diff --git a/install b/install index 35639d9..12e1a21 100755 --- a/install +++ b/install @@ -29,7 +29,7 @@ dockerComposeVersion="v2.5.0" labcaUrl="https://github.com/hakwerk/labca/" boulderUrl="https://github.com/letsencrypt/boulder/" -boulderTag="release-2023-03-22" +boulderTag="release-2023-04-04" # Feature flags flag_skip_redis=true diff --git a/mail-tester.go b/mail-tester.go index cc53b2d..c00013e 100644 --- a/mail-tester.go +++ b/mail-tester.go @@ -59,7 +59,6 @@ type config struct { } Syslog cmd.SyslogConfig - Beeline cmd.BeelineConfig } func main() { diff --git a/patch-cfg.sh b/patch-cfg.sh index 44d580f..e00adcf 100755 --- a/patch-cfg.sh +++ b/patch-cfg.sh @@ -37,3 +37,5 @@ perl -i -p0e "s/\"dnsResolver\": \"service.consul\",/\"dnsResolvers\": [\n if [ "$flag_skip_redis" == true ]; then perl -i -p0e "s/\n \"redis\": \{\n.*? \},//igs" $boulderLabCADir/config/ocsp-responder.json fi + +for f in $(grep -l boulder-proxysql $boulderLabCADir/secrets/*); do sed -i -e "s/proxysql:6033/mysql:3306/" $f; done diff --git a/patch.sh b/patch.sh index ff9e80e..5c48c18 100755 --- a/patch.sh +++ b/patch.sh @@ -45,6 +45,8 @@ sed -i -e "s|./test|./labca|" start.py sed -i -e "s/berrors.RateLimitError(/berrors.RateLimitError(ra.rlPolicies.RateLimitsURL(), /g" ra/ra.go +sed -i -e "s/proxysql:6033/mysql:3306/" sa/db/dbconfig.yml + mkdir -p "cmd/mail-tester" cp $cloneDir/mail-tester.go cmd/mail-tester/main.go perl -i -p0e "s/(\n\t\"github.com\/letsencrypt\/boulder\/cmd\")/\t_ \"github.com\/letsencrypt\/boulder\/cmd\/mail-tester\"\n\1/igs" cmd/boulder/main.go diff --git a/patches/bad-key-revoker_main.patch b/patches/bad-key-revoker_main.patch index bb2910c..203373a 100644 --- a/patches/bad-key-revoker_main.patch +++ b/patches/bad-key-revoker_main.patch @@ -1,5 +1,5 @@ diff --git a/cmd/bad-key-revoker/main.go b/cmd/bad-key-revoker/main.go -index cb2f910dd..6a64e585b 100644 +index a2efb504b..6b94af7e8 100644 --- a/cmd/bad-key-revoker/main.go +++ b/cmd/bad-key-revoker/main.go @@ -18,6 +18,7 @@ import ( @@ -22,7 +22,7 @@ index cb2f910dd..6a64e585b 100644 // MaximumRevocations specifies the maximum number of certificates associated with // a key hash that bad-key-revoker will attempt to revoke. If the number of certificates // is higher than MaximumRevocations bad-key-revoker will error out and refuse to -@@ -456,6 +462,29 @@ func main() { +@@ -455,6 +461,29 @@ func main() { cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to RA") rac := rapb.NewRegistrationAuthorityClient(conn) @@ -52,7 +52,7 @@ index cb2f910dd..6a64e585b 100644 var smtpRoots *x509.CertPool if config.BadKeyRevoker.Mailer.SMTPTrustedRootFile != "" { pem, err := os.ReadFile(config.BadKeyRevoker.Mailer.SMTPTrustedRootFile) -@@ -477,6 +506,7 @@ func main() { +@@ -476,6 +505,7 @@ func main() { config.BadKeyRevoker.Mailer.Username, smtpPassword, smtpRoots, diff --git a/patches/boulder-va_main.patch b/patches/boulder-va_main.patch index 66f8722..3819060 100644 --- a/patches/boulder-va_main.patch +++ b/patches/boulder-va_main.patch @@ -1,5 +1,5 @@ diff --git a/cmd/boulder-va/main.go b/cmd/boulder-va/main.go -index af0e7e520..f2dffb3ac 100644 +index c91be2a79..4ed591e10 100644 --- a/cmd/boulder-va/main.go +++ b/cmd/boulder-va/main.go @@ -24,8 +24,10 @@ type Config struct { @@ -15,7 +15,7 @@ index af0e7e520..f2dffb3ac 100644 DNSTimeout string DNSAllowLoopbackAddresses bool -@@ -92,11 +94,13 @@ func main() { +@@ -91,11 +93,13 @@ func main() { clk := cmd.Clock() var servers bdns.ServerProvider diff --git a/patches/crl-storer_main.patch b/patches/crl-storer_main.patch index 0b4980b..dd0c399 100644 --- a/patches/crl-storer_main.patch +++ b/patches/crl-storer_main.patch @@ -1,5 +1,5 @@ diff --git a/cmd/crl-storer/main.go b/cmd/crl-storer/main.go -index 67c0fd34d..3cdd20d9b 100644 +index bc1339957..b8d3b052a 100644 --- a/cmd/crl-storer/main.go +++ b/cmd/crl-storer/main.go @@ -46,6 +46,9 @@ type Config struct { @@ -12,7 +12,7 @@ index 67c0fd34d..3cdd20d9b 100644 Features map[string]bool } -@@ -121,7 +124,7 @@ func main() { +@@ -120,7 +123,7 @@ func main() { } s3client := s3.NewFromConfig(awsConfig, s3opts...) diff --git a/patches/docker-compose-redis.patch b/patches/docker-compose-redis.patch index 917907e..a57eb79 100644 --- a/patches/docker-compose-redis.patch +++ b/patches/docker-compose-redis.patch @@ -1,5 +1,5 @@ diff --git a/docker-compose.yml b/docker-compose.yml -index eb4634161..3e1ecb6f6 100644 +index e9b68587b..5699aa777 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -20,8 +20,6 @@ services: @@ -11,18 +11,18 @@ index eb4634161..3e1ecb6f6 100644 consulnet: ipv4_address: 10.55.55.55 # Use consul as a backup to Docker's embedded DNS server. If there's a name -@@ -39,8 +37,6 @@ services: - - 4003:4003 # OCSP +@@ -40,8 +38,6 @@ services: depends_on: - bmysql + - bproxysql - - bredis_1 - - bredis_2 - bconsul entrypoint: test/entrypoint.sh working_dir: &boulder_working_dir /boulder -@@ -62,24 +58,6 @@ services: - logging: - driver: none +@@ -78,24 +74,6 @@ services: + aliases: + - boulder-proxysql - bredis_1: - image: redis:6.2.7 @@ -45,7 +45,7 @@ index eb4634161..3e1ecb6f6 100644 bconsul: image: hashicorp/consul:1.13.1 volumes: -@@ -116,13 +94,6 @@ networks: +@@ -132,13 +110,6 @@ networks: config: - subnet: 10.88.88.0/24 diff --git a/patches/docker-compose.patch b/patches/docker-compose.patch index c054b73..5d5ce98 100644 --- a/patches/docker-compose.patch +++ b/patches/docker-compose.patch @@ -1,5 +1,5 @@ diff --git a/docker-compose.yml b/docker-compose.yml -index 3e1ecb6f6..8eca48490 100644 +index 5699aa777..77ec97a16 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -8,10 +8,12 @@ services: @@ -16,7 +16,7 @@ index 3e1ecb6f6..8eca48490 100644 - ./.gocache:/root/.cache/go-build:cached - ./.hierarchy:/hierarchy/:cached - ./.softhsm-tokens/:/var/lib/softhsm/tokens/:cached -@@ -31,18 +33,26 @@ services: +@@ -31,19 +33,26 @@ services: # TODO: Remove this when ServerAddress is deprecated in favor of SRV records # and DNSAuthority. dns: 10.55.55.10 @@ -30,6 +30,7 @@ index 3e1ecb6f6..8eca48490 100644 + - 4003 # OCSP depends_on: - bmysql +- - bproxysql - bconsul - entrypoint: test/entrypoint.sh + entrypoint: labca/entrypoint.sh @@ -48,11 +49,26 @@ index 3e1ecb6f6..8eca48490 100644 networks: bluenet: aliases: -@@ -56,7 +66,11 @@ services: +@@ -57,22 +66,11 @@ services: # small. command: mysqld --bind-address=0.0.0.0 --slow-query-log --log-output=TABLE --log-queries-not-using-indexes=ON logging: - driver: none +- bproxysql: +- image: proxysql/proxysql:2.4.4 +- # The --initial flag force resets the ProxySQL database on startup. By +- # default, ProxySQL ignores new configuration if the database already +- # exists. Without this flag, new configuration wouldn't be applied until you +- # ran `docker compose down`. +- entrypoint: proxysql -f --idle-threads -c /test/proxysql/proxysql.cnf --initial +- volumes: +- - ./test/:/test/:cached +- depends_on: +- - bmysql +- networks: +- bluenet: +- aliases: +- - boulder-proxysql + driver: "json-file" + options: + max-size: "500k" @@ -61,7 +77,7 @@ index 3e1ecb6f6..8eca48490 100644 bconsul: image: hashicorp/consul:1.13.1 -@@ -67,18 +81,68 @@ services: +@@ -83,18 +81,68 @@ services: ipv4_address: 10.55.55.10 command: "consul agent -dev -config-format=hcl -config-file=/test/consul/config.hcl" diff --git a/patches/expiration-mailer_main.patch b/patches/expiration-mailer_main.patch index 19b1adc..2a160fc 100644 --- a/patches/expiration-mailer_main.patch +++ b/patches/expiration-mailer_main.patch @@ -1,5 +1,5 @@ diff --git a/cmd/expiration-mailer/main.go b/cmd/expiration-mailer/main.go -index 7449e11cf..8c144e8c3 100644 +index