one first)
-rm -rfv %{buildroot}%{goroot}/lib/time
-
-# remove the doc Makefile
-rm -rfv %{buildroot}%{goroot}/doc/Makefile
-
-# put binaries to bindir, linked to the arch we're building,
-# leave the arch independent pieces in %{goroot}
-mkdir -p %{buildroot}%{goroot}/bin/linux_%{gohostarch}
-ln -sfv ../go %{buildroot}%{goroot}/bin/linux_%{gohostarch}/go
-ln -sfv ../gofmt %{buildroot}%{goroot}/bin/linux_%{gohostarch}/gofmt
-ln -sfv %{goroot}/bin/gofmt %{buildroot}%{_bindir}/gofmt
-ln -sfv %{goroot}/bin/go %{buildroot}%{_bindir}/go
-
-# ensure these exist and are owned
-mkdir -p %{buildroot}%{gopath}/src/github.com/
-mkdir -p %{buildroot}%{gopath}/src/bitbucket.org/
-mkdir -p %{buildroot}%{gopath}/src/code.google.com/p/
-
-install -vdm755 %{buildroot}%{_sysconfdir}/profile.d
-cat >> %{buildroot}%{_sysconfdir}/profile.d/go-exports.sh <<- "EOF"
-export GOROOT=%{goroot}
-export GOPATH=%{_datadir}/gocode
-export GOHOSTOS=linux
-export GOHOSTARCH=%{gohostarch}
-export GOOS=linux
-EOF
-
-%post -p /sbin/ldconfig
-%postun
-/sbin/ldconfig
-if [ $1 -eq 0 ]; then
-  #This is uninstall
-  rm %{_sysconfdir}/profile.d/go-exports.sh
-  rm -rf /opt/go
-  exit 0
-fi
-
-%files
-%defattr(-,root,root)
-%license LICENSE
-%exclude %{goroot}/src/*.rc
-%exclude %{goroot}/include/plan9
-%{_sysconfdir}/profile.d/go-exports.sh
-%{goroot}/*
-%{gopath}/src
-%exclude %{goroot}/src/pkg/debug/dwarf/testdata
-%exclude %{goroot}/src/pkg/debug/elf/testdata
-%{_bindir}/*
-
-%changelog
-* Tue Apr 12 2022 Muhammad Falak <mwani@microsoft.com> - 1.17.10-1
-- Bump version to 1.17.10 to address CVE-2021-44716
-
-* Thu Feb 17 2022 Andrew Phelps <anphel@microsoft.com> - 1.17.1-2
-- Use _topdir instead of hard-coded value /usr/src/mariner
-- License verified
-
-* Wed Sep 15 2021 Andrew Phelps <anphel@microsoft.com> - 1.17.1-1
-- Updated to version 1.17.1
-
-* Tue Jun 08 2021 Henry Beberman <henry.beberman@microsoft.com> - 1.15.13-1
-- Updated to version 1.15.13 to fix CVE-2021-33194 and CVE-2021-31525
-
-* Mon Apr 26 2021 Nicolas Guibourge <nicolasg@microsoft.com> - 1.15.11-1
-- Updated to version 1.15.11 to fix CVE-2021-27918
-
-* Wed Feb 03 2021 Andrew Phelps <anphel@microsoft.com> - 1.15.7-1
-- Updated to version 1.15.7 to fix CVE-2021-3114
-
-* Mon Nov 23 2020 Henry Beberman <henry.beberman@microsoft.com> - 1.15.5-1
-- Updated to version 1.15.5
-
-* Fri Oct 30 2020 Thomas Crain <thcrain@microsoft.com> - 1.13.15-2
-- Patch CVE-2020-24553
-
-* Tue Sep 08 2020 Nicolas Ontiveros <niontive@microsoft.com> - 1.13.15-1
-- Updated to version 1.13.15, which fixes CVE-2020-14039 and CVE-2020-16845.
-
-* Sun May 24 2020 Mateusz Malisz <mamalisz@microsoft.com> - 1.13.11-1
