From 1bb31776c944385a718b877f5711adf9ae3c53e1 Mon Sep 17 00:00:00 2001 From: JimMoen Date: Mon, 14 Nov 2022 09:38:18 +0800 Subject: [PATCH 01/17] fix(rewrite): add topic rewrite validation for filter or name --- changes/v4.3.23-en.md | 7 ++ changes/v4.3.23-zh.md | 7 ++ lib-ce/emqx_modules/src/emqx_mod_rewrite.erl | 90 ++++++++++++++----- .../test/emqx_mod_rewrite_SUITE.erl | 2 +- 4 files changed, 83 insertions(+), 23 deletions(-) create mode 100644 changes/v4.3.23-en.md create mode 100644 changes/v4.3.23-zh.md diff --git a/changes/v4.3.23-en.md b/changes/v4.3.23-en.md new file mode 100644 index 000000000..d36322211 --- /dev/null +++ b/changes/v4.3.23-en.md @@ -0,0 +1,7 @@ +# v4.3.23 + +## Enhancements + +- Added topic validation for `emqx_mod_rewrite`. The dest topics contains wildcards are not allowed to publish [#9359](https://github.com/emqx/emqx/issues/9359). + +## Bug fixes diff --git a/changes/v4.3.23-zh.md b/changes/v4.3.23-zh.md new file mode 100644 index 000000000..e290b9ad3 --- /dev/null +++ b/changes/v4.3.23-zh.md @@ -0,0 +1,7 @@ +# v4.3.23 + +## 增强 + +- 为主题重写模块增加主题合法性检查,带有通配符的目标主题不允许被发布 [#9359](https://github.com/emqx/emqx/issues/9359)。 + +## 修复 diff --git a/lib-ce/emqx_modules/src/emqx_mod_rewrite.erl b/lib-ce/emqx_modules/src/emqx_mod_rewrite.erl index 9f0f635d9..562f0a916 100644 --- a/lib-ce/emqx_modules/src/emqx_mod_rewrite.erl +++ b/lib-ce/emqx_modules/src/emqx_mod_rewrite.erl @@ -23,7 +23,7 @@ -include_lib("emqx/include/logger.hrl"). -ifdef(TEST). --export([ compile/1 +-export([ compile_rules/1 , match_and_rewrite/3 ]). -endif. @@ -40,13 +40,14 @@ , description/0 ]). +-type(topic() :: binary()). + %%-------------------------------------------------------------------- %% Load/Unload %%-------------------------------------------------------------------- load(RawRules) -> - {PubRules, SubRules} = compile(RawRules), - log_start(RawRules), + {PubRules, SubRules} = compile_rules(RawRules), emqx_hooks:put('client.subscribe', {?MODULE, rewrite_subscribe, [SubRules]}, 1000), emqx_hooks:put('client.unsubscribe', {?MODULE, rewrite_unsubscribe, [SubRules]}, 1000), emqx_hooks:put('message.publish', {?MODULE, rewrite_publish, [PubRules]}, 1000). @@ -75,30 +76,59 @@ description() -> %% Internal functions %%-------------------------------------------------------------------- -log_start(Rules) -> - PubRules = [{pub, Topic, Re, Dest} || {rewrite, pub, Topic, Re, Dest} <- Rules], - SubRules = [{sub, Topic, Re, Dest} || {rewrite, sub, Topic, Re, Dest} <- Rules], +compile_rules(RawRules) -> + compile(validate_rules(RawRules)). + +compile({PubRules, SubRules}) -> + CompileRE = + fun({rewrite, RewriteFrom, Re, RewriteTo}) -> + {ok, MP} = re:compile(Re), + {rewrite, RewriteFrom, MP, RewriteTo} + end, + {lists:map(CompileRE, PubRules), lists:map(CompileRE, SubRules)}. + +validate_rules(Rules) -> + PubRules = [{rewrite, RewriteFrom, Re, RewriteTo} || + {rewrite, pub, RewriteFrom, Re, RewriteTo} <- Rules, + validate_rule(pub, RewriteFrom, RewriteTo) + ], + SubRules = [{rewrite, RewriteFrom, Re, RewriteTo} || + {rewrite, sub, RewriteFrom, Re, RewriteTo} <- Rules, + validate_rule(sub, RewriteFrom, RewriteTo) + ], ?LOG(info, "[Rewrite] Load: pub rules count ~p sub rules count ~p", [erlang:length(PubRules), erlang:length(SubRules)]), - log_rule(PubRules, 1), - log_rule(SubRules, 1). + log_rules(pub, PubRules), + log_rules(sub, SubRules), + {PubRules, SubRules}. -log_rule([], _Index) -> ok; -log_rule([{Type, Topic, Re, Dest} | Rules], Index) -> +validate_rule(Type, RewriteFrom, RewriteTo) -> + case validate_topic(filter, RewriteFrom) of + ok -> + case validate_topic(dest_topic_type(Type), RewriteTo) of + ok -> + true; + {error, Reason} -> + log_invalid_rule(to, Type, RewriteTo, Reason), + false + end; + {error, Reason} -> + log_invalid_rule(from, Type, RewriteFrom, Reason), + false + end. + +log_invalid_rule(Direction, Type, Topic, Reason) -> + ?LOG(warning, "Invalid rewrite ~p rule for rewrite ~p topic '~ts' discarded. Reason: ~p", + [type_to_name(Type), Direction, Topic, Reason]). + +log_rules(Type, Rules) -> + do_log_rules(Type, Rules, 1). + +do_log_rules(_Type, [], _Index) -> ok; +do_log_rules(Type, [{_, Topic, Re, Dest} | Rules], Index) -> ?LOG(info, "[Rewrite] Load ~p rule[~p]: source: ~ts, re: ~ts, dest: ~ts", [Type, Index, Topic, Re, Dest]), - log_rule(Rules, Index + 1). - -compile(Rules) -> - PubRules = [ begin - {ok, MP} = re:compile(Re), - {rewrite, Topic, MP, Dest} - end || {rewrite, pub, Topic, Re, Dest}<- Rules ], - SubRules = [ begin - {ok, MP} = re:compile(Re), - {rewrite, Topic, MP, Dest} - end || {rewrite, sub, Topic, Re, Dest}<- Rules ], - {PubRules, SubRules}. + do_log_rules(Type, Rules, Index + 1). match_and_rewrite(Topic, [], _) -> Topic; @@ -138,3 +168,19 @@ filter_client_binds(Binds) -> (_) -> true end, Binds). + +type_to_name(pub) -> 'PUBLISH'; +type_to_name(sub) -> 'SUBSCRIBE'. + +dest_topic_type(pub) -> name; +dest_topic_type(sub) -> filter. + +-spec(validate_topic(name | filter, topic()) -> ok | {error, term()}). +validate_topic(Type, Topic) -> + try + true = emqx_topic:validate(Type, Topic), + ok + catch + error:Reason -> + {error, Reason} + end. diff --git a/lib-ce/emqx_modules/test/emqx_mod_rewrite_SUITE.erl b/lib-ce/emqx_modules/test/emqx_mod_rewrite_SUITE.erl index 44574344b..16c9b6188 100644 --- a/lib-ce/emqx_modules/test/emqx_mod_rewrite_SUITE.erl +++ b/lib-ce/emqx_modules/test/emqx_mod_rewrite_SUITE.erl @@ -82,7 +82,7 @@ t_mod_rewrite(_Config) -> ok = emqx_mod_rewrite:unload(?RULES). t_rewrite_rule(_Config) -> - {PubRules, SubRules} = emqx_mod_rewrite:compile(?RULES), + {PubRules, SubRules} = emqx_mod_rewrite:compile_rules(?RULES), ?assertEqual(<<"z/y/2">>, emqx_mod_rewrite:match_and_rewrite(<<"x/y/2">>, PubRules, [])), ?assertEqual(<<"x/1/2">>, emqx_mod_rewrite:match_and_rewrite(<<"x/1/2">>, PubRules, [])), ?assertEqual(<<"y/z/b">>, emqx_mod_rewrite:match_and_rewrite(<<"y/a/z/b">>, SubRules, [])), From 32a885017b17597cdecef486e851d089cc26ce09 Mon Sep 17 00:00:00 2001 From: JimMoen Date: Mon, 14 Nov 2022 16:19:05 +0800 Subject: [PATCH 02/17] chore: bump appup.src for `emqx_mod_rewrite` --- lib-ce/emqx_modules/src/emqx_modules.app.src | 2 +- lib-ce/emqx_modules/src/emqx_modules.appup.src | 16 ++++++++++++---- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/lib-ce/emqx_modules/src/emqx_modules.app.src b/lib-ce/emqx_modules/src/emqx_modules.app.src index 0c3328f8c..68b210d26 100644 --- a/lib-ce/emqx_modules/src/emqx_modules.app.src +++ b/lib-ce/emqx_modules/src/emqx_modules.app.src @@ -1,6 +1,6 @@ {application, emqx_modules, [{description, "EMQ X Module Management"}, - {vsn, "4.3.10"}, + {vsn, "4.3.11"}, {modules, []}, {applications, [kernel,stdlib]}, {mod, {emqx_modules_app, []}}, diff --git a/lib-ce/emqx_modules/src/emqx_modules.appup.src b/lib-ce/emqx_modules/src/emqx_modules.appup.src index 461eefa15..47d9c9a75 100644 --- a/lib-ce/emqx_modules/src/emqx_modules.appup.src +++ b/lib-ce/emqx_modules/src/emqx_modules.appup.src @@ -1,9 +1,13 @@ %% -*- mode: erlang -*- %% Unless you know what you are doing, DO NOT edit manually!! {VSN, - [{"4.3.9",[{load_module,emqx_mod_delayed,brutal_purge,soft_purge,[]}]}, + [{"4.3.10",[{load_module,emqx_mod_rewrite,brutal_purge,soft_purge,[]}]}, + {"4.3.9", + [{load_module,emqx_mod_rewrite,brutal_purge,soft_purge,[]}, + {load_module,emqx_mod_delayed,brutal_purge,soft_purge,[]}]}, {"4.3.8", - [{load_module,emqx_modules,brutal_purge,soft_purge,[]}, + [{load_module,emqx_mod_rewrite,brutal_purge,soft_purge,[]}, + {load_module,emqx_modules,brutal_purge,soft_purge,[]}, {load_module,emqx_mod_delayed,brutal_purge,soft_purge,[]}]}, {<<"4\\.3\\.[5-7]">>, [{load_module,emqx_mod_rewrite,brutal_purge,soft_purge,[]}, @@ -35,9 +39,13 @@ {load_module,emqx_mod_api_topic_metrics,brutal_purge,soft_purge,[]}, {load_module,emqx_mod_rewrite,brutal_purge,soft_purge,[]}]}, {<<".*">>,[]}], - [{"4.3.9",[{load_module,emqx_mod_delayed,brutal_purge,soft_purge,[]}]}, + [{"4.3.10",[{load_module,emqx_mod_rewrite,brutal_purge,soft_purge,[]}]}, + {"4.3.9", + [{load_module,emqx_mod_rewrite,brutal_purge,soft_purge,[]}, + {load_module,emqx_mod_delayed,brutal_purge,soft_purge,[]}]}, {"4.3.8", - [{load_module,emqx_modules,brutal_purge,soft_purge,[]}, + [{load_module,emqx_mod_rewrite,brutal_purge,soft_purge,[]}, + {load_module,emqx_modules,brutal_purge,soft_purge,[]}, {load_module,emqx_mod_delayed,brutal_purge,soft_purge,[]}]}, {<<"4\\.3\\.[5-7]">>, [{load_module,emqx_mod_rewrite,brutal_purge,soft_purge,[]}, From db08efa0acce527b0a85490cdb27a0e1e324c2fb Mon Sep 17 00:00:00 2001 From: JimMoen Date: Mon, 14 Nov 2022 16:40:01 +0800 Subject: [PATCH 03/17] test(rewrite): invalided topic rewrite rule --- .../test/emqx_mod_rewrite_SUITE.erl | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/lib-ce/emqx_modules/test/emqx_mod_rewrite_SUITE.erl b/lib-ce/emqx_modules/test/emqx_mod_rewrite_SUITE.erl index 16c9b6188..5165f9e9d 100644 --- a/lib-ce/emqx_modules/test/emqx_mod_rewrite_SUITE.erl +++ b/lib-ce/emqx_modules/test/emqx_mod_rewrite_SUITE.erl @@ -30,6 +30,13 @@ {rewrite, sub, <<"c/#">>,<<"^c/(.+)$">>,<<"sub/%c/$1">>} ]). +-define(BAD_RULES_1, [{rewrite, pub, <<"x/#">>,<<"^x/y/(.+)$">>,<<"z/y/+">>}]). + +%% empty topic filter/name won't be ranched cased `emqx.conf` will be checked before emqx started +%% but we need this check for emqx-ee modules api +-define(BAD_RULES_2, [{rewrite, pub, <<"">>,<<"^x/y/(.+)$">>,<<"z/y/+">>}]). +-define(BAD_RULES_3, [{rewrite, pub, <<"name/#">>,<<"^name/(.