From 4c842e8977e0d17d4f5ba207439a09472bba9955 Mon Sep 17 00:00:00 2001
From: Arjan H <github@hakwerk.com>
Date: Fri, 1 Nov 2024 19:09:54 +0100
Subject: [PATCH] Bump boulder version to release-2024-10-28

---
 .github/workflows/release.yml |  2 +-
 build/Dockerfile-boulder      |  2 +-
 build/build.sh                |  2 +-
 build/docker-compose.yml      |  2 +-
 install                       |  2 +-
 patch.sh                      |  1 -
 patches/boulder-va_main.patch | 12 ++++++------
 patches/ca_ca.patch           |  4 ++--
 patches/cmd_shell.patch       | 13 -------------
 patches/db_migrations.patch   | 15 +++++++++------
 patches/ra_ra.patch           |  4 ++--
 patches/remoteva_main.patch   | 14 +++++++-------
 patches/va_va.patch           | 20 ++++++++++----------
 patches/wfe2_wfe.patch        |  4 ++--
 14 files changed, 43 insertions(+), 54 deletions(-)
 delete mode 100644 patches/cmd_shell.patch

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 830bf7b..2cb905c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -13,7 +13,7 @@ jobs:
       fail-fast: false
       matrix:
         GO_VERSION:
-          - 1.22.5
+          - 1.23.1
 
     steps:
       - name: Checkout
diff --git a/build/Dockerfile-boulder b/build/Dockerfile-boulder
index 63d0fd3..cf1fbac 100644
--- a/build/Dockerfile-boulder
+++ b/build/Dockerfile-boulder
@@ -1,4 +1,4 @@
-FROM letsencrypt/boulder-tools:go1.22.5_2024-08-13 AS boulder-tools
+FROM letsencrypt/boulder-tools:go1.23.1_2024-09-05 AS boulder-tools
 
 FROM ubuntu:focal
 
diff --git a/build/build.sh b/build/build.sh
index b578a7f..13426f2 100755
--- a/build/build.sh
+++ b/build/build.sh
@@ -8,7 +8,7 @@ TMP_DIR=$(pwd)/tmp
 rm -rf $TMP_DIR && mkdir -p $TMP_DIR/{admin,bin,logs,src}
 
 boulderDir=$TMP_DIR/src
-boulderTag="release-2024-08-30a"
+boulderTag="release-2024-10-28"
 boulderUrl="https://github.com/letsencrypt/boulder/"
 cloneDir=$(pwd)/..
 
diff --git a/build/docker-compose.yml b/build/docker-compose.yml
index 5f9abc5..d8e7a85 100644
--- a/build/docker-compose.yml
+++ b/build/docker-compose.yml
@@ -9,7 +9,7 @@ services:
       context: test/boulder-tools/
       # Should match one of the GO_CI_VERSIONS in test/boulder-tools/tag_and_upload.sh.
       args:
-        GO_VERSION: 1.23.0
+        GO_VERSION: 1.23.1
     environment:
       # To solve HTTP-01 and TLS-ALPN-01 challenges, change the IP in FAKE_DNS
       # to the IP address where your ACME client's solver is listening.
diff --git a/install b/install
index 2edcbba..a14f4f1 100755
--- a/install
+++ b/install
@@ -30,7 +30,7 @@ dockerComposeVersion="v2.5.0"
 
 labcaUrl="https://github.com/hakwerk/labca/"
 boulderUrl="https://github.com/letsencrypt/boulder/"
-boulderTag="release-2024-08-30a"
+boulderTag="release-2024-10-28"
 
