go1.18: [Tracker] go1.18 breaks CSR validation (fix pending in go1.18.1) #108910
Comments
MadhavJivrajani
added
the
kind/failing-test
k8s-ci-robot
added
sig/testing
k8s-ci-robot
added
the
priority/critical-urgent
|
The failures for https://testgrid.k8s.io/sig-release-master-blocking#integration-master look like they are related to this. Example below: |
|
/assign |
|
So, presubmits jobs didn't catch these things? |
|
A temporary fix, quick fix would be setting the env variable as suggested:
Continuing to look |
k8s-ci-robot
added
the
sig/auth
yeah, I'm wondering this too |
|
it seems golang has to do a minor release golang/go#41682 (comment), they are being too strict and sha1 in signatures seems to be allowed https://go-review.googlesource.com/c/go/+/394294/3/src/crypto/x509/x509.go |
|
/cc @liggitt |
|
presubmits were using image based on golang 1.17, so we hit it AFTER the 1.18 in k/k merged and then the master image was updated from 1.17 to 1.18 |
|
The CI failures should now be fixed (temporarily) on account of: #108901 Not closing this out as we still need to fix things (regenerate hard-coded certs) in order to be fully back in business. |
|
/remove-priority critical-urgent |
k8s-ci-robot
added
priority/important-soon
Actually, I think the CSR failures are a go bug we need to wait for go1.18.1 for |
@liggitt do we have commitment from the golang team to ship go1.18.1 with the fix we need in time for 1.24? (what are our chances?) |
|
I don't know, but given it is a recovery release fixing a regression, I would expect it sooner than the normal ~month cadence |
|
Thanks @liggitt ! Looks like the backport issue is here: golang/go#51852 |
liggitt
changed the title
|
@MadhavJivrajani do you wanna open a CL in golang repo? golang/go#51852 (comment) |
|
don't open a new CL, the one against master is under review and will be picked once ready |
|
@liggitt thanks. the linked comment caused me to wonder! |
|
So for folks following along:
sounds right @liggitt ? |
|
golang master CL merged, pick open to release-1.18 https://go-review.googlesource.com/c/go/+/398074 |
|
for this one ... i want to be proven wrong :) (i said, it may not go into 1.18.1 on record!) |
|
https://go-review.googlesource.com/c/go/+/398074 merged to go 1.18 branch, appears it will be in go1.18.1 |
|
/meow |
|
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Folks, Go 1.18.1 is postponed to 12th April. |
|
kubernetes/release#2499 will update the dependency |
|
fixed k/k last remaining problem with 1.18.1 in #109312 /close |
|
@dims: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Which jobs are failing?
https://testgrid.k8s.io/sig-release-master-blocking#integration-master
Which tests are failing?
https://prow.k8s.io/view/gs/kubernetes-jenkins/pr-logs/pull/108905/pull-kubernetes-integration/1506459579091783680
an instance of a failure, the tests here are the ones failing
Since when has it been failing?
My guess is since #108870 was merged
Testgrid link
https://testgrid.k8s.io/sig-release-master-blocking#integration-master
Reason for failure (if possible)
https://tip.golang.org/doc/go1.18#sha1
Anything else we need to know?
No response
Relevant SIG(s)
/sig testing
The text was updated successfully, but these errors were encountered: