Go 1.15: broken PBSE2 KDF #26
Comments
|
Hi @eclipseo , thanks for letting me know. I'll take a look. Or if you have PR - it is always welcome too :) |
dvsekhvalnov
changed the title
|
Seems to be PBSE2 KDF is badly broken on Go v1.15 probably due to some changes in 'crypto/hash'. Investigating. That given said on v1.15 all PBSE2 encryption options producing not-compatible tokens. Everything else seems to be fine. |
|
Appears to be an issue with new crypto/hmac implementation with respect to will dig more |
|
Fixed in 1.15. @eclipseo when you have a chance, give it a try? All fixes have been merged to |
|
Hey thanks, works perfectly in Fedora 33 and Rawhide: |
Dominator008
added a commit
to celer-network/sgn
that referenced
this issue
Sep 23, 2020
The updated version fixed dvsekhvalnov/jose2go#26.
Dominator008
added a commit
to celer-network/sgn
that referenced
this issue
Sep 23, 2020
The updated version fixed dvsekhvalnov/jose2go#26.
Dominator008
added a commit
to celer-network/sgn
that referenced
this issue
Sep 24, 2020
The updated version fixed dvsekhvalnov/jose2go#26.
Dominator008
added a commit
to Dominator008/keyring
that referenced
this issue
Sep 25, 2020
The updated version fixed dvsekhvalnov/jose2go#26.
This was referenced Sep 25, 2020
alessio
pushed a commit
to cosmos/cosmos-sdk
that referenced
this issue
Sep 25, 2020
The release contains a fix for dvsekhvalnov/jose2go#26, which is needed for the file keyring backend to work with go 1.15.
alessio
pushed a commit
to cosmos/cosmos-sdk
that referenced
this issue
Sep 25, 2020
The release contains a fix for dvsekhvalnov/jose2go#26, which is needed for the file keyring backend to work with go 1.15. From: #7397
9 tasks
alessio
pushed a commit
to cosmos/cosmos-sdk
that referenced
this issue
Sep 28, 2020
The release contains a fix for dvsekhvalnov/jose2go#26, which is needed for the file keyring backend to work with go 1.15. From: #7397
daeMOn63
pushed a commit
to fetchai/cosmos-sdk
that referenced
this issue
May 5, 2021
The release contains a fix for dvsekhvalnov/jose2go#26, which is needed for the file keyring backend to work with go 1.15.
wy65701436
added a commit
to wy65701436/harbor
that referenced
this issue
Jun 29, 2021
Fixes goharbor#14932 Harbor recompiles the notary v0.6.1 with go 1.15 from v2.2.0, which introduces an break change that leads to notary key not found after migration. [Root cause] Notary v0.6.1 consumed an old version dvsekhvalnov/jose2, which is not compatible with go 1.15. [References] dvsekhvalnov/jose2go#26 golang/go#41089 [Resolve] To resolve this issue, we have to roll back go vesrion to v1.14 for notary v0.6.1 binary and keep it until upstream have a patch release to support go 1.15 or above. [Break change] If you're already on Harbor v2.2.0 ~ v2.2.2 and have signed images with notary, you will encouter the same issue after migrate to v2.2.3(or above) or v2.3.1(or above) because of the go version downgrade. We will have a FAQ to help you to resovle this particular scenario. The influence path of the particular case: Harbor v2.1.0(or lower) --> [v2.2.0 ~ v2.2.2] --> v2.2.3(or above) Harbor v2.1.0(or lower) --> v2.3.0 --> v2.3.1(or above) The non influence path of the paticular case: Harbor v2.1.0(or lower) --> v2.2.3(or above) Harbor v2.1.0(or lower) --> v2.3.1(or above) [Fix in Version] Harbor v2.2.3 or above Harbor v2.3.1 or above [Note] If you're a heavy user of notary, avoid using v2.2.0, v2.2.1, v2.2.2 and v2.3.0, and use the fixed version for instead. Signed-off-by: Wang Yan <wangyan@vmware.com>
