Refactor DNSSEC to use crypto.{PrivateKey,Signer} #197
Conversation
|
It deletes more than it add, so I like it. I have some nits, but it does not build with go 1.3? Which is annoying... |
|
Umh, yeah I'd say that using stdlib interfaces is worth the restriction, but what about a nodnssec tag? |
|
Added a go13 tag that disables Sign and sig0 |
FiloSottile
force-pushed
the
filippo/crypto
branch
2 times, most recently
from
3b62c83 to
1549dad
Compare
|
I won't kill 1.3 support atm. When 1.5 comes out, I'm fine with merging this (and dropping Go 1.3) |
|
What if I swap things and make it compile by default on 1.3 without Sign and with a tag for 1.4-only Sign? Sent from a small keyboard
|
|
Just realized I'm an idiot. Go supports version tags. So I can make it compile cleanly on all versions, with RRSIG.Sign (and Sig0) only on >= 1.4. Sent from a small keyboard
|
|
Just to be clear: does this mean Sign() won't work at all for go < 1.4 ? I.e. not DNSSEC? |
|
Yes, Sign() would simply not be compiled for < 1.4 but Verify and everything else would still work. Sent from a small keyboard
|
|
Hmmm, I see. Then I rather wait a bit and merge this when 1.5 is out (and dropping 1.3 support at the same time). |
FiloSottile
force-pushed
the
filippo/crypto
branch
from
1549dad to
05e9273
Compare
|
Alright, I'm going to merge this on cloudflare/dns and leave it open here for later. I edited it anyway to use the built-in version tags. Works with the current Travis config out of the box. |
|
[ Quoting notifications@github.com in "Re: [dns] Refactor DNSSEC to use cr..." ]
Ack.
/Miek Miek Gieben |
|
Think it is about time to get this in... Can you rebase/fix/tweak this a little? Thanks! |
FiloSottile
force-pushed
the
filippo/crypto
branch
from
05e9273 to
a2468d3
Compare
|
Done. This is the vanilla change, without reordering the files, which can be a future PR. |
This will allow RRSIG.Sign to use generic crypto.Signer implementations. This is a interface breaking change, even if the required changes are most likely just type asserions from crypto.PrivateKey to the underlying type or crypto.Signer.
FiloSottile
force-pushed
the
filippo/crypto
branch
from
a2468d3 to
034c247
Compare
Refactor DNSSEC to use crypto.{PrivateKey,Signer}
go 1.4 is now required (miekg/dns#197)
go 1.4 is now required (miekg/dns#197)
* fix where providing a SERVICE_NAME for a container with multiple ports exposed would cause services to overwrite each other * Synchornize etcd cluster in registrator on service registration * note on docker hub tags * link to boot2docker * analytics * Default to tcp for PortType if not provided * Allow DEV_RUN_OPTS to be used when calling make dev * Add new version checker Checks for new versions with the "usage" service and automatically displays a standard version message when the "--version" flag is passed. * Adding retries to backend service in the startup Signed-off-by: Marcelo Salazar R <chelosalazar@gmail.com> * Added retry parameters documentation Signed-off-by: Marcelo Salazar R <chelosalazar@gmail.com> * Upgrade to alpine:3.2 and go 1.4 go 1.4 is now required (miekg/dns#197) * Refactor bridge for better testability bridge.New no longer attempts to ping an adapter, caller must now use the bridge Ping method. A few simple tests have been added to the bridge pkg * Removed unused attributes * prebump * Adding documentation link * update wording for Weave product family * updating documentation & CHANGELOG * Fix specific port names not overriding port suffix * Actually check metadata from port. Fix ENV variable order dependency * Use exit status to determine if container was killed Instead of using the "kill" and "stop" events, this uses the exit status to check whether the container was terminated via a signal. This will be more reliable since the "kill" event can also be sent for non-fatal signals such as SIGHUP. Fixes #248 * Fix releases link in README * Align SPONSORS text * Add more detailed usage regarding options placement Go's "flag" module only parses options up until the first non-option argument, so additional arguments are left unparsed in "flag.Args()". We only expect one argument, but additional arguments were ignored, leading to some confusion about options that were ignored. This updates the Usage() message with the syntax showing the options before the registry URI, as well as more detail if the registry argument is missing, or additional arguments are found. * Cleanup dangling services When a service was previously registered into the service registry and registrator exits without unregistering, registrator now queries the backend to see which services were registered, and checks against it's internal list to determine which should be unregistered. * Support for Docker multi host networking When using the Docker multi-host networking, IPAddress under NetworkSettings is set to an empty string and the container IP can be retrieved from NetworkSettings.Networks. At this point it is assumed a single Docker network is associated with the container * Update util.go * Using NewVersionedClientFromEnv to create docker client * Initial basic zookeeper backend for registrator * Small docs refurbishment * Note for ignoring individual service on container * Add support for Consul unix sockets * Change default port for etc2 backend to default 2379 * Update docs for etcd backend for default port * *servicePort method add support hostip for overlay network * gofmt bridge * added Consul TCP Health Check * removed sentence that was copied from HTTP health check * Update CHANGELOG * Add image size to readme. Closes #290 * Release prep * Add image size to docs * bump * Have the zookeeper backend use the host port for the service paths, allow publishing services if the base service path already exists, and allow publishing into the root of zookeeper. (#367)
This will allow RRSIG.Sign to use generic crypto.Signer implementations.
This is a interface breaking change, even if the required changes are most
likely just type asserions from crypto.PrivateKey to the underlying type or
crypto.Signer.