feat(cmd/agent): add fallback X.509 trusted roots (#6340)

* feat(cmd/agent): add fallback X.509 trusted roots Signed-off-by: hainenber <[email protected]> * chore(doc): add CHANGELOG entry Signed-off-by: hainenber <[email protected]> * Update CHANGELOG.md --------- Signed-off-by: hainenber <[email protected]> Co-authored-by: Paulin Todev <[email protected]>
grafana · Feb 15, 2024 · 8a6c8d7 · 8a6c8d7
1 parent 3ac98b9
commit 8a6c8d7
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -95,6 +95,9 @@ Main (unreleased)
 
 - Updated docs for MSSQL Integration to show additional authentication capabilities. (@StefanKurek)
 
+- `grafana-agent` and `grafana-agent-flow` fallback to default X.509 trusted root certificates
+  when the `GODEBUG=x509usefallbackroots=1` environment variable is set. (@hainenber)
+
 v0.39.2 (2024-1-31)
 --------------------
 

diff --git a/cmd/grafana-agent-flow/main.go b/cmd/grafana-agent-flow/main.go
@@ -17,6 +17,10 @@ import (
 
 	// Register integrations
 	_ "github.com/grafana/agent/pkg/integrations/install"
+
+	// Embed a set of fallback X.509 trusted roots
+	// Allows the app to work correctly even when the OS does not provide a verifier or systems roots pool
+	_ "golang.org/x/crypto/x509roots/fallback"
 )
 
 func init() {

diff --git a/cmd/grafana-agent/main.go b/cmd/grafana-agent/main.go
@@ -21,6 +21,10 @@ import (
 
 	// Register integrations
 	_ "github.com/grafana/agent/pkg/integrations/install"
+
+	// Embed a set of fallback X.509 trusted roots
+	// Allows the app to work correctly even when the OS does not provide a verifier or systems roots pool
+	_ "golang.org/x/crypto/x509roots/fallback"
 )
 
 func init() {

diff --git a/go.mod b/go.mod
@@ -616,6 +616,7 @@ require (
 	github.com/open-telemetry/opentelemetry-collector-contrib/receiver/prometheusreceiver v0.87.0
 	github.com/open-telemetry/opentelemetry-collector-contrib/receiver/vcenterreceiver v0.87.0
 	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v0.42.0
+	golang.org/x/crypto/x509roots/fallback v0.0.0-20240208163226-62c9f1799c91
 	k8s.io/apimachinery v0.28.3
 )
 

diff --git a/go.sum b/go.sum
@@ -2513,6 +2513,8 @@ golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU
 golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
 golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc=
 golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
+golang.org/x/crypto/x509roots/fallback v0.0.0-20240208163226-62c9f1799c91 h1:Lyizcy9jX02jYR0ceBkL6S+jRys8Uepf7wt1vrz6Ras=
+golang.org/x/crypto/x509roots/fallback v0.0.0-20240208163226-62c9f1799c91/go.mod h1:kNa9WdvYnzFwC79zRpLRMJbdEFlhyM5RPFBBZp/wWH8=
 golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=