wy65701436
added a commit
to wy65701436/harbor
that referenced
this issue
Jun 29, 2021
Fixes goharbor#14932 Harbor recompiles the notary v0.6.1 with go 1.15 from v2.2.0, which introduces an break change that leads to notary key not found after migration. [Root cause] Notary v0.6.1 consumed an old version dvsekhvalnov/jose2, which is not compatible with go 1.15. [References] dvsekhvalnov/jose2go#26 golang/go#41089 [Resolve] To resolve this issue, we have to roll back go vesrion to v1.14 for notary v0.6.1 binary and keep it until upstream have a patch release to support go 1.15 or above. [Break change] If you pushed and signed image using Harbor v2.2.0 ~ v2.2.2 and created new repository key in notary, you will encouter the same issue after migrate to v2.2.3(or above) or v2.3.1(or above) because of the go version downgrade. We will have a FAQ to help you to resovle this particular scenario. The influence path of the particular case: Harbor v2.1.0(or lower) --> [v2.2.0 ~ v2.2.2] --> v2.2.3(or above) Harbor v2.1.0(or lower) --> v2.3.0 --> v2.3.1(or above) The non influence path of the paticular case: Harbor v2.1.0(or lower) --> v2.2.3(or above) Harbor v2.1.0(or lower) --> v2.3.1(or above) [Fix in Version] Harbor v2.2.3 or above Harbor v2.3.1 or above [Note] If you're a heavy user of notary, avoid using v2.2.0, v2.2.1, v2.2.2 and v2.3.0, and use the fixed version for instead. Signed-off-by: Wang Yan <wangyan@vmware.com>
wy65701436
added a commit
to wy65701436/harbor
that referenced
this issue
Jun 29, 2021
Fixes goharbor#14932 Harbor recompiles the notary v0.6.1 with go 1.15 from v2.2.0, which introduces an break change that leads to notary key not found after migration. [Root cause] Notary v0.6.1 consumed an old version dvsekhvalnov/jose2, which is not compatible with go 1.15. [References] dvsekhvalnov/jose2go#26 golang/go#41089 [Resolve] To resolve this issue, we have to roll back go vesrion to v1.14 for notary v0.6.1 binary and keep it until upstream have a patch release to support go 1.15 or above. [Break change] If you pushed and signed image using Harbor v2.2.0 ~ v2.2.2 and created new repository key in notary, you will encouter the same issue after migrate to v2.2.3(or above) or v2.3.1(or above) because of the go version downgrade. We will have a FAQ to help you to resovle this particular scenario. The influence path of the particular case: Harbor v2.1.0(or lower) --> [v2.2.0 ~ v2.2.2] --> v2.2.3(or above) Harbor v2.1.0(or lower) --> v2.3.0 --> v2.3.1(or above) The non influence path of the paticular case: Harbor v2.1.0(or lower) --> v2.2.3(or above) Harbor v2.1.0(or lower) --> v2.3.1(or above) [Fix in Version] Harbor v2.2.3 or above Harbor v2.3.1 or above [Note] If you're a heavy user of notary, avoid using v2.2.0, v2.2.1, v2.2.2 and v2.3.0, and use the fixed version for instead. Signed-off-by: Wang Yan <wangyan@vmware.com>
wy65701436
added a commit
to wy65701436/harbor
that referenced
this issue
Jun 29, 2021
