From 6356aa4c17cd1beaaa215f525ccda25d2173c018 Mon Sep 17 00:00:00 2001
From: Arjan H <github@hakwerk.com>
Date: Wed, 16 Nov 2022 19:20:35 +0100
Subject: [PATCH] Bump boulder version to release-2022-11-15

---
 install                              |  2 +-
 patch.sh                             |  1 +
 patches/boulder-va_main.patch        | 35 ++++++++++++++++++++++++++++
 patches/crl-storer_main.patch        |  4 ++--
 patches/expiration-mailer_main.patch | 10 ++++----
 patches/test_config_ca_a.patch       |  2 +-
 patches/test_config_ca_b.patch       |  2 +-
 7 files changed, 46 insertions(+), 10 deletions(-)
 create mode 100644 patches/boulder-va_main.patch

diff --git a/install b/install
index 084aa5e..9cc002d 100755
--- a/install
+++ b/install
@@ -24,7 +24,7 @@ dockerComposeVersion="v2.5.0"
 
 labcaUrl="https://github.com/hakwerk/labca/"
 boulderUrl="https://github.com/letsencrypt/boulder/"
-boulderTag="release-2022-11-01"
+boulderTag="release-2022-11-15"
 
 # Feature flags
 flag_skip_redis=true
diff --git a/patch.sh b/patch.sh
index 372b265..ff9e80e 100755
--- a/patch.sh
+++ b/patch.sh
@@ -15,6 +15,7 @@ fi
 $SUDO patch -p1 < $cloneDir/patches/docker-compose.patch
 
 $SUDO patch -p1 < $cloneDir/patches/bad-key-revoker_main.patch
+$SUDO patch -p1 < $cloneDir/patches/boulder-va_main.patch
 $SUDO patch -p1 < $cloneDir/patches/ca_crl.patch
 $SUDO patch -p1 < $cloneDir/patches/cert-checker_main.patch
 $SUDO patch -p1 < $cloneDir/patches/cmd_shell.patch
diff --git a/patches/boulder-va_main.patch b/patches/boulder-va_main.patch
new file mode 100644
index 0000000..2fa7ad7
--- /dev/null
+++ b/patches/boulder-va_main.patch
@@ -0,0 +1,35 @@
+diff --git a/cmd/boulder-va/main.go b/cmd/boulder-va/main.go
+index 80be1f34..ace5c03c 100644
+--- a/cmd/boulder-va/main.go
++++ b/cmd/boulder-va/main.go
+@@ -35,8 +35,10 @@ type Config struct {
+ 		// The number of times to try a DNS query (that has a temporary error)
+ 		// before giving up. May be short-circuited by deadlines. A zero value
+ 		// will be turned into 1.
+-		DNSTries                  int
+-		DNSResolver               string
++		DNSTries    int
++		DNSResolver string
++		// Deprecated, replaced by singular DNSResolver above.
++		DNSResolvers              []string
+ 		DNSTimeout                string
+ 		DNSAllowLoopbackAddresses bool
+ 
+@@ -119,11 +121,13 @@ func main() {
+ 	clk := cmd.Clock()
+ 
+ 	var servers bdns.ServerProvider
+-	if c.VA.DNSResolver == "" {
+-		cmd.Fail("Config key 'dnsresolver' is required")
++	if c.VA.DNSResolver != "" {
++		servers, err = bdns.StartDynamicProvider(c.VA.DNSResolver, 60*time.Second)
++		cmd.FailOnError(err, "Couldn't start dynamic DNS server resolver")
++	} else {
++		servers, err = bdns.NewStaticProvider(c.VA.DNSResolvers)
++		cmd.FailOnError(err, "Couldn't parse static DNS server(s)")
+ 	}
+-	servers, err = bdns.StartDynamicProvider(c.VA.DNSResolver, 60*time.Second)
+-	cmd.FailOnError(err, "Couldn't start dynamic DNS server resolver")
+ 
+ 	var resolver bdns.Client
+ 	if !(c.VA.DNSAllowLoopbackAddresses || c.Common.DNSAllowLoopbackAddresses) {
diff --git a/patches/crl-storer_main.patch b/patches/crl-storer_main.patch
index 518693d..226f5ba 100644
--- a/patches/crl-storer_main.patch
+++ b/patches/crl-storer_main.patch
@@ -1,5 +1,5 @@
 diff --git a/cmd/crl-storer/main.go b/cmd/crl-storer/main.go
-index 26caa01f..b047597d 100644
+index 1f98134a..ce628793 100644
 --- a/cmd/crl-storer/main.go
 +++ b/cmd/crl-storer/main.go
 @@ -47,6 +47,9 @@ type Config struct {
@@ -20,4 +20,4 @@ index 26caa01f..b047597d 100644
 +	csi, err := storer.New(issuers, s3client, c.CRLStorer.S3Bucket, c.CRLStorer.LocalStorePath, scope, logger, clk)
  	cmd.FailOnError(err, "Failed to create CRLStorer impl")
  
