[dev.boringcrypto] misc/boring: add go1.12.1b4 and update build scripts

The inliner seems to have gotten a bit too smart in 1.12 and it made
sha1.boringNewSHA1 disappear. Replace it with the proper
crypto/internal/boring/sig.BoringCrypto signature. Also, switch the
negative signature to sha256.(*digest), since SHA-256 is used for sure
by cmd/go. Not using crypto/internal/boring/sig.StandardCrypto just to
be safe, in case the crypto/internal/boring/sig mechanism breaks.

Also, had to fight #30833 and #30515 to get
golang.org/x/build/cmd/release to build in modules mode.

Change-Id: I46f1471582fd77daae47d00baab975109902052d
Reviewed-on: https://go-review.googlesource.com/c/go/+/169517
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>

misc/boring/RELEASES

@@ -29,3 +29,5 @@ go1.10.8b4 4b76b996cb0a linux-amd64 https://go-boringcrypto.storage.googleapis.c
 go1.10.8b4 4b76b996cb0a src https://go-boringcrypto.storage.googleapis.com/go1.10.8b4.src.tar.gz c1f5df50a4be3d0cb3aed7b80728f2b23c18deff0383636274742a38c145f939
 go1.11.5b4 3fb9dafacc45 linux-amd64 https://go-boringcrypto.storage.googleapis.com/go1.11.5b4.linux-amd64.tar.gz 9b5b2972b452da9ba6bba65bab18fb9e8fbda31b5c489275710e5429d76f568c
 go1.11.5b4 3fb9dafacc45 src https://go-boringcrypto.storage.googleapis.com/go1.11.5b4.src.tar.gz 1c5801e2af25c9299d9fd94c64f9ec11fd35777c45d5d0f398c0a9884b1cfbbf
+go1.12.1b4 88e20e81a61f linux-amd64 https://go-boringcrypto.storage.googleapis.com/go1.12.1b4.linux-amd64.tar.gz b71886e0d65e5efea2e0a3cbd0c3cd0daf84c437078e755ecde25f4ac0bbed2f
+go1.12.1b4 88e20e81a61f src https://go-boringcrypto.storage.googleapis.com/go1.12.1b4.src.tar.gz d44be1396eb2854b5d9c4d8e8ed0cf9fea1e9dc5a02d8f53b41ba571951a329f

misc/boring/build.docker

@@ -43,12 +43,12 @@ dversion=$(echo "$version" | sed 's/^go//')
 docker build --pull -t goboring/golang:$dversion $dir
 docker run goboring/golang:$dversion go version
 docker run goboring/golang:$dversion go tool nm /usr/local/go/bin/go >$dir/nm
-if ! grep crypto/sha1.boringNewSHA1 $dir/nm >/dev/null; then
-	echo 'built docker image but did NOT find sha1.boringNewSHA1 in go command!' >&2
+if ! grep crypto/internal/boring/sig.BoringCrypto $dir/nm >/dev/null; then
+	echo 'built docker image but did NOT find sig.BoringCrypto in go command!' >&2
 	exit 2
 fi
-if egrep 'crypto/sha1\.\(\*digest\)' $dir/nm >/dev/null; then
-	echo 'built docker image but DID find sha1.(*digest) in go command unexpectedly!' >&2
+if egrep 'crypto/sha256\.\(\*digest\)' $dir/nm >/dev/null; then
+	echo 'built docker image but DID find sha256.(*digest) in go command unexpectedly!' >&2
 	exit 2
 fi
 docker push goboring/golang:$dversion

misc/boring/build.release

@@ -56,12 +56,12 @@ echo >&2
 git log -n1 "$commit" >&2
 echo >&2
 
-# Build the release tool in a temporary GOPATH.
+# Build the release tool in a temporary directory.
 dir=$(mktemp -d)
 trap "rm -rf $dir" EXIT
-export GOPATH="$dir"
+export GO111MODULE=on
 export GOBIN="$dir"
-go get -u golang.org/x/build/cmd/release
+(cd "$dir"; go get golang.org/x/build/cmd/release)
 
 # Build the release.
 sha() {
@@ -84,12 +84,12 @@ sha256src=$(sha "$outputsrc" | awk '{print $1}')
 trap "rm -f /tmp/go.release.$$ /tmp/go.nm.$$" EXIT
 tar -xzf "$output" -O go/bin/go >/tmp/go.release.$$
 go tool nm /tmp/go.release.$$ >/tmp/go.nm.$$
-if ! grep crypto/sha1.boringNewSHA1 /tmp/go.nm.$$ >/dev/null; then
-	echo 'built release but did NOT find sha1.boringNewSHA1 in go command!' >&2
+if ! grep crypto/internal/boring/sig.BoringCrypto /tmp/go.nm.$$ >/dev/null; then
+	echo 'built release but did NOT find sig.BoringCrypto in go command!' >&2
 	exit 2
 fi
-if egrep 'crypto/sha1\.\(\*digest\)' /tmp/go.nm.$$ >/dev/null; then
-	echo 'built release but DID find sha1.(*digest) in go command unexpectedly!' >&2
+if egrep 'crypto/sha256\.\(\*digest\)' /tmp/go.nm.$$ >/dev/null; then
+	echo 'built release but DID find sha256.(*digest) in go command unexpectedly!' >&2
 	exit 2
 fi