github-personal/labca
1
0
Fork 0
mirror of https://github.com/outbackdingo/labca.git synced 2026-01-27 18:19:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Bump boulder version to release-2023-04-04

Browse Source
This commit is contained in:
Arjan H
2023-04-07 13:44:44 +02:00
parent 24b2712373
commit 412762cc58
15 changed files with 51 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
install
View File

@@ -29,7 +29,7 @@ dockerComposeVersion="v2.5.0"
labcaUrl="https://github.com/hakwerk/labca/"
boulderUrl="https://github.com/letsencrypt/boulder/"
boulderTag="release-2023-03-22"
boulderTag="release-2023-04-04"
# Feature flags
flag_skip_redis=true

1
mail-tester.go
View File

@@ -59,7 +59,6 @@ type config struct {
}
Syslog cmd.SyslogConfig
Beeline cmd.BeelineConfig
}
func main() {

2
patch-cfg.sh
View File

@@ -37,3 +37,5 @@ perl -i -p0e "s/\"dnsResolver\": \"service.consul\",/\"dnsResolvers\": [\n
if [ "$flag_skip_redis" == true ]; then
perl -i -p0e "s/\n \"redis\": \{\n.*? \},//igs" $boulderLabCADir/config/ocsp-responder.json
fi
for f in $(grep -l boulder-proxysql $boulderLabCADir/secrets/*); do sed -i -e "s/proxysql:6033/mysql:3306/" $f; done

2
patch.sh
View File

@@ -45,6 +45,8 @@ sed -i -e "s|./test|./labca|" start.py
sed -i -e "s/berrors.RateLimitError(/berrors.RateLimitError(ra.rlPolicies.RateLimitsURL(), /g" ra/ra.go
sed -i -e "s/proxysql:6033/mysql:3306/" sa/db/dbconfig.yml
mkdir -p "cmd/mail-tester"
cp $cloneDir/mail-tester.go cmd/mail-tester/main.go
perl -i -p0e "s/(\n\t\"github.com\/letsencrypt\/boulder\/cmd\")/\t_ \"github.com\/letsencrypt\/boulder\/cmd\/mail-tester\"\n\1/igs" cmd/boulder/main.go

6
patches/bad-key-revoker_main.patch
View File

@@ -1,5 +1,5 @@
diff --git a/cmd/bad-key-revoker/main.go b/cmd/bad-key-revoker/main.go
index cb2f910dd..6a64e585b 100644
index a2efb504b..6b94af7e8 100644
--- a/cmd/bad-key-revoker/main.go
+++ b/cmd/bad-key-revoker/main.go
@@ -18,6 +18,7 @@ import (
@@ -22,7 +22,7 @@ index cb2f910dd..6a64e585b 100644
// MaximumRevocations specifies the maximum number of certificates associated with
// a key hash that bad-key-revoker will attempt to revoke. If the number of certificates
// is higher than MaximumRevocations bad-key-revoker will error out and refuse to
@@ -456,6 +462,29 @@ func main() {
@@ -455,6 +461,29 @@ func main() {
cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to RA")
rac := rapb.NewRegistrationAuthorityClient(conn)
@@ -52,7 +52,7 @@ index cb2f910dd..6a64e585b 100644
var smtpRoots *x509.CertPool
if config.BadKeyRevoker.Mailer.SMTPTrustedRootFile != "" {
pem, err := os.ReadFile(config.BadKeyRevoker.Mailer.SMTPTrustedRootFile)
@@ -477,6 +506,7 @@ func main() {
@@ -476,6 +505,7 @@ func main() {
config.BadKeyRevoker.Mailer.Username,
smtpPassword,
smtpRoots,

4
patches/boulder-va_main.patch
View File

@@ -1,5 +1,5 @@
diff --git a/cmd/boulder-va/main.go b/cmd/boulder-va/main.go
index af0e7e520..f2dffb3ac 100644
index c91be2a79..4ed591e10 100644
--- a/cmd/boulder-va/main.go
+++ b/cmd/boulder-va/main.go
@@ -24,8 +24,10 @@ type Config struct {
@@ -15,7 +15,7 @@ index af0e7e520..f2dffb3ac 100644
DNSTimeout string
DNSAllowLoopbackAddresses bool
@@ -92,11 +94,13 @@ func main() {
@@ -91,11 +93,13 @@ func main() {
clk := cmd.Clock()
var servers bdns.ServerProvider

4
patches/crl-storer_main.patch
View File

@@ -1,5 +1,5 @@
diff --git a/cmd/crl-storer/main.go b/cmd/crl-storer/main.go
index 67c0fd34d..3cdd20d9b 100644
index bc1339957..b8d3b052a 100644
--- a/cmd/crl-storer/main.go
+++ b/cmd/crl-storer/main.go
@@ -46,6 +46,9 @@ type Config struct {
@@ -12,7 +12,7 @@ index 67c0fd34d..3cdd20d9b 100644
Features map[string]bool
}
@@ -121,7 +124,7 @@ func main() {
@@ -120,7 +123,7 @@ func main() {
}
s3client := s3.NewFromConfig(awsConfig, s3opts...)

