Skip to content

Update certificate-transparency-go for bugfix#8160

Merged
aarongable merged 3 commits intomainfrom
mattm-update-ct-go
May 6, 2025
Merged

Update certificate-transparency-go for bugfix#8160
aarongable merged 3 commits intomainfrom
mattm-update-ct-go

Conversation

@mcpherrinm
Copy link
Copy Markdown
Contributor

@mcpherrinm mcpherrinm commented May 6, 2025
edited by aarongable
Loading

This updates to current master, bc7acd89f703743d050f5cd4a3b9746808e0fdae

Notably, it includes a bug-fix to error handling in the HTTP client, which we found was hiding errors from CT logs, hindering our debugging.

That fix is google/certificate-transparency-go#1695

No release has been tagged since this PR merged, so using the master commit.

A few mutual dependencies used by both Boulder and ct-go are updated, including mysql, otel, and grpc.

@mcpherrinm
Update certificate-transparency-go for bugfix
0c196e0 
This updates to current `master`, bc7acd89f703743d050f5cd4a3b9746808e0fdae

Notably, it includes a bug-fix to error handling in the HTTP client, which we
found was hiding errors from CT logs, hindering our debugging.

That fix is google/certificate-transparency-go#1695

No release has been tagged since this PR merged, so using the `master` commit.

A few mutual dependencies used by both Boulder and ct-go are updated, including
mysql, otel, and grpc.
@mcpherrinm mcpherrinm requested a review from a team as a code owner May 6, 2025 15:10
@mcpherrinm mcpherrinm requested a review from jprenken May 6, 2025 15:10
mcpherrinm
mcpherrinm commented May 6, 2025
View reviewed changes
go.mod
github.com/go-sql-driver/mysql v1.9.1
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da
github.com/google/certificate-transparency-go v1.3.1
github.com/google/certificate-transparency-go v1.3.2-0.20250506133818-bc7acd89f703
Copy link
Copy Markdown
Contributor Author

@mcpherrinm mcpherrinm May 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

everything else is a consequence of this

@mcpherrinm
Copy link
Copy Markdown
Contributor Author

mcpherrinm commented May 6, 2025
edited
Loading

Integration tests failing from what looks like an RPC issue

 15:24:25.992976 4 boulder-ra 6Mi4_Ak [core] [Channel #6 SubChannel #7]grpc: addrConn.createTransport failed to connect to {Addr: "10.77.77.77:9399", ServerName: "0a4d4d4d.addr.dc1.consul.", BalancerAttributes: {"<%!p(pickfirstleaf.managedByPickfirstKeyType={})>": "<%!p(bool=true)>" }}. Err: connection error: desc = "transport: Error while dialing: dial tcp 10.77.77.77:9399: connect: connection refused"\n

Could be related to grpc update? Opened #8161 to isolate

mcpherrinm added a commit that referenced this pull request May 6, 2025
@mcpherrinm
Update GRPC to 1.72.0
46e4f83 
Trying to isolate failures from #8160
@mcpherrinm mcpherrinm mentioned this pull request May 6, 2025
Closed
@aarongable
Copy link
Copy Markdown
Contributor

aarongable commented May 6, 2025

The actual errors are:

--- FAIL: TestSRVResolver_CaseThree (0.01s)
    srv_resolver_test.go:99: String [rpc error: code = Unavailable desc = no children to pick from] does not contain [last resolver error: produced zero addresses]
--- FAIL: TestSRVResolver_CaseFour (0.01s)
    srv_resolver_test.go:120: String [rpc error: code = Unavailable desc = no children to pick from] does not contain [last resolver error: produced zero addresses]

This error string comes from the brand new endpointsharding.go. We use the "roundrobin" balancer, which was updated to use endpointsharding. So that's why we're getting a new error message.

aarongable
aarongable approved these changes May 6, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@aarongable aarongable left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've reviewed all transitive dependency updates. There's an update to go-sql-driver/mysql, which we've historically wanted to be careful about, and which does network calls to the database. There's also the new opentelemetry.io/auto/sdk package, which does quite a bit of byte-slice parsing, compressing, and decompressing. I didn't see anything particularly worrisome in either package, but both are moderately complex and difficult to read.

@aarongable aarongable merged commit b26b116 into main May 6, 2025
12 checks passed
@aarongable aarongable deleted the mattm-update-ct-go branch May 6, 2025 19:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jsha jsha jsha approved these changes

@aarongable aarongable aarongable approved these changes

@jprenken jprenken Awaiting requested review from jprenken jprenken is a code owner automatically assigned from letsencrypt/boulder-developers

@beautifulentropy beautifulentropy Awaiting requested review from beautifulentropy

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mcpherrinm @aarongable @jsha