-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Golang to 1.15.7 #22495
Update Golang to 1.15.7 #22495
Conversation
Pinging @elastic/ingest-management (Team:Ingest Management) |
Pinging @elastic/integrations-services (Team:Services) |
🐛 Flaky test report❕ There are test failures but not known flaky tests. Expand to view the summary
Test stats 🧪
Genuine test errors💔 There are test failures but not known flaky tests, most likely a genuine test failure.
|
This could be a breaking change and hit users by surprise (setting up CA pipeline can be a pain). We either have to point this out in the release notes, or reenable SAN for the time being (maybe disable with 8.0). |
Yes, it is a breaking change. I wanted to discuss it before merging. What I had in mind is basically disable this change in 7.x and notify users about the upcoming breaking change in 8.x. |
1.15.5 is out already :)
Can we disable it in 7.x, but already warn if we see certificates that can cause problems in the future? |
d12b8ae
to
7cd1449
Compare
/test I've just added |
8fc076d
to
4707bbf
Compare
jenkins run tests |
b4624dc
to
118097c
Compare
jenkins run tests |
Jenkinsfile
Outdated
@@ -58,6 +58,7 @@ pipeline { | |||
setEnvVar('GO_MOD_CHANGES', isGitRegionMatch(patterns: [ '^go.mod' ], shouldMatchAll: false).toString()) | |||
setEnvVar('PACKAGING_CHANGES', isGitRegionMatch(patterns: [ '^dev-tools/packaging/.*' ], shouldMatchAll: false).toString()) | |||
setEnvVar('GO_VERSION', readFile(".go-version").trim()) | |||
setEnvVar('GODEBUG', "x509ignoreCN=0") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
with the updates to certificate creation, do we still need to set this flag? Using "GODEBUG" here might break in the future right? Will we have to update tests again then?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is not needed. However, I kept these environment variables to make sure we are running go with the same env variables as our users.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
6b9e908
to
b437395
Compare
💔 Tests Failed
Expand to view the summary
Build stats
Test stats 🧪
Test errorsExpand to view the tests failures
|
Test | Results |
---|---|
Failed | 1 |
Passed | 37966 |
Skipped | 3482 |
Total | 41449 |
Genuine test errors
💔 There are test failures but not known flaky tests, most likely a genuine test failure.
- Name:
Build&Test / metricbeat-goIntegTest / TestData – github.com/elastic/beats/v7/metricbeat/module/kafka/consumergroup
This PR updates the Go version in the repository to 1.15.7. Numerous improvements are coming with the new version of Golang. The most noteworthy is the binary sizes are reduced by 5-8%. You can check out the [release notes of Golang 1.15](https://golang.org/doc/go1.15) for more information. Another change is that the deprecated, legacy behaviour of treating the CommonName field on X.509 certificates as a hostname when no Subject Alternative Names are present is now disabled by default. We do not expect users to update their certificates immediately. Thus, the default behaviour is kept for all existing verification modes. Furthermore, a new verification mode is added named `strict`. If this mode is selected Beats expects to have a SAN in the certificate. `verification_mode` | behaviour ------- | ----- `""` | CommonName is checked if no DNSName is available, then full check (previous behaviour) `"strict"` | full check with new strict SAN requirements `"full"` | CommonName is checked if no DNSName is available, then full check (previous behaviour, default value) `"certificate"` | certificate check without hostname (previous behaviour) `"none"` | no check (previous behaviour) The legacy behaviour is going to be removed in the next major version 8.0. We expect users to update their certificates so it does not depend on CommonName. (cherry picked from commit e4ef5cc)
This PR updates the Go version in the repository to 1.15.7. Numerous improvements are coming with the new version of Golang. The most noteworthy is the binary sizes are reduced by 5-8%. You can check out the [release notes of Golang 1.15](https://golang.org/doc/go1.15) for more information. Another change is that the deprecated, legacy behaviour of treating the CommonName field on X.509 certificates as a hostname when no Subject Alternative Names are present is now disabled by default. We do not expect users to update their certificates immediately. Thus, the default behaviour is kept for all existing verification modes. Furthermore, a new verification mode is added named `strict`. If this mode is selected Beats expects to have a SAN in the certificate. `verification_mode` | behaviour ------- | ----- `""` | CommonName is checked if no DNSName is available, then full check (previous behaviour) `"strict"` | full check with new strict SAN requirements `"full"` | CommonName is checked if no DNSName is available, then full check (previous behaviour, default value) `"certificate"` | certificate check without hostname (previous behaviour) `"none"` | no check (previous behaviour) The legacy behaviour is going to be removed in the next major version 8.0. We expect users to update their certificates so it does not depend on CommonName. (cherry picked from commit e4ef5cc)
Was this ever released?? the runtime golang version in 7.12.0 still 1.13 I also checked 7.15.0 - same thing
|
What does this PR do?
This PR updates the Go version in the repository to 1.15.7.
Why is it important?
Numerous improvements are coming with the new version of Golang. The most noteworthy is the binary sizes are reduced by 5-8%. You can check out the release notes of Golang 1.15 for more information.
Another change is that the deprecated, legacy behaviour of treating the CommonName field on X.509 certificates as a hostname when no Subject Alternative Names are present is now disabled by default. We do not expect users to update their certificates immediately. Thus, the default behaviour is kept for all existing verification modes. Furthermore, a new verification mode is added named
strict
. If this mode is selected Beats expects to have a SAN in the certificate.verification_mode
""
"strict"
"full"
"certificate"
"none"
The legacy behaviour is going to be removed in the next major version 8.0. We expect users to update their certificates so it does not depend on CommonName.
Checklist
- [ ] I have commented my code, particularly in hard-to-understand areas- [ ] I have made corresponding change to the default configuration files- [ ] I have added tests that prove my fix is effective or that my feature worksCHANGELOG.next.asciidoc
orCHANGELOG-developer.next.asciidoc
.Related issues
A new crossbuilder image is required: elastic/golang-crossbuild#68