Skip to content

Commit

Permalink
tls-cipher fix
Browse files Browse the repository at this point in the history 
Signed-off-by: Batuhan Apaydin <batuhan.apaydin@chainguard.dev>
Co-authored-by: Furkan Turkal <furkan.turkal@chainguard.dev>
Signed-off-by: Batuhan Apaydin <batuhan.apaydin@chainguard.dev>
  • Loading branch information
@developer-guy @Dentrax
developer-guy and Dentrax committed Apr 26, 2024
1 parent b82691c commit 456c7e1
Show file tree
Hide file tree
Showing 2 changed files with 132 additions and 112 deletions.
218 changes: 106 additions & 112 deletions argo-cd-2.10.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,118 +1,112 @@
package:
name: argo-cd-2.10
version: 2.10.7
epoch: 1
description: Declarative continuous deployment for Kubernetes.
copyright:
- license: Apache-2.0
dependencies:
provides:
- argo-cd=${{package.full-version}}

name: argo-cd-2.10
version: 2.10.8
epoch: 0
description: Declarative continuous deployment for Kubernetes.
copyright:
- license: Apache-2.0
dependencies:
provides:
- argo-cd=${{package.full-version}}
environment:
contents:
packages:
- busybox
- ca-certificates-bundle
- go
- nodejs-20
- python3
- yarn

contents:
packages:
- busybox
- ca-certificates-bundle
- go
- nodejs-20
- python3
- yarn
pipeline:
- uses: git-checkout
with:
repository: https://github.com/argoproj/argo-cd
tag: v${{package.version}}
expected-commit: b060053b099b4c81c1e635839a309c9c8c1863e9

- uses: go/bump
with:
deps: golang.org/x/crypto@v0.17.0 github.com/cloudflare/circl@v1.3.7 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.46.1 github.com/go-jose/go-jose/v3@v3.0.3 google.golang.org/protobuf@v1.33.0 github.com/golang/protobuf@v1.5.4 golang.org/x/net@v0.23.0

- runs: |
cd ui
yarn install
yarn cache clean
NODE_ENV='production' NODE_ONLINE_ENV='online' NODE_OPTIONS=--max_old_space_size=8192 yarn build
cd ..
# Our global LDFLAGS conflict with a Makefile parameter
unset LDFLAGS
# Our global `-pie` flag results in a binary that cannot be copied to a non chainguard image
# Disable the `-pie` flag here since ArgoCD's helm charts like to copy around the multicall binary to different images (ie: dex)
unset GOFLAGS
make argocd-all
mkdir -p ${{targets.destdir}}/usr/bin
mv dist/argocd* ${{targets.destdir}}/usr/bin/
ln -s /usr/bin/argocd ${{targets.destdir}}/usr/bin/argocd-server
ln -s /usr/bin/argocd ${{targets.destdir}}/usr/bin/argocd-repo-server
ln -s /usr/bin/argocd ${{targets.destdir}}/usr/bin/argocd-cmp-server
ln -s /usr/bin/argocd ${{targets.destdir}}/usr/bin/argocd-application-controller
ln -s /usr/bin/argocd ${{targets.destdir}}/usr/bin/argocd-notifications
ln -s /usr/bin/argocd ${{targets.destdir}}/usr/bin/argocd-applicationset-controller
ln -s /usr/bin/argocd ${{targets.destdir}}/usr/bin/argocd-k8s-auth
- uses: strip