-- Updated to version 1.13.11
-
-* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> - 1.12.5-7
-- Added %%license line automatically
-
-* Thu Apr 30 2020 Emre Girgin <mrgirgin@microsoft.com> - 1.12.5-6
-- Renaming go to golang
-
-* Thu Apr 23 2020 Nicolas Ontiveros <niontive@microsoft.com> - 1.12.5-5
-- Fix CVE-2019-14809.
-
-* Fri Mar 27 2020 Andrew Phelps <anphel@microsoft.com> - 1.12.5-4
-- Support building standalone by adding go 1.4 bootstrap.
-
-* Thu Feb 27 2020 Henry Beberman <hebeberm@microsoft.com> - 1.12.5-3
-- Remove meta dependency on libc.so.6
-
-* Thu Feb 6 2020 Andrew Phelps <anphel@microsoft.com> - 1.12.5-2
-- Remove ExtraBuildRequires
-
-* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> - 1.12.5-1
-- Initial CBL-Mariner import from Photon (license: Apache2).
-
-* Mon Jan 21 2019 Bo Gan <ganb@vmware.com> - 1.9.7-1
-- Update to 1.9.7
-
-* Wed Oct 24 2018 Alexey Makhalov <amakhalov@vmware.com> - 1.9.4-3
-- Use extra build requires
-
-* Mon Apr 02 2018 Dheeraj Shetty <dheerajs@vmware.com> - 1.9.4-2
-- Fix for CVE-2018-7187
-
-* Thu Mar 15 2018 Xiaolin Li <xiaolinl@vmware.com> - 1.9.4-1
-- Update to golang release v1.9.4
-
-* Tue Nov 14 2017 Alexey Makhalov <amakhalov@vmware.com> - 1.9.1-2
-- Aarch64 support
-
-* Wed Nov 01 2017 Vinay Kulkarni <kulkarniv@vmware.com> - 1.9.1-1
-- Update to golang release v1.9.1
-
-* Wed May 31 2017 Xiaolin Li <xiaolinl@vmware.com> - 1.8.1-2
-- Remove mercurial from buildrequires and requires.
-
-* Tue Apr 11 2017 Danut Moraru <dmoraru@vmware.com> - 1.8.1-1
-- Update Golang to version 1.8.1, updated patch0
-
-* Wed Dec 28 2016 Xiaolin Li <xiaolinl@vmware.com> - 1.7.4-1
-- Updated Golang to 1.7.4.
-
-* Thu Oct 06 2016 ChangLee <changlee@vmware.com> - 1.6.3-2
-- Modified %check
-
-* Wed Jul 27 2016 Anish Swaminathan <anishs@vmware.com> - 1.6.3-1
-- Update Golang to version 1.6.3 - fixes CVE 2016-5386
-
-* Fri Jul 8 2016 Harish Udaiya Kumar <hudaiyakumar@vmware.com> - 1.6.2-1
-- Updated the Golang to version 1.6.2
-
-* Thu Jun 2 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> - 1.4.2-5
-- Fix script syntax
-
-* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> - 1.4.2-4
-- GA - Bump release of all rpms
-
-* Thu May 05 2016 Kumar Kaushik <kaushikk@vmware.com> - 1.4.2-3
-- Handling upgrade scenario pre/post/un scripts.
-
-* Wed Dec 09 2015 Anish Swaminathan <anishs@vmware.com> - 1.4.2-2
-- Edit post script.
-
-* Mon Aug 03 2015 Vinay Kulkarni <kulkarniv@vmware.com> - 1.4.2-1
-- Update to golang release version 1.4.2
-
-* Fri Oct 17 2014 Divya Thaluru <dthaluru@vmware.com> - 1.3.3-1
-- Initial build.  First version

