diff --git a/.github/actions/setup-go/action.yaml b/.github/actions/setup-go/action.yaml index a05fc271ebf37..c53ce28c3c591 100644 --- a/.github/actions/setup-go/action.yaml +++ b/.github/actions/setup-go/action.yaml @@ -4,7 +4,7 @@ description: | inputs: version: description: "The Go version to use." - default: "1.21.9" + default: "1.22.3" runs: using: "composite" steps: diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 003319255580b..b0c415d8b2c34 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -919,7 +919,7 @@ jobs: uses: actions/dependency-review-action@v4.3.2 with: allow-licenses: Apache-2.0, BSD-2-Clause, BSD-3-Clause, CC0-1.0, ISC, MIT, MIT-0, MPL-2.0 - allow-dependencies-licenses: "pkg:golang/github.com/pelletier/go-toml/v2" + allow-dependencies-licenses: "pkg:golang/github.com/coder/wgtunnel@0.1.13-0.20240522110300-ade90dfb2da0" license-check: true vulnerability-check: false - name: "Report" diff --git a/cli/server_internal_test.go b/cli/server_internal_test.go index 72ca6f3a644e1..4e4f3b01c6ce5 100644 --- a/cli/server_internal_test.go +++ b/cli/server_internal_test.go @@ -141,8 +141,8 @@ func Test_configureCipherSuites(t *testing.T) { name: "TLSUnsupported", minTLS: tls.VersionTLS10, maxTLS: tls.VersionTLS13, - // TLS_RSA_WITH_AES_128_GCM_SHA256 only supports tls 1.2 - inputCiphers: []string{"TLS_RSA_WITH_AES_128_GCM_SHA256"}, + // TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 only supports tls 1.2 + inputCiphers: []string{"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}, wantErr: "no tls ciphers supported for tls versions", }, { diff --git a/coderd/apidoc/docs.go b/coderd/apidoc/docs.go index 34c4c6b529d19..af8492ae15961 100644 --- a/coderd/apidoc/docs.go +++ b/coderd/apidoc/docs.go @@ -14489,7 +14489,7 @@ const docTemplate = `{ "type": "string" }, "host": { - "description": "host or host:port", + "description": "host or host:port (see Hostname and Port methods)", "type": "string" }, "omitHost": { diff --git a/coderd/apidoc/swagger.json b/coderd/apidoc/swagger.json index 43aacb5e0cc32..e68a61af19788 100644 --- a/coderd/apidoc/swagger.json +++ b/coderd/apidoc/swagger.json @@ -13205,7 +13205,7 @@ "type": "string" }, "host": { - "description": "host or host:port", + "description": "host or host:port (see Hostname and Port methods)", "type": "string" }, "omitHost": { diff --git a/coderd/devtunnel/tunnel.go b/coderd/devtunnel/tunnel.go index 89ceace6e4849..d1f3c75c3d6da 100644 --- a/coderd/devtunnel/tunnel.go +++ b/coderd/devtunnel/tunnel.go @@ -11,8 +11,8 @@ import ( "time" "github.com/briandowns/spinner" + "github.com/tailscale/wireguard-go/device" "golang.org/x/xerrors" - "golang.zx2c4.com/wireguard/device" "cdr.dev/slog" "github.com/coder/coder/v2/cli/cliui" diff --git a/docs/api/schemas.md b/docs/api/schemas.md index 67fb461ee1b0b..eb2f7cbeb8aa1 100644 --- a/docs/api/schemas.md +++ b/docs/api/schemas.md @@ -8923,7 +8923,7 @@ _None_ | ------------- | ---------------------------- | -------- | ------------ | -------------------------------------------------- | | `forceQuery` | boolean | false | | append a query ('?') even if RawQuery is empty | | `fragment` | string | false | | fragment for references, without '#' | -| `host` | string | false | | host or host:port | +| `host` | string | false | | host or host:port (see Hostname and Port methods) | | `omitHost` | boolean | false | | do not emit empty host (authority) | | `opaque` | string | false | | encoded opaque data | | `path` | string | false | | path (relative paths may omit leading slash) | diff --git a/dogfood/Dockerfile b/dogfood/Dockerfile index 735b87dea27f7..4aa46e83c8fd7 100644 --- a/dogfood/Dockerfile +++ b/dogfood/Dockerfile @@ -8,7 +8,7 @@ FROM ubuntu:jammy AS go RUN apt-get update && apt-get install --yes curl gcc # Install Go manually, so that we can control the version -ARG GO_VERSION=1.21.9 +ARG GO_VERSION=1.22.3 RUN mkdir --parents /usr/local/go # Boring Go is needed to build FIPS-compliant binaries. diff --git a/flake.lock b/flake.lock index 8a460beeb9782..c6853aa477736 100644 --- a/flake.lock +++ b/flake.lock @@ -61,11 +61,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "type": "github" }, "original": { @@ -91,11 +91,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1712439257, - "narHash": "sha256-aSpiNepFOMk9932HOax0XwNxbA38GOUVOiXfUVPOrck=", + "lastModified": 1715087517, + "narHash": "sha256-CLU5Tsg24Ke4+7sH8azHWXKd0CFd4mhLWfhYgUiDBpQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ff0dbd94265ac470dda06a657d5fe49de93b4599", + "rev": "b211b392b8486ee79df6cdfb1157ad2133427a29", "type": "github" }, "original": { @@ -107,11 +107,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1714906307, - "narHash": "sha256-UlRZtrCnhPFSJlDQE7M0eyhgvuuHBTe1eJ9N9AQlJQ0=", + "lastModified": 1702151865, + "narHash": "sha256-9VAt19t6yQa7pHZLDbil/QctAgVsA66DLnzdRGqDisg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "25865a40d14b3f9cf19f19b924e2ab4069b09588", + "rev": "666fc80e7b2afb570462423cb0e1cf1a3a34fedd", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index fb33091b2f60c..c8262aa7432cc 100644 --- a/flake.nix +++ b/flake.nix @@ -39,7 +39,7 @@ git gnumake gnused - go_1_21 + go_1_22 go-migrate golangci-lint gopls @@ -93,11 +93,11 @@ # To make faster subsequent builds, you could extract the `.zst` # slim bundle into it's own derivation. buildFat = osArch: - pkgs.buildGo121Module { + pkgs.buildGo122Module { name = "coder-${osArch}"; # Updated with ./scripts/update-flake.sh`. # This should be updated whenever go.mod changes! - vendorHash = "sha256-tBczWqmpIfr8zwftHl/W3nw3qiSei+aIw3fZmtl0SwI="; + vendorHash = "sha256-YOXZ3tJAky2XmNH81MNj3eNq95ucGFUJIC0O8Z+xk20="; proxyVendor = true; src = ./.; nativeBuildInputs = with pkgs; [ getopt openssl zstd ]; diff --git a/go.mod b/go.mod index e67821bcdfb52..a23642db50da4 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/coder/coder/v2 -go 1.21.4 +go 1.22.3 // Required