Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: enable sha256 and sha512 for git ssh #18028

Merged
merged 4 commits into from
Apr 30, 2024
Merged

fix: enable sha256 and sha512 for git ssh #18028

merged 4 commits into from
Apr 30, 2024

Conversation

zamedic
Copy link
Contributor

@zamedic zamedic commented Apr 30, 2024
edited
Loading

Azure devops is sunsetting sha1, which is currently causing the issues as per
Fixes #17634

the knownhost library added the missing sha256 and sha512 algorithms in version 1.2.2
skeema/knownhosts@bd8e67e

This fix bumps the go.mod to use the new version and has been tested on our local clusters.

Checklist:

  • Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
  • The title of the PR states what changed and the related issues number (used for the release note).
  • The title of the PR conforms to the Toolchain Guide
  • I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
  • I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
  • Does this PR require documentation updates?
  • I've updated documentation as required by this PR.
  • I have signed off all my commits as required by DCO
  • I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
  • My build is green (troubleshooting builds).
  • My new feature complies with the feature status guidelines.
  • I have added a brief description of why this PR is necessary and/or what this PR solves.
  • Optional. My organization is added to USERS.md.
  • Optional. For bug fixes, I've indicated what older releases this fix should be cherry-picked into (this may or may not happen depending on risk/complexity).

@zamedic zamedic requested a review from a team as a code owner April 30, 2024 09:43
fix: bumping the knownhosts to v1.2.2 since this contains a fix that …
0b1041c 
…allows for sha256 and sha512 algorithms when using git ssh

Signed-off-by: Marc Arndt <[email protected]>
Signed-off-by: Marc Arndt <[email protected]>
jannfis
jannfis approved these changes Apr 30, 2024
View reviewed changes
Copy link
Member

@jannfis jannfis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks @zamedic

@jannfis jannfis merged commit a63068d into argoproj:master Apr 30, 2024
27 checks passed
@jannfis
Copy link
Member

jannfis commented Apr 30, 2024

/cherry-pick release-2.10

gcp-cherry-pick-bot bot pushed a commit that referenced this pull request Apr 30, 2024
@zamedic
fix: enable sha256 and sha512 for git ssh (#18028)
d113ec6 
* fix: bumping the knownhosts to v1.2.2 since this contains a fix that allows for sha256 and sha512 algorithms when using git ssh

Signed-off-by: Marc Arndt <[email protected]>
Signed-off-by: Marc Arndt <[email protected]>

* chore: remove older version of module from go sum

Signed-off-by: Marc Arndt <[email protected]>

---------

Signed-off-by: Marc Arndt <[email protected]>
Signed-off-by: Marc Arndt <[email protected]>
Co-authored-by: Marc Arndt <[email protected]>
@gcp-cherry-pick-bot gcp-cherry-pick-bot bot mentioned this pull request Apr 30, 2024
Merged
@jannfis
Copy link
Member

jannfis commented Apr 30, 2024

/cherry-pick release-2.9

gcp-cherry-pick-bot bot pushed a commit that referenced this pull request Apr 30, 2024
@zamedic
fix: enable sha256 and sha512 for git ssh (#18028)
f3e8c3e 
* fix: bumping the knownhosts to v1.2.2 since this contains a fix that allows for sha256 and sha512 algorithms when using git ssh

Signed-off-by: Marc Arndt <[email protected]>
Signed-off-by: Marc Arndt <[email protected]>

* chore: remove older version of module from go sum

Signed-off-by: Marc Arndt <[email protected]>

---------

Signed-off-by: Marc Arndt <[email protected]>
Signed-off-by: Marc Arndt <[email protected]>
Co-authored-by: Marc Arndt <[email protected]>
@gcp-cherry-pick-bot gcp-cherry-pick-bot bot mentioned this pull request Apr 30, 2024
Merged
@jannfis
Copy link
Member

jannfis commented Apr 30, 2024

/cherry-pick release-2.8

@gcp-cherry-pick-bot GCP Cherry-Pick Bot
Copy link

Cherry-pick failed with Merge error a63068d06fdeb0463f9fb4f6cb705a0b1cf7cece into temp-cherry-pick-ff6fdf-release-2.8

This was referenced Apr 30, 2024
Merged
Open
jannfis pushed a commit that referenced this pull request Apr 30, 2024
@gcp-cherry-pick-bot @zamedic
fix: enable sha256 and sha512 for git ssh (#18028) (#18029)
04785a4 
* fix: bumping the knownhosts to v1.2.2 since this contains a fix that allows for sha256 and sha512 algorithms when using git ssh




