diff --git a/.ci/docker-compose-file/docker-compose-kafka.yaml b/.ci/docker-compose-file/docker-compose-kafka.yaml index 352494592..d7ab6fe6f 100644 --- a/.ci/docker-compose-file/docker-compose-kafka.yaml +++ b/.ci/docker-compose-file/docker-compose-kafka.yaml @@ -18,7 +18,7 @@ services: - /tmp/emqx-ci/emqx-shared-secret:/var/lib/secret kdc: hostname: kdc.emqx.net - image: ghcr.io/emqx/emqx-builder/5.2-3:1.14.5-25.3.2-2-ubuntu22.04 + image: ghcr.io/emqx/emqx-builder/5.2-8:1.15.7-26.1.2-2-ubuntu22.04 container_name: kdc.emqx.net expose: - 88 # kdc diff --git a/.ci/docker-compose-file/docker-compose.yaml b/.ci/docker-compose-file/docker-compose.yaml index f3943b010..af2eced2c 100644 --- a/.ci/docker-compose-file/docker-compose.yaml +++ b/.ci/docker-compose-file/docker-compose.yaml @@ -3,7 +3,7 @@ version: '3.9' services: erlang: container_name: erlang - image: ${DOCKER_CT_RUNNER_IMAGE:-ghcr.io/emqx/emqx-builder/5.2-3:1.14.5-25.3.2-2-ubuntu22.04} + image: ${DOCKER_CT_RUNNER_IMAGE:-ghcr.io/emqx/emqx-builder/5.2-8:1.15.7-26.1.2-2-ubuntu22.04} env_file: - credentials.env - conf.env diff --git a/.github/actions/package-macos/action.yaml b/.github/actions/package-macos/action.yaml index 25edcb5f5..a2d89ac54 100644 --- a/.github/actions/package-macos/action.yaml +++ b/.github/actions/package-macos/action.yaml @@ -3,7 +3,7 @@ inputs: profile: # emqx, emqx-enterprise required: true type: string - otp: # 25.3.2-2 + otp: required: true type: string os: diff --git a/.github/workflows/_pr_entrypoint.yaml b/.github/workflows/_pr_entrypoint.yaml index 4a98f0808..6bfd66224 100644 --- a/.github/workflows/_pr_entrypoint.yaml +++ b/.github/workflows/_pr_entrypoint.yaml @@ -17,17 +17,17 @@ env: jobs: sanity-checks: runs-on: ubuntu-22.04 - container: "ghcr.io/emqx/emqx-builder/5.2-3:1.14.5-25.3.2-2-ubuntu22.04" + container: "ghcr.io/emqx/emqx-builder/5.2-8:1.15.7-26.1.2-2-ubuntu22.04" outputs: ct-matrix: ${{ steps.matrix.outputs.ct-matrix }} ct-host: ${{ steps.matrix.outputs.ct-host }} ct-docker: ${{ steps.matrix.outputs.ct-docker }} version-emqx: ${{ steps.matrix.outputs.version-emqx }} version-emqx-enterprise: ${{ steps.matrix.outputs.version-emqx-enterprise }} - builder: "ghcr.io/emqx/emqx-builder/5.2-3:1.14.5-25.3.2-2-ubuntu22.04" - builder_vsn: "5.2-3" - otp_vsn: "25.3.2-2" - elixir_vsn: "1.14.5" + builder: "ghcr.io/emqx/emqx-builder/5.2-8:1.15.7-26.1.2-2-ubuntu22.04" + builder_vsn: "5.2-8" + otp_vsn: "26.1.2-2" + elixir_vsn: "1.15.7" steps: - uses: actions/checkout@v3 @@ -92,14 +92,14 @@ jobs: MATRIX="$(echo "${APPS}" | jq -c ' [ (.[] | select(.profile == "emqx") | . + { - builder: "5.2-3", - otp: "25.3.2-2", - elixir: "1.14.5" + builder: "5.2-8", + otp: "26.1.2-2", + elixir: "1.15.7" }), (.[] | select(.profile == "emqx-enterprise") | . + { - builder: "5.2-3", - otp: ["25.3.2-2"][], - elixir: "1.14.5" + builder: "5.2-8", + otp: ["26.1.2-2"][], + elixir: "1.15.7" }) ] ')" diff --git a/.github/workflows/_push-entrypoint.yaml b/.github/workflows/_push-entrypoint.yaml index e2eff6dc7..92fe01847 100644 --- a/.github/workflows/_push-entrypoint.yaml +++ b/.github/workflows/_push-entrypoint.yaml @@ -20,7 +20,7 @@ env: jobs: prepare: runs-on: ubuntu-22.04 - container: 'ghcr.io/emqx/emqx-builder/5.2-3:1.14.5-25.3.2-2-ubuntu22.04' + container: 'ghcr.io/emqx/emqx-builder/5.2-8:1.15.7-26.1.2-2-ubuntu22.04' outputs: profile: ${{ steps.parse-git-ref.outputs.profile }} release: ${{ steps.parse-git-ref.outputs.release }} @@ -29,10 +29,10 @@ jobs: ct-matrix: ${{ steps.matrix.outputs.ct-matrix }} ct-host: ${{ steps.matrix.outputs.ct-host }} ct-docker: ${{ steps.matrix.outputs.ct-docker }} - builder: 'ghcr.io/emqx/emqx-builder/5.2-3:1.14.5-25.3.2-2-ubuntu22.04' - builder_vsn: '5.2-3' - otp_vsn: '25.3.2-2' - elixir_vsn: '1.14.5' + builder: 'ghcr.io/emqx/emqx-builder/5.2-8:1.15.7-26.1.2-2-ubuntu22.04' + builder_vsn: '5.2-8' + otp_vsn: '26.1.2-2' + elixir_vsn: '1.15.7' steps: - uses: actions/checkout@v3 @@ -62,14 +62,14 @@ jobs: MATRIX="$(echo "${APPS}" | jq -c ' [ (.[] | select(.profile == "emqx") | . + { - builder: "5.2-3", - otp: "25.3.2-2", - elixir: "1.14.5" + builder: "5.2-8", + otp: "26.1.2-2", + elixir: "1.15.7" }), (.[] | select(.profile == "emqx-enterprise") | . + { - builder: "5.2-3", - otp: ["25.3.2-2"][], - elixir: "1.14.5" + builder: "5.2-8", + otp: ["26.1.2-2"][], + elixir: "1.15.7" }) ] ')" diff --git a/.github/workflows/build_and_push_docker_images.yaml b/.github/workflows/build_and_push_docker_images.yaml index ba24be6c2..4d5357761 100644 --- a/.github/workflows/build_and_push_docker_images.yaml +++ b/.github/workflows/build_and_push_docker_images.yaml @@ -58,15 +58,15 @@ on: otp_vsn: required: false type: string - default: '25.3.2-2' + default: '26.1.2-2' elixir_vsn: required: false type: string - default: '1.14.5' + default: '1.15.7' builder_vsn: required: false type: string - default: '5.2-3' + default: '5.2-8' permissions: contents: read diff --git a/.github/workflows/build_packages.yaml b/.github/workflows/build_packages.yaml index 6d642ebef..4c1365f58 100644 --- a/.github/workflows/build_packages.yaml +++ b/.github/workflows/build_packages.yaml @@ -54,15 +54,15 @@ on: otp_vsn: required: false type: string - default: '25.3.2-2' + default: '26.1.2-2' elixir_vsn: required: false type: string - default: '1.14.5' + default: '1.15.7' builder_vsn: required: false type: string - default: '5.2-3' + default: '5.2-8' jobs: mac: diff --git a/.github/workflows/build_packages_cron.yaml b/.github/workflows/build_packages_cron.yaml index d29f2d64a..d1c3408e7 100644 --- a/.github/workflows/build_packages_cron.yaml +++ b/.github/workflows/build_packages_cron.yaml @@ -14,7 +14,7 @@ jobs: if: github.repository_owner == 'emqx' runs-on: ${{ endsWith(github.repository, '/emqx') && 'ubuntu-22.04' || fromJSON('["self-hosted","ephemeral","linux","x64"]') }} container: - image: "ghcr.io/emqx/emqx-builder/${{ matrix.builder }}:${{ matrix.elixir }}-${{ matrix.otp }}-${{ matrix.os }}" + image: "ghcr.io/emqx/emqx-builder/${{ matrix.builder }}-${{ matrix.os }}" strategy: fail-fast: false @@ -22,8 +22,6 @@ jobs: profile: - ['emqx', 'master'] - ['emqx-enterprise', 'release-54'] - otp: - - 25.3.2-2 arch: - x64 os: @@ -31,9 +29,7 @@ jobs: - ubuntu22.04 - amzn2023 builder: - - 5.2-3 - elixir: - - 1.14.5 + - 5.2-8:1.15.7-26.1.2-2 defaults: run: @@ -98,7 +94,7 @@ jobs: branch: - master otp: - - 25.3.2-2 + - 26.1.2-2 os: - macos-12-arm64 diff --git a/.github/workflows/build_slim_packages.yaml b/.github/workflows/build_slim_packages.yaml index 2552655aa..a2b6131f4 100644 --- a/.github/workflows/build_slim_packages.yaml +++ b/.github/workflows/build_slim_packages.yaml @@ -27,19 +27,19 @@ on: builder: required: false type: string - default: 'ghcr.io/emqx/emqx-builder/5.2-3:1.14.5-25.3.2-2-ubuntu22.04' + default: 'ghcr.io/emqx/emqx-builder/5.2-8:1.15.7-26.1.2-2-ubuntu22.04' builder_vsn: required: false type: string - default: '5.2-3' + default: '5.2-8' otp_vsn: required: false type: string - default: '25.3.2-2' + default: '26.1.2-2' elixir_vsn: required: false type: string - default: '1.14.5' + default: '1.15.7' jobs: linux: @@ -51,8 +51,8 @@ jobs: fail-fast: false matrix: profile: - - ["emqx", "25.3.2-2", "ubuntu20.04", "elixir"] - - ["emqx-enterprise", "25.3.2-2", "ubuntu20.04", "erlang"] + - ["emqx", "26.1.2-2", "ubuntu20.04", "elixir"] + - ["emqx-enterprise", "26.1.2-2", "ubuntu20.04", "erlang"] container: "ghcr.io/emqx/emqx-builder/${{ inputs.builder_vsn }}:${{ inputs.elixir_vsn }}-${{ matrix.profile[1] }}-${{ matrix.profile[2] }}" diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 3aad025db..5e0faa51d 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -20,7 +20,7 @@ jobs: actions: read security-events: write container: - image: ghcr.io/emqx/emqx-builder/5.2-3:1.14.5-25.3.2-2-ubuntu22.04 + image: ghcr.io/emqx/emqx-builder/5.2-8:1.15.7-26.1.2-2-ubuntu22.04 strategy: fail-fast: false diff --git a/.github/workflows/performance_test.yaml b/.github/workflows/performance_test.yaml index 1b6101f06..a8cfae5d8 100644 --- a/.github/workflows/performance_test.yaml +++ b/.github/workflows/performance_test.yaml @@ -26,7 +26,7 @@ jobs: prepare: runs-on: ubuntu-latest if: github.repository_owner == 'emqx' - container: ghcr.io/emqx/emqx-builder/5.2-3:1.14.5-25.3.2-2-ubuntu20.04 + container: ghcr.io/emqx/emqx-builder/5.2-8:1.15.7-26.1.2-2-ubuntu20.04 outputs: BENCH_ID: ${{ steps.prepare.outputs.BENCH_ID }} PACKAGE_FILE: ${{ steps.package_file.outputs.PACKAGE_FILE }} diff --git a/.github/workflows/run_relup_tests.yaml b/.github/workflows/run_relup_tests.yaml index 381e95753..d707a4f08 100644 --- a/.github/workflows/run_relup_tests.yaml +++ b/.github/workflows/run_relup_tests.yaml @@ -74,7 +74,7 @@ jobs: steps: - uses: erlef/setup-beam@v1.16.0 with: - otp-version: 25.3.2 + otp-version: 26.1.2 - uses: actions/checkout@v3 with: repository: hawk/lux diff --git a/.tool-versions b/.tool-versions index 824207a4a..dec9fa563 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1,2 +1,2 @@ -erlang 26.1.2-1 +erlang 26.1.2-2 elixir 1.15.7-otp-26 diff --git a/Makefile b/Makefile index 45326a5e0..db3d21b6f 100644 --- a/Makefile +++ b/Makefile @@ -7,7 +7,7 @@ REBAR = $(CURDIR)/rebar3 BUILD = $(CURDIR)/build SCRIPTS = $(CURDIR)/scripts export EMQX_RELUP ?= true -export EMQX_DEFAULT_BUILDER = ghcr.io/emqx/emqx-builder/5.1-4:1.14.5-25.3.2-2-debian11 +export EMQX_DEFAULT_BUILDER = ghcr.io/emqx/emqx-builder/5.2-8:1.15.7-26.1.2-2-debian11 export EMQX_DEFAULT_RUNNER = public.ecr.aws/debian/debian:11-slim export EMQX_REL_FORM ?= tgz export QUICER_DOWNLOAD_FROM_RELEASE = 1 @@ -102,7 +102,7 @@ endif # Allow user-set GROUPS environment variable ifneq ($(GROUPS),) -GROUPS_ARG := --groups $(GROUPS) +GROUPS_ARG := --group $(GROUPS) endif ifeq ($(ENABLE_COVER_COMPILE),1) diff --git a/README-RU.md b/README-RU.md index c22df7f3f..6cb7fda6a 100644 --- a/README-RU.md +++ b/README-RU.md @@ -83,7 +83,9 @@ docker run -d --name emqx -p 1883:1883 -p 8083:8083 -p 8883:8883 -p 8084:8084 -p Ветка `master` предназначена для последней версии 5, переключитесь на ветку `main-v4.4` для версии 4.4. -EMQX требует OTP 24 для версии 4.4. Версию 5.0 можно собирать с OTP 24 или 25. +EMQX требует OTP 24 для версии 4.4. +Версии 5.0 ~ 5.3 могут быть собраны с OTP 24 или 25. +Версия 5.4 и новее могут быть собраны с OTP 25 или 26. ```bash git clone https://github.com/emqx/emqx.git diff --git a/README.md b/README.md index 3624e90f8..3fda5999c 100644 --- a/README.md +++ b/README.md @@ -95,7 +95,9 @@ For more organised improvement proposals, you can send pull requests to [EIP](ht The `master` branch tracks the latest version 5. For version 4.4 checkout the `main-v4.4` branch. -EMQX 4.4 requires OTP 24. EMQX 5.0 and 5.1 can be built with OTP 24 or 25. +EMQX 4.4 requires OTP 24. +EMQX 5.0 ~ 5.3 can be built with OTP 24 or 25. +EMQX 5.4 and newer can be built with OTP 24 or 25. ```bash git clone https://github.com/emqx/emqx.git diff --git a/apps/emqx/integration_test/emqx_persistent_session_ds_SUITE.erl b/apps/emqx/integration_test/emqx_persistent_session_ds_SUITE.erl index 0bbe24ae4..b5beb9ae7 100644 --- a/apps/emqx/integration_test/emqx_persistent_session_ds_SUITE.erl +++ b/apps/emqx/integration_test/emqx_persistent_session_ds_SUITE.erl @@ -516,7 +516,7 @@ do_t_session_expiration(_Config, Opts) -> t_session_gc(Config) -> GCInterval = ?config(gc_interval, Config), - [Node1, Node2, Node3] = Nodes = ?config(nodes, Config), + [Node1, Node2, _Node3] = Nodes = ?config(nodes, Config), CoreNodes = [Node1, Node2], [ Port1, diff --git a/apps/emqx/rebar.config b/apps/emqx/rebar.config index 763e3ace9..8e68fefc6 100644 --- a/apps/emqx/rebar.config +++ b/apps/emqx/rebar.config @@ -66,7 +66,7 @@ {plt_location, "."