Skip to content
This repository has been archived by the owner on Dec 5, 2022. It is now read-only.

Revoke dependency leads to broken import of google.golang.org/grpc/naming #76

Closed
Tracked by #78
hdm opened this issue Jul 19, 2020 · 9 comments
Closed
Tracked by #78

Revoke dependency leads to broken import of google.golang.org/grpc/naming #76

hdm opened this issue Jul 19, 2020 · 9 comments

Comments

@hdm
Copy link

hdm commented Jul 19, 2020
edited
Loading

A long chain of dependencies is introduced via revoke's CT support. This currently leads to a broken module dependency for GRPC:

        github.com/duo-labs/webauthn/protocol imports
        github.com/duo-labs/webauthn/metadata imports
        github.com/cloudflare/cfssl/revoke imports
        github.com/cloudflare/cfssl/helpers imports
        github.com/google/certificate-transparency-go imports
        go.etcd.io/etcd imports
        github.com/coreos/etcd/etcdmain imports
        github.com/coreos/etcd/proxy/grpcproxy imports
        google.golang.org/grpc/naming: module google.golang.org/grpc@latest found (v1.30.0), but does not contain package google.golang.org/grpc/naming

Edit: It looks like revoke's validation is needed here. Any suggestions for fixing this dependency issue?
@hdm
Copy link
Author

hdm commented Jul 19, 2020
edited
Loading

It looks like the workaround (until upstream is fixed) is:

go get google.golang.org/[email protected] (or use a go.mod redirect)

@jordan-wright
Copy link
Contributor

Thanks @hdm! Tagging in @nicksteele to collaborate on the best way to fix this issue.

@vvakame
Copy link
Contributor

vvakame commented Apr 10, 2021

This issue is still unresolved. It would be nice to be able to remove the dependency of the problem ...

@vvakame vvakame mentioned this issue Apr 10, 2021
Closed
@MartinPetkov MartinPetkov mentioned this issue Apr 22, 2021
Closed
@iftimasum
Copy link

@iftimasum

@aeneasr
Copy link

aeneasr commented Apr 3, 2022

Is there maybe an equal lib like cloudflare's that doesn't introduce such a large dependency tree? Or maybe we could fork the revoke module? The problem is that Go 1.18 is much more strict about dependencies and the original workaround does not seem to work any more. It's also problematic when the project consumes grpc and needs a specific (higher version).

@james-d-elliott
Copy link
Contributor

I think the forking idea may be the best one, though it's not entirely easy. That lib is horrible. The only usage of the model is in metadata to check the validity of devices via their certs as you have probably identified.

@Isolus
Copy link

Isolus commented Sep 3, 2022

I have run into a similar problem. I created a fork of CFSSL that has just enough functionality for this project. I have changed only import paths in the code and deleted unnecessary things, so that practically no dependency comes with it.
If anyone is interested: https://github.com/Isolus/cfssl-revoke

@hdm
Copy link
Author

hdm commented Sep 4, 2022

@Isolus Nice work! Would you be able to open a PR to switch the dependency?

@Isolus Isolus mentioned this issue Sep 4, 2022
Closed
@tobiaszheller
Copy link

PR with forked cfssl is #150. It would be nice to merge or maybe duo-labs should provide similar fork in their own repo?

@james-d-elliott james-d-elliott mentioned this issue Dec 6, 2022
Closed
30 tasks
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@vvakame @hdm @jordan-wright @aeneasr @Isolus @james-d-elliott @MasterKale @tobiaszheller @iftimasum