From 8a6c8d7f5db8268a9867c53991c34435ab2f4447 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C4=90=E1=BB=97=20Tr=E1=BB=8Dng=20H=E1=BA=A3i?= <41283691+hainenber@users.noreply.github.com> Date: Thu, 15 Feb 2024 19:47:36 +0700 Subject: [PATCH] feat(cmd/agent): add fallback X.509 trusted roots (#6340) * feat(cmd/agent): add fallback X.509 trusted roots Signed-off-by: hainenber * chore(doc): add CHANGELOG entry Signed-off-by: hainenber * Update CHANGELOG.md --------- Signed-off-by: hainenber Co-authored-by: Paulin Todev --- CHANGELOG.md | 3 +++ cmd/grafana-agent-flow/main.go | 4 ++++ cmd/grafana-agent/main.go | 4 ++++ go.mod | 1 + go.sum | 2 ++ 5 files changed, 14 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c2aecab50d25..103fb003ebee 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -95,6 +95,9 @@ Main (unreleased) - Updated docs for MSSQL Integration to show additional authentication capabilities. (@StefanKurek) +- `grafana-agent` and `grafana-agent-flow` fallback to default X.509 trusted root certificates + when the `GODEBUG=x509usefallbackroots=1` environment variable is set. (@hainenber) + v0.39.2 (2024-1-31) -------------------- diff --git a/cmd/grafana-agent-flow/main.go b/cmd/grafana-agent-flow/main.go index e64f007a9e38..60ad1707f0dd 100644 --- a/cmd/grafana-agent-flow/main.go +++ b/cmd/grafana-agent-flow/main.go @@ -17,6 +17,10 @@ import ( // Register integrations _ "github.com/grafana/agent/pkg/integrations/install" + + // Embed a set of fallback X.509 trusted roots + // Allows the app to work correctly even when the OS does not provide a verifier or systems roots pool + _ "golang.org/x/crypto/x509roots/fallback" ) func init() { diff --git a/cmd/grafana-agent/main.go b/cmd/grafana-agent/main.go index f2aa40fc860e..976d5654812c 100644 --- a/cmd/grafana-agent/main.go +++ b/cmd/grafana-agent/main.go @@ -21,6 +21,10 @@ import ( // Register integrations _ "github.com/grafana/agent/pkg/integrations/install" + + // Embed a set of fallback X.509 trusted roots + // Allows the app to work correctly even when the OS does not provide a verifier or systems roots pool + _ "golang.org/x/crypto/x509roots/fallback" ) func init() { diff --git a/go.mod b/go.mod index eee36bc67aa4..207afe279450 100644 --- a/go.mod +++ b/go.mod @@ -616,6 +616,7 @@ require ( github.com/open-telemetry/opentelemetry-collector-contrib/receiver/prometheusreceiver v0.87.0 github.com/open-telemetry/opentelemetry-collector-contrib/receiver/vcenterreceiver v0.87.0 go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.42.0 + golang.org/x/crypto/x509roots/fallback v0.0.0-20240208163226-62c9f1799c91 k8s.io/apimachinery v0.28.3 ) diff --git a/go.sum b/go.sum index 73da63596501..3678d04048f4 100644 --- a/go.sum +++ b/go.sum @@ -2513,6 +2513,8 @@ golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc= golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= +golang.org/x/crypto/x509roots/fallback v0.0.0-20240208163226-62c9f1799c91 h1:Lyizcy9jX02jYR0ceBkL6S+jRys8Uepf7wt1vrz6Ras= +golang.org/x/crypto/x509roots/fallback v0.0.0-20240208163226-62c9f1799c91/go.mod h1:kNa9WdvYnzFwC79zRpLRMJbdEFlhyM5RPFBBZp/wWH8= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=