golang.org/x/build@v0.0.0-20240506185731-218518f32b70/build.go (about) 1 // Copyright 2015 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 // Package build contains constants for the Go continuous build system. 6 package build 7 8 import ( 9 "crypto/tls" 10 "crypto/x509" 11 "errors" 12 "fmt" 13 "net" 14 "strings" 15 ) 16 17 // CoordinatorInstance is either "prod", "staging", or "localhost:<port>". 18 type CoordinatorInstance string 19 20 const ( 21 ProdCoordinator CoordinatorInstance = "prod" 22 StagingCoordinator CoordinatorInstance = "staging" 23 ) 24 25 func (ci CoordinatorInstance) TLSHostPort() (string, error) { 26 switch ci { 27 case ProdCoordinator: 28 return "farmer.golang.org:443", nil 29 case StagingCoordinator: 30 // TODO(cmang): make this project dependent. 31 return "104.154.113.235:443", nil 32 } 33 if ci == "" { 34 return "", errors.New("build: coordinator instance is empty") 35 } 36 if _, _, err := net.SplitHostPort(string(ci)); err == nil { 37 return string(ci), nil 38 } 39 return net.JoinHostPort(string(ci), "443"), nil 40 } 41 42 func (ci CoordinatorInstance) TLSDialer() func(network, addr string) (net.Conn, error) { 43 if ci == "prod" { 44 // TODO(bradfitz): once the staging coordinator has a 45 // DNS name and LetsEncrypt, delete this whole method? 46 return nil // uses default http.Transport.DialTLS dialer 47 } 48 caPool := x509.NewCertPool() 49 tlsConf := &tls.Config{ 50 ServerName: "go", // fixed name; see build.go 51 RootCAs: caPool, 52 InsecureSkipVerify: ci.isDev(), 53 } 54 var err error 55 ca := ci.CACert() 56 if ci == "" { 57 tlsConf.InsecureSkipVerify = true // in localhost dev mode 58 } else { 59 if !caPool.AppendCertsFromPEM([]byte(ca)) { 60 err = fmt.Errorf("Failed to load client's TLS cert for instance %q", string(ci)) 61 } 62 } 63 return func(network, addr string) (net.Conn, error) { 64 if err != nil { 65 // sticky error from AppendCertsFromPEM 66 return nil, err 67 } 68 if network != "tcp" { 69 return nil, fmt.Errorf("unsupported network %q", network) 70 } 71 tcpConn, err := net.Dial("tcp", addr) 72 if err != nil { 73 return nil, err 74 } 75 conn := tls.Client(tcpConn, tlsConf) 76 if err := conn.Handshake(); err != nil { 77 return nil, fmt.Errorf("failed to handshake with coordinator: %v", err) 78 } 79 return conn, nil 80 } 81 } 82 83 // CACert returns the public certificate of the CA used to sign 84 // this coordinator instance's certificate. 