From 65d32b8c937b352c762d3f058c64ac9baa8eec0c Mon Sep 17 00:00:00 2001
From: Chris Gunn <chrisgun@microsoft.com>
Date: Fri, 19 Aug 2022 16:11:12 -0700
Subject: [PATCH 2/3] Feedback changes

---
 SPECS/cert-manager/cert-manager.spec     |  25 +--
 SPECS/golang/golang-1.17.signatures.json |   6 +
 SPECS/golang/golang-1.17.spec            | 223 +++++++++++++++++++++++
 cgmanifest.json                          |   4 +-
 4 files changed, 245 insertions(+), 13 deletions(-)
 create mode 100644 SPECS/golang/golang-1.17.signatures.json
 create mode 100644 SPECS/golang/golang-1.17.spec

diff --git a/SPECS/cert-manager/cert-manager.spec b/SPECS/cert-manager/cert-manager.spec
index 4eec923ff33..7d0ac15cc97 100644
--- a/SPECS/cert-manager/cert-manager.spec
+++ b/SPECS/cert-manager/cert-manager.spec
@@ -15,13 +15,18 @@ Source0:        %{name}-%{version}.tar.gz
 #   3. cd %%{name}-%%{version}
 #   4. go mod vendor
 #   5. tar  --sort=name \
-#           --mtime="2022-08-10 00:00Z" \
+#           --mtime="2021-04-26 00:00Z" \
 #           --owner=0 --group=0 --numeric-owner \
 #           --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime \
 #           -cf %%{name}-%%{version}-govendor.tar.gz vendor
 Source1:        %{name}-%{version}-govendor.tar.gz
 BuildRequires:  golang
 BuildRequires:  patch
+Requires: %{name}-acmesolver
+Requires: %{name}-cainjector
+Requires: %{name}-controller
+Requires: %{name}-cmctl
+Requires: %{name}-webhook
 
 %description
 cert-manager is a Kubernetes add-on to automate the management and issuance
@@ -63,6 +68,7 @@ Webhook component providing API validation, mutation and conversion functionalit
 %autosetup -p1
 %setup -q -T -D -a 1
 
+%build
 go build -o bin/acmesolver cmd/acmesolver/main.go
 go build -o bin/cainjector cmd/cainjector/main.go
 go build -o bin/controller cmd/controller/main.go
@@ -77,33 +83,30 @@ install -D -m0755 bin/controller %{buildroot}%{_bindir}/
 install -D -m0755 bin/cmctl %{buildroot}%{_bindir}/
 install -D -m0755 bin/webhook %{buildroot}%{_bindir}/
 
+%files
+
 %files acmesolver
-%license LICENSE
-%license LICENSES
+%license LICENSE LICENSES
 %doc README.md
 %{_bindir}/acmesolver
 
 %files cainjector
-%license LICENSE
-%license LICENSES
+%license LICENSE LICENSES
 %doc README.md
 %{_bindir}/cainjector
 
 %files controller
-%license LICENSE
-%license LICENSES
+%license LICENSE LICENSES
 %doc README.md
 %{_bindir}/controller
 
 %files cmctl
-%license LICENSE
-%license LICENSES
+%license LICENSE LICENSES
 %doc README.md
 %{_bindir}/cmctl
 
 %files webhook
-%license LICENSE
-%license LICENSES
+%license LICENSE LICENSES
 %doc README.md
 %{_bindir}/webhook
 
diff --git a/SPECS/golang/golang-1.17.signatures.json b/SPECS/golang/golang-1.17.signatures.json
new file mode 100644
index 00000000000..7134223a452
--- /dev/null
+++ b/SPECS/golang/golang-1.17.signatures.json
@@ -0,0 +1,6 @@
+{
+ "Signatures": {
+  "go1.17.10.src.tar.gz": "299e55af30f15691b015d8dcf8ecae72412412569e5b2ece20361753a456f2f9",
+  "go1.4-bootstrap-20171003.tar.gz": "f4ff5b5eb3a3cae1c993723f3eab519c5bae18866b5e5f96fe1102f0cb5c3e52"
+ }
+}
\ No newline at end of file
diff --git a/SPECS/golang/golang-1.17.spec b/SPECS/golang/golang-1.17.spec
new file mode 100644
index 00000000000..d9e5bf0ebd8
--- /dev/null
+++ b/SPECS/golang/golang-1.17.spec
@@ -0,0 +1,223 @@
+%global goroot          %{_libdir}/golang
+%global gopath          %{_datadir}/gocode
+%ifarch aarch64
+%global gohostarch      arm64
+%else
+%global gohostarch      amd64
+%endif
+%define debug_package %{nil}
+%define __strip /bin/true
+# rpmbuild magic to keep from having meta dependency on libc.so.6
+%define _use_internal_dependency_generator 0
+%define __find_requires %{nil}
+Summary:        Go
+Name:           golang
+Version:        1.17.10
+Release:        1%{?dist}
+License:        BSD
+Vendor:         Microsoft Corporation
+Distribution:   Mariner
+Group:          System Environment/Security
+URL:            https://golang.org
+Source0:        https://golang.org/dl/go%{version}.src.tar.gz
+Source1:        https://dl.google.com/go/go1.4-bootstrap-20171003.tar.gz
+Patch0:         go14_bootstrap_aarch64.patch
+Obsoletes:      %{name} < %{version}
+Provides:       %{name} = %{version}
+Provides:       go = %{version}-%{release}
+
+%description
+Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.
+
+%prep
+# Setup go 1.4 bootstrap source
+tar xf %{SOURCE1} --no-same-owner
+patch -Np1 --ignore-whitespace < %{PATCH0}
+mv -v go go-bootstrap
+
+%setup -q -n go
+
+%build
+# Build go 1.4 bootstrap
+pushd %{_topdir}/BUILD/go-bootstrap/src
+CGO_ENABLED=0 ./make.bash
+popd
+mv -v %{_topdir}/BUILD/go-bootstrap %{_libdir}/golang
+export GOROOT=%{_libdir}/golang
+
+# Build current go version
+export GOHOSTOS=linux
+export GOHOSTARCH=%{gohostarch}
+export GOROOT_BOOTSTRAP=%{goroot}
+
+export GOROOT="`pwd`"
+export GOPATH=%{gopath}
+export GOROOT_FINAL=%{_bindir}/go
+rm -f  %{gopath}/src/runtime/*.c
+pushd src
+./make.bash --no-clean
+popd
+
+%install
+
+mkdir -p %{buildroot}%{_bindir}
+mkdir -p %{buildroot}%{goroot}
+
+cp -R api bin doc lib pkg src misc VERSION %{buildroot}%{goroot}
+
+# remove the unnecessary zoneinfo file (Go will always use the system one first)
+rm -rfv %{buildroot}%{goroot}/lib/time
+
+# remove the doc Makefile
+rm -rfv %{buildroot}%{goroot}/doc/Makefile
+
+# put binaries to bindir, linked to the arch we're building,
+# leave the arch independent pieces in %{goroot}
+mkdir -p %{buildroot}%{goroot}/bin/linux_%{gohostarch}
+ln -sfv ../go %{buildroot}%{goroot}/bin/linux_%{gohostarch}/go
+ln -sfv ../gofmt %{buildroot}%{goroot}/bin/linux_%{gohostarch}/gofmt
+ln -sfv %{goroot}/bin/gofmt %{buildroot}%{_bindir}/gofmt
+ln -sfv %{goroot}/bin/go %{buildroot}%{_bindir}/go
+
+# ensure these exist and are owned
+mkdir -p %{buildroot}%{gopath}/src/github.com/
+mkdir -p %{buildroot}%{gopath}/src/bitbucket.org/
+mkdir -p %{buildroot}%{gopath}/src/code.google.com/p/
+
+install -vdm755 %{buildroot}%{_sysconfdir}/profile.d
+cat >> %{buildroot}%{_sysconfdir}/profile.d/go-exports.sh <<- "EOF"
+export GOROOT=%{goroot}
+export GOPATH=%{_datadir}/gocode
+export GOHOSTOS=linux
+export GOHOSTARCH=%{gohostarch}
+export GOOS=linux
+EOF
+
+%post -p /sbin/ldconfig
+%postun
+/sbin/ldconfig
+if [ $1 -eq 0 ]; then
+  #This is uninstall
+  rm %{_sysconfdir}/profile.d/go-exports.sh
+  rm -rf /opt/go
+  exit 0
+fi
+
+%files
+%defattr(-,root,root)
+%license LICENSE
+%exclude %{goroot}/src/*.rc
+%exclude %{goroot}/include/plan9
+%{_sysconfdir}/profile.d/go-exports.sh
+%{goroot}/*
+%{gopath}/src
+%exclude %{goroot}/src/pkg/debug/dwarf/testdata
+%exclude %{goroot}/src/pkg/debug/elf/testdata
+%{_bindir}/*
+
+%changelog
+* Tue Apr 12 2022 Muhammad Falak <mwani@microsoft.com> - 1.17.10-1
+- Bump version to 1.17.10 to address CVE-2021-44716
+
