Merge branch 'cloudflare:master' into master

2025-10-13 18:19:12 +01:00 · 2025-10-13 18:19:12 +01:00 · 891ac7db71
parent fd8f2b9f8b 1ac6c45dad
commit 891ac7db71
6 changed files with 45 additions and 16 deletions
--- a/.ci/linux.gitlab-ci.yml
+++ b/.ci/linux.gitlab-ci.yml
@ -16,6 +16,7 @@ include:
      <<: *golang_inputs
      jobPrefix: linux-build
      GOLANG_MAKE_TARGET: ci-build
+      imageVersion: "3308-283bdf9@sha256:fcd83570c91565a72eab132c38e0f589a481e2f3d4f3779f9f9a93eb555fee4a"

  ########################
  ### Linux FIPS Build ###
@ -25,6 +26,8 @@ include:
      <<: *golang_inputs
      jobPrefix: linux-fips-build
      GOLANG_MAKE_TARGET: ci-fips-build
+      imageVersion: "3308-283bdf9@sha256:fcd83570c91565a72eab132c38e0f589a481e2f3d4f3779f9f9a93eb555fee4a"
+

  #################
  ### Unit Tests ##
@ -35,6 +38,8 @@ include:
      stage: test
      jobPrefix: test
      GOLANG_MAKE_TARGET: ci-test
+      imageVersion: "3308-283bdf9@sha256:fcd83570c91565a72eab132c38e0f589a481e2f3d4f3779f9f9a93eb555fee4a"
+

  ######################
  ### Unit Tests FIPS ##
@ -45,6 +50,8 @@ include:
      stage: test
      jobPrefix: test-fips
      GOLANG_MAKE_TARGET: ci-fips-test
+      imageVersion: "3308-283bdf9@sha256:fcd83570c91565a72eab132c38e0f589a481e2f3d4f3779f9f9a93eb555fee4a"
+

  #################
  ### Vuln Check ##
@ -56,6 +63,8 @@ include:
      stage: validate
      jobPrefix: vulncheck
      GOLANG_MAKE_TARGET: vulncheck
+      imageVersion: "3308-283bdf9@sha256:fcd83570c91565a72eab132c38e0f589a481e2f3d4f3779f9f9a93eb555fee4a"
+

 #################################
 ### Run Linux Component Tests ###
--- a/client/config_test.go
+++ b/client/config_test.go
@ -45,6 +45,6 @@ func (m *mockFeatureSelector) Snapshot() features.FeatureSnapshot {
 	return features.FeatureSnapshot{
 		PostQuantum:     features.PostQuantumPrefer,
 		DatagramVersion: features.DatagramV3,
-		FeaturesList:    []string{features.FeaturePostQuantum, features.FeatureDatagramV3_1},
+		FeaturesList:    []string{features.FeaturePostQuantum, features.FeatureDatagramV3_2},
 	}
 }
--- a/features/features.go
+++ b/features/features.go
@ -10,9 +10,10 @@ const (
 	FeaturePostQuantum       = "postquantum"
 	FeatureQUICSupportEOF    = "support_quic_eof"
 	FeatureManagementLogs    = "management_logs"
-	FeatureDatagramV3_1      = "support_datagram_v3_1"
+	FeatureDatagramV3_2      = "support_datagram_v3_2"

-	DeprecatedFeatureDatagramV3 = "support_datagram_v3" // Deprecated: TUN-9291
+	DeprecatedFeatureDatagramV3   = "support_datagram_v3"   // Deprecated: TUN-9291
+	DeprecatedFeatureDatagramV3_1 = "support_datagram_v3_1" // Deprecated: TUN-9883
 )

 var defaultFeatures = []string{
@ -26,6 +27,7 @@ var defaultFeatures = []string{
 // List of features that are no longer in-use.
 var deprecatedFeatures = []string{
 	DeprecatedFeatureDatagramV3,
+	DeprecatedFeatureDatagramV3_1,
 }

 // Features set by user provided flags
@ -58,7 +60,7 @@ const (
 	// DatagramV2 is the currently supported datagram protocol for UDP and ICMP packets
 	DatagramV2 DatagramVersion = FeatureDatagramV2
 	// DatagramV3 is a new datagram protocol for UDP and ICMP packets. It is not backwards compatible with datagram v2.
-	DatagramV3 DatagramVersion = FeatureDatagramV3_1
+	DatagramV3 DatagramVersion = FeatureDatagramV3_2
 )

 // Remove any duplicate features from the list and remove deprecated features
--- a/features/selector.go
+++ b/features/selector.go
@ -23,9 +23,10 @@ const (
 // If the TXT record is missing a key, the field will unmarshal to the default Go value

 type featuresRecord struct {
-	DatagramV3Percentage uint32 `json:"dv3_1"`
+	DatagramV3Percentage uint32 `json:"dv3_2"`

 	// DatagramV3Percentage int32 `json:"dv3"` // Removed in TUN-9291
+	// DatagramV3Percentage uint32 `json:"dv3_1"` // Removed in TUN-9883
 	// PostQuantumPercentage int32 `json:"pq"` // Removed in TUN-7970
 }

@ -105,7 +106,7 @@ func (fs *featureSelector) postQuantumMode() PostQuantumMode {

 func (fs *featureSelector) datagramVersion() DatagramVersion {
 	// If user provides the feature via the cli, we take it as priority over remote feature evaluation
-	if slices.Contains(fs.cliFeatures, FeatureDatagramV3_1) {
+	if slices.Contains(fs.cliFeatures, FeatureDatagramV3_2) {
 		return DatagramV3
 	}
 	// If the user specifies DatagramV2, we also take that over remote
--- a/features/selector_test.go
+++ b/features/selector_test.go
@ -22,15 +22,15 @@ func TestUnmarshalFeaturesRecord(t *testing.T) {
 		expectedPercentage uint32
 	}{
 		{
-			record:             []byte(`{"dv3_1":0}`),
+			record:             []byte(`{"dv3_2":0}`),
 			expectedPercentage: 0,
 		},
 		{
-			record:             []byte(`{"dv3_1":39}`),
+			record:             []byte(`{"dv3_2":39}`),
 			expectedPercentage: 39,
 		},
 		{
-			record:             []byte(`{"dv3_1":100}`),
+			record:             []byte(`{"dv3_2":100}`),
 			expectedPercentage: 100,
 		},
 		{
@ -40,7 +40,7 @@ func TestUnmarshalFeaturesRecord(t *testing.T) {
 			record: []byte(`{"kyber":768}`), // Unmarshal to default struct if key is not present
 		},
 		{
-			record: []byte(`{"pq": 101,"dv3":100}`), // Expired keys don't unmarshal to anything
+			record: []byte(`{"pq": 101,"dv3":100,"dv3_1":100}`), // Expired keys don't unmarshal to anything
 		},
 	}

@ -111,10 +111,10 @@ func TestFeaturePrecedenceEvaluationDatagramVersion(t *testing.T) {
 		},
 		{
 			name:             "user_specified_v3",
-			cli:              []string{FeatureDatagramV3_1},
+			cli:              []string{FeatureDatagramV3_2},
 			remote:           featuresRecord{},
-			expectedFeatures: dedupAndRemoveFeatures(append(defaultFeatures, FeatureDatagramV3_1)),
-			expectedVersion:  FeatureDatagramV3_1,
+			expectedFeatures: dedupAndRemoveFeatures(append(defaultFeatures, FeatureDatagramV3_2)),
+			expectedVersion:  FeatureDatagramV3_2,
 		},
 	}

@ -150,6 +150,12 @@ func TestDeprecatedFeaturesRemoved(t *testing.T) {
 			remote:           featuresRecord{},
 			expectedFeatures: defaultFeatures,
 		},
+		{
+			name:             "support_datagram_v3_1",
+			cli:              []string{DeprecatedFeatureDatagramV3_1},
+			remote:           featuresRecord{},
+			expectedFeatures: defaultFeatures,
+		},
 	}

 	for _, test := range tests {
--- a/release_pkgs.py
+++ b/release_pkgs.py
@ -189,11 +189,22 @@ class PkgCreator:
    def import_gpg_keys(self, private_key, public_key):
        gpg = gnupg.GPG()
        private_key = base64.b64decode(private_key)
-        gpg.import_keys(private_key)
+        import_result = gpg.import_keys(private_key)
+        if not import_result.fingerprints:
+            raise Exception("Failed to import private key")
+
        public_key = base64.b64decode(public_key)
        gpg.import_keys(public_key)
+
+        imported_fingerprint = import_result.fingerprints[0]
        data = gpg.list_keys(secret=True)
-        return (data[0]["fingerprint"], data[0]["uids"][0])
+
+        # Find the specific key we just imported by comparing fingerprints
+        for key in data:
+            if key["fingerprint"] == imported_fingerprint:
+                return (key["fingerprint"], key["uids"][0])
+
+        raise Exception(f"Could not find imported key with fingerprint {imported_fingerprint}")

    def import_multiple_gpg_keys(self, primary_private_key, primary_public_key, secondary_private_key=None, secondary_public_key=None):
        """
@ -311,7 +322,7 @@ def create_rpm_packaging(
    repo_file = pkg_creator.create_repo_file(artifacts_path, binary_name, base_url, gpg_key_url)

    print("Uploading repo file")
-    pkg_uploader.upload_pkg_to_r2(repo_file, binary_name + "repo")
+    pkg_uploader.upload_pkg_to_r2(binary_name + "repo", repo_file)

    print("uploading latest to r2...")
    upload_from_directories(pkg_uploader, "rpm", None, binary_name)