85 func (ci CoordinatorInstance) CACert() string { 86 if ci == ProdCoordinator { 87 return ProdCoordinatorCA 88 } else if ci == StagingCoordinator { 89 return StagingCoordinatorCA 90 } else if ci.isDev() { 91 return DevCoordinatorCA 92 } 93 return "" 94 } 95 96 func (ci CoordinatorInstance) isDev() bool { 97 return strings.HasPrefix(string(ci), "localhost") 98 } 99 100 /* 101 Certificate authority and the coordinator SSL key were created with: 102 103 openssl genrsa -out ca_key.pem 2048 104 openssl req -x509 -new -key ca_key.pem -out ca_cert.pem -days 1068 -subj /CN="go" 105 openssl genrsa -out key.pem 2048 106 openssl req -new -out cert_req.pem -key key.pem -subj /CN="go" 107 openssl x509 -req -in cert_req.pem -out cert.pem -CAkey ca_key.pem -CA ca_cert.pem -days 730 -CAcreateserial -CAserial serial 108 */ 109 110 // ProdCoordinatorCA is the production CA cert for farmer.golang.org. 111 const ProdCoordinatorCA = `-----BEGIN CERTIFICATE----- 112 MIIDCzCCAfOgAwIBAgIJANl4KOv9Cj4UMA0GCSqGSIb3DQEBBQUAMA0xCzAJBgNV 113 BAMTAmdvMB4XDTE1MDQwNTIwMTE0OFoXDTE4MDMwODIwMTE0OFowDTELMAkGA1UE 114 AxMCZ28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJ/oLb+ksvNScl 115 zIweMGv2ZWRdWW3o9vWIMpOhkiYuBOZjp7zvs89OuKNdC1ylJs3ENnNtD8QOG1Ze 116 kM3s6MTjCLVZUX4218HAenGifaunTNfbW1/q/tTnZh4Kri00vgq9jFtYnlqFLYhT 117 PlmDMdpgOY4ligc/1bSPWVsI7CKCbh3fAz67m++opVE0M7LFp8bhkyFv/dnhZFxo 118 s9ei3ZKFLjYJdZUNRMZ+HcqBzXMQR7HeCOD2pZ1yoHJw1b3Ebe4YOcQCHq4moW7W 119 DavISKSXl7DKZYX1QlFUmEMkl5aMIEHUJ0oI2wnL9+u5s1NU2/k8sSxbH7Y/cKio 120 cFPwuMt7AgMBAAGjbjBsMB0GA1UdDgQWBBS5f/j+8YL9B8THnoAXIhQty3vDZjA9 121 BgNVHSMENjA0gBS5f/j+8YL9B8THnoAXIhQty3vDZqERpA8wDTELMAkGA1UEAxMC 122 Z2+CCQDZeCjr/Qo+FDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQBU 123 EOOl2ChJyxFg8b4OrG/EC0HMxic2CakRsj6GWQlAwNU8+3o2u2+zYqKhuREDazsZ 124 1+0f54iU4TXPgPLiOVLQT8AOM6BDDeZfugAopAf0QaIXW5AmM5hnkhW035aXZgx9 125 rYageMGnnkK2H7E7WlcFbGcPjZtbpZyFnGoAvxcUfOzdnm/LLuvFg6YWf1ynXsNI 126 aOx5LNVDhzcQlHZ26ueOLoyIpTQxqvo+hwmIOVDLlZ9bz2BS6FevFjsciJmcDL8N 127 cmY1/5cC/4NzpnN95cvZxp3FX8Ka7YFun03ubjXzXttoeyrxP2WFXuc2D2hkTJPE 128 Co9z2+Nue1JHG9JcDaeW 129 -----END CERTIFICATE-----` 130 131 // StagingCoordinatorCA is the cert used on GCE for the 132 // go-dashboard-dev project. 