Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vendor cfssl/cfssljson utilities #67178

Merged
merged 6 commits into from Aug 10, 2018

Conversation

Projects
None yet
5 participants
@cblecker
Copy link
Member

cblecker commented Aug 9, 2018

What this PR does / why we need it:
Vendors the cfssl and cfssljson tools. Updates kube::util::ensure-cfssl to use them.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
fixes #66995, fixes #60070

Special notes for your reviewer:

  1. Add cfssl/cfssljson ot the required bins for saving
  2. Manually cloned/checked out the new dependencies to my gopath. godep restore doesn't pull them down because they aren't required or already in the Godeps.json. Used @BenTheElder's list here: #66995 (comment)
  3. hack/godep-save.sh to add the packages and dependencies to godep
  4. Fixed two bugs when building:
    a. golang.org/x/crypto needed to be updated
    b. github.com/cloudflare/cfssl needed to be updated to cloudflare/cfssl@56268a6 so we can vendor their fork of crypto/tls, as we discard their modified vendored stdlib.
  5. Update staging godeps
  6. Update the kube::util::ensure-cfssl to install from vendor

Release note:

NONE

cblecker added some commits Aug 6, 2018

@cblecker

This comment has been minimized.

Copy link
Member Author

cblecker commented Aug 9, 2018

@k8s-ci-robot k8s-ci-robot requested review from BenTheElder , dims , dchen1107 and jbeda Aug 9, 2018

@cblecker cblecker removed request for jbeda and dchen1107 Aug 9, 2018

kube::util::ensure-temp-dir
cfssldir="${KUBE_TEMP}/cfssl"
kube::log::status "Installing cfssl from vendor"
GOBIN="${KUBE_OUTPUT_BINPATH}" go install k8s.io/kubernetes/vendor/github.com/cloudflare/cfssl/cmd/cfssl

This comment has been minimized.

@BenTheElder

BenTheElder Aug 9, 2018

Member

do we require to be in $GOPATH/k8s.io/kubernetes for these rules typically? I've had good success elsewhere doing go install ./vendor/...

This comment has been minimized.

@cblecker

cblecker Aug 9, 2018

Author Member

Yes, we should be in GOPATH. Most operations rely on it, and it's how we're doing other utilities like kazel/gazelle/godep. Also easier than changing cwd to ensure we're in the right relative path.

This comment has been minimized.

@BenTheElder

BenTheElder Aug 9, 2018

Member

SGTM. I've frequently heard complaints about kazel and gopath and wasn't sure if we more broadly have decided to require this. 👍
In the other places it's not a bash library so cd is fine 😛

@BenTheElder
Copy link
Member

BenTheElder left a comment

one question, otherwise LGTM, thank you!! 😄

@cblecker

This comment has been minimized.

Copy link
Member Author

cblecker commented Aug 9, 2018

/test pull-kubernetes-local-e2e
/test pull-kubernetes-local-e2e-containerized

@BenTheElder

This comment has been minimized.

Copy link
Member

BenTheElder commented Aug 9, 2018

/lgtm
/hold
Holding so someone else can approve the CFSSL bump, overall this is great but I'll let someone else verify that commit.

if [[ -z "${cfssldir}" ]]; then
kube::util::ensure-temp-dir
cfssldir="${KUBE_TEMP}/cfssl"
kube::log::status "Installing cfssl from vendor"

This comment has been minimized.

@BenTheElder

BenTheElder Aug 9, 2018

Member

hmm

W0809 04:55:27.758] /go/src/k8s.io/kubernetes/kubernetes/hack/lib/util.sh: line 710: kube::log::status: command not found
W0809 04:55:27.758] /go/src/k8s.io/kubernetes/kubernetes/hack/lib/util.sh: line 711: KUBE_OUTPUT_BINPATH: unbound variable
@dims

This comment has been minimized.

Copy link
Member

dims commented Aug 9, 2018

/uncc

@k8s-ci-robot k8s-ci-robot removed the request for review from dims Aug 9, 2018

@cblecker

This comment has been minimized.