* chore: remove older version of module from go sum



---------

Signed-off-by: Marc Arndt <[email protected]>
Signed-off-by: Marc Arndt <[email protected]>
Co-authored-by: Marc Arndt <[email protected]>
Co-authored-by: Marc Arndt <[email protected]>
@jannfis
Copy link
Member

jannfis commented Apr 30, 2024

/cherry-pick release-2.11

gcp-cherry-pick-bot bot pushed a commit that referenced this pull request Apr 30, 2024
@zamedic
fix: enable sha256 and sha512 for git ssh (#18028)
2306a00 
* fix: bumping the knownhosts to v1.2.2 since this contains a fix that allows for sha256 and sha512 algorithms when using git ssh

Signed-off-by: Marc Arndt <[email protected]>
Signed-off-by: Marc Arndt <[email protected]>

* chore: remove older version of module from go sum

Signed-off-by: Marc Arndt <[email protected]>

---------

Signed-off-by: Marc Arndt <[email protected]>
Signed-off-by: Marc Arndt <[email protected]>
Co-authored-by: Marc Arndt <[email protected]>
@gcp-cherry-pick-bot gcp-cherry-pick-bot bot mentioned this pull request Apr 30, 2024
Merged
jannfis pushed a commit that referenced this pull request Apr 30, 2024
@gcp-cherry-pick-bot @zamedic
fix: enable sha256 and sha512 for git ssh (#18028) (#18030)
312cea0 
* fix: bumping the knownhosts to v1.2.2 since this contains a fix that allows for sha256 and sha512 algorithms when using git ssh




* chore: remove older version of module from go sum



---------

Signed-off-by: Marc Arndt <[email protected]>
Signed-off-by: Marc Arndt <[email protected]>
Co-authored-by: Marc Arndt <[email protected]>
Co-authored-by: Marc Arndt <[email protected]>
jannfis pushed a commit that referenced this pull request Apr 30, 2024
@gcp-cherry-pick-bot @zamedic
fix: enable sha256 and sha512 for git ssh (#18028) (#18034)
66f4934 
* fix: bumping the knownhosts to v1.2.2 since this contains a fix that allows for sha256 and sha512 algorithms when using git ssh




* chore: remove older version of module from go sum



---------

Signed-off-by: Marc Arndt <[email protected]>
Signed-off-by: Marc Arndt <[email protected]>
Co-authored-by: Marc Arndt <[email protected]>
Co-authored-by: Marc Arndt <[email protected]>
pasha-codefresh added a commit to codefresh-io/argo-cd that referenced this pull request May 14, 2024
@pasha-codefresh @gcp-cherry-pick-bot
@blakepettersson @github-actions @34fathombelow @dependabot @der-eismann @alexmt @jessesuen @crenshaw-dev @taisph @zamedic @jannfis @jparsai @mayzhang2000
feat: update 2.10 from upstream (#310)
49410bc 
* fix: elements should be optional (argoproj#17424) (argoproj#17510)

A bug was reported, where an applicationset with an empty elements
array, when created with `argocd appset create <filename>.yaml` gets a
`...list.elements: Required value` error.

My hypothesis is that when calling the K8s API, golang JSON marshalling
mangles the empty `elements` array to `nil`, rather than creating an
empty array when submitting the `POST`.

Still need to figure out why the same setup seemingly works fine when
the same appset is in an app-of-apps.

Signed-off-by: Blake Pettersson <[email protected]>
Co-authored-by: Blake Pettersson <[email protected]>

* Merge pull request from GHSA-jhwx-mhww-rgc3

* sec: limit helm index max size

Signed-off-by: pashakostohrys <[email protected]>

* sec: limit helm index max size

Signed-off-by: pashakostohrys <[email protected]>

* feat: fix tests and linter

Signed-off-by: pashakostohrys <[email protected]>

---------

Signed-off-by: pashakostohrys <[email protected]>

* Bump version to 2.10.5 (argoproj#17654)

Signed-off-by: GitHub <[email protected]>
Co-authored-by: pasha-codefresh <[email protected]>

* fix cosign (argoproj#17656)

Signed-off-by: Justin Marquis <[email protected]>

* chore(deps): bump webpack-dev-middleware from 5.3.1 to 5.3.4 in /ui (argoproj#17598) (argoproj#17686)

Bumps [webpack-dev-middleware](https://github.com/webpack/webpack-dev-middleware) from 5.3.1 to 5.3.4.
- [Release notes](https://github.com/webpack/webpack-dev-middleware/releases)
- [Changelog](https://github.com/webpack/webpack-dev-middleware/blob/v5.3.4/CHANGELOG.md)
- [Commits](webpack/webpack-dev-middleware@v5.3.1...v5.3.4)

---
updated-dependencies:
- dependency-name: webpack-dev-middleware
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix(ui): Fix color generation for pod name in logs viewer. Fixes argoproj#17704 (argoproj#17706) (argoproj#17710)

