Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Advice to build plugin using Go 1.16 is no longer viable #1193

Open
atc0005 opened this issue Dec 19, 2024 · 0 comments
Open

Advice to build plugin using Go 1.16 is no longer viable #1193

atc0005 opened this issue Dec 19, 2024 · 0 comments
Assignees
@atc0005
Labels
app/lscert bug Something isn't working output/extended Long Service Output (aka, "extended" or "detailed") plugin/check_cert
Milestone
v0.26.0

Comments

@atc0005
Copy link
Owner

atc0005 commented Dec 19, 2024

While troubleshooting some service checks I was setting up for some older hosts I found that the certificates were missing SANs entries.

The following output is from lscert using a development snapshot of the code (but likely matches stable releases):

This certificate does not contain Subject Alternate Names (SANs) and should be replaced.

As a temporary workaround you can:

  1. set the GODEBUG environment variable to 'GODEBUG=x509ignoreCN=0' AND either deploy v0.5.3 of this plugin or rebuild this plugin using Go 1.16
  2. specify the 'ignore-hostname-verification-if-empty-sans' flag to skip hostname verification if the SANs list is found to be empty

See these resources for additional information:

Here is an example of building the plugin using the last Go 1.16 Docker image:
docker container run -it --rm -v $PWD:$PWD -w $PWD golang:1.16 go build ./cmd/check_cert/

Attempting to actually do so fails due to a vendored dependency:

$ podman container run -it --rm -v $PWD:$PWD -w $PWD golang:1.16 go build ./cmd/check_cert/
Resolving "golang" using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull docker.io/library/golang:1.16...
Getting image source signatures
Copying blob e4d61adff207 done
Copying blob ff5b10aec998 done
Copying blob 12de8c754e45 done
Copying blob 8c86ff77a317 done
Copying blob 4ff1945c672b done
Copying blob 0395a1c478ba done
Copying blob 245345d44ed8 done
Copying config 972d8c0bc0 done
Writing manifest to image destination
Storing signatures
vendor/github.com/mattn/go-isatty/isatty_tcgets.go:8:8: //go:build comment without // +build comment

Attempting to use -mod=mod or similar doesn't work either.

$ podman container run -it --rm -v $PWD:$PWD -w $PWD golang:1.16 go build -mod=mod ./cmd/check_cert/
go: downloading github.com/atc0005/cert-payload v0.7.1
go: downloading github.com/rs/zerolog v1.33.0
go: downloading github.com/atc0005/go-nagios v0.19.0
go: downloading github.com/mattn/go-colorable v0.1.13
go: downloading github.com/mattn/go-isatty v0.0.20
go: downloading golang.org/x/sys v0.28.0
/go/pkg/mod/github.com/mattn/go-isatty@v0.0.20/isatty_tcgets.go:8:8: //go:build comment without // +build comment

While it may be possible to update the directions to walk the sysadmin through checking out a specific tag with dependencies known to successfully compile with Go 1.16, it's probably not really a viable workaround.

Instead, we should remove all mention of building with Go 1.16.
@atc0005 atc0005 added bug Something isn't working plugin/check_cert app/lscert output/extended Long Service Output (aka, "extended" or "detailed") labels Dec 19, 2024
@atc0005 atc0005 added this to the v0.26.0 milestone Dec 19, 2024
@atc0005 atc0005 self-assigned this Dec 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@atc0005 atc0005

Labels
app/lscert bug Something isn't working output/extended Long Service Output (aka, "extended" or "detailed") plugin/check_cert
Projects
None yet
Milestone
v0.26.0
Development

No branches or pull requests
1 participant
@atc0005