3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-31 01:47:33 +02:00
Code Issues Projects Releases Packages Wiki Activity
3364 commits 164 branches 127 tags 104 MiB
Commit graph

3364 commits

This branch
This branch
All branches
Author SHA1 Message Date
dependabot[bot]
58fddfe6e2
chore(deps): bump github.com/gorilla/mux from 1.8.0 to 1.8.1 (#4790) 
Bumps [github.com/gorilla/mux](https://github.com/gorilla/mux) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/gorilla/mux/releases)
- [Commits](https://github.com/gorilla/mux/compare/v1.8.0...v1.8.1)

---
updated-dependencies:
- dependency-name: github.com/gorilla/mux
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-07 13:51:32 -07:00
dependabot[bot]
b2d0b454c9
chore(deps): bump github.com/shirou/gopsutil/v3 from 3.23.9 to 3.23.11 (#4794) 
Bumps [github.com/shirou/gopsutil/v3](https://github.com/shirou/gopsutil) from 3.23.9 to 3.23.11.
- [Release notes](https://github.com/shirou/gopsutil/releases)
- [Commits](https://github.com/shirou/gopsutil/compare/v3.23.9...v3.23.11)

---
updated-dependencies:
- dependency-name: github.com/shirou/gopsutil/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-07 13:51:00 -07:00
dependabot[bot]
7004698966
chore(deps): bump github.com/VictoriaMetrics/fastcache from 1.12.1 to 1.12.2 (#4802) 
chore(deps): bump github.com/VictoriaMetrics/fastcache

Bumps [github.com/VictoriaMetrics/fastcache](https://github.com/VictoriaMetrics/fastcache) from 1.12.1 to 1.12.2.
- [Commits](https://github.com/VictoriaMetrics/fastcache/compare/v1.12.1...v1.12.2)

---
updated-dependencies:
- dependency-name: github.com/VictoriaMetrics/fastcache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-07 13:50:27 -07:00
dependabot[bot]
a02d879b37
chore(deps): bump actions/setup-python from 4.7.0 to 5.0.0 (#4827) 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.7.0 to 5.0.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](61a6322f88...0a5c615913)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-07 13:49:47 -07:00
dependabot[bot]
3e851cadc2
chore(deps): bump docker/metadata-action from 5.0.0 to 5.3.0 (#4826) 
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.0.0 to 5.3.0.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](96383f4557...31cebacef4)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-07 13:49:24 -07:00
dependabot[bot]
479d8ac5e7
chore(deps): bump github.com/yuin/gopher-lua from 1.1.0 to 1.1.1 (#4832) 
Bumps [github.com/yuin/gopher-lua](https://github.com/yuin/gopher-lua) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/yuin/gopher-lua/releases)
- [Commits](https://github.com/yuin/gopher-lua/compare/v1.1.0...v1.1.1)

---
updated-dependencies:
- dependency-name: github.com/yuin/gopher-lua
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-07 13:48:34 -07:00
dependabot[bot]
ce145414b4
chore(deps): bump github.com/caddyserver/certmagic from 0.19.2 to 0.20.0 (#4836) 
Bumps [github.com/caddyserver/certmagic](https://github.com/caddyserver/certmagic) from 0.19.2 to 0.20.0.
- [Release notes](https://github.com/caddyserver/certmagic/releases)
- [Commits](https://github.com/caddyserver/certmagic/compare/v0.19.2...v0.20.0)

---
updated-dependencies:
- dependency-name: github.com/caddyserver/certmagic
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-07 13:48:09 -07:00
Kenneth Jenkins
a771b82a72
storage/inmemory: fix Patch() error handling (#4838) 
The Patch() method was intended to skip any records that do not
currently exist. However, currently inmemory.Backend.Patch() will return
ErrNotFound if the last record in the records slice is not found (it
will ignore any other previous records that are not found).

