Merge branch 'release/21.07'

* release/21.07: Bump boulder version to release-2021-07-12 Stay on non-master branches when updating via gui Do not allocate pseudo-TTY for mysql maintenance (#19 #21)
2026-01-27 18:19:33 +00:00 · 2021-07-16 18:52:45 +02:00
parent b026c068a1 4a499c7fb0
commit 615f6f7dde
9 changed files with 76 additions and 40 deletions
--- a/bad-key-revoker_main.patch
+++ b/bad-key-revoker_main.patch
@@ -1,5 +1,5 @@
 diff --git a/cmd/bad-key-revoker/main.go b/cmd/bad-key-revoker/main.go
-index 17704c41..e2a060b1 100644
+index a78efee19..1c08b7035 100644
 --- a/cmd/bad-key-revoker/main.go
 +++ b/cmd/bad-key-revoker/main.go
@@ -14,6 +14,7 @@ import (
@@ -9,8 +9,8 @@ index 17704c41..e2a060b1 100644
 +	"github.com/letsencrypt/boulder/bdns"
 	"github.com/letsencrypt/boulder/cmd"
 	"github.com/letsencrypt/boulder/core"
- 	corepb "github.com/letsencrypt/boulder/core/proto"
-@@ -346,6 +347,9 @@ func main() {
+ 	"github.com/letsencrypt/boulder/db"
+@@ -345,6 +346,9 @@ func main() {
 			TLS       cmd.TLSConfig
 			RAService *cmd.GRPCClientConfig
 
@@ -20,7 +20,7 @@ index 17704c41..e2a060b1 100644
 			// MaximumRevocations specifies the maximum number of certificates associated with
 			// a key hash that bad-key-revoker will attempt to revoke. If the number of certificates
 			// is higher than MaximumRevocations bad-key-revoker will error out and refuse to
-@@ -373,6 +377,12 @@ func main() {
+@@ -372,6 +376,12 @@ func main() {
 
 		Syslog  cmd.SyslogConfig
 		Beeline cmd.BeelineConfig
@@ -33,7 +33,7 @@ index 17704c41..e2a060b1 100644
 	}
 	configPath := flag.String("config", "", "File path to the configuration file for this service")
 	flag.Parse()
-@@ -418,6 +428,30 @@ func main() {
+@@ -417,6 +427,30 @@ func main() {
 	cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to RA")
 	rac := rapb.NewRegistrationAuthorityClient(conn)
 
