build(deps): bump golang.org/x/crypto from 0.25.0 to 0.26.0 #502
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: [push] | |
| jobs: | |
| build_multi_platform: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Go 1.x | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.20' | |
| - name: Build for multi-platform | |
| run: | | |
| set -xeu | |
| DIST=dist | |
| mkdir $DIST | |
| # (from: https://www.digitalocean.com/community/tutorials/how-to-build-go-executables-for-multiple-platforms-on-ubuntu-16-04) | |
| platforms=("linux/amd64" "darwin/amd64" "windows/amd64" "linux/arm") | |
| for platform in "${platforms[@]}" | |
| do | |
| platform_split=(${platform//\// }) | |
| export GOOS=${platform_split[0]} | |
| export GOARCH=${platform_split[1]} | |
| [ $GOOS = "windows" ] && EXTENSION='.exe' || EXTENSION='' | |
| BUILD_PATH=piping-tunnel-$GOOS-$GOARCH | |
| mkdir $BUILD_PATH | |
| # Build | |
| CGO_ENABLED=0 go build -o "${BUILD_PATH}/piping-tunnel${EXTENSION}" main/main.go | |
| done | |
| operational_test: | |
| runs-on: ubuntu-22.04 | |
| defaults: | |
| run: | |
| shell: bash | |
| steps: | |
| - name: Build SSH server Dockerfile | |
| run: | | |
| docker build -t ssh-server - <<'EOS' | |
| FROM ubuntu:20.04 | |
| RUN apt update | |
| RUN apt install -y openssh-server | |
| RUN mkdir /var/run/sshd | |
| # (base(ja): https://qiita.com/FGtatsuro/items/4893dfb138f70d972904) | |
| RUN useradd -m guest | |
| RUN passwd -d guest | |
| RUN sed -ri 's/^#?PermitEmptyPasswords\s+.*/PermitEmptyPasswords yes/' /etc/ssh/sshd_config | |
| RUN sed -ri 's/^#?UsePAM\s+.*/UsePAM no/' /etc/ssh/sshd_config | |
| # SSH login fix. Otherwise user is kicked off after login | |
| RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd | |
| ENV NOTVISIBLE "in users profile" | |
| RUN echo "export VISIBLE=now" >> /etc/profile | |
| ENTRYPOINT [ "/usr/sbin/sshd", "-D" ] | |
| EOS | |
| - run: sudo apt install -y socat | |
| - name: Run SSH Server | |
| run: docker run -d -p 2022:22 --init ssh-server | |
| - name: Run Nginx | |
| run: docker run -d -p 8888:80 nginx:alpine | |
| - name: Run Piping Server | |
| run: docker run -d -p 8080:8080 nwtgck/piping-server:v1.2.0 | |
| - uses: actions/checkout@v4 | |
| - name: Set up Go 1.x | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '1.20' | |
| - run: CGO_ENABLED=0 go build -o piping-tunnel main/main.go | |
| - name: Normal tunnel | |
| run: | | |
| set -eux | |
| ./piping-tunnel -s http://localhost:8080 server -p 2022 aaa bbb & | |
| ./piping-tunnel -s http://localhost:8080 client -p 3322 aaa bbb & | |
| sleep 1 | |
| # (base: -o option: https://www.cyberithub.com/ssh-host-key-verification-failed-error-in-linux/) | |
| ssh -p 3322 -o 'StrictHostKeyChecking no' guest@localhost hostname | |
| - name: Unix socket on server host side | |
| run: | | |
| set -eux | |
| socat UNIX-LISTEN:/tmp/my_nginx_socat TCP:localhost:8888 & | |
| sleep 1 | |
| ./piping-tunnel -s http://localhost:8080 server --unix-socket=/tmp/my_nginx_socat aaa bbb & | |
| ./piping-tunnel -s http://localhost:8080 client -p 8889 aaa bbb & | |
| sleep 1 | |
| curl localhost:8889 | |
| - name: Unix socket on client host side | |
| run: | | |
| set -eux | |
| ./piping-tunnel -s http://localhost:8080 server -p 8888 aaa bbb & | |