 # Feature flags
 flag_skip_redis=true
diff --git a/patch.sh b/patch.sh
index 6dca3a0..4beec56 100755
--- a/patch.sh
+++ b/patch.sh
@@ -24,7 +24,6 @@ $SUDO patch -p1 < $cloneDir/patches/ca_ca.patch
 $SUDO patch -p1 < $cloneDir/patches/ca_crl.patch
 $SUDO patch -p1 < $cloneDir/patches/cert-checker_main.patch
 $SUDO patch -p1 < $cloneDir/patches/cmd_config.patch
-$SUDO patch -p1 < $cloneDir/patches/cmd_shell.patch
 $SUDO patch -p1 < $cloneDir/patches/config_duration.patch
 $SUDO patch -p1 < $cloneDir/patches/contact-auditor_main.patch
 $SUDO patch -p1 < $cloneDir/patches/core_interfaces.patch
diff --git a/patches/boulder-va_main.patch b/patches/boulder-va_main.patch
index 23fa05d..53b1692 100644
--- a/patches/boulder-va_main.patch
+++ b/patches/boulder-va_main.patch
@@ -1,5 +1,5 @@
 diff --git a/cmd/boulder-va/main.go b/cmd/boulder-va/main.go
-index 032435fac..d3961512b 100644
+index 60353424a..90dbe627a 100644
 --- a/cmd/boulder-va/main.go
 +++ b/cmd/boulder-va/main.go
 @@ -21,6 +21,7 @@ type Config struct {
@@ -10,12 +10,12 @@ index 032435fac..d3961512b 100644
  	}
  
  	Syslog        cmd.SyslogConfig
-@@ -115,7 +116,8 @@ func main() {
- 		scope,
- 		clk,
+@@ -117,7 +118,8 @@ func main() {
  		logger,
--		c.VA.AccountURIPrefixes)
-+		c.VA.AccountURIPrefixes,
+ 		c.VA.AccountURIPrefixes,
+ 		va.PrimaryPerspective,
+-		"")
++		"",
 +		c.VA.LabCADomains)
  	cmd.FailOnError(err, "Unable to create VA server")
  
diff --git a/patches/ca_ca.patch b/patches/ca_ca.patch
index 56d1b1e..32386fe 100644
--- a/patches/ca_ca.patch
+++ b/patches/ca_ca.patch
@@ -1,8 +1,8 @@
 diff --git a/ca/ca.go b/ca/ca.go
-index e55b2d665..1d4ba7242 100644
+index d2d48e558..a6114ffdd 100644
 --- a/ca/ca.go
 +++ b/ca/ca.go
-@@ -153,10 +153,10 @@ func makeIssuerMaps(issuers []*issuance.Issuer) (issuerMaps, error) {
+@@ -159,10 +159,10 @@ func makeIssuerMaps(issuers []*issuance.Issuer) (issuerMaps, error) {
  		}
  	}
  	if i, ok := issuersByAlg[x509.ECDSA]; !ok || len(i) == 0 {
diff --git a/patches/cmd_shell.patch b/patches/cmd_shell.patch
deleted file mode 100644
index 542cad0..0000000
--- a/patches/cmd_shell.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/cmd/shell.go b/cmd/shell.go
-index ef4105500..e602adc56 100644
---- a/cmd/shell.go
-+++ b/cmd/shell.go
-@@ -222,7 +222,7 @@ func NewLogger(logConf SyslogConfig) blog.Logger {
- 	// Boulder's conception of time.
- 	go func() {
- 		for {
--			time.Sleep(time.Minute)
-+			time.Sleep(15*time.Minute)
- 			logger.Info(fmt.Sprintf("time=%s", time.Now().Format(time.RFC3339Nano)))
- 		}
- 	}()
diff --git a/patches/db_migrations.patch b/patches/db_migrations.patch
index 6cc957d..270822d 100644
--- a/patches/db_migrations.patch
+++ b/patches/db_migrations.patch
@@ -1,5 +1,5 @@
 diff --git a/sa/db/boulder_sa/20230419000000_CombinedSchema.sql b/sa/db/boulder_sa/20230419000000_CombinedSchema.sql
-index 34d6f151c..3641d1f7c 100644
+index ff8e54320..347f72fff 100644
 --- a/sa/db/boulder_sa/20230419000000_CombinedSchema.sql
 +++ b/sa/db/boulder_sa/20230419000000_CombinedSchema.sql
 @@ -1,7 +1,9 @@
@@ -170,7 +170,7 @@ index 34d6f151c..3641d1f7c 100644
    `id` bigint(20) UNSIGNED NOT NULL AUTO_INCREMENT,
    `registrationID` bigint(20) NOT NULL,
    `expires` datetime NOT NULL,
-@@ -169,11 +174,9 @@ CREATE TABLE `orders` (
+@@ -169,14 +174,12 @@ CREATE TABLE `orders` (
    PRIMARY KEY (`id`),
    KEY `reg_status_expires` (`registrationID`,`expires`),
    KEY `regID_created_idx` (`registrationID`,`created`)
@@ -179,12 +179,15 @@ index 34d6f151c..3641d1f7c 100644
 -(PARTITION p_start VALUES LESS THAN (MAXVALUE));
 +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
  