@@ -64,7 +64,7 @@ index 17704c41..e2a060b1 100644
 	var smtpRoots *x509.CertPool
 	if config.BadKeyRevoker.Mailer.SMTPTrustedRootFile != "" {
 		pem, err := ioutil.ReadFile(config.BadKeyRevoker.Mailer.SMTPTrustedRootFile)
-@@ -439,6 +473,7 @@ func main() {
+@@ -438,6 +472,7 @@ func main() {
 		config.BadKeyRevoker.Mailer.Username,
 		smtpPassword,
 		smtpRoots,
--- a/8
+++ b/8
@@ -190,7 +190,13 @@ case $txt in
    halt
    ;;
 "version-update")
-    /home/labca/labca/install &>>$LOGFILE
+    cd $dn
+    branch="$(git symbolic-ref --short HEAD 2>/dev/null)" || branch="(none)"
+    if [ "$branch" == "master" ] || [ "$branch" == "main" ] || [ "$branch" == "(none)" ]; then
+        /home/labca/labca/install &>>$LOGFILE
+    else
+        /home/labca/labca/install -b $branch &>>$LOGFILE
+    fi
    ;;
 *)
    echo "Unknown command '$txt'. ERROR!"
--- a/contact-auditor_main.patch
+++ b/contact-auditor_main.patch
@@ -0,0 +1,26 @@
+diff --git a/cmd/contact-auditor/main.go b/cmd/contact-auditor/main.go
+index 88792e42a..26dfed7e5 100644
+--- a/cmd/contact-auditor/main.go
+++ b/cmd/contact-auditor/main.go
+@@ -12,6 +12,7 @@ import (
+ 	"time"
+ 
+ 	"github.com/go-sql-driver/mysql"
+	"github.com/letsencrypt/boulder/core"
+ 	"github.com/letsencrypt/boulder/cmd"
+ 	blog "github.com/letsencrypt/boulder/log"
+ 	"github.com/letsencrypt/boulder/policy"
+@@ -49,9 +50,12 @@ func validateContacts(id int64, createdAt string, contacts []string) error {
+ 		fmt.Fprintf(&probsBuff, "%d\t%s\tvalidation\t%q\t%q\n", id, createdAt, contact, prob)
+ 	}
+ 
+	var pa *policy.AuthorityImpl
+	pa, _ = policy.New(map[core.AcmeChallenge]bool{})
+
+ 	for _, contact := range contacts {
+ 		if strings.HasPrefix(contact, "mailto:") {
+-			err := policy.ValidEmail(strings.TrimPrefix(contact, "mailto:"))
+			err := pa.ValidEmail(strings.TrimPrefix(contact, "mailto:"))
+ 			if err != nil {
+ 				writeProb(contact, err.Error())
+ 			}
--- a/core_interfaces.patch
+++ b/core_interfaces.patch
@@ -1,8 +1,8 @@
 diff --git a/core/interfaces.go b/core/interfaces.go
-index 06576845c..a854745fd 100644
+index edbf531fa..1de27cc82 100644
 --- a/core/interfaces.go
 +++ b/core/interfaces.go
-@@ -95,6 +95,7 @@ type PolicyAuthority interface {
+@@ -96,6 +96,7 @@ type PolicyAuthority interface {
 	WillingToIssueWildcards(identifiers []identifier.ACMEIdentifier) error
 	ChallengesFor(domain identifier.ACMEIdentifier) ([]Challenge, error)
 	ChallengeTypeEnabled(t AcmeChallenge) bool
--- a/docker-compose.patch
+++ b/docker-compose.patch
@@ -1,9 +1,9 @@
 diff --git a/docker-compose.yml b/docker-compose.yml
-index 1a4dd8295..d2c105ec4 100644
+index ec5150a2a..ea23aa838 100644
 --- a/docker-compose.yml
 +++ b/docker-compose.yml
@@ -4,10 +4,11 @@ services:
-     image: &boulder_image letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-go1.16.4_2021-05-06}
+     image: &boulder_image letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-go1.16.5_2021-06-11}
     environment:
       FAKE_DNS: 10.77.77.77
 -      BOULDER_CONFIG_DIR: test/config
--- a/10
+++ b/10
@@ -24,7 +24,7 @@ dockerComposeVersion="1.28.5"

 labcaUrl="https://github.com/hakwerk/labca/"
 boulderUrl="https://github.com/letsencrypt/boulder/"
-boulderTag="release-2021-06-01"
+boulderTag="release-2021-07-12"

 #
 # Color configuration
@@ -544,6 +544,9 @@ config_boulder() {
    sudo -u labca -H patch -p1 < $cloneDir/notify-mailer_main.patch &>>$installLog
    cp cmd/notify-mailer/main.go "$boulderLabCADir/.backup/"

+    sudo -u labca -H patch -p1 < $cloneDir/contact-auditor_main.patch &>>$installLog
+    cp cmd/contact-auditor/main.go "$boulderLabCADir/.backup/"
+
    sudo -u labca -H patch -p1 < $cloneDir/bad-key-revoker_main.patch &>>$installLog
    cp cmd/bad-key-revoker/main.go "$boulderLabCADir/.backup/"

