Commit Graph

60 Commits

Author SHA1 Message Date
Nuno Diegues 01ad2785ee TUN-5551: Change internally published debian package to be FIPS compliant
This changes existing Makefile targets to make it obvious that they are
used to publish debian packages for internal Cloudflare usage. Those are
now FIPS compliant, with no alternative provided. This only affects amd64
builds (and we only publish internally for Linux).

This new Makefile target is used by all internal builds (including nightly
that is used for e2e tests).

Note that this Makefile target renames the artifact to be just `cloudflared`
so that this is used "as is" internally, without expecting people to opt-in
to the new `cloudflared-fips` package (as we are giving them no alternative).
2021-12-28 19:01:03 +00:00
Nuno Diegues 70e675f42c TUN-5551: Reintroduce FIPS compliance for linux amd64 now as separate binaries
This is a cherry-pick of 157f5d1412
followed by build/CI changes so that amd64/linux FIPS compliance is
provided by new/separate binaries/artifacts/packages.

The reasoning being that FIPS compliance places excessive requirements
in the encryption algorithms used for regular users that do not care
about that. This can cause cloudflared to reject HTTPS origins that
would otherwise be accepted without FIPS checks.

This way, by having separate binaries, existing ones remain as they
were, and only FIPS-needy users will opt-in to the new FIPS binaries.
2021-12-20 21:50:42 +00:00
Nuno Diegues 2dc5f6ec8c TUN-5549: Revert "TUN-5277: Ensure cloudflared binary is FIPS compliant on linux amd64"
This reverts commit 157f5d1412.

FIPS compliant binaries (for linux/amd64) are causing HTTPS origins to not
be reachable by cloudflared in certain cases (e.g. with Let's Encrypt certificates).

Origins that are not HTTPS for cloudflared are not affected.
2021-12-16 00:29:01 +00:00
Nuno Diegues 157f5d1412 TUN-5277: Ensure cloudflared binary is FIPS compliant on linux amd64 2021-11-10 21:27:25 +00:00
Nuno Diegues 794635fb54 TUN-5397: Log cloudflared output when it fails to connect tunnel 2021-11-10 10:34:34 +00:00
Nuno Diegues d9636c73b4 TUN-5257: Fix more cfsetup targets that were broken by recent package changes 2021-10-14 16:47:34 +01:00
Nuno Diegues 997f2cf612 TUN-5250: Add missing packages for cfsetup to succeed in github release pkgs target 2021-10-14 08:56:21 +00:00
Nuno Diegues c51879b17f TUN-5003: Fix cfsetup for non-FIPS golang version 2021-08-27 19:14:22 +01:00
Sudarsan Reddy 414cb12f02 TUN-4961: Update quic-go to latest
- Updates fips-go to be the latest on cfsetup.yaml
- Updates sumtype's x/tools to be latest to avoid Internal: nil pkg
  errors with fips.
2021-08-27 12:26:00 +01:00
Sudarsan Reddy b8333b44a2 TUN-4795: Remove Equinox releases 2021-08-05 08:24:36 +00:00
Sudarsan Reddy cd4af5696d TUN-4772: Release built executables with packages 2021-07-30 13:56:19 +00:00
Sudarsan Reddy ee8c8bd4c6 TUN-4799: Build deb, msi and rpm packages with fips 2021-07-27 11:38:22 +01:00
Sudarsan Reddy bd8af7d80d TUN-4771: Upload deb, rpm and msi packages to github
- cfsetup now has a build command `github-release-pkgs` to release linux
   and msi packages to github.
 - github_message.py now has an option to upload all assets in a provided
   directory.
2021-07-26 13:49:17 +01:00
Sudarsan Reddy dff694b218 TUN-4761: Added a build-all-packages target to cfsetup 2021-07-22 16:36:49 +01:00
cthuang 6e45e0d53b TUN-4714: Name nightly package cloudflared-nightly to avoid apt conflict 2021-07-14 20:45:29 +01:00
Michael Borkenstein 48c5721bc6 TUN-4426: Fix centos builds 2021-05-20 11:29:14 -05:00
Adam Chalmers b297e8bb90 Release 2021.5.6 2021-05-14 18:22:58 -05:00
Adam Chalmers a00eda9538
TUN-4411: Fix Go version 2021-05-14 19:40:12 +01:00
Adam Chalmers b87cb9aee8
TUN-4357: Bump Go to 1.16 2021-05-13 02:05:18 +01:00
Nuno Diegues 9d3a7bd08e TUN-4125: Change component tests to run in CI with its own dedicated resources 2021-03-26 11:41:56 +00:00
Igor Postelnik da4d0b2bae TUN-4067: Reformat code for consistent import order, grouping, and fix formatting. Added goimports target to the Makefile to make this easier in the future. 2021-03-24 10:53:29 -05:00
cthuang 9df60276a9 TUN-4052: Add component tests to assert service mode behavior 2021-03-15 17:45:25 +00:00
cthuang a7344435a5 TUN-4062: Read component tests config from yaml file 2021-03-10 21:29:33 +00:00
cthuang 4481b9e46c TUN-4047: Add cfsetup target to run component test 2021-03-08 11:57:18 +00:00
Igor Postelnik a8ae6de213 TUN-3924: Removed db-connect command. Added a placeholder handler for this command that informs users that command is no longer supported. 2021-02-17 20:13:51 -06:00
Adam Chalmers a278753bbf TUN-3902: Add jitter to backoffhandler
Jitter is important to avoid every cloudflared in the world trying to
reconnect at t=1, 2, 4, etc. That could overwhelm the backend. But
if each cloudflared randomly waits for up to 2, then up to 4, then up
to 8 etc, then the retries get spread out evenly across time.

