This is a cherry-pick of 157f5d1412
followed by build/CI changes so that amd64/linux FIPS compliance is
provided by new/separate binaries/artifacts/packages.
The reasoning being that FIPS compliance places excessive requirements
in the encryption algorithms used for regular users that do not care
about that. This can cause cloudflared to reject HTTPS origins that
would otherwise be accepted without FIPS checks.
This way, by having separate binaries, existing ones remain as they
were, and only FIPS-needy users will opt-in to the new FIPS binaries.
This reverts commit 157f5d1412.
FIPS compliant binaries (for linux/amd64) are causing HTTPS origins to not
be reachable by cloudflared in certain cases (e.g. with Let's Encrypt certificates).
Origins that are not HTTPS for cloudflared are not affected.
When building the docker image, this `-dev` suffix is being added to the
cloudflared binary version.
The reason must be that there's some file, which is tracked by git, and
that is modified during that build.
It's not clear which file is it. But, at the same time, it's not clear what
advantage this `-dev` suffix is bringing. So we're simply removing it so that
we generate proper versions (so that our tracking/observability can correctly
aggregate these values).
- cfsetup now has a build command `github-release-pkgs` to release linux
and msi packages to github.
- github_message.py now has an option to upload all assets in a provided
directory.
- Vendored the capnproto library to cloudflared.
- Added capnproto schema defining application protocol.
- Added Pogs and application level read write of the protocol.
* Issue-285: Detect TARGET_ARCH correctly for FreeBSD amd64 (uname -m returns amd64 not x86_64)
See: https://github.com/cloudflare/cloudflared/issues/285
* Add note not to `go get github.com/BurntSushi/go-sumtype` in build directory as this will cause vendor issues
Co-authored-by: PaulC <paulc@>
Also changed the socks test code so that it binds to localhost, so that
we don't get popups saying "would you like to allow socks.test to use
the network"
dpkg does not support bzip2 compression, so fails to unpack and install
the built package. By omitting the option, fpm defaults to gzip which is
the default supported option by dpkg.
Signed-off-by: Joe Groocock <jgroocock@cloudflare.com>
This removes the redundant chgrp command from the publish step when
pushing packages to our public repositories. The directory being pushed
to has the setgid bit set on it, which means that we don't need to force
the group using this command. Further, attempting to do so resulted in
an error as the cfsync user does not have the appropriate permissions to
use the chgrp command.
This updates the public repository upload process to change the group on
the uploaded files to `cf` and adds the write permission for members of
the group. This should allow the `cf` user to properly overwrite the
file when signing it.
Current Debian and RPM meta information are very generic, e.g.
$ apt-cache show cloudflared
Package: cloudflared
Version: 2020.7.0
License: unknown
Vendor: @k8s-managed-krwtk.teamcity-agents.svc.cluster.local
Architecture: amd64
Maintainer: <@k8s-managed-krwtk.teamcity-agents.svc.cluster.local>
Installed-Size: 42883
Section: default
Priority: extra
Homepage: http://example.com/no-uri-given
Description: no description given
* Allow Dockerfile --build-args to override GOOS and GOARCH defaults
Allow Dockerfile --build-args to override GOOS and GOARCH defaults
Support building multi architecture binaries
remove default OS and ARCH to avoid tag confusion when compiling image through Makefile
Tag image with corrosponding OS and ARCH build variables
updating Makefile
Signed-off-by: Michael Fornaro <20387402+xUnholy@users.noreply.github.com>
* remove duplicate import on windows_service.go
Signed-off-by: Michael Fornaro <20387402+xUnholy@users.noreply.github.com>