until a v3 of chroma is created to lazily initialize all XML files. // None of our dependencies seem to use the registries anyways, so this @@ -42,28 +42,12 @@ replace github.com/dlclark/regexp2 => github.com/dlclark/regexp2 v1.7.0 // There are a few minor changes we make to Tailscale that we're slowly upstreaming. Compare here: // https://github.com/tailscale/tailscale/compare/main...coder:tailscale:main -replace tailscale.com => github.com/coder/tailscale v1.1.1-0.20240501025849-d8a4721c3162 +replace tailscale.com => github.com/coder/tailscale v1.1.1-0.20240522100209-5cd256cdcb39 -// Fixes a race-condition in coder/wgtunnel. -// Upstream PR: https://github.com/WireGuard/wireguard-go/pull/85 -replace golang.zx2c4.com/wireguard => github.com/coder/wireguard-go v0.0.0-20230920225835-b7d43c468619 - -// This is replaced to include a fix that causes a deadlock when closing the -// wireguard network. -// The branch used is from https://github.com/coder/wireguard-go/tree/colin/tailscale -// It is based on https://github.com/tailscale/wireguard-go/tree/tailscale, but -// includes the upstream fix https://github.com/WireGuard/wireguard-go/commit/b7cd547315bed421a648d0a0f1ee5a0fc1b1151e -replace github.com/tailscale/wireguard-go => github.com/coder/wireguard-go v0.0.0-20230807234434-d825b45ccbf5 - -// Use our tempfork of gvisor that includes a fix for TCP connection stalls: -// https://github.com/coder/coder/issues/7388 -// The basis for this fork is: gvisor.dev/gvisor v0.0.0-20230504175454-7b0a1988a28f -// This is the same version as used by Tailscale `main`: -// https://github.com/tailscale/tailscale/blob/c19b5bfbc391637b11c2acb3c725909a0046d849/go.mod#L88 -// -// Latest gvisor otherwise has refactored packages and is currently incompatible with -// Tailscale, to remove our tempfork this needs to be addressed. -replace gvisor.dev/gvisor => github.com/coder/gvisor v0.0.0-20230714132058-be2e4ac102c3 +// This is replaced to include +// 1. a fix for a data race: c.f. https://github.com/tailscale/wireguard-go/pull/25 +// 2. update to the latest gVisor +replace github.com/tailscale/wireguard-go => github.com/coder/wireguard-go v0.0.0-20240522052547-769cdd7f7818 // Switch to our fork that imports fixes from http://github.com/tailscale/ssh. // See: https://github.com/coder/coder/issues/3371 @@ -105,7 +89,7 @@ require ( github.com/coder/pretty v0.0.0-20230908205945-e89ba86370e0 github.com/coder/retry v1.5.1 github.com/coder/terraform-provider-coder v0.22.0 - github.com/coder/wgtunnel v0.1.13-0.20231127054351-578bfff9b92a + github.com/coder/wgtunnel v0.1.13-0.20240522110300-ade90dfb2da0 github.com/coreos/go-oidc/v3 v3.10.0 github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf github.com/creack/pty v1.1.21 @@ -199,14 +183,13 @@ require ( golang.org/x/text v0.15.0 golang.org/x/tools v0.21.0 golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 - golang.zx2c4.com/wireguard v0.0.0-20230704135630-469159ecf7d1 