+* Thu Feb 17 2022 Andrew Phelps <anphel@microsoft.com> - 1.17.1-2
+- Use _topdir instead of hard-coded value /usr/src/mariner
+- License verified
+
+* Wed Sep 15 2021 Andrew Phelps <anphel@microsoft.com> - 1.17.1-1
+- Updated to version 1.17.1
+
+* Tue Jun 08 2021 Henry Beberman <henry.beberman@microsoft.com> - 1.15.13-1
+- Updated to version 1.15.13 to fix CVE-2021-33194 and CVE-2021-31525
+
+* Mon Apr 26 2021 Nicolas Guibourge <nicolasg@microsoft.com> - 1.15.11-1
+- Updated to version 1.15.11 to fix CVE-2021-27918
+
+* Wed Feb 03 2021 Andrew Phelps <anphel@microsoft.com> - 1.15.7-1
+- Updated to version 1.15.7 to fix CVE-2021-3114
+
+* Mon Nov 23 2020 Henry Beberman <henry.beberman@microsoft.com> - 1.15.5-1
+- Updated to version 1.15.5
+
+* Fri Oct 30 2020 Thomas Crain <thcrain@microsoft.com> - 1.13.15-2
+- Patch CVE-2020-24553
+
+* Tue Sep 08 2020 Nicolas Ontiveros <niontive@microsoft.com> - 1.13.15-1
+- Updated to version 1.13.15, which fixes CVE-2020-14039 and CVE-2020-16845.
+
+* Sun May 24 2020 Mateusz Malisz <mamalisz@microsoft.com> - 1.13.11-1
+- Updated to version 1.13.11
+
+* Sat May 09 2020 Nick Samson <nisamson@microsoft.com> - 1.12.5-7
+- Added %%license line automatically
+
+* Thu Apr 30 2020 Emre Girgin <mrgirgin@microsoft.com> - 1.12.5-6
+- Renaming go to golang
+
+* Thu Apr 23 2020 Nicolas Ontiveros <niontive@microsoft.com> - 1.12.5-5
+- Fix CVE-2019-14809.
+
+* Fri Mar 27 2020 Andrew Phelps <anphel@microsoft.com> - 1.12.5-4
+- Support building standalone by adding go 1.4 bootstrap.
+
+* Thu Feb 27 2020 Henry Beberman <hebeberm@microsoft.com> - 1.12.5-3
+- Remove meta dependency on libc.so.6
+
+* Thu Feb 6 2020 Andrew Phelps <anphel@microsoft.com> - 1.12.5-2
+- Remove ExtraBuildRequires
+
+* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> - 1.12.5-1
+- Initial CBL-Mariner import from Photon (license: Apache2).
+
+* Mon Jan 21 2019 Bo Gan <ganb@vmware.com> - 1.9.7-1
+- Update to 1.9.7
+
+* Wed Oct 24 2018 Alexey Makhalov <amakhalov@vmware.com> - 1.9.4-3
+- Use extra build requires
+
+* Mon Apr 02 2018 Dheeraj Shetty <dheerajs@vmware.com> - 1.9.4-2
+- Fix for CVE-2018-7187
+
+* Thu Mar 15 2018 Xiaolin Li <xiaolinl@vmware.com> - 1.9.4-1
+- Update to golang release v1.9.4
+
+* Tue Nov 14 2017 Alexey Makhalov <amakhalov@vmware.com> - 1.9.1-2
+- Aarch64 support
+
+* Wed Nov 01 2017 Vinay Kulkarni <kulkarniv@vmware.com> - 1.9.1-1
+- Update to golang release v1.9.1
+
+* Wed May 31 2017 Xiaolin Li <xiaolinl@vmware.com> - 1.8.1-2
+- Remove mercurial from buildrequires and requires.
+
+* Tue Apr 11 2017 Danut Moraru <dmoraru@vmware.com> - 1.8.1-1
+- Update Golang to version 1.8.1, updated patch0
+
+* Wed Dec 28 2016 Xiaolin Li <xiaolinl@vmware.com> - 1.7.4-1
+- Updated Golang to 1.7.4.
+
+* Thu Oct 06 2016 ChangLee <changlee@vmware.com> - 1.6.3-2
+- Modified %check
+
+* Wed Jul 27 2016 Anish Swaminathan <anishs@vmware.com> - 1.6.3-1
+- Update Golang to version 1.6.3 - fixes CVE 2016-5386
+
+* Fri Jul 8 2016 Harish Udaiya Kumar <hudaiyakumar@vmware.com> - 1.6.2-1
+- Updated the Golang to version 1.6.2
+
+* Thu Jun 2 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> - 1.4.2-5
+- Fix script syntax
+
+* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> - 1.4.2-4
+- GA - Bump release of all rpms
+
+* Thu May 05 2016 Kumar Kaushik <kaushikk@vmware.com> - 1.4.2-3
+- Handling upgrade scenario pre/post/un scripts.
+
+* Wed Dec 09 2015 Anish Swaminathan <anishs@vmware.com> - 1.4.2-2
+- Edit post script.
+
+* Mon Aug 03 2015 Vinay Kulkarni <kulkarniv@vmware.com> - 1.4.2-1
+- Update to golang release version 1.4.2
+
+* Fri Oct 17 2014 Divya Thaluru <dthaluru@vmware.com> - 1.3.3-1
+- Initial build.  First version
diff --git a/cgmanifest.json b/cgmanifest.json
index f1021a4cceb..b9050c884e0 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -1357,8 +1357,8 @@
         "type": "other",
         "other": {
           "name": "cert-manager",
-          "version": "1.5.3",
-          "downloadUrl": "https://github.com/jetstack/cert-manager/archive/refs/tags/v1.5.3.tar.gz"
+          "version": "1.7.3",
+          "downloadUrl": "https://github.com/jetstack/cert-manager/archive/refs/tags/v1.7.3.tar.gz"
         }
       }
     },