| ./piping-tunnel -s http://localhost:8080 client --unix-socket=/tmp/my_unginx aaa bbb & | |
| sleep 1 | |
| curl --unix-socket /tmp/my_unginx http:/index.html | |
| - name: Encrypt with AES-CTR | |
| run: | | |
| set -eux | |
| ./piping-tunnel -s http://localhost:8080 server -p 2022 --symmetric --cipher-type=aes-ctr --pass=mypass aesctraaa aesctrbbb & | |
| ./piping-tunnel -s http://localhost:8080 client -p 3322 --symmetric --cipher-type=aes-ctr --pass=mypass aesctraaa aesctrbbb & | |
| sleep 1 | |
| # (base: -o option: https://www.cyberithub.com/ssh-host-key-verification-failed-error-in-linux/) | |
| ssh -p 3322 -o 'StrictHostKeyChecking no' guest@localhost hostname | |
| - name: Encrypt with OpenSSL-compabile AES-CTR | |
| run: | | |
| set -eux | |
| ./piping-tunnel -s http://localhost:8080 server -p 2022 --symmetric --cipher-type=openssl-aes-256-ctr --pbkdf2='{"iter":100000,"hash":"sha256"}' --pass=mypass openssl1aaa openssl1bbb & echo $! > pid1 | |
| ./piping-tunnel -s http://localhost:8080 client -p 3322 --symmetric --cipher-type=openssl-aes-256-ctr --pbkdf2='{"iter":100000,"hash":"sha256"}' --pass=mypass openssl1aaa openssl1bbb & echo $! > pid2 | |
| sleep 1 | |
| # (base: -o option: https://www.cyberithub.com/ssh-host-key-verification-failed-error-in-linux/) | |
| ssh -p 3322 -o 'StrictHostKeyChecking no' guest@localhost hostname | |
| - name: Encrypt with OpenSSL-compabile AES-CTR using real openssl in server host | |
| run: | | |
| set -eux | |
| curl -sSN http://localhost:8080/openssl2aaa | stdbuf -i0 -o0 openssl aes-256-ctr -d -pass "pass:mypass" -bufsize 1 -pbkdf2 -iter 100000 -md sha256 | nc localhost 2022 | stdbuf -i0 -o0 openssl aes-256-ctr -pass "pass:mypass" -bufsize 1 -pbkdf2 -iter 100000 -md sha256 | curl -sSNT - http://localhost:8080/openssl2bbb & | |
| ./piping-tunnel -s http://localhost:8080 client -p 3322 --symmetric --cipher-type=openssl-aes-256-ctr --pbkdf2='{"iter":100000,"hash":"sha256"}' --pass=mypass openssl2aaa openssl2bbb & | |
| sleep 1 | |
| # (base: -o option: https://www.cyberithub.com/ssh-host-key-verification-failed-error-in-linux/) | |
| ssh -p 3322 -o 'StrictHostKeyChecking no' guest@localhost hostname | |
| - name: Encrypt with OpenSSL-compabile AES-CTR using real openssl in client host | |
| run: | | |
| set -eux | |
| ./piping-tunnel -s http://localhost:8080 server -p 2022 --symmetric --cipher-type=openssl-aes-256-ctr --pbkdf2='{"iter":100000,"hash":"sha256"}' --pass=mypass openssl3aaa openssl3bbb & | |
| curl -NsS http://localhost:8080/openssl3bbb | stdbuf -i0 -o0 openssl aes-256-ctr -d -pass "pass:mypass" -bufsize 1 -pbkdf2 -iter 100000 -md sha256 | nc -l -p 3322 | stdbuf -i0 -o0 openssl aes-256-ctr -pass "pass:mypass" -bufsize 1 -pbkdf2 -iter 100000 -md sha256 | curl -NsST - http://localhost:8080/openssl3aaa & | |
| sleep 1 | |
| # (base: -o option: https://www.cyberithub.com/ssh-host-key-verification-failed-error-in-linux/) | |
| ssh -p 3322 -o 'StrictHostKeyChecking no' guest@localhost hostname | |
| - name: yamux | |
| run: | | |
| set -eux | |
| # Run server-host with yamux | |
| ./piping-tunnel -s http://localhost:8080 server -p 2022 --yamux aaa-yamux bbb-yamux & echo $! > pid1 | |
| # Run client-host with yamux | |
| ./piping-tunnel -s http://localhost:8080 client -p 4422 --yamux aaa-yamux bbb-yamux & echo $! > pid2 | |