+)$">>,<<"">>}]). + all() -> emqx_ct:all(?MODULE). init_per_suite(Config) -> @@ -83,11 +90,29 @@ t_mod_rewrite(_Config) -> t_rewrite_rule(_Config) -> {PubRules, SubRules} = emqx_mod_rewrite:compile_rules(?RULES), + %% assert ordering + ?assertMatch([{rewrite, <<"x/#">>, _, <<"z/y/$1">>}, + {rewrite, <<"name/#">>, _, <<"pub/%u/$1">>}, + {rewrite, <<"c/#">>, _, <<"pub/%c/$1">>}], + PubRules), + ?assertMatch([{rewrite, <<"y/+/z/#">>, _, <<"y/z/$2">>}, + {rewrite, <<"name/#">>, _, <<"sub/%u/$1">>}, + {rewrite, <<"c/#">>, _, <<"sub/%c/$1">>}], + SubRules), + ?assertEqual(<<"z/y/2">>, emqx_mod_rewrite:match_and_rewrite(<<"x/y/2">>, PubRules, [])), ?assertEqual(<<"x/1/2">>, emqx_mod_rewrite:match_and_rewrite(<<"x/1/2">>, PubRules, [])), ?assertEqual(<<"y/z/b">>, emqx_mod_rewrite:match_and_rewrite(<<"y/a/z/b">>, SubRules, [])), ?assertEqual(<<"y/def">>, emqx_mod_rewrite:match_and_rewrite(<<"y/def">>, SubRules, [])). +t_rewrite_bad_rule_1(_Config) -> + ?assertEqual({[], []}, emqx_mod_rewrite:compile_rules(?BAD_RULES_1)). + +t_rewrite_bad_rule_2(_Config) -> + ?assertEqual({[], []}, emqx_mod_rewrite:compile_rules(?BAD_RULES_2)). + +t_rewrite_bad_rule_3(_Config) -> + ?assertEqual({[], []}, emqx_mod_rewrite:compile_rules(?BAD_RULES_3)). %%-------------------------------------------------------------------- %% Internal functions %%-------------------------------------------------------------------- From ebfaecfa915fe43c813a7e8a88f7e4c32b0a9657 Mon Sep 17 00:00:00 2001 From: firest Date: Thu, 10 Nov 2022 13:16:02 +0800 Subject: [PATCH 04/17] fix(jwt): fix the jwt ACL will return a wrong result when the token is expired --- apps/emqx_auth_jwt/src/emqx_auth_jwt.erl | 2 +- apps/emqx_auth_jwt/test/emqx_auth_jwt_SUITE.erl | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl b/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl index 623fa25c5..223fc673c 100644 --- a/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl +++ b/apps/emqx_auth_jwt/src/emqx_auth_jwt.erl @@ -67,7 +67,7 @@ check_acl(ClientInfo = #{jwt_claims := Claims}, case is_expired(Exp) of true -> ?DEBUG("acl_deny_due_to_jwt_expired", []), - deny; + {stop, deny}; false -> verify_acl(ClientInfo, Acl, PubSub, Topic) end; diff --git a/apps/emqx_auth_jwt/test/emqx_auth_jwt_SUITE.erl b/apps/emqx_auth_jwt/test/emqx_auth_jwt_SUITE.erl index 7452091bd..235f77783 100644 --- a/apps/emqx_auth_jwt/test/emqx_auth_jwt_SUITE.erl +++ b/apps/emqx_auth_jwt/test/emqx_auth_jwt_SUITE.erl @@ -462,6 +462,16 @@ t_check_jwt_acl_expire(_Config) -> {ok, #{}, [?RC_NOT_AUTHORIZED]}, emqtt:subscribe(C, <<"a/b">>, 0)), + Default = emqx_zone:get_env(external, acl_nomatch, deny), + emqx_zone:set_env(external, acl_nomatch, allow), + try + ?assertMatch( + {ok, #{}, [?RC_NOT_AUTHORIZED]}, + emqtt:subscribe(C, <<"a/b">>, 0)) + after + emqx_zone:set_env(external, acl_nomatch, Default) + end, + ok = emqtt:disconnect(C). t_check_jwt_acl_no_exp(init, _Config) -> From 8a0158e21dd67cc4c2d03e8dd82e21ee85798895 Mon Sep 17 00:00:00 2001 From: firest Date: Tue, 15 Nov 2022 09:52:34 +0800 Subject: [PATCH 05/17] chore: update changes --- changes/v4.3.23-en.md | 2 ++ changes/v4.3.23-zh.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/changes/v4.3.23-en.md b/changes/v4.3.23-en.md index d36322211..ee43c4cee 100644 --- a/changes/v4.3.23-en.md +++ b/changes/v4.3.23-en.md @@ -5,3 +5,5 @@ - Added topic validation for `emqx_mod_rewrite`. The dest topics contains wildcards are not allowed to publish [#9359](https://github.com/emqx/emqx/issues/9359). ## Bug fixes + +- Fix a bug where the JWT ACL would not short-circuit with a deny response when the token is expired [#9338](https://github.com/emqx/emqx/pull/9338). diff --git a/changes/v4.3.23-zh.md b/changes/v4.3.23-zh.md index e290b9ad3..3e3e293f4 100644 --- a/changes/v4.3.23-zh.md +++ b/changes/v4.3.23-zh.md @@ -5,3 +5,5 @@ - 为主题重写模块增加主题合法性检查,带有通配符的目标主题不允许被发布 [#9359](https://github.com/emqx/emqx/issues/9359)。 ## 修复 + +- 修复 JWT ACL 在令牌超期后授权检查不生效的问题 [#9338](https://github.com/emqx/emqx/pull/9338)。 From f4a14ecf66cf1f9c2389d37ed6aa964d308f91ed Mon Sep 17 00:00:00 2001 From: firest Date: Thu, 10 Nov 2022 15:08:36 +0800 Subject: [PATCH 06/17] refactor(cookie): Warning message when boot with default Erlang cookie --- bin/emqx | 8 ++++++-- data/emqx_vars | 4 ++++ rebar.config.erl | 19 ++++++++++++------- 3 files changed, 22 insertions(+), 9 deletions(-) diff --git a/bin/emqx b/bin/emqx index 89fc564b1..cdbb7c9de 100755 --- a/bin/emqx +++ b/bin/emqx @@ -537,9 +537,13 @@ if [ -z "$COOKIE" ]; then fi fi -if [ -z "$COOKIE" ]; then +[ -z "$COOKIE" ] && COOKIE="$EMQX_DEFAULT_ERLANG_COOKIE" +if [ $IS_BOOT_COMMAND = 'yes' ] && [ "$COOKIE" = "$EMQX_DEFAULT_ERLANG_COOKIE" ]; then + echoerr "!!!!!!" + echoerr "WARNING: Default (insecure) Erlang cookie is in use." echoerr "Please set node.cookie in $RUNNER_ETC_DIR/emqx.conf or override from environment variable EMQX_NODE_COOKIE" - exit 1 + echoerr "NOTE: Use the same config value for all nodes in the cluster." + echoerr "!!!!!!" fi cd "$ROOTDIR" diff --git a/data/emqx_vars b/data/emqx_vars index 8ca6bf22d..1559e890c 100644 --- a/data/emqx_vars +++ b/data/emqx_vars @@ -14,6 +14,10 @@ RUNNER_DATA_DIR="{{ runner_data_dir }}" RUNNER_USER="{{ runner_user }}" EMQX_DESCRIPTION='{{ emqx_description }}' +## Do not change EMQX_DEFAULT_ERLANG_COOKIE. +## Configure EMQX_NODE_COOKIE instead +EMQX_DEFAULT_ERLANG_COOKIE='{{ emqx_default_erlang_cookie }}' + ## Warning: DO NOT create new variables using the above vars in this file, ## as