From ad7e99e5b6ceaeae865a2e37748cc56214ed0cfb Mon Sep 17 00:00:00 2001
From: Chris Gunn <chrisgun@microsoft.com>
Date: Fri, 19 Aug 2022 16:25:31 -0700
Subject: [PATCH 3/3] Update .spec formatting

---
 SPECS/cert-manager/cert-manager.spec | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/SPECS/cert-manager/cert-manager.spec b/SPECS/cert-manager/cert-manager.spec
index 7d0ac15cc97..f3b74339b42 100644
--- a/SPECS/cert-manager/cert-manager.spec
+++ b/SPECS/cert-manager/cert-manager.spec
@@ -22,44 +22,44 @@ Source0:        %{name}-%{version}.tar.gz
 Source1:        %{name}-%{version}-govendor.tar.gz
 BuildRequires:  golang
 BuildRequires:  patch
-Requires: %{name}-acmesolver
-Requires: %{name}-cainjector
-Requires: %{name}-controller
-Requires: %{name}-cmctl
-Requires: %{name}-webhook
+Requires:       %{name}-acmesolver
+Requires:       %{name}-cainjector
+Requires:       %{name}-cmctl
+Requires:       %{name}-controller
+Requires:       %{name}-webhook
 
 %description
 cert-manager is a Kubernetes add-on to automate the management and issuance
 of TLS certificates from various issuing sources.
 
 %package acmesolver
-Summary: cert-manager's acmesolver binary
+Summary:        cert-manager's acmesolver binary
 
 %description acmesolver
 HTTP server used to solve ACME challenges.
 
 %package cainjector
-Summary: cert-manager's cainjector binary
+Summary:        cert-manager's cainjector binary
 
 %description cainjector
 cert-manager CA injector is a Kubernetes addon to automate the injection of CA data into
 webhooks and APIServices from cert-manager certificates.
 
 %package controller
-Summary: cert-manager's controller binary
+Summary:        cert-manager's controller binary
 
 %description controller
 cert-manager is a Kubernetes addon to automate the management and issuance of
 TLS certificates from various issuing sources.
 
 %package cmctl
-Summary: cert-manager's cmctl binary
+Summary:        cert-manager's cmctl binary
 
 %description cmctl
 cmctl is a CLI tool manage and configure cert-manager resources for Kubernetes
 
 %package webhook
-Summary: cert-manager's webhook binary
+Summary:        cert-manager's webhook binary
 
 %description webhook
 Webhook component providing API validation, mutation and conversion functionality for cert-manager.