| sleep 1 | |
| # Check whether ssh multiple times | |
| # (base: -o option: https://www.cyberithub.com/ssh-host-key-verification-failed-error-in-linux/) | |
| ssh -p 4422 -o 'StrictHostKeyChecking no' guest@localhost hostname | |
| ssh -p 4422 -o 'StrictHostKeyChecking no' guest@localhost ls -l / | |
| kill $(cat pid1) && kill $(cat pid2) | |
| - name: yamux (encrypt with AES-CTR) | |
| run: | | |
| set -eux | |
| # Run server-host with yamux (encrypt with AES-CTR) | |
| ./piping-tunnel -s http://localhost:8080 server -p 2022 --yamux --symmetric --cipher-type=aes-ctr --pass=mypass aaa-yamux bbb-yamux & echo $! > pid1 | |
| # Run client-host with yamux (encrypt with AES-CTR) | |
| ./piping-tunnel -s http://localhost:8080 client -p 4422 --yamux --symmetric --cipher-type=aes-ctr --pass=mypass aaa-yamux bbb-yamux & echo $! > pid2 | |
| sleep 1 | |
| # Check whether ssh multiple times | |
| # (base: -o option: https://www.cyberithub.com/ssh-host-key-verification-failed-error-in-linux/) | |
| ssh -p 4422 -o 'StrictHostKeyChecking no' guest@localhost hostname | |
| ssh -p 4422 -o 'StrictHostKeyChecking no' guest@localhost ls -l / | |
| kill $(cat pid1) && kill $(cat pid2) | |
| - name: yamux SOCKS | |
| run: | | |
| set -eux | |
| # Run socks with yamux | |
| ./piping-tunnel -s http://localhost:8080 socks --yamux aaa-socks bbb-socks & echo $! > pid1 | |
| # Run client-host with yamux | |
| ./piping-tunnel -s http://localhost:8080 client -p 1081 --yamux aaa-socks bbb-socks & echo $! > pid2 | |
| sleep 1 | |
| # NOTE: Depends on external resource: example.com | |
| curl -x socks5h://localhost:1081 https://example.com | |
| kill $(cat pid1) && kill $(cat pid2) | |
| - name: yamux SOCKS (encrypt with AES-CTR) | |
| run: | | |
| set -eux | |
| # Run socks with yamux (encrypt with AES-CTR) | |
| ./piping-tunnel -s http://localhost:8080 socks --yamux --symmetric --cipher-type=aes-ctr --pass=mypass aaa-socks bbb-socks & echo $! > pid1 | |
| # Run client-host with yamux (encrypt with AES-CTR) | |
| ./piping-tunnel -s http://localhost:8080 client -p 1081 --yamux --symmetric --cipher-type=aes-ctr --pass=mypass aaa-socks bbb-socks & echo $! > pid2 | |
| sleep 1 | |
| # NOTE: Depends on external resource: example.com | |
| curl -x socks5h://localhost:1081 https://example.com | |
| kill $(cat pid1) && kill $(cat pid2) | |
| - name: pmux | |
| run: | | |
| set -eux | |
| # Run server-host1 with pmux | |
| ./piping-tunnel -s http://localhost:8080 server -p 2022 --pmux aaa-pmux bbb-pmux & echo $! > pid1 | |
| sleep 1 | |
| # pmux allows multiple clients in one set of paths | |
| # Run client-host1 with pmux | |
| ./piping-tunnel -s http://localhost:8080 client -p 5522 --pmux aaa-pmux bbb-pmux & echo $! > pid2 | |
| # Run client-host2 with pmux | |
| ./piping-tunnel -s http://localhost:8080 client -p 6622 --pmux aaa-pmux bbb-pmux & echo $! > pid3 | |
| sleep 2 | |
| # Check whether ssh multiple times | |
| # (base: -o option: https://www.cyberithub.com/ssh-host-key-verification-failed-error-in-linux/) | |
| ssh -p 5522 -o 'StrictHostKeyChecking no' guest@localhost hostname | |
| ssh -p 5522 -o 'StrictHostKeyChecking no' guest@localhost ls -l / | |
| ssh -p 6622 -o 'StrictHostKeyChecking no' guest@localhost ls -l / | |
| kill $(cat pid1) && kill $(cat pid2) && kill $(cat pid3) |