133 const StagingCoordinatorCA = `-----BEGIN CERTIFICATE----- 134 MIIC7TCCAdWgAwIBAgIJAOfawne6V7F1MA0GCSqGSIb3DQEBCwUAMA0xCzAJBgNV 135 BAMMAmdvMB4XDTE1MDcwNjE5MTAyMloXDTE4MDYwODE5MTAyMlowDTELMAkGA1UE 136 AwwCZ28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBnRAfwDXJzRDf 137 RBolwbQHi/iQ8h70FuQCYKNpjTQWjmWX+8zT7f0C+6q3hEqaEt6gL8Ch9sTiDxOj 138 MeaczdXVUGGvtKMB/e4CLrpswfTZNR9Fx0BbtdcdyyNAgobphcR81CgzQgokr7FS 139 M6E1HsjxqBUwCQGZWnkjVxPSd2VnS7Lnz1+DCSPqAboIXyIwQXnu+OjecnrB6/Fp 140 WOUI0Z5PgEh8vBKhPNptCeX5o8Cl1NVdmvMw2nGIxo6M0swbzDrELfJ1LD9UtGiE 141 4a2dTttqGYGF0KtBUM3VsX93zPjHix6h9YEzU9zffCOZWIizAXOGMPe/jwPAdAeM 142 FCxJJzkfAgMBAAGjUDBOMB0GA1UdDgQWBBQGMc6uZVoT12xX2BJUESJXz1KgXzAf 143 BgNVHSMEGDAWgBQGMc6uZVoT12xX2BJUESJXz1KgXzAMBgNVHRMEBTADAQH/MA0G 144 CSqGSIb3DQEBCwUAA4IBAQCmx74P6MVgl+atDFiMxhLiDp7CiLMZXrnmgBVz9VQ6 145 NwDbN/kHXDCeJr1D175T7mQVEkTS4dDDP6LqCNdyP1o+xzJQd7J87jSMlWyDUtG6 146 Wa2n03q1mzEb6fveFs3c08mXPMZ20LE2ApMbFJUhKStuBaQFN601S/ixS37kiefZ 147 c2G8sF0KryoHCIlNaCSG+OdztoBg7HJ3XLPN6uO10jf9Dk+iY1QdbYN98WWljL/A 148 QJOrbUZeZsUJ0KnxVMNN0CgB6T0DE9qzewoiNknieXtq2vl/Nxa1AD+qAzWck/bb 149 yHd17CDY55cj4fworr/PayJuB7JJOrLk68yx2eUlK0Np 150 -----END CERTIFICATE-----` 151 152 // DevCoordinatorCA is the cert used by the coordinator and buildlet in 153 // development mode. (Not to be confused with the staging "dev" instance 154 // under GCE project "go-dashboard-dev") 155 const DevCoordinatorCA = `-----BEGIN CERTIFICATE----- 156 MIICljCCAX4CCQDN22+A+3+WjjANBgkqhkiG9w0BAQUFADANMQswCQYDVQQDEwJn 157 bzAeFw0xNTA3MTUwMzIzMDhaFw0xNzA3MTQwMzIzMDhaMA0xCzAJBgNVBAMTAmdv 158 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlj8cK93O6klUVcAn3eC1 159 za5khnTe/dLPaErrVcymJvdFKEedzNOA6aI9eB2F21KafKcQCaMR+aWBuWzHf4cR 160 p39oQwIi3h1rCpTCq4tMJB2cXarl3ygj5U/VcFLwPcHl0EYFMxHEF4MM2qiPQvpr 161 5mt/DTwFtkg+Wb3gHylDqtaOqHwta/wTFfGoI03P2OXRgi8a0UkgPpVXlaiamqfb 162 kpId7cRLUPp+dJWvvvbHtkSkIo1k+z3UAluHEhF5j5jBqTQM9A+7otFMkO5QUjJS 163 9E25/cQuaPOnu+xqkxnPPXkABIHvnmLK3pxPJ2CaEFPVpzqe+98Bmqxi3ll9vMUS 164 dwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQA/ZZdBMuJUwzitfrcIF3Jtx+ujuNkw 165 Jc7eCKATu/ylyfS/ORBk+9GjTRlRDomngz4SojuqR+au92sU4OrLnuEE1hK18TBy 166 