}, {plt_prefix, "emqx_dialyzer"}, {plt_apps, all_apps}, - {plt_extra_apps, [hocon]}, + {plt_extra_apps, [hocon,mnesia,bcrypt,os_mon,pbkdf2,emqx_http_lib, recon]}, {statistics, true} ]}. diff --git a/apps/emqx/src/emqx_session.erl b/apps/emqx/src/emqx_session.erl index 7604c2ba5..c08109fe8 100644 --- a/apps/emqx/src/emqx_session.erl +++ b/apps/emqx/src/emqx_session.erl @@ -175,19 +175,11 @@ %% Behaviour %% ------------------------------------------------------------------- --if(?OTP_RELEASE < 26). --callback create(clientinfo(), conninfo(), conf()) -> - term(). --callback open(clientinfo(), conninfo(), conf()) -> - term(). --callback destroy(t() | clientinfo()) -> ok. --else. -callback create(clientinfo(), conninfo(), conf()) -> t(). -callback open(clientinfo(), conninfo(), conf()) -> {_IsPresent :: true, t(), _ReplayContext} | false. -callback destroy(t() | clientinfo()) -> ok. --endif. %%-------------------------------------------------------------------- %% Create a Session diff --git a/apps/emqx/test/emqx_broker_SUITE.erl b/apps/emqx/test/emqx_broker_SUITE.erl index b416f1730..0325260ac 100644 --- a/apps/emqx/test/emqx_broker_SUITE.erl +++ b/apps/emqx/test/emqx_broker_SUITE.erl @@ -94,7 +94,7 @@ init_per_group(quic, Config) -> [ {conn_fun, quic_connect}, {port, emqx_config:get([listeners, quic, test, bind])}, - {ssl_opts, emqx_common_test_helpers:client_ssl_twoway()}, + {ssl_opts, emqx_common_test_helpers:client_mtls()}, {ssl, true}, {group_apps, Apps} | Config diff --git a/apps/emqx/test/emqx_client_SUITE.erl b/apps/emqx/test/emqx_client_SUITE.erl index 7c2c18126..bb4ef0826 100644 --- a/apps/emqx/test/emqx_client_SUITE.erl +++ b/apps/emqx/test/emqx_client_SUITE.erl @@ -395,7 +395,7 @@ t_peercert_preserved_before_connected(_) -> ?HP_HIGHEST ), ClientId = atom_to_binary(?FUNCTION_NAME), - SslConf = emqx_common_test_helpers:client_ssl_twoway(default), + SslConf = emqx_common_test_helpers:client_mtls(default), {ok, Client} = emqtt:start_link([ {port, 8883}, {clientid, ClientId}, @@ -455,7 +455,7 @@ tls_certcn_as_clientid(TLSVsn) -> tls_certcn_as_clientid(TLSVsn, RequiredTLSVsn) -> CN = <<"Client">>, emqx_config:put_zone_conf(default, [mqtt, peer_cert_as_clientid], cn), - SslConf = emqx_common_test_helpers:client_ssl_twoway(TLSVsn), + SslConf = emqx_common_test_helpers:client_mtls(TLSVsn), {ok, Client} = emqtt:start_link([{port, 8883}, {ssl, true}, {ssl_opts, SslConf}]), {ok, _} = emqtt:connect(Client), #{clientinfo := #{clientid := CN}} = emqx_cm:get_chan_info(CN), diff --git a/apps/emqx/test/emqx_common_test_helpers.erl b/apps/emqx/test/emqx_common_test_helpers.erl index 6f2b05161..10ce3ad74 100644 --- a/apps/emqx/test/emqx_common_test_helpers.erl +++ b/apps/emqx/test/emqx_common_test_helpers.erl @@ -48,8 +48,10 @@ -export([ client_ssl/0, client_ssl/1, - client_ssl_twoway/0, - client_ssl_twoway/1, + client_mtls/0, + client_mtls/1, + ssl_verify_fun_allow_any_host/0, + ssl_verify_fun_allow_any_host_impl/3, ensure_mnesia_stopped/0, ensure_quic_listener/2, ensure_quic_listener/3, @@ -430,11 +432,11 @@ flush(Msgs) -> after 0 -> lists:reverse(Msgs) end. -client_ssl_twoway() -> - client_ssl_twoway(default). +client_mtls() -> + client_mtls(default). -client_ssl_twoway(TLSVsn) -> - client_certs() ++ ciphers(TLSVsn). +client_mtls(TLSVsn) -> + ssl_verify_fun_allow_any_host() ++ client_certs() ++ ciphers(TLSVsn). %% Paths prepended to cert filenames client_certs() -> @@ -1421,3 +1423,24 @@ group_path(Config) -> _:_ -> [] end. + +%% almost verify_none equivalent, but only ignores 'hostname_check_failed' +ssl_verify_fun_allow_any_host_impl(_Cert, Event, State) -> + case Event of + valid -> + {valid, State}; + valid_peer -> + {valid, State}; + {bad_cert, hostname_check_failed} -> + {valid, State}; + {bad_cert, _} -> + {fail, Event}; + {extension, _} -> + {unknown, State} + end. + +ssl_verify_fun_allow_any_host() -> + [ + {verify, verify_peer}, + {verify_fun, {fun ?MODULE:ssl_verify_fun_allow_any_host_impl/3, _State = #{}}} + ]. diff --git a/apps/emqx/test/emqx_crl_cache_SUITE.erl b/apps/emqx/test/emqx_crl_cache_SUITE.erl index 76bf5cf44..36883b182 100644 --- a/apps/emqx/test/emqx_crl_cache_SUITE.erl +++ b/apps/emqx/test/emqx_crl_cache_SUITE.erl @@ -387,7 +387,8 @@ assert_successful_connection(Config, ClientNum) -> {ssl, true}, {ssl_opts, [ {certfile, ClientCert}, - {keyfile, ClientKey} + {keyfile, ClientKey}, + {verify, verify_none} ]}, {port, 8883} ]), @@ -601,7 +602,8 @@ t_cache(Config) -> {ssl, true}, {ssl_opts, [ {certfile, ClientCert}, - {keyfile, ClientKey} + {keyfile, ClientKey}, + {verify, verify_none} ]}, {port, 8883} ]), @@ -619,7 +621,8 @@ t_cache(Config) -> {ssl, true}, {ssl_opts, [ {certfile, ClientCert}, - {keyfile, ClientKey} + {keyfile, ClientKey}, + {verify, verify_none} ]}, {port, 8883} ]), @@ -829,7 +832,8 @@ t_filled_cache(Config) -> {ssl, true}, {ssl_opts, [ {certfile, ClientCert}, - {keyfile, ClientKey} + {keyfile, ClientKey}, + {verify, verify_none} ]}, {port, 8883} ]), @@ -853,7 +857,8 @@ t_not_cached_and_unreachable(Config) -> {ssl, true}, {ssl_opts, [ {certfile, ClientCert}, - {keyfile, ClientKey} + {keyfile, ClientKey}, + {verify, verify_none} ]}, {port, 8883} ]), @@ -871,7 +876,8 @@ t_revoked(Config) -> {ssl, true}, {ssl_opts, [ {certfile, ClientCert}, - {keyfile, ClientKey} + {keyfile, ClientKey}, + {verify, verify_none} ]}, {port, 8883} ]), @@ -893,7 +899,8 @@ t_revoke_then_refresh(Config) -> {ssl, true}, {ssl_opts, [ {certfile, ClientCert}, - {keyfile, ClientKey} + {keyfile, ClientKey}, + {verify, verify_none} ]}, {port, 8883} ]), @@ -916,7 +923,8 @@ t_revoke_then_refresh(Config) -> {ssl, true}, {ssl_opts, [ {certfile, ClientCert}, - {keyfile, ClientKey} + {keyfile, ClientKey}, + {verify, verify_none} ]}, {port, 8883} ]), @@ -961,7 +969,8 @@ do_t_update_listener(Config) -> {ssl, true}, {ssl_opts, [ {certfile, ClientCert}, - {keyfile, ClientKey} + {keyfile, ClientKey}, + {verify, verify_none} ]}, {port, 8883} ]), @@ -999,7 +1008,8 @@ do_t_update_listener(Config) -> {ssl, true}, {ssl_opts, [ {certfile, ClientCert}, - {keyfile, ClientKey} + {keyfile, ClientKey}, + {verify, verify_none} ]}, {port, 8883} ]), diff --git a/apps/emqx/test/emqx_ocsp_cache_SUITE.erl b/apps/emqx/test/emqx_ocsp_cache_SUITE.erl index fce74785c..ca0d191c4 100644 --- a/apps/emqx/test/emqx_ocsp_cache_SUITE.erl +++ b/apps/emqx/test/emqx_ocsp_cache_SUITE.erl @@ -915,10 +915,8 @@ do_t_validations(_Config) -> #{<<"code">> := <<"BAD_REQUEST">>, <<"message">> := MsgRaw3} = emqx_utils_json:decode(ResRaw3, [return_maps]), %% we can't remove certfile now, because it has default value. - ?assertMatch( - <<"{bad_ssl_config,#{file_read => enoent,pem_check => invalid_pem", _/binary>>, - MsgRaw3 - ), + ?assertMatch({match, _}, re:run(MsgRaw3, <<"enoent">>)), + ?assertMatch({match, _}, re:run(MsgRaw3, <<"invalid_pem">>)), ok. t_unknown_error_fetching_ocsp_response(_Config) -> diff --git a/apps/emqx/test/emqx_persistent_session_SUITE.erl b/apps/emqx/test/emqx_persistent_session_SUITE.erl index b25c1c299..09cbf306d 100644 --- a/apps/emqx/test/emqx_persistent_session_SUITE.erl +++ b/apps/emqx/test/emqx_persistent_session_SUITE.erl @@ -115,7 +115,7 @@ init_per_group(quic, Config) -> [ {port, get_listener_port(quic, test)}, {conn_fun, quic_connect}, - {ssl_opts, emqx_common_test_helpers:client_ssl_twoway()}, + {ssl_opts, emqx_common_test_helpers:client_mtls()}, {ssl, true}, {group_apps, Apps} | Config diff --git a/apps/emqx/test/emqx_shared_sub_SUITE.erl b/apps/emqx/test/emqx_shared_sub_SUITE.erl index a5d2567d0..b732735bd 100644 --- a/apps/emqx/test/emqx_shared_sub_SUITE.erl +++ b/apps/emqx/test/emqx_shared_sub_SUITE.erl @@ -739,11 +739,16 @@ t_qos1_random_dispatch_if_all_members_are_down(Config) when is_list(Config) -> ?assert(is_process_alive(Pid2)), {ok, _} = emqtt:publish(ConnPub, Topic, <<"hello11">>, 1), - ct:sleep(100), - Msgs1 = emqx_mqueue:to_list(get_mqueue(Pid1)), - Msgs2 = emqx_mqueue:to_list(get_mqueue(Pid2)), - %% assert the message is in mqueue (because socket is closed) - ?assertMatch([#message{payload = <<"hello11">>}], Msgs1 ++ Msgs2), + ?retry( + 100, + 10, + begin + Msgs1 = emqx_mqueue:to_list(get_mqueue(Pid1)), + Msgs2 = emqx_mqueue:to_list(get_mqueue(Pid2)), + %% assert the message is in mqueue (because socket is closed) + ?assertMatch([#message{payload = <<"hello11">>}], Msgs1 ++ Msgs2) + end + ), emqtt:stop(ConnPub), ok. diff --git a/apps/emqx_bridge_dynamo/rebar.config b/apps/emqx_bridge_dynamo/rebar.config index e80fb0f80..38598d313 100644 --- a/apps/emqx_bridge_dynamo/rebar.config +++ b/apps/emqx_bridge_dynamo/rebar.config @@ -1,6 +1,6 @@ %% -*- mode: erlang; -*- {erl_opts, [debug_info]}. -{deps, [ {erlcloud, {git, "https://github.com/emqx/erlcloud", {tag, "3.7.0-emqx-2"}}} +{deps, [ {erlcloud, {git, "https://github.com/emqx/erlcloud", {tag, "3.7.0.3"}}} , {emqx_connector, {path, "../../apps/emqx_connector"}} , {emqx_resource, {path, "../../apps/emqx_resource"}} , {emqx_bridge, {path, "../../apps/emqx_bridge"}} diff --git a/apps/emqx_bridge_http/src/emqx_bridge_http_connector.erl b/apps/emqx_bridge_http/src/emqx_bridge_http_connector.erl index 1777fbe1f..51375fc04 100644 --- a/apps/emqx_bridge_http/src/emqx_bridge_http_connector.erl +++ b/apps/emqx_bridge_http/src/emqx_bridge_http_connector.erl @@ -205,7 +205,9 @@ on_start( http -> {tcp, []}; https -> - SSLOpts = emqx_tls_lib:to_client_opts(maps:get(ssl, Config)), + SSLConf = maps:get(ssl, Config), + %% force enable ssl + SSLOpts = emqx_tls_lib:to_client_opts(SSLConf#{enable => true}), {tls, SSLOpts} end, NTransportOpts = emqx_utils:ipv6_probe(TransportOpts), diff --git a/apps/emqx_bridge_influxdb/test/emqx_bridge_influxdb_connector_SUITE.erl b/apps/emqx_bridge_influxdb/test/emqx_bridge_influxdb_connector_SUITE.erl index 9aec94b65..94e8e3fad 100644 --- a/apps/emqx_bridge_influxdb/test/emqx_bridge_influxdb_connector_SUITE.erl +++ b/apps/emqx_bridge_influxdb/test/emqx_bridge_influxdb_connector_SUITE.erl @@ -124,7 +124,7 @@ perform_lifecycle_check(PoolName, InitialConfig) -> ?assertEqual({error, not_found}, emqx_resource:get_instance(PoolName)). t_tls_verify_none(Config) -> - PoolName = <<"emqx_bridge_influxdb_connector_SUITE">>, + PoolName = <<"testpool-1">>, Host = ?config(influxdb_tls_host, Config), Port = ?config(influxdb_tls_port, Config), InitialConfig = influxdb_config(Host, Port, true, <<"verify_none">>), @@ -135,7 +135,7 @@ t_tls_verify_none(Config) -> ok. t_tls_verify_peer(Config) -> - PoolName = <<"emqx_bridge_influxdb_connector_SUITE">>, + PoolName = <<"testpool-2">>, Host = ?config(influxdb_tls_host, Config), Port = ?config(influxdb_tls_port, Config), InitialConfig = influxdb_config(Host, Port, true, <<"verify_peer">>), @@ -157,7 +157,11 @@ perform_tls_opts_check(PoolName, InitialConfig, VerifyReturn) -> to_client_opts, fun(Opts) -> Verify = {verify_fun, {custom_verify(), {return, VerifyReturn}}}, - [Verify | meck:passthrough([Opts])] + [ + Verify, + {cacerts, public_key:cacerts_get()} + | meck:passthrough([Opts]) + ] end ), try diff --git a/apps/emqx_bridge_kinesis/rebar.config b/apps/emqx_bridge_kinesis/rebar.config index e4b57846e..4d7f87540 100644 --- a/apps/emqx_bridge_kinesis/rebar.config +++ b/apps/emqx_bridge_kinesis/rebar.config @@ -1,6 +1,6 @@ %% -*- mode: erlang; -*- {erl_opts, [debug_info]}. -{deps, [ {erlcloud, {git, "https://github.com/emqx/erlcloud", {tag, "3.7.0-emqx-2"}}} +{deps, [ {erlcloud, {git, "https://github.com/emqx/erlcloud", {tag, "3.7.0.3"}}} , {emqx_connector, {path, "../../apps/emqx_connector"}} , {emqx_resource, {path, "../../apps/emqx_resource"}} , {emqx_bridge, {path, "../../apps/emqx_bridge"}} diff --git