diff --git a/bad-key-revoker_main.patch b/bad-key-revoker_main.patch index a69d503..b4c6ee6 100644 --- a/bad-key-revoker_main.patch +++ b/bad-key-revoker_main.patch @@ -1,5 +1,5 @@ diff --git a/cmd/bad-key-revoker/main.go b/cmd/bad-key-revoker/main.go -index 17704c41..e2a060b1 100644 +index a78efee19..1c08b7035 100644 --- a/cmd/bad-key-revoker/main.go +++ b/cmd/bad-key-revoker/main.go @@ -14,6 +14,7 @@ import ( @@ -9,8 +9,8 @@ index 17704c41..e2a060b1 100644 + "github.com/letsencrypt/boulder/bdns" "github.com/letsencrypt/boulder/cmd" "github.com/letsencrypt/boulder/core" - corepb "github.com/letsencrypt/boulder/core/proto" -@@ -346,6 +347,9 @@ func main() { + "github.com/letsencrypt/boulder/db" +@@ -345,6 +346,9 @@ func main() { TLS cmd.TLSConfig RAService *cmd.GRPCClientConfig @@ -20,7 +20,7 @@ index 17704c41..e2a060b1 100644 // MaximumRevocations specifies the maximum number of certificates associated with // a key hash that bad-key-revoker will attempt to revoke. If the number of certificates // is higher than MaximumRevocations bad-key-revoker will error out and refuse to -@@ -373,6 +377,12 @@ func main() { +@@ -372,6 +376,12 @@ func main() { Syslog cmd.SyslogConfig Beeline cmd.BeelineConfig @@ -33,7 +33,7 @@ index 17704c41..e2a060b1 100644 } configPath := flag.String("config", "", "File path to the configuration file for this service") flag.Parse() -@@ -418,6 +428,30 @@ func main() { +@@ -417,6 +427,30 @@ func main() { cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to RA") rac := rapb.NewRegistrationAuthorityClient(conn) @@ -64,7 +64,7 @@ index 17704c41..e2a060b1 100644 var smtpRoots *x509.CertPool if config.BadKeyRevoker.Mailer.SMTPTrustedRootFile != "" { pem, err := ioutil.ReadFile(config.BadKeyRevoker.Mailer.SMTPTrustedRootFile) -@@ -439,6 +473,7 @@ func main() { +@@ -438,6 +472,7 @@ func main() { config.BadKeyRevoker.Mailer.Username, smtpPassword, smtpRoots, diff --git a/contact-auditor_main.patch b/contact-auditor_main.patch new file mode 100644 index 0000000..4a02d4f --- /dev/null +++ b/contact-auditor_main.patch @@ -0,0 +1,26 @@ +diff --git a/cmd/contact-auditor/main.go b/cmd/contact-auditor/main.go +index 88792e42a..26dfed7e5 100644 +--- a/cmd/contact-auditor/main.go ++++ b/cmd/contact-auditor/main.go +@@ -12,6 +12,7 @@ import ( + "time" + + "github.com/go-sql-driver/mysql" ++ "github.com/letsencrypt/boulder/core" + "github.com/letsencrypt/boulder/cmd" + blog "github.com/letsencrypt/boulder/log" + "github.com/letsencrypt/boulder/policy" +@@ -49,9 +50,12 @@ func validateContacts(id int64, createdAt string, contacts []string) error { + fmt.Fprintf(&probsBuff, "%d\t%s\tvalidation\t%q\t%q\n", id, createdAt, contact, prob) + } + ++ var pa *policy.AuthorityImpl ++ pa, _ = policy.New(map[core.AcmeChallenge]bool{}) ++ + for _, contact := range contacts { + if strings.HasPrefix(contact, "mailto:") { +- err := policy.ValidEmail(strings.TrimPrefix(contact, "mailto:")) ++ err := pa.ValidEmail(strings.TrimPrefix(contact, "mailto:")) + if err != nil { + writeProb(contact, err.Error()) + } diff --git a/core_interfaces.patch b/core_interfaces.patch index 2c54808..7fab6b9 100644 --- a/core_interfaces.patch +++ b/core_interfaces.patch @@ -1,8 +1,8 @@ diff --git a/core/interfaces.go b/core/interfaces.go -index 06576845c..a854745fd 100644 +index edbf531fa..1de27cc82 