Update to Go 1.15.5 to account for CVE-2020-28362
This commit is contained in:
parent
540fbbb31b
commit
36a025b088
|
@ -4,7 +4,7 @@
|
||||||
|
|
||||||
The following dependencies are required for local development:
|
The following dependencies are required for local development:
|
||||||
|
|
||||||
- [Go](https://golang.org/dl/) >= 1.15.3
|
- [Go](https://golang.org/dl/) >= 1.15.5
|
||||||
- [Docker](https://docs.docker.com/engine/install/) / moby-engine >= 19.03
|
- [Docker](https://docs.docker.com/engine/install/) / moby-engine >= 19.03
|
||||||
- [Tilt](http://tilt.dev/) >= 0.17.2
|
- [Tilt](http://tilt.dev/) >= 0.17.2
|
||||||
- Any of the local Kubernetes clusters supported by Tilt.
|
- Any of the local Kubernetes clusters supported by Tilt.
|
||||||
|
|
2
Tiltfile
2
Tiltfile
|
@ -17,7 +17,7 @@
|
||||||
# +-> third_party/solana/Dockerfile <--------------+ | |
|
# +-> third_party/solana/Dockerfile <--------------+ | |
|
||||||
# + | | +-----------------+
|
# + | | +-----------------+
|
||||||
# +--> solana-devnet +-------|-----> | solana-devnet |
|
# +--> solana-devnet +-------|-----> | solana-devnet |
|
||||||
# golang:1.15.3 +-----> | [setup] |
|
# golang:1.* +-----> | [setup] |
|
||||||
# + | +-----------------+
|
# + | +-----------------+
|
||||||
# +-> bridge/Dockerfile +-> guardiand-image +---------+
|
# +-> bridge/Dockerfile +-> guardiand-image +---------+
|
||||||
#
|
#
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# syntax=docker/dockerfile:experimental
|
# syntax=docker/dockerfile:experimental
|
||||||
FROM golang:1.15.3
|
FROM golang:1.15.5
|
||||||
|
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
|
||||||
|
|
|
@ -43,7 +43,7 @@ export PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/sbin:/bin
|
||||||
|
|
||||||
# Install Go binaries.
|
# Install Go binaries.
|
||||||
ARCH=amd64
|
ARCH=amd64
|
||||||
GO=1.15.3
|
GO=1.15.5
|
||||||
# TODO(leo): verify checksum
|
# TODO(leo): verify checksum
|
||||||
|
|
||||||
(
|
(
|
||||||
|
|
|
@ -49,9 +49,12 @@ Wormhole binaries from source. A Git repo is much harder to tamper with than rel
|
||||||
|
|
||||||
To build Wormhole, you need:
|
To build Wormhole, you need:
|
||||||
|
|
||||||
- [Go](https://golang.org/dl/) >= 1.15.3
|
- [Go](https://golang.org/dl/) >= 1.15.5
|
||||||
- [Rust](https://www.rust-lang.org/learn/get-started) >= 1.47.0
|
- [Rust](https://www.rust-lang.org/learn/get-started) >= 1.47.0
|
||||||
|
|
||||||
|
It is very important to use a sufficiently recent Go version that includes a fix for
|
||||||
|
[CVE-2020-28362](https://blog.ethereum.org/2020/11/12/geth_security_release/).
|
||||||
|
|
||||||
If your Linux distribution has recent enough packages for these, it's preferable to use those and avoid
|
If your Linux distribution has recent enough packages for these, it's preferable to use those and avoid
|
||||||
the extra third-party build dependency.
|
the extra third-party build dependency.
|
||||||
|
|
||||||
|
@ -88,7 +91,7 @@ existing build pipeline. If you need Dockerfile examples, you can take a look at
|
||||||
|
|
||||||
To generate a guardian key, you only need to only build the Go bridge.
|
To generate a guardian key, you only need to only build the Go bridge.
|
||||||
|
|
||||||
It requires [Go](https://golang.org/dl/) >= 1.15.3. Clone the Wormhole repo
|
It requires [Go](https://golang.org/dl/) >= 1.15.5. Clone the Wormhole repo
|
||||||
and build the binary:
|
and build the binary:
|
||||||
|
|
||||||
git clone https://github.com/certusone/wormhole
|
git clone https://github.com/certusone/wormhole
|
||||||
|
|
Loading…
Reference in New Issue