diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..b1c52684 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,23 @@ +# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates#setting-up-a-cooldown-period-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: github-actions + directory: / + schedule: + interval: weekly + groups: # 1 PR per week for all images + actions: + patterns: ["*"] + - package-ecosystem: gomod + directory: / + schedule: + interval: weekly + # https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#groups-- + groups: # 1 PR per week and group + major: + update-types: ["major"] + minor: + update-types: ["minor"] + patch: + update-types: ["patch"] diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 39763239..53fe083a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,11 +8,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Install Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v5 with: go-version: 1.x - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Build binaries run: | CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o "mkcert-$(git describe --tags)-linux-amd64" -ldflags "-X main.Version=$(git describe --tags)" @@ -23,7 +23,7 @@ jobs: CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -o "mkcert-$(git describe --tags)-windows-amd64.exe" -ldflags "-X main.Version=$(git describe --tags)" CGO_ENABLED=0 GOOS=windows GOARCH=arm64 go build -o "mkcert-$(git describe --tags)-windows-arm64.exe" -ldflags "-X main.Version=$(git describe --tags)" - name: Upload release artifacts - uses: actions/github-script@v3 + uses: actions/github-script@v7 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 591bf3c2..fdd3e9ab 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,11 +10,11 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Install Go ${{ matrix.go }} - uses: actions/setup-go@v2 + uses: actions/setup-go@v5 with: go-version: 1.x - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: Run staticcheck run: | go install honnef.co/go/tools/cmd/staticcheck@latest diff --git a/README.md b/README.md index 4430cc03..854e652c 100644 --- a/README.md +++ b/README.md @@ -68,7 +68,7 @@ Then you can install using [Homebrew on Linux](https://docs.brew.sh/Homebrew-on- brew install mkcert ``` -or build from source (requires Go 1.13+) +or build from source (requires Go 1.23+) ``` git clone https://github.com/FiloSottile/mkcert && cd mkcert @@ -104,7 +104,7 @@ scoop bucket add extras scoop install mkcert ``` -or build from source (requires Go 1.10+), or use [the pre-built binaries](https://github.com/FiloSottile/mkcert/releases). +or build from source (requires Go 1.23+), or use [the pre-built binaries](https://github.com/FiloSottile/mkcert/releases). If you're running into permission problems try running `mkcert` as an Administrator. diff --git a/cert.go b/cert.go index 4ce36ccf..3eaee857 100644 --- a/cert.go +++ b/cert.go @@ -15,7 +15,6 @@ import ( "crypto/x509/pkix" "encoding/asn1" "encoding/pem" - "io/ioutil" "log" "math/big" "net" @@ -113,19 +112,19 @@ func (m *mkcert) makeCert(hosts []string) { privPEM := pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: privDER}) if certFile == keyFile { - err = ioutil.WriteFile(keyFile, append(certPEM, privPEM...), 0600) + err = os.WriteFile(keyFile, append(certPEM, privPEM...), 0600) fatalIfErr(err, "failed to save certificate and key") } else { - err = ioutil.WriteFile(certFile, certPEM, 0644) + err = os.WriteFile(certFile, certPEM, 0644) fatalIfErr(err, "failed to save certificate") - err = ioutil.WriteFile(keyFile, privPEM, 0600) + err = os.WriteFile(keyFile, privPEM, 0600) fatalIfErr(err, "failed