mirror of
https://gitea.com/Lydanne/buildx.git
synced 2025-07-10 05:27:07 +08:00
protobuf: remove gogoproto
Removes gogo/protobuf from buildx and updates to a version of moby/buildkit where gogo is removed. This also changes how the proto files are generated. This is because newer versions of protobuf are more strict about name conflicts. If two files have the same name (even if they are relative paths) and are used in different protoc commands, they'll conflict in the registry. Since protobuf file generation doesn't work very well with `paths=source_relative`, this removes the `go:generate` expression and just relies on the dockerfile to perform the generation. Signed-off-by: Jonathan A. Sternberg <jonathan.sternberg@docker.com>
This commit is contained in:
Jonathan A. Sternberg
34
vendor/google.golang.org/grpc/credentials/tls.go
generated
vendored
34
vendor/google.golang.org/grpc/credentials/tls.go
generated
vendored
@ -27,9 +27,13 @@ import (
|
||||
"net/url"
|
||||
"os"
|
||||
|
||||
"google.golang.org/grpc/grpclog"
|
||||
credinternal "google.golang.org/grpc/internal/credentials"
|
||||
"google.golang.org/grpc/internal/envconfig"
|
||||
)
|
||||
|
||||
var logger = grpclog.Component("credentials")
|
||||
|
||||
// TLSInfo contains the auth information for a TLS authenticated connection.
|
||||
// It implements the AuthInfo interface.
|
||||
type TLSInfo struct {
|
||||
@ -112,6 +116,22 @@ func (c *tlsCreds) ClientHandshake(ctx context.Context, authority string, rawCon
|
||||
conn.Close()
|
||||
return nil, nil, ctx.Err()
|
||||
}
|
||||
|
||||
// The negotiated protocol can be either of the following:
|
||||
// 1. h2: When the server supports ALPN. Only HTTP/2 can be negotiated since
|
||||
// it is the only protocol advertised by the client during the handshake.
|
||||
// The tls library ensures that the server chooses a protocol advertised
|
||||
// by the client.
|
||||
// 2. "" (empty string): If the server doesn't support ALPN. ALPN is a requirement
|
||||
// for using HTTP/2 over TLS. We can terminate the connection immediately.
|
||||
np := conn.ConnectionState().NegotiatedProtocol
|
||||
if np == "" {
|
||||
if envconfig.EnforceALPNEnabled {
|
||||
conn.Close()
|
||||
return nil, nil, fmt.Errorf("credentials: cannot check peer: missing selected ALPN property")
|
||||
}
|
||||
logger.Warningf("Allowing TLS connection to server %q with ALPN disabled. TLS connections to servers with ALPN disabled will be disallowed in future grpc-go releases", cfg.ServerName)
|
||||
}
|
||||
tlsInfo := TLSInfo{
|
||||
State: conn.ConnectionState(),
|
||||
CommonAuthInfo: CommonAuthInfo{
|
||||
@ -131,8 +151,20 @@ func (c *tlsCreds) ServerHandshake(rawConn net.Conn) (net.Conn, AuthInfo, error)
|
||||
conn.Close()
|
||||
return nil, nil, err
|
||||
}
|
||||
cs := conn.ConnectionState()
|
||||
// The negotiated application protocol can be empty only if the client doesn't
|
||||
// support ALPN. In such cases, we can close the connection since ALPN is required
|
||||
// for using HTTP/2 over TLS.
|
||||
if cs.NegotiatedProtocol == "" {
|
||||
if envconfig.EnforceALPNEnabled {
|
||||
conn.Close()
|
||||
return nil, nil, fmt.Errorf("credentials: cannot check peer: missing selected ALPN property")
|
||||
} else if logger.V(2) {
|
||||
logger.Info("Allowing TLS connection from client with ALPN disabled. TLS connections with ALPN disabled will be disallowed in future grpc-go releases")
|
||||
}
|
||||
}
|
||||
tlsInfo := TLSInfo{
|
||||
State: conn.ConnectionState(),
|
||||
State: cs,
|
||||
CommonAuthInfo: CommonAuthInfo{
|
||||
SecurityLevel: PrivacyAndIntegrity,
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user