Dmitri Shuralyov (Gerrit)

unread,

Feb 24, 2026, 3:02:23 PM (3 days ago) Feb 24

to Dmitri Shuralyov, goph...@pubsubhelper.golang.org, Carlos Amedee, Roland Shoemaker, Dmitri Shuralyov, Go LUCI, golang-co...@googlegroups.com

Attention needed from Carlos Amedee

New activity on the change

Open in Gerrit

Related details

Attention is currently required from:

Carlos Amedee

Submit Requirements:

Code-Review
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

unsatisfied_requirement

satisfied_requirement

open

diffy

Carlos Amedee (Gerrit)

unread,

Feb 25, 2026, 3:42:45 PM (2 days ago) Feb 25

to Dmitri Shuralyov, goph...@pubsubhelper.golang.org, Go LUCI, Roland Shoemaker, Dmitri Shuralyov, golang-co...@googlegroups.com

Attention needed from Dmitri Shuralyov

Carlos Amedee voted and added 3 comments

Votes added by Carlos Amedee

Code-Review

+2

3 comments

Patchset-level comments

File-level comment, Patchset 2 (Latest):

Carlos Amedee . resolved

Thanks.

File cmd/genbotcert/genbotcert.go

Line 102, Patchset 2 (Latest):func generateCert(ctx context.Context, csrPath, hostname string) error {

Carlos Amedee . resolved

Just out of curiosity, why did you invert these two values? Was it to sort them alphabetically?

Line 157, Patchset 2 (Latest): if err := cr.CheckSignature(); err != nil {

Carlos Amedee . resolved

Good explicit check.

Open in Gerrit

Related details

Attention is currently required from:

Dmitri Shuralyov

Submit Requirements:

Code-Review
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Dmitri Shuralyov (Gerrit)

unread,

4:02 PM (2 hours ago) 4:02 PM

to Dmitri Shuralyov, goph...@pubsubhelper.golang.org, Carlos Amedee, Go LUCI, Roland Shoemaker, Dmitri Shuralyov, golang-co...@googlegroups.com

Dmitri Shuralyov voted and added 3 comments

Votes added by Dmitri Shuralyov

Auto-Submit

+1

3 comments

Patchset-level comments

File-level comment, Patchset 2 (Latest):

Dmitri Shuralyov . resolved

Thanks.

File cmd/genbotcert/genbotcert.go

Line 102, Patchset 2 (Latest):func generateCert(ctx context.Context, csrPath, hostname string) error {

Carlos Amedee . resolved

Just out of curiosity, why did you invert these two values? Was it to sort them alphabetically?

Dmitri Shuralyov

It wasn't about alphabetical order; my intent was to leave the parameters in what seemed like a descending order, placing the core parameter towards the front, secondary parameter later. That is, I thought for purposes of `readAndCheckCSR` the csrPath is the main input. Hostname is only being passed in to double-check that the CSR was generated for the intended hostname.

I try to refrain from reordering parameters of the same time type, since it's more risky and not always an improvement to readability for other people, but here it seemed worth doing alongside the refactoring for tests.

Line 157, Patchset 2 (Latest): if err := cr.CheckSignature(); err != nil {

Carlos Amedee . resolved

Good explicit check.

Dmitri Shuralyov

For posterity, I'll add a note here that I don't expect it to be neccessary because if it fails here, it shouldn't succeed in the future step of creating the certificate remotely.

But it seemed consistent to add a local check here since we're already checking other things that should always match when a sufficiently new version of genbotcert was used to create the CSR.

Open in Gerrit

Related details

Attention set is empty

Submit Requirements:

Code-Review
No-Unresolved-Comments
Review-Enforcement
TryBots-Pass

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

open

diffy

Gopher Robot (Gerrit)

unread,

4:03 PM (2 hours ago) 4:03 PM

to Dmitri Shuralyov, goph...@pubsubhelper.golang.org, golang-...@googlegroups.com, Carlos Amedee, Go LUCI, Roland Shoemaker, Dmitri Shuralyov, golang-co...@googlegroups.com

Gopher Robot submitted the change

Change information

Commit message:

cmd/genbotcert: add detail to hostname mismatch error

Previously, if the CSR was somehow generated without a .bots.golang.org
suffix, the hostname check would catch that it didn't match but print a
message that's not very clear. Make it more detailed.

Also check some other fields that should match provided that genbotcert,
an appropriately-new version thereof, was used to create the CSR rather
than something else.

Change-Id: Id281fd19ad8fedae284b344df6f61bca280d59d1

Reviewed-on: https://go-review.googlesource.com/c/build/+/748560

Reviewed-by: Dmitri Shuralyov <dmit...@google.com>

LUCI-TryBot-Result: Go LUCI <golang...@luci-project-accounts.iam.gserviceaccount.com>

Auto-Submit: Dmitri Shuralyov <dmit...@golang.org>

Reviewed-by: Carlos Amedee <car...@golang.org>

Files:

M cmd/genbotcert/genbotcert.go
A cmd/genbotcert/genbotcert_test.go

Change size: M

Delta: 2 files changed, 102 insertions(+), 25 deletions(-)

Branch: refs/heads/master

Submit Requirements:

Code-Review: +1 by Dmitri Shuralyov, +2 by Carlos Amedee
TryBots-Pass: LUCI-TryBot-Result+1 by Go LUCI

Open in Gerrit

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

open

diffy

satisfied_requirement

Reply all

Reply to author

Forward

[build] cmd/genbotcert: add detail to hostname mismatch error

Dmitri Shuralyov (Gerrit)

New activity on the change

Related details

Carlos Amedee (Gerrit)

Carlos Amedee voted and added 3 comments

Votes added by Carlos Amedee

3 comments

Related details

Dmitri Shuralyov (Gerrit)

Dmitri Shuralyov voted and added 3 comments

Votes added by Dmitri Shuralyov

3 comments

Related details

Gopher Robot (Gerrit)

Gopher Robot submitted the change

Change information