Bump boulder version to release-2023-04-17

2026-01-27 18:19:33 +00:00 · 2023-04-19 20:53:17 +02:00
parent a9eb2d5ae6
commit 877e8b9b60
11 changed files with 28 additions and 19 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -13,7 +13,7 @@ jobs:
      fail-fast: false
      matrix:
        GO_VERSION:
-          - 1.18.4
+          - 1.20.3

    steps:
      - name: Checkout
--- a/build/build.sh
+++ b/build/build.sh
@@ -8,7 +8,7 @@ TMP_DIR=$(pwd)/tmp
 rm -rf $TMP_DIR && mkdir -p $TMP_DIR/{admin,bin,logs,src}

 boulderDir=$TMP_DIR/src
-boulderTag="release-2023-04-04"
+boulderTag="release-2023-04-17"
 boulderUrl="https://github.com/letsencrypt/boulder/"
 cloneDir=$(pwd)/..

--- a/build/tmp.patch
+++ b/build/tmp.patch
@@ -9,7 +9,7 @@ index cfdcc784a..b50c8b18d 100644
   boulder:
     # Should match one of the GO_DEV_VERSIONS in test/boulder-tools/tag_and_upload.sh.
 -    image: &boulder_image letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-go1.20.3_2023-04-04}
-+    image: ghcr.io/hakwerk/labca-boulder:dockeronly
+    image: ghcr.io/hakwerk/labca-boulder:latest
     environment:
       # To solve HTTP-01 and TLS-ALPN-01 challenges, change the IP in FAKE_DNS
       # to the IP address where your ACME client's solver is listening.
@@ -55,7 +55,7 @@ index cfdcc784a..b50c8b18d 100644
 
   gui:
 -    image: *boulder_image
-+    image: ghcr.io/hakwerk/labca-gui:dockeronly
+    image: ghcr.io/hakwerk/labca-gui:latest
     networks:
       - bluenet
     volumes:
@@ -97,7 +97,7 @@ index cfdcc784a..b50c8b18d 100644
 
   control:
 -    image: *boulder_image
-+    image: ghcr.io/hakwerk/labca-control:dockeronly
+    image: ghcr.io/hakwerk/labca-control:latest
     networks:
       - bluenet
     volumes:
--- a/2
+++ b/2
@@ -30,7 +30,7 @@ dockerComposeVersion="v2.5.0"

 labcaUrl="https://github.com/hakwerk/labca/"
 boulderUrl="https://github.com/letsencrypt/boulder/"
-boulderTag="release-2023-04-04"
+boulderTag="release-2023-04-17"

 # Feature flags
 flag_skip_redis=true
--- a/patches/boulder-va_main.patch
+++ b/patches/boulder-va_main.patch
@@ -1,5 +1,5 @@
 diff --git a/cmd/boulder-va/main.go b/cmd/boulder-va/main.go
-index c91be2a79..4ed591e10 100644
+index f3390749c..488125d71 100644
 --- a/cmd/boulder-va/main.go
 +++ b/cmd/boulder-va/main.go
@@ -24,8 +24,10 @@ type Config struct {
@@ -30,6 +30,6 @@ index c91be2a79..4ed591e10 100644
 	}
 -	servers, err = bdns.StartDynamicProvider(c.VA.DNSResolver, 60*time.Second)
 -	cmd.FailOnError(err, "Couldn't start dynamic DNS server resolver")
+ 	defer servers.Stop()
 
 	var resolver bdns.Client
- 	if !(c.VA.DNSAllowLoopbackAddresses || c.Common.DNSAllowLoopbackAddresses) {
--- a/patches/crl-storer_main.patch
+++ b/patches/crl-storer_main.patch
@@ -1,5 +1,5 @@
 diff --git a/cmd/crl-storer/main.go b/cmd/crl-storer/main.go
-index bc1339957..b8d3b052a 100644
+index 36b9d2fc6..de60aa899 100644
 --- a/cmd/crl-storer/main.go
 +++ b/cmd/crl-storer/main.go
@@ -46,6 +46,9 @@ type Config struct {
@@ -20,4 +20,4 @@ index bc1339957..b8d3b052a 100644
 +	csi, err := storer.New(issuers, s3client, c.CRLStorer.S3Bucket, c.CRLStorer.LocalStorePath, scope, logger, clk)
 	cmd.FailOnError(err, "Failed to create CRLStorer impl")
 