a/apps/emqx_bridge_mqtt/test/emqx_bridge_mqtt_SUITE.erl b/apps/emqx_bridge_mqtt/test/emqx_bridge_mqtt_SUITE.erl index bde546bd0..7490ad054 100644 --- a/apps/emqx_bridge_mqtt/test/emqx_bridge_mqtt_SUITE.erl +++ b/apps/emqx_bridge_mqtt/test/emqx_bridge_mqtt_SUITE.erl @@ -230,19 +230,18 @@ t_conf_bridge_authn_passfile(Config) -> ?assertReceive( {authenticate, #{username := Username2, password := Password2}} ), - ?assertMatch( - {ok, 201, #{ - <<"status">> := <<"disconnected">>, - <<"status_reason">> := <<"#{msg => failed_to_read_secret_file", _/bytes>> - }}, + {ok, 201, #{ + <<"status">> := <<"disconnected">>, + <<"status_reason">> := Reason + }} = request_json( post, uri(["bridges"]), ?SERVER_CONF(<<>>, <<"file://im/pretty/sure/theres/no/such/file">>)#{ <<"name">> => <<"t_conf_bridge_authn_no_passfile">> } - ) - ). + ), + ?assertMatch({match, _}, re:run(Reason, <<"failed_to_read_secret_file">>)). hook_authenticate() -> emqx_hooks:add('client.authenticate', {?MODULE, authenticate, [self()]}, ?HP_HIGHEST). diff --git a/apps/emqx_bridge_pulsar/test/emqx_bridge_pulsar_impl_producer_SUITE.erl b/apps/emqx_bridge_pulsar/test/emqx_bridge_pulsar_impl_producer_SUITE.erl index 6b5bc2896..185e278b3 100644 --- a/apps/emqx_bridge_pulsar/test/emqx_bridge_pulsar_impl_producer_SUITE.erl +++ b/apps/emqx_bridge_pulsar/test/emqx_bridge_pulsar_impl_producer_SUITE.erl @@ -385,7 +385,6 @@ start_consumer(TestCase, Config) -> <> ), - ConnOpts = #{}, ConsumerClientId = list_to_atom( atom_to_list(TestCase) ++ integer_to_list(erlang:unique_integer()) ), @@ -396,15 +395,9 @@ start_consumer(TestCase, Config) -> certfile => filename:join([CertsPath, "cert.pem"]), cacertfile => filename:join([CertsPath, "cacert.pem"]) }, - {ok, _ClientPid} = pulsar:ensure_supervised_client( - ConsumerClientId, - [URL], - #{ - conn_opts => ConnOpts, - ssl_opts => emqx_tls_lib:to_client_opts(SSLOpts) - } - ), - ConsumerOpts = #{ + Opts = #{enable_ssl => UseTLS, ssl_opts => emqx_tls_lib:to_client_opts(SSLOpts)}, + {ok, _ClientPid} = pulsar:ensure_supervised_client(ConsumerClientId, [URL], Opts), + ConsumerOpts = Opts#{ cb_init_args => #{send_to => self()}, cb_module => pulsar_echo_consumer, sub_type => 'Shared', @@ -414,8 +407,7 @@ start_consumer(TestCase, Config) -> %% id, or else weird bugs will happen, like the %% consumer never starts... name => list_to_atom("test_consumer" ++ integer_to_list(erlang:unique_integer())), - consumer_id => 1, - conn_opts => ConnOpts + consumer_id => 1 }, {ok, Consumer} = pulsar:ensure_supervised_consumers( ConsumerClientId, diff --git a/apps/emqx_bridge_rabbitmq/rebar.config b/apps/emqx_bridge_rabbitmq/rebar.config index 3f1c5d3fc..010c01e4e 100644 --- a/apps/emqx_bridge_rabbitmq/rebar.config +++ b/apps/emqx_bridge_rabbitmq/rebar.config @@ -4,7 +4,7 @@ %% The following two are dependencies of rabbit_common {thoas, {git, "https://github.com/emqx/thoas.git", {tag, "v1.0.0"}}} , {credentials_obfuscation, {git, "https://github.com/emqx/credentials-obfuscation.git", {tag, "v3.2.0"}}} - %% The v3.11.13_with_app_src tag, employed in the next two dependencies, + %% The v3.11.13.2 (v3.11.13_with_app_src branch), employed in the next two dependencies, %% represents a fork of the official RabbitMQ v3.11.13 tag. This fork diverges %% from the official version as it includes app and hrl files %% generated by make files in subdirectories deps/rabbit_common and @@ -17,11 +17,11 @@ %% packages that we don't have control over. , {rabbit_common, {git_subdir, "https://github.com/emqx/rabbitmq-server.git", - {tag, "v3.11.13-emqx"}, + {tag, "v3.11.13.2"}, "deps/rabbit_common"}} , {amqp_client, {git_subdir, "https://github.com/emqx/rabbitmq-server.git", - {tag, "v3.11.13-emqx"}, + {tag, "v3.11.13.2"}, "deps/amqp_client"}} , {emqx_connector, {path, "../../apps/emqx_connector"}} , {emqx_resource, {path, "../../apps/emqx_resource"}} diff --git a/apps/emqx_connector/test/emqx_connector_jwt_worker_SUITE.erl b/apps/emqx_connector/test/emqx_connector_jwt_worker_SUITE.erl index fdeb980d4..99c36e8ff 100644 --- a/apps/emqx_connector/test/emqx_connector_jwt_worker_SUITE.erl +++ b/apps/emqx_connector/test/emqx_connector_jwt_worker_SUITE.erl @@ -308,7 +308,7 @@ t_lookup_badarg(_Config) -> ok. t_start_supervised_worker(_Config) -> - {ok, _} = emqx_connector_jwt_sup:start_link(), + {ok, Sup} = emqx_connector_jwt_sup:start_link(), Config = #{resource_id := ResourceId, table := TId} = generate_config(), {ok, Pid} = emqx_connector_jwt_sup:ensure_worker_present(ResourceId, Config), Ref = emqx_connector_jwt_worker:ensure_jwt(Pid), @@ -333,7 +333,7 @@ t_start_supervised_worker(_Config) -> ?assertEqual({error, not_found}, emqx_connector_jwt:lookup_jwt(TId, ResourceId)), %% ensure the specs are removed from the supervision tree. ?assertEqual([], supervisor:which_children(emqx_connector_jwt_sup)), - ok. + ok = stop_jwt_sup(Sup). t_start_supervised_worker_already_started(_Config) -> {ok, _} = emqx_connector_jwt_sup:start_link(), @@ -344,17 +344,28 @@ t_start_supervised_worker_already_started(_Config) -> ok. t_start_supervised_worker_already_present(_Config) -> - {ok, _} = emqx_connector_jwt_sup:start_link(), + {ok, Sup} = emqx_connector_jwt_sup:start_link(), Config = #{resource_id := ResourceId} = generate_config(), {ok, Pid0} = emqx_connector_jwt_sup:ensure_worker_present(ResourceId, Config), Ref = monitor(process, Pid0), exit(Pid0, kill), receive {'DOWN', Ref, process, Pid0, killed} -> ok - after 1_000 -> error(worker_didnt_stop) end, {ok, Pid1} = emqx_connector_jwt_sup:ensure_worker_present(ResourceId, Config), ?assertNotEqual(Pid0, Pid1), + ?assert(is_process_alive(Pid1)), + ok = stop_jwt_sup(Sup). + +stop_jwt_sup(Sup) -> + Ref = monitor(process, Sup), + unlink(Sup), + exit(Sup, shutdown), + receive + {'DOWN', Ref, process, Sup, shutdown} -> ok + after 1000 -> + error(timeout) + end, ok. t_unknown_requests(_Config) -> diff --git a/apps/emqx_dashboard/test/emqx_dashboard_SUITE.erl b/apps/emqx_dashboard/test/emqx_dashboard_SUITE.erl index 7f0dd02de..a11b537d1 100644 --- a/apps/emqx_dashboard/test/emqx_dashboard_SUITE.erl +++ b/apps/emqx_dashboard/test/emqx_dashboard_SUITE.erl @@ -261,9 +261,10 @@ request_dashboard(Method, Url, Auth) -> request_dashboard(Method, Url, QueryParams, Auth) -> Request = {Url ++ "?" ++ QueryParams, [Auth]}, do_request_dashboard(Method, Request). -do_request_dashboard(Method, Request) -> + +do_request_dashboard(Method, {Url, _} = Request) -> ct:pal("Method: ~p, Request: ~p", [Method, Request]), - case httpc:request(Method, Request, [], []) of + case httpc:request(Method, Request, maybe_ssl(Url), []) of {error, socket_closed_remotely} -> {error, socket_closed_remotely}; {ok, {{"HTTP/1.1", Code, _}, _Headers, Return}} when @@ -276,6 +277,9 @@ do_request_dashboard(Method, Request) -> {error, Reason} end. +maybe_ssl("http://" ++ _) -> []; +maybe_ssl("https://" ++ _) -> [{ssl, [{verify, verify_none}]}]. + auth_header_() -> auth_header_(<<"admin">>, <<"public">>). diff --git a/apps/emqx_dashboard/test/emqx_dashboard_https_SUITE.erl b/apps/emqx_dashboard/test/emqx_dashboard_https_SUITE.erl index a09f8fa3b..c46c0ddbd 100644 --- a/apps/emqx_dashboard/test/emqx_dashboard_https_SUITE.erl +++ b/apps/emqx_dashboard/test/emqx_dashboard_https_SUITE.erl @@ -198,8 +198,25 @@ t_verify_cacertfile(_Config) -> VerifyPeerConf1, naive_env_interpolation(<<"${EMQX_ETC_DIR}/certs/cacert.pem">>) ), - validate_https(VerifyPeerConf2, MaxConnection, DefaultSSLCert, verify_peer), - ok. + %% we always test client with verify_none and no client cert is sent + %% since the server is configured with verify_peer + %% hence the expected observation on the client side is an error + ErrorReason = + try + validate_https(VerifyPeerConf2, MaxConnection, DefaultSSLCert, verify_peer) + catch + error:{https_client_error, Reason} -> + Reason + end, + %% There seems to be a race-condition causing the return value to vary a bit + case ErrorReason of + socket_closed_remotely -> + ok; + {ssl_error, _SslSock, {tls_alert, {certificate_required, _}}} -> + ok; + Other -> + throw({unexpected, Other}) + end. t_bad_certfile(_Config) -> Conf = #{ @@ -219,9 +236,12 @@ t_bad_certfile(_Config) -> validate_https(Conf, MaxConnection, SSLCert, Verify) -> emqx_common_test_helpers:load_config(emqx_dashboard_schema, Conf), emqx_mgmt_api_test_util:init_suite([emqx_management], fun(X) -> X end), - assert_ranch_options(MaxConnection, SSLCert, Verify), - assert_https_request(), - emqx_mgmt_api_test_util:end_suite([emqx_management]). + try + assert_ranch_options(MaxConnection, SSLCert, Verify), + assert_https_request() + after + emqx_mgmt_api_test_util:end_suite([emqx_management]) + end. assert_ranch_options(MaxConnections0, SSLCert, Verify) -> Middlewares = [emqx_dashboard_middleware, cowboy_router, cowboy_handler], @@ -286,10 +306,10 @@ assert_https_request() -> lists:foreach( fun(Path) -> ApiPath = https_api_path([Path]), - ?assertMatch( - {ok, _}, - emqx_dashboard_SUITE:request_dashboard(get, ApiPath, Headers) - ) + case emqx_dashboard_SUITE:request_dashboard(get, ApiPath, Headers) of + {ok, _} -> ok; + {error, Reason} -> error({https_client_error, Reason}) + end end, ?OVERVIEWS ). diff --git a/apps/emqx_dashboard/test/emqx_swagger_requestBody_SUITE.erl b/apps/emqx_dashboard/test/emqx_swagger_requestBody_SUITE.erl index b5c55622b..45046ab2e 100644 --- a/apps/emqx_dashboard/test/emqx_swagger_requestBody_SUITE.erl +++ b/apps/emqx_dashboard/test/emqx_swagger_requestBody_SUITE.erl @@ -315,6 +315,8 @@ t_none_ref(_Config) -> ), ok. +namespace() -> undefined. + t_sub_fields(_Config) -> Spec = #{ post => #{ diff --git a/apps/emqx_ft/test/emqx_ft_storage_fs_reader_SUITE.erl b/apps/emqx_ft/test/emqx_ft_storage_fs_reader_SUITE.erl index f0b658e0d..6d8d13986 100644 --- a/apps/emqx_ft/test/emqx_ft_storage_fs_reader_SUITE.erl +++ b/apps/emqx_ft/test/emqx_ft_storage_fs_reader_SUITE.erl @@ -125,6 +125,7 @@ t_bad_messages(Config) -> ). t_nonexistent_file(_Config) -> + erlang:process_flag(trap_exit, true), ?assertEqual( {error, enoent}, emqx_ft_storage_fs_reader:start_link(self(), "/a/b/c/bar") diff --git a/apps/emqx_gateway_exproto/src/emqx_gateway_exproto.erl b/apps/emqx_gateway_exproto/src/emqx_gateway_exproto.erl index ec2540ec2..4b4c2337d 100644 --- a/apps/emqx_gateway_exproto/src/emqx_gateway_exproto.erl +++ b/apps/emqx_gateway_exproto/src/emqx_gateway_exproto.erl @@ -143,11 +143,11 @@ start_grpc_server(GwName, Options = #{bind := ListenOn}) -> false -> []; true -> + Opts1 = maps:get(ssl, Options, #{}), + Opts2 = maps:without([handshake_timeout], Opts1), + SSLOpts = emqx_tls_lib:to_server_opts(tls, Opts2), [ - {ssl_options, - maps:to_list( - maps:without([enable, handshake_timeout], maps:get(ssl, Options, #{})) - )} + {ssl_options, SSLOpts} ] end, ListenOnStr = emqx_listeners:format_bind(ListenOn), @@ -200,20 +200,20 @@ start_grpc_client_channel( }} ) end, - case emqx_utils_maps:deep_get([ssl_options, enable], Options, false) of + SSLOpts = emqx_utils_maps:deep_get([ssl_options], Options, #{}), + case maps:get(enable, SSLOpts, false) of false -> SvrAddr = compose_http_uri(http, Host, Port), grpc_client_sup:create_channel_pool(GwName, SvrAddr, #{}); true -> - SslOpts = maps:to_list(maps:get(ssl, Options, #{})), + SSLOpts1 = [{nodelay, true} | emqx_tls_lib:to_client_opts(SSLOpts)], ClientOpts = #{ gun_opts => #{ transport => ssl, - transport_opts => SslOpts + transport_opts => SSLOpts1 } }, - SvrAddr = compose_http_uri(https, Host, Port), grpc_client_sup:create_channel_pool(GwName, SvrAddr, ClientOpts) end; diff --git a/apps/emqx_gateway_exproto/test/emqx_exproto_SUITE.erl b/apps/emqx_gateway_exproto/test/emqx_exproto_SUITE.erl index 76e11ef00..83e83f4d6 100644 --- a/apps/emqx_gateway_exproto/test/emqx_exproto_SUITE.erl +++ b/apps/emqx_gateway_exproto/test/emqx_exproto_SUITE.erl @@ -180,7 +180,7 @@ set_special_cfg(_, _, _, _) -> listener_confs(Type) -> Default = #{bind => 7993, acceptors => 8}, - #{Type => #{'default' => maps:merge(Default, socketopts(Type))}}. + #{Type => #{'default' => maps:merge(Default, server_socketopts(Type))}}. default_config() -> ?CONF_DEFAULT. @@ -593,11 +593,11 @@ open(udp) -> {ok, Sock} = gen_udp:open(0, ?TCPOPTS), {udp, Sock}; open(ssl) -> - SslOpts = maps:to_list(client_ssl_opts()), + SslOpts = client_ssl_opts(), {ok, SslSock} = ssl:connect("127.0.0.1", 7993, ?TCPOPTS ++ SslOpts), {ssl, SslSock}; open(dtls) -> - SslOpts = maps:to_list(client_ssl_opts()), + SslOpts = client_ssl_opts(), {ok, SslSock} = ssl:connect("127.0.0.1", 7993, ?DTLSOPTS ++ SslOpts), {dtls, SslSock}. @@ -635,24 +635,24 @@ close({dtls, Sock}) -> %%-------------------------------------------------------------------- %% Server-Opts -socketopts(tcp) -> - #{tcp_options => tcp_opts()}; -socketopts(ssl) -> +server_socketopts(tcp) -> + #{tcp_options => server_tcp_opts()}; +server_socketopts(ssl) -> #{ - tcp_options => tcp_opts(), - ssl_options => ssl_opts() + tcp_options => server_tcp_opts(), + ssl_options => server_ssl_opts() }; -socketopts(udp) -> - #{udp_options => udp_opts()}; -socketopts(dtls) -> +server_socketopts(udp) -> + #{udp_options => server_udp_opts()}; +server_socketopts(dtls) -> #{ - udp_options => udp_opts(), - dtls_options => dtls_opts() + udp_options => server_udp_opts(), + dtls_options => server_dtls_opts() }. -tcp_opts() -> +server_tcp_opts() -> maps:merge( - udp_opts(), + server_udp_opts(), #{ send_timeout => 15000, send_timeout_close => true, @@ -661,7 +661,7 @@ tcp_opts() -> } ). -udp_opts() -> +server_udp_opts() -> #{ recbuf => 1024, sndbuf => 1024, @@ -669,7 +669,7 @@ udp_opts() -> reuseaddr => true }. -ssl_opts() -> +server_ssl_opts() -> Certs = certs("key.pem", "cert.pem", "cacert.pem"), maps:merge( Certs, @@ -684,14 +684,15 @@ ssl_opts() -> } ). -dtls_opts() -> - maps:merge(ssl_opts(), #{versions => ['dtlsv1.2', 'dtlsv1']}). +server_dtls_opts() -> + maps:merge(server_ssl_opts(), #{versions => ['dtlsv1.2', 'dtlsv1']}). %%-------------------------------------------------------------------- %% Client-Opts client_ssl_opts() -> - certs("client-key.pem", "client-cert.pem", "cacert.pem"). + OptsWithCerts = certs("client-key.pem", "client-cert.pem", "cacert.pem"), + [{verify, verify_none} | maps:to_list(OptsWithCerts)]. certs(Key, Cert, CACert) -> CertsPath = emqx_common_test_helpers:deps_path(emqx, "etc/certs"), diff --git a/apps/emqx_opentelemetry/src/emqx_otel_config.erl b/apps/emqx_opentelemetry/src/emqx_otel_config.erl index c16b3385a..e5027b979 100644 --- a/apps/emqx_opentelemetry/src/emqx_otel_config.erl +++ b/apps/emqx_opentelemetry/src/emqx_otel_config.erl @@ -150,12 +150,13 @@ tr_handler_conf(#{logs := LogsConf, exporter := ExporterConf}) -> ssl_opts(Endpoint, SSLOpts) -> case is_ssl(Endpoint) of true -> - emqx_tls_lib:to_client_opts(SSLOpts); + %% force enable ssl + emqx_tls_lib:to_client_opts(SSLOpts#{enable => true}); false -> [] end. -is_ssl(<<"https://", _/binary>> = _Endpoint) -> +is_ssl(<<"https://", _/binary>>) -> true; -is_ssl(_Endpoint) -> +is_ssl(<<"http://", _/binary>>) -> false. diff --git a/apps/emqx_postgresql/rebar.config b/apps/emqx_postgresql/rebar.config index 1ae1309c9..a4b84ef0f 100644 --- a/apps/emqx_postgresql/rebar.config +++ b/apps/emqx_postgresql/rebar.config @@ -2,7 +2,7 @@ {erl_opts, [debug_info]}. {deps, [ - {epgsql, {git, "https://github.com/emqx/epgsql", {tag, "4.7.0.1"}}}, + {epgsql, {git, "https://github.com/emqx/epgsql", {tag, "4.7.1.1"}}}, {emqx_connector, {path, "../../apps/emqx_connector"}}, {emqx_resource, {path, "../../apps/emqx_resource"}} ]}. diff --git a/apps/emqx_s3/rebar.config b/apps/emqx_s3/rebar.config index 1d64e6677..e34406e54 100644 --- a/apps/emqx_s3/rebar.config +++ b/apps/emqx_s3/rebar.config @@ -1,6 +1,6 @@ {deps, [ {emqx, {path, "../../apps/emqx"}}, - {erlcloud, {git, "https://github.com/emqx/erlcloud", {tag, "3.7.0-emqx-2"}}}, + {erlcloud, {git, "https://github.com/emqx/erlcloud", {tag, "3.7.0.3"}}}, {emqx_bridge_http, {path, "../emqx_bridge_http"}} ]}. diff --git a/apps/emqx_s3/test/emqx_s3_client_SUITE.erl b/apps/emqx_s3/test/emqx_s3_client_SUITE.erl index 434510867..d3901cd05 100644 --- a/apps/emqx_s3/test/emqx_s3_client_SUITE.erl +++ b/apps/emqx_s3/test/emqx_s3_client_SUITE.erl @@ -129,7 +129,7 @@ t_url(Config) -> ?assertMatch( {ok, {{_StatusLine, 200, "OK"}, _Headers, "data"}}, - httpc:request(Url) + httpc:request(get, {Url, []}, [{ssl, [{verify, verify_none}]}], []) ). t_no_acl(Config) -> diff --git a/apps/emqx_s3/test/emqx_s3_uploader_SUITE.erl b/apps/emqx_s3/test/emqx_s3_uploader_SUITE.erl index 6ba0e3ed9..90a32d948 100644 --- a/apps/emqx_s3/test/emqx_s3_uploader_SUITE.erl +++ b/apps/emqx_s3/test/emqx_s3_uploader_SUITE.erl @@ -64,13 +64,13 @@ groups() -> {tcp_cases, [ t_config_switch, - t_config_switch_http_settings, t_too_large, t_no_profile ]}, {tls_cases, [ - t_tls_error + t_tls_error, + t_config_switch_http_settings ]}, {noconn_errors, [{group, transport_errors}]}, @@ -205,7 +205,8 @@ t_signed_url_download(_Config) -> emqx_s3_client:uri(Client, Key) end), - {ok, {_, _, Body}} = httpc:request(get, {SignedUrl, []}, [], []), + HttpOpts = [{ssl, [{verify, verify_none}]}], + {ok, {_, _, Body}} = httpc:request(get, {SignedUrl, []}, HttpOpts, []), ?assertEqual( iolist_to_binary(Data), @@ -222,7 +223,8 @@ t_signed_nonascii_url_download(_Config) -> emqx_s3_client:uri(Client, Key) end), - {ok, {_, _, Body}} = httpc:request(get, {SignedUrl, []}, [], []), + HttpOpts = [{ssl, [{verify, verify_none}]}], + {ok, {_, _, Body}} = httpc:request(get, {SignedUrl, []}, HttpOpts, []), ?assertEqual( iolist_to_binary(Data), diff --git