Skip to content

feat: switch back to upstream pkcs8 lib #344

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 21, 2025
Merged

feat: switch back to upstream pkcs8 lib #344

merged 2 commits into from
Nov 21, 2025

Conversation

@kruskall
Copy link
Member

@kruskall kruskall commented Aug 20, 2025

What does this PR do?

elastic forked the library to fix modern go version support and bump the x/crypto dependency

this has been fixed upstream so we should switch back to it

update imports and run go mod tidy

Why is it important?

the elastic fork of pkcs8 is only used in elastic-agent-libs

we should drop it and archive the repo

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have added tests that prove my fix is effective or that my feature works

Author's Checklist

  • [ ]

Related issues

@kruskall
feat: switch back to upstream pkcs8 lib
7fc4009 
elastic forker the library to fix modern go version support
and bump the x/crypto dependency

this has been fixed upstream so we should switch back to it

update imports and run go mod tidy
@kruskall kruskall requested a review from a team as a code owner August 20, 2025 04:12
@kruskall kruskall requested review from andrzej-stencel and khushijain21 and removed request for a team August 20, 2025 04:12
@elasticmachine
Copy link
Collaborator

elasticmachine commented Aug 20, 2025

💚 Build Succeeded

History

@AndersonQ
Copy link
Member

AndersonQ commented Nov 5, 2025

I have a question. I'm seeing upstream still uses golang.org/x/crypto v0.22, whereas our forks uses v0.32.0. Here, golang.org/x/crypto is kept at a newer version due to another dependency. Are we fine with that? would github.com/youmark/pkcs8 be good even if we'd use golang.org/x/crypto v0.22?

mauri870
mauri870 reviewed Nov 5, 2025
View reviewed changes
Copy link
Member

@mauri870 mauri870 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes look good. I can see a recent commit in elastic/pkcs8 fixing CVEs and that is not included in the upstream library. Is this accounted for?

EDIT: See Anderson's comment.

@kruskall
Copy link
Member Author

kruskall commented Nov 17, 2025

I have a question. I'm seeing upstream still uses golang.org/x/crypto v0.22, whereas our forks uses v0.32.0. Here, golang.org/x/crypto is kept at a newer version due to another dependency. Are we fine with that? would github.com/youmark/pkcs8 be good even if we'd use golang.org/x/crypto v0.22?

we can't use old x/crypto because other deps require a newer one.
That should be fine as it follows semver

mauri870
mauri870 approved these changes Nov 21, 2025
View reviewed changes
Copy link
Member

@mauri870 mauri870 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, I checked both repos and confirmed they are equivalent now.

@kruskall kruskall merged commit 5c74360 into elastic:main Nov 21, 2025
5 checks passed
@kruskall kruskall deleted the feat/upstream-pkcs8 branch November 21, 2025 15:50
@kruskall kruskall mentioned this pull request Nov 24, 2025
Merged
6 tasks
This was referenced Nov 27, 2025
Merged
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mauri870 mauri870 mauri870 approved these changes

@khushijain21 khushijain21 Awaiting requested review from khushijain21 khushijain21 is a code owner automatically assigned from elastic/elastic-agent-data-plane

@andrzej-stencel andrzej-stencel Awaiting requested review from andrzej-stencel andrzej-stencel is a code owner automatically assigned from elastic/elastic-agent-data-plane

@michel-laterman michel-laterman Awaiting requested review from michel-laterman

@AndersonQ AndersonQ Awaiting requested review from AndersonQ

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@kruskall @elasticmachine @AndersonQ @mauri870