- uses: git-checkout
with:
repository: https://github.com/argoproj/argo-cd
tag: v${{package.version}}
expected-commit: b060053b099b4c81c1e635839a309c9c8c1863e9
- uses: patch
with:
patches: tls-cipher-removed.patch
- uses: go/bump
with:
deps: golang.org/x/crypto@v0.17.0 github.com/cloudflare/circl@v1.3.7 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.46.1 github.com/go-jose/go-jose/v3@v3.0.3 google.golang.org/protobuf@v1.33.0 github.com/golang/protobuf@v1.5.4 golang.org/x/net@v0.23.0
- runs: |
cd ui
yarn install
yarn cache clean
NODE_ENV='production' NODE_ONLINE_ENV='online' NODE_OPTIONS=--max_old_space_size=8192 yarn build
cd ..
# Our global LDFLAGS conflict with a Makefile parameter
unset LDFLAGS
# Our global `-pie` flag results in a binary that cannot be copied to a non chainguard image
# Disable the `-pie` flag here since ArgoCD's helm charts like to copy around the multicall binary to different images (ie: dex)
unset GOFLAGS
make argocd-all
mkdir -p ${{targets.destdir}}/usr/bin
mv dist/argocd* ${{targets.destdir}}/usr/bin/
ln -s /usr/bin/argocd ${{targets.destdir}}/usr/bin/argocd-server
ln -s /usr/bin/argocd ${{targets.destdir}}/usr/bin/argocd-repo-server
ln -s /usr/bin/argocd ${{targets.destdir}}/usr/bin/argocd-cmp-server
ln -s /usr/bin/argocd ${{targets.destdir}}/usr/bin/argocd-application-controller
ln -s /usr/bin/argocd ${{targets.destdir}}/usr/bin/argocd-notifications
ln -s /usr/bin/argocd ${{targets.destdir}}/usr/bin/argocd-applicationset-controller
ln -s /usr/bin/argocd ${{targets.destdir}}/usr/bin/argocd-k8s-auth
- uses: strip
subpackages:
- name: ${{package.name}}-repo-server
description: "ArgoCD repo server"
dependencies:
runtime:
- ${{package.name}}-compat
- git
- git-lfs
- gnupg
- gpg
- gpg-agent
- tzdata
- helm
- kustomize
- openssh
provides:
- argo-cd-repo-server=${{package.full-version}}
pipeline:
- runs: |
mkdir -p "${{targets.subpkgdir}}"/usr/bin
cp hack/gpg-wrapper.sh "${{targets.subpkgdir}}"/usr/bin/gpg-wrapper.sh
cp hack/git-verify-wrapper.sh "${{targets.subpkgdir}}"/usr/bin/git-verify-wrapper.sh
- name: ${{package.name}}-compat
description: "Compatibility package for locating binaries according to upstream helm charts"
pipeline:
- runs: |
# ArgoCD manifests and helm charts all hardcode the executables path to /usr/local/bin/*
mkdir -p "${{targets.subpkgdir}}"/usr/local/bin
# This must be copied and not symlinked due to how `argocd` copies executables between (init)containers
# example: https://github.com/argoproj/argo-helm/blob/argo-cd-5.33.1/charts/argo-cd/templates/dex/deployment.yaml#L136-L143
cp ${{targets.destdir}}/usr/bin/argocd "${{targets.subpkgdir}}"/usr/local/bin/argocd
ln -s /usr/local/bin/argocd "${{targets.subpkgdir}}"/usr/local/bin/argocd-server
ln -s /usr/local/bin/argocd "${{targets.subpkgdir}}"/usr/local/bin/argocd-repo-server
ln -s /usr/local/bin/argocd "${{targets.subpkgdir}}"/usr/local/bin/argocd-cmp-server
ln -s /usr/local/bin/argocd "${{targets.subpkgdir}}"/usr/local/bin/argocd-application-controller
ln -s /usr/local/bin/argocd "${{targets.subpkgdir}}"/usr/local/bin/argocd-notifications
ln -s /usr/local/bin/argocd "${{targets.subpkgdir}}"/usr/local/bin/argocd-applicationset-controller
ln -s /usr/local/bin/argocd "${{targets.subpkgdir}}"/usr/local/bin/argocd-k8s-auth
dependencies:
provides:
- argo-cd-compat=${{package.full-version}}

