Bump boulder version to release-2024-05-06

2026-01-27 10:19:34 +00:00 · 2024-07-02 19:47:47 +02:00
parent e6e69beb41
commit 4eb3ad877c
16 changed files with 80 additions and 51 deletions
--- a/patches/boulder-va_main.patch
+++ b/patches/boulder-va_main.patch
@@ -1,16 +1,16 @@
 diff --git a/cmd/boulder-va/main.go b/cmd/boulder-va/main.go
-index 0bef1d4f1..ec03f44e7 100644
+index 032435fac..d3961512b 100644
 --- a/cmd/boulder-va/main.go
 +++ b/cmd/boulder-va/main.go
-@@ -41,6 +41,7 @@ type Config struct {
- 		Features features.Config
- 
- 		AccountURIPrefixes []string `validate:"min=1,dive,required,url"`
-+		LabCADomains       []string
+@@ -21,6 +21,7 @@ type Config struct {
+ 		RemoteVAs                   []cmd.GRPCClientConfig `validate:"omitempty,dive"`
+ 		MaxRemoteValidationFailures int                    `validate:"omitempty,min=0,required_with=RemoteVAs"`
+ 		Features                    features.Config
+		LabCADomains                []string
 	}
 
 	Syslog        cmd.SyslogConfig
-@@ -150,7 +151,8 @@ func main() {
+@@ -115,7 +116,8 @@ func main() {
 		scope,
 		clk,
 		logger,
--- a/patches/ca_crl.patch
+++ b/patches/ca_crl.patch
@@ -1,8 +1,8 @@
 diff --git a/ca/crl.go b/ca/crl.go
-index 23d8d3ab1..bc28fc618 100644
+index 35bf4c07d..36316235e 100644
 --- a/ca/crl.go
 +++ b/ca/crl.go
-@@ -134,8 +134,10 @@ func (ci *crlImpl) GenerateCRL(stream capb.CRLGenerator_GenerateCRLServer) error
+@@ -122,8 +122,10 @@ func (ci *crlImpl) GenerateCRL(stream capb.CRLGenerator_GenerateCRLServer) error
 				builder = strings.Builder{}
 			}
 		}
--- a/patches/cmd_config.patch
+++ b/patches/cmd_config.patch
@@ -1,8 +1,8 @@
 diff --git a/cmd/config.go b/cmd/config.go
-index d38291d5..13fe4a52 100644
+index 1a3edabff..09369bf88 100644
 --- a/cmd/config.go
 +++ b/cmd/config.go
-@@ -454,7 +454,7 @@ type GRPCServerConfig struct {
+@@ -455,7 +455,7 @@ type GRPCServerConfig struct {
 	// this controls how long it takes before a client learns about changes to its
 	// backends.
 	// https://pkg.go.dev/google.golang.org/grpc/keepalive#ServerParameters
--- a/patches/issuance_crl.patch
+++ b/patches/issuance_crl.patch
@@ -1,13 +0,0 @@
-diff --git a/issuance/crl.go b/issuance/crl.go
-index 9f9619ff1..f0a180a6f 100644
--- a/issuance/crl.go
-+++ b/issuance/crl.go
-@@ -91,7 +91,7 @@ func (i *Issuer) IssueCRL(prof *CRLProfile, req *CRLRequest) ([]byte, error) {
- 	if req.DeprecatedIDPBaseURL != "" {
- 		// TODO(#7296): Remove this fallback once CCADB and all non-expired certs
- 		// contain the new-style CRLDP URL instead.
-		idps = append(idps, fmt.Sprintf("%s/%d/%d.crl", req.DeprecatedIDPBaseURL, i.NameID(), req.Shard))
-+		idps = append(idps, fmt.Sprintf("%s/%d.crl", req.DeprecatedIDPBaseURL, i.NameID()))
- 	}
- 	idp, err := idp.MakeUserCertsExt(idps)
- 	if err != nil {
--- a/patches/ratelimits_names.patch
+++ b/patches/ratelimits_names.patch
@@ -1,8 +1,8 @@
 diff --git a/ratelimits/names.go b/ratelimits/names.go
-index c92970498..f4d6c282b 100644
+index 0037363b0..c2ddc6076 100644
 --- a/ratelimits/names.go
 +++ b/ratelimits/names.go
-@@ -148,7 +148,11 @@ func validateRegId(id string) error {
+@@ -150,7 +150,11 @@ func validateRegId(id string) error {
 // validateDomain validates that the provided string is formatted 'domain',
 // where domain is a domain name.
 func validateDomain(id string) error {
@@ -15,7 +15,7 @@ index c92970498..f4d6c282b 100644
 	if err != nil {
 		return fmt.Errorf("invalid domain, %q must be formatted 'domain': %w", id, err)
 	}
-@@ -169,7 +173,11 @@ func validateRegIdDomain(id string) error {
+@@ -171,7 +175,11 @@ func validateRegIdDomain(id string) error {
 		return fmt.Errorf(
 			"invalid regId, %q must be formatted 'regId:domain'", id)
 	}
@@ -28,7 +28,7 @@ index c92970498..f4d6c282b 100644
 	if err != nil {
 		return fmt.Errorf(
 			"invalid domain, %q must be formatted 'regId:domain': %w", id, err)
-@@ -185,8 +193,12 @@ func validateFQDNSet(id string) error {
+@@ -187,8 +195,12 @@ func validateFQDNSet(id string) error {
 		return fmt.Errorf(
 			"invalid fqdnSet, %q must be formatted 'fqdnSet'", id)
 	}
--- a/patches/remoteva_main.patch
+++ b/patches/remoteva_main.patch
@@ -0,0 +1,24 @@
+diff --git a/cmd/remoteva/main.go b/cmd/remoteva/main.go
+index e83642477..6efab1ca3 100644
+--- a/cmd/remoteva/main.go
+++ b/cmd/remoteva/main.go
+@@ -18,7 +18,8 @@ import (
+ type Config struct {
+ 	RVA struct {
+ 		vaConfig.Common
+-		Features features.Config
+		Features     features.Config
+		LabCADomains []string
+ 	}
+ 
+ 	Syslog        cmd.SyslogConfig
+@@ -95,7 +96,8 @@ func main() {
+ 		scope,
+ 		clk,
+ 		logger,
+-		c.RVA.AccountURIPrefixes)
+		c.RVA.AccountURIPrefixes,
+		c.RVA.LabCADomains)
+ 	cmd.FailOnError(err, "Unable to create Remote-VA server")
+ 
+ 	start, err := bgrpc.NewServer(c.RVA.GRPC, logger).Add(
--- a/patches/startservers.patch
+++ b/patches/startservers.patch
@@ -1,8 +1,8 @@
 diff --git a/test/startservers.py b/test/startservers.py
-index 022e08949..e24e9085a 100644
+index fcfdc9423..5d19996ad 100644
 --- a/test/startservers.py
 +++ b/test/startservers.py
-@@ -161,6 +161,9 @@ processes = []
+@@ -169,6 +169,9 @@ processes = []
 challSrvProcess = None
 