d81ebed67..0d8608c4e 100644 --- a/cmd/expiration-mailer/main.go +++ b/cmd/expiration-mailer/main.go @@ -23,6 +23,7 @@ import ( @@ -31,7 +31,7 @@ index 7449e11cf..8c144e8c3 100644 // Path to a file containing a list of trusted root certificates for use // during the SMTP connection (as opposed to the gRPC connections). SMTPTrustedRootFile string -@@ -828,6 +834,29 @@ func main() { +@@ -827,6 +833,29 @@ func main() { cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA") sac := sapb.NewStorageAuthorityClient(conn) @@ -61,7 +61,7 @@ index 7449e11cf..8c144e8c3 100644 var smtpRoots *x509.CertPool if c.Mailer.SMTPTrustedRootFile != "" { pem, err := os.ReadFile(c.Mailer.SMTPTrustedRootFile) -@@ -863,6 +892,7 @@ func main() { +@@ -862,6 +891,7 @@ func main() { c.Mailer.Username, smtpPassword, smtpRoots, diff --git a/patches/ocsp-responder_main.patch b/patches/ocsp-responder_main.patch index 6b62c99..ddeb121 100644 --- a/patches/ocsp-responder_main.patch +++ b/patches/ocsp-responder_main.patch @@ -1,8 +1,8 @@ diff --git a/cmd/ocsp-responder/main.go b/cmd/ocsp-responder/main.go -index 1f3f188ab..ebd2d2a93 100644 +index ff250d06e..7ddc5cb40 100644 --- a/cmd/ocsp-responder/main.go +++ b/cmd/ocsp-responder/main.go -@@ -169,49 +169,51 @@ as generated by Boulder's ceremony command. +@@ -154,49 +154,51 @@ as generated by Boulder's ceremony command. source, err = responder.NewMemorySourceFromFile(filename, logger) cmd.FailOnError(err, fmt.Sprintf("Couldn't read file: %s", url.Path)) } else { diff --git a/patches/ra_ra.patch b/patches/ra_ra.patch index c74c60c..f8cf773 100644 --- a/patches/ra_ra.patch +++ b/patches/ra_ra.patch @@ -1,8 +1,8 @@ diff --git a/ra/ra.go b/ra/ra.go -index 65edb0ad3..6651a7867 100644 +index c1e2b163b..84f900485 100644 --- a/ra/ra.go +++ b/ra/ra.go -@@ -41,7 +41,6 @@ import ( +@@ -42,7 +42,6 @@ import ( "github.com/letsencrypt/boulder/issuance" blog "github.com/letsencrypt/boulder/log" "github.com/letsencrypt/boulder/metrics" @@ -10,7 +10,7 @@ index 65edb0ad3..6651a7867 100644 "github.com/letsencrypt/boulder/probs" pubpb "github.com/letsencrypt/boulder/publisher/proto" rapb "github.com/letsencrypt/boulder/ra/proto" -@@ -536,7 +535,7 @@ func (ra *RegistrationAuthorityImpl) validateContacts(contacts []string) error { +@@ -537,7 +536,7 @@ func (ra *RegistrationAuthorityImpl) validateContacts(contacts []string) error { contact, ) } diff --git a/patches/startservers.patch b/patches/startservers.patch index 9071d45..d03aa27 100644 --- a/patches/startservers.patch +++ b/patches/startservers.patch @@ -1,8 +1,8 @@ diff --git a/test/startservers.py b/test/startservers.py -index 539e63bb2..9f0d5eef3 100644 +index a85339777..10fd2047e 100644 --- a/test/startservers.py +++ b/test/startservers.py -@@ -149,6 +149,9 @@ processes = [] +@@ -145,6 +145,9 @@ processes = [] challSrvProcess = None def setupHierarchy(): diff --git a/patches/test_config_ca_a.patch b/patches/test_config_ca_a.patch index 0f73aa6..1b9ac4b 100644 --- a/patches/test_config_ca_a.patch +++ b/patches/test_config_ca_a.patch @@ -2,7 +2,7 @@ diff --git a/test/config/ca-a.json b/test/config/ca-a.json index 1233a9c95..3c4a0a3ca 100644 --- a/test/config/ca-a.json +++ b/test/config/ca-a.json -@@ -106,30 +106,7 @@ +@@ -104,30 +104,7 @@ "crlURL": "http://example.com/crl", "location": { "configFile": "test/test-ca.key-pkcs11.json", diff --git a/patches/test_config_ca_b.patch b/patches/test_config_ca_b.patch index 68c7f72..4aad2a8 100644 --- a/patches/test_config_ca_b.patch +++ b/patches/test_config_ca_b.patch @@ -2,7 +2,7 @@ diff --git a/test/config/ca-b.json b/test/config/ca-b.json index 960d62f95..54b25dd81 100644 --- a/test/config/ca-b.json +++ b/test/config/ca-b.json -@@ -106,30 +106,7 @@ +@@ -104,30 +104,7 @@ "crlURL": "http://example.com/crl", "location": { "configFile": "test/test-ca.key-pkcs11.json",