Closed m-si closed 11 months ago
is this a caddy dependency or a coraza dependency?
On Tue, 18 Jul 2023, 09:19 m-si, @.***> wrote:
Describe the bug
a build of corazawaf/coraza-caddy fails due to old requirement in go.mod line 69 with error:
@.***/internal/qtls/go120.go:5:13: cannot use "The version of quic-go you're using can't be built on Go 1.20 yet. For more details, please see https://github.com/lucas-clemente/quic-go/wiki/quic-go-and-Go-versions." (untyped string constant "The version of quic-go you're using can't be built on Go 1.20 yet. F...) as int value in variable declaration
To Reproduce
Clone https://github.com/corazawaf/coraza-caddy and build:
git clone --depth 1 https://github.com/corazawaf/coraza-caddy ... go build caddy/main.go
ideas
Two ideas to solve the issue
- Either update quic-go (latest release https://github.com/quic-go/quic-go/releases seems to be far ahead.
- Alternativly switch to quic-go/quic-go like they did at syncthing project https://github.com/syncthing/syncthing/issues/8768
— Reply to this email directly, view it on GitHub https://github.com/corazawaf/coraza-caddy/issues/90, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAXOYARVKGH2UDIYNBVGLM3XQY2J7ANCNFSM6AAAAAA2N6ONGE . You are receiving this because you are subscribed to this thread.Message ID: @.***>
First of all , thank you for your fast response. As I am new to this, it's a bit difficult to find out for me. I can't find it in their go.mod of v2.6.4 and v2.7 so I guess it seems to be a corazza requierment, isn't it?
It is a Caddy dependency https://github.com/caddyserver/caddy/blob/master/go.mod#L20, we might need to upgrade this repo to latest caddy and go 1.19 once a new release. Any idea on when go 1.20 is going to be supported @mholt?
Another option in the meantime is to try patching this repo, are you up to try that @m-si? In any case it isn't any good we are still in 1.18.
I have tested caddy main and it works fine with go 1.20. We have to wait for the 2.7 release
@jptosso could you add 1.19 and 1.20 to the CI and drop 1.18?
Uhmm https://github.com/corazawaf/coraza-caddy/pull/91
On Tue, 18 Jul 2023, 11:31 Juan Pablo Tosso, @.***> wrote:
I have tested caddy main and it works fine with go 1.20
— Reply to this email directly, view it on GitHub https://github.com/corazawaf/coraza-caddy/issues/90#issuecomment-1639873891, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAXOYAWJY5TB2YMQWATQJBTXQZJWZANCNFSM6AAAAAA2N6ONGE . You are receiving this because you commented.Message ID: @.***>
@jcchavezs today I have no time, but I can try later this week. But to me, it looks even more promising to go with 1.19 or 1.20 as we need to do that anyway to keep up.
@jcchavezs To clarify, the latest Go is (almost?) always supported. We just have to support one prior Go release to please the Debian packaging gods. :man_shrugging:
Quic-Go isn't generally forward-compatible because it relies on a fork of crypto/tls (due to API limitations in that package, which are currently being addressed in partnership with the Go team) -- but it definitely supports Go 1.20.
Since https://github.com/corazawaf/coraza-caddy/pull/96, we are building coraza-caddy in the CI with Go 1.20 and caddy is updated to v2.7.3, I think we can close this one
Describe the bug
a build of corazawaf/coraza-caddy fails due to old requirement in go.mod line 69 with error:
To Reproduce
Clone https://github.com/corazawaf/coraza-caddy and build:
ideas
Two ideas to solve the issue