Compare revisions

renovate · ale · ale · ale · 7cff2e8d · 7cff2e8d
--- a/cmd/acmeserver/acmeserver.go
+++ b/cmd/acmeserver/acmeserver.go
@@ -3,16 +3,15 @@ package main
 import (
 	"context"
 	"flag"
-	"io/ioutil"
 	"log"
 	"net/http"
 	"os"
 	"os/signal"
 	"syscall"

-	"git.autistici.org/ai3/tools/acmeserver"
 	"git.autistici.org/ai3/go-common/serverutil"
-	"gopkg.in/yaml.v2"
+	"git.autistici.org/ai3/tools/acmeserver"
+	"gopkg.in/yaml.v3"
 )

 var (
@@ -29,12 +28,13 @@ type Config struct {

 func loadConfig(path string) (*Config, error) {
 	// Read YAML config.
-	data, err := ioutil.ReadFile(path) // nolint: gosec
+	f, err := os.Open(path)
 	if err != nil {
 		return nil, err
 	}
+	defer f.Close()
 	var config Config
-	if err := yaml.Unmarshal(data, &config); err != nil {
+	if err := yaml.NewDecoder(f).Decode(&config); err != nil {
 		return nil, err
 	}
 	return &config, nil

--- a/config.go
+++ b/config.go
@@ -3,11 +3,11 @@ package acmeserver
 import (
 	"errors"
 	"fmt"
-	"io/ioutil"
 	"log"
+	"os"
 	"path/filepath"

-	"gopkg.in/yaml.v2"
+	"gopkg.in/yaml.v3"

 	"git.autistici.org/ai3/go-common/clientutil"
 )
@@ -77,12 +77,13 @@ func (c *certConfig) check() error {
 }

 func readCertConfigs(path string) ([]*certConfig, error) {
-	data, err := ioutil.ReadFile(path) // nolint: gosec
+	f, err := os.Open(path)
 	if err != nil {
 		return nil, err
 	}
+	defer f.Close()
 	var cc []*certConfig
-	if err := yaml.Unmarshal(data, &cc); err != nil {
+	if err := yaml.NewDecoder(f).Decode(&cc); err != nil {
 		return nil, err
 	}
 	return cc, nil

--- a/go.mod
+++ b/go.mod
@@ -3,10 +3,10 @@ module git.autistici.org/ai3/tools/acmeserver
 go 1.14