* Fix color generation for pod name in logs viewer



* Add rebuy to users.md



---------

Signed-off-by: Philipp Trulson <[email protected]>
Co-authored-by: Philipp Trulson <[email protected]>

* fix: fix calculating patch for respect ignore diff feature (argoproj#17693)

* test: unit test for respectIgnoreDifferences bug

Signed-off-by: Jesse Suen <[email protected]>

* test: simplify unit test

Signed-off-by: Jesse Suen <[email protected]>

* fix: fix calculating patch for respect ignore diff feature

Signed-off-by: Alexander Matyushentsev <[email protected]>

---------

Signed-off-by: Jesse Suen <[email protected]>
Signed-off-by: Alexander Matyushentsev <[email protected]>
Co-authored-by: Jesse Suen <[email protected]>

* fix(security): use Chainguard fork of git-urls (argoproj#17732) (argoproj#17735)

Signed-off-by: Michael Crenshaw <[email protected]>
Co-authored-by: Michael Crenshaw <[email protected]>

* Bump version to 2.10.6 (argoproj#17744)

Signed-off-by: GitHub <[email protected]>
Co-authored-by: alexmt <[email protected]>

* Merge pull request from GHSA-2gvw-w6fj-7m3c

Signed-off-by: pashakostohrys <[email protected]>

* Bump version to 2.10.7 (argoproj#17831)

Signed-off-by: GitHub <[email protected]>
Co-authored-by: pasha-codefresh <[email protected]>

* fix: docker build fails due to "The repository 'http://deb.debian.org/debian buster-backports Release' does not have a Release file."

Signed-off-by: pashakostohrys <[email protected]>

* fix: codegen and e2e tests in release-2.10 (argoproj#17844)

* fix: codegen and e2e tests

Signed-off-by: pashakostohrys <[email protected]>

* fix: codegen and e2e tests

Signed-off-by: pashakostohrys <[email protected]>

---------

Signed-off-by: pashakostohrys <[email protected]>

* chore: upgrade redis to 7.0.15 (argoproj#17666)

Upgrade to latest stable 7.0.x version to fix CVEs:

CVE-2023-41056

Signed-off-by: Tais P. Hansen <[email protected]>

* Merge pull request from GHSA-9m6p-x4h2-6frq

* feat: limit jq.Run with timeout

Signed-off-by: pashakostohrys <[email protected]>

* feat: ignore normalizer jq execution timeout as env variable

Signed-off-by: pashakostohrys <[email protected]>

* feat: customize error message and add doc section

Signed-off-by: pashakostohrys <[email protected]>

* feat: improve log and change a way how to get variable

Signed-off-by: pashakostohrys <[email protected]>

* chore: fix import`s order

Signed-off-by: pashakostohrys <[email protected]>

* chore: rename variable inside sts

Signed-off-by: pashakostohrys <[email protected]>

* chore: fix import order

Signed-off-by: pashakostohrys <[email protected]>

* chore: fix import`s order

Signed-off-by: pashakostohrys <[email protected]>

---------

Signed-off-by: pashakostohrys <[email protected]>

* Merge pull request from GHSA-9m6p-x4h2-6frq

* feat: limit jq.Run with timeout

Signed-off-by: pashakostohrys <[email protected]>

* feat: ignore normalizer jq execution timeout as env variable

Signed-off-by: pashakostohrys <[email protected]>

* feat: customize error message and add doc section

Signed-off-by: pashakostohrys <[email protected]>

* feat: improve log and change a way how to get variable

Signed-off-by: pashakostohrys <[email protected]>

* chore: fix import`s order

Signed-off-by: pashakostohrys <[email protected]>

* chore: rename variable inside sts

Signed-off-by: pashakostohrys <[email protected]>

* chore: fix import order

Signed-off-by: pashakostohrys <[email protected]>

* chore: fix import`s order

Signed-off-by: pashakostohrys <[email protected]>

---------

Signed-off-by: pashakostohrys <[email protected]>

* fix: codegen after security fix - 2.10 (argoproj#17985)

* fix: codegen after security fix

Signed-off-by: pashakostohrys <[email protected]>

* fix: codegen after security fix

Signed-off-by: pashakostohrys <[email protected]>

---------

Signed-off-by: pashakostohrys <[email protected]>

* Bump version to 2.10.8 (argoproj#17990)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: pasha-codefresh <[email protected]>

* fix: enable sha256 and sha512 for git ssh (argoproj#18028) (argoproj#18029)

* fix: bumping the knownhosts to v1.2.2 since this contains a fix that allows for sha256 and sha512 algorithms when using git ssh




