github-personal/labca
1
0
Fork 0
mirror of https://github.com/outbackdingo/labca.git synced 2026-01-27 18:19:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Bump boulder version to release-2022-12-05

Browse Source
This commit is contained in:
Arjan H
2022-12-09 17:47:02 +01:00
parent 7db3efe0ba
commit 74ebdef0cc
3 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
install
View File

@@ -24,7 +24,7 @@ dockerComposeVersion="v2.5.0"
labcaUrl="https://github.com/hakwerk/labca/"
boulderUrl="https://github.com/letsencrypt/boulder/"
boulderTag="release-2022-11-15"
boulderTag="release-2022-12-05"
# Feature flags
flag_skip_redis=true
@@ -456,7 +456,7 @@ static_web() {
local msg="Static web pages"
msg_info "$msg"
if [ -d /etc/nginx ]; then
if [ -d /etc/nginx ] && [ ! -d /etc/nginx.backup ]; then
# Migrate cert from host nginx to dockerized nginx
[ -d /home/labca/nginx_data/ssl ] || mkdir -p /home/labca/nginx_data/ssl
[ -d /etc/nginx/ssl/ ] && mv /etc/nginx/ssl/* /home/labca/nginx_data/ssl/ || true

10
patches/bad-key-revoker_main.patch
View File

@@ -1,5 +1,5 @@
diff --git a/cmd/bad-key-revoker/main.go b/cmd/bad-key-revoker/main.go
index 066b69b8..d9e0b57e 100644
index 8a199ca1..8e14561c 100644
--- a/cmd/bad-key-revoker/main.go
+++ b/cmd/bad-key-revoker/main.go
@@ -14,6 +14,7 @@ import (
@@ -10,7 +10,7 @@ index 066b69b8..d9e0b57e 100644
"github.com/letsencrypt/boulder/cmd"
"github.com/letsencrypt/boulder/core"
"github.com/letsencrypt/boulder/db"
@@ -385,6 +386,9 @@ type Config struct {
@@ -390,6 +391,9 @@ type Config struct {
TLS cmd.TLSConfig
RAService *cmd.GRPCClientConfig
@@ -20,7 +20,7 @@ index 066b69b8..d9e0b57e 100644
// MaximumRevocations specifies the maximum number of certificates associated with
// a key hash that bad-key-revoker will attempt to revoke. If the number of certificates
// is higher than MaximumRevocations bad-key-revoker will error out and refuse to
@@ -418,6 +422,12 @@ type Config struct {
@@ -423,6 +427,12 @@ type Config struct {
Syslog cmd.SyslogConfig
Beeline cmd.BeelineConfig
@@ -33,7 +33,7 @@ index 066b69b8..d9e0b57e 100644
}
func main() {
@@ -454,6 +464,32 @@ func main() {
@@ -459,6 +469,32 @@ func main() {
cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to RA")
rac := rapb.NewRegistrationAuthorityClient(conn)
@@ -66,7 +66,7 @@ index 066b69b8..d9e0b57e 100644
var smtpRoots *x509.CertPool
if config.BadKeyRevoker.Mailer.SMTPTrustedRootFile != "" {
pem, err := os.ReadFile(config.BadKeyRevoker.Mailer.SMTPTrustedRootFile)
@@ -475,6 +511,7 @@ func main() {
@@ -480,6 +516,7 @@ func main() {
config.BadKeyRevoker.Mailer.Username,
smtpPassword,
smtpRoots,

10
patches/ocsp-responder_main.patch
View File

@@ -1,5 +1,5 @@
diff --git a/cmd/ocsp-responder/main.go b/cmd/ocsp-responder/main.go
index c50b8709..c2557ff2 100644
index e70db31b..ddab5d45 100644
--- a/cmd/ocsp-responder/main.go
+++ b/cmd/ocsp-responder/main.go
@@ -166,42 +166,44 @@ as generated by Boulder's ceremony command.
@@ -34,11 +34,11 @@ index c50b8709..c2557ff2 100644
- rocspSource, err := redis_responder.NewRedisSource(rocspReader, liveSource, liveSigningPeriod, clk, scope, logger)
- cmd.FailOnError(err, "Could not create redis source")
-
- var sac sapb.StorageAuthorityClient
- var sac sapb.StorageAuthorityReadOnlyClient
- if c.OCSPResponder.SAService != nil {
- saConn, err := bgrpc.ClientSetup(c.OCSPResponder.SAService, tlsConfig, scope, clk)
- cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA")
- sac = sapb.NewStorageAuthorityClient(saConn)
- sac = sapb.NewStorageAuthorityReadOnlyClient(saConn)
+ if c.OCSPResponder.Redis.Addrs != nil {
+ // Set up the redis source and the combined multiplex source.
+ rocspReader, err := rocsp_config.MakeClient(&c.OCSPResponder.Redis, clk, scope)
@@ -68,11 +68,11 @@ index c50b8709..c2557ff2 100644
+ rocspSource, err := redis_responder.NewRedisSource(rocspReader, liveSource, liveSigningPeriod, clk, scope, logger)
+ cmd.FailOnError(err, "Could not create redis source")
+
+ var sac sapb.StorageAuthorityClient
+ var sac sapb.StorageAuthorityReadOnlyClient
+ if c.OCSPResponder.SAService != nil {
+ saConn, err := bgrpc.ClientSetup(c.OCSPResponder.SAService, tlsConfig, scope, clk)
+ cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA")
+ sac = sapb.NewStorageAuthorityClient(saConn)
+ sac = sapb.NewStorageAuthorityReadOnlyClient(saConn)
+ }
+ source, err = redis_responder.NewCheckedRedisSource(rocspSource, dbMap, sac, scope, logger)
+ cmd.FailOnError(err, "Could not create checkedRedis source")