100644 --- a/core/interfaces.go +++ b/core/interfaces.go -@@ -95,6 +95,7 @@ type PolicyAuthority interface { +@@ -96,6 +96,7 @@ type PolicyAuthority interface { WillingToIssueWildcards(identifiers []identifier.ACMEIdentifier) error ChallengesFor(domain identifier.ACMEIdentifier) ([]Challenge, error) ChallengeTypeEnabled(t AcmeChallenge) bool diff --git a/docker-compose.patch b/docker-compose.patch index 31cfe5a..2fe0737 100644 --- a/docker-compose.patch +++ b/docker-compose.patch @@ -1,9 +1,9 @@ diff --git a/docker-compose.yml b/docker-compose.yml -index 1a4dd8295..d2c105ec4 100644 +index ec5150a2a..ea23aa838 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,10 +4,11 @@ services: - image: &boulder_image letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-go1.16.4_2021-05-06} + image: &boulder_image letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-go1.16.5_2021-06-11} environment: FAKE_DNS: 10.77.77.77 - BOULDER_CONFIG_DIR: test/config diff --git a/install b/install index 8ad0660..9bb9519 100755 --- a/install +++ b/install @@ -24,7 +24,7 @@ dockerComposeVersion="1.28.5" labcaUrl="https://github.com/hakwerk/labca/" boulderUrl="https://github.com/letsencrypt/boulder/" -boulderTag="release-2021-06-01" +boulderTag="release-2021-07-12" # # Color configuration @@ -544,6 +544,9 @@ config_boulder() { sudo -u labca -H patch -p1 < $cloneDir/notify-mailer_main.patch &>>$installLog cp cmd/notify-mailer/main.go "$boulderLabCADir/.backup/" + sudo -u labca -H patch -p1 < $cloneDir/contact-auditor_main.patch &>>$installLog + cp cmd/contact-auditor/main.go "$boulderLabCADir/.backup/" + sudo -u labca -H patch -p1 < $cloneDir/bad-key-revoker_main.patch &>>$installLog cp cmd/bad-key-revoker/main.go "$boulderLabCADir/.backup/" @@ -631,6 +634,7 @@ config_boulder() { rm test-ca2.pem ([ -e mock-vendor.go ] && rm mock-vendor.go) || /bin/true + ([ -e test-tools.go ] && rm test-tools.go) || /bin/true local have_config=$(grep restarted $adminDir/data/config.json | grep true) if [ "$have_config" != "" ]; then diff --git a/mail_mailer.patch b/mail_mailer.patch index a5e5b48..1cbe25f 100644 --- a/mail_mailer.patch +++ b/mail_mailer.patch @@ -1,8 +1,8 @@ diff --git a/mail/mailer.go b/mail/mailer.go -index bb5bacaf2..946992dca 100644 +index 864cdbd51..21b2417f4 100644 --- a/mail/mailer.go +++ b/mail/mailer.go -@@ -20,10 +20,14 @@ import ( +@@ -21,10 +21,14 @@ import ( "time" "github.com/jmhodges/clock" @@ -17,7 +17,7 @@ index bb5bacaf2..946992dca 100644 ) type idGenerator interface { -@@ -121,6 +125,7 @@ func New( +@@ -122,6 +126,7 @@ func New( username, password string, rootCAs *x509.CertPool, @@ -25,7 +25,7 @@ index bb5bacaf2..946992dca 100644 from mail.Address, logger blog.Logger, stats prometheus.Registerer, -@@ -140,6 +145,7 @@ func New( +@@ -141,6 +146,7 @@ func New( server: server, port: port, rootCAs: rootCAs, @@ -33,7 +33,7 @@ index bb5bacaf2..946992dca 100644 }, log: logger, from: from, -@@ -180,7 +186,7 @@ func (m *MailerImpl) generateMessage(to []string, subject, body string) ([]byte, +@@ -181,7 +187,7 @@ func (m *MailerImpl) generateMessage(to []string, subject, body string) ([]byte, fmt.Sprintf("To: %s", strings.Join(addrs, ", ")), fmt.Sprintf("From: %s", m.from.String()), fmt.Sprintf("Subject: %s", subject), @@ -42,7 +42,7 @@ index bb5bacaf2..946992dca 100644 fmt.Sprintf("Message-Id: <%s.