On average, wait times should be the same (e.g. instead of waiting for
exactly 1 second, cloudflared will wait betweeen 0 and 2 seconds).

This is the "Full Jitter" algorithm from https://aws.amazon.com/blogs/architecture/exponential-backoff-and-jitter/
2021-02-11 14:36:13 +00:00
Areg Harutyunyan 88b53eb886 TUN-3826: Use go-fips when building cloudflared for linux/amd64 2021-02-02 18:12:14 +00:00
Adam Chalmers 8a020d12e1 TUN-3830: Use Go 1.15.7 2021-01-28 22:37:23 -06:00
Adam Chalmers d45ca67498 TUN-3612: Upgrade to Go 1.15.6 2020-12-04 23:24:16 +00:00
Joe Groocock 11acb50cf7 EDGEPLAT-2958 build cloudflared for Bullseye
Signed-off-by: Joe Groocock <jgroocock@cloudflare.com>
2020-11-20 18:24:58 +00:00
Adam Chalmers 53de779a0a TUN-3544: Upgrade to Go 1.15.5 2020-11-18 16:13:54 -06:00
Adam Chalmers acd03e36e6 TUN-3465: Use Go 1.15.3 2020-10-15 15:55:16 -05:00
Lee Valentine e2ff7f65fc TRAFFIC-448: build cloudflare for junos and publish to s3 2020-09-24 19:23:53 +04:00
Michael Borkenstein 20623255dd AUTH-3110-use-cfsetup-precache 2020-09-18 16:26:33 -05:00
Adam Chalmers b26f3082e6 Use Go 1.15.2 2020-09-16 12:45:49 -05:00
Dalton b698fe5ef3 AUTH-2864 - add macos build to github release 2020-08-19 21:31:50 -05:00
Igor Postelnik 679f36303a TUN-3242: Build with go 1.14 2020-08-10 23:17:23 +00:00
Dalton 5b3b592108 AUTH-2927 run message update after all github builds are done 2020-08-03 10:12:03 -05:00
Michael Borkenstein edc69694cb AUTH-2714: Adds arm64 cloudflared build 2020-07-29 13:12:57 -06:00
Michael Borkenstein b696ca8b1c Removes centos 6 build 2020-07-29 14:01:34 +00:00
Ivan Babrou 6274567e16 Build cloudflared for arm64 on native agents 2020-07-20 17:42:50 -07:00
Michael Borkenstein a42b66e8bd AUTH-2872: Adds centos-6 build 2020-07-10 20:39:50 +00:00
Michael Borkenstein 2ce6720a6e AUTH-2854: Create cloudflared RPMs 2020-07-01 14:50:38 -05:00
Michael Borkenstein 7724ff8176 AUTH-2860: Fix builds 2020-07-01 15:51:02 +00:00
Michael Borkenstein 370c17e48c AUTH-2718: Add target for publishing deb to pkg.cloudflare repo 2020-06-30 14:46:24 +00:00
Michael Borkenstein b46acd7f63 AUTH-2685: Adds script to create release 2020-06-25 18:39:37 +00:00
Robert McNeil fd1941dfbe DEVTOOLS-7321: Add openssh-client pkg for missing ssh-keyscan 2020-06-15 17:08:10 -07:00
Robert McNeil 8c59254488 DEVTOOLS-7321: Add scripts for macOS builds and homebrew uploads 2020-06-08 15:44:28 +00:00
Michael Borkenstein 7a77ead423 AUTH-2682: Create buster build 2020-05-20 11:59:55 -05:00
Ashcon Partovi 759cd019be Add db-connect, a SQL over HTTPS server 2019-11-12 20:34:39 +00:00