Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
x/build: migrate farmer.golang.org to LetsEncrypt before April 4th 2017 #16442
Going to https://farmer.golang.org/try?commit=773db5cd produces a SEC_UNKNOWN_ISSUER in Firefox 47 on Windows 8.
The exported certificate looks like this:
Actually, our self-signed cert expires "Tuesday, April 4, 2017" (and is a SHA-1 cert). It's probably time we just switched to LetsEncrypt with autocert and updated the reverse buildlets to not require the pinned cert anymore. That's just legacy from when certs were annoying.
The reverse buildlet system predates LetsEncrypt. We previously used a self-signed cert and baked in a self-signed CA into our reverse buildlet binaries. That cert expires April 4th, 2017. Soon. This change makes the buildlets accept either a system CA cert (so we can use LetsEncrypt before April 4th) or we can still use the old cert in the few days before April 4th. It also bumps the version to 9 so we can watch http://farmer.golang.org/#pools and watch the buildlets upgrade as they restart and finish builds. I rebuilt all the buildlet binaries for each platform with reverse buildlets and I see some already on version 9, so it works. Also add s390x to the Makefile (not sure why it was missing?) and disable caching on all the buildlet binaries. The URL query parameter suffix for cache busting no longer seems to work (which builders use). I'm pretty sure it used to work, but maybe it never did. Or maybe Google Cloud Storage changed something. So explicitly set the "no-cache" cache-control value instead so buildlets download the latest binary. Updates golang/go#16442 Change-Id: I69b360c5d53c296ca85fa5c40ea10cb9843d4329 Reviewed-on: https://go-review.googlesource.com/38792 Reviewed-by: Brad Fitzpatrick <firstname.lastname@example.org>
…hanges No more self-signed cert on https://farmer.golang.org, so don't do the custom TLS dialing anymore. Just use the standard tls.Dial. Updates golang/go#16442 Change-Id: I2e29cbde3294aaaa74c0e82150ffe985f3639209 Reviewed-on: https://go-review.googlesource.com/39750 Reviewed-by: Keith Randall <email@example.com>