+ -- Note: This table's name is a historical artifact and it is now
+ -- used to store linting certificates, not precertificates.
+ -- See #6807.
 -CREATE TABLE `precertificates` (
 +CREATE TABLE IF NOT EXISTS `precertificates` (
    `id` bigint(20) NOT NULL AUTO_INCREMENT,
    `registrationID` bigint(20) NOT NULL,
    `serial` varchar(255) NOT NULL,
-@@ -184,11 +187,11 @@ CREATE TABLE `precertificates` (
+@@ -187,11 +190,11 @@ CREATE TABLE `precertificates` (
    KEY `serial` (`serial`),
    KEY `regId_precertificates_idx` (`registrationID`),
    KEY `issued_precertificates_idx` (`issued`)
@@ -200,7 +203,7 @@ index 34d6f151c..3641d1f7c 100644
    `id` bigint(20) NOT NULL AUTO_INCREMENT,
    `jwk` mediumblob NOT NULL,
    `jwk_sha256` varchar(255) NOT NULL,
-@@ -203,20 +206,32 @@ CREATE TABLE `registrations` (
+@@ -206,20 +209,32 @@ CREATE TABLE `registrations` (
    KEY `initialIP_createdAt` (`initialIP`,`createdAt`)
  ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
  
@@ -238,7 +241,7 @@ index 34d6f151c..3641d1f7c 100644
    `id` bigint(20) NOT NULL AUTO_INCREMENT,
    `registrationID` bigint(20) NOT NULL,
    `serial` varchar(255) NOT NULL,
-@@ -234,6 +249,18 @@ CREATE TABLE `serials` (
+@@ -237,6 +252,18 @@ CREATE TABLE `serials` (
  -- First set of tables have foreign key constraints, so are dropped first.
  DROP TABLE `serials`;
  
@@ -257,7 +260,7 @@ index 34d6f151c..3641d1f7c 100644
  DROP TABLE `authz2`;
  DROP TABLE `blockedKeys`;
  DROP TABLE `certificateStatus`;
-@@ -244,8 +271,44 @@ DROP TABLE `issuedNames`;
+@@ -247,8 +274,44 @@ DROP TABLE `issuedNames`;
  DROP TABLE `keyHashToSerial`;
  DROP TABLE `newOrdersRL`;
  DROP TABLE `orderFqdnSets`;
diff --git a/patches/ra_ra.patch b/patches/ra_ra.patch
index 84a04f1..5423520 100644
--- a/patches/ra_ra.patch
+++ b/patches/ra_ra.patch
@@ -1,5 +1,5 @@
 diff --git a/ra/ra.go b/ra/ra.go
-index 513f2d444..006de7f4f 100644
+index 63ed21376..018ed136c 100644
 --- a/ra/ra.go
 +++ b/ra/ra.go
 @@ -44,7 +44,6 @@ import (
@@ -10,7 +10,7 @@ index 513f2d444..006de7f4f 100644
  	"github.com/letsencrypt/boulder/probs"
  	pubpb "github.com/letsencrypt/boulder/publisher/proto"
  	rapb "github.com/letsencrypt/boulder/ra/proto"
-@@ -574,7 +573,7 @@ func (ra *RegistrationAuthorityImpl) validateContacts(contacts []string) error {
+@@ -508,7 +507,7 @@ func (ra *RegistrationAuthorityImpl) validateContacts(contacts []string) error {
  				contact,
  			)
  		}
diff --git a/patches/remoteva_main.patch b/patches/remoteva_main.patch
index 7ad04c0..f014802 100644
--- a/patches/remoteva_main.patch
+++ b/patches/remoteva_main.patch
@@ -1,8 +1,8 @@
 diff --git a/cmd/remoteva/main.go b/cmd/remoteva/main.go
-index 9ea068fc0..ef77eebfe 100644
+index 49db5c179..7c5931a04 100644
 --- a/cmd/remoteva/main.go
 +++ b/cmd/remoteva/main.go
-@@ -37,7 +37,8 @@ type Config struct {
+@@ -60,7 +60,8 @@ type Config struct {
  		// For more information, see: https://pkg.go.dev/crypto/tls#ClientAuthType
  		SkipGRPCClientCertVerification bool
  
