component/caddy: Upgrade to v1.0.0

This also means that caddy source is fetched directly from upstream, as all required fixes has been incorporated into the upstream. Drop direct usage of gowork for now, in order to have caddy built using go module, support for gowork with go modules might come later. Follow new way of certificate managament in Caddy 1 as noted https://github.com/mholt/caddy/issues/2588#issuecomment-505367152

component/caddy: Upgrade to v1.0.0
This also means that caddy source is fetched directly from upstream, as all required fixes has been incorporated into the upstream. Drop direct usage of gowork for now, in order to have caddy built using go module, support for gowork with go modules might come later. Follow new way of certificate managament in Caddy 1 as noted https://github.com/mholt/caddy/issues/2588#issuecomment-505367152
9bf0016e · Łukasz Nowak · Łukasz Nowak · a97315ac · 9bf0016e · a97315ac
Commit 9bf0016e authored Apr 12, 2019 by Łukasz Nowak Committed by Łukasz Nowak Jun 26, 2019
Showing with 55 additions and 40 deletions

component/caddy/buildout.cfg component/caddy/buildout.cfg +21 -12

component/caddy/gowork.cfg component/caddy/gowork.cfg +0 -13

software/caddy-frontend/test/test.py software/caddy-frontend/test/test.py +34 -15