%s.%s>", now.Format("20060102T150405"), mid.String(), m.from.Address), "MIME-Version: 1.0", "Content-Type: text/plain; charset=UTF-8", -@@ -237,23 +243,32 @@ func (m *MailerImpl) Connect() error { +@@ -238,23 +244,32 @@ func (m *MailerImpl) Connect() error { type dialerImpl struct { username, password, server, port string rootCAs *x509.CertPool diff --git a/notify-mailer_main.patch b/notify-mailer_main.patch index 0a679fc..c21c450 100644 --- a/notify-mailer_main.patch +++ b/notify-mailer_main.patch @@ -1,36 +1,36 @@ diff --git a/cmd/notify-mailer/main.go b/cmd/notify-mailer/main.go -index f4a25a78..68b23dc7 100644 +index fa2aac74e..08430ee10 100644 --- a/cmd/notify-mailer/main.go +++ b/cmd/notify-mailer/main.go -@@ -38,6 +38,7 @@ type mailer struct { - destinations []recipient +@@ -37,6 +37,7 @@ type mailer struct { + recipients []recipient targetRange interval sleepInterval time.Duration + pa *policy.AuthorityImpl } - // interval defines a range of email addresses to send to, alphabetically. -@@ -147,7 +148,7 @@ func (m *mailer) run() error { - m.log.Debugf("skipping %q: out of target range") + // interval defines a range of email addresses to send to in alphabetical order. +@@ -151,7 +152,7 @@ func (m *mailer) run() error { continue } + - if err := policy.ValidEmail(address); err != nil { + if err := m.pa.ValidEmail(address); err != nil { - m.log.Infof("skipping %q: %s", address, err) + m.log.Infof("Skipping %q due to policy violation: %s", address, err) continue } -@@ -410,7 +411,9 @@ func main() { - cmd.PasswordConfig +@@ -477,7 +478,9 @@ func main() { + NotifyMailer struct { + DB cmd.DBConfig cmd.SMTPConfig - Features map[string]bool + cmd.HostnamePolicyConfig } + PA cmd.PAConfig Syslog cmd.SyslogConfig } - configFile := flag.String("config", "", "File containing a JSON config.") -@@ -464,6 +467,14 @@ func main() { - end: *end, + +@@ -531,6 +534,14 @@ func main() { + log.Infof("While reading the recipient list file %s", probs) } + // Validate PA config and set defaults if needed @@ -43,8 +43,8 @@ index f4a25a78..68b23dc7 100644 + var mailClient bmail.Mailer if *dryRun { - log.Infof("Doing a dry run.") -@@ -477,6 +488,7 @@ func main() { + log.Infof("Starting %s in dry-run mode", cmd.VersionString()) +@@ -546,6 +557,7 @@ func main() { cfg.NotifyMailer.Username, smtpPassword, nil, @@ -52,9 +52,9 @@ index f4a25a78..68b23dc7 100644 *address, log, metrics.NoopRegisterer, -@@ -494,6 +506,7 @@ func main() { - emailTemplate: template, - targetRange: targetRange, +@@ -566,6 +578,7 @@ func main() { + end: *end, + }, sleepInterval: *sleep, + pa: pa, } diff --git a/ra_ra.patch b/ra_ra.patch index 257c631..c67edef 100644 --- a/ra_ra.patch +++ b/ra_ra.patch @@ -1,5 +1,5 @@ diff --git a/ra/ra.go b/ra/ra.go -index 1fd47d29..ccc5aef8 100644 +index 58fa25ca8..09d2a3579 100644 --- a/ra/ra.go +++ b/ra/ra.go @@ -31,7 +31,6 @@ import ( @@ -10,7 +10,7 @@ index 1fd47d29..ccc5aef8 100644 "github.com/letsencrypt/boulder/probs" pubpb "github.com/letsencrypt/boulder/publisher/proto" rapb "github.com/letsencrypt/boulder/ra/proto" -@@ -443,7 +442,7 @@ func (ra *RegistrationAuthorityImpl) validateContacts(ctx context.Context, conta +@@ -446,7 +445,7 @@ func (ra *RegistrationAuthorityImpl) validateContacts(ctx context.Context, conta contact, ) }