the vars above can be overwritten by the relup scripts later, like: ## REL_VSN="new_version" diff --git a/rebar.config.erl b/rebar.config.erl index 1f7731462..1267da0bb 100644 --- a/rebar.config.erl +++ b/rebar.config.erl @@ -203,18 +203,23 @@ overlay_vars(RelType, PkgType, false) -> overlay_vars_rel(RelType) ++ overlay_vars_pkg(PkgType). %% vars per release type, cloud or edge -overlay_vars_rel(RelType) -> - VmArgs = case RelType of - cloud -> "vm.args"; - edge -> "vm.args.edge" - end, - [ {enable_plugin_emqx_rule_engine, RelType =:= cloud} +overlay_vars_rel(cloud) -> + [ {vm_args_file, "vm.args"} + | overlay_vars_rel_common(cloud) + ]; +overlay_vars_rel(edge) -> + [ {vm_args_file, "vm.args.edge"} + | overlay_vars_rel_common(edge) + ]. + +overlay_vars_rel_common(RelType) -> + [ {emqx_default_erlang_cookie, "emqxsecretcookie"} + , {enable_plugin_emqx_rule_engine, RelType =:= cloud} , {enable_plugin_emqx_bridge_mqtt, RelType =:= edge} , {enable_plugin_emqx_modules, false} %% modules is not a plugin in ce , {enable_plugin_emqx_recon, true} , {enable_plugin_emqx_retainer, true} , {enable_plugin_emqx_telemetry, true} - , {vm_args_file, VmArgs} ]. %% vars per packaging type, bin(zip/tar.gz/docker) or pkg(rpm/deb) From ed3dc0b614274ddb2a6878af38b2cc590d8a61b6 Mon Sep 17 00:00:00 2001 From: firest Date: Thu, 10 Nov 2022 15:25:19 +0800 Subject: [PATCH 07/17] chore: update changes --- changes/v4.3.23-en.md | 2 ++ changes/v4.3.23-zh.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/changes/v4.3.23-en.md b/changes/v4.3.23-en.md index d36322211..b8c0230c6 100644 --- a/changes/v4.3.23-en.md +++ b/changes/v4.3.23-en.md @@ -4,4 +4,6 @@ - Added topic validation for `emqx_mod_rewrite`. The dest topics contains wildcards are not allowed to publish [#9359](https://github.com/emqx/emqx/issues/9359). +- Print a warning message when boot with the default (insecure) Erlang cookie [#9340](https://github.com/emqx/emqx/pull/9340). + ## Bug fixes diff --git a/changes/v4.3.23-zh.md b/changes/v4.3.23-zh.md index e290b9ad3..b14dd96bb 100644 --- a/changes/v4.3.23-zh.md +++ b/changes/v4.3.23-zh.md @@ -4,4 +4,6 @@ - 为主题重写模块增加主题合法性检查,带有通配符的目标主题不允许被发布 [#9359](https://github.com/emqx/emqx/issues/9359)。 +- 使用默认的(不安全的) Erlang cookie 进行启动时,将会打印一条警告信息 [#9340](https://github.com/emqx/emqx/pull/9340)。 + ## 修复 From 61517f8280844c406ab37638eaae2435bb41d350 Mon Sep 17 00:00:00 2001 From: firest Date: Fri, 18 Nov 2022 14:23:49 +0800 Subject: [PATCH 08/17] chore: make remsh node name away from the atom table overflow --- bin/emqx | 2 +- bin/nodetool | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/bin/emqx b/bin/emqx index cdbb7c9de..04e6b201a 100755 --- a/bin/emqx +++ b/bin/emqx @@ -319,7 +319,7 @@ relx_rem_sh() { # Generate a random id relx_gen_id() { - od -t x -N 4 /dev/urandom | head -n1 | awk '{print $2}' + od -t u -N 4 /dev/urandom | head -n1 | awk '{print $2 % 1000}' } # Control a node diff --git a/bin/nodetool b/bin/nodetool index c3bfe5b3c..234dabb97 100755 --- a/bin/nodetool +++ b/bin/nodetool @@ -202,7 +202,12 @@ nodename(Name) -> this_node_name(Name) -> [Node, Host] = re:split(Name, "@", [{return, list}, unicode]), - list_to_atom(lists:concat(["remsh_maint_", Node, os:getpid(), "@", Host])). + list_to_atom(lists:concat(["remsh_maint_", Node, node_name_suffix_id(), "@", Host])). + +%% use the reversed value that from pid mod 1000 as the node name suffix +node_name_suffix_id() -> + Pid = os:getpid(), + string:slice(string:reverse(Pid), 0, 3). %% For windows??? create_mnesia_dir(DataDir, NodeName) -> From 2cdc953435fba8f3f72a82e23b788232925a9b28 Mon Sep 17 00:00:00 2001 From: firest Date: Fri, 18 Nov 2022 14:29:29 +0800 Subject: [PATCH 09/17] chore: update changes --- changes/v4.3.23-en.md | 2 ++ changes/v4.3.23-zh.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/changes/v4.3.23-en.md b/changes/v4.3.23-en.md index fbc662fc2..c3d6216ed 100644 --- a/changes/v4.3.23-en.md +++ b/changes/v4.3.23-en.md @@ -6,6 +6,8 @@ - Print a warning message when boot with the default (insecure) Erlang cookie [#9340](https://github.com/emqx/emqx/pull/9340). +- Improve node name generation rules to avoid potential atom table overflow risk [#9391](https://github.com/emqx/emqx/pull/9391). + ## Bug fixes - Fix a bug where the JWT ACL would not short-circuit with a deny response when the token is expired [#9338](https://github.com/emqx/emqx/pull/9338). diff --git a/changes/v4.3.23-zh.md b/changes/v4.3.23-zh.md index 14f9c33e1..4f486f186 100644 --- a/changes/v4.3.23-zh.md +++ b/changes/v4.3.23-zh.md @@ -6,6 +6,8 @@ - 使用默认的(不安全的) Erlang cookie 进行启动时,将会打印一条警告信息 [#9340](https://github.com/emqx/emqx/pull/9340)。 +- 改进了节点名称生成规则,以避免潜在的原子表溢出风险 [#9391](https://github.com/emqx/emqx/pull/9391)。 + ## 修复 - 修复 JWT ACL 在令牌超期后授权检查不生效的问题 [#9338](https://github.com/emqx/emqx/pull/9338)。 