Fixes goharbor#14932 Harbor recompiles the notary v0.6.1 with go 1.15 from v2.2.0, which introduces an break change that leads to notary key not found after migration. [Root cause] Notary v0.6.1 consumed an old version dvsekhvalnov/jose2, which is not compatible with go 1.15. [References] dvsekhvalnov/jose2go#26 golang/go#41089 [Resolve] To resolve this issue, we have to roll back go vesrion to v1.14 for notary v0.6.1 binary and keep it until upstream have a patch release to support go 1.15 or above. [Break change] If you pushed and signed image using Harbor v2.2.0 ~ v2.2.2 and created new repository key in notary, you will encouter the same issue after migrate to v2.2.3(or above) or v2.3.1(or above) because of the go version downgrade. We will have a FAQ to help you to resovle this particular scenario. The influence path of the particular case: Harbor v2.1.0(or lower) --> [v2.2.0 ~ v2.2.2] --> v2.2.3(or above) Harbor v2.1.0(or lower) --> v2.3.0 --> v2.3.1(or above) The non influence path of the paticular case: Harbor v2.1.0(or lower) --> v2.2.3(or above) Harbor v2.1.0(or lower) --> v2.3.1(or above) [Fix in Version] Harbor v2.2.3 or above Harbor v2.3.1 or above [Note] If you're a heavy user of notary, avoid using v2.2.0, v2.2.1, v2.2.2 and v2.3.0, and use the fixed version for instead. Signed-off-by: Wang Yan <wangyan@vmware.com>
wy65701436
added a commit
to goharbor/harbor
that referenced
this issue
Jun 29, 2021
Fixes #14932 Harbor recompiles the notary v0.6.1 with go 1.15 from v2.2.0, which introduces an break change that leads to notary key not found after migration. [Root cause] Notary v0.6.1 consumed an old version dvsekhvalnov/jose2, which is not compatible with go 1.15. [References] dvsekhvalnov/jose2go#26 golang/go#41089 [Resolve] To resolve this issue, we have to roll back go vesrion to v1.14 for notary v0.6.1 binary and keep it until upstream have a patch release to support go 1.15 or above. [Break change] If you pushed and signed image using Harbor v2.2.0 ~ v2.2.2 and created new repository key in notary, you will encouter the same issue after migrate to v2.2.3(or above) or v2.3.1(or above) because of the go version downgrade. We will have a FAQ to help you to resovle this particular scenario. The influence path of the particular case: Harbor v2.1.0(or lower) --> [v2.2.0 ~ v2.2.2] --> v2.2.3(or above) Harbor v2.1.0(or lower) --> v2.3.0 --> v2.3.1(or above) The non influence path of the paticular case: Harbor v2.1.0(or lower) --> v2.2.3(or above) Harbor v2.1.0(or lower) --> v2.3.1(or above) [Fix in Version] Harbor v2.2.3 or above Harbor v2.3.1 or above [Note] If you're a heavy user of notary, avoid using v2.2.0, v2.2.1, v2.2.2 and v2.3.0, and use the fixed version for instead. Signed-off-by: Wang Yan <wangyan@vmware.com>
wy65701436
added a commit
to goharbor/harbor
that referenced
this issue
Jun 29, 2021
Fixes #14932 Harbor recompiles the notary v0.6.1 with go 1.15 from v2.2.0, which introduces an break change that leads to notary key not found after migration. [Root cause] Notary v0.6.1 consumed an old version dvsekhvalnov/jose2, which is not compatible with go 1.15. [References] dvsekhvalnov/jose2go#26 golang/go#41089 [Resolve] To resolve this issue, we have to roll back go vesrion to v1.14 for notary v0.6.1 binary and keep it until upstream have a patch release to support go 1.15 or above. [Break change] If you pushed and signed image using Harbor v2.2.0 ~ v2.2.2 and created new repository key in notary, you will encouter the same issue after migrate to v2.2.3(or above) or v2.3.1(or above) because of the go version downgrade. We will have a FAQ to help you to resovle this particular scenario. The influence path of the particular case: Harbor v2.1.0(or lower) --> [v2.2.0 ~ v2.2.2] --> v2.2.3(or above) Harbor v2.1.0(or lower) --> v2.3.0 --> v2.3.1(or above) The non influence path of the paticular case: Harbor v2.1.0(or lower) --> v2.2.3(or above) Harbor v2.1.0(or lower) --> v2.3.1(or above) [Fix in Version] Harbor v2.2.3 or above Harbor v2.3.1 or above [Note] If you're a heavy user of notary, avoid using v2.2.0, v2.2.1, v2.2.2 and v2.3.0, and use the fixed version for instead. Signed-off-by: Wang Yan <wangyan@vmware.com>
