Commit Graph

98 Commits

Author SHA1 Message Date
Luis Neto e2c2b012f1 TUN-8737: update metrics server port selection
## Summary
Update how metrics server binds to a listener by using a known set of ports whenever the default address is used with the fallback to a random port in case all address are already in use. The default address changes at compile time in order to bind to a different default address when the final deliverable is a docker image.

Refactor ReadyServer tests.

Closes TUN-8737
2024-11-22 07:23:46 -08:00
Arjun 53c523444e add: new go-fuzz targets
Signed-off-by: Arjun <pkillarjun@protonmail.com>
2024-11-11 20:45:49 +05:30
Luis Neto e8e824a730 VULN-66059: remove ssh server tests
## Summary
The initial purpose of this PR was to bump the base image from buster to bookworm however these tests are no longer exercised hence the removal

Closes VULN-66059
2024-11-05 23:00:35 -08:00
lneto b03ea055b0 TUN-8581: create dry run for github release 2024-08-01 17:42:59 +01:00
lneto 47733ba25e TUN-8523: refactor makefile and cfsetup
- remove unused targets in Makefile
- order deps in cfsetup.yaml
- only build cloudflared not all linux targets
- rename stages to be more explicit
- adjust build deps of build-linux-release
- adjust build deps of build-linux-fips-release
- rename github_release_pkgs_pre_cache to build_release_pre_cache
- only build release release artifacts within build-linux-release
- only build release release artifacts within build-linux-fips-release
- remove github-release-macos
- remove github-release-windows
- adjust builddeps of test and test-fips
- create builddeps anchor for component-test and use it in component-test-fips
- remove wixl from build-linux-*
- rename release-pkgs-linux to r2-linux-release
- add github-release: artifacts uplooad and set release message
- clean build directory before build
- add step to package windows binaries
- refactor windows script
One of TeamCity changes is moving the artifacts to the built artifacts, hence, there is no need to cp files from artifacts to built_artifacts
- create anchor for release builds
- create anchor for tests stages
- remove reprepro and createrepo as they are only called by release_pkgs.py
2024-07-15 12:56:43 +01:00
lneto c95959e845 TUN-8520: add macos arm64 build
- refactor build script for macos to include arm64 build
- refactor Makefile to upload all the artifacts instead of issuing one by one
- update cfsetup due to 2.
- place build files in specific folders
- cleanup build directory before/after creating build artifacts
2024-07-11 16:23:35 +01:00
Devin Carr eb2e4349e8 TUN-8415: Refactor capnp rpc into a single module
Combines the tunnelrpc and quic/schema capnp files into the same module.

To help reduce future issues with capnp id generation, capnpids are
provided in the capnp files from the existing capnp struct ids generated
in the go files.

Reduces the overall interface of the Capnp methods to the rest of
the code by providing an interface that will handle the quic protocol
selection.

Introduces a new `rpc-timeout` config that will allow all of the
SessionManager and ConfigurationManager RPC requests to have a timeout.
The timeout for these values is set to 5 seconds as non of these operations
for the managers should take a long time to complete.

