letsencrypt
Update certificate-transparency-go to latest commit
To update ct-go we should first update the related deps the upgrade will bump:
- [x] github.com/golang/mock - https://github.com/letsencrypt/boulder/pull/4621
- [x] gopkg.in/yaml.v2 - https://github.com/letsencrypt/boulder/pull/4622
- [x] golang.org/x/net - https://github.com/letsencrypt/boulder/pull/4623
- [x] golang.org/x/crypto - https://github.com/letsencrypt/boulder/pull/4624
- [x] github.com/miekg/pkcs11 - https://github.com/letsencrypt/boulder/pull/4627
- [x] github.com/grpc-ecosystem/go-grpc-prometheus - https://github.com/letsencrypt/boulder/pull/4626
- [x] google.golang.org/grpc - https://github.com/letsencrypt/boulder/pull/4629
- [x] github.com/go-sql-driver/mysql - https://github.com/letsencrypt/boulder/pull/4630
~Afterwards we can update ct-go. We should use a commit newer than fefcf95 to ensure we don't pull in unnecessary golangci-lint deps.~
An update to ct-go fefcf95 still pulls in too many dependencies. We need to figure out a workaround or upstream patch before the update can occur.
- [ ] github.com/google/certificate-transparency-go - https://github.com/letsencrypt/boulder/pull/4632
This pulls in an update to the Prometheus golang client library with breaking API changes: https://github.com/letsencrypt/boulder/issues/4588
I think it makes sense to do an upgrade to that library separately ahead of the ct-go bump.
Based on how #4605 went I think this task needs to be broken up into many smaller update PRs.
Updating ct-go bumps the following deps:
- github.com/go-sql-driver/mysql v1.4.1-0.20191114115753-b4242bab7dc5
+ github.com/go-sql-driver/mysql v1.4.1
- github.com/golang/mock v1.2.0
+ github.com/golang/mock v1.3.1
- github.com/grpc-ecosystem/go-grpc-prometheus v0.0.0-20170826090648-0dafe0d496ea
+ github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
- github.com/miekg/pkcs11 v1.0.2
+ github.com/miekg/pkcs11 v1.0.3
- golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4
+ golang.org/x/crypto v0.0.0-20191112222119-e1110fd1c708
- golang.org/x/net v0.0.0-20190613194153-d28f0bde5980
+ golang.org/x/net v0.0.0-20191112182307-2180aed22343
- google.golang.org/grpc v1.20.0
+ google.golang.org/grpc v1.25.1
- gopkg.in/yaml.v2 v2.2.2
+ gopkg.in/yaml.v2 v2.2.5
I will update the PR description with a checkbox for each dependency. A PR should be opened for each and merged before we do the actual ct-go update.
I've put up PRs for the first four of the eight dependencies (doing the easier ones first). I'll open PRs for the other four once the outstanding PRs are merged to reduce churn/conflicts.
Three more update PRs out for review. Calling it quits for today. I'll pick up the mysql and ct-go updates in the next week.
Afterwards we can update ct-go. We should use a commit newer than fefcf95 to ensure we don't pull in unnecessary golangci-lint deps.
This isn't accurate anymore. Per @jsha we need to figure out why the update pulls in so many dependencies, and work around it in Boulder or patch the upstream. I'm going to unassign myself from this ticket now that the task isn't an update.
Looked into this again today:
$ go get github.com/google/[email protected]
$ go mod vendor
$ go mod tidy
$ git diff --stat
<snip>
2467 files changed, 679483 insertions(+), 4623 deletions(-)
We should absolutely try to figure out how to update this dependency again, but hoo boy that's a lot of extra deps.