@@ -573,7 +576,7 @@ config_boulder() {
    cp sa/_db/migrations/20210223140000_CombinedSchema.sql "$boulderLabCADir/.backup/"

    mkdir -p $baseDir/backup
-    [ -z "$(docker ps | grep boulder_bmysql_1)" ] || docker exec -it boulder_bmysql_1 mysqldump boulder_sa_integration >$baseDir/backup/dbdata-${runId}.sql
+    [ -z "$(docker ps | grep boulder_bmysql_1)" ] || docker exec -i boulder_bmysql_1 mysqldump boulder_sa_integration >$baseDir/backup/dbdata-${runId}.sql

    cd "$boulderLabCADir"
    sed -i -e "s/test-ca2.pem/test-ca.pem/" config/ocsp-responder.json
@@ -631,6 +634,7 @@ config_boulder() {

    rm test-ca2.pem
    ([ -e mock-vendor.go ] && rm mock-vendor.go) || /bin/true
+    ([ -e test-tools.go ] && rm test-tools.go) || /bin/true

    local have_config=$(grep restarted $adminDir/data/config.json | grep true)
    if [ "$have_config" != "" ]; then
@@ -722,7 +726,7 @@ startup() {

    wait_up $PS_MYSQL &>>$installLog
    wait_up $PS_LABCA &>>$installLog
-    docker exec -it boulder_bmysql_1 mysql_upgrade &>>$installLog
+    docker exec -i boulder_bmysql_1 mysql_upgrade &>>$installLog
    [ -f "$boulderLabCADir/setup_complete" ] && wait_up $PS_BOULDER $PS_BOULDER_COUNT &>>$installLog || /bin/true

    msg_ok "$msg"
--- a/mail_mailer.patch
+++ b/mail_mailer.patch
@@ -1,8 +1,8 @@
 diff --git a/mail/mailer.go b/mail/mailer.go
-index bb5bacaf2..946992dca 100644
+index 864cdbd51..21b2417f4 100644
 --- a/mail/mailer.go
 +++ b/mail/mailer.go
-@@ -20,10 +20,14 @@ import (
+@@ -21,10 +21,14 @@ import (
 	"time"
 
 	"github.com/jmhodges/clock"
@@ -17,7 +17,7 @@ index bb5bacaf2..946992dca 100644
 )
 
 type idGenerator interface {
-@@ -121,6 +125,7 @@ func New(
+@@ -122,6 +126,7 @@ func New(
 	username,
 	password string,
 	rootCAs *x509.CertPool,
@@ -25,7 +25,7 @@ index bb5bacaf2..946992dca 100644
 	from mail.Address,
 	logger blog.Logger,
 	stats prometheus.Registerer,
-@@ -140,6 +145,7 @@ func New(
+@@ -141,6 +146,7 @@ func New(
 			server:   server,
 			port:     port,
 			rootCAs:  rootCAs,
@@ -33,7 +33,7 @@ index bb5bacaf2..946992dca 100644
 		},
 		log:              logger,
 		from:             from,
-@@ -180,7 +186,7 @@ func (m *MailerImpl) generateMessage(to []string, subject, body string) ([]byte,
+@@ -181,7 +187,7 @@ func (m *MailerImpl) generateMessage(to []string, subject, body string) ([]byte,
 		fmt.Sprintf("To: %s", strings.Join(addrs, ", ")),
 		fmt.Sprintf("From: %s", m.from.String()),
 		fmt.Sprintf("Subject: %s", subject),
@@ -42,7 +42,7 @@ index bb5bacaf2..946992dca 100644
 		fmt.Sprintf("Message-Id: <%s.%s.%s>", now.Format("20060102T150405"), mid.String(), m.from.Address),
 		"MIME-Version: 1.0",
 		"Content-Type: text/plain; charset=UTF-8",
-@@ -237,23 +243,32 @@ func (m *MailerImpl) Connect() error {
+@@ -238,23 +244,32 @@ func (m *MailerImpl) Connect() error {
 type dialerImpl struct {
 	username, password, server, port string
 	rootCAs                          *x509.CertPool
--- a/notify-mailer_main.patch
+++ b/notify-mailer_main.patch
@@ -1,36 +1,36 @@
 diff --git a/cmd/notify-mailer/main.go b/cmd/notify-mailer/main.go
-index f4a25a78..68b23dc7 100644
+index fa2aac74e..08430ee10 100644
 --- a/cmd/notify-mailer/main.go
 +++ b/cmd/notify-mailer/main.go
-@@ -38,6 +38,7 @@ type mailer struct {
- 	destinations  []recipient
+@@ -37,6 +37,7 @@ type mailer struct {
+ 	recipients    []recipient
 	targetRange   interval
 	sleepInterval time.Duration
 +	pa            *policy.AuthorityImpl
 }
 