From 3c84f4b2547c8c611b74f39a39a5a58b3bf87652 Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Sat, 26 Nov 2022 18:14:15 +0100 Subject: [PATCH 10/17] chore: re-generate appup --- apps/emqx_auth_jwt/src/emqx_auth_jwt.app.src | 2 +- apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src | 6 ++++-- apps/emqx_rule_engine/src/emqx_rule_engine.app.src | 2 +- apps/emqx_rule_engine/src/emqx_rule_engine.appup.src | 6 ++++-- 4 files changed, 10 insertions(+), 6 deletions(-) diff --git a/apps/emqx_auth_jwt/src/emqx_auth_jwt.app.src b/apps/emqx_auth_jwt/src/emqx_auth_jwt.app.src index e0550fa78..924fffffa 100644 --- a/apps/emqx_auth_jwt/src/emqx_auth_jwt.app.src +++ b/apps/emqx_auth_jwt/src/emqx_auth_jwt.app.src @@ -1,6 +1,6 @@ {application, emqx_auth_jwt, [{description, "EMQ X Authentication with JWT"}, - {vsn, "4.3.8"}, % strict semver, bump manually! + {vsn, "4.3.9"}, % strict semver, bump manually! {modules, []}, {registered, [emqx_auth_jwt_sup]}, {applications, [kernel,stdlib,jose]}, diff --git a/apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src b/apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src index 5f1cd15b0..7fd40959f 100644 --- a/apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src +++ b/apps/emqx_auth_jwt/src/emqx_auth_jwt.appup.src @@ -1,7 +1,8 @@ %% -*- mode: erlang -*- %% Unless you know what you are doing, DO NOT edit manually!! {VSN, - [{"4.3.7", + [{"4.3.8",[{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}]}, + {"4.3.7", [{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}, {load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}]}, {<<"4\\.3\\.[3-6]">>, @@ -9,7 +10,8 @@ {load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}]}, {<<"4\\.3\\.[0-2]">>,[{restart_application,emqx_auth_jwt}]}, {<<".*">>,[]}], - [{"4.3.7", + [{"4.3.8",[{load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}]}, + {"4.3.7", [{load_module,emqx_auth_jwt_svr,brutal_purge,soft_purge,[]}, {load_module,emqx_auth_jwt,brutal_purge,soft_purge,[]}]}, {<<"4\\.3\\.[3-6]">>, diff --git a/apps/emqx_rule_engine/src/emqx_rule_engine.app.src b/apps/emqx_rule_engine/src/emqx_rule_engine.app.src index 7989c9542..be6ff4579 100644 --- a/apps/emqx_rule_engine/src/emqx_rule_engine.app.src +++ b/apps/emqx_rule_engine/src/emqx_rule_engine.app.src @@ -1,6 +1,6 @@ {application, emqx_rule_engine, [{description, "EMQ X Rule Engine"}, - {vsn, "4.3.17"}, % strict semver, bump manually! + {vsn, "4.3.18"}, % strict semver, bump manually! {modules, []}, {registered, [emqx_rule_engine_sup, emqx_rule_registry]}, {applications, [kernel,stdlib,rulesql,getopt]}, diff --git a/apps/emqx_rule_engine/src/emqx_rule_engine.appup.src b/apps/emqx_rule_engine/src/emqx_rule_engine.appup.src index db60b666c..333c232f8 100644 --- a/apps/emqx_rule_engine/src/emqx_rule_engine.appup.src +++ b/apps/emqx_rule_engine/src/emqx_rule_engine.appup.src @@ -1,7 +1,8 @@ %% -*- mode: erlang -*- %% Unless you know what you are doing, DO NOT edit manually!! {VSN, - [{"4.3.16", + [{"4.3.17",[{load_module,emqx_rule_registry,brutal_purge,soft_purge,[]}]}, + {"4.3.16", [{load_module,emqx_rule_registry,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_actions,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_engine_cli,brutal_purge,soft_purge,[]}, @@ -314,7 +315,8 @@ {load_module,emqx_rule_monitor,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_engine_api,brutal_purge,soft_purge,[]}]}, {<<".*">>,[]}], - [{"4.3.16", + [{"4.3.17",[{load_module,emqx_rule_registry,brutal_purge,soft_purge,[]}]}, + {"4.3.16", [{load_module,emqx_rule_registry,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_actions,brutal_purge,soft_purge,[]}, {load_module,emqx_rule_engine_cli,brutal_purge,soft_purge,[]}, From 478b006e685cc83807cd71a5cc31fe708880476a Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Sat, 26 Nov 2022 21:04:53 +0100 Subject: [PATCH 11/17] chore: update versions --- deploy/charts/emqx/Chart.yaml | 4 ++-- include/emqx_release.hrl | 2 +- lib-ce/emqx_dashboard/src/emqx_dashboard.app.src | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/charts/emqx/Chart.yaml b/deploy/charts/emqx/Chart.yaml index 28cafe9b3..1997c0f27 100644 --- a/deploy/charts/emqx/Chart.yaml +++ b/deploy/charts/emqx/Chart.yaml @@ -13,8 +13,8 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 4.3.22 +version: 4.3.23 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: 4.3.22 +appVersion: 4.3.23 diff --git a/include/emqx_release.hrl b/include/emqx_release.hrl index 6c5de4a24..274225ab7 100644 --- a/include/emqx_release.hrl +++ b/include/emqx_release.hrl @@ -29,7 +29,7 @@ -ifndef(EMQX_ENTERPRISE). --define(EMQX_RELEASE, {opensource, "4.3.22"}). +-define(EMQX_RELEASE, {opensource, "4.3.23-alhpa.1"}). -else. diff --git a/lib-ce/emqx_dashboard/src/emqx_dashboard.app.src b/lib-ce/emqx_dashboard/src/emqx_dashboard.app.src index 07c67545b..cb36b99a8 100644 --- a/lib-ce/emqx_dashboard/src/emqx_dashboard.app.src +++ b/lib-ce/emqx_dashboard/src/emqx_dashboard.app.src @@ -1,6 +1,6 @@ {application, emqx_dashboard, [{description, "EMQ X Web Dashboard"}, - {vsn, "4.3.18"}, % strict semver, bump manually! + {vsn, "4.3.19"}, % strict semver, bump