Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Bump libgit2 to 1.3.0 and git2go to V33. #557

Closed
wants to merge 3 commits into from

Conversation

pjbgf
Copy link
Member

@pjbgf pjbgf commented Jan 24, 2022

  • Bump libgit2 to 1.3.0 and git2go to V33:
    • Downstream dependencies add support for ED25519 for hostkey verification.
    • Build all dependencies from source, removing impact of configuration changes across OS packages.
    • Build libgit2 and dependencies with musl toolchain, removing dependency from glibc (blocker for fuzzing).
    • For overall changes check libgit2 release notes 1.2.0 and 1.3.0.
  • Cherrypicked ed25519 regression tests from Libgit2 ED25519 check & clone respect context #445 (thank you @darkowlzz)
  • Supersedes libgit2: update to v1.3.0  #465

Fixes #399 fluxcd/image-automation-controller#298
Relates to #397 #490 fluxcd/image-automation-controller#186 fluxcd/image-automation-controller#281
Depends on fluxcd/golang-with-libgit2#17

Downstream breaking changes introduced since git2go@V31:
- git2go.ErrorCode was deprecated in favour of the native error type.
- FetchOptions no longer expects a pointer, but rather the actual value of git2go.FetchOptions.

Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
This adds a test to detect any regression in libgit2's ED25519 key
support. go-git supports ED25519 but not the current version of
libgit2 used in flux. The updates to libgit2 in v1.2.0 adds support
for ED25519. This test would help ensure the right version of libgit2
is used.

Signed-off-by: Sunny <darkowlzz@protonmail.com>
Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
@pjbgf pjbgf force-pushed the bump-libgit2 branch 2 times, most recently from a1d9588 to 764e9be Compare January 24, 2022 23:57
Streamline the process of generating images by using a libgit source image that has pre-built static libraries.

Signed-off-by: Paulo Gomes <paulo.gomes@weave.works>
@pjbgf pjbgf changed the title WIP: Bump libgit2 to 1.3.0 and git2go to V33. Bump libgit2 to 1.3.0 and git2go to V33. Jan 25, 2022
@pjbgf
Copy link
Member Author

pjbgf commented Jan 25, 2022

The initial tests on this PR have worked fine so far. But given the short timeline to get v0.26.0 out, we are probably better off skipping this release and aiming for the next.

@stefanprodan stefanprodan mentioned this pull request Jan 26, 2022
@@ -1,9 +1,9 @@
ARG BASE_VARIANT=bullseye
ARG GO_VERSION=1.17.5
ARG GO_VERSION=1.17.6
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please change this to match the build image.

Suggested change
ARG GO_VERSION=1.17.6
ARG GO_VERSION=1.17

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @relu. I updated this on the PR that supersedes this.

@pjbgf pjbgf closed this Feb 8, 2022
@pjbgf pjbgf deleted the bump-libgit2 branch February 8, 2022 12:52
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

"Unable to extract public key from private key" for ed25519 & libgit2
3 participants