Removed the RPC-specific logger as it never provided good debugging value
as the RPC method names were not visible in the logs.
2024-05-17 11:22:07 -07:00
Chung-Ting c8ffdae859 TUN-8146: Fix Makefile targets should not be run in parallel and install-go script was missing shebang 2024-01-11 15:36:15 +00:00
Chung-Ting 8fc8c17522 TUN-8146: Fix export path for install-go command
This should fix homebrew-core to use the correct go tool chain
2024-01-11 12:38:28 +00:00
João "Pisco" Fernandes 8d9aab5217 TUN-8140: Remove homebrew scripts
## Summary
We have decided to no longer push cloudflared to cloudflare homebrew, and use
the automation from homebrew-core to update cloudflared on their repository.
Therefore, the scripts for homebrew and makefile targets are no longer necessary.
2024-01-11 11:34:33 +00:00
chungthuang 3e5c2959db TUN-8134: Revert installed prefix to /usr 2024-01-10 11:43:55 +00:00
chungthuang 37ec2d4830 TUN-8134: Install cloudflare go as part of make install
To build cloudflared from source, one will need a go tool chain that
supports post quantum curves
2024-01-10 10:23:43 +00:00
Chung-Ting 12dd91ada1 TUN-8052: Update go to 1.21.5
Also update golang.org/x/net and google.golang.org/grpc to fix vulnerabilities,
although cloudflared is using them in a way that is not exposed to those risks
2023-12-15 12:17:21 +00:00
Devin Carr 0096f2613c TUN-7587: Remove junos builds 2023-07-20 18:29:33 +00:00
Sudarsan Reddy 58b27a1ccf TUN-7447: Add a cover build to report code coverage 2023-05-31 14:59:05 +01:00
pufferfish bfbe426905
Add suport for OpenBSD (#916) 2023-04-04 16:14:51 +01:00
Sudarsan Reddy 87bd36c924 TUN-7064: RPM digests are now sha256 instead of md5sum 2023-01-10 10:37:45 +00:00
Devin Carr 515ad7cbee TUN-6917: Bump go to 1.19.3 2022-11-07 09:19:19 -08:00
Sven Höxter 2aca844570 drop usage of cat when sed is invoked to generate the manpage 2022-10-12 11:46:45 +01:00
Sudarsan Reddy e89bceca5e TUN-6825: Fix cloudflared:version images require arch hyphens
Once we introduced multi arch docker images, pinning cloudflared
versions required suffixing -(arm64/amd64) to the cloudflared:version
image tag. This change should fix that by adding specific versions to
the cloudflare docker build cycle
2022-10-04 15:48:58 +00:00
Sudarsan Reddy 5b30925773 TUN-6755: Remove unused publish functions
We no longer need the functions that publish deb and rpm to the old
pkg.cloudflare.com backed since we now send them to R2.
2022-09-30 10:28:28 +01:00
Devin Carr b0f0741a9b TUN-6590: Use Windows Teamcity agent to build binary 2022-09-21 19:34:36 +00:00
Devin Carr 013bdbd10c TUN-6718: Bump go and go-boring 1.18.6 2022-09-19 15:18:59 +00:00
Devin Carr e380333520 TUN-6688: Update RegisterUdpSession capnproto to include trace context 2022-09-08 21:50:58 +00:00
Sudarsan Reddy 135c8e6d13 TUN-6362: Add armhf support to cloudflare packaging
We now will have `armhf` based debs on our github pages

This will also sync to our R2 Release process allowing legacy rpi users to
eventually be able to apt-get install cloudflared.
2022-06-20 12:05:03 +01:00
Sudarsan Reddy 337591b2bb TUN-6414: Remove go-sumtype from cloudflared build process
This PR removes go-sumtype from cloudflared's build processes.

The value we see from analysing exhaustive match patterns in go is minimal (we can do this in code reviews) compared to using a tool that is unmaintained and (now broken) in Go 1.18.

We'd already been using the patched version here: https://github.com/sudarshan-reddy/go-sumtype because the original is broken for go tools > 1.16
2022-06-17 09:23:44 +01:00
Devin Carr ec509e114a TUN-6292: Debug builds for cloudflared
Allow for cloudflared to be built with debug mode to be used with dlv exec
2022-05-26 11:13:59 -07:00
Sudarsan Reddy 4b6437cc60 TUN-5943: Add RPM support
This PR extends release_pkgs.py to now also support uploading rpm based
assets to R2. The packages are not signed yet  and will be done in a
subsequent PR.

This PR
- Packs the .rpm assets into relevant directories
- Calls createrepo on them to make them yum repo ready
- Uploads them to R2
2022-05-12 16:41:51 +00:00
Misaka No 377a9a8d27
Update Makefile 2022-04-06 17:43:58 +08:00
Piper McCorkle 9552bb7bc7 TUN-5853 Add "install" make target and build package manager info into executable 2022-03-08 15:31:14 -06:00
Nuno Diegues c54e8cd8e6 TUN-5851: Update all references to point to Apache License 2.0 2022-03-08 17:35:31 +00:00
Nuno Diegues ead93e9f26 TUN-5551: Internally published debian artifacts are now named just cloudflared even though they are FIPS compliant
This way we will force the adoption of FIPS compliant cloudflared without having
to handle the transition for systems that already have it installed (since we
were previously using new artifacts with fips suffix)  nor without having to
segregate the resulting binary name (since we were always generating a binary
just called cloudflared from the unpacked debian archive to avoid having to change
any automation that assumes the binary to be called just that).
2022-01-05 08:24:58 +00:00
Nuno Diegues a39d95d5f7 TUN-5551: Show whether the binary was built for FIPS compliance
This is shown in 3 ways:
 - the version output with `cloudflared version` and alike commands
 - the build_info prometheus metric
 - a logging message
2021-12-28 19:03:16 +00:00
Nuno Diegues 01ad2785ee TUN-5551: Change internally published debian package to be FIPS compliant
This changes existing Makefile targets to make it obvious that they are
used to publish debian packages for internal Cloudflare usage. Those are
now FIPS compliant, with no alternative provided. This only affects amd64
builds (and we only publish internally for Linux).

