From acd5b71c34a36c53847bd2e0618059df966d8c23 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mathieu=20Border=C3=A9?= Date: Mon, 6 Mar 2023 10:13:29 +0100 Subject: [PATCH 1/7] .github: Update go and ubuntu versions - add go 1.19.{5,6} - remove Ubuntu 18.04 and add 22.04 --- .github/workflows/build-and-test.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index ac68135e..019a410c 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -13,9 +13,12 @@ jobs: - 1.14.x - 1.15.x - 1.16.x + - 1.17.x + - 1.18.x + - 1.19.x os: - - ubuntu-18.04 - ubuntu-20.04 + - ubuntu-22.04 disk: - 1 - 0 @@ -41,6 +44,7 @@ jobs: env: CGO_LDFLAGS_ALLOW: "-Wl,-z,now" run: | + go version go get -t -tags libsqlite3 ./... go vet -tags libsqlite3 ./... golint From e0ae25443d2fcf3a08ebe0b9ed611c9918798b85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mathieu=20Border=C3=A9?= Date: Mon, 6 Mar 2023 10:51:52 +0100 Subject: [PATCH 2/7] integration_test: Update error message when incorrectly binding parameters MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mathieu Borderé --- driver/integration_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/driver/integration_test.go b/driver/integration_test.go index 3ea70da2..6849735b 100644 --- a/driver/integration_test.go +++ b/driver/integration_test.go @@ -111,7 +111,7 @@ func TestIntegration_ExecBindError(t *testing.T) { require.NoError(t, err) _, err = db.ExecContext(ctx, "INSERT INTO test(n) VALUES(1)", 1) - assert.EqualError(t, err, "column index out of range") + assert.EqualError(t, err, "bind parameters") } func TestIntegration_QueryBindError(t *testing.T) { @@ -123,7 +123,7 @@ func TestIntegration_QueryBindError(t *testing.T) { defer cancel() _, err := db.QueryContext(ctx, "SELECT 1", 1) - assert.EqualError(t, err, "column index out of range") + assert.EqualError(t, err, "bind parameters") } func TestIntegration_ConfigMultiThread(t *testing.T) { From 6e45464e8ac22be69aab211bf2e87bae96c10655 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mathieu=20Border=C3=A9?= Date: Mon, 6 Mar 2023 10:57:51 +0100 Subject: [PATCH 3/7] example_test: Fix output comments. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mathieu Borderé --- app/example_test.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/app/example_test.go b/app/example_test.go index 43ce237b..1d0dd25b 100644 --- a/app/example_test.go +++ b/app/example_test.go @@ -28,7 +28,6 @@ func Example() { } fmt.Printf("0x%x %s\n", node.ID(), node.Address()) - // Output: 0x2dc171858c3155be 127.0.0.1:9001 if err := node.Close(); err != nil { return @@ -92,7 +91,7 @@ func ExampleWithCluster() { } fmt.Println(node1.ID() != node2.ID(), node1.ID() != node3.ID(), node2.ID() != node3.ID()) - // Output: true true true + // true true true // Restart the third node, the only argument we need to pass to // app.New() is its dir. From 466a0bc14b519b91c686e3298dd67f1b934575ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mathieu=20Border=C3=A9?= Date: Mon, 6 Mar 2023 11:01:13 +0100 Subject: [PATCH 4/7] cmd: Use buffered channel for use with os.Signal MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mathieu Borderé --- cmd/dqlite-benchmark/dqlite-benchmark.go | 2 +- cmd/dqlite-demo/dqlite-demo.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/dqlite-benchmark/dqlite-benchmark.go b/cmd/dqlite-benchmark/dqlite-benchmark.go index 76bdd8b0..5e9ebafd 100644 --- a/cmd/dqlite-benchmark/dqlite-benchmark.go +++ b/cmd/dqlite-benchmark/dqlite-benchmark.go @@ -44,7 +44,7 @@ const ( ) func signalChannel() chan os.Signal { - ch := make(chan os.Signal) + ch := make(chan os.Signal, 32) signal.Notify(ch, unix.SIGPWR) signal.Notify(ch, unix.SIGINT) signal.Notify(ch, unix.SIGQUIT) diff --git a/cmd/dqlite-demo/dqlite-demo.go b/cmd/dqlite-demo/dqlite-demo.go index 6748b372..055cf728 100644 --- a/cmd/dqlite-demo/dqlite-demo.go +++ b/cmd/dqlite-demo/dqlite-demo.go @@ -92,7 +92,7 @@ Complete documentation is available at https://github.com/canonical/go-dqlite`, go http.Serve(listener, nil) - ch := make(chan os.Signal) + ch := make(chan os.Signal, 32) signal.Notify(ch, unix.SIGPWR) signal.Notify(ch, unix.SIGINT) signal.Notify(ch, unix.SIGQUIT) From febb043e8b279930eb5ff3a53eea17cac2ea312c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mathieu=20Border=C3=A9?= Date: Mon, 6 Mar 2023 11:07:56 +0100 Subject: [PATCH 5/7] github: remove deadcode MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit seems incompatible with go 1.19 Signed-off-by: Mathieu Borderé --- .github/workflows/build-and-test.