* chore: remove older version of module from go sum



---------

Signed-off-by: Marc Arndt <[email protected]>
Signed-off-by: Marc Arndt <[email protected]>
Co-authored-by: Marc Arndt <[email protected]>
Co-authored-by: Marc Arndt <[email protected]>

* Bump version to 2.10.9 (argoproj#18033)

Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: jannfis <[email protected]>

* fix: status.sync.comparedTo should use replace patch strategy (argoproj#18061) (argoproj#18075)

* fix: status.sync.comparedTo should use replace patch strategy



* add e2e tests



---------

Signed-off-by: Alexander Matyushentsev <[email protected]>

* chore: bump go-jose from 3.0.1 to 3.0.3 (argoproj#18102)

Signed-off-by: Jayendra Parsai <[email protected]>
Co-authored-by: Jayendra Parsai <[email protected]>

* docs: fix 404 styling (argoproj#18094) (argoproj#18105)

* docs: fix 404 styling



* hack around custom tag destruction



---------

Signed-off-by: Michael Crenshaw <[email protected]>
Co-authored-by: Michael Crenshaw <[email protected]>

* chore: update gitops engine for force sync option (argoproj#5882) - 2.10 (argoproj#18123)

Signed-off-by: pashakostohrys <[email protected]>

* fix: Enable Redis authentication in the default installation

* fix: linter issue

* fix: linter issue

---------

Signed-off-by: Blake Pettersson <[email protected]>
Signed-off-by: pashakostohrys <[email protected]>
Signed-off-by: GitHub <[email protected]>
Signed-off-by: Justin Marquis <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Philipp Trulson <[email protected]>
Signed-off-by: Jesse Suen <[email protected]>
Signed-off-by: Alexander Matyushentsev <[email protected]>
Signed-off-by: Michael Crenshaw <[email protected]>
Signed-off-by: Tais P. Hansen <[email protected]>
Signed-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Signed-off-by: Marc Arndt <[email protected]>
Signed-off-by: Marc Arndt <[email protected]>
Signed-off-by: Jayendra Parsai <[email protected]>
Co-authored-by: gcp-cherry-pick-bot[bot] <98988430+gcp-cherry-pick-bot[bot]@users.noreply.github.com>
Co-authored-by: Blake Pettersson <[email protected]>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: pasha-codefresh <[email protected]>
Co-authored-by: Justin Marquis <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Philipp Trulson <[email protected]>
Co-authored-by: Alexander Matyushentsev <[email protected]>
Co-authored-by: Jesse Suen <[email protected]>
Co-authored-by: Michael Crenshaw <[email protected]>
Co-authored-by: alexmt <[email protected]>
Co-authored-by: Tais P. Hansen <[email protected]>
Co-authored-by: Marc Arndt <[email protected]>
Co-authored-by: Marc Arndt <[email protected]>
Co-authored-by: jannfis <[email protected]>
Co-authored-by: Jayendra Parsai <[email protected]>
Co-authored-by: Jayendra Parsai <[email protected]>
Co-authored-by: May Zhang <[email protected]>
mkieweg pushed a commit to mkieweg/argo-cd that referenced this pull request Jun 11, 2024
@zamedic @mkieweg
fix: enable sha256 and sha512 for git ssh (argoproj#18028)
8eb8d28 
* fix: bumping the knownhosts to v1.2.2 since this contains a fix that allows for sha256 and sha512 algorithms when using git ssh

Signed-off-by: Marc Arndt <[email protected]>
Signed-off-by: Marc Arndt <[email protected]>

* chore: remove older version of module from go sum

Signed-off-by: Marc Arndt <[email protected]>

---------

Signed-off-by: Marc Arndt <[email protected]>
Signed-off-by: Marc Arndt <[email protected]>
Co-authored-by: Marc Arndt <[email protected]>
Hariharasuthan99 pushed a commit to AmadeusITGroup/argo-cd that referenced this pull request Jun 16, 2024
@zamedic @Hariharasuthan99
fix: enable sha256 and sha512 for git ssh (argoproj#18028)
28985e8 
* fix: bumping the knownhosts to v1.2.2 since this contains a fix that allows for sha256 and sha512 algorithms when using git ssh

Signed-off-by: Marc Arndt <[email protected]>
Signed-off-by: Marc Arndt <[email protected]>

* chore: remove older version of module from go sum

Signed-off-by: Marc Arndt <[email protected]>

---------

Signed-off-by: Marc Arndt <[email protected]>
Signed-off-by: Marc Arndt <[email protected]>
Co-authored-by: Marc Arndt <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jannfis jannfis jannfis approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ArgoCD Repo Server stops pulling git repositories due to Azure Devops Repos current sunset SSH-RSA strategy
2 participants
@zamedic @jannfis