manually! {modules, []}, {registered, [emqx_dashboard_sup]}, {applications, [kernel,stdlib,mnesia,minirest]}, From f3fd90604373c0c5a32d20883ca054e571fdb97f Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Sat, 26 Nov 2022 21:05:15 +0100 Subject: [PATCH 12/17] chore: bump emqx app vsn --- src/emqx.app.src | 2 +- src/emqx.appup.src | 10 ++++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/src/emqx.app.src b/src/emqx.app.src index 99715d1a2..aa0ff68f4 100644 --- a/src/emqx.app.src +++ b/src/emqx.app.src @@ -6,7 +6,7 @@ %% the emqx `release' version, which in turn is comprised of several %% apps, one of which is this. See `emqx_release.hrl' for more %% info. - {vsn, "4.3.23"}, % strict semver, bump manually! + {vsn, "4.3.24"}, % strict semver, bump manually! {modules, []}, {registered, []}, {applications, [ kernel diff --git a/src/emqx.appup.src b/src/emqx.appup.src index 6c016f347..377e7353d 100644 --- a/src/emqx.appup.src +++ b/src/emqx.appup.src @@ -1,7 +1,10 @@ %% -*- mode: erlang -*- %% Unless you know what you are doing, DO NOT edit manually!! {VSN, - [{"4.3.22", + [{"4.3.23", + [{load_module,emqx_app,brutal_purge,soft_purge,[]}, + {load_module,emqx_cm,brutal_purge,soft_purge,[]}]}, + {"4.3.22", [{load_module,emqx_hooks,brutal_purge,soft_purge,[]}, {load_module,emqx_misc,brutal_purge,soft_purge,[]}, {load_module,emqx_cm,brutal_purge,soft_purge,[]}, @@ -877,7 +880,10 @@ {load_module,emqx_message,brutal_purge,soft_purge,[]}, {load_module,emqx_limiter,brutal_purge,soft_purge,[]}]}, {<<".*">>,[]}], - [{"4.3.22", + [{"4.3.23", + [{load_module,emqx_app,brutal_purge,soft_purge,[]}, + {load_module,emqx_cm,brutal_purge,soft_purge,[]}]}, + {"4.3.22", [{load_module,emqx_hooks,brutal_purge,soft_purge,[]}, {load_module,emqx_misc,brutal_purge,soft_purge,[]}, {load_module,emqx_cm,brutal_purge,soft_purge,[]}, From 027c05af99d0b4a6df1cbcde2e51a59e3a3dc712 Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Sun, 27 Nov 2022 12:19:38 +0100 Subject: [PATCH 13/17] test(emqx_channel): fix two flaky tests --- src/emqx.appup.src | 6 ++++-- src/emqx_channel.erl | 1 - test/emqx_channel_SUITE.erl | 28 ++++++++++++++++++++-------- 3 files changed, 24 insertions(+), 11 deletions(-) diff --git a/src/emqx.appup.src b/src/emqx.appup.src index 377e7353d..e0356aca6 100644 --- a/src/emqx.appup.src +++ b/src/emqx.appup.src @@ -2,7 +2,8 @@ %% Unless you know what you are doing, DO NOT edit manually!! {VSN, [{"4.3.23", - [{load_module,emqx_app,brutal_purge,soft_purge,[]}, + [{load_module,emqx_channel,brutal_purge,soft_purge,[]}, + {load_module,emqx_app,brutal_purge,soft_purge,[]}, {load_module,emqx_cm,brutal_purge,soft_purge,[]}]}, {"4.3.22", [{load_module,emqx_hooks,brutal_purge,soft_purge,[]}, @@ -881,7 +882,8 @@ {load_module,emqx_limiter,brutal_purge,soft_purge,[]}]}, {<<".*">>,[]}], [{"4.3.23", - [{load_module,emqx_app,brutal_purge,soft_purge,[]}, + [{load_module,emqx_channel,brutal_purge,soft_purge,[]}, + {load_module,emqx_app,brutal_purge,soft_purge,[]}, {load_module,emqx_cm,brutal_purge,soft_purge,[]}]}, {"4.3.22", [{load_module,emqx_hooks,brutal_purge,soft_purge,[]}, diff --git a/src/emqx_channel.erl b/src/emqx_channel.erl index 4cae29348..9fad69f90 100644 --- a/src/emqx_channel.erl +++ b/src/emqx_channel.erl @@ -643,7 +643,6 @@ after_message_acked(ClientInfo, Msg, PubAckProps) -> %% Process Subscribe %%-------------------------------------------------------------------- --compile({inline, [process_subscribe/3]}). process_subscribe(TopicFilters, SubProps, Channel) -> process_subscribe(TopicFilters, SubProps, Channel, []). diff --git a/test/emqx_channel_SUITE.erl b/test/emqx_channel_SUITE.erl index d46d95ff2..7aa2bef99 100644 --- a/test/emqx_channel_SUITE.erl +++ b/test/emqx_channel_SUITE.erl @@ -321,11 +321,17 @@ t_handle_in_pubcomp_not_found_error(_) -> t_handle_in_subscribe(_) -> ok = meck:expect(emqx_session, subscribe, fun(_, _, _, Session) -> {ok, Session} end), - Channel = channel(#{conn_state => connected}), - TopicFilters = [{<<"+">>, ?DEFAULT_SUBOPTS}], - Subscribe = ?SUBSCRIBE_PACKET(1, #{}, TopicFilters), - Replies = [{outgoing, ?SUBACK_PACKET(1, [?QOS_0])}, {event, updated}], - {ok, Replies, _Chan} = emqx_channel:handle_in(Subscribe, Channel). + meck:new(emqx_mqtt_caps), + ok = meck:expect(emqx_mqtt_caps, check_sub, fun(_, _, _) -> ok end), + try + Channel = channel(#{conn_state => connected}), + TopicFilters = [{<<"+">>, ?DEFAULT_SUBOPTS}], + Subscribe = ?SUBSCRIBE_PACKET(1, #{}, TopicFilters), + Replies = [{outgoing, ?SUBACK_PACKET(1, [?QOS_0])}, {event, updated}], + {ok, Replies, _Chan} = emqx_channel:handle_in(Subscribe, Channel) + after + meck:unload(emqx_mqtt_caps) + end. t_handle_in_unsubscribe(_) -> ok = meck:expect(emqx_session, unsubscribe, @@ -394,9 +400,15 @@ t_process_publish_qos1(_) -> t_process_subscribe(_) -> ok = meck:expect(emqx_session, subscribe, fun(_, _, _, Session) -> {ok, Session} end), - TopicFilters = [ TopicFilter = {<<"+">>, ?DEFAULT_SUBOPTS}], - {[{TopicFilter, ?RC_SUCCESS}], _Channel} = - emqx_channel:process_subscribe(TopicFilters, #{}, channel()). + meck:new(emqx_mqtt_caps), + ok = meck:expect(emqx_mqtt_caps, check_sub, fun(_, _, _) -> ok end), + try + TopicFilters = [ TopicFilter = {<<"+">>, ?DEFAULT_SUBOPTS}], + {[{TopicFilter, ?RC_SUCCESS}], _Channel} = + emqx_channel:process_subscribe(TopicFilters, #{}, channel()) + after + meck:unload(emqx_mqtt_caps) + end. t_process_unsubscribe(_) -> ok = meck:expect(emqx_session, unsubscribe, fun(_, _, _, Session) -> {ok, Session} end), From ad024871e12119d30ec64d30769fc31a0cc2cfb8 Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Sun, 27 Nov 2022 13:27:29 +0100 Subject: [PATCH 14/17] ci: fix artifact path for macos --- .github/workflows/build_packages.