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index 019a410c..0360546e 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -37,7 +37,6 @@ jobs: sudo add-apt-repository ppa:dqlite/dev -y sudo apt update sudo apt install -y golint libsqlite3-dev libuv1-dev liblz4-dev libraft-dev libdqlite-dev - go get github.com/tsenart/deadcode go get github.com/go-playground/overalls - name: Build & Test @@ -48,7 +47,6 @@ jobs: go get -t -tags libsqlite3 ./... go vet -tags libsqlite3 ./... golint - deadcode export GO_DQLITE_MULTITHREAD=1 overalls -project ${{ github.workspace }} -covermode=count -- -tags libsqlite3 -timeout 240s VERBOSE=1 DISK=${{ matrix.disk }} ./test/dqlite-demo.sh From 2ef0aa7418d6ad262d8efcd3549b71e055a21e4e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mathieu=20Border=C3=A9?= Date: Mon, 6 Mar 2023 11:20:05 +0100 Subject: [PATCH 6/7] actions: remove overalls MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Mathieu Borderé --- .github/workflows/build-and-test.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index 0360546e..2836182f 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -48,7 +48,7 @@ jobs: go vet -tags libsqlite3 ./... golint export GO_DQLITE_MULTITHREAD=1 - overalls -project ${{ github.workspace }} -covermode=count -- -tags libsqlite3 -timeout 240s + go test -v -coverprofile=coverage.out ./... VERBOSE=1 DISK=${{ matrix.disk }} ./test/dqlite-demo.sh VERBOSE=1 DISK=${{ matrix.disk }} ./test/roles.sh VERBOSE=1 DISK=${{ matrix.disk }} ./test/recover.sh @@ -56,7 +56,7 @@ jobs: - name: Coverage uses: shogo82148/actions-goveralls@v1 with: - path-to-profile: overalls.coverprofile + path-to-profile: coverage.out - name: Benchmark env: From 5fc49f041d77fb0c1c5e490026c285c2e68815e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mathieu=20Border=C3=A9?= Date: Mon, 6 Mar 2023 11:37:32 +0100 Subject: [PATCH 7/7] app/tls: Remove some options from SimpleTLSConfig. Let go manage sane defaults, except MinVersion, a server can still use TLS 1.0 which seems a bit too old imo. - value from `curvePreferences` breaks go 1.19.6 so removed it. - `PreferServerCipherSuites` is deprecated. - Let go manage `CipherSuites` as it will take a safe default list. --- app/tls.go | 30 +++++++++++++----------------- internal/protocol/dial.go | 13 ------------- 2 files changed, 13 insertions(+), 30 deletions(-) diff --git a/app/tls.go b/app/tls.go index e9858190..6f8e8f6b 100644 --- a/app/tls.go +++ b/app/tls.go @@ -4,8 +4,6 @@ import ( "crypto/tls" "crypto/x509" "fmt" - - "github.com/canonical/go-dqlite/internal/protocol" ) // SimpleTLSConfig returns a pair of TLS configuration objects with sane @@ -60,17 +58,15 @@ func SimpleTLSConfig(cert tls.Certificate, pool *x509.CertPool) (*tls.Config, *t // // The returned config can be used as "listen" parameter for the WithTLS // option. +// +// A user can modify the returned config to suit their specifig needs. func SimpleListenTLSConfig(cert tls.Certificate, pool *x509.CertPool) *tls.Config { - // See https://github.com/denji/golang-tls config := &tls.Config{ - MinVersion: tls.VersionTLS12, - CipherSuites: protocol.TLSCipherSuites, - PreferServerCipherSuites: true, - CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256}, - Certificates: []tls.Certificate{cert}, - RootCAs: pool, - ClientCAs: pool, - ClientAuth: tls.RequireAndVerifyClientCert, + MinVersion: tls.VersionTLS12, + Certificates: []tls.Certificate{cert}, + RootCAs: pool, + ClientCAs: pool, + ClientAuth: tls.RequireAndVerifyClientCert, } config.BuildNameToCertificate() @@ -96,14 +92,14 @@ func SimpleListenTLSConfig(cert tls.Certificate, pool *x509.CertPool) *tls.Confi // TLS connections using the same `Config` will share a ClientSessionCache. // You can override this behaviour by setting your own ClientSessionCache or // nil. +// +// A user can modify the returned config to suit their specifig needs. func SimpleDialTLSConfig(cert tls.Certificate, pool *x509.CertPool) *tls.Config { config := &tls.Config{ - MinVersion: tls.VersionTLS12, - CipherSuites: protocol.TLSCipherSuites, - PreferServerCipherSuites: true, - RootCAs: pool, - Certificates: []tls.Certificate{cert}, - ClientSessionCache: tls.NewLRUClientSessionCache(256), + MinVersion: tls.VersionTLS12, + RootCAs: pool, + Certificates: []tls.Certificate{cert}, + ClientSessionCache: tls.NewLRUClientSessionCache(256), } x509cert, err := x509.ParseCertificate(cert.Certificate[0]) diff --git a/internal/protocol/dial.go b/internal/protocol/dial.go index fee4b2f7..53252229 100644 --- a/internal/protocol/dial.go +++ b/internal/protocol/dial.go @@ -2,7 +2,6 @@ package protocol import ( "context" - "crypto/tls" "net" "strings" ) @@ -16,15 +15,3 @@ func Dial(ctx context.Context, address string) (net.Conn, error) { dialer := net.Dialer{} return dialer.DialContext(ctx, family, address) } - -// TLSCipherSuites are the cipher suites by the go-dqlite TLS helpers. -var TLSCipherSuites = []uint16{ - tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, -}