curben
/
cloudflared-mirror
mirror of https://github.com/cloudflare/cloudflared.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'cloudflare:master' into master

This commit is contained in:
Areg Vrtanesyan 2026-01-20 18:32:14 +00:00 committed by GitHub
parent 6e4a3ae861 8aebc38b2f
commit 7e5ab43093
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
13 changed files with 51 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
.ci/image/Dockerfile
View File

@ -13,12 +13,13 @@ RUN apt-get update && \
python3-pip \ python3-pip \
python3-setuptools \ python3-setuptools \
python3-venv \ python3-venv \
# libmsi and libgcab are libraries the wixl binary depends on. # tool to create msi packages
libmsi-dev \ wixl \
libgcab-dev \ # install ruby and rpm which are required to install fpm package builder
# deb and rpm build tools
rubygem-fpm \
rpm \ rpm \
ruby \
ruby-dev \
rubygems \
# create deb and rpm repository files # create deb and rpm repository files
reprepro \ reprepro \
createrepo-c \ createrepo-c \
@ -26,9 +27,13 @@ RUN apt-get update && \
gcc-aarch64-linux-gnu \ gcc-aarch64-linux-gnu \
libc6-dev-arm64-cross && \ libc6-dev-arm64-cross && \
rm -rf /var/lib/apt/lists/* && \ rm -rf /var/lib/apt/lists/* && \
# Install wixl # Install fpm gem
curl -o /usr/local/bin/wixl -L https://pkg.cloudflare.com/binaries/wixl && \ gem install fpm --no-document && \
chmod a+x /usr/local/bin/wixl && \ # Initialize rpm repository, SQL Lite DB
mkdir -p /var/lib/rpm && \
rpm --initdb && \
chmod -R 777 /var/lib/rpm && \
# Create work directory
mkdir -p opt mkdir -p opt
WORKDIR /opt WORKDIR /opt

2
.ci/scripts/component-tests.sh
View File

@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
set -e -o pipefail set -e -u -o pipefail
# Fetch cloudflared from the artifacts folder # Fetch cloudflared from the artifacts folder
mv ./artifacts/cloudflared ./cloudflared mv ./artifacts/cloudflared ./cloudflared

2
.ci/scripts/fmt-check.sh
View File

@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
set -e -o pipefail set -e -u -o pipefail
OUTPUT=$(go run -mod=readonly golang.org/x/tools/cmd/goimports@v0.30.0 -l -d -local github.com/cloudflare/cloudflared $(go list -mod=vendor -f '{{.Dir}}' -a ./... | fgrep -v tunnelrpc)) OUTPUT=$(go run -mod=readonly golang.org/x/tools/cmd/goimports@v0.30.0 -l -d -local github.com/cloudflare/cloudflared $(go list -mod=vendor -f '{{.Dir}}' -a ./... | fgrep -v tunnelrpc))

2
.ci/scripts/github-push.sh
View File

@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
set -e -o pipefail set -e -u -o pipefail
BRANCH="master" BRANCH="master"
TMP_PATH="$PWD/tmp" TMP_PATH="$PWD/tmp"

1
.ci/scripts/linux/build-packages-fips.sh
View File

@ -1,4 +1,5 @@
#!/bin/bash #!/bin/bash
set -e -u -o pipefail
VERSION=$(git describe --tags --always --match "[0-9][0-9][0-9][0-9].*.*") VERSION=$(git describe --tags --always --match "[0-9][0-9][0-9][0-9].*.*")
echo $VERSION echo $VERSION

1
.ci/scripts/linux/build-packages.sh
View File

@ -1,4 +1,5 @@
#!/bin/bash #!/bin/bash
set -e -u -o pipefail
# Check if architecture argument is provided # Check if architecture argument is provided
if [ $# -eq 0 ]; then if [ $# -eq 0 ]; then

2
.ci/scripts/package-windows.sh
View File

@ -1,4 +1,6 @@
#!/bin/bash #!/bin/bash
set -e -u -o pipefail
python3 -m venv env python3 -m venv env
. env/bin/activate . env/bin/activate
pip install pynacl==1.4.0 pygithub==1.55 pip install pynacl==1.4.0 pygithub==1.55

4
.ci/scripts/release-target.sh
View File

@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
set -e -o pipefail set -e -u -o pipefail
# Check if a make target is provided as an argument # Check if a make target is provided as an argument
if [ $# -eq 0 ]; then if [ $# -eq 0 ]; then
@ -14,5 +14,5 @@ python3 -m venv venv
source venv/bin/activate source venv/bin/activate
# Our release scripts are written in python, so we should install their dependecies here. # Our release scripts are written in python, so we should install their dependecies here.
pip install pynacl==1.4.0 pygithub==1.55 boto3==1.22.9 python-gnupg==0.4.9 pip install pynacl==1.4.0 pygithub==1.55 boto3==1.42.30 python-gnupg==0.4.9
make $MAKE_TARGET make $MAKE_TARGET