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_packages.yaml b/.github/workflows/build_packages.yaml index 4d82c4f0e..0ad7e9804 100644 --- a/.github/workflows/build_packages.yaml +++ b/.github/workflows/build_packages.yaml @@ -145,7 +145,7 @@ jobs: apple_developer_id_bundle_password: ${{ secrets.APPLE_DEVELOPER_ID_BUNDLE_PASSWORD }} - uses: actions/upload-artifact@v3 with: - name: ${{ env.EMQX_NAME }}-${{ matrix.otp }} + name: ${{ env.EMQX_NAME }} path: _packages/${{ env.EMQX_NAME }}/ linux: From 8b37baad3a6dfb62df7600de988353d064b229cf Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Sun, 27 Nov 2022 17:33:32 +0100 Subject: [PATCH 15/17] ci: upgrade build-env image to erl23.3.4.18-1 --- .github/workflows/build_slim_packages.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build_slim_packages.yaml b/.github/workflows/build_slim_packages.yaml index 65f3c760d..e06a74dc4 100644 --- a/.github/workflows/build_slim_packages.yaml +++ b/.github/workflows/build_slim_packages.yaml @@ -12,7 +12,7 @@ jobs: fail-fast: false matrix: otp: - - erl23.3.4.9-3 + - erl23.3.4.18-1 os: - ubuntu20.04 - centos7 @@ -31,9 +31,7 @@ jobs: steps: - uses: AutoModality/action-clean@v1 - # keep using v1 for now as the otp-23 image has an old version git - # TODO: change to v3 after OTP is upgraded to 23.3.4.18-1 - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 with: fetch-depth: 0 # clone full git history - name: fix-git-unsafe-repository From 1c1e158874d3f50f52a3e6a8b4904c818259ec72 Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Sun, 27 Nov 2022 17:42:42 +0100 Subject: [PATCH 16/17] ci: build slim package on centos 8 centos 7 has some git compatibility issues --- .github/workflows/build_slim_packages.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_slim_packages.yaml b/.github/workflows/build_slim_packages.yaml index e06a74dc4..6a1bf6e87 100644 --- a/.github/workflows/build_slim_packages.yaml +++ b/.github/workflows/build_slim_packages.yaml @@ -15,7 +15,7 @@ jobs: - erl23.3.4.18-1 os: - ubuntu20.04 - - centos7 + - centos8 runs-on: - aws-amd64 - ubuntu-20.04 From 2e58152c32e53912bd716d547ab9ed66c810c21e Mon Sep 17 00:00:00 2001 From: Ivan Dyachkov Date: Wed, 26 Oct 2022 12:57:59 +0200 Subject: [PATCH 17/17] ci: bump otp version to 23.3.4.18-1 --- .github/workflows/apps_version_check.yaml | 2 +- .github/workflows/build_packages.yaml | 12 ++++++------ .github/workflows/build_slim_packages.yaml | 2 +- .github/workflows/check_deps_integrity.yaml | 2 +- .github/workflows/release.yaml | 2 +- .github/workflows/run_acl_migration_tests.yaml | 2 +- .github/workflows/run_automate_tests.yaml | 2 +- .github/workflows/run_fvt_tests.yaml | 10 +++++----- .github/workflows/run_test_cases.yaml | 8 ++++---- 9 files changed, 21 insertions(+), 21 deletions(-) diff --git a/.github/workflows/apps_version_check.yaml b/.github/workflows/apps_version_check.yaml index 257eba4f7..b69436901 100644 --- a/.github/workflows/apps_version_check.yaml +++ b/.github/workflows/apps_version_check.yaml @@ -9,7 +9,7 @@ jobs: strategy: matrix: erl_otp: - - erl23.3.4.9-3 + - erl23.3.4.18-1 os: - ubuntu20.04 diff --git a/.github/workflows/build_packages.yaml b/.github/workflows/build_packages.yaml index 0ad7e9804..837503294 100644 --- a/.github/workflows/build_packages.yaml +++ b/.github/workflows/build_packages.yaml @@ -20,7 +20,7 @@ jobs: # avoid building when syncing to ee repo if: endsWith(github.repository, 'emqx') runs-on: ubuntu-20.04 - container: emqx/build-env:erl23.3.4.9-3-ubuntu20.04 + container: emqx/build-env:erl23.3.4.18-1-ubuntu20.04 outputs: profiles: ${{ steps.detect-profiles.outputs.profiles}} @@ -58,7 +58,7 @@ jobs: matrix: profile: ${{fromJSON(needs.prepare.outputs.profiles)}} otp: - - 23.3.4.13 + - 23.3.4.17 exclude: - profile: emqx-edge @@ -119,7 +119,7 @@ jobs: strategy: matrix: otp: - - 23.3.4.9-3 + - 23.3.4.18-1 os: - macos-11 runs-on: ${{ matrix.os }} @@ -174,7 +174,7 @@ jobs: # - raspbian9 otp_version: #- 23.2.7.2-emqx-3 - - 23.3.4.9-3 + - 23.3.4.18-1 exclude: - os: centos6 arch: arm64 @@ -330,7 +330,7 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-args: | - BUILD_FROM=emqx/build-env:erl23.3.4.9-3-alpine + BUILD_FROM=emqx/build-env:erl23.3.4.18-1-alpine RUN_FROM=alpine:3.12 EMQX_NAME=${{ matrix.profile }} file: source/deploy/docker/Dockerfile @@ -346,7 +346,7 @@ jobs: tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-args: | - BUILD_FROM=emqx/build-env:erl23.3.4.9-3-alpine + BUILD_FROM=emqx/build-env:erl23.3.4.18-1-alpine RUN_FROM=alpine:3.12 EMQX_NAME=${{ matrix.profile }} file: source/deploy/docker/Dockerfile.enterprise diff --git a/.github/workflows/build_slim_packages.yaml b/.github/workflows/build_slim_packages.yaml index 6a1bf6e87..f805b6ee2 100644 --- a/.github/workflows/build_slim_packages.yaml +++ b/.github/workflows/build_slim_packages.yaml @@ -73,7 +73,7 @@ jobs: strategy: matrix: otp: - - 23.3.4.9-3 + - 23.3.4.18-1 os: - macos-11 runs-on: ${{ matrix.os }} diff --git a/.github/workflows/check_deps_integrity.yaml b/.github/workflows/check_deps_integrity.yaml index 07ec47754..9dedec3dd 100644 --- a/.github/workflows/check_deps_integrity.yaml +++ b/.github/workflows/check_deps_integrity.yaml @@ -5,7 +5,7 @@ on: [pull_request] jobs: check_deps_integrity: runs-on: ubuntu-20.04 - container: emqx/build-env:erl23.3.4.9-3-ubuntu20.04 + container: emqx/build-env:erl23.3.4.18-1-ubuntu20.04 steps: - uses: actions/checkout@v2 diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index c8065cd0c..205863c98 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -7,7 +7,7 @@ on: jobs: prepare: runs-on: ubuntu-20.04 - container: emqx/build-env:erl23.3.4.9-3-ubuntu20.04 + container: emqx/build-env:erl23.3.4.18-1-ubuntu20.04 outputs: profiles: ${{ steps.detect-profiles.outputs.profiles}} diff --git a/.github/workflows/run_acl_migration_tests.yaml b/.github/workflows/run_acl_migration_tests.yaml index bbaed018f..9bc801c96 100644 --- a/.github/workflows/run_acl_migration_tests.yaml +++ b/.github/workflows/run_acl_migration_tests.yaml @@ -5,7 +5,7 @@ on: workflow_dispatch jobs: test: runs-on: ubuntu-20.04 - container: emqx/build-env:erl23.3.4.9-3-ubuntu20.04 + container: emqx/build-env:erl23.3.4.18-1-ubuntu20.04 strategy: fail-fast: true env: diff --git a/.github/workflows/run_automate_tests.yaml b/.github/workflows/run_automate_tests.yaml index 99c243b63..073c884b3 100644 --- a/.github/workflows/run_automate_tests.yaml +++ b/.github/workflows/run_automate_tests.yaml @@ -29,7 +29,7 @@ jobs: - uses: actions/checkout@v2 - uses: erlef/setup-beam@v1 with: - otp-version: "23.3.4.13" + otp-version: "23.3.4.17" - name: build docker id: build_docker run: | diff --git a/.github/workflows/run_fvt_tests.yaml b/.github/workflows/run_fvt_tests.yaml index dec677e9c..c16e7435f 100644 --- a/.github/workflows/run_fvt_tests.yaml +++ b/.github/workflows/run_fvt_tests.yaml @@ -15,7 +15,7 @@ jobs: - uses: actions/checkout@v1 - uses: erlef/setup-beam@v1 with: - otp-version: "23.3.4.9" + otp-version: "23.3.4.17" - name: make docker run: | if make emqx-ee --dry-run > /dev/null 2>&1; then @@ -67,7 +67,7 @@ jobs: - uses: actions/checkout@v1 - uses: erlef/setup-beam@v1 with: - otp-version: "23.3.4.9" + otp-version: "23.3.4.17" - name: prepare run: | if make emqx-ee --dry-run > /dev/null 2>&1; then @@ -154,7 +154,7 @@ jobs: relup_test_plan: runs-on: ubuntu-20.04 - container: emqx/build-env:erl23.3.4.9-3-ubuntu20.04 + container: emqx/build-env:erl23.3.4.18-1-ubuntu20.04 outputs: profile: ${{ steps.profile-and-versions.outputs.profile }} vsn: ${{ steps.profile-and-versions.outputs.vsn }} @@ -200,7 +200,7 @@ jobs: relup_test_build: needs: relup_test_plan runs-on: ubuntu-20.04 - container: emqx/build-env:erl23.3.4.9-3-ubuntu20.04 + container: emqx/build-env:erl23.3.4.18-1-ubuntu20.04 defaults: run: shell: bash @@ -235,7 +235,7 @@ jobs: - relup_test_plan - relup_test_build runs-on: ubuntu-20.04 - container: emqx/relup-test-env:erl23.2.7.2-emqx-3-ubuntu20.04 + container: emqx/relup-test-env:erl23.3.4.18-1-ubuntu20.04 strategy: fail-fast: false matrix: diff --git a/.github/workflows/run_test_cases.yaml b/.github/workflows/run_test_cases.yaml index ea30902bc..9dfca81e4 100644 --- a/.github/workflows/run_test_cases.yaml +++ b/.github/workflows/run_test_cases.yaml @@ -12,7 +12,7 @@ on: jobs: prepare: runs-on: aws-amd64 - container: emqx/build-env:erl23.3.4.9-3-ubuntu20.04 + container: emqx/build-env:erl23.3.4.18-1-ubuntu20.04 outputs: fast_ct_apps: ${{ steps.run_find_apps.outputs.fast_ct_apps }} docker_ct_apps: ${{ steps.run_find_apps.outputs.docker_ct_apps }} @@ -58,7 +58,7 @@ jobs: eunit_and_proper: needs: prepare runs-on: aws-amd64 - container: emqx/build-env:erl23.3.4.9-3-ubuntu20.04 + container: emqx/build-env:erl23.3.4.18-1-ubuntu20.04 strategy: fail-fast: false matrix: @@ -86,7 +86,7 @@ jobs: fast_ct: needs: prepare runs-on: ${{ matrix.runs-on }} - container: emqx/build-env:erl23.3.4.9-3-ubuntu20.04 + container: emqx/build-env:erl23.3.4.18-1-ubuntu20.04 strategy: fail-fast: false matrix: @@ -249,7 +249,7 @@ jobs: - fast_ct - docker_ct runs-on: aws-amd64 - container: emqx/build-env:erl23.3.4.9-3-ubuntu20.04 + container: emqx/build-env:erl23.3.4.18-1-ubuntu20.04 steps: - uses: AutoModality/action-clean@v1 - uses: actions/download-artifact@v3