FIiU7CFBG1qj08Ijb812SYAxNr7uKCPfYfM9qbhBLEvQyHrTi9exEey27yWZxy9C 167 H123Rv8mpI8rGa39k5M9tqtPfXXRChHhXHaU5B0jpk0NWXTDsTTJxqDZqS3NiUPS 168 I2cBKSy6qTfqEwvxAmcu0tDWzDo2N4Ol1yUy6des7hOHuS9mO5W4qk5D6Yr58+H/ 169 hdFnZur+fHY+hgulEWZjcg1JMzEDhiIYGUbXJrErRIRhxnCksus3tkWD 170 -----END CERTIFICATE-----` 171 172 // DevCoordinatorKey is the key used by the coordinator and buildlet in 173 // development mode. (Not to be confused with the staging "dev" instance 174 // under GCE project "go-dashboard-dev") 175 const DevCoordinatorKey = `-----BEGIN RSA PRIVATE KEY----- 176 MIIEogIBAAKCAQEAlj8cK93O6klUVcAn3eC1za5khnTe/dLPaErrVcymJvdFKEed 177 zNOA6aI9eB2F21KafKcQCaMR+aWBuWzHf4cRp39oQwIi3h1rCpTCq4tMJB2cXarl 178 3ygj5U/VcFLwPcHl0EYFMxHEF4MM2qiPQvpr5mt/DTwFtkg+Wb3gHylDqtaOqHwt 179 a/wTFfGoI03P2OXRgi8a0UkgPpVXlaiamqfbkpId7cRLUPp+dJWvvvbHtkSkIo1k 180 +z3UAluHEhF5j5jBqTQM9A+7otFMkO5QUjJS9E25/cQuaPOnu+xqkxnPPXkABIHv 181 nmLK3pxPJ2CaEFPVpzqe+98Bmqxi3ll9vMUSdwIDAQABAoIBAADPLDasRi4K4RJp 182 K43NZQ1LkC0NOhpB5W4ZYTUgGhEBqfSylg4BYaNghVY9SnhI9J4RREvY/gLLOmym 183 QljUgGrXi9c4jrmFjQsMjBPidzGGm04B2qUeETtt96dYOwUKI1PA3MxOnzDFOu9+ 184 ku74bFZcY93NYfZ+Yx+WnztrvHqSFSvEVIqbY6y1JamZQg4MhypoflCPbSdQAn83 185 eG+9eU4tlpisv84iNQ65BDg+OYpVu8DOe+qXcfmcynn75YBSBaPk0Y5dhYoyWs9P 186 UxLaxwX01Y/YAtsdx9N9XZ4Pjaji0y4tmZmu/O328fk/Ytul26MJtNNNDsyPmidQ 187 wLJf0UkCgYEAxCpyyzzOeIUxKJzb4FZDCkepEp3SNLsh0L7D9vH28nxWhfr0y+IM 188 ncME8xCxhwAhNkn3ksnSSV1eyoyhw0O/IY2jBeZdfp/Wn98W+Q2WRxUwt/aOpVx+ 189 RBuokq021yisam2+wCxyhTcVNnhNPGhyrhNaC7JqYvd6mWyBLbT7brsCgYEAxBMR 190 IyLmVCZGZOBt1ee+LkFMN00I5S0IVVxbGbdCpStXUK/XIIPzinGxadF7zP8vsZ/Y 191 vdUOTa9PWJrsGMSUwkDx4TWGy1uIFhf/rLaTbrGHPQD96WjS+7mCIkkd6fvKXEt/ 192 5rfbhYHoUdX56CWMGSYfCvEQd8CjIIerVzDAdXUCgYBSTRzseA6IMhl12JnHfWmT 193 Ho2o6d4PkZOWaPL+4HWjNtd2Ttv1zllMt02UTSSuZzeH93CPfW1kqm/iuy4DJqFC 194 CpKjHwuK3LTHTmntA+5Q1GskQ6WFa1Duckw/fbzMeJwd6v1k00EY8wtLVx3QgmHa 195 9vOIhMptyzb8t7Fa49u5kQKBgGygc5oXt6tfGRjCDZe4L/DIVEU+9HKjJD7GT+JL 196 WSzQeitFf9WPxNkqa7PITuIfbnjlqdphsu7u9PKNwcdnAVMtT9QJJ4h6SUaUPR2e 197 eMeWquntJr6tSFYVTDdacqwyxsWjPlS//2pTsjXEahNm2dsE96XEL+9oVfersg04 198 ASgRAoGAH5kbPiadxpk+escKawGcnvCeE1ipJIJ7TzewtN2B5IbnDkzt7F415Mxj 199 KCPN0NJXQ5vfURRbbXgP2g6dS6WEQMtpaxo0M4v14kRPK9VhlqrUNvtWoBh4fcgv 200 Jg5yzK4PwNJehAbCb1sVnsI96joHe685u8c8BcuJVE5LMX8ujFE= 201 -----END RSA PRIVATE KEY-----`