 require (
-	git.autistici.org/ai3/go-common v0.0.0-20210118064555-73f00db54723
-	git.autistici.org/ai3/tools/replds v0.0.0-20210117165138-e6368d266143
+	git.autistici.org/ai3/go-common v0.0.0-20220814151247-39e01d32d5ee
+	git.autistici.org/ai3/tools/replds v0.0.0-20220814170053-28106a9463f5
 	github.com/miekg/dns v1.1.43
 	github.com/prometheus/client_golang v1.12.2
-	golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871
-	gopkg.in/yaml.v2 v2.4.0
+	golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa
+	gopkg.in/yaml.v3 v3.0.1
 )
--- a/go.sum
+++ b/go.sum
--- a/vendor/contrib.go.opencensus.io/exporter/zipkin/.travis.yml
+++ b/vendor/contrib.go.opencensus.io/exporter/zipkin/.travis.yml
-language: go
-
-go_import_path: contrib.go.opencensus.io
-
-go:
-  - 1.11.x
-
-env:
-  global:
-    GO111MODULE=on
-
-before_script:
-  - make install-tools
-
-script:
-  - make travis-ci
-
--- a/vendor/contrib.go.opencensus.io/exporter/zipkin/Makefile
+++ b/vendor/contrib.go.opencensus.io/exporter/zipkin/Makefile
-# TODO: Fix this on windows.
-ALL_SRC := $(shell find . -name '*.go' \
-								-not -path './vendor/*' \
-								-not -path '*/gen-go/*' \
-								-type f | sort)
-ALL_PKGS := $(shell go list $(sort $(dir $(ALL_SRC))))
-
-GOTEST_OPT?=-v -race -timeout 30s
-GOTEST_OPT_WITH_COVERAGE = $(GOTEST_OPT) -coverprofile=coverage.txt -covermode=atomic
-GOTEST=go test
-GOFMT=gofmt
-GOLINT=golint
-GOVET=go vet
-EMBEDMD=embedmd
-# TODO decide if we need to change these names.
-README_FILES := $(shell find . -name '*README.md' | sort | tr '\n' ' ')
-
-
-.DEFAULT_GOAL := fmt-lint-vet-embedmd-test
-
-.PHONY: fmt-lint-vet-embedmd-test
-fmt-lint-vet-embedmd-test: fmt lint vet embedmd test
-
-# TODO enable test-with-coverage in tavis
-.PHONY: travis-ci
-travis-ci: fmt lint vet embedmd test test-386
-
-all-pkgs:
-	@echo $(ALL_PKGS) | tr ' ' '\n' | sort
-
-all-srcs:
-	@echo $(ALL_SRC) | tr ' ' '\n' | sort
-
-.PHONY: test
-test:
-	$(GOTEST) $(GOTEST_OPT) $(ALL_PKGS)
-
-.PHONY: test-386
-test-386:
-	GOARCH=386 $(GOTEST) -v -timeout 30s $(ALL_PKGS)
-
-.PHONY: test-with-coverage
-test-with-coverage:
-	$(GOTEST) $(GOTEST_OPT_WITH_COVERAGE) $(ALL_PKGS)
-
-.PHONY: fmt
-fmt:
-	@FMTOUT=`$(GOFMT) -s -l $(ALL_SRC) 2>&1`; \
-	if [ "$$FMTOUT" ]; then \
-		echo "$(GOFMT) FAILED => gofmt the following files:\n"; \
-		echo "$$FMTOUT\n"; \
-		exit 1; \
-	else \
-	    echo "Fmt finished successfully"; \
-	fi
-
-.PHONY: lint
-lint:
-	@LINTOUT=`$(GOLINT) $(ALL_PKGS) 2>&1`; \
-	if [ "$$LINTOUT" ]; then \
-		echo "$(GOLINT) FAILED => clean the following lint errors:\n"; \
-		echo "$$LINTOUT\n"; \
-		exit 1; \
-	else \
-	    echo "Lint finished successfully"; \
-	fi
-
-.PHONY: vet
-vet:
-    # TODO: Understand why go vet downloads "github.com/google/go-cmp v0.2.0"
-	@VETOUT=`$(GOVET) ./... | grep -v "go: downloading" 2>&1`; \
-	if [ "$$VETOUT" ]; then \
-		echo "$(GOVET) FAILED => go vet the following files:\n"; \
-		echo "$$VETOUT\n"; \
-		exit 1; \
-	else \
-	    echo "Vet finished successfully"; \
-	fi
-	
-.PHONY: embedmd
-embedmd:
-	@EMBEDMDOUT=`$(EMBEDMD) -d $(README_FILES) 2>&1`; \
-	if [ "$$EMBEDMDOUT" ]; then \
-		echo "$(EMBEDMD) FAILED => embedmd the following files:\n"; \
-		echo "$$EMBEDMDOUT\n"; \
-		exit 1; \
-	else \
-	    echo "Embedmd finished successfully"; \
-	fi
-
-.PHONY: install-tools
-install-tools:
-	go get -u golang.org/x/tools/cmd/cover
-	go get -u golang.org/x/lint/golint
-	go get -u github.com/rakyll/embedmd
--- a/vendor/contrib.go.opencensus.io/exporter/zipkin/README.md
+++ b/vendor/contrib.go.opencensus.io/exporter/zipkin/README.md
-# OpenCensus Go Zipkin Exporter
-
-[![Build Status](https://travis-ci.org/census-ecosystem/opencensus-go-exporter-zipkin.svg?branch=master)](https://travis-ci.org/census-ecosystem/opencensus-go-exporter-zipkin) [![GoDoc][godoc-image]][godoc-url]
-
-Provides OpenCensus exporter support for Zipkin.
-
-## Installation
-
-```
-$ go get -u contrib.go.opencensus.io/exporter/zipkin
-```
-
-[godoc-image]: https://godoc.org/contrib.go.opencensus.io/exporter/zipkin?status.svg
-[godoc-url]: https://godoc.org/contrib.go.opencensus.io/exporter/zipkin
--- a/vendor/contrib.go.opencensus.io/exporter/zipkin/go.mod
+++ b/vendor/contrib.go.opencensus.io/exporter/zipkin/go.mod
-module contrib.go.opencensus.io/exporter/zipkin
-
-require (
-	github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
-	github.com/openzipkin/zipkin-go v0.2.2
-	go.opencensus.io v0.22.4
-)
--- a/vendor/contrib.go.opencensus.io/exporter/zipkin/go.sum
+++ b/vendor/contrib.go.opencensus.io/exporter/zipkin/go.sum
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
-github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
-github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU=
-github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I=
-github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g=
-github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s=
-github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6 h1:ZgQEtGgCBiWRM39fZuwSd1LwSqqSW0hOdXCYYDX0R3I=
-github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e h1:1r7pUrabqp18hOBcwBwiTsbnFeTZHV9eER/QT5JVZxY=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8=
-github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
-github.com/gorilla/mux v1.6.2 h1:Pgr17XVTNXAk3q/r4CpKzC5xBM/qW1uVLV+IhRZpIIk=
-github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ=
-github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
-github.com/openzipkin/zipkin-go v0.2.2 h1:nY8Hti+WKaP0cRsSeQ026wU03QsM762XBeCXBb9NAWI=
-github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
-github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
-github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