No files found.
--- a/component/caddy/buildout.cfg
+++ b/component/caddy/buildout.cfg
 [buildout]
 extends =
  ../../component/golang/buildout.cfg
-  gowork.cfg
 parts =
-  gowork
  caddy
 [gowork]
+# Caddy 1.x+ uses go modules, for which gowork does not work yet
 golang  = ${golang1.12:location}
 install =
-  github.com/mholt/caddy
+[gowork.goinstall]
+command = :
+depends =
+  ${caddy:recipe}
 [caddy]
-recipe  = slapos.recipe.cmmi
+# revision and repository can be used to control which caddy version is used
-path    = ${go_github.com_mholt_caddy:location}
+revision = v1.0.0
-go      = ${gowork:golang}/bin/go
+repository = github.com/mholt/caddy/caddy
-configure-command = :
-make-targets =
+recipe  = plone.recipe.command
-make-binary = cd ${:path}/caddy  && ${:go} install -v
+update-command = ${:command}
-environment =
+stop-on-error = True
-  PATH=${pkgconfig:location}/bin:${gowork:golang}/bin:${buildout:bin-directory}:%(PATH)s
+# GO111MODULE=on enables go modules support
-  GOPATH=${gowork:directory}
+# the chmod is needed as modules are fetched with u-w
+command =
+  . ${gowork:env.sh} &&
+  cd ${gowork:directory} &&
+  export GO111MODULE=on &&
+  go get ${:repository}@${:revision} &&
+  chmod -R u+w .
 output = ${gowork:bin}/caddy
 location = ${:output}
--- a/component/caddy/gowork.cfg
+++ b/component/caddy/gowork.cfg
-# Code generated by gowork-snapshot; DO NOT EDIT.
-# list of go git repositories to fetch
-[gowork.goinstall]
-depends_gitfetch  =
-    ${go_github.com_mholt_caddy:recipe}
-[go_github.com_mholt_caddy]
-<= go-git-package
-go.importpath = github.com/mholt/caddy
-repository    = https://lab.nexedi.com/nexedi/caddy.git
-revision      = nxd-v0.11.5-4-g9d3151db
--- a/software/caddy-frontend/test/test.py
+++ b/software/caddy-frontend/test/test.py
@@ -4782,12 +4782,29 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
  @classmethod
  def setUpSlaves(cls):
-    _, cls.slave_key_pem, _, cls.slave_certificate_pem = \
+    _, cls.ssl_from_slave_key_pem, _, cls.ssl_from_slave_certificate_pem = \
      createSelfSignedCertificate(
        [
-          '*.customdomain.example.com',
+          'sslfromslave.example.com',
-          '*.example.com',
        ])
+    _, cls.ssl_from_slave_kedifa_overrides_key_pem, _, \
+        cls.ssl_from_slave_kedifa_overrides_certificate_pem = \
+        createSelfSignedCertificate(
+          [
+            'sslfromslavekedifaoverrides.example.com',
+          ])
+    _, cls.type_notebook_ssl_from_slave_key_pem, _, \
+        cls.type_notebook_ssl_from_slave_certificate_pem = \
+        createSelfSignedCertificate(
+          [
+            'typenotebooksslfromslave.example.com',
+          ])
+    _, cls.type_notebook_ssl_from_slave_kedifa_overrides_key_pem, _, \
+        cls.type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem = \
+        createSelfSignedCertificate(
+          [
+            'typenotebooksslfromslavekedifaoverrides.example.com',
+          ])
    cls.ca = CertificateAuthority(
      'TestSlaveSlapOSMasterCertificateCompatibility')
@@ -4836,13 +4853,13 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
      },
      'ssl_from_slave': {
        'url': cls.backend_url,
-        'ssl_crt': cls.slave_certificate_pem,
+        'ssl_crt': cls.ssl_from_slave_certificate_pem,
-        'ssl_key': cls.slave_key_pem,
+        'ssl_key': cls.ssl_from_slave_key_pem,
      },
      'ssl_from_slave_kedifa_overrides': {
        'url': cls.backend_url,
-        'ssl_crt': cls.slave_certificate_pem,
+        'ssl_crt': cls.ssl_from_slave_kedifa_overrides_certificate_pem,
-        'ssl_key': cls.slave_key_pem,
+        'ssl_key': cls.ssl_from_slave_kedifa_overrides_key_pem,
      },
      'custom_domain_ssl_crt_ssl_key': {
        'url': cls.backend_url,
@@ -4883,8 +4900,8 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
      },
      'type-notebook-ssl_from_slave': {
        'url': cls.backend_url,
-        'ssl_crt': cls.slave_certificate_pem,
+        'ssl_crt': cls.type_notebook_ssl_from_slave_certificate_pem,
-        'ssl_key': cls.slave_key_pem,
+        'ssl_key': cls.type_notebook_ssl_from_slave_key_pem,
        'type': 'notebook',
      },
      'type-notebook-ssl_from_master_kedifa_overrides': {
@@ -4893,8 +4910,10 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
      },
      'type-notebook-ssl_from_slave_kedifa_overrides': {
        'url': cls.backend_url,
-        'ssl_crt': cls.slave_certificate_pem,
+        'ssl_crt':
-        'ssl_key': cls.slave_key_pem,
+        cls.type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem,
+        'ssl_key':
+        cls.type_notebook_ssl_from_slave_kedifa_overrides_key_pem,
        'type': 'notebook',
      }
    }
@@ -5079,7 +5098,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
      parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    self.assertEqual(
-      self.slave_certificate_pem,
+      self.ssl_from_slave_certificate_pem,
      der2pem(result.peercert))
    self.assertEqualResultJson(result, 'Path', '/test-path')
@@ -5111,7 +5130,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
      parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
    self.assertEqual(
-      self.slave_certificate_pem,
+      self.ssl_from_slave_kedifa_overrides_certificate_pem,
      der2pem(result.peercert))
    self.assertEqualResultJson(result, 'Path', '/test-path')
@@ -5256,7 +5275,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
      HTTPS_PORT)
    self.assertEqual(
-      self.slave_certificate_pem,
+      self.type_notebook_ssl_from_slave_certificate_pem,
      der2pem(result.peercert))
    self.assertEqualResultJson(result, 'Path', '/test-path')
@@ -5288,7 +5307,7 @@ class TestSlaveSlapOSMasterCertificateCompatibility(
      HTTPS_PORT)
    self.assertEqual(
-      self.slave_certificate_pem,
+      self.type_notebook_ssl_from_slave_kedifa_overrides_certificate_pem,
      der2pem(result.peercert))
    self.assertEqualResultJson(result, 'Path', '/test-path')