- 	start, stop, err := bgrpc.Server[cspb.CRLStorerServer]{}.Setup(
+ 	start, stop, err := bgrpc.NewServer(c.CRLStorer.GRPC).Add(
diff --git a/patches/expiration-mailer_main.patch b/patches/expiration-mailer_main.patch
index 205f795..52f4031 100644
--- a/patches/expiration-mailer_main.patch
+++ b/patches/expiration-mailer_main.patch
@@ -1,5 +1,5 @@
 diff --git a/cmd/expiration-mailer/main.go b/cmd/expiration-mailer/main.go
-index 34299f02..5a25cdd4 100644
+index e58fa641..75c94dbd 100644
 --- a/cmd/expiration-mailer/main.go
 +++ b/cmd/expiration-mailer/main.go
 @@ -22,6 +22,7 @@ import (
@@ -19,7 +19,7 @@ index 34299f02..5a25cdd4 100644
  )
  
  type regStore interface {
-@@ -533,6 +534,9 @@ type Config struct {
+@@ -607,6 +608,9 @@ type Config struct {
  		TLS       cmd.TLSConfig
  		SAService *cmd.GRPCClientConfig
  
@@ -29,7 +29,7 @@ index 34299f02..5a25cdd4 100644
  		// Path to a file containing a list of trusted root certificates for use
  		// during the SMTP connection (as opposed to the gRPC connections).
  		SMTPTrustedRootFile string
-@@ -542,6 +546,12 @@ type Config struct {
+@@ -616,6 +620,12 @@ type Config struct {
  
  	Syslog  cmd.SyslogConfig
  	Beeline cmd.BeelineConfig
@@ -42,7 +42,7 @@ index 34299f02..5a25cdd4 100644
  }
  
  func initStats(stats prometheus.Registerer) mailerStats {
-@@ -668,6 +678,32 @@ func main() {
+@@ -752,6 +762,32 @@ func main() {
  	cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA")
  	sac := sapb.NewStorageAuthorityClient(conn)
  
@@ -75,7 +75,7 @@ index 34299f02..5a25cdd4 100644
  	var smtpRoots *x509.CertPool
  	if c.Mailer.SMTPTrustedRootFile != "" {
  		pem, err := os.ReadFile(c.Mailer.SMTPTrustedRootFile)
-@@ -703,6 +739,7 @@ func main() {
+@@ -787,6 +823,7 @@ func main() {
  		c.Mailer.Username,
  		smtpPassword,
  		smtpRoots,
diff --git a/patches/test_config_ca_a.patch b/patches/test_config_ca_a.patch
index 6d49463..da9404c 100644
--- a/patches/test_config_ca_a.patch
+++ b/patches/test_config_ca_a.patch
@@ -2,7 +2,7 @@ diff --git a/test/config/ca-a.json b/test/config/ca-a.json
 index 1233a9c95..3c4a0a3ca 100644
 --- a/test/config/ca-a.json
 +++ b/test/config/ca-a.json
-@@ -69,30 +69,7 @@
+@@ -94,30 +94,7 @@
            "crlURL": "http://example.com/crl",
            "location": {
              "configFile": "test/test-ca.key-pkcs11.json",
diff --git a/patches/test_config_ca_b.patch b/patches/test_config_ca_b.patch
index e541bc8..c7cd9d5 100644
--- a/patches/test_config_ca_b.patch
+++ b/patches/test_config_ca_b.patch
@@ -2,7 +2,7 @@ diff --git a/test/config/ca-b.json b/test/config/ca-b.json
 index 960d62f95..54b25dd81 100644
 --- a/test/config/ca-b.json
 +++ b/test/config/ca-b.json
-@@ -69,30 +69,7 @@
+@@ -94,30 +94,7 @@
            "crlURL": "http://example.com/crl",
            "location": {
              "configFile": "test/test-ca.key-pkcs11.json",