Update the error handling logic here to be consistent with the postgres
backend, and add a unit test to exercise this case.
 2023-12-07 12:21:10 -08:00
Kenneth Jenkins
c01d0e045d
authenticateflow: add stateful flow (#4822) 
Add a new Stateful type implementing the stateful authentication flow
from Pomerium v0.20 and earlier.

This consists mainly of logic from authenticate/handlers.go prior to
commits 57217af and 539fd51.

One significant change is to set the default IdP ID when an IdP ID is
not provided in the request URL (e.g. when signing in directly at the
authenticate service domain). Otherwise, if session state is stored with
an empty IdP ID, it won't be valid for any route.
 2023-12-07 09:54:42 -08:00
dependabot[bot]
0e9a07eac9
chore(deps): bump mikefarah/yq from 4.40.3 to 4.40.4 (#4829) 
Bumps [mikefarah/yq](https://github.com/mikefarah/yq) from 4.40.3 to 4.40.4.
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](c11a53322b...1c3d551060)

---
updated-dependencies:
- dependency-name: mikefarah/yq
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-07 12:31:53 -05:00
dependabot[bot]
806a901fa1
chore(deps): bump golang from 1.21.4-bookworm to 1.21.5-bookworm (#4828) 
Bumps golang from 1.21.4-bookworm to 1.21.5-bookworm.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-07 12:30:31 -05:00
dependabot[bot]
68aeebe0b8
chore(deps): bump actions/setup-go from 4.1.0 to 5.0.0 (#4830) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4.1.0 to 5.0.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](93397bea11...0c52d547c9)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-07 11:59:54 -05:00
dependabot[bot]
aabe235cc6
chore(deps): bump google.golang.org/api from 0.143.0 to 0.153.0 (#4835) 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.143.0 to 0.153.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.143.0...v0.153.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-07 11:58:45 -05:00
dependabot[bot]
d4aa96ac28
chore(deps): bump node from 42a4d97 to 5f21943 (#4659) 
Bumps node from `42a4d97` to `5f21943`.

---
updated-dependencies:
- dependency-name: node
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-07 09:48:56 -07:00
dependabot[bot]
17eb5d8fd9
chore(deps): bump google-github-actions/auth from 1.1.1 to 2.0.0 (#4778) 
Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 1.1.1 to 2.0.0.
- [Release notes](https://github.com/google-github-actions/auth/releases)
- [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md)
- [Commits](35b0e87d16...67e9c72af6)

---
updated-dependencies:
- dependency-name: google-github-actions/auth
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-07 09:44:08 -07:00
Caleb Doxsey
98c6603f3b
core/ci: disable dependabot for npm (#4823) 2023-12-07 09:41:09 -07:00
Caleb Doxsey
ce8abde236
core/go: use max procs (#4766) 
* core/go: use max procs

* update test

* logging
 2023-12-07 09:14:57 -07:00
Kenneth Jenkins
9db828ffd4
authenticateflow: move logAuthenticateEvent (#4821) 
Move the Stateless.logAuthenticateEvent() method into the main
stateless.go file.

(This was in events.go temporarily so that Git would track the file
history as a rename from authenticate/events.go.)
 2023-12-06 17:14:20 -08:00
Kenneth Jenkins
b7896b3153
authenticateflow: move stateless flow logic (#4820) 
Consolidate all logic specific to the stateless authenticate flow into a
a new Stateless type in a new package internal/authenticateflow. This is
in preparation for adding a new Stateful type implementing the older
stateful authenticate flow (from Pomerium v0.20 and previous).

This change is intended as a pure refactoring of existing logic, with no
changes in functionality.
 2023-12-06 16:55:57 -08:00
Kenneth Jenkins
3b2bdd059a
authenticate: getUserInfoData() cleanup (#4818) 
The Authenticate.getUserInfoData() method has an error return value, but
always returns nil for this value. Let's remove this return value from
the method signature.
 2023-12-05 14:48:56 -08:00
Kenneth Jenkins
8068890e57
integration: re-generate test configurations (#4816) 
An unused Redis TCP route was removed from the integration test
configuration template in commit bcddbff. Re-generate the test
configurations to incorporate this template change.
 2023-12-05 12:49:03 -08:00
Kenneth Jenkins
3c4b03f1d2
authenticate: remove extra UpdateUserInfo() call (#4813) 
The buildIdentityProfile() method is called only from
Authenticate.getOAuthCallback(), which has previously called
Authenticator.Authenticate(). It looks like all implementations of the
Authenticator interface already call UpdateUserInfo(), so we shouldn't
need to call UpdateUserInfo() a second time from buildIdentityProfile().

This should simplify the code a little and provide a slight performance
improvement (by avoiding one network request).
 2023-12-05 09:22:35 -08:00
Denis Mishin
8a2cf3faf2
zero: add more verbose logging about background control loops (#4815) 2023-12-05 11:22:01 -05:00
dependabot[bot]
96ba5a6679
chore(deps): bump github.com/minio/minio-go/v7 from 7.0.63 to 7.0.65 (#4812) 
Bumps [github.com/minio/minio-go/v7](https://github.com/minio/minio-go) from 7.0.63 to 7.0.65.
- [Release notes](https://github.com/minio/minio-go/releases)
- [Commits](https://github.com/minio/minio-go/compare/v7.0.63...v7.0.65)

---
updated-dependencies:
- dependency-name: github.com/minio/minio-go/v7
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-05 09:01:05 -07:00
Denis Mishin
d2b2ad3250
zero: use production urls by default (#4814) 2023-12-04 20:01:46 -05:00
dependabot[bot]
2edd63c58a
chore(deps): bump distroless/base-debian12 from d2890b2 to 5e24c7a (#4658) 
Bumps distroless/base-debian12 from `d2890b2` to `5e24c7a`.

---
updated-dependencies:
- dependency-name: distroless/base-debian12
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 15:51:39 -05:00
dependabot[bot]
f3ac3b5df7
chore(deps): bump golang.org/x/sync from 0.3.0 to 0.5.0 (#4748) 
Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.3.0 to 0.5.0.
- [Commits](https://github.com/golang/sync/compare/v0.3.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sync
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 15:48:45 -05:00
dependabot[bot]
8184bad67b
chore(deps): bump docker/build-push-action from 5.0.0 to 5.1.0 (#4777) 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5.0.0 to 5.1.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](0565240e2d...4a13e500e5)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 15:48:21 -05:00
dependabot[bot]
8e6a61327c
chore(deps): bump mikefarah/yq from 4.35.2 to 4.40.3 (#4780) 
Bumps [mikefarah/yq](https://github.com/mikefarah/yq) from 4.35.2 to 4.40.3.
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](a198f72367...c11a53322b)

---
updated-dependencies:
- dependency-name: mikefarah/yq
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 15:47:57 -05:00
dependabot[bot]
72cde7b6b3
chore(deps): bump golang.org/x/net from 0.17.0 to 0.19.0 (#4792) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.17.0 to 0.19.0.
- [Commits](https://github.com/golang/net/compare/v0.17.0...v0.19.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 15:47:28 -05:00
dependabot[bot]
6426d449f9
chore(deps): bump github.com/mattn/go-isatty from 0.0.19 to 0.0.20 (#4801) 
Bumps [github.com/mattn/go-isatty](https://github.com/mattn/go-isatty) from 0.0.19 to 0.0.20.
- [Commits](https://github.com/mattn/go-isatty/compare/v0.0.19...v0.0.20)

---
updated-dependencies:
- dependency-name: github.com/mattn/go-isatty
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 15:45:19 -05:00
dependabot[bot]
e59fd87d62
chore(deps): bump golang.org/x/time from 0.3.0 to 0.5.0 (#4796) 
Bumps [golang.org/x/time](https://github.com/golang/time) from 0.3.0 to 0.5.0.
- [Commits](https://github.com/golang/time/compare/v0.3.0...v0.5.0)

---
updated-dependencies:
- dependency-name: golang.org/x/time
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-04 15:44:51 -05:00
Caleb Doxsey
1780fefa72
core/storage: hijack connections for notification listeners (#4806) 2023-12-04 09:29:10 -07:00
Denis Mishin
4559320463
metrics: add linear probabilistic counter (#4776) 
* metrics: add linear probabilistic counter

* add pkg
 2023-12-04 08:51:41 -05:00
Kenneth Jenkins
a246466a87
metrics: explicitly set Accept header (#4774) 
If a request is made to the Pomerium metrics endpoint with an Accept
header requesting the Prometheus protobuf exposition format, some
metrics will be missing from the response.

These missing metrics are obtained by replaying the incoming request to 
an OpenCensus metrics exporter. This exporter honors the request for the
protobuf format, however Pomerium expects this response to be in the 
text format.

We can avoid this mismatch by explicitly requesting the text format from
the OpenCensus exporter, regardless of the incoming request's Accept
header.

(Note: the Pomerium metrics endpoint always responds with text format 
metrics, even if the protobuf format is requested.)
 2023-11-30 16:14:24 -08:00
Kenneth Jenkins
e49fbf58fa
update to Go 1.21.4 (#4770) 2023-11-29 19:16:12 -08:00
dependabot[bot]
c4dfafd76f
chore(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0 (#4677) 
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.3.1 to 1.4.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.3.1...v1.4.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-29 21:32:33 -05:00
dependabot[bot]
c62ae2dfeb
chore(deps): bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#4685) 
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.9 to 0.6.0.
- [Release notes](https://github.com/google/go-cmp/releases)
- [Commits](https://github.com/google/go-cmp/compare/v0.5.9...v0.6.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-cmp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-29 21:24:00 -05:00
dependabot[bot]
6a614c5221
chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.40.0 to 1.42.1 (#4751) 
chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3

Bumps [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) from 1.40.0 to 1.42.1.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.40.0...service/s3/v1.42.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-29 18:23:28 -08:00
Denis Mishin
140103d68b
zero: update pomerium/zero-sdk to support gzipped blobs (#4767) 2023-11-29 21:22:34 -05:00
Caleb Doxsey
bcddbff6e1
core/redis: remove redis (#4768) 
* core/redis: remove redis

* 20 minute max wait
 2023-11-28 13:14:36 -07:00
Denis Mishin
d610b9c25c
zero/core: set drwx------ for cache dir (#4764) 2023-11-27 10:36:25 -05:00
dependabot[bot]
89a76fe00f
chore(deps): bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 (#4760) 
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/v3/CHANGELOG.md)
- [Commits](https://github.com/go-jose/go-jose/compare/v3.0.0...v3.0.1)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-21 14:45:16 -08:00
Denis Mishin
7e2532f644
zero/bundle-reconciler: better code reuse (#4758) 2023-11-21 14:32:52 -05:00
Kenneth Jenkins
14b13bb791
zero: use os.UserCacheDir for boostrap config path (#4744) 2023-11-17 14:44:32 -08:00
Caleb Doxsey
6810091d38
core/zero: add support for managed mode from config file (#4756) 2023-11-17 09:04:59 -07:00
Denis Mishin
eb729a53f8
ci: use built-in github release notes generator (#4754) 2023-11-16 13:36:13 -05:00
Kenneth Jenkins
59bd8b3dfa
zero/reconciler: fix restart behavior (#4753) 
Currently the RunWithRestart() loop may not exit when execFn returns an
error unrelated to its context cancellation. Add an additional check for
this case.
 2023-11-15 14:03:22 -08:00
Caleb Doxsey
3c2dc5e0a2 core/zero: fix urls (#4743) 2023-11-15 09:21:56 -08:00
Denis Mishin
86e4ad65d1 zero: derive signing key first thing (#4631) 2023-11-15 09:21:56 -08:00