build: Upgrade to go 1.12.10 #41576
build: Upgrade to go 1.12.10 #41576
Conversation
bobvawter
commented
Oct 14, 2019
•
bobvawter
commented
|
This change is |
|
PTAL. A security fix in go 1.12.8 changed how |
|
huh wait We document that cockroachdb is able to use ports by name. If |
Removing support for named ports was part of a security fix in go1.12.8. See https://go-review.googlesource.com/c/go/+/189258/. Trying to re-add support ourselves sounds fraught and not worth the effort (writing our own URL parser?). Do you suspect anyone is using this functionality? I didn't even know it existed until this PR. |
|
I can't remember ever actually using named ports in practice. Either something's using the default port, or it's not worth updating |
|
@petermattis @knz unclear how we should proceed here -- who makes the call on whether this "feature" gets removed, and how do we follow up on it? |
|
Probably worth bumping as well. |
|
@kenliu I am looking at this now. I'm checking what we have in docs about this. |
|
Ok I got to the bottom of this from the linked CL by Peter:
RFC 3986 refers to the URL syntax. This tells us that even if CockoachDB supports service names in So you can go ahead with the change, I have no more objection. |
This change updates the golang version to 1.12.10 to pick up a security fix in the net/http package. This also picks up a URL parsing security fix in 1.12.8 that eliminates the use of named ports. See the relevant discussion in golang/go@3226f2d The change in URL parsing necessitates a test fix. Any customer impact should be minimal, given the rarity of named ports in common practice, and can be fixed by simply switching to numeric ports. Per the [checklist](build/README.md): * [X] Adjust version in Docker image * [X] Rebuild the Docker image and bump the version in builder.sh accordingly * [ ] ~Bump the version in go-version-check.sh~ (Patch release, not necessary) * [X] Bump the default installed version of Go in bootstrap-debian.sh Fixes: #40939 X-Ref: #23481 Release note (build change): The golang runtime has been upgraded to 1.12.10. Release note (general change): The use of named ports in URLs has been eliminated due to URL parsing ambiguities that were fixed in go 1.12.8. Any impact can be mitigated with the use of numeric port numbers.
|
bors r=petermattis |
41509: client/kv: keep transaction UserPriority in sync across client.Txn and TxnCoordSender r=nvanbenschoten a=nvanbenschoten Informs #32508. Before this change, a transaction's UserPriority could diverge between the transaction's client.Txn and its TxnCoordSender. This resulted in the need for ugly code (https://github.com/cockroachdb/cockroach/blob/57b02ddc74004e39a411084e05a20dccd93c3a22/pkg/kv/txn_coord_sender.go#L786), had bugs where a transaction could be restarted with the wrong user priority, and resulted in redundant calls to `roachpb.MakePriority`. This last issue had a runtime cost. We saw the redundant calls to `roachpb.MakePriority` show up in profiles. For instance, it was responsible for **0.32%** of a CPU profile when running Sysbench's `oltp_point_select` workload, mainly due to how slow `rand.ExpFloat64` is on the global rand object. This commit fixes this by keeping the priority in-sync between the `client.Txn` and the `kv.TxnCoordSender`. A side-effect of this is that we no longer perform redundant calls to `roachpb.MakePriority`. Release note: None 41576: build: Upgrade to go 1.12.10 r=petermattis a=bobvawter build: Upgrade to go 1.12.10 This change updates the golang version to 1.12.10 to pick up a security fix in the net/http package. This also picks up a URL parsing security fix in 1.12.8 that eliminates the use of named ports. See the relevant discussion in golang/go@3226f2d The change in URL parsing necessitates a test fix. Any customer impact should be minimal, given the rarity of named ports in common practice, and can be fixed by simply switching to numeric ports. Per the [checklist](build/README.md): * [X] Adjust version in Docker image * [X] Rebuild the Docker image and bump the version in builder.sh accordingly * [ ] ~Bump the version in go-version-check.sh~ (Patch release, not necessary) * [X] Bump the default installed version of Go in bootstrap-debian.sh Fixes: #40939 X-Ref: #23481 Release note (build change): The golang runtime has been upgraded to 1.12.10. Release note (general change): The use of named ports in URLs has been eliminated due to URL parsing ambiguities that were fixed in go 1.12.8. Any impact can be mitigated with the use of numeric port numbers. 41632: builtins: allow full consistency check w/o nuking cluster r=andreimatei a=tbg Previously, triggering a full consistency check would have potential to harm the cluster due to triggering checks with full DistSender parallelism. Limit to one check at a time for a (much slower, but) less harmful check (that we can potentially emit in roachtests). Release note: None 41636: roachtest: set acceptance/version-upgrade timeout to 30m r=andreimatei a=tbg When adding aggressive consistency checks, I noticed that acceptance/version-upgrade got pushed over the limit. Release note: None Co-authored-by: Nathan VanBenschoten <nvanbenschoten@gmail.com> Co-authored-by: Bob Vawter <bob@cockroachlabs.com> Co-authored-by: Tobias Schottdorf <tobias.schottdorf@gmail.com>
Build succeeded |
41647: release-19.2: build: Upgrade to go 1.12.10 r=petermattis a=bobvawter Backport 1/1 commits from #41576. /cc @cockroachdb/release --- build: Upgrade to go 1.12.10 This change updates the golang version to 1.12.10 to pick up a security fix in the net/http package. This also picks up a URL parsing security fix in 1.12.8 that eliminates the use of named ports. See the relevant discussion in golang/go@3226f2d The change in URL parsing necessitates a test fix. Any customer impact should be minimal, given the rarity of named ports in common practice, and can be fixed by simply switching to numeric ports. Per the [checklist](build/README.md): * [X] Adjust version in Docker image * [X] Rebuild the Docker image and bump the version in builder.sh accordingly * [ ] ~Bump the version in go-version-check.sh~ (Patch release, not necessary) * [X] Bump the default installed version of Go in bootstrap-debian.sh Fixes: #40939 X-Ref: #23481 Release note (build change): The golang runtime has been upgraded to 1.12.10. Release note (general change): The use of named ports in URLs has been eliminated due to URL parsing ambiguities that were fixed in go 1.12.8. Any impact can be mitigated with the use of numeric port numbers. Co-authored-by: Bob Vawter <bob@cockroachlabs.com>