-github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-go.opencensus.io v0.22.4 h1:LYy1Hy3MJdrCdMwwzxA/dRok4ejH+RwNGbuoD9fCjto=
-go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a h1:oWX7TPOiFAMXLq8o0ikBYfCJVlRHBcsciT5bXOrH628=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/grpc v1.19.0 h1:cfg4PD8YEdSFnm7qLV4++93WcmhH2nIUhMjhdCvl3j8=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM=
-google.golang.org/grpc v1.20.1 h1:Hz2g2wirWK7H0qIIhGIqRGTuMwTE8HEKFnDZZ7lm9NU=
-google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
-gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
-gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
--- a/vendor/contrib.go.opencensus.io/exporter/zipkin/zipkin.go
+++ b/vendor/contrib.go.opencensus.io/exporter/zipkin/zipkin.go
-// Copyright 2017, OpenCensus Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Package zipkin contains an trace exporter for Zipkin.
-package zipkin // import "contrib.go.opencensus.io/exporter/zipkin"
-
-import (
-	"encoding/binary"
-	"fmt"
-	"strconv"
-
-	"github.com/openzipkin/zipkin-go/model"
-	"github.com/openzipkin/zipkin-go/reporter"
-	"go.opencensus.io/trace"
-)
-
-// Exporter is an implementation of trace.Exporter that uploads spans to a
-// Zipkin server.
-type Exporter struct {
-	reporter      reporter.Reporter
-	localEndpoint *model.Endpoint
-}
-
-// NewExporter returns an implementation of trace.Exporter that uploads spans
-// to a Zipkin server.
-//
-// reporter is a Zipkin Reporter which will be used to send the spans.  These
-// can be created with the openzipkin library, using one of the packages under
-// github.com/openzipkin/zipkin-go/reporter.
-//
-// localEndpoint sets the local endpoint of exported spans.  It can be
-// constructed with github.com/openzipkin/zipkin-go.NewEndpoint, e.g.:
-// 	localEndpoint, err := NewEndpoint("my server", listener.Addr().String())
-// localEndpoint can be nil.
-func NewExporter(reporter reporter.Reporter, localEndpoint *model.Endpoint) *Exporter {
-	return &Exporter{
-		reporter:      reporter,
-		localEndpoint: localEndpoint,
-	}
-}
-
-// ExportSpan exports a span to a Zipkin server.
-func (e *Exporter) ExportSpan(s *trace.SpanData) {
-	e.reporter.Send(zipkinSpan(s, e.localEndpoint))
-}
-
-const (
-	statusCodeTagKey        = "error"
-	statusDescriptionTagKey = "opencensus.status_description"
-)
-
-var (
-	sampledTrue    = true
-	canonicalCodes = [...]string{
-		"OK",
-		"CANCELLED",
-		"UNKNOWN",
-		"INVALID_ARGUMENT",
-		"DEADLINE_EXCEEDED",
-		"NOT_FOUND",
-		"ALREADY_EXISTS",
-		"PERMISSION_DENIED",
-		"RESOURCE_EXHAUSTED",
-		"FAILED_PRECONDITION",
-		"ABORTED",
-		"OUT_OF_RANGE",
-		"UNIMPLEMENTED",
-		"INTERNAL",
-		"UNAVAILABLE",
-		"DATA_LOSS",
-		"UNAUTHENTICATED",
-	}
-)
-
-func canonicalCodeString(code int32) string {
-	if code < 0 || int(code) >= len(canonicalCodes) {
-		return "error code " + strconv.FormatInt(int64(code), 10)
-	}
-	return canonicalCodes[code]
-}
-
-func convertTraceID(t trace.TraceID) model.TraceID {
-	return model.TraceID{
-		High: binary.BigEndian.Uint64(t[:8]),
-		Low:  binary.BigEndian.Uint64(t[8:]),
-	}
-}
-
-func convertSpanID(s trace.SpanID) model.ID {
-	return model.ID(binary.BigEndian.Uint64(s[:]))
-}
-
-func spanKind(s *trace.SpanData) model.Kind {
-	switch s.SpanKind {
-	case trace.SpanKindClient:
-		return model.Client
-	case trace.SpanKindServer:
-		return model.Server
-	}
-	return model.Undetermined
-}
-
-func zipkinSpan(s *trace.SpanData, localEndpoint *model.Endpoint) model.SpanModel {
-	sc := s.SpanContext
-	z := model.SpanModel{
-		SpanContext: model.SpanContext{
-			TraceID: convertTraceID(sc.TraceID),
-			ID:      convertSpanID(sc.SpanID),
-			Sampled: &sampledTrue,
-		},
-		Kind:          spanKind(s),
-		Name:          s.Name,
-		Timestamp:     s.StartTime,
-		Shared:        false,
-		LocalEndpoint: localEndpoint,
-	}
-
-	if s.ParentSpanID != (trace.SpanID{}) {
-		id := convertSpanID(s.ParentSpanID)
-		z.ParentID = &id
-	}
-
-	if s, e := s.StartTime, s.EndTime; !s.IsZero() && !e.IsZero() {
-		z.Duration = e.Sub(s)
-	}
-
-	// construct Tags from s.Attributes and s.Status.
-	if len(s.Attributes) != 0 {
-		m := make(map[string]string, len(s.Attributes)+2)
-		for key, value := range s.Attributes {
-			switch v := value.(type) {
-			case string:
-				m[key] = v
-			case bool:
-				if v {
-					m[key] = "true"
-				} else {
-					m[key] = "false"
-				}
-			case int64:
-				m[key] = strconv.FormatInt(v, 10)
-			case float64:
-				m[key] = strconv.FormatFloat(v, 'f', -1, 64)
-			}
-		}
-		z.Tags = m
-	}
-	if s.Status.Code != 0 || s.Status.Message != "" {
-		if z.Tags == nil {
-			z.Tags = make(map[string]string, 2)
-		}
-		if s.Status.Code != 0 {
-			z.Tags[statusCodeTagKey] = canonicalCodeString(s.Status.Code)
-		}
-		if s.Status.Message != "" {
-			z.Tags[statusDescriptionTagKey] = s.Status.Message
-		}
-	}
-
-	// construct Annotations from s.Annotations and s.MessageEvents.
-	if len(s.Annotations) != 0 || len(s.MessageEvents) != 0 {
-		z.Annotations = make([]model.Annotation, 0, len(s.Annotations)+len(s.MessageEvents))
-		for _, a := range s.Annotations {
-			z.Annotations = append(z.Annotations, model.Annotation{
-				Timestamp: a.Time,
-				Value:     a.Message,
-			})
-		}
-		for _, m := range s.MessageEvents {
-			a := model.Annotation{
-				Timestamp: m.Time,
-			}
-			switch m.EventType {
-			case trace.MessageEventTypeSent:
-				a.Value = fmt.Sprintf("Sent %d bytes", m.UncompressedByteSize)
-			case trace.MessageEventTypeRecv:
-				a.Value = fmt.Sprintf("Received %d bytes", m.UncompressedByteSize)
-			default:
-				a.Value = "<?>"
-			}
-			z.Annotations = append(z.Annotations, a)
-		}
-	}
-
-	return z
-}
--- a/vendor/git.autistici.org/ai3/go-common/.gitlab-ci.yml
+++ b/vendor/git.autistici.org/ai3/go-common/.gitlab-ci.yml
@@ -3,8 +3,14 @@ stages:

 run_tests:
  stage: test
-  image: "debian:bullseye"
+  image: registry.git.autistici.org/ai3/docker/test/golang:master
  script:
-    - "apt update"
-    - "env DEBIAN_FRONTEND=noninteractive apt -y install golang git"
-    - "go test -v ./..."
+    - run-go-test ./...
+  artifacts:
+    when: always
+    reports:
+      coverage_report:
+        coverage_format: cobertura
+        path: cover.xml
+      junit: report.xml
+
--- a/vendor/git.autistici.org/ai3/go-common/clientutil/balancer.go
+++ b/vendor/git.autistici.org/ai3/go-common/clientutil/balancer.go
@@ -9,6 +9,7 @@ import (
 	"fmt"
 	"log"
 	"math/rand"
+	"mime"
 	"net/http"
 	"net/url"
 	"os"
@@ -158,7 +159,7 @@ func (b *balancedBackend) Call(ctx context.Context, shard, path string, req, res
 		defer httpResp.Body.Close() // nolint

 		// Decode the response, unless the 'resp' output is nil.
-		if httpResp.Header.Get("Content-Type") != "application/json" {
+		if ct, _, _ := mime.ParseMediaType(httpResp.Header.Get("Content-Type")); ct != "application/json" {
 			return errors.New("not a JSON response")
 		}
 		if resp == nil {

--- a/vendor/git.autistici.org/ai3/go-common/go.mod
+++ b/vendor/git.autistici.org/ai3/go-common/go.mod
 module git.autistici.org/ai3/go-common

