Bump boulder version to release-2022-11-15

2026-01-27 10:19:34 +00:00 · 2022-11-16 19:20:35 +01:00
parent de7fea7e0a
commit 6356aa4c17
7 changed files with 46 additions and 10 deletions
--- a/2
+++ b/2
@@ -24,7 +24,7 @@ dockerComposeVersion="v2.5.0"

 labcaUrl="https://github.com/hakwerk/labca/"
 boulderUrl="https://github.com/letsencrypt/boulder/"
-boulderTag="release-2022-11-01"
+boulderTag="release-2022-11-15"

 # Feature flags
 flag_skip_redis=true
--- a/patch.sh
+++ b/patch.sh
@@ -15,6 +15,7 @@ fi
 $SUDO patch -p1 < $cloneDir/patches/docker-compose.patch

 $SUDO patch -p1 < $cloneDir/patches/bad-key-revoker_main.patch
+$SUDO patch -p1 < $cloneDir/patches/boulder-va_main.patch
 $SUDO patch -p1 < $cloneDir/patches/ca_crl.patch
 $SUDO patch -p1 < $cloneDir/patches/cert-checker_main.patch
 $SUDO patch -p1 < $cloneDir/patches/cmd_shell.patch
--- a/patches/boulder-va_main.patch
+++ b/patches/boulder-va_main.patch
@@ -0,0 +1,35 @@
+diff --git a/cmd/boulder-va/main.go b/cmd/boulder-va/main.go
+index 80be1f34..ace5c03c 100644
+--- a/cmd/boulder-va/main.go
+++ b/cmd/boulder-va/main.go
+@@ -35,8 +35,10 @@ type Config struct {
+ 		// The number of times to try a DNS query (that has a temporary error)
+ 		// before giving up. May be short-circuited by deadlines. A zero value
+ 		// will be turned into 1.
+-		DNSTries                  int
+-		DNSResolver               string
+		DNSTries    int
+		DNSResolver string
+		// Deprecated, replaced by singular DNSResolver above.
+		DNSResolvers              []string
+ 		DNSTimeout                string
+ 		DNSAllowLoopbackAddresses bool
+ 
+@@ -119,11 +121,13 @@ func main() {
+ 	clk := cmd.Clock()
+ 
+ 	var servers bdns.ServerProvider
+-	if c.VA.DNSResolver == "" {
+-		cmd.Fail("Config key 'dnsresolver' is required")
+	if c.VA.DNSResolver != "" {
+		servers, err = bdns.StartDynamicProvider(c.VA.DNSResolver, 60*time.Second)
+		cmd.FailOnError(err, "Couldn't start dynamic DNS server resolver")
+	} else {
+		servers, err = bdns.NewStaticProvider(c.VA.DNSResolvers)
+		cmd.FailOnError(err, "Couldn't parse static DNS server(s)")
+ 	}
+-	servers, err = bdns.StartDynamicProvider(c.VA.DNSResolver, 60*time.Second)
+-	cmd.FailOnError(err, "Couldn't start dynamic DNS server resolver")
+ 
+ 	var resolver bdns.Client
+ 	if !(c.VA.DNSAllowLoopbackAddresses || c.Common.DNSAllowLoopbackAddresses) {
--- a/patches/crl-storer_main.patch
+++ b/patches/crl-storer_main.patch
@@ -1,5 +1,5 @@
 diff --git a/cmd/crl-storer/main.go b/cmd/crl-storer/main.go
-index 26caa01f..b047597d 100644
+index 1f98134a..ce628793 100644
 --- a/cmd/crl-storer/main.go
 +++ b/cmd/crl-storer/main.go
@@ -47,6 +47,9 @@ type Config struct {
@@ -20,4 +20,4 @@ index 26caa01f..b047597d 100644
 +	csi, err := storer.New(issuers, s3client, c.CRLStorer.S3Bucket, c.CRLStorer.LocalStorePath, scope, logger, clk)
 	cmd.FailOnError(err, "Failed to create CRLStorer impl")
 
- 	start, stop, err := bgrpc.Server[cspb.CRLStorerServer]{}.Setup(
+ 	start, stop, err := bgrpc.NewServer(c.CRLStorer.GRPC).Add(
--- a/patches/expiration-mailer_main.patch
+++ b/patches/expiration-mailer_main.patch
@@ -1,5 +1,5 @@
 diff --git a/cmd/expiration-mailer/main.go b/cmd/expiration-mailer/main.go
-index 34299f02..5a25cdd4 100644
+index e58fa641..75c94dbd 100644
 --- a/cmd/expiration-mailer/main.go
 +++ b/cmd/expiration-mailer/main.go
@@ -22,6 +22,7 @@ import (
@@ -19,7 +19,7 @@ index 34299f02..5a25cdd4 100644
 )
 
 type regStore interface {
-@@ -533,6 +534,9 @@ type Config struct {
+@@ -607,6 +608,9 @@ type Config struct {
 		TLS       cmd.TLSConfig
 		SAService *cmd.GRPCClientConfig
 
@@ -29,7 +29,7 @@ index 34299f02..5a25cdd4 100644
 		// Path to a file containing a list of trusted root certificates for use
 		// during the SMTP connection (as opposed to the gRPC connections).
 		SMTPTrustedRootFile string
-@@ -542,6 +546,12 @@ type Config struct {
+@@ -616,6 +620,12 @@ type Config struct {
 
 	Syslog  cmd.SyslogConfig
 	Beeline cmd.BeelineConfig
@@ -42,7 +42,7 @@ index 34299f02..5a25cdd4 100644
 }
 
 func initStats(stats prometheus.Registerer) mailerStats {
-@@ -668,6 +678,32 @@ func main() {
+@@ -752,6 +762,32 @@ func main() {
 	cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA")
 	sac := sapb.NewStorageAuthorityClient(conn)
 
@@ -75,7 +75,7 @@ index 34299f02..5a25cdd4 100644
 	var smtpRoots *x509.CertPool
 	if c.Mailer.SMTPTrustedRootFile != "" {
 		pem, err := os.ReadFile(c.Mailer.SMTPTrustedRootFile)
-@@ -703,6 +739,7 @@ func main() {
+@@ -787,6 +823,7 @@ func main() {
 		c.Mailer.Username,
 		smtpPassword,
 		smtpRoots,
--- a/patches/test_config_ca_a.patch
+++ b/patches/test_config_ca_a.patch
@@ -2,7 +2,7 @@ diff --git a/test/config/ca-a.json b/test/config/ca-a.json
 index 1233a9c95..3c4a0a3ca 100644
 --- a/test/config/ca-a.json
 +++ b/test/config/ca-a.json
-@@ -69,30 +69,7 @@
+@@ -94,30 +94,7 @@
           "crlURL": "http://example.com/crl",
           "location": {
             "configFile": "test/test-ca.key-pkcs11.json",
--- a/patches/test_config_ca_b.patch
+++ b/patches/test_config_ca_b.patch
@@ -2,7 +2,7 @@ diff --git a/test/config/ca-b.json b/test/config/ca-b.json
 index 960d62f95..54b25dd81 100644
 --- a/test/config/ca-b.json
 +++ b/test/config/ca-b.json
-@@ -69,30 +69,7 @@
+@@ -94,30 +94,7 @@
           "crlURL": "http://example.com/crl",
           "location": {
             "configFile": "test/test-ca.key-pkcs11.json",