diff --git a/.ci/linux.gitlab-ci.yml b/.ci/linux.gitlab-ci.yml index e1104145..d2b3e01b 100644 --- a/.ci/linux.gitlab-ci.yml +++ b/.ci/linux.gitlab-ci.yml @@ -16,6 +16,7 @@ include: <<: *golang_inputs jobPrefix: linux-build GOLANG_MAKE_TARGET: ci-build + imageVersion: "3308-283bdf9@sha256:fcd83570c91565a72eab132c38e0f589a481e2f3d4f3779f9f9a93eb555fee4a" ######################## ### Linux FIPS Build ### @@ -25,6 +26,8 @@ include: <<: *golang_inputs jobPrefix: linux-fips-build GOLANG_MAKE_TARGET: ci-fips-build + imageVersion: "3308-283bdf9@sha256:fcd83570c91565a72eab132c38e0f589a481e2f3d4f3779f9f9a93eb555fee4a" + ################# ### Unit Tests ## @@ -35,6 +38,8 @@ include: stage: test jobPrefix: test GOLANG_MAKE_TARGET: ci-test + imageVersion: "3308-283bdf9@sha256:fcd83570c91565a72eab132c38e0f589a481e2f3d4f3779f9f9a93eb555fee4a" + ###################### ### Unit Tests FIPS ## @@ -45,6 +50,8 @@ include: stage: test jobPrefix: test-fips GOLANG_MAKE_TARGET: ci-fips-test + imageVersion: "3308-283bdf9@sha256:fcd83570c91565a72eab132c38e0f589a481e2f3d4f3779f9f9a93eb555fee4a" + ################# ### Vuln Check ## @@ -56,6 +63,8 @@ include: stage: validate jobPrefix: vulncheck GOLANG_MAKE_TARGET: vulncheck + imageVersion: "3308-283bdf9@sha256:fcd83570c91565a72eab132c38e0f589a481e2f3d4f3779f9f9a93eb555fee4a" + ################################# ### Run Linux Component Tests ### diff --git a/client/config_test.go b/client/config_test.go index 5fe4e7c1..77923fb3 100644 --- a/client/config_test.go +++ b/client/config_test.go @@ -45,6 +45,6 @@ func (m *mockFeatureSelector) Snapshot() features.FeatureSnapshot { return features.FeatureSnapshot{ PostQuantum: features.PostQuantumPrefer, DatagramVersion: features.DatagramV3, - FeaturesList: []string{features.FeaturePostQuantum, features.FeatureDatagramV3_1}, + FeaturesList: []string{features.FeaturePostQuantum, features.FeatureDatagramV3_2}, } } diff --git a/features/features.go b/features/features.go index 2c7e6850..83a34a7f 100644 --- a/features/features.go +++ b/features/features.go @@ -10,9 +10,10 @@ const ( FeaturePostQuantum = "postquantum" FeatureQUICSupportEOF = "support_quic_eof" FeatureManagementLogs = "management_logs" - FeatureDatagramV3_1 = "support_datagram_v3_1" + FeatureDatagramV3_2 = "support_datagram_v3_2" - DeprecatedFeatureDatagramV3 = "support_datagram_v3" // Deprecated: TUN-9291 + DeprecatedFeatureDatagramV3 = "support_datagram_v3" // Deprecated: TUN-9291 + DeprecatedFeatureDatagramV3_1 = "support_datagram_v3_1" // Deprecated: TUN-9883 ) var defaultFeatures = []string{ @@ -26,6 +27,7 @@ var defaultFeatures = []string{ // List of features that are no longer in-use. var deprecatedFeatures = []string{ DeprecatedFeatureDatagramV3, + DeprecatedFeatureDatagramV3_1, } // Features set by user provided flags @@ -58,7 +60,7 @@ const ( // DatagramV2 is the currently supported datagram protocol for UDP and ICMP packets DatagramV2 DatagramVersion = FeatureDatagramV2 // DatagramV3 is a new datagram protocol for UDP and ICMP packets. It is not backwards compatible with datagram v2. - DatagramV3 DatagramVersion = FeatureDatagramV3_1 + DatagramV3 DatagramVersion = FeatureDatagramV3_2 ) // Remove any duplicate features from the list and remove deprecated features diff --git a/features/selector.go b/features/selector.go index 38cc43b4..d76276e8 100644 --- a/features/selector.go +++ b/features/selector.go @@ -23,9 +23,10 @@ const ( // If the TXT record is missing a key, the field will unmarshal to the default Go value type featuresRecord struct { - DatagramV3Percentage uint32 `json:"dv3_1"` + DatagramV3Percentage uint32 `json:"dv3_2"` // DatagramV3Percentage int32 `json:"dv3"` // Removed in TUN-9291 + // DatagramV3Percentage uint32 `json:"dv3_1"` // Removed in TUN-9883 // PostQuantumPercentage int32 `json:"pq"` // Removed in TUN-7970 } @@ -105,7 +106,7 @@ func (fs *featureSelector) postQuantumMode() PostQuantumMode { func (fs *featureSelector) datagramVersion() DatagramVersion { // If user provides the feature via the cli, we take it as priority over remote feature evaluation - if slices.Contains(fs.cliFeatures, FeatureDatagramV3_1) { + if slices.Contains(fs.cliFeatures, FeatureDatagramV3_2) { return DatagramV3 } // If the user specifies DatagramV2, we also take that over remote diff --git a/features/selector_test.go b/features/selector_test.go index 511aebe6..d68e6ec9 100644 --- a/features/selector_test.go +++ b/features/selector_test.go @@ -22,15 +22,15 @@ func TestUnmarshalFeaturesRecord(t *testing.T) { expectedPercentage uint32 }{ { - record: []byte(`{"dv3_1":0}`), + record: []byte(`{"dv3_2":0}`), expectedPercentage: 0, }, { - record: []byte(`{"dv3_1":39}`), + record: []byte(`{"dv3_2":39}`), expectedPercentage: 39, }, { - record: []byte(`{"dv3_1":100}`), + record: []byte(`{"dv3_2":100}`), expectedPercentage: 100, }, { @@ -40,7 +40,7 @@ func TestUnmarshalFeaturesRecord(t *testing.T) { record: []byte(`{"kyber":768}`), // Unmarshal to default struct if key is not present }, { - record: []byte(`{"pq": 101,"dv3":100}`), // Expired keys don't unmarshal to anything + record: []byte(`{"pq": 101,"dv3":100,"dv3_1":100}`), // Expired keys don't unmarshal to anything }, } @@ -111,10 +111,10 @@ func TestFeaturePrecedenceEvaluationDatagramVersion(t *testing.T) { }, { name: "user_specified_v3", - cli: []string{FeatureDatagramV3_1}, + cli: []string{FeatureDatagramV3_2}, remote: featuresRecord{}, - expectedFeatures: dedupAndRemoveFeatures(append(defaultFeatures, FeatureDatagramV3_1)), - expectedVersion: FeatureDatagramV3_1, + expectedFeatures: dedupAndRemoveFeatures(append(defaultFeatures, FeatureDatagramV3_2)), + expectedVersion: FeatureDatagramV3_2, }, } @@ -150,6 +150,12 @@ func TestDeprecatedFeaturesRemoved(t *testing.T) { remote: featuresRecord{}, expectedFeatures: defaultFeatures, }, + { + name: "support_datagram_v3_1", + cli: []string{DeprecatedFeatureDatagramV3_1}, + remote: featuresRecord{}, + expectedFeatures: defaultFeatures, + }, } for _, test := range tests { diff --git a/release_pkgs.py b/release_pkgs.py index 0045eb57..56acf699 100644 --- a/release_pkgs.py +++ b/release_pkgs.py @@ -189,11 +189,22 @@ class PkgCreator: def import_gpg_keys(self, private_key, public_key): gpg = gnupg.GPG() private_key = base64.b64decode(private_key) - gpg.import_keys(private_key) + import_result = gpg.import_keys(private_key) + if not import_result.fingerprints: + raise Exception("Failed to import private key") + public_key = base64.b64decode(public_key) gpg.import_keys(public_key) + + imported_fingerprint = import_result.fingerprints[0] data = gpg.list_keys(secret=True) - return (data[0]["fingerprint"], data[0]["uids"][0]) + + # Find the specific key we just imported by comparing fingerprints + for key in data: + if key["fingerprint"] == imported_fingerprint: + return (key["fingerprint"], key["uids"][0]) + + raise Exception(f"Could not find imported key with fingerprint {imported_fingerprint}") def import_multiple_gpg_keys(self, primary_private_key, primary_public_key, secondary_private_key=None, secondary_public_key=None): """ @@ -311,7 +322,7 @@ def create_rpm_packaging( repo_file = pkg_creator.create_repo_file(artifacts_path, binary_name, base_url, gpg_key_url) print("Uploading repo file") - pkg_uploader.upload_pkg_to_r2(repo_file, binary_name + "repo") + pkg_uploader.upload_pkg_to_r2(binary_name + "repo", repo_file) print("uploading latest to r2...") upload_from_directories(pkg_uploader, "rpm", None, binary_name)