-go 1.11
+go 1.14

 require (
-	contrib.go.opencensus.io/exporter/zipkin v0.1.2
-	github.com/amoghe/go-crypt v0.0.0-20191109212615-b2ff80594b7f
+	github.com/NYTimes/gziphandler v1.1.1
+	github.com/amoghe/go-crypt v0.0.0-20220222110647-20eada5f5964
 	github.com/bbrks/wrap/v2 v2.5.0
-	github.com/cenkalti/backoff/v4 v4.1.0
-	github.com/coreos/go-systemd/v22 v22.1.0
+	github.com/cenkalti/backoff/v4 v4.1.3
+	github.com/coreos/go-systemd/v22 v22.3.2
+	github.com/duo-labs/webauthn v0.0.0-20220330035159-03696f3d4499
 	github.com/emersion/go-textwrapper v0.0.0-20200911093747-65d896831594
-	github.com/go-asn1-ber/asn1-ber v1.5.3
-	github.com/go-ldap/ldap/v3 v3.2.4
+	github.com/fxamacker/cbor/v2 v2.4.0
+	github.com/go-asn1-ber/asn1-ber v1.5.4
+	github.com/go-ldap/ldap/v3 v3.4.4
 	github.com/gofrs/flock v0.8.0 // indirect
-	github.com/google/go-cmp v0.5.4
-	github.com/gorilla/handlers v1.5.1
+	github.com/google/go-cmp v0.5.8
 	github.com/lunixbochs/struc v0.0.0-20200707160740-784aaebc1d40
+	github.com/mattn/go-sqlite3 v1.14.14
 	github.com/miscreant/miscreant.go v0.0.0-20200214223636-26d376326b75
-	github.com/openzipkin/zipkin-go v0.2.5
-	github.com/prometheus/client_golang v1.9.0
+	github.com/prometheus/client_golang v1.12.2
 	github.com/russross/blackfriday/v2 v2.1.0
-	github.com/theckman/go-flock v0.8.0
-	github.com/tstranex/u2f v1.0.0
-	go.opencensus.io v0.22.5
-	golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad
-	golang.org/x/sync v0.0.0-20201207232520-09787c993a3a
+	github.com/theckman/go-flock v0.8.1
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.34.0
+	go.opentelemetry.io/otel v1.9.0
+	go.opentelemetry.io/otel/exporters/zipkin v1.9.0
+	go.opentelemetry.io/otel/sdk v1.9.0
+	go.opentelemetry.io/otel/trace v1.9.0
+	golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa
+	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4
 )
--- a/vendor/git.autistici.org/ai3/go-common/go.sum
+++ b/vendor/git.autistici.org/ai3/go-common/go.sum
--- a/vendor/git.autistici.org/ai3/go-common/serverutil/http.go
+++ b/vendor/git.autistici.org/ai3/go-common/serverutil/http.go
 package serverutil

 import (
+	"compress/gzip"
 	"context"
 	"crypto/tls"
 	"fmt"
@@ -16,12 +17,25 @@ import (
 	"time"

 	"git.autistici.org/ai3/go-common/tracing"
+	"github.com/NYTimes/gziphandler"
 	"github.com/coreos/go-systemd/v22/daemon"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 )

-var gracefulShutdownTimeout = 3 * time.Second
+var (
+	gracefulShutdownTimeout = 3 * time.Second
+
+	gzipLevel        = gzip.BestSpeed
+	gzipMinSize      = 1300
+	gzipContentTypes = []string{
+		"application/json",
+		"application/javascript",
+		"text/html",
+		"text/plain",
+		"text/css",
+	}
+)

 // ServerConfig stores common HTTP/HTTPS server configuration parameters.
 type ServerConfig struct {
@@ -29,20 +43,23 @@ type ServerConfig struct {
 	MaxInflightRequests int              `yaml:"max_inflight_requests"`
 	RequestTimeoutSecs  int              `yaml:"request_timeout"`
 	TrustedForwarders   []string         `yaml:"trusted_forwarders"`
+
+	// TODO: switch do disable_compression (flip default) later.
+	EnableCompression bool `yaml:"enable_compression"`
 }

-func (config *ServerConfig) buildHTTPServer(h http.Handler) (*http.Server, error) {
+func (config *ServerConfig) buildHTTPHandler(h http.Handler) (http.Handler, *tls.Config, error) {
 	var tlsConfig *tls.Config
 	var err error
 	if config != nil {
 		if config.TLS != nil {
 			tlsConfig, err = config.TLS.TLSConfig()
 			if err != nil {
-				return nil, err
+				return nil, nil, err
 			}
 			h, err = config.TLS.TLSAuthWrapper(h)
 			if err != nil {
-				return nil, err
+				return nil, nil, err
 			}
 		}

@@ -51,7 +68,7 @@ func (config *ServerConfig) buildHTTPServer(h http.Handler) (*http.Server, error
 		if len(config.TrustedForwarders) > 0 {
 			h, err = newProxyHeaders(h, config.TrustedForwarders)
 			if err != nil {
-				return nil, err
+				return nil, nil, err
 			}
 		}

@@ -68,16 +85,23 @@ func (config *ServerConfig) buildHTTPServer(h http.Handler) (*http.Server, error
 		}
 	}

-	// These are not meant to be external-facing servers, so we
-	// can be generous with the timeouts to keep the number of
-	// reconnections low.
-	return &http.Server{
-		Handler:      addDefaultHandlers(h),
-		ReadTimeout:  30 * time.Second,
-		WriteTimeout: 30 * time.Second,
-		IdleTimeout:  600 * time.Second,
-		TLSConfig:    tlsConfig,
-	}, nil
+	// Add all the default handlers (health, monitoring, etc).
+	h = addDefaultHandlers(h)
+
+	// Optionally enable compression.
+	if config != nil && config.EnableCompression {
+		gzwrap, err := gziphandler.GzipHandlerWithOpts(
+			gziphandler.CompressionLevel(gzipLevel),
+			gziphandler.MinSize(gzipMinSize),
+			gziphandler.ContentTypes(gzipContentTypes),
+		)
+		if err != nil {
+			return nil, nil, err
+		}
+		h = gzwrap(h)
+	}
+
+	return h, tlsConfig, nil
 }