@@ -12,12 +12,12 @@ index 9ea068fc0..ef77eebfe 100644
  	}
  
  	Syslog        cmd.SyslogConfig
-@@ -118,7 +119,8 @@ func main() {
- 		scope,
- 		clk,
+@@ -143,7 +144,8 @@ func main() {
  		logger,
--		c.RVA.AccountURIPrefixes)
-+		c.RVA.AccountURIPrefixes,
+ 		c.RVA.AccountURIPrefixes,
+ 		c.RVA.Perspective,
+-		c.RVA.RIR)
++		c.RVA.RIR,
 +		c.RVA.LabCADomains)
  	cmd.FailOnError(err, "Unable to create Remote-VA server")
  
diff --git a/patches/va_va.patch b/patches/va_va.patch
index 3c0bfc2..f0bbb86 100644
--- a/patches/va_va.patch
+++ b/patches/va_va.patch
@@ -1,27 +1,27 @@
 diff --git a/va/va.go b/va/va.go
-index d43346bbc..e0784adcb 100644
+index 17c03cf6e..237d82c6b 100644
 --- a/va/va.go
 +++ b/va/va.go
-@@ -256,6 +256,7 @@ type ValidationAuthorityImpl struct {
- 	maxRemoteFailures  int
- 	accountURIPrefixes []string
+@@ -260,6 +260,7 @@ type ValidationAuthorityImpl struct {
  	singleDialTimeout  time.Duration
+ 	perspective        string
+ 	rir                string
 +	labcaDomains       []string
  
  	metrics *vaMetrics
  }
-@@ -274,6 +275,7 @@ func NewValidationAuthorityImpl(
- 	clk clock.Clock,
- 	logger blog.Logger,
+@@ -280,6 +281,7 @@ func NewValidationAuthorityImpl(
  	accountURIPrefixes []string,
+ 	perspective string,
+ 	rir string,
 +	labcaDomains []string,
  ) (*ValidationAuthorityImpl, error) {
  
  	if len(accountURIPrefixes) == 0 {
-@@ -300,6 +302,7 @@ func NewValidationAuthorityImpl(
- 		// used for the DialContext operations that take place during an
- 		// HTTP-01 challenge validation.
+@@ -308,6 +310,7 @@ func NewValidationAuthorityImpl(
  		singleDialTimeout: 10 * time.Second,
+ 		perspective:       perspective,
+ 		rir:               rir,
 +		labcaDomains:      labcaDomains,
  	}
  
diff --git a/patches/wfe2_wfe.patch b/patches/wfe2_wfe.patch
index 72e0750..0042cef 100644
--- a/patches/wfe2_wfe.patch
+++ b/patches/wfe2_wfe.patch
@@ -1,5 +1,5 @@
 diff --git a/wfe2/wfe.go b/wfe2/wfe.go
-index 7620954e7..c7cae65d5 100644
+index 1f4b11fa5..64239cf58 100644
 --- a/wfe2/wfe.go
 +++ b/wfe2/wfe.go
 @@ -25,6 +25,7 @@ import (
@@ -35,7 +35,7 @@ index 7620954e7..c7cae65d5 100644
  	}
  
  	return wfe, nil
-@@ -2311,8 +2316,25 @@ func (wfe *WebFrontEndImpl) NewOrder(
+@@ -2308,8 +2313,25 @@ func (wfe *WebFrontEndImpl) NewOrder(
  		names[i] = ident.Value
  	}