TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-02-28 19:27:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
tailscale/tempfork/acme/README.md
Brad Fitzpatrick 2691b9f6be tempfork/acme: add new package for x/crypto package acme fork, move 
We've been maintaining temporary dev forks of golang.org/x/crypto/{acme,ssh}
in https://github.com/tailscale/golang-x-crypto instead of using
this repo's tempfork directory as we do with other packages. The reason we were
doing that was because x/crypto/ssh depended on x/crypto/ssh/internal/poly1305
and I hadn't noticed there are forwarding wrappers already available
in x/crypto/poly1305. It also depended internal/bcrypt_pbkdf but we don't use that
so it's easy to just delete that calling code in our tempfork/ssh.

Now that our SSH changes have been upstreamed, we can soon unfork from SSH.

That leaves ACME remaining.

This change copies our tailscale/golang-x-crypto/acme code to
tempfork/acme but adds a test that our vendored copied still matches
our tailscale/golang-x-crypto repo, where we can continue to do
development work and rebases with upstream. A comment on the new test
describes the expected workflow.

While we could continue to just import & use
tailscale/golang-x-crypto/acme, it seems a bit nicer to not have that
entire-fork-of-x-crypto visible at all in our transitive deps and the
questions that invites. Showing just a fork of an ACME client is much
less scary. It does add a step to the process of hacking on the ACME
client code, but we do that approximately never anyway, and the extra
step is very incremental compared to the existing tedious steps.

Updates #8593
Updates #10238

Change-Id: I8af4378c04c1f82e63d31bf4d16dba9f510f9199
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-01-27 21:32:26 +00:00

547 B
Raw Blame History

tempfork/acme

This is a vendored copy of Tailscale's https://github.com/tailscale/golang-x-crypto, which is a fork of golang.org/x/crypto/acme.

See https://github.com/tailscale/tailscale/issues/10238 for unforking status.

The https://github.com/tailscale/golang-x-crypto location exists to let us do rebases from upstream easily, and then we update tempfork/acme in the same commit we go get github.com/tailscale/golang-x-crypto@main. See the comment on the TestSyncedToUpstream test for details. That test should catch that forgotten step.