2
.ci/scripts/vuln-check.sh
View File

@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
set -e set -e -u
# Define the file to store the list of vulnerabilities to ignore. # Define the file to store the list of vulnerabilities to ignore.
IGNORE_FILE=".vulnignore" IGNORE_FILE=".vulnignore"

1
.gitignore vendored
View File

@ -18,3 +18,4 @@ ssh_server_tests/.env
/.cover /.cover
built_artifacts/ built_artifacts/
component-tests/.venv component-tests/.venv
/artifacts

13
RELEASE_NOTES
View File

@ -1,3 +1,16 @@
2026.1.1
- 2026-01-19 fix: Update boto3 to run on trixie
- 2026-01-19 fix: Fix wixl bundling tool for windows msi packages
- 2026-01-19 fix: rpm bundling and rpm key import
2026.1.0
- 2026-01-13 TUN-10162: Update go to 1.24.11 and Debian distroless to debian13
- 2025-11-21 Replace jira.cfops.it with jira.cfdata.org in connection/http2_test.go
- 2025-11-19 TUN-9863: Update pipelines to use cloudflared EV Certificate
- 2025-11-07 TUN-9800: Migrate apt internal builds to Gitlab
- 2025-11-04 TUN-9998: Don't need to read origin cert to determine if the endpoint is fedramp
- 2025-10-13 TUN-9910: Make the metadata key to carry HTTP status over QUIC transport a constant
2025.11.1 2025.11.1
- 2025-11-07 TUN-9800: Fix docker hub push step - 2025-11-07 TUN-9800: Fix docker hub push step

18
cmd/cloudflared/tunnel/cmd.go
View File

@ -427,15 +427,16 @@ func StartServer(
return waitToShutdown(&wg, cancel, errC, graceShutdownC, 0, log) return waitToShutdown(&wg, cancel, errC, graceShutdownC, 0, log)
} }
if namedTunnel == nil {
return fmt.Errorf("namedTunnel is nil outside of DNS proxy stand-alone mode")
}
logTransport := logger.CreateTransportLoggerFromContext(c, logger.EnableTerminalLog) logTransport := logger.CreateTransportLoggerFromContext(c, logger.EnableTerminalLog)
observer := connection.NewObserver(log, logTransport) observer := connection.NewObserver(log, logTransport)
// Send Quick Tunnel URL to UI if applicable // Send Quick Tunnel URL to UI if applicable
var quickTunnelURL string quickTunnelURL := namedTunnel.QuickTunnelUrl
if namedTunnel != nil {
quickTunnelURL = namedTunnel.QuickTunnelUrl
}
if quickTunnelURL != "" { if quickTunnelURL != "" {
observer.SendURL(quickTunnelURL) observer.SendURL(quickTunnelURL)
} }
@ -459,14 +460,7 @@ func StartServer(
} }
} }
userCreds, err := credentials.Read(c.String(cfdflags.OriginCert), log) isFEDEndpoint := namedTunnel.Credentials.Endpoint == credentials.FedEndpoint
var isFEDEndpoint bool
if err != nil {
isFEDEndpoint = false
} else {
isFEDEndpoint = userCreds.IsFEDEndpoint()
}
var managementHostname string var managementHostname string
if isFEDEndpoint { if isFEDEndpoint {
managementHostname = credentials.FedRampHostname managementHostname = credentials.FedRampHostname

14
cmd/cloudflared/tunnel/credential_finder.go
View File

@ -63,12 +63,14 @@ func (s searchByID) Path() (string, error) {
Str("originCertPath", originCertPath). Str("originCertPath", originCertPath).
Logger() Logger()
// Fallback to look for tunnel credentials in the origin cert directory if originCertPath != "" {
if originCertPath, err := credentials.FindOriginCert(originCertPath, &originCertLog); err == nil { // Look for tunnel credentials in the origin cert directory if the flag is provided
originCertDir := filepath.Dir(originCertPath) if originCertPath, err := credentials.FindOriginCert(originCertPath, &originCertLog); err == nil {
if filePath, err := tunnelFilePath(s.id, originCertDir); err == nil { originCertDir := filepath.Dir(originCertPath)
if s.fs.validFilePath(filePath) { if filePath, err := tunnelFilePath(s.id, originCertDir); err == nil {
return filePath, nil if s.fs.validFilePath(filePath) {
return filePath, nil
}
} }
} }
} }