google.golang.org/api v0.180.0 google.golang.org/grpc v1.63.2 google.golang.org/protobuf v1.34.1 gopkg.in/DataDog/dd-trace-go.v1 v1.61.0 gopkg.in/natefinch/lumberjack.v2 v2.2.1 gopkg.in/yaml.v3 v3.0.1 - gvisor.dev/gvisor v0.0.0-20230504175454-7b0a1988a28f + gvisor.dev/gvisor v0.0.0-20240509041132-65b30f7869dc nhooyr.io/websocket v1.8.7 storj.io/drpc v0.0.33 tailscale.com v1.46.1 @@ -395,7 +378,7 @@ require ( github.com/tailscale/golang-x-crypto v0.0.0-20230713185742-f0b76a10a08e // indirect github.com/tailscale/goupnp v1.0.1-0.20210804011211-c64d0f06ea05 // indirect github.com/tailscale/netlink v1.1.1-0.20211101221916-cabfb018fe85 - github.com/tailscale/wireguard-go v0.0.0-20230710185534-bb2c8f22eccf // indirect + github.com/tailscale/wireguard-go v0.0.0-20231121184858-cc193a0b3272 github.com/tchap/go-patricia/v2 v2.3.1 // indirect github.com/tcnksm/go-httpstat v0.2.0 // indirect github.com/tdewolff/parse/v2 v2.7.12 // indirect diff --git a/go.sum b/go.sum index 8c5ef8240b246..e92cc869ed29d 100644 --- a/go.sum +++ b/go.sum @@ -188,8 +188,8 @@ github.com/chromedp/chromedp v0.9.2 h1:dKtNz4kApb06KuSXoTQIyUC2TrA0fhGDwNZf3bcgf github.com/chromedp/chromedp v0.9.2/go.mod h1:LkSXJKONWTCHAfQasKFUZI+mxqS4tZqhmtGzzhLsnLs= github.com/chromedp/sysutil v1.0.0 h1:+ZxhTpfpZlmchB58ih/LBHX52ky7w2VhQVKQMucy3Ic= github.com/chromedp/sysutil v1.0.0/go.mod h1:kgWmDdq8fTzXYcKIBqIYvRRTnYb9aNS9moAV0xufSww= -github.com/cilium/ebpf v0.11.0 h1:V8gS/bTCCjX9uUnkUFUpPsksM8n1lXBAvHcpiFk1X2Y= -github.com/cilium/ebpf v0.11.0/go.mod h1:WE7CZAnqOL2RouJ4f1uyNhqr2P4CCvXFIqdRDUgWsVs= +github.com/cilium/ebpf v0.12.3 h1:8ht6F9MquybnY97at+VDZb3eQQr8ev79RueWeVaEcG4= +github.com/cilium/ebpf v0.12.3/go.mod h1:TctK1ivibvI3znr66ljgi4hqOT8EYQjz1KWBfb1UVgM= github.com/clbanning/mxj/v2 v2.7.0 h1:WA/La7UGCanFe5NpHF0Q3DNtnCsVoxbPKuyBNHWRyME= github.com/clbanning/mxj/v2 v2.7.0/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s= github.com/cli/safeexec v1.0.0/go.mod h1:Z/D4tTN8Vs5gXYHDCbaM1S/anmEDnJb1iW0+EJ5zx3Q= @@ -207,8 +207,6 @@ github.com/coder/go-httpstat v0.0.0-20230801153223-321c88088322 h1:m0lPZjlQ7vdVp github.com/coder/go-httpstat v0.0.0-20230801153223-321c88088322/go.mod h1:rOLFDDVKVFiDqZFXoteXc97YXx7kFi9kYqR+2ETPkLQ= github.com/coder/go-scim/pkg/v2 v2.0.0-20230221055123-1d63c1222136 h1:0RgB61LcNs24WOxc3PBvygSNTQurm0PYPujJjLLOzs0= github.com/coder/go-scim/pkg/v2 v2.0.0-20230221055123-1d63c1222136/go.mod h1:VkD1P761nykiq75dz+4iFqIQIZka189tx1BQLOp0Skc= -github.com/coder/gvisor v0.0.0-20230714132058-be2e4ac102c3 h1:gtuDFa+InmMVUYiurBV+XYu24AeMGv57qlZ23i6rmyE= -github.com/coder/gvisor v0.0.0-20230714132058-be2e4ac102c3/go.mod h1:pzr6sy8gDLfVmDAg8OYrlKvGEHw5C3PGTiBXBTCx76Q= github.com/coder/pretty v0.0.0-20230908205945-e89ba86370e0 h1:3A0ES21Ke+FxEM8CXx9n47SZOKOpgSE1bbJzlE4qPVs= github.com/coder/pretty v0.0.0-20230908205945-e89ba86370e0/go.mod h1:5UuS2Ts+nTToAMeOjNlnHFkPahrtDkmpydBen/3wgZc= github.com/coder/retry v1.5.1 h1:iWu8YnD8YqHs3XwqrqsjoBTAVqT9ml6z9ViJ2wlMiqc= @@ -217,16 +215,14 @@ github.com/coder/serpent v0.7.0 h1:zGpD2GlF3lKIVkMjNGKbkip88qzd5r/TRcc30X/SrT0= github.com/coder/serpent v0.7.0/go.mod h1:REkJ5ZFHQUWFTPLExhXYZ1CaHFjxvGNRlLXLdsI08YA= github.com/coder/ssh v0.0.0-20231128192721-70855dedb788 h1:YoUSJ19E8AtuUFVYBpXuOD6a/zVP3rcxezNsoDseTUw= github.com/coder/ssh v0.0.0-20231128192721-70855dedb788/go.mod h1:aGQbuCLyhRLMzZF067xc84Lh7JDs1FKwCmF1Crl9dxQ= -github.com/coder/tailscale v1.1.1-0.20240501025849-d8a4721c3162 h1:1uXQe8UAXMjvXYQ+XtpCT3LjbideQI3xpeejN9kh56A= -github.com/coder/tailscale v1.1.1-0.20240501025849-d8a4721c3162/go.mod h1:L8tPrwSi31RAMEMV8rjb0vYTGs7rXt8rAHbqY/p41j4= +github.com/coder/tailscale v1.1.1-0.20240522100209-5cd256cdcb39 h1:v3x8FBqk45mbBybU1QrQy7CGiUpQDPBJT0C5g8bfGHE= +github.com/coder/tailscale v1.1.1-0.20240522100209-5cd256cdcb39/go.mod h1:rp6BIJxCp127/hvvDWNkHC9MxAlKvQfoOtBr8s5sCqo= github.com/coder/terraform-provider-coder v0.22.0 h1:L72WFa9/6sc/nnXENPS8LpWi/2NBV+DRUW0WT//pEaU= github.com/coder/terraform-provider-coder v0.22.0/go.mod h1:wMun9UZ9HT2CzF6qPPBup1odzBpVUc0/xSFoXgdI3tk= -github.com/coder/wgtunnel v0.1.13-0.20231127054351-578bfff9b92a h1:KhR9LUVllMZ+e9lhubZ1HNrtJDgH5YLoTvpKwmrGag4= -github.com/coder/wgtunnel v0.1.13-0.20231127054351-578bfff9b92a/go.mod h1:QzfptVUdEO+XbkzMKx1kw13i9wwpJlfI1RrZ6SNZ0hA= -github.com/coder/wireguard-go v0.0.0-20230807234434-d825b45ccbf5 h1:eDk/42Kj4xN4yfE504LsvcFEo3dWUiCOaBiWJ2uIH2A= -github.com/coder/wireguard-go v0.0.0-20230807234434-d825b45ccbf5/go.mod h1:QRIcq2+DbdIC5sKh/gcAZhuqu6WT6L6G8/ALPN5wqYw= -github.com/coder/wireguard-go v0.0.0-20230920225835-b7d43c468619 h1:Ug4+d7ooZNjQPVHL+zrHF2hLCr0FOpxHdB2Urr77VmY= -github.com/coder/wireguard-go v0.0.0-20230920225835-b7d43c468619/go.mod h1:tqur9LnfstdR9ep2LaJT4lFUl0EjlHtge+gAjmsHUG4= +github.com/coder/wgtunnel v0.1.13-0.20240522110300-ade90dfb2da0 h1:C2/eCr+r0a5Auuw3YOiSyLNHkdMtyCZHPFBx7syN4rk= +github.com/coder/wgtunnel v0.1.13-0.20240522110300-ade90dfb2da0/go.mod h1:qANbdpqyAGlo2bg+4gQKPj24H1ZWa3bQU2Q5/bV5B3Y= +github.com/coder/wireguard-go v0.0.0-20240522052547-769cdd7f7818 h1:bNhUTaKl3q0bFn78bBRq7iIwo72kNTvUD9Ll5TTzDDk= +github.com/coder/wireguard-go v0.0.0-20240522052547-769cdd7f7818/go.mod h1:fAlLM6hUgnf4Sagxn2Uy5Us0PBgOYWz+63HwHUVGEbw= github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM= github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= github.com/coreos/go-iptables v0.6.0 h1:is9qnZMPYjLd8LYqmm/qlE+wwEgJIkTYdhV3rfZo4jk= @@ -1217,6 +1213,8 @@ gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= +gvisor.dev/gvisor v0.0.0-20240509041132-65b30f7869dc h1:DXLLFYv/k/xr0rWcwVEvWme1GR36Oc4kNMspg38JeiE= +gvisor.dev/gvisor v0.0.0-20240509041132-65b30f7869dc/go.mod h1:sxc3Uvk/vHcd3tj7/DHVBoR5wvWT/MmRq2pj7HRJnwU= honnef.co/go/gotraceui v0.2.0 h1:dmNsfQ9Vl3GwbiVD7Z8d/osC6WtGGrasyrC2suc4ZIQ= honnef.co/go/gotraceui v0.2.0/go.mod h1:qHo4/W75cA3bX0QQoSvDjbJa4R8mAyyFjbWAj63XElc= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=