- // interval defines a range of email addresses to send to, alphabetically.
-@@ -147,7 +148,7 @@ func (m *mailer) run() error {
- 			m.log.Debugf("skipping %q: out of target range")
+ // interval defines a range of email addresses to send to in alphabetical order.
+@@ -151,7 +152,7 @@ func (m *mailer) run() error {
 			continue
 		}
+ 
 -		if err := policy.ValidEmail(address); err != nil {
 +		if err := m.pa.ValidEmail(address); err != nil {
- 			m.log.Infof("skipping %q: %s", address, err)
+ 			m.log.Infof("Skipping %q due to policy violation: %s", address, err)
 			continue
 		}
-@@ -410,7 +411,9 @@ func main() {
- 			cmd.PasswordConfig
+@@ -477,7 +478,9 @@ func main() {
+ 		NotifyMailer struct {
+ 			DB cmd.DBConfig
 			cmd.SMTPConfig
- 			Features map[string]bool
 +			cmd.HostnamePolicyConfig
 		}
 +		PA cmd.PAConfig
 		Syslog cmd.SyslogConfig
 	}
- 	configFile := flag.String("config", "", "File containing a JSON config.")
-@@ -464,6 +467,14 @@ func main() {
- 		end:   *end,
+ 
+@@ -531,6 +534,14 @@ func main() {
+ 		log.Infof("While reading the recipient list file %s", probs)
 	}
 
 +	// Validate PA config and set defaults if needed
@@ -43,8 +43,8 @@ index f4a25a78..68b23dc7 100644
 +
 	var mailClient bmail.Mailer
 	if *dryRun {
- 		log.Infof("Doing a dry run.")
-@@ -477,6 +488,7 @@ func main() {
+ 		log.Infof("Starting %s in dry-run mode", cmd.VersionString())
+@@ -546,6 +557,7 @@ func main() {
 			cfg.NotifyMailer.Username,
 			smtpPassword,
 			nil,
@@ -52,9 +52,9 @@ index f4a25a78..68b23dc7 100644
 			*address,
 			log,
 			metrics.NoopRegisterer,
-@@ -494,6 +506,7 @@ func main() {
- 		emailTemplate: template,
- 		targetRange:   targetRange,
+@@ -566,6 +578,7 @@ func main() {
+ 			end:   *end,
+ 		},
 		sleepInterval: *sleep,
 +		pa:            pa,
 	}
--- a/ra_ra.patch
+++ b/ra_ra.patch
@@ -1,5 +1,5 @@
 diff --git a/ra/ra.go b/ra/ra.go
-index 1fd47d29..ccc5aef8 100644
+index 58fa25ca8..09d2a3579 100644
 --- a/ra/ra.go
 +++ b/ra/ra.go
@@ -31,7 +31,6 @@ import (
@@ -10,7 +10,7 @@ index 1fd47d29..ccc5aef8 100644
 	"github.com/letsencrypt/boulder/probs"
 	pubpb "github.com/letsencrypt/boulder/publisher/proto"
 	rapb "github.com/letsencrypt/boulder/ra/proto"
-@@ -443,7 +442,7 @@ func (ra *RegistrationAuthorityImpl) validateContacts(ctx context.Context, conta
+@@ -446,7 +445,7 @@ func (ra *RegistrationAuthorityImpl) validateContacts(ctx context.Context, conta
 				contact,
 			)
 		}