a/build b/build index c70f91b60..bbc053f01 100755 --- a/build +++ b/build @@ -387,10 +387,10 @@ docker_cleanup() { ## Build the default docker image based on debian 11. make_docker() { - local EMQX_BUILDER_VERSION="${EMQX_BUILDER_VERSION:-5.1-4}" + local EMQX_BUILDER_VERSION="${EMQX_BUILDER_VERSION:-5.2-8}" local EMQX_BUILDER_PLATFORM="${EMQX_BUILDER_PLATFORM:-debian11}" - local EMQX_BUILDER_OTP="${EMQX_BUILDER_OTP:-25.3.2-2}" - local EMQX_BUILDER_ELIXIR="${EMQX_BUILDER_ELIXIR:-1.14.5}" + local EMQX_BUILDER_OTP="${EMQX_BUILDER_OTP:-26.1.2-2}" + local EMQX_BUILDER_ELIXIR="${EMQX_BUILDER_ELIXIR:-1.15.7}" local EMQX_BUILDER=${EMQX_BUILDER:-ghcr.io/emqx/emqx-builder/${EMQX_BUILDER_VERSION}:${EMQX_BUILDER_ELIXIR}-${EMQX_BUILDER_OTP}-${EMQX_BUILDER_PLATFORM}} local EMQX_RUNNER="${EMQX_RUNNER:-${EMQX_DEFAULT_RUNNER}}" local EMQX_DOCKERFILE="${EMQX_DOCKERFILE:-deploy/docker/Dockerfile}" diff --git a/changes/ce/feat-12085.en.md b/changes/ce/feat-12085.en.md new file mode 100644 index 000000000..aa342f9c7 --- /dev/null +++ b/changes/ce/feat-12085.en.md @@ -0,0 +1 @@ +Upgrade to OTP 26.1.2-2 diff --git a/deploy/docker/Dockerfile b/deploy/docker/Dockerfile index b2dfbb1f6..185b3d0ee 100644 --- a/deploy/docker/Dockerfile +++ b/deploy/docker/Dockerfile @@ -1,4 +1,4 @@ -ARG BUILD_FROM=ghcr.io/emqx/emqx-builder/5.1-4:1.14.5-25.3.2-2-debian11 +ARG BUILD_FROM=ghcr.io/emqx/emqx-builder/5.2-8:1.15.7-26.1.2-2-debian11 ARG RUN_FROM=public.ecr.aws/debian/debian:11-slim FROM ${BUILD_FROM} AS builder ARG DEBUG=0 diff --git a/mix.exs b/mix.exs index 453f0b7dd..350800add 100644 --- a/mix.exs +++ b/mix.exs @@ -79,7 +79,7 @@ defmodule EMQXUmbrella.MixProject do # in conflict by ehttpc and emqtt {:gun, github: "emqx/gun", tag: "1.3.9", override: true}, # in conflict by emqx_connector and system_monitor - {:epgsql, github: "emqx/epgsql", tag: "4.7.0.1", override: true}, + {:epgsql, github: "emqx/epgsql", tag: "4.7.1.1", override: true}, # in conflict by emqx and observer_cli {:recon, github: "ferd/recon", tag: "2.5.1", override: true}, {:jsx, github: "talentdeficit/jsx", tag: "v3.1.0", override: true}, @@ -97,6 +97,7 @@ defmodule EMQXUmbrella.MixProject do {:hackney, github: "emqx/hackney", tag: "1.18.1-1", override: true}, # set by hackney (dependency) {:ssl_verify_fun, "1.1.7", override: true}, + {:rfc3339, github: "emqx/rfc3339", tag: "0.2.3", override: true}, {:uuid, github: "okeuday/uuid", tag: "v2.0.6", override: true}, {:quickrand, github: "okeuday/quickrand", tag: "v2.0.6", override: true} ] ++ @@ -214,12 +215,12 @@ defmodule EMQXUmbrella.MixProject do github: "emqx/credentials-obfuscation", tag: "v3.2.0", override: true}, {:rabbit_common, github: "emqx/rabbitmq-server", - tag: "v3.11.13-emqx", + tag: "v3.11.13.2", sparse: "deps/rabbit_common", override: true}, {:amqp_client, github: "emqx/rabbitmq-server", - tag: "v3.11.13-emqx", + tag: "v3.11.13.2", sparse: "deps/amqp_client", override: true} ] diff --git a/rebar.config b/rebar.config index 661049f11..d66a1a520 100644 --- a/rebar.config +++ b/rebar.config @@ -96,6 +96,7 @@ , {jsone, {git, "https://github.com/emqx/jsone.git", {tag, "1.7.1"}}} , {uuid, {git, "https://github.com/okeuday/uuid.git", {tag, "v2.0.6"}}} , {ssl_verify_fun, "1.1.7"} + , {rfc3339, {git, "https://github.com/emqx/rfc3339.git", {tag, "0.2.3"}}} ]}. {xref_ignores, diff --git a/rebar.config.erl b/rebar.config.erl index 6958ad784..fc350aa5d 100644 --- a/rebar.config.erl +++ b/rebar.config.erl @@ -562,7 +562,7 @@ dialyzer(Config) -> AppsToExclude = AppNames -- KnownApps, Extra = - [os_mon, system_monitor, covertool] ++ + [os_mon, system_monitor, tools, covertool] ++ [bcrypt || provide_bcrypt_dep()] ++ [jq || is_jq_supported()] ++ [quicer || is_quicer_supported()], diff --git a/scripts/buildx.sh b/scripts/buildx.sh index 662a7233c..39d8b8e5e 100755 --- a/scripts/buildx.sh +++ b/scripts/buildx.sh @@ -9,7 +9,7 @@ ## example: ## ./scripts/buildx.sh --profile emqx --pkgtype tgz --arch arm64 \ -## --builder ghcr.io/emqx/emqx-builder/5.1-4:1.14.5-25.3.2-2-debian11 +## --builder ghcr.io/emqx/emqx-builder/5.2-8:1.15.7-26.1.2-2-debian11 set -euo pipefail @@ -24,7 +24,7 @@ help() { echo "--arch amd64|arm64: Target arch to build the EMQX package for" echo "--src_dir : EMQX source code in this dir, default to PWD" echo "--builder : Builder image to pull" - echo " E.g. ghcr.io/emqx/emqx-builder/5.1-4:1.14.5-25.3.2-2-debian11" + echo " E.g. ghcr.io/emqx/emqx-builder/5.2-8:1.15.7-26.1.2-2-debian11" } die() { diff --git a/scripts/pr-sanity-checks.sh b/scripts/pr-sanity-checks.sh index 19321230b..f22677cfa 100755 --- a/scripts/pr-sanity-checks.sh +++ b/scripts/pr-sanity-checks.sh @@ -12,9 +12,9 @@ if ! type "yq" > /dev/null; then exit 1 fi -EMQX_BUILDER_VERSION=${EMQX_BUILDER_VERSION:-5.1-4} -EMQX_BUILDER_OTP=${EMQX_BUILDER_OTP:-25.3.2-2} -EMQX_BUILDER_ELIXIR=${EMQX_BUILDER_ELIXIR:-1.14.5} +EMQX_BUILDER_VERSION=${EMQX_BUILDER_VERSION:-5.2-8} +EMQX_BUILDER_OTP=${EMQX_BUILDER_OTP:-26.1.2-2} +EMQX_BUILDER_ELIXIR=${EMQX_BUILDER_ELIXIR:-1.15.7} EMQX_BUILDER_PLATFORM=${EMQX_BUILDER_PLATFORM:-ubuntu22.04} EMQX_BUILDER=${EMQX_BUILDER:-ghcr.io/emqx/emqx-builder/${EMQX_BUILDER_VERSION}:${EMQX_BUILDER_ELIXIR}-${EMQX_BUILDER_OTP}-${EMQX_BUILDER_PLATFORM}} diff --git a/scripts/relup-test/start-relup-test-cluster.sh b/scripts/relup-test/start-relup-test-cluster.sh index 2cee1394e..afd296152 100755 --- a/scripts/relup-test/start-relup-test-cluster.sh +++ b/scripts/relup-test/start-relup-test-cluster.sh @@ -22,7 +22,7 @@ WEBHOOK="webhook.$NET" BENCH="bench.$NET" COOKIE='this-is-a-secret' ## Erlang image is needed to run webhook server and emqtt-bench -ERLANG_IMAGE="ghcr.io/emqx/emqx-builder/5.1-4:1.14.5-25.3.2-2-ubuntu20.04" +ERLANG_IMAGE="ghcr.io/emqx/emqx-builder/5.2-8:1.15.7-26.1.2-2-ubuntu22.04" # builder has emqtt-bench installed BENCH_IMAGE="$ERLANG_IMAGE"