 // Serve HTTP(S) content on the specified address. If config.TLS is
@@ -91,12 +115,22 @@ func Serve(h http.Handler, config *ServerConfig, addr string) error {
 	// debugging endpoints).
 	h = tracing.WrapHandler(h, guessEndpointName(addr))

-	// Create the HTTP server.
-	srv, err := config.buildHTTPServer(h)
+	// Create the top-level HTTP handler with all our additions.
+	hh, tlsConfig, err := config.buildHTTPHandler(h)
 	if err != nil {
 		return err
 	}

+	// These are not meant to be external-facing servers, so we
+	// can be generous with the timeouts to keep the number of
+	// reconnections low.
+	srv := &http.Server{
+		Handler:           hh,
+		ReadHeaderTimeout: 30 * time.Second,
+		IdleTimeout:       600 * time.Second,
+		TLSConfig:         tlsConfig,
+	}
+
 	// Create the net.Listener first, so we can detect
 	// initialization-time errors safely.
 	l, err := net.Listen("tcp", addr)

--- a/vendor/git.autistici.org/ai3/go-common/serverutil/json.go
+++ b/vendor/git.autistici.org/ai3/go-common/serverutil/json.go
@@ -3,6 +3,7 @@ package serverutil
 import (
 	"encoding/json"
 	"log"
+	"mime"
 	"net/http"
 )

@@ -14,7 +15,7 @@ func DecodeJSONRequest(w http.ResponseWriter, r *http.Request, obj interface{})
 		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
 		return false
 	}
-	if r.Header.Get("Content-Type") != "application/json" {
+	if ct, _, _ := mime.ParseMediaType(r.Header.Get("Content-Type")); ct != "application/json" {
 		http.Error(w, "Need JSON request", http.StatusBadRequest)
 		return false
 	}
@@ -29,19 +30,15 @@ func DecodeJSONRequest(w http.ResponseWriter, r *http.Request, obj interface{})

 // EncodeJSONResponse writes an application/json response to w.
 func EncodeJSONResponse(w http.ResponseWriter, obj interface{}) {
-	data, err := json.Marshal(obj)
-	if err != nil {
-		log.Printf("JSON serialization error: %v", err)
-		http.Error(w, err.Error(), http.StatusInternalServerError)
-		return
-	}
-
 	w.Header().Set("Content-Type", "application/json")
 	w.Header().Set("Pragma", "no-cache")
 	w.Header().Set("Cache-Control", "no-store")
 	w.Header().Set("Expires", "-1")
 	w.Header().Set("X-Content-Type-Options", "nosniff")
-	if _, err = w.Write(data); err != nil {
-		log.Printf("error writing response: %v", err)
+
+	err := json.NewEncoder(w).Encode(obj)
+	if err != nil {
+		log.Printf("error writing JSON response: %v", err)
+		// Too late to return an error to the client now.
 	}
 }
--- a/vendor/git.autistici.org/ai3/go-common/serverutil/proxy_headers.go
+++ b/vendor/git.autistici.org/ai3/go-common/serverutil/proxy_headers.go
@@ -4,13 +4,12 @@ import (
 	"fmt"
 	"net"
 	"net/http"
-
-	"github.com/gorilla/handlers"
+	"strings"
 )

 type proxyHeaders struct {
-	wrap, phWrap http.Handler
-	forwarders   []net.IPNet
+	wrap       http.Handler
+	forwarders []net.IPNet
 }

 func newProxyHeaders(h http.Handler, trustedForwarders []string) (http.Handler, error) {
@@ -20,7 +19,6 @@ func newProxyHeaders(h http.Handler, trustedForwarders []string) (http.Handler,
 	}
 	return &proxyHeaders{
 		wrap:       h,
-		phWrap:     handlers.ProxyHeaders(h),
 		forwarders: f,
 	}, nil
 }
@@ -32,12 +30,28 @@ func (p *proxyHeaders) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	}
 	ip := net.ParseIP(host)
 	if ip != nil && matchIPNetList(ip, p.forwarders) {
-		p.phWrap.ServeHTTP(w, r)
-		return
+		if fwd := getForwardedIP(r); fwd != "" {
+			r.RemoteAddr = fwd
+		}
 	}
 	p.wrap.ServeHTTP(w, r)
 }

+// Parse the X-Real-IP or X-Forwarded-For headers, if present, to get
+// the original client IP.
+func getForwardedIP(r *http.Request) string {
+	if s := r.Header.Get("X-Real-IP"); s != "" {
+		return s
+	}
+	if s := r.Header.Get("X-Forwarded-For"); s != "" {
+		if n := strings.IndexByte(s, ','); n > 0 {
+			s = s[:n]
+		}
+		return s
+	}
+	return ""
+}
+
 func fullMask(ip net.IP) net.IPMask {
 	if ip.To4() == nil {
 		return net.CIDRMask(128, 128)