yunkunrao
pushed a commit
to yunkunrao/harbor
that referenced
this issue
Aug 19, 2021
Fixes goharbor#14932 Harbor recompiles the notary v0.6.1 with go 1.15 from v2.2.0, which introduces an break change that leads to notary key not found after migration. [Root cause] Notary v0.6.1 consumed an old version dvsekhvalnov/jose2, which is not compatible with go 1.15. [References] dvsekhvalnov/jose2go#26 golang/go#41089 [Resolve] To resolve this issue, we have to roll back go vesrion to v1.14 for notary v0.6.1 binary and keep it until upstream have a patch release to support go 1.15 or above. [Break change] If you pushed and signed image using Harbor v2.2.0 ~ v2.2.2 and created new repository key in notary, you will encouter the same issue after migrate to v2.2.3(or above) or v2.3.1(or above) because of the go version downgrade. We will have a FAQ to help you to resovle this particular scenario. The influence path of the particular case: Harbor v2.1.0(or lower) --> [v2.2.0 ~ v2.2.2] --> v2.2.3(or above) Harbor v2.1.0(or lower) --> v2.3.0 --> v2.3.1(or above) The non influence path of the paticular case: Harbor v2.1.0(or lower) --> v2.2.3(or above) Harbor v2.1.0(or lower) --> v2.3.1(or above) [Fix in Version] Harbor v2.2.3 or above Harbor v2.3.1 or above [Note] If you're a heavy user of notary, avoid using v2.2.0, v2.2.1, v2.2.2 and v2.3.0, and use the fixed version for instead. Signed-off-by: Wang Yan <wangyan@vmware.com>
prahaladdarkin
pushed a commit
to prahaladdarkin/harbor
that referenced
this issue
Nov 12, 2021
Fixes goharbor#14932 Harbor recompiles the notary v0.6.1 with go 1.15 from v2.2.0, which introduces an break change that leads to notary key not found after migration. [Root cause] Notary v0.6.1 consumed an old version dvsekhvalnov/jose2, which is not compatible with go 1.15. [References] dvsekhvalnov/jose2go#26 golang/go#41089 [Resolve] To resolve this issue, we have to roll back go vesrion to v1.14 for notary v0.6.1 binary and keep it until upstream have a patch release to support go 1.15 or above. [Break change] If you pushed and signed image using Harbor v2.2.0 ~ v2.2.2 and created new repository key in notary, you will encouter the same issue after migrate to v2.2.3(or above) or v2.3.1(or above) because of the go version downgrade. We will have a FAQ to help you to resovle this particular scenario. The influence path of the particular case: Harbor v2.1.0(or lower) --> [v2.2.0 ~ v2.2.2] --> v2.2.3(or above) Harbor v2.1.0(or lower) --> v2.3.0 --> v2.3.1(or above) The non influence path of the paticular case: Harbor v2.1.0(or lower) --> v2.2.3(or above) Harbor v2.1.0(or lower) --> v2.3.1(or above) [Fix in Version] Harbor v2.2.3 or above Harbor v2.3.1 or above [Note] If you're a heavy user of notary, avoid using v2.2.0, v2.2.1, v2.2.2 and v2.3.0, and use the fixed version for instead. Signed-off-by: Wang Yan <wangyan@vmware.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Since Go 1.15 beta 1, the test suite fails with these errors:
Any chance that you take a look at what causing these issues?
The text was updated successfully, but these errors were encountered: