treewide: switch to gomod and bump everything This switches version resolution from fietsje to gomod and updates all Go dependencies. It also bumps rules_go (required by gVisor) and switches the Gazelle naming convention from go_default_xxx to the standard Bazel convention of the default target having the package name. Since Kubernetes dropped upstream Bazel support and doesn't check in all generated files I manually pregenerated the OpenAPI spec. This should be fixed, but because of the already-huge scope of this CL and the rebase complexity this is not in here. Change-Id: Iec8ea613d06946882426c2f9fad5bda7e8aaf833 Reviewed-on: https://review.monogon.dev/c/monogon/+/639 Reviewed-by: Sergiusz Bazanski <serge@monogon.tech> Reviewed-by: Leopold Schabel <leo@nexantic.com>

commit: d13c1c64387ca9a83bb832a3faa5c4b07268d265 [log] [tgz]
author: Lorenz Brun <lorenz@monogon.tech> Wed Mar 30 19:58:58 2022 +0200
committer: Lorenz Brun <lorenz@monogon.tech> Tue Apr 05 10:35:29 2022 +0000
tree: 0c0f534db4726e4400486aad25235e8c573d455e
parent: 79a1a8f9dd49afe8e0a2364c4586b8f39525b204 [diff]
diff --git a/metropolis/pkg/combinectx/BUILD.bazel b/metropolis/pkg/combinectx/BUILD.bazel
index d467c47..4eeca7f 100644
--- a/metropolis/pkg/combinectx/BUILD.bazel
+++ b/metropolis/pkg/combinectx/BUILD.bazel

@@ -1,17 +1,17 @@
 load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
 
 go_library(
-    name = "go_default_library",
+    name = "combinectx",
     srcs = ["combinectx.go"],
     importpath = "source.monogon.dev/metropolis/pkg/combinectx",
     visibility = ["//visibility:public"],
 )
 
 go_test(
-    name = "go_default_test",
+    name = "combinectx_test",
     srcs = [
         "combinectx_test.go",
         "example_test.go",
     ],
-    embed = [":go_default_library"],
+    embed = [":combinectx"],
 )

diff --git a/metropolis/pkg/devicemapper/BUILD.bazel b/metropolis/pkg/devicemapper/BUILD.bazel
index e0dca24..7d4c132 100644
--- a/metropolis/pkg/devicemapper/BUILD.bazel
+++ b/metropolis/pkg/devicemapper/BUILD.bazel

@@ -1,7 +1,7 @@
 load("@io_bazel_rules_go//go:def.bzl", "go_library")
 
 go_library(
-    name = "go_default_library",
+    name = "devicemapper",
     srcs = [
         "ctype.go",
         "devicemapper.go",
@@ -9,8 +9,8 @@
     importpath = "source.monogon.dev/metropolis/pkg/devicemapper",
     visibility = ["//metropolis:__subpackages__"],
     deps = [
-        "@com_github_pkg_errors//:go_default_library",
-        "@com_github_yalue_native_endian//:go_default_library",
-        "@org_golang_x_sys//unix:go_default_library",
+        "@com_github_pkg_errors//:errors",
+        "@com_github_yalue_native_endian//:native_endian",
+        "@org_golang_x_sys//unix",
     ],
 )

diff --git a/metropolis/pkg/efivarfs/BUILD.bazel b/metropolis/pkg/efivarfs/BUILD.bazel
index c41bb88..33b0685 100644
--- a/metropolis/pkg/efivarfs/BUILD.bazel
+++ b/metropolis/pkg/efivarfs/BUILD.bazel

@@ -1,7 +1,7 @@
 load("@io_bazel_rules_go//go:def.bzl", "go_library")
 
 go_library(
-    name = "go_default_library",
+    name = "efivarfs",
     srcs = [
         "boot.go",
         "efivarfs.go",
@@ -10,8 +10,8 @@
     importpath = "source.monogon.dev/metropolis/pkg/efivarfs",
     visibility = ["//visibility:public"],
     deps = [
-        "@com_github_google_uuid//:go_default_library",
-        "@org_golang_x_text//encoding/unicode:go_default_library",
-        "@org_golang_x_text//transform:go_default_library",
+        "@com_github_google_uuid//:uuid",
+        "@org_golang_x_text//encoding/unicode",
+        "@org_golang_x_text//transform",
     ],
 )

diff --git a/metropolis/pkg/erofs/BUILD.bazel b/metropolis/pkg/erofs/BUILD.bazel
index af484a8..ce1622c 100644
--- a/metropolis/pkg/erofs/BUILD.bazel
+++ b/metropolis/pkg/erofs/BUILD.bazel

@@ -2,7 +2,7 @@
 load("//metropolis/test/ktest:ktest.bzl", "ktest")
 
 go_library(
-    name = "go_default_library",
+    name = "erofs",
     srcs = [
         "compression.go",
         "defs.go",
@@ -12,26 +12,26 @@
     ],
     importpath = "source.monogon.dev/metropolis/pkg/erofs",
     visibility = ["//visibility:public"],
-    deps = ["@org_golang_x_sys//unix:go_default_library"],
+    deps = ["@org_golang_x_sys//unix"],
 )
 
 go_test(
-    name = "go_default_test",
+    name = "erofs_test",
     srcs = [
         "compression_test.go",
         "defs_test.go",
         "erofs_test.go",
     ],
-    embed = [":go_default_library"],
+    embed = [":erofs"],
     pure = "on",  # keep
     deps = [
-        "@com_github_stretchr_testify//assert:go_default_library",
-        "@com_github_stretchr_testify//require:go_default_library",
-        "@org_golang_x_sys//unix:go_default_library",
+        "@com_github_stretchr_testify//assert",
+        "@com_github_stretchr_testify//require",
+        "@org_golang_x_sys//unix",
     ],
 )
 
 ktest(
     cmdline = "ramdisk_size=128",
-    tester = ":go_default_test",
+    tester = ":erofs_test",
 )

diff --git a/metropolis/pkg/event/BUILD.bazel b/metropolis/pkg/event/BUILD.bazel
index 0217c8a..92405ff 100644
--- a/metropolis/pkg/event/BUILD.bazel
+++ b/metropolis/pkg/event/BUILD.bazel

@@ -1,7 +1,7 @@
 load("@io_bazel_rules_go//go:def.bzl", "go_library")
 
 go_library(
-    name = "go_default_library",
+    name = "event",
     srcs = ["event.go"],
     importpath = "source.monogon.dev/metropolis/pkg/event",
     visibility = ["//visibility:public"],

diff --git a/metropolis/pkg/event/etcd/BUILD.bazel b/metropolis/pkg/event/etcd/BUILD.bazel
index b00bc47..51ad5c1 100644
--- a/metropolis/pkg/event/etcd/BUILD.bazel
+++ b/metropolis/pkg/event/etcd/BUILD.bazel

@@ -1,28 +1,29 @@
 load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
 
 go_library(
-    name = "go_default_library",
+    name = "etcd",
     srcs = ["etcd.go"],
     importpath = "source.monogon.dev/metropolis/pkg/event/etcd",
     visibility = ["//visibility:public"],
     deps = [
-        "//metropolis/node/core/consensus/client:go_default_library",
-        "//metropolis/pkg/event:go_default_library",
-        "@com_github_cenkalti_backoff_v4//:go_default_library",
-        "@io_etcd_go_etcd//clientv3:go_default_library",
+        "//metropolis/node/core/consensus/client",
+        "//metropolis/pkg/event",
+        "@com_github_cenkalti_backoff_v4//:backoff",
+        "@io_etcd_go_etcd_client_v3//:client",
     ],
 )
 
 go_test(
-    name = "go_default_test",
+    name = "etcd_test",
     srcs = ["etcd_test.go"],
-    embed = [":go_default_library"],
+    embed = [":etcd"],
     deps = [
-        "//metropolis/node/core/consensus/client:go_default_library",
-        "//metropolis/pkg/event:go_default_library",
-        "@io_etcd_go_etcd//clientv3:go_default_library",
-        "@io_etcd_go_etcd//etcdserver/api/v3rpc/rpctypes:go_default_library",
-        "@io_etcd_go_etcd//integration:go_default_library",
-        "@org_golang_google_grpc//codes:go_default_library",
+        "//metropolis/node/core/consensus/client",
+        "//metropolis/pkg/event",
+        "@io_etcd_go_etcd_api_v3//v3rpc/rpctypes",
+        "@io_etcd_go_etcd_client_pkg_v3//testutil",
+        "@io_etcd_go_etcd_client_v3//:client",
+        "@io_etcd_go_etcd_tests_v3//integration",
+        "@org_golang_google_grpc//codes",
     ],
 )

diff --git a/metropolis/pkg/event/etcd/etcd.go b/metropolis/pkg/event/etcd/etcd.go
index 7b914f7..cb93325 100644
--- a/metropolis/pkg/event/etcd/etcd.go
+++ b/metropolis/pkg/event/etcd/etcd.go

@@ -7,7 +7,7 @@
 	"sync"
 
 	"github.com/cenkalti/backoff/v4"
-	"go.etcd.io/etcd/clientv3"
+	clientv3 "go.etcd.io/etcd/client/v3"
 
 	"source.monogon.dev/metropolis/node/core/consensus/client"
 	"source.monogon.dev/metropolis/pkg/event"

diff --git a/metropolis/pkg/event/etcd/etcd_test.go b/metropolis/pkg/event/etcd/etcd_test.go
index 4b620c0..faa9629 100644
--- a/metropolis/pkg/event/etcd/etcd_test.go
+++ b/metropolis/pkg/event/etcd/etcd_test.go

@@ -3,6 +3,7 @@
 import (
 	"context"
 	"errors"
+	"flag"
 	"fmt"
 	"log"
 	"os"
@@ -11,9 +12,10 @@
 	"testing"
 	"time"
 
-	"go.etcd.io/etcd/clientv3"
-	"go.etcd.io/etcd/etcdserver/api/v3rpc/rpctypes"
-	"go.etcd.io/etcd/integration"
+	"go.etcd.io/etcd/api/v3/v3rpc/rpctypes"
+	"go.etcd.io/etcd/client/pkg/v3/testutil"
+	clientv3 "go.etcd.io/etcd/client/v3"
+	"go.etcd.io/etcd/tests/v3/integration"
 	"google.golang.org/grpc/codes"
 
 	"source.monogon.dev/metropolis/node/core/consensus/client"
@@ -31,14 +33,18 @@
 		Size:                 3,
 		GRPCKeepAliveMinTime: time.Millisecond,
 	}
-	cluster = integration.NewClusterV3(nil, &cfg)
+	tb, cancel := testutil.NewTestingTBProthesis("curator")
+	defer cancel()
+	flag.Parse()
+	integration.BeforeTest(tb)
+	cluster = integration.NewClusterV3(tb, &cfg)
 	endpoints = make([]string, 3)
 	for i := range endpoints {
 		endpoints[i] = cluster.Client(i).Endpoints()[0]
 	}
 
 	v := m.Run()
-	cluster.Terminate(nil)
+	cluster.Terminate(tb)
 	os.Exit(v)
 }
 

diff --git a/metropolis/pkg/event/memory/BUILD.bazel b/metropolis/pkg/event/memory/BUILD.bazel
index 4ba79d2..da07dc3 100644
--- a/metropolis/pkg/event/memory/BUILD.bazel
+++ b/metropolis/pkg/event/memory/BUILD.bazel

@@ -1,19 +1,19 @@
 load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
 
 go_library(
-    name = "go_default_library",
+    name = "memory",
     srcs = ["memory.go"],
     importpath = "source.monogon.dev/metropolis/pkg/event/memory",
     visibility = ["//visibility:public"],
-    deps = ["//metropolis/pkg/event:go_default_library"],
+    deps = ["//metropolis/pkg/event"],
 )
 
 go_test(
-    name = "go_default_test",
+    name = "memory_test",
     srcs = [
         "example_test.go",
         "memory_test.go",
     ],
-    embed = [":go_default_library"],
-    deps = ["//metropolis/pkg/event:go_default_library"],
+    embed = [":memory"],
+    deps = ["//metropolis/pkg/event"],
 )

diff --git a/metropolis/pkg/fileargs/BUILD.bazel b/metropolis/pkg/fileargs/BUILD.bazel
index 3abaf26..0b7b2fc 100644
--- a/metropolis/pkg/fileargs/BUILD.bazel
+++ b/metropolis/pkg/fileargs/BUILD.bazel

@@ -1,9 +1,9 @@
 load("@io_bazel_rules_go//go:def.bzl", "go_library")
 
 go_library(
-    name = "go_default_library",
+    name = "fileargs",
     srcs = ["fileargs.go"],
     importpath = "source.monogon.dev/metropolis/pkg/fileargs",
     visibility = ["//metropolis:__subpackages__"],
-    deps = ["@org_golang_x_sys//unix:go_default_library"],
+    deps = ["@org_golang_x_sys//unix"],
 )

diff --git a/metropolis/pkg/freeport/BUILD.bazel b/metropolis/pkg/freeport/BUILD.bazel
index 990cfa8..6933128 100644
--- a/metropolis/pkg/freeport/BUILD.bazel
+++ b/metropolis/pkg/freeport/BUILD.bazel

@@ -1,7 +1,7 @@
 load("@io_bazel_rules_go//go:def.bzl", "go_library")
 
 go_library(
-    name = "go_default_library",
+    name = "freeport",
     srcs = ["freeport.go"],
     importpath = "source.monogon.dev/metropolis/pkg/freeport",
     visibility = ["//metropolis:__subpackages__"],

diff --git a/metropolis/pkg/fsquota/BUILD.bazel b/metropolis/pkg/fsquota/BUILD.bazel
index b25d812..5fa7037 100644
--- a/metropolis/pkg/fsquota/BUILD.bazel
+++ b/metropolis/pkg/fsquota/BUILD.bazel

@@ -2,25 +2,25 @@
 load("//metropolis/test/ktest:ktest.bzl", "ktest")
 
 go_library(
-    name = "go_default_library",
+    name = "fsquota",
     srcs = ["fsquota.go"],
     importpath = "source.monogon.dev/metropolis/pkg/fsquota",
     visibility = ["//metropolis:__subpackages__"],
     deps = [
-        "//metropolis/pkg/fsquota/fsxattrs:go_default_library",
-        "//metropolis/pkg/fsquota/quotactl:go_default_library",
-        "@org_golang_x_sys//unix:go_default_library",
+        "//metropolis/pkg/fsquota/fsxattrs",
+        "//metropolis/pkg/fsquota/quotactl",
+        "@org_golang_x_sys//unix",
     ],
 )
 
 go_test(
-    name = "go_default_test",
+    name = "fsquota_test",
     srcs = ["fsquota_test.go"],
-    embed = [":go_default_library"],
+    embed = [":fsquota"],
     pure = "on",
     deps = [
-        "@com_github_stretchr_testify//require:go_default_library",
-        "@org_golang_x_sys//unix:go_default_library",
+        "@com_github_stretchr_testify//require",
+        "@org_golang_x_sys//unix",
     ],
 )
 
@@ -29,5 +29,5 @@
     files_cc = {
         "@xfsprogs//:mkfs": "/mkfs.xfs",
     },
-    tester = ":go_default_test",
+    tester = ":fsquota_test",
 )

diff --git a/metropolis/pkg/fsquota/fsxattrs/BUILD.bazel b/metropolis/pkg/fsquota/fsxattrs/BUILD.bazel
index 5af2ebb..2d23e99 100644
--- a/metropolis/pkg/fsquota/fsxattrs/BUILD.bazel
+++ b/metropolis/pkg/fsquota/fsxattrs/BUILD.bazel

@@ -1,9 +1,9 @@
 load("@io_bazel_rules_go//go:def.bzl", "go_library")
 
 go_library(
-    name = "go_default_library",
+    name = "fsxattrs",
     srcs = ["fsxattrs.go"],
     importpath = "source.monogon.dev/metropolis/pkg/fsquota/fsxattrs",
     visibility = ["//metropolis:__subpackages__"],
-    deps = ["@org_golang_x_sys//unix:go_default_library"],
+    deps = ["@org_golang_x_sys//unix"],
 )

diff --git a/metropolis/pkg/fsquota/quotactl/BUILD.bazel b/metropolis/pkg/fsquota/quotactl/BUILD.bazel
index 8c5205d..108b771 100644
--- a/metropolis/pkg/fsquota/quotactl/BUILD.bazel
+++ b/metropolis/pkg/fsquota/quotactl/BUILD.bazel

@@ -1,9 +1,9 @@
 load("@io_bazel_rules_go//go:def.bzl", "go_library")
 
 go_library(
-    name = "go_default_library",
+    name = "quotactl",
     srcs = ["quotactl.go"],
     importpath = "source.monogon.dev/metropolis/pkg/fsquota/quotactl",
     visibility = ["//metropolis:__subpackages__"],
-    deps = ["@org_golang_x_sys//unix:go_default_library"],
+    deps = ["@org_golang_x_sys//unix"],
 )

diff --git a/metropolis/pkg/jsonpatch/BUILD.bazel b/metropolis/pkg/jsonpatch/BUILD.bazel
index f9b6239..3aa6d95 100644
--- a/metropolis/pkg/jsonpatch/BUILD.bazel
+++ b/metropolis/pkg/jsonpatch/BUILD.bazel

@@ -1,14 +1,14 @@
 load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
 
 go_library(
-    name = "go_default_library",
+    name = "jsonpatch",
     srcs = ["jsonpatch.go.go"],
     importpath = "source.monogon.dev/metropolis/pkg/jsonpatch",
     visibility = ["//metropolis:__subpackages__"],
 )
 
 go_test(
-    name = "go_default_test",
+    name = "jsonpatch_test",
     srcs = ["jsonpatch_test.go"],
-    embed = [":go_default_library"],
+    embed = [":jsonpatch"],
 )

diff --git a/metropolis/pkg/logbuffer/BUILD.bazel b/metropolis/pkg/logbuffer/BUILD.bazel
index c3e9e2a..cd0e3af 100644
--- a/metropolis/pkg/logbuffer/BUILD.bazel
+++ b/metropolis/pkg/logbuffer/BUILD.bazel

@@ -1,22 +1,22 @@
 load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
 
 go_library(
-    name = "go_default_library",
+    name = "logbuffer",
     srcs = [
         "linebuffer.go",
         "logbuffer.go",
     ],
     importpath = "source.monogon.dev/metropolis/pkg/logbuffer",
     visibility = ["//metropolis:__subpackages__"],
-    deps = ["//metropolis/proto/api:go_default_library"],
+    deps = ["//metropolis/proto/api"],
 )
 
 go_test(
-    name = "go_default_test",
+    name = "logbuffer_test",
     srcs = [
         "linebuffer_test.go",
         "logbuffer_test.go",
     ],
-    embed = [":go_default_library"],
-    deps = ["@com_github_stretchr_testify//require:go_default_library"],
+    embed = [":logbuffer"],
+    deps = ["@com_github_stretchr_testify//require"],
 )

diff --git a/metropolis/pkg/logtree/BUILD.bazel b/metropolis/pkg/logtree/BUILD.bazel
index f49430e..0df5679 100644
--- a/metropolis/pkg/logtree/BUILD.bazel
+++ b/metropolis/pkg/logtree/BUILD.bazel

@@ -1,7 +1,7 @@
 load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
 
 go_library(
-    name = "go_default_library",
+    name = "logtree",
     srcs = [
         "doc.go",
         "journal.go",
@@ -19,18 +19,18 @@
     importpath = "source.monogon.dev/metropolis/pkg/logtree",
     visibility = ["//metropolis:__subpackages__"],
     deps = [
-        "//metropolis/pkg/logbuffer:go_default_library",
-        "//metropolis/proto/api:go_default_library",
+        "//metropolis/pkg/logbuffer",
+        "//metropolis/proto/api",
     ],
 )
 
 go_test(
-    name = "go_default_test",
+    name = "logtree_test",
     srcs = [
         "journal_test.go",
         "klog_test.go",
         "logtree_test.go",
     ],
-    embed = [":go_default_library"],
-    deps = ["@com_github_google_go_cmp//cmp:go_default_library"],
+    embed = [":logtree"],
+    deps = ["@com_github_google_go_cmp//cmp"],
 )

diff --git a/metropolis/pkg/logtree/unraw/BUILD.bazel b/metropolis/pkg/logtree/unraw/BUILD.bazel
index 00a15d3..646d631 100644
--- a/metropolis/pkg/logtree/unraw/BUILD.bazel
+++ b/metropolis/pkg/logtree/unraw/BUILD.bazel

@@ -1,24 +1,24 @@
 load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
 
 go_library(
-    name = "go_default_library",
+    name = "unraw",
     srcs = ["unraw.go"],
     importpath = "source.monogon.dev/metropolis/pkg/logtree/unraw",
     visibility = ["//visibility:public"],
     deps = [
-        "//metropolis/pkg/logbuffer:go_default_library",
-        "//metropolis/pkg/logtree:go_default_library",
-        "//metropolis/pkg/supervisor:go_default_library",
+        "//metropolis/pkg/logbuffer",
+        "//metropolis/pkg/logtree",
+        "//metropolis/pkg/supervisor",
     ],
 )
 
 go_test(
-    name = "go_default_test",
+    name = "unraw_test",
     srcs = ["unraw_test.go"],
-    embed = [":go_default_library"],
+    embed = [":unraw"],
     deps = [
-        "//metropolis/pkg/logbuffer:go_default_library",
-        "//metropolis/pkg/logtree:go_default_library",
-        "//metropolis/pkg/supervisor:go_default_library",
+        "//metropolis/pkg/logbuffer",
+        "//metropolis/pkg/logtree",
+        "//metropolis/pkg/supervisor",
     ],
 )

diff --git a/metropolis/pkg/loop/BUILD.bazel b/metropolis/pkg/loop/BUILD.bazel
index 1bf0722..8c4e10a 100644
--- a/metropolis/pkg/loop/BUILD.bazel
+++ b/metropolis/pkg/loop/BUILD.bazel

@@ -2,24 +2,24 @@
 load("//metropolis/test/ktest:ktest.bzl", "ktest")
 
 go_library(
-    name = "go_default_library",
+    name = "loop",
     srcs = ["loop.go"],
     importpath = "source.monogon.dev/metropolis/pkg/loop",
     visibility = ["//visibility:public"],
-    deps = ["@org_golang_x_sys//unix:go_default_library"],
+    deps = ["@org_golang_x_sys//unix"],
 )
 
 go_test(
-    name = "go_default_test",
+    name = "loop_test",
     srcs = ["loop_test.go"],
-    embed = [":go_default_library"],
+    embed = [":loop"],
     deps = [
-        "@com_github_stretchr_testify//assert:go_default_library",
-        "@com_github_stretchr_testify//require:go_default_library",
-        "@org_golang_x_sys//unix:go_default_library",
+        "@com_github_stretchr_testify//assert",
+        "@com_github_stretchr_testify//require",
+        "@org_golang_x_sys//unix",
     ],
 )
 
 ktest(
-    tester = ":go_default_test",
+    tester = ":loop_test",
 )

diff --git a/metropolis/pkg/pki/BUILD.bazel b/metropolis/pkg/pki/BUILD.bazel
index 04f02ae..ec3babe 100644
--- a/metropolis/pkg/pki/BUILD.bazel
+++ b/metropolis/pkg/pki/BUILD.bazel

@@ -1,7 +1,7 @@
 load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
 
 go_library(
-    name = "go_default_library",
+    name = "pki",
     srcs = [
         "ca.go",
         "certificate.go",
@@ -11,23 +11,24 @@
     importpath = "source.monogon.dev/metropolis/pkg/pki",
     visibility = ["//visibility:public"],
     deps = [
-        "//metropolis/node/core/consensus/client:go_default_library",
-        "//metropolis/pkg/event:go_default_library",
-        "//metropolis/pkg/event/etcd:go_default_library",
-        "//metropolis/pkg/fileargs:go_default_library",
-        "@io_etcd_go_etcd//clientv3:go_default_library",
+        "//metropolis/node/core/consensus/client",
+        "//metropolis/pkg/event",
+        "//metropolis/pkg/event/etcd",
+        "//metropolis/pkg/fileargs",
+        "@io_etcd_go_etcd_client_v3//:client",
     ],
 )
 
 go_test(
-    name = "go_default_test",
+    name = "pki_test",
     srcs = [
         "certificate_test.go",
         "crl_test.go",
     ],
-    embed = [":go_default_library"],
+    embed = [":pki"],
     deps = [
-        "//metropolis/node/core/consensus/client:go_default_library",
-        "@io_etcd_go_etcd//integration:go_default_library",
+        "//metropolis/node/core/consensus/client",
+        "@io_etcd_go_etcd_client_pkg_v3//testutil",
+        "@io_etcd_go_etcd_tests_v3//integration",
     ],
 )

diff --git a/metropolis/pkg/pki/ca.go b/metropolis/pkg/pki/ca.go
index 7c03f9f..29d1335 100644
--- a/metropolis/pkg/pki/ca.go
+++ b/metropolis/pkg/pki/ca.go

@@ -25,7 +25,7 @@
 	"math/big"
 	"time"
 
-	"go.etcd.io/etcd/clientv3"
+	clientv3 "go.etcd.io/etcd/client/v3"
 )
 
 // Issuer is an entity that can issue certificates. This interface is

diff --git a/metropolis/pkg/pki/certificate.go b/metropolis/pkg/pki/certificate.go
index f6d480a..a423680 100644
--- a/metropolis/pkg/pki/certificate.go
+++ b/metropolis/pkg/pki/certificate.go

@@ -29,7 +29,7 @@
 	"fmt"
 	"net"
 
-	"go.etcd.io/etcd/clientv3"
+	clientv3 "go.etcd.io/etcd/client/v3"
 
 	"source.monogon.dev/metropolis/pkg/fileargs"
 )

diff --git a/metropolis/pkg/pki/certificate_test.go b/metropolis/pkg/pki/certificate_test.go
index da8dee9..d38b559 100644
--- a/metropolis/pkg/pki/certificate_test.go
+++ b/metropolis/pkg/pki/certificate_test.go

@@ -8,17 +8,20 @@
 	"crypto/x509"
 	"testing"
 
-	"go.etcd.io/etcd/integration"
+	"go.etcd.io/etcd/client/pkg/v3/testutil"
+	"go.etcd.io/etcd/tests/v3/integration"
 )
 
 // TestManaged ensures Managed Certificates work, including re-ensuring
 // certificates with the same data and issuing subordinate certificates.
 func TestManaged(t *testing.T) {
-	cluster := integration.NewClusterV3(nil, &integration.ClusterConfig{
+	tb, cancel := testutil.NewTestingTBProthesis("pki-managed")
+	defer cancel()
+	cluster := integration.NewClusterV3(tb, &integration.ClusterConfig{
 		Size: 1,
 	})
 	cl := cluster.Client(0)
-	defer cluster.Terminate(nil)
+	defer cluster.Terminate(tb)
 	ctx, ctxC := context.WithCancel(context.Background())
 	defer ctxC()
 	ns := Namespaced("/test-managed/")
@@ -100,11 +103,13 @@
 // re-Ensuring certificates with the same public key, and attempting to re-issue
 // the same certificate with a different public key (which should fail).
 func TestExternal(t *testing.T) {
-	cluster := integration.NewClusterV3(nil, &integration.ClusterConfig{
+	tb, cancel := testutil.NewTestingTBProthesis("pki-managed")
+	defer cancel()
+	cluster := integration.NewClusterV3(tb, &integration.ClusterConfig{
 		Size: 1,
 	})
 	cl := cluster.Client(0)
-	defer cluster.Terminate(nil)
+	defer cluster.Terminate(tb)
 	ctx, ctxC := context.WithCancel(context.Background())
 	defer ctxC()
 	ns := Namespaced("/test-external/")

diff --git a/metropolis/pkg/pki/crl.go b/metropolis/pkg/pki/crl.go
index 2627776..8b886bf 100644
--- a/metropolis/pkg/pki/crl.go
+++ b/metropolis/pkg/pki/crl.go

@@ -9,7 +9,7 @@
 	"math/big"
 	"time"
 
-	"go.etcd.io/etcd/clientv3"
+	clientv3 "go.etcd.io/etcd/client/v3"
 
 	"source.monogon.dev/metropolis/node/core/consensus/client"
 	"source.monogon.dev/metropolis/pkg/event"

diff --git a/metropolis/pkg/pki/crl_test.go b/metropolis/pkg/pki/crl_test.go
index 39a0b0e..8f9cf5d 100644
--- a/metropolis/pkg/pki/crl_test.go
+++ b/metropolis/pkg/pki/crl_test.go

@@ -5,7 +5,8 @@
 	"crypto/x509"
 	"testing"
 
-	"go.etcd.io/etcd/integration"
+	"go.etcd.io/etcd/client/pkg/v3/testutil"
+	"go.etcd.io/etcd/tests/v3/integration"
 
 	"source.monogon.dev/metropolis/node/core/consensus/client"
 )
@@ -13,11 +14,13 @@
 // TestRevoke exercises the CRL revocation and watching functionality of a CA
 // certificate.
 func TestRevoke(t *testing.T) {
-	cluster := integration.NewClusterV3(nil, &integration.ClusterConfig{
+	tb, cancel := testutil.NewTestingTBProthesis("pki-revoke")
+	defer cancel()
+	cluster := integration.NewClusterV3(tb, &integration.ClusterConfig{
 		Size: 1,
 	})
 	cl := client.NewLocal(cluster.Client(0))
-	defer cluster.Terminate(nil)
+	defer cluster.Terminate(tb)
 	ctx, ctxC := context.WithCancel(context.Background())
 	defer ctxC()
 	ns := Namespaced("/test-managed/")

diff --git a/metropolis/pkg/supervisor/BUILD.bazel b/metropolis/pkg/supervisor/BUILD.bazel
index fdac70f..f51612c 100644
--- a/metropolis/pkg/supervisor/BUILD.bazel
+++ b/metropolis/pkg/supervisor/BUILD.bazel

@@ -1,7 +1,7 @@
 load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
 
 go_library(
-    name = "go_default_library",
+    name = "supervisor",
     srcs = [
         "supervisor.go",
         "supervisor_node.go",
@@ -12,15 +12,15 @@
     importpath = "source.monogon.dev/metropolis/pkg/supervisor",
     visibility = ["//metropolis:__subpackages__"],
     deps = [
-        "//metropolis/pkg/logtree:go_default_library",
-        "@com_github_cenkalti_backoff_v4//:go_default_library",
+        "//metropolis/pkg/logtree",
+        "@com_github_cenkalti_backoff_v4//:backoff",
         "@org_golang_google_grpc//:go_default_library",
     ],
 )
 
 go_test(
-    name = "go_default_test",
+    name = "supervisor_test",
     srcs = ["supervisor_test.go"],
-    embed = [":go_default_library"],
-    deps = ["//metropolis/pkg/logtree:go_default_library"],
+    embed = [":supervisor"],
+    deps = ["//metropolis/pkg/logtree"],
 )

diff --git a/metropolis/pkg/sysfs/BUILD.bazel b/metropolis/pkg/sysfs/BUILD.bazel
index 87fa937..068f9f6 100644
--- a/metropolis/pkg/sysfs/BUILD.bazel
+++ b/metropolis/pkg/sysfs/BUILD.bazel

@@ -1,7 +1,7 @@
 load("@io_bazel_rules_go//go:def.bzl", "go_library")
 
 go_library(
-    name = "go_default_library",
+    name = "sysfs",
     srcs = [
         "block.go",
         "uevents.go",

diff --git a/metropolis/pkg/tpm/BUILD.bazel b/metropolis/pkg/tpm/BUILD.bazel
index da2154a..4873a82 100644
--- a/metropolis/pkg/tpm/BUILD.bazel
+++ b/metropolis/pkg/tpm/BUILD.bazel

@@ -1,7 +1,7 @@
 load("@io_bazel_rules_go//go:def.bzl", "go_library")
 
 go_library(
-    name = "go_default_library",
+    name = "tpm",
     srcs = [
         "credactivation_compat.go",
         "tpm.go",
@@ -9,15 +9,15 @@
     importpath = "source.monogon.dev/metropolis/pkg/tpm",
     visibility = ["//metropolis:__subpackages__"],
     deps = [
-        "//metropolis/pkg/logtree:go_default_library",
-        "//metropolis/pkg/sysfs:go_default_library",
-        "//metropolis/pkg/tpm/proto:go_default_library",
+        "//metropolis/pkg/logtree",
+        "//metropolis/pkg/sysfs",
+        "//metropolis/pkg/tpm/proto",
         "@com_github_golang_protobuf//proto:go_default_library",
-        "@com_github_google_go_tpm//tpm2:go_default_library",
-        "@com_github_google_go_tpm//tpmutil:go_default_library",
-        "@com_github_google_go_tpm_tools//tpm2tools:go_default_library",
-        "@com_github_pkg_errors//:go_default_library",
-        "@org_golang_x_crypto//nacl/secretbox:go_default_library",
-        "@org_golang_x_sys//unix:go_default_library",
+        "@com_github_google_go_tpm//tpm2",
+        "@com_github_google_go_tpm//tpmutil",
+        "@com_github_google_go_tpm_tools//client",
+        "@com_github_pkg_errors//:errors",
+        "@org_golang_x_crypto//nacl/secretbox",
+        "@org_golang_x_sys//unix",
     ],
 )

diff --git a/metropolis/pkg/tpm/credactivation_compat.go b/metropolis/pkg/tpm/credactivation_compat.go
index a6710ae..24766a7 100644
--- a/metropolis/pkg/tpm/credactivation_compat.go
+++ b/metropolis/pkg/tpm/credactivation_compat.go

@@ -46,7 +46,7 @@
 )
 
 func generateRSA(aik *tpm2.HashValue, pub *rsa.PublicKey, symBlockSize int, secret []byte, rnd io.Reader) ([]byte, []byte, error) {
-	newAIKHash, err := aik.Alg.HashConstructor()
+	aikHash, err := aik.Alg.Hash()
 	if err != nil {
 		return nil, nil, err
 	}
@@ -63,7 +63,7 @@
 	// Encrypt the seed value using the provided public key.
 	// See annex B, section 10.4 of the TPM specification revision 2 part 1.
 	label := append([]byte(labelIdentity), 0)
-	encSecret, err := rsa.EncryptOAEP(newAIKHash(), rnd, pub, seed, label)
+	encSecret, err := rsa.EncryptOAEP(aikHash.New(), rnd, pub, seed, label)
 	if err != nil {
 		return nil, nil, fmt.Errorf("generating encrypted seed: %v", err)
 	}
@@ -95,12 +95,12 @@
 	// Generate the integrity HMAC, which is used to protect the integrity of the
 	// encrypted structure.
 	// See section 24.5 of the TPM specification revision 2 part 1.
-	macKey, err := tpm2.KDFa(aik.Alg, seed, labelIntegrity, nil, nil, newAIKHash().Size()*8)
+	macKey, err := tpm2.KDFa(aik.Alg, seed, labelIntegrity, nil, nil, aikHash.Size()*8)
 	if err != nil {
 		return nil, nil, fmt.Errorf("generating HMAC key: %v", err)
 	}
 
-	mac := hmac.New(newAIKHash, macKey)
+	mac := hmac.New(aikHash.New, macKey)
 	mac.Write(encIdentity)
 	mac.Write(aikNameEncoded)
 	integrityHMAC := mac.Sum(nil)

diff --git a/metropolis/pkg/tpm/eventlog/BUILD.bazel b/metropolis/pkg/tpm/eventlog/BUILD.bazel
index a678808..7bbd464 100644
--- a/metropolis/pkg/tpm/eventlog/BUILD.bazel
+++ b/metropolis/pkg/tpm/eventlog/BUILD.bazel

@@ -1,7 +1,7 @@
 load("@io_bazel_rules_go//go:def.bzl", "go_library")
 
 go_library(
-    name = "go_default_library",
+    name = "eventlog",
     srcs = [
         "compat.go",
         "eventlog.go",
@@ -10,8 +10,8 @@
     importpath = "source.monogon.dev/metropolis/pkg/tpm/eventlog",
     visibility = ["//metropolis:__subpackages__"],
     deps = [
-        "//metropolis/pkg/tpm/eventlog/internal:go_default_library",
-        "@com_github_google_certificate_transparency_go//x509:go_default_library",
-        "@com_github_google_go_tpm//tpm2:go_default_library",
+        "//metropolis/pkg/tpm/eventlog/internal",
+        "@com_github_google_certificate_transparency_go//x509",
+        "@com_github_google_go_tpm//tpm2",
     ],
 )

diff --git a/metropolis/pkg/tpm/eventlog/internal/BUILD.bazel b/metropolis/pkg/tpm/eventlog/internal/BUILD.bazel
index d4730aa..f134e7c 100644
--- a/metropolis/pkg/tpm/eventlog/internal/BUILD.bazel
+++ b/metropolis/pkg/tpm/eventlog/internal/BUILD.bazel

@@ -1,12 +1,12 @@
 load("@io_bazel_rules_go//go:def.bzl", "go_library")
 
 go_library(
-    name = "go_default_library",
+    name = "internal",
     srcs = ["events.go"],
     importpath = "source.monogon.dev/metropolis/pkg/tpm/eventlog/internal",
     visibility = ["//metropolis/pkg/tpm/eventlog:__subpackages__"],
     deps = [
-        "@com_github_google_certificate_transparency_go//asn1:go_default_library",
-        "@com_github_google_certificate_transparency_go//x509:go_default_library",
+        "@com_github_google_certificate_transparency_go//asn1",
+        "@com_github_google_certificate_transparency_go//x509",
     ],
 )

diff --git a/metropolis/pkg/tpm/proto/BUILD.bazel b/metropolis/pkg/tpm/proto/BUILD.bazel
index 7d7ee86..81c42e6 100644
--- a/metropolis/pkg/tpm/proto/BUILD.bazel
+++ b/metropolis/pkg/tpm/proto/BUILD.bazel

@@ -6,7 +6,7 @@
     name = "proto_proto",
     srcs = ["tpm.proto"],
     visibility = ["//visibility:public"],
-    deps = ["@com_github_google_go_tpm_tools//proto:proto_proto"],  #keep
+    deps = ["@com_github_google_go_tpm_tools//proto/tpm:tpm_proto"],  #keep
 )
 
 go_proto_library(
@@ -14,11 +14,11 @@
     importpath = "source.monogon.dev/metropolis/pkg/tpm/proto",
     proto = ":proto_proto",
     visibility = ["//visibility:public"],
-    deps = ["@com_github_google_go_tpm_tools//proto:go_default_library"],  #keep
+    deps = ["@com_github_google_go_tpm_tools//proto/tpm"],  #keep
 )
 
 go_library(
-    name = "go_default_library",
+    name = "proto",
     embed = [":proto_go_proto"],
     importpath = "source.monogon.dev/metropolis/pkg/tpm/proto",
     visibility = ["//visibility:public"],

diff --git a/metropolis/pkg/tpm/proto/tpm.proto b/metropolis/pkg/tpm/proto/tpm.proto
index 29b74aa..9f86291 100644
--- a/metropolis/pkg/tpm/proto/tpm.proto
+++ b/metropolis/pkg/tpm/proto/tpm.proto

@@ -2,7 +2,7 @@
 option go_package = "source.monogon.dev/metropolis/pkg/tpm/proto";
 package metropolis.pkg.tpm;
 
-import "proto/tpm.proto";
+import "proto/tpm/tpm.proto";
 
 // ExtendedSealedBytes contains data sealed by a TPM2 via an indirection to
 // allow for more than 128 bytes of payload. It seals an ephemeral key for
@@ -10,7 +10,7 @@
 // key.
 message ExtendedSealedBytes {
   // The secretbox key, as sealed by the TPM.
-  .proto.SealedBytes sealed_key = 1;
+  .tpm.SealedBytes sealed_key = 1;
   // The encrypted box contents.
   bytes encrypted_payload = 2;
 }
\ No newline at end of file

diff --git a/metropolis/pkg/tpm/tpm.go b/metropolis/pkg/tpm/tpm.go
index fe7c698..2b7d20d 100644
--- a/metropolis/pkg/tpm/tpm.go
+++ b/metropolis/pkg/tpm/tpm.go

@@ -32,7 +32,7 @@
 	"time"
 
 	"github.com/golang/protobuf/proto"
-	"github.com/google/go-tpm-tools/tpm2tools"
+	tpm2tools "github.com/google/go-tpm-tools/client"
 	"github.com/google/go-tpm/tpm2"
 	"github.com/google/go-tpm/tpmutil"
 	"github.com/pkg/errors"
@@ -247,7 +247,7 @@
 	// therefore we can just leave it all-zero.
 	var unusedNonce [24]byte
 	encryptedData := secretbox.Seal(nil, data, &unusedNonce, &boxKeyArr)
-	sealedKey, err := srk.Seal(pcrs, boxKey)
+	sealedKey, err := srk.Seal(boxKey, tpm2tools.SealOpts{Current: tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: pcrs}})
 	if err != nil {
 		return []byte{}, fmt.Errorf("failed to seal boxKey: %w", err)
 	}
@@ -286,7 +286,7 @@
 		pcrList = append(pcrList, string(pcr))
 	}
 	tpm.logger.Infof("Attempting to unseal key protected with PCRs %s", strings.Join(pcrList, ","))
-	unsealedKey, err := srk.Unseal(sealedBytes.SealedKey)
+	unsealedKey, err := srk.Unseal(sealedBytes.SealedKey, tpm2tools.UnsealOpts{})
 	if err != nil {
 		return []byte{}, errors.Wrap(err, "failed to unseal key")
 	}
@@ -460,7 +460,7 @@
 	}
 	defer tpm2.FlushContext(tpm.device, endorsementSession)
 
-	_, err = tpm2.PolicySecret(tpm.device, tpm2.HandleEndorsement, tpm2.AuthCommand{Session: tpm2.HandlePasswordSession, Attributes: tpm2.AttrContinueSession}, endorsementSession, nil, nil, nil, 0)
+	_, _, err = tpm2.PolicySecret(tpm.device, tpm2.HandleEndorsement, tpm2.AuthCommand{Session: tpm2.HandlePasswordSession, Attributes: tpm2.AttrContinueSession}, endorsementSession, nil, nil, nil, 0)
 	if err != nil {
 		return []byte{}, fmt.Errorf("failed to make a policy secret session: %w", err)
 	}

diff --git a/metropolis/pkg/verity/BUILD.bazel b/metropolis/pkg/verity/BUILD.bazel
index b500b31..7e0e465 100644
--- a/metropolis/pkg/verity/BUILD.bazel
+++ b/metropolis/pkg/verity/BUILD.bazel

@@ -2,24 +2,24 @@
 load("//metropolis/test/ktest:ktest.bzl", "ktest")
 
 go_library(
-    name = "go_default_library",
+    name = "verity",
     srcs = ["encoder.go"],
     importpath = "source.monogon.dev/metropolis/pkg/verity",
     visibility = ["//visibility:public"],
 )
 
 go_test(
-    name = "go_default_test",
+    name = "verity_test",
     srcs = ["encoder_test.go"],
-    embed = [":go_default_library"],
+    embed = [":verity"],
     deps = [
-        "//metropolis/pkg/devicemapper:go_default_library",
-        "@com_github_stretchr_testify//require:go_default_library",
-        "@org_golang_x_sys//unix:go_default_library",
+        "//metropolis/pkg/devicemapper",
+        "@com_github_stretchr_testify//require",
+        "@org_golang_x_sys//unix",
     ],
 )
 
 ktest(
     cmdline = "ramdisk_size=16384",
-    tester = ":go_default_test",
+    tester = ":verity_test",
 )
commit	d13c1c64387ca9a83bb832a3faa5c4b07268d265	[log] [tgz]
author	Lorenz Brun <lorenz@monogon.tech>	Wed Mar 30 19:58:58 2022 +0200
committer	Lorenz Brun <lorenz@monogon.tech>	Tue Apr 05 10:35:29 2022 +0000
tree	0c0f534db4726e4400486aad25235e8c573d455e
parent	79a1a8f9dd49afe8e0a2364c4586b8f39525b204 [diff]