From 4c0796ffabfce772b6ba21abf8bc6bc258d79671 Mon Sep 17 00:00:00 2001 From: Dmitriy Matrenichev Date: Thu, 10 Oct 2024 19:08:02 +0300 Subject: [PATCH] chore: bump grpc library and fix ALPN issue Bump grpc library to 1.67.1 and ensure that we set proper HTTP/2 ALPN value. Closes #9463 Depends on https://github.com/siderolabs/crypto/pull/34 Signed-off-by: Dmitriy Matrenichev --- Makefile | 6 +++--- go.mod | 5 ++++- go.sum | 8 ++++---- hack/cloud-image-uploader/go.mod | 2 +- hack/cloud-image-uploader/go.sum | 4 ++-- internal/app/apid/main.go | 4 ++-- internal/app/apid/pkg/provider/provider.go | 2 +- pkg/grpc/factory/factory.go | 9 --------- pkg/machinery/client/client.go | 2 +- pkg/machinery/client/secure_credentials.go | 2 +- pkg/machinery/go.mod | 12 ++++++++---- pkg/machinery/go.sum | 8 ++++---- 12 files changed, 31 insertions(+), 33 deletions(-) diff --git a/Makefile b/Makefile index f0140b1127c..767e7b28dee 100644 --- a/Makefile +++ b/Makefile @@ -63,17 +63,17 @@ PKG_TALOSCTL_CNI_BUNDLE_INSTALL ?= $(PKGS_PREFIX)/talosctl-cni-bundle-install:$( # renovate: datasource=github-tags depName=golang/go GO_VERSION ?= 1.23 # renovate: datasource=go depName=golang.org/x/tools -GOIMPORTS_VERSION ?= v0.24.0 +GOIMPORTS_VERSION ?= v0.25.0 # renovate: datasource=go depName=mvdan.cc/gofumpt GOFUMPT_VERSION ?= v0.7.0 # renovate: datasource=go depName=github.com/golangci/golangci-lint GOLANGCILINT_VERSION ?= v1.61.0 # renovate: datasource=go depName=golang.org/x/tools -STRINGER_VERSION ?= v0.24.0 +STRINGER_VERSION ?= v0.25.0 # renovate: datasource=go depName=github.com/dmarkham/enumer ENUMER_VERSION ?= v1.5.10 # renovate: datasource=go depName=k8s.io/code-generator -DEEPCOPY_GEN_VERSION ?= v0.31.0 +DEEPCOPY_GEN_VERSION ?= v0.31.1 # renovate: datasource=go depName=github.com/planetscale/vtprotobuf VTPROTOBUF_VERSION ?= v0.6.0 # renovate: datasource=go depName=github.com/siderolabs/deep-copy diff --git a/go.mod b/go.mod index e021019941d..01e923bb5f5 100644 --- a/go.mod +++ b/go.mod @@ -12,6 +12,9 @@ replace ( // see https://github.com/mdlayher/kobject/pull/5 github.com/mdlayher/kobject => github.com/smira/kobject v0.0.0-20240304111826-49c8d4613389 + // fix ALPN issue in grpc-go + github.com/siderolabs/crypto => github.com/DmitriyMV/crypto v0.0.0-20241010155414-58b2f9291c7e + // Use nested module. github.com/siderolabs/talos/pkg/machinery => ./pkg/machinery @@ -189,7 +192,7 @@ require ( golang.org/x/text v0.18.0 golang.org/x/time v0.6.0 golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230429144221-925a1e7659e6 - google.golang.org/grpc v1.66.3 + google.golang.org/grpc v1.67.1 google.golang.org/protobuf v1.34.2 gopkg.in/yaml.v3 v3.0.1 k8s.io/klog/v2 v2.130.1 diff --git a/go.sum b/go.sum index 8d8a873687d..d618f6e9c02 100644 --- a/go.sum +++ b/go.sum @@ -29,6 +29,8 @@ github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mx github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/DmitriyMV/crypto v0.0.0-20241010155414-58b2f9291c7e h1:vKgVWVhipaPkXfnNZSOTSMZOHtb+cX1/JSXidkvsHOQ= +github.com/DmitriyMV/crypto v0.0.0-20241010155414-58b2f9291c7e/go.mod h1:hsR3tJ3aaeuhCChsLF4dBd9vlJVPvmhg4vvx2ez4aD4= github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= @@ -575,8 +577,6 @@ github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/siderolabs/coredns v1.11.53 h1:HoRPGey3HNj409+15OGnP9Jt4NNpRKsm7izjc/M/G20= github.com/siderolabs/coredns v1.11.53/go.mod h1:2bxje5r6+o9rO0k7bEb5BitqPz8YUYaIY8iJHD1ELtE= -github.com/siderolabs/crypto v0.4.4 h1:Q6EDBMR2Ub2oAZW5Xl8lrKB27bM3Sn8Gkfw3rngco5U= -github.com/siderolabs/crypto v0.4.4/go.mod h1:hsR3tJ3aaeuhCChsLF4dBd9vlJVPvmhg4vvx2ez4aD4= github.com/siderolabs/discovery-api v0.1.4 h1:2fMEFSMiWaD1zDiBDY5md8VxItvL1rDQRSOfeXNjYKc= github.com/siderolabs/discovery-api v0.1.4/go.mod h1:kaBy+G42v2xd/uAF/NIe383sjNTBE2AhxPTyi9SZI0s= github.com/siderolabs/discovery-client v0.1.9 h1:yDzvts++Nf/2qczdDUfU5GAibkEIgz/eo9RPG/k/rOc= @@ -1000,8 +1000,8 @@ google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnD google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.66.3 h1:TWlsh8Mv0QI/1sIbs1W36lqRclxrmF+eFJ4DbI0fuhA= -google.golang.org/grpc v1.66.3/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= +google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E= +google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= diff --git a/hack/cloud-image-uploader/go.mod b/hack/cloud-image-uploader/go.mod index 274217adf34..1a627d6aeac 100644 --- a/hack/cloud-image-uploader/go.mod +++ b/hack/cloud-image-uploader/go.mod @@ -68,6 +68,6 @@ require ( google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect - google.golang.org/grpc v1.66.0 // indirect + google.golang.org/grpc v1.67.1 // indirect google.golang.org/protobuf v1.34.2 // indirect ) diff --git a/hack/cloud-image-uploader/go.sum b/hack/cloud-image-uploader/go.sum index 6ff95a7e106..43febf1378e 100644 --- a/hack/cloud-image-uploader/go.sum +++ b/hack/cloud-image-uploader/go.sum @@ -269,8 +269,8 @@ google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.66.0 h1:DibZuoBznOxbDQxRINckZcUvnCEvrW9pcWIE2yF9r1c= -google.golang.org/grpc v1.66.0/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= +google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E= +google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= diff --git a/internal/app/apid/main.go b/internal/app/apid/main.go index 79bc88d6517..299524c8e0f 100644 --- a/internal/app/apid/main.go +++ b/internal/app/apid/main.go @@ -21,7 +21,7 @@ import ( "github.com/cosi-project/runtime/api/v1alpha1" "github.com/cosi-project/runtime/pkg/state" "github.com/cosi-project/runtime/pkg/state/protobuf/client" - debug "github.com/siderolabs/go-debug" + "github.com/siderolabs/go-debug" "github.com/siderolabs/grpc-proxy/proxy" "golang.org/x/sync/errgroup" "google.golang.org/grpc" @@ -248,7 +248,7 @@ func apidMain() error { return errGroup.Wait() } -func verifyExtKeyUsage(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { +func verifyExtKeyUsage(_ [][]byte, verifiedChains [][]*x509.Certificate) error { if len(verifiedChains) == 0 { return errors.New("no verified chains") } diff --git a/internal/app/apid/pkg/provider/provider.go b/internal/app/apid/pkg/provider/provider.go index 87cd29913e8..6cf09e45fdb 100644 --- a/internal/app/apid/pkg/provider/provider.go +++ b/internal/app/apid/pkg/provider/provider.go @@ -193,7 +193,7 @@ func (p *certificateProvider) GetCACertPool() (*stdx509.CertPool, error) { return p.caCertPool, nil } -func (p *certificateProvider) GetCertificate(h *stdlibtls.ClientHelloInfo) (*stdlibtls.Certificate, error) { +func (p *certificateProvider) GetCertificate(*stdlibtls.ClientHelloInfo) (*stdlibtls.Certificate, error) { p.mu.Lock() defer p.mu.Unlock() diff --git a/pkg/grpc/factory/factory.go b/pkg/grpc/factory/factory.go index 9e758f81876..da98e7f44fd 100644 --- a/pkg/grpc/factory/factory.go +++ b/pkg/grpc/factory/factory.go @@ -6,7 +6,6 @@ package factory import ( "context" - "crypto/tls" "errors" "fmt" "io" @@ -39,7 +38,6 @@ type Options struct { Port int SocketPath string Network string - Config *tls.Config ServerOptions []grpc.ServerOption UnaryInterceptors []grpc.UnaryServerInterceptor StreamInterceptors []grpc.StreamServerInterceptor @@ -79,13 +77,6 @@ func Network(o string) Option { } } -// Config sets the listen port of the server. -func Config(o *tls.Config) Option { - return func(args *Options) { - args.Config = o - } -} - // ServerOptions appends to the gRPC server options of the server. func ServerOptions(o ...grpc.ServerOption) Option { return func(args *Options) { diff --git a/pkg/machinery/client/client.go b/pkg/machinery/client/client.go index e5d235cb992..4ab33dda8e7 100644 --- a/pkg/machinery/client/client.go +++ b/pkg/machinery/client/client.go @@ -144,7 +144,7 @@ func (c *Client) GetClusterName() string { } // New returns a new Client. -func New(ctx context.Context, opts ...OptionFunc) (c *Client, err error) { +func New(_ context.Context, opts ...OptionFunc) (c *Client, err error) { c = new(Client) c.options = new(Options) diff --git a/pkg/machinery/client/secure_credentials.go b/pkg/machinery/client/secure_credentials.go index 807bf05a652..6f21924250c 100644 --- a/pkg/machinery/client/secure_credentials.go +++ b/pkg/machinery/client/secure_credentials.go @@ -17,7 +17,7 @@ func (c BasicAuth) RequireTransportSecurity() bool { return true } -func buildCredentials(configContext *clientconfig.Context, endpoints []string) (credentials.TransportCredentials, error) { +func buildCredentials(configContext *clientconfig.Context, _ []string) (credentials.TransportCredentials, error) { tlsConfig, err := buildTLSConfig(configContext) if err != nil { return nil, err diff --git a/pkg/machinery/go.mod b/pkg/machinery/go.mod index e30039dd9cb..300189e9a00 100644 --- a/pkg/machinery/go.mod +++ b/pkg/machinery/go.mod @@ -2,9 +2,13 @@ module github.com/siderolabs/talos/pkg/machinery go 1.23.2 -// forked go-yaml that introduces RawYAML interface, which can be used to populate YAML fields using bytes -// which are then encoded as a valid YAML blocks with proper indentiation -replace gopkg.in/yaml.v3 => github.com/unix4ever/yaml v0.0.0-20220527175918-f17b0f05cf2c +replace ( + // fix ALPN issue in grpc-go + github.com/siderolabs/crypto => github.com/DmitriyMV/crypto v0.0.0-20241010155414-58b2f9291c7e + // forked go-yaml that introduces RawYAML interface, which can be used to populate YAML fields using bytes + // which are then encoded as a valid YAML blocks with proper indentiation + gopkg.in/yaml.v3 => github.com/unix4ever/yaml v0.0.0-20220527175918-f17b0f05cf2c +) require ( github.com/blang/semver/v4 v4.0.0 @@ -34,7 +38,7 @@ require ( github.com/stretchr/testify v1.9.0 google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 - google.golang.org/grpc v1.66.3 + google.golang.org/grpc v1.67.1 google.golang.org/protobuf v1.34.2 gopkg.in/yaml.v3 v3.0.1 ) diff --git a/pkg/machinery/go.sum b/pkg/machinery/go.sum index d9d07edfc51..d0f39305ef5 100644 --- a/pkg/machinery/go.sum +++ b/pkg/machinery/go.sum @@ -1,3 +1,5 @@ +github.com/DmitriyMV/crypto v0.0.0-20241010155414-58b2f9291c7e h1:vKgVWVhipaPkXfnNZSOTSMZOHtb+cX1/JSXidkvsHOQ= +github.com/DmitriyMV/crypto v0.0.0-20241010155414-58b2f9291c7e/go.mod h1:hsR3tJ3aaeuhCChsLF4dBd9vlJVPvmhg4vvx2ez4aD4= github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= github.com/ProtonMail/go-crypto v1.1.0-alpha.5.0.20240827111422-b5837fa4476e h1:O1cSHAcGcbGEO66Qi2AIJeYmXO8iP4L/PNrbdN+RjJA= github.com/ProtonMail/go-crypto v1.1.0-alpha.5.0.20240827111422-b5837fa4476e/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= @@ -101,8 +103,6 @@ github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkB github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 h1:lZUw3E0/J3roVtGQ+SCrUrg3ON6NgVqpn3+iol9aGu4= github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPOhJotwFIyu2bBVN41fcDUY= -github.com/siderolabs/crypto v0.4.4 h1:Q6EDBMR2Ub2oAZW5Xl8lrKB27bM3Sn8Gkfw3rngco5U= -github.com/siderolabs/crypto v0.4.4/go.mod h1:hsR3tJ3aaeuhCChsLF4dBd9vlJVPvmhg4vvx2ez4aD4= github.com/siderolabs/gen v0.5.0 h1:Afdjx+zuZDf53eH5DB+E+T2JeCwBXGinV66A6osLgQI= github.com/siderolabs/gen v0.5.0/go.mod h1:1GUMBNliW98Xeq8GPQeVMYqQE09LFItE8enR3wgMh3Q= github.com/siderolabs/go-api-signature v0.3.6 h1:wDIsXbpl7Oa/FXvxB6uz4VL9INA9fmr3EbmjEZYFJrU= @@ -201,8 +201,8 @@ google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 h1: google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:qpvKtACPCQhAdu3PyQgV4l3LMXZEtft7y8QcarRsp9I= google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ= google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= -google.golang.org/grpc v1.66.3 h1:TWlsh8Mv0QI/1sIbs1W36lqRclxrmF+eFJ4DbI0fuhA= -google.golang.org/grpc v1.66.3/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= +google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E= +google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=