to save certificate key") } } else { domainCert, _ := x509.ParseCertificate(cert) - pfxData, err := pkcs12.Encode(rand.Reader, priv, domainCert, []*x509.Certificate{m.caCert}, "changeit") + pfxData, err := pkcs12.Modern.Encode(priv, domainCert, []*x509.Certificate{m.caCert}, "changeit") fatalIfErr(err, "failed to generate PKCS#12") - err = ioutil.WriteFile(p12File, pfxData, 0644) + err = os.WriteFile(p12File, pfxData, 0644) fatalIfErr(err, "failed to save PKCS#12") } @@ -211,7 +210,7 @@ func (m *mkcert) makeCertFromCSR() { log.Fatalln("ERROR: can't create new certificates because the CA key (rootCA-key.pem) is missing") } - csrPEMBytes, err := ioutil.ReadFile(m.csrPath) + csrPEMBytes, err := os.ReadFile(m.csrPath) fatalIfErr(err, "failed to read the CSR") csrPEM, _ := pem.Decode(csrPEMBytes) if csrPEM == nil { @@ -267,7 +266,7 @@ func (m *mkcert) makeCertFromCSR() { } certFile, _, _ := m.fileNames(hosts) - err = ioutil.WriteFile(certFile, pem.EncodeToMemory( + err = os.WriteFile(certFile, pem.EncodeToMemory( &pem.Block{Type: "CERTIFICATE", Bytes: cert}), 0644) fatalIfErr(err, "failed to save certificate") @@ -284,7 +283,7 @@ func (m *mkcert) loadCA() { m.newCA() } - certPEMBlock, err := ioutil.ReadFile(filepath.Join(m.CAROOT, rootName)) + certPEMBlock, err := os.ReadFile(filepath.Join(m.CAROOT, rootName)) fatalIfErr(err, "failed to read the CA certificate") certDERBlock, _ := pem.Decode(certPEMBlock) if certDERBlock == nil || certDERBlock.Type != "CERTIFICATE" { @@ -297,7 +296,7 @@ func (m *mkcert) loadCA() { return // keyless mode, where only -install works } - keyPEMBlock, err := ioutil.ReadFile(filepath.Join(m.CAROOT, rootKeyName)) + keyPEMBlock, err := os.ReadFile(filepath.Join(m.CAROOT, rootKeyName)) fatalIfErr(err, "failed to read the CA key") keyDERBlock, _ := pem.Decode(keyPEMBlock) if keyDERBlock == nil || keyDERBlock.Type != "PRIVATE KEY" { @@ -352,11 +351,11 @@ func (m *mkcert) newCA() { privDER, err := x509.MarshalPKCS8PrivateKey(priv) fatalIfErr(err, "failed to encode CA key") - err = ioutil.WriteFile(filepath.Join(m.CAROOT, rootKeyName), pem.EncodeToMemory( + err = os.WriteFile(filepath.Join(m.CAROOT, rootKeyName), pem.EncodeToMemory( &pem.Block{Type: "PRIVATE KEY", Bytes: privDER}), 0400) fatalIfErr(err, "failed to save CA key") - err = ioutil.WriteFile(filepath.Join(m.CAROOT, rootName), pem.EncodeToMemory( + err = os.WriteFile(filepath.Join(m.CAROOT, rootName), pem.EncodeToMemory( &pem.Block{Type: "CERTIFICATE", Bytes: cert}), 0644) fatalIfErr(err, "failed to save CA certificate") diff --git a/go.mod b/go.mod index be7bfa44..dabada78 100644 --- a/go.mod +++ b/go.mod @@ -1,14 +1,14 @@ module filippo.io/mkcert -go 1.18 +go 1.23.0 require ( - golang.org/x/net v0.0.0-20220421235706-1d1ef9303861 - howett.net/plist v1.0.0 - software.sslmate.com/src/go-pkcs12 v0.2.0 + golang.org/x/net v0.42.0 + howett.net/plist v1.0.1 + software.sslmate.com/src/go-pkcs12 v0.6.0 ) require ( - golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29 // indirect - golang.org/x/text v0.3.7 // indirect + golang.org/x/crypto v0.40.0 // indirect + golang.org/x/text v0.27.0 // indirect ) diff --git a/go.sum b/go.sum index 6baa9f2a..d05b49fd 100644 --- a/go.sum +++ b/go.sum @@ -1,20 +1,13 @@ github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= -golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29 h1:tkVvjkPTB7pnW3jnid7kNyAMPVWllTNOf/qKDze4p9o= -golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20220421235706-1d1ef9303861 h1:yssD99+7tqHWO5Gwh81phT+67hg+KttniBr6UnEXOY8= -golang.org/x/net