can't be built on Go 1.20

[m-si]

Describe the bug

a build of corazawaf/coraza-caddy fails due to old requirement in go.mod line 69 with error:

/go/pkg/mod/github.com/lucas-clemente/quic-go@v0.29.2/internal/qtls/go120.go:5:13: cannot use "The version of quic-go you're using can't be built on Go 1.20 yet. For more details, please see https://github.com/lucas-clemente/quic-go/wiki/quic-go-and-Go-versions." (untyped string constant "The version of quic-go you're using can't be built on Go 1.20 yet. F...) as int value in variable declaration

To Reproduce

Clone https://github.com/corazawaf/coraza-caddy and build:

git clone --depth 1 https://github.com/corazawaf/coraza-caddy
...
go build caddy/main.go

ideas

Two ideas to solve the issue

• Either update quic-go (latest release seems to be far ahead.
• Alternativly switch to quic-go/quic-go like they did at syncthing project

[jcchavezs]

is this a caddy dependency or a coraza dependency?

…

On Tue, 18 Jul 2023, 09:19 m-si, ***@***.***> wrote: Describe the bug a build of corazawaf/coraza-caddy fails due to old requirement in go.mod line 69 with error: ***@***.***/internal/qtls/go120.go:5:13: cannot use "The version of quic-go you're using can't be built on Go 1.20 yet. For more details, please see https://github.com/lucas-clemente/quic-go/wiki/quic-go-and-Go-versions." (untyped string constant "The version of quic-go you're using can't be built on Go 1.20 yet. F...) as int value in variable declaration To Reproduce Clone https://github.com/corazawaf/coraza-caddy and build: git clone --depth 1 https://github.com/corazawaf/coraza-caddy ... go build caddy/main.go ideas Two ideas to solve the issue - Either update quic-go (latest release <https://github.com/quic-go/quic-go/releases> seems to be far ahead. - Alternativly switch to quic-go/quic-go like they did at syncthing project <syncthing/syncthing#8768> — Reply to this email directly, view it on GitHub <#90>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAXOYARVKGH2UDIYNBVGLM3XQY2J7ANCNFSM6AAAAAA2N6ONGE> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[m-si]

First of all , thank you for your fast response. As I am new to this, it's a bit difficult to find out for me. I can't find it in their go.mod of v2.6.4 and v2.7 so I guess it seems to be a corazza requierment, isn't it?

[jcchavezs]

It is a Caddy dependency https://github.com/caddyserver/caddy/blob/master/go.mod#L20, we might need to upgrade this repo to latest caddy and go 1.19 once a new release. Any idea on when go 1.20 is going to be supported @mholt?

Another option in the meantime is to try patching this repo, are you up to try that @m-si? In any case it isn't any good we are still in 1.18.

[jptosso]

I have tested caddy main and it works fine with go 1.20. We have to wait for the 2.7 release

[jcchavezs]

@jptosso could you add 1.19 and 1.20 to the CI and drop 1.18?

[jcchavezs]

Uhmm #91

…

On Tue, 18 Jul 2023, 11:31 Juan Pablo Tosso, ***@***.***> wrote: I have tested caddy main and it works fine with go 1.20 — Reply to this email directly, view it on GitHub <#90 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAXOYAWJY5TB2YMQWATQJBTXQZJWZANCNFSM6AAAAAA2N6ONGE> . You are receiving this because you commented.Message ID: ***@***.***>

[m-si]

@jcchavezs today I have no time, but I can try later this week. But to me, it looks even more promising to go with 1.19 or 1.20 as we need to do that anyway to keep up.

[mholt]

@jcchavezs To clarify, the latest Go is (almost?) always supported. We just have to support one prior Go release to please the Debian packaging gods. 🤷‍♂️

Quic-Go isn't generally forward-compatible because it relies on a fork of crypto/tls (due to API limitations in that package, which are currently being addressed in partnership with the Go team) -- but it definitely supports Go 1.20.

[M4tteoP]

Since #96, we are building coraza-caddy in the CI with Go 1.20 and caddy is updated to v2.7.3, I think we can close this one