- 	start, stop, err := bgrpc.NewServer(c.CRLStorer.GRPC).Add(
+ 	start, err := bgrpc.NewServer(c.CRLStorer.GRPC).Add(
--- a/patches/expiration-mailer_main.patch
+++ b/patches/expiration-mailer_main.patch
@@ -1,5 +1,5 @@
 diff --git a/cmd/expiration-mailer/main.go b/cmd/expiration-mailer/main.go
-index d81ebed67..0d8608c4e 100644
+index 09589b56d..4e83ffa54 100644
 --- a/cmd/expiration-mailer/main.go
 +++ b/cmd/expiration-mailer/main.go
@@ -23,6 +23,7 @@ import (
@@ -31,7 +31,7 @@ index d81ebed67..0d8608c4e 100644
 		// Path to a file containing a list of trusted root certificates for use
 		// during the SMTP connection (as opposed to the gRPC connections).
 		SMTPTrustedRootFile string
-@@ -827,6 +833,29 @@ func main() {
+@@ -832,6 +838,29 @@ func main() {
 	cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA")
 	sac := sapb.NewStorageAuthorityClient(conn)
 
@@ -61,7 +61,7 @@ index d81ebed67..0d8608c4e 100644
 	var smtpRoots *x509.CertPool
 	if c.Mailer.SMTPTrustedRootFile != "" {
 		pem, err := os.ReadFile(c.Mailer.SMTPTrustedRootFile)
-@@ -862,6 +891,7 @@ func main() {
+@@ -867,6 +896,7 @@ func main() {
 		c.Mailer.Username,
 		smtpPassword,
 		smtpRoots,
--- a/patches/linter_linter.patch
+++ b/patches/linter_linter.patch
@@ -1,8 +1,8 @@
 diff --git a/linter/linter.go b/linter/linter.go
-index c6c1fda3..36b46934 100644
+index 957930ab0..dbb1d9214 100644
 --- a/linter/linter.go
 +++ b/linter/linter.go
-@@ -149,10 +149,21 @@ func makeIssuer(realIssuer *x509.Certificate, lintSigner crypto.Signer) (*x509.C
+@@ -155,10 +155,21 @@ func makeIssuer(realIssuer *x509.Certificate, lintSigner crypto.Signer) (*x509.C
 		SubjectKeyId:                realIssuer.SubjectKeyId,
 		URIs:                        realIssuer.URIs,
 		UnknownExtKeyUsage:          realIssuer.UnknownExtKeyUsage,
--- a/patches/test_config_ca_a.patch
+++ b/patches/test_config_ca_a.patch
@@ -2,7 +2,7 @@ diff --git a/test/config/ca-a.json b/test/config/ca-a.json
 index 1233a9c95..3c4a0a3ca 100644
 --- a/test/config/ca-a.json
 +++ b/test/config/ca-a.json
-@@ -104,30 +104,7 @@
+@@ -71,30 +71,7 @@
 					"crlURL": "http://example.com/crl",
 					"location": {
 						"configFile": "test/test-ca.key-pkcs11.json",
--- a/patches/test_config_ca_b.patch
+++ b/patches/test_config_ca_b.patch
@@ -2,7 +2,7 @@ diff --git a/test/config/ca-b.json b/test/config/ca-b.json
 index 960d62f95..54b25dd81 100644
 --- a/test/config/ca-b.json
 +++ b/test/config/ca-b.json
-@@ -104,30 +104,7 @@
+@@ -71,30 +71,7 @@
 					"crlURL": "http://example.com/crl",
 					"location": {
 						"configFile": "test/test-ca.key-pkcs11.json",
--- a/patches/updater_updater.patch
+++ b/patches/updater_updater.patch
@@ -1,5 +1,5 @@
 diff --git a/crl/updater/updater.go b/crl/updater/updater.go
-index aa398d0a..0db875d2 100644
+index 7d28c6e23..9f663706b 100644
 --- a/crl/updater/updater.go
 +++ b/crl/updater/updater.go
@@ -8,6 +8,7 @@ import (
@@ -40,7 +40,16 @@ index aa398d0a..0db875d2 100644
 	// We don't want the times at which crlUpdater runs to be dependent on when
 	// the process starts. So wait until the appropriate time before kicking off
 	// the first run and the main ticker loop.
-@@ -319,7 +343,7 @@ func (cu *crlUpdater) tickShard(ctx context.Context, atTime time.Time, issuerNam
+@@ -141,7 +165,7 @@ func (cu *crlUpdater) Run(ctx context.Context) error {
+ 	// counting from the appropriate time.
+ 	ticker := time.NewTicker(cu.updatePeriod)
+ 	atTime := cu.clk.Now()
+-	err := cu.Tick(ctx, atTime)
+	err = cu.Tick(ctx, atTime)
+ 	if err != nil {
+ 		// We only log, rather than return, so that the long-lived process can
+ 		// continue and try again at the next tick.
+@@ -327,7 +351,7 @@ func (cu *crlUpdater) tickShard(ctx context.Context, atTime time.Time, issuerNam
 			crlEntries = append(crlEntries, entry)
 		}