Copy link
Member Author

cblecker commented Aug 9, 2018

/test pull-kubernetes-local-e2e
/test pull-kubernetes-local-e2e-containerized

@cblecker cblecker force-pushed the cblecker:cfssl branch from 5390d9b to df6cabe Aug 9, 2018

@cblecker

This comment has been minimized.

Copy link
Member Author

cblecker commented Aug 9, 2018

/test pull-kubernetes-local-e2e
/test pull-kubernetes-local-e2e-containerized

@BenTheElder
Copy link
Member

BenTheElder left a comment

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm label Aug 9, 2018

@k8s-ci-robot

This comment was marked as resolved.

Copy link
Contributor

k8s-ci-robot commented Aug 9, 2018

@cblecker: The following test failed, say /retest to rerun them all:

Test name Commit Details Rerun command
pull-kubernetes-e2e-gke 5390d9b link /test pull-kubernetes-e2e-gke

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

cblecker added some commits Aug 9, 2018

@cblecker cblecker force-pushed the cblecker:cfssl branch from df6cabe to 7a10073 Aug 9, 2018

@k8s-ci-robot k8s-ci-robot removed the lgtm label Aug 9, 2018

@cblecker

This comment has been minimized.

Copy link
Member Author

cblecker commented Aug 9, 2018

/test pull-kubernetes-local-e2e
/test pull-kubernetes-local-e2e-containerized

@k8s-ci-robot k8s-ci-robot added the lgtm label Aug 10, 2018

@BenTheElder
Copy link
Member

BenTheElder left a comment

/lgtm

@k8s-ci-robot

This comment has been minimized.

Copy link
Contributor

k8s-ci-robot commented Aug 10, 2018

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: BenTheElder, cblecker

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@cblecker cblecker changed the title [WIP] vendor cfssl/cfssljson Vendor cfssl/cfssljson utilities Aug 10, 2018

@cblecker

This comment has been minimized.

Copy link
Member Author

cblecker commented Aug 10, 2018

Licence details:
A couple new deps of deps, but they are under either MIT or Mozilla (compatible). New packages under cfssl and golang/x/crypto (already vendored).

@cblecker

This comment has been minimized.

Copy link
Member Author

cblecker commented Aug 10, 2018

/hold cancel
:shipit:

@BenTheElder Added notes to PR body of how to generate.

@k8s-github-robot

This comment has been minimized.

Copy link
Contributor

k8s-github-robot commented Aug 10, 2018

Automatic merge from submit-queue (batch tested with PRs 66602, 67178, 67207, 67125, 66332). If you want to cherry-pick this change to another branch, please follow the instructions here.

@k8s-github-robot k8s-github-robot merged commit 818e632 into kubernetes:master Aug 10, 2018

18 checks passed

Submit Queue Queued to run github e2e tests a second time.
Details
cla/linuxfoundation cblecker authorized
Details
pull-kubernetes-bazel-build Job succeeded.
Details
pull-kubernetes-bazel-test Job succeeded.
Details
pull-kubernetes-cross Job succeeded.
Details
pull-kubernetes-e2e-gce Job succeeded.
Details
pull-kubernetes-e2e-gce-100-performance Job succeeded.
Details
pull-kubernetes-e2e-gce-device-plugin-gpu Job succeeded.
Details
pull-kubernetes-e2e-gke Skipped
pull-kubernetes-e2e-kops-aws Job succeeded.
Details
pull-kubernetes-e2e-kubeadm-gce Skipped
pull-kubernetes-integration Job succeeded.
Details
pull-kubernetes-kubemark-e2e-gce-big Job succeeded.
Details
pull-kubernetes-local-e2e Job succeeded.
Details
pull-kubernetes-local-e2e-containerized Job succeeded.
Details
pull-kubernetes-node-e2e Job succeeded.
Details
pull-kubernetes-typecheck Job succeeded.
Details
pull-kubernetes-verify Job succeeded.
Details
@BenTheElder

This comment has been minimized.

Copy link
Member

BenTheElder commented Aug 10, 2018

Thanks @cblecker ! 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.