- name: ${{package.name}}-repo-server
description: "ArgoCD repo server"
dependencies:
runtime:
- ${{package.name}}-compat
- git
- git-lfs
- gnupg
- gpg
- gpg-agent
- tzdata
- helm
- kustomize
- openssh
provides:
- argo-cd-repo-server=${{package.full-version}}
pipeline:
- runs: |
mkdir -p "${{targets.subpkgdir}}"/usr/bin
cp hack/gpg-wrapper.sh "${{targets.subpkgdir}}"/usr/bin/gpg-wrapper.sh
cp hack/git-verify-wrapper.sh "${{targets.subpkgdir}}"/usr/bin/git-verify-wrapper.sh
- name: ${{package.name}}-compat
description: "Compatibility package for locating binaries according to upstream helm charts"
pipeline:
- runs: |
# ArgoCD manifests and helm charts all hardcode the executables path to /usr/local/bin/*
mkdir -p "${{targets.subpkgdir}}"/usr/local/bin
# This must be copied and not symlinked due to how `argocd` copies executables between (init)containers
# example: https://github.com/argoproj/argo-helm/blob/argo-cd-5.33.1/charts/argo-cd/templates/dex/deployment.yaml#L136-L143
cp ${{targets.destdir}}/usr/bin/argocd "${{targets.subpkgdir}}"/usr/local/bin/argocd
ln -s /usr/local/bin/argocd "${{targets.subpkgdir}}"/usr/local/bin/argocd-server
ln -s /usr/local/bin/argocd "${{targets.subpkgdir}}"/usr/local/bin/argocd-repo-server
ln -s /usr/local/bin/argocd "${{targets.subpkgdir}}"/usr/local/bin/argocd-cmp-server
ln -s /usr/local/bin/argocd "${{targets.subpkgdir}}"/usr/local/bin/argocd-application-controller
ln -s /usr/local/bin/argocd "${{targets.subpkgdir}}"/usr/local/bin/argocd-notifications
ln -s /usr/local/bin/argocd "${{targets.subpkgdir}}"/usr/local/bin/argocd-applicationset-controller
ln -s /usr/local/bin/argocd "${{targets.subpkgdir}}"/usr/local/bin/argocd-k8s-auth
dependencies:
provides:
- argo-cd-compat=${{package.full-version}}
update:
enabled: true
github:
identifier: argoproj/argo-cd
strip-prefix: v
tag-filter: v2.10.

enabled: true
github:
identifier: argoproj/argo-cd
strip-prefix: v
tag-filter: v2.10.
test:
pipeline:
- name: ArgoCD Version Check
runs: |
argocd version --short --client || exit 1
pipeline:
- name: ArgoCD Version Check
runs: |
argocd version --short --client || exit 1
26 changes: 26 additions & 0 deletions argo-cd-2.10/tls-cipher-removed.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
From 60e5cc4f940a65fbd5fbf294ad8e8d05877342c2 Mon Sep 17 00:00:00 2001
From: Batuhan Apaydin <batuhan.apaydin@chainguard.dev>
Date: Fri, 26 Apr 2024 12:39:47 +0300
Subject: [PATCH] tls-cipher fix

Signed-off-by: Batuhan Apaydin <batuhan.apaydin@chainguard.dev>
---
util/tls/tls.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util/tls/tls.go b/util/tls/tls.go
index 5e18c8eb7..c7925b832 100644
--- a/util/tls/tls.go
+++ b/util/tls/tls.go
@@ -28,7 +28,7 @@ const (
DefaultRSABits = 2048
// The default TLS cipher suites to provide to clients - see https://cipherlist.eu for updates
// Note that for TLS v1.3, cipher suites are not configurable and will be chosen automatically.
- DefaultTLSCipherSuite = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384"
+ DefaultTLSCipherSuite = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
// The default minimum TLS version to provide to clients
DefaultTLSMinVersion = "1.2"
// The default maximum TLS version to provide to clients
--
2.39.3 (Apple Git-146)

0 comments on commit 456c7e1

Please sign in to comment.