This new Makefile target is used by all internal builds (including nightly
that is used for e2e tests).

Note that this Makefile target renames the artifact to be just `cloudflared`
so that this is used "as is" internally, without expecting people to opt-in
to the new `cloudflared-fips` package (as we are giving them no alternative).
2021-12-28 19:01:03 +00:00
Nuno Diegues 70e675f42c TUN-5551: Reintroduce FIPS compliance for linux amd64 now as separate binaries
This is a cherry-pick of 157f5d1412
followed by build/CI changes so that amd64/linux FIPS compliance is
provided by new/separate binaries/artifacts/packages.

The reasoning being that FIPS compliance places excessive requirements
in the encryption algorithms used for regular users that do not care
about that. This can cause cloudflared to reject HTTPS origins that
would otherwise be accepted without FIPS checks.

This way, by having separate binaries, existing ones remain as they
were, and only FIPS-needy users will opt-in to the new FIPS binaries.
2021-12-20 21:50:42 +00:00
Nuno Diegues 2dc5f6ec8c TUN-5549: Revert "TUN-5277: Ensure cloudflared binary is FIPS compliant on linux amd64"
This reverts commit 157f5d1412.

FIPS compliant binaries (for linux/amd64) are causing HTTPS origins to not
be reachable by cloudflared in certain cases (e.g. with Let's Encrypt certificates).

Origins that are not HTTPS for cloudflared are not affected.
2021-12-16 00:29:01 +00:00
Nuno Diegues b0e27d1eac TUN-5504: Fix upload of packages to public repo 2021-12-09 13:06:24 +00:00
Nuno Diegues 59bbd51065 TUN-5129: Remove `-dev` suffix when computing version and Git has uncommitted changes
When building the docker image, this `-dev` suffix is being added to the
cloudflared binary version.
The reason must be that there's some file, which is tracked by git, and
that is modified during that build.

It's not clear which file is it. But, at the same time, it's not clear what
advantage this `-dev` suffix is bringing. So we're simply removing it so that
we generate proper versions (so that our tracking/observability can correctly
aggregate these values).
2021-11-17 12:28:05 +00:00
Nuno Diegues 157f5d1412 TUN-5277: Ensure cloudflared binary is FIPS compliant on linux amd64 2021-11-10 21:27:25 +00:00
Nuno Diegues cbdf88ea28 TUN-5164: Update README and clean up references to Argo Tunnel (using Cloudflare Tunnel instead) 2021-09-29 08:27:47 +00:00
Silver 1cb22817db
Merge pull request #436 from Mongey/cm-arm-darwin
Allow building on arm64 platforms
2021-09-13 10:54:42 -05:00
Sudarsan Reddy 671754fd19 TUN-5012: Use patched go-sumtype 2021-08-30 10:10:25 +01:00
Conor Mongey a233f975c1
Allow building on arm64 platforms 2021-08-12 02:25:52 +01:00
Sudarsan Reddy b8333b44a2 TUN-4795: Remove Equinox releases 2021-08-05 08:24:36 +00:00
Sudarsan Reddy bd8af7d80d TUN-4771: Upload deb, rpm and msi packages to github
- cfsetup now has a build command `github-release-pkgs` to release linux
   and msi packages to github.
 - github_message.py now has an option to upload all assets in a provided
   directory.
2021-07-26 13:49:17 +01:00
Sudarsan Reddy dff694b218 TUN-4761: Added a build-all-packages target to cfsetup 2021-07-22 16:36:49 +01:00
Sudarsan Reddy 38af26e232 TUN-4755: Add a windows msi release option to Make 2021-07-21 10:31:16 +01:00
Sudarsan Reddy 81dff44bb9 TUN-4596: Add QUIC application protocol for QUIC stream handshake
- Vendored the capnproto library to cloudflared.
- Added capnproto schema defining application protocol.
- Added Pogs and application level read write of the protocol.
2021-07-15 17:35:25 +00:00
cthuang 6e45e0d53b TUN-4714: Name nightly package cloudflared-nightly to avoid apt conflict 2021-07-14 20:45:29 +01:00
Igor Postelnik da4d0b2bae TUN-4067: Reformat code for consistent import order, grouping, and fix formatting. Added goimports target to the Makefile to make this easier in the future. 2021-03-24 10:53:29 -05:00