v0.0.0-20220421235706-1d1ef9303861/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM= +golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY= +golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs= +golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8= +golang.org/x/text v0.27.0 h1:4fGWRpyh641NLlecmyl4LOe6yDdfaYNrGb2zdfo4JV4= +golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0/go.mod h1:WDnlLJ4WF5VGsH/HVa3CI79GS0ol3YnhVnKP89i0kNg= -howett.net/plist v1.0.0 h1:7CrbWYbPPO/PyNy38b2EB/+gYbjCe2DXBxgtOOZbSQM= -howett.net/plist v1.0.0/go.mod h1:lqaXoTrLY4hg8tnEzNru53gicrbv7rrk+2xJA/7hw9g= -software.sslmate.com/src/go-pkcs12 v0.2.0 h1:nlFkj7bTysH6VkC4fGphtjXRbezREPgrHuJG20hBGPE= -software.sslmate.com/src/go-pkcs12 v0.2.0/go.mod h1:23rNcYsMabIc1otwLpTkCCPwUq6kQsTyowttG/as0kQ= +howett.net/plist v1.0.1 h1:37GdZ8tP09Q35o9ych3ehygcsL+HqKSwzctveSlarvM= +howett.net/plist v1.0.1/go.mod h1:lqaXoTrLY4hg8tnEzNru53gicrbv7rrk+2xJA/7hw9g= +software.sslmate.com/src/go-pkcs12 v0.6.0 h1:f3sQittAeF+pao32Vb+mkli+ZyT+VwKaD014qFGq6oU= +software.sslmate.com/src/go-pkcs12 v0.6.0/go.mod h1:Qiz0EyvDRJjjxGyUQa2cCNZn/wMyzrRJ/qcDXOQazLI= diff --git a/truststore_darwin.go b/truststore_darwin.go index 83b8fac7..385911c4 100644 --- a/truststore_darwin.go +++ b/truststore_darwin.go @@ -7,7 +7,6 @@ package main import ( "bytes" "encoding/asn1" - "io/ioutil" "log" "os" "path/filepath" @@ -57,7 +56,7 @@ func (m *mkcert) installPlatform() bool { // Make trustSettings explicit, as older Go does not know the defaults. // https://github.com/golang/go/issues/24652 - plistFile, err := ioutil.TempFile("", "trust-settings") + plistFile, err := os.CreateTemp("", "trust-settings") fatalIfErr(err, "failed to create temp file") defer os.Remove(plistFile.Name()) @@ -65,7 +64,7 @@ func (m *mkcert) installPlatform() bool { out, err = cmd.CombinedOutput() fatalIfCmdErr(err, "security trust-settings-export", out) - plistData, err := ioutil.ReadFile(plistFile.Name()) + plistData, err := os.ReadFile(plistFile.Name()) fatalIfErr(err, "failed to read trust settings") var plistRoot map[string]interface{} _, err = plist.Unmarshal(plistData, &plistRoot) @@ -92,7 +91,7 @@ func (m *mkcert) installPlatform() bool { plistData, err = plist.MarshalIndent(plistRoot, plist.XMLFormat, "\t") fatalIfErr(err, "failed to serialize trust settings") - err = ioutil.WriteFile(plistFile.Name(), plistData, 0600) + err = os.WriteFile(plistFile.Name(), plistData, 0600) fatalIfErr(err, "failed to write trust settings") cmd = commandWithSudo("security", "trust-settings-import", "-d", plistFile.Name()) diff --git a/truststore_linux.go b/truststore_linux.go index 2c4e5a37..809a524e 100644 --- a/truststore_linux.go +++ b/truststore_linux.go @@ -7,7 +7,6 @@ package main import ( "bytes" "fmt" - "io/ioutil" "log" "os" "path/filepath" @@ -59,7 +58,7 @@ func (m *mkcert) installPlatform() bool { return false } - cert, err := ioutil.ReadFile(filepath.Join(m.CAROOT, rootName)) + cert, err := os.ReadFile(filepath.Join(m.CAROOT, rootName)) fatalIfErr(err, "failed to read root certificate") cmd := commandWithSudo("tee", m.systemTrustFilename()) diff --git a/truststore_windows.go b/truststore_windows.go index a4c9fcb4..3b9ea8a9 100644 --- a/truststore_windows.go +++ b/truststore_windows.go @@ -8,7 +8,6 @@ import ( "crypto/x509" "encoding/pem" "fmt" - "io/ioutil" "math/big" "os" "path/filepath" @@ -34,7 +33,7 @@ var ( func (m *mkcert) installPlatform() bool { // Load cert - cert, err := ioutil.ReadFile(filepath.Join(m.CAROOT, rootName)) + cert, err := os.ReadFile(filepath.Join(m.CAROOT, rootName)) fatalIfErr(err, "failed to read root certificate") // Decode PEM if certBlock, _ := pem.Decode(cert); certBlock == nil || certBlock.Type != "CERTIFICATE" {