--- a/vendor/git.autistici.org/ai3/go-common/serverutil/tls.go
+++ b/vendor/git.autistici.org/ai3/go-common/serverutil/tls.go
@@ -14,7 +14,8 @@ import (

 // TLSAuthACL describes a single access control entry. Path and
 // CommonName are anchored regular expressions (they must match the
-// entire string).
+// entire string). The first path to match in a list of ACLs will
+// identify the ACL to be applied.
 type TLSAuthACL struct {
 	Path       string `yaml:"path"`
 	CommonName string `yaml:"cn"`
@@ -32,10 +33,11 @@ func (p *TLSAuthACL) compile() error {
 	return err
 }

-func (p *TLSAuthACL) match(req *http.Request) bool {
-	if !p.pathRx.MatchString(req.URL.Path) {
-		return false
-	}
+func (p *TLSAuthACL) matchPath(req *http.Request) bool {
+	return p.pathRx.MatchString(req.URL.Path)
+}
+
+func (p *TLSAuthACL) matchCN(req *http.Request) bool {
 	for _, cert := range req.TLS.PeerCertificates {
 		if p.cnRx.MatchString(cert.Subject.CommonName) {
 			return true
@@ -81,9 +83,13 @@ func (c *TLSAuthConfig) match(req *http.Request) bool {
 	if c == nil || len(c.Allow) == 0 {
 		return true
 	}
+
 	for _, acl := range c.Allow {
-		if acl.match(req) {
-			return true
+		if acl.matchPath(req) {
+			if acl.matchCN(req) {
+				return true
+			}
+			break
 		}
 	}
 	return false
@@ -157,7 +163,7 @@ func (c *TLSServerConfig) TLSAuthWrapper(h http.Handler) (http.Handler, error) {
 		// Log the failed access, useful for debugging.
 		var tlsmsg string
 		if r.TLS != nil && len(r.TLS.PeerCertificates) > 0 {
-			tlsmsg = fmt.Sprintf(" TLS client '%s' at", r.TLS.PeerCertificates[0].Subject.CommonName)
+			tlsmsg = fmt.Sprintf("TLS client '%s' at", r.TLS.PeerCertificates[0].Subject.CommonName)
 		}
 		log.Printf("unauthorized access to %s from %s%s", r.URL.Path, tlsmsg, r.RemoteAddr)
 		http.Error(w, "Forbidden", http.StatusForbidden)

--- a/vendor/git.autistici.org/ai3/go-common/tracing/tracing.go
+++ b/vendor/git.autistici.org/ai3/go-common/tracing/tracing.go
@@ -11,19 +11,21 @@ import (
 	"strconv"
 	"sync"

-	openzipkin "github.com/openzipkin/zipkin-go"
-	zipkinHTTP "github.com/openzipkin/zipkin-go/reporter/http"
-	"contrib.go.opencensus.io/exporter/zipkin"
-	"go.opencensus.io/plugin/ochttp"
-	"go.opencensus.io/trace"
+	othttp "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
+	"go.opentelemetry.io/otel"
+	"go.opentelemetry.io/otel/exporters/zipkin"
+	"go.opentelemetry.io/otel/sdk/resource"
+	"go.opentelemetry.io/otel/sdk/trace"
+	semconv "go.opentelemetry.io/otel/semconv/v1.4.0"
+	apitrace "go.opentelemetry.io/otel/trace"
 )

 var (
 	// Enabled reports whether tracing is globally enabled or not.
 	Enabled bool

-	// The active tracing configuration, if Enabled is true.
-	config tracingConfig
+	// Global Tracer instance.
+	Tracer apitrace.Tracer

 	initOnce sync.Once
 )
@@ -38,7 +40,7 @@ type tracingConfig struct {
 // Read the global tracing configuration file. Its location is
 // hardcoded, but it can be overriden using the TRACING_CONFIG
 // environment variable.
-func readTracingConfig() error {
+func readTracingConfig() (*tracingConfig, error) {
 	// Read and decode configuration.
 	cfgPath := globalTracingConfigPath
 	if s := os.Getenv("TRACING_CONFIG"); s != "" {
@@ -46,20 +48,21 @@ func readTracingConfig() error {
 	}
 	data, err := ioutil.ReadFile(cfgPath)
 	if err != nil {
-		return err
+		return nil, err
 	}

+	var config tracingConfig
 	if err := json.Unmarshal(data, &config); err != nil {
 		log.Printf("warning: error in tracing configuration: %v, tracing disabled", err)
-		return err
+		return nil, err
 	}

 	if config.ReportURL == "" {
 		log.Printf("warning: tracing configuration contains no report_url, tracing disabled")
-		return errors.New("no report_url")
+		return nil, errors.New("no report_url")
 	}