 def setupHierarchy():
--- a/patches/test_config_ca.patch
+++ b/patches/test_config_ca.patch
@@ -2,7 +2,7 @@ diff --git a/test/config/ca.json b/test/config/ca.json
 index 53ae91f2d..1937e5580 100644
 --- a/test/config/ca.json
 +++ b/test/config/ca.json
-@@ -59,35 +59,13 @@
+@@ -59,38 +59,14 @@
 			},
 			"issuers": [
 				{
@@ -10,6 +10,7 @@ index 53ae91f2d..1937e5580 100644
 -					"useForECDSALeaves": true,
 -					"issuerURL": "http://ca.example.org:4502/int-ecdsa-a",
 -					"ocspURL": "http://ca.example.org:4002/",
+-					"crlURLBase": "http://ca.example.org:4501/ecdsa-a/",
 -					"location": {
 -						"configFile": "/hierarchy/int-ecdsa-a.pkcs11.json",
 -						"certFile": "/hierarchy/int-ecdsa-a.cert.pem",
@@ -21,6 +22,7 @@ index 53ae91f2d..1937e5580 100644
 					"useForECDSALeaves": true,
 					"issuerURL": "http://ca.example.org:4502/int-rsa-a",
 					"ocspURL": "http://ca.example.org:4002/",
+ 					"crlURLBase": "http://ca.example.org:4501/rsa-a/",
 					"location": {
 -						"configFile": "/hierarchy/int-rsa-a.pkcs11.json",
 -						"certFile": "/hierarchy/int-rsa-a.cert.pem",
@@ -32,6 +34,7 @@ index 53ae91f2d..1937e5580 100644
 -					"useForECDSALeaves": false,
 -					"issuerURL": "http://ca.example.org:4502/int-rsa-b",
 -					"ocspURL": "http://ca.example.org:4003/",
+-					"crlURLBase": "http://ca.example.org:4501/rsa-b/",
 -					"location": {
 -						"configFile": "/hierarchy/int-rsa-b.pkcs11.json",
 -						"certFile": "/hierarchy/int-rsa-b.cert.pem",
--- a/patches/va_http.patch
+++ b/patches/va_http.patch
@@ -1,8 +1,8 @@
 diff --git a/va/http.go b/va/http.go
-index 78df8bf42..db281855c 100644
+index 5eefabcb4..0188d4005 100644
 --- a/va/http.go
 +++ b/va/http.go
-@@ -332,7 +332,16 @@ func (va *ValidationAuthorityImpl) extractRequestTarget(req *http.Request) (stri
+@@ -326,7 +326,16 @@ func (va *ValidationAuthorityImpl) extractRequestTarget(req *http.Request) (stri
 	}
 
 	if _, err := iana.ExtractSuffix(reqHost); err != nil {