14
patches/docker-compose-redis.patch
View File

@@ -1,5 +1,5 @@
diff --git a/docker-compose.yml b/docker-compose.yml
index eb4634161..3e1ecb6f6 100644
index e9b68587b..5699aa777 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -20,8 +20,6 @@ services:
@@ -11,18 +11,18 @@ index eb4634161..3e1ecb6f6 100644
consulnet:
ipv4_address: 10.55.55.55
# Use consul as a backup to Docker's embedded DNS server. If there's a name
@@ -39,8 +37,6 @@ services:
- 4003:4003 # OCSP
@@ -40,8 +38,6 @@ services:
depends_on:
- bmysql
- bproxysql
- - bredis_1
- - bredis_2
- bconsul
entrypoint: test/entrypoint.sh
working_dir: &boulder_working_dir /boulder
@@ -62,24 +58,6 @@ services:
logging:
driver: none
@@ -78,24 +74,6 @@ services:
aliases:
- boulder-proxysql
- bredis_1:
- image: redis:6.2.7
@@ -45,7 +45,7 @@ index eb4634161..3e1ecb6f6 100644
bconsul:
image: hashicorp/consul:1.13.1
volumes:
@@ -116,13 +94,6 @@ networks:
@@ -132,13 +110,6 @@ networks:
config:
- subnet: 10.88.88.0/24

24
patches/docker-compose.patch
View File

@@ -1,5 +1,5 @@
diff --git a/docker-compose.yml b/docker-compose.yml
index 3e1ecb6f6..8eca48490 100644
index 5699aa777..77ec97a16 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -8,10 +8,12 @@ services:
@@ -16,7 +16,7 @@ index 3e1ecb6f6..8eca48490 100644
- ./.gocache:/root/.cache/go-build:cached
- ./.hierarchy:/hierarchy/:cached
- ./.softhsm-tokens/:/var/lib/softhsm/tokens/:cached
@@ -31,18 +33,26 @@ services:
@@ -31,19 +33,26 @@ services:
# TODO: Remove this when ServerAddress is deprecated in favor of SRV records
# and DNSAuthority.
dns: 10.55.55.10
@@ -30,6 +30,7 @@ index 3e1ecb6f6..8eca48490 100644
+ - 4003 # OCSP
depends_on:
- bmysql
- - bproxysql
- bconsul
- entrypoint: test/entrypoint.sh
+ entrypoint: labca/entrypoint.sh
@@ -48,11 +49,26 @@ index 3e1ecb6f6..8eca48490 100644
networks:
bluenet:
aliases:
@@ -56,7 +66,11 @@ services:
@@ -57,22 +66,11 @@ services:
# small.
command: mysqld --bind-address=0.0.0.0 --slow-query-log --log-output=TABLE --log-queries-not-using-indexes=ON
logging:
- driver: none
- bproxysql:
- image: proxysql/proxysql:2.4.4
- # The --initial flag force resets the ProxySQL database on startup. By
- # default, ProxySQL ignores new configuration if the database already
- # exists. Without this flag, new configuration wouldn't be applied until you
- # ran `docker compose down`.
- entrypoint: proxysql -f --idle-threads -c /test/proxysql/proxysql.cnf --initial
- volumes:
- - ./test/:/test/:cached
- depends_on:
- - bmysql
- networks:
- bluenet:
- aliases:
- - boulder-proxysql
+ driver: "json-file"
+ options:
+ max-size: "500k"
@@ -61,7 +77,7 @@ index 3e1ecb6f6..8eca48490 100644
bconsul:
image: hashicorp/consul:1.13.1
@@ -67,18 +81,68 @@ services:
@@ -83,18 +81,68 @@ services:
ipv4_address: 10.55.55.10
command: "consul agent -dev -config-format=hcl -config-file=/test/consul/config.hcl"

6
patches/expiration-mailer_main.patch
View File

@@ -1,5 +1,5 @@
diff --git a/cmd/expiration-mailer/main.go b/cmd/expiration-mailer/main.go
index 7449e11cf..8c144e8c3 100644
index d81ebed67..0d8608c4e 100644
--- a/cmd/expiration-mailer/main.go
+++ b/cmd/expiration-mailer/main.go
@@ -23,6 +23,7 @@ import (
@@ -31,7 +31,7 @@ index 7449e11cf..8c144e8c3 100644
// Path to a file containing a list of trusted root certificates for use
// during the SMTP connection (as opposed to the gRPC connections).
SMTPTrustedRootFile string
@@ -828,6 +834,29 @@ func main() {
@@ -827,6 +833,29 @@ func main() {
cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA")
sac := sapb.NewStorageAuthorityClient(conn)
@@ -61,7 +61,7 @@ index 7449e11cf..8c144e8c3 100644
var smtpRoots *x509.CertPool
if c.Mailer.SMTPTrustedRootFile != "" {
pem, err := os.ReadFile(c.Mailer.SMTPTrustedRootFile)
@@ -863,6 +892,7 @@ func main() {
@@ -862,6 +891,7 @@ func main() {
c.Mailer.Username,
smtpPassword,
smtpRoots,

4
patches/ocsp-responder_main.patch
View File

@@ -1,8 +1,8 @@
diff --git a/cmd/ocsp-responder/main.go b/cmd/ocsp-responder/main.go
index 1f3f188ab..ebd2d2a93 100644
index ff250d06e..7ddc5cb40 100644
--- a/cmd/ocsp-responder/main.go
+++ b/cmd/ocsp-responder/main.go
@@ -169,49 +169,51 @@ as generated by Boulder's ceremony command.
@@ -154,49 +154,51 @@ as generated by Boulder's ceremony command.
source, err = responder.NewMemorySourceFromFile(filename, logger)
cmd.FailOnError(err, fmt.Sprintf("Couldn't read file: %s", url.Path))
} else {

6
patches/ra_ra.patch
View File

@@ -1,8 +1,8 @@
diff --git a/ra/ra.go b/ra/ra.go
index 65edb0ad3..6651a7867 100644
index c1e2b163b..84f900485 100644
--- a/ra/ra.go
+++ b/ra/ra.go
@@ -41,7 +41,6 @@ import (
@@ -42,7 +42,6 @@ import (
"github.com/letsencrypt/boulder/issuance"
blog "github.com/letsencrypt/boulder/log"
"github.com/letsencrypt/boulder/metrics"
@@ -10,7 +10,7 @@ index 65edb0ad3..6651a7867 100644
"github.com/letsencrypt/boulder/probs"
pubpb "github.com/letsencrypt/boulder/publisher/proto"
rapb "github.com/letsencrypt/boulder/ra/proto"
@@ -536,7 +535,7 @@ func (ra *RegistrationAuthorityImpl) validateContacts(contacts []string) error {
@@ -537,7 +536,7 @@ func (ra *RegistrationAuthorityImpl) validateContacts(contacts []string) error {
contact,
)
}

4
patches/startservers.patch
View File

@@ -1,8 +1,8 @@
diff --git a/test/startservers.py b/test/startservers.py
index 539e63bb2..9f0d5eef3 100644
index a85339777..10fd2047e 100644
--- a/test/startservers.py
+++ b/test/startservers.py
@@ -149,6 +149,9 @@ processes = []
@@ -145,6 +145,9 @@ processes = []
challSrvProcess = None
def setupHierarchy():

2
patches/test_config_ca_a.patch
View File

@@ -2,7 +2,7 @@ diff --git a/test/config/ca-a.json b/test/config/ca-a.json
index 1233a9c95..3c4a0a3ca 100644
--- a/test/config/ca-a.json
+++ b/test/config/ca-a.json
@@ -106,30 +106,7 @@
@@ -104,30 +104,7 @@
"crlURL": "http://example.com/crl",
"location": {
"configFile": "test/test-ca.key-pkcs11.json",

2
patches/test_config_ca_b.patch
View File

@@ -2,7 +2,7 @@ diff --git a/test/config/ca-b.json b/test/config/ca-b.json
index 960d62f95..54b25dd81 100644
--- a/test/config/ca-b.json
+++ b/test/config/ca-b.json
@@ -106,30 +106,7 @@
@@ -104,30 +104,7 @@
"crlURL": "http://example.com/crl",
"location": {
"configFile": "test/test-ca.key-pkcs11.json",