-	return nil
+	return &config, nil
 }

 // Compute the service name for Zipkin: this is usually the program
@@ -72,6 +75,17 @@ func getServiceName() string {
 	return filepath.Base(os.Args[0])
 }

+func defaultResource() *resource.Resource {
+	r, _ := resource.Merge(
+		resource.Default(),
+		resource.NewWithAttributes(
+			semconv.SchemaURL,
+			semconv.ServiceNameKey.String(getServiceName()),
+		),
+	)
+	return r
+}
+
 // Initialize tracing. Tracing will be enabled if the system-wide
 // tracing configuration file is present and valid. Explicitly set
 // TRACING_ENABLE=0 in the environment to disable tracing.
@@ -79,49 +93,47 @@ func getServiceName() string {
 // We need to check the configuration as soon as possible, because
 // it's likely that client transports are created before HTTP servers,
 // and we need to wrap them with opencensus at creation time.
-func init() {
-	// Kill switch from environment.
-	if s := os.Getenv("TRACING_ENABLE"); s == "0" {
-		return
-	}
-
-	if err := readTracingConfig(); err != nil {
-		return
-	}
-
-	Enabled = true
-}
-
-func initTracing(endpointAddr string) {
-	if !Enabled {
-		return
-	}
+func initTracing(serviceName string) {
 	initOnce.Do(func() {
-		localEndpoint, err := openzipkin.NewEndpoint(getServiceName(), endpointAddr)
+		// Kill switch from environment.
+		if s := os.Getenv("TRACING_ENABLE"); s == "0" {
+			return
+		}
+
+		config, err := readTracingConfig()
 		if err != nil {
-			log.Printf("warning: error creating tracing endpoint: %v, tracing disabled", err)
 			return
 		}

-		reporter := zipkinHTTP.NewReporter(config.ReportURL)
-		ze := zipkin.NewExporter(reporter, localEndpoint)
-		trace.RegisterExporter(ze)
+		ze, err := zipkin.New(config.ReportURL)
+		if err != nil {
+			log.Printf("error creating Zipkin exporter: %v", err)
+			return
+		}

-		var tc trace.Config
+		var sampler trace.Sampler
 		switch config.Sample {
 		case "", "always":
-			tc.DefaultSampler = trace.AlwaysSample()
+			sampler = trace.AlwaysSample()
 		case "never":
-			tc.DefaultSampler = trace.NeverSample()
+			sampler = trace.NeverSample()
 		default:
 			frac, err := strconv.ParseFloat(config.Sample, 64)
 			if err != nil {
 				log.Printf("warning: error in tracing configuration: sample: %v, tracing disabled", err)
 				return
 			}
-			tc.DefaultSampler = trace.ProbabilitySampler(frac)
+			sampler = trace.TraceIDRatioBased(frac)
 		}
-		trace.ApplyConfig(tc)
+
+		tp := trace.NewTracerProvider(
+			trace.WithSampler(sampler),
+			trace.WithResource(defaultResource()),
+			trace.WithBatcher(ze),
+		)
+
+		otel.SetTracerProvider(tp)
+		Tracer = tp.Tracer(serviceName)

 		log.Printf("tracing enabled (report_url %s)", config.ReportURL)

@@ -136,9 +148,11 @@ func Init() {

 // WrapTransport optionally wraps a http.RoundTripper with OpenCensus
 // tracing functionality, if it is globally enabled.
+//
+// Must call Init() first.
 func WrapTransport(t http.RoundTripper) http.RoundTripper {
 	if Enabled {
-		t = &ochttp.Transport{Base: t}
+		t = othttp.NewTransport(t)
 	}
 	return t
 }
@@ -146,9 +160,10 @@ func WrapTransport(t http.RoundTripper) http.RoundTripper {
 // WrapHandler wraps a http.Handler with OpenCensus tracing
 // functionality, if globally enabled. Automatically calls Init().
 func WrapHandler(h http.Handler, endpointAddr string) http.Handler {
-	if Enabled {
-		initTracing(endpointAddr)
-		h = &ochttp.Handler{Handler: h}
+	serviceName := getServiceName()
+	initTracing(serviceName)
+	if !Enabled {
+		return h
 	}
-	return h
+	return othttp.NewHandler(h, serviceName)
 }
--- a/vendor/git.autistici.org/ai3/tools/replds/.gitlab-ci.yml
+++ b/vendor/git.autistici.org/ai3/tools/replds/.gitlab-ci.yml
-include: "https://git.autistici.org/ai3/build-deb/raw/master/ci-buster-backports.yml"
+include: "https://git.autistici.org/ai3/build-deb/raw/master/ci-common.yml"
+
+run_tests:
+  stage: test
+  image: registry.git.autistici.org/ai3/docker/test/golang:master
+  script:
+    - run-go-test ./...
+  artifacts:
+    when: always
+    reports:
+      coverage_report:
+        coverage_format: cobertura
+        path: cover.xml
+      junit: report.xml
+
No results found