-
Notifications
You must be signed in to change notification settings - Fork 38.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
go1.18: [Tracker] go1.18 breaks CSR validation (fix pending in go1.18.1) #108910
Comments
The failures for https://testgrid.k8s.io/sig-release-master-blocking#integration-master look like they are related to this. Example below:
|
/assign |
So, presubmits jobs didn't catch these things? |
A temporary fix, quick fix would be setting the env variable as suggested:
Continuing to look |
yeah, I'm wondering this too |
it seems golang has to do a minor release golang/go#41682 (comment), they are being too strict and sha1 in signatures seems to be allowed https://go-review.googlesource.com/c/go/+/394294/3/src/crypto/x509/x509.go |
/cc @liggitt |
presubmits were using image based on golang 1.17, so we hit it AFTER the 1.18 in k/k merged and then the master image was updated from 1.17 to 1.18 |
The CI failures should now be fixed (temporarily) on account of: #108901 Not closing this out as we still need to fix things (regenerate hard-coded certs) in order to be fully back in business. |
/remove-priority critical-urgent |
Actually, I think the CSR failures are a go bug we need to wait for go1.18.1 for |
@liggitt do we have commitment from the golang team to ship go1.18.1 with the fix we need in time for 1.24? (what are our chances?) |
I don't know, but given it is a recovery release fixing a regression, I would expect it sooner than the normal ~month cadence |
Thanks @liggitt ! Looks like the backport issue is here: golang/go#51852 |
@MadhavJivrajani do you wanna open a CL in golang repo? golang/go#51852 (comment) |
don't open a new CL, the one against master is under review and will be picked once ready |
@liggitt thanks. the linked comment caused me to wonder! |
So for folks following along:
sounds right @liggitt ? |
golang master CL merged, pick open to release-1.18 https://go-review.googlesource.com/c/go/+/398074 |
for this one ... i want to be proven wrong :) (i said, it may not go into 1.18.1 on record!) |
https://go-review.googlesource.com/c/go/+/398074 merged to go 1.18 branch, appears it will be in go1.18.1 |
/meow |
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Folks, Go 1.18.1 is postponed to 12th April. |
kubernetes/release#2499 will update the dependency |
fixed k/k last remaining problem with 1.18.1 in #109312 /close |
@dims: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Which jobs are failing?
https://testgrid.k8s.io/sig-release-master-blocking#integration-master
Which tests are failing?
https://prow.k8s.io/view/gs/kubernetes-jenkins/pr-logs/pull/108905/pull-kubernetes-integration/1506459579091783680
an instance of a failure, the tests here are the ones failing
Since when has it been failing?
My guess is since #108870 was merged
Testgrid link
https://testgrid.k8s.io/sig-release-master-blocking#integration-master
Reason for failure (if possible)
https://tip.golang.org/doc/go1.18#sha1
Anything else we need to know?
No response
Relevant SIG(s)
/sig testing
The text was updated successfully, but these errors were encountered: