Bump boulder version to release-2022-09-14

install

@@ -24,7 +24,7 @@ dockerComposeVersion="v2.5.0"
 
 labcaUrl="https://github.com/hakwerk/labca/"
 boulderUrl="https://github.com/letsencrypt/boulder/"
-boulderTag="release-2022-09-06"
+boulderTag="release-2022-09-14"
 
 # Feature flags
 flag_skip_redis=true
@@ -591,7 +591,7 @@ config_boulder() {
     cp ratelimit/rate-limits.go "$boulderLabCADir/.backup/"
     cp errors/errors.go "$boulderLabCADir/.backup/"
     cp log/log.go "$boulderLabCADir/.backup/"
-    cp sa/_db/migrations/20210223140000_CombinedSchema.sql "$boulderLabCADir/.backup/"
+    cp sa/db/boulder_sa/20210223140000_CombinedSchema.sql "$boulderLabCADir/.backup/"
     cp Makefile "$boulderLabCADir/.backup/"
 
     $cloneDir/patch-cfg.sh "sudo -u labca -H" "$boulderLabCADir" &>>$installLog

patches/config_bad-key-revoker.patch

@@ -23,10 +23,10 @@ index dc8c7da5..8f65f3a0 100644
          "backoffIntervalMax": "2s"
      },
      "syslog": {
-@@ -36,5 +41,9 @@
-     "beeline": {
+@@ -37,5 +42,9 @@
          "mute": true,
-         "dataset": "Test"
+         "serviceName": "Test",
+         "writeKey": {"passwordFile": "test/secrets/honeycomb_fake_password"}
 +    },
 +    "common": {
 +        "dnsTimeout": "3s",

patches/config_crl-updater.patch

@@ -1,15 +1,10 @@
 diff --git a/test/config/crl-updater.json b/test/config/crl-updater.json
-index 875fc7ab..9c0ea6ed 100644
+index f6b70123f..a6c1471e5 100644
 --- a/test/config/crl-updater.json
 +++ b/test/config/crl-updater.json
-@@ -14,16 +14,18 @@
-       "serverAddress": "ca.boulder:9106",
+@@ -19,15 +19,13 @@
        "timeout": "15s"
      },
-+    "crlStorerService": {
-+      "serverAddress": "crl-storer.boulder:9109",
-+      "timeout": "15s"
-+    },
      "issuerCerts": [
 -      "/hierarchy/intermediate-cert-rsa-a.pem",
 -      "/hierarchy/intermediate-cert-rsa-b.pem",

patches/config_expiration-mailer.patch

@@ -14,10 +14,10 @@ index 4519fe4d..f52a408c 100644
      "tls": {
        "caCertFile": "test/grpc-creds/minica.pem",
        "certFile": "test/grpc-creds/expiration-mailer.boulder/cert.pem",
-@@ -34,5 +39,9 @@
-   "beeline": {
+@@ -35,5 +40,9 @@
        "mute": true,
-       "dataset": "Test"
+       "serviceName": "Test",
+       "writeKey": {"passwordFile": "test/secrets/honeycomb_fake_password"}
 +  },
 +  "common": {
 +    "dnsTimeout": "3s",

patches/db_migrations.patch

@@ -1,9 +1,9 @@
-diff --git a/sa/_db/migrations/20210223140000_CombinedSchema.sql b/sa/_db/migrations/20210223140000_CombinedSchema.sql
-index f9705d018..035c5009f 100644
---- a/sa/_db/migrations/20210223140000_CombinedSchema.sql
-+++ b/sa/_db/migrations/20210223140000_CombinedSchema.sql
+diff --git a/sa/db/boulder_sa/20210223140000_CombinedSchema.sql b/sa/db/boulder_sa/20210223140000_CombinedSchema.sql
+index 21030b33d..7f6a93da9 100644
+--- a/sa/db/boulder_sa/20210223140000_CombinedSchema.sql
++++ b/sa/db/boulder_sa/20210223140000_CombinedSchema.sql
 @@ -1,7 +1,9 @@
- -- +goose Up
+ -- +migrate Up
  -- SQL in section 'Up' is executed when this migration is applied
  
 -CREATE TABLE `authz2` (
@@ -175,9 +175,9 @@ index f9705d018..035c5009f 100644
    `id` bigint(20) NOT NULL AUTO_INCREMENT,
    `registrationID` bigint(20) NOT NULL,
    `serial` varchar(255) NOT NULL,
-@@ -223,15 +241,71 @@ DROP TABLE `precertificates`
- DROP TABLE `requestedNames`
- DROP TABLE `serials`
+@@ -223,15 +241,71 @@ DROP TABLE `precertificates`;
+ DROP TABLE `requestedNames`;
+ DROP TABLE `serials`;
  
 +CREATE TABLE `authz` (
 +  `id` varchar(255) NOT NULL,
@@ -191,11 +191,11 @@ index f9705d018..035c5009f 100644
 +  CONSTRAINT `regId_authz` FOREIGN KEY (`registrationID`) REFERENCES `registrations` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION
 +) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 +
- DROP TABLE `authz2`
- DROP TABLE `blockedKeys`
- DROP TABLE `certificateStatus`
- DROP TABLE `certificatesPerName`
--DROP TABLE `crls`
+ DROP TABLE `authz2`;
+ DROP TABLE `blockedKeys`;
+ DROP TABLE `certificateStatus`;
+ DROP TABLE `certificatesPerName`;
+-DROP TABLE `crls`;
 +
 +CREATE TABLE `crls` (
 +  `serial` varchar(255) NOT NULL,
@@ -204,10 +204,10 @@ index f9705d018..035c5009f 100644
 +  PRIMARY KEY (`serial`)
 +) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 +
- DROP TABLE `fqdnSets`
- DROP TABLE `issuedNames`
- DROP TABLE `keyHashToSerial`
- DROP TABLE `newOrdersRL`
+ DROP TABLE `fqdnSets`;
+ DROP TABLE `issuedNames`;
+ DROP TABLE `keyHashToSerial`;
+ DROP TABLE `newOrdersRL`;
 +
 +CREATE TABLE `orderToAuthz` (
 +  `orderID` bigint(20) NOT NULL,
@@ -216,9 +216,9 @@ index f9705d018..035c5009f 100644
 +  KEY `authzID` (`authzID`)
 +) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 +
- DROP TABLE `orderToAuthz2`
- DROP TABLE `orders`
--DROP TABLE `registrations`
+ DROP TABLE `orderToAuthz2`;
+ DROP TABLE `orders`;
+-DROP TABLE `registrations`;
 +
 +CREATE TABLE `pendingAuthorizations` (
 +  `id` varchar(255) NOT NULL,

patches/docker-compose.patch

@@ -3,7 +3,7 @@ index 0cd8c8dd..36619190 100644
 --- a/docker-compose.yml
 +++ b/docker-compose.yml
 @@ -8,7 +8,7 @@ services:
-     image: &boulder_image letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-go1.18.4_2022-08-11}
+     image: &boulder_image letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-go1.18.6_2022-09-06}
      environment:
        FAKE_DNS: 10.77.77.77
 -      BOULDER_CONFIG_DIR: test/config

patches/storer_storer.patch

@@ -1,5 +1,5 @@
 diff --git a/crl/storer/storer.go b/crl/storer/storer.go
-index 859abc9f..749b3818 100644
+index dfc497daa..077f3576d 100644
 --- a/crl/storer/storer.go
 +++ b/crl/storer/storer.go
 @@ -9,6 +9,9 @@ import (
@@ -36,7 +36,7 @@ index 859abc9f..749b3818 100644
  		uploadCount:      uploadCount,
  		sizeHistogram:    sizeHistogram,
  		latencyHistogram: latencyHistogram,
-@@ -160,15 +166,19 @@ func (cs *crlStorer) UploadCRL(stream cspb.CRLStorer_UploadCRLServer) error {
+@@ -157,15 +163,19 @@ func (cs *crlStorer) UploadCRL(stream cspb.CRLStorer_UploadCRLServer) error {
  	checksum := sha256.Sum256(crlBytes)
  	checksumb64 := base64.StdEncoding.EncodeToString(checksum[:])
  	crlContentType := "application/pkix-crl"
@@ -65,7 +65,7 @@ index 859abc9f..749b3818 100644
  	if err != nil {
  		cs.uploadCount.WithLabelValues(issuer.Subject.CommonName, "failed").Inc()
  		cs.log.AuditErrf("CRL upload failed: id=[%s] err=[%s]", crlId, err)
-@@ -189,3 +199,46 @@ func (cs *crlStorer) UploadCRL(stream cspb.CRLStorer_UploadCRLServer) error {
+@@ -186,3 +196,46 @@ func (cs *crlStorer) UploadCRL(stream cspb.CRLStorer_UploadCRLServer) error {
  
  	return stream.SendAndClose(&emptypb.Empty{})
  }

patches/test_config_ca_a.patch

@@ -1,23 +1,8 @@
 diff --git a/test/config/ca-a.json b/test/config/ca-a.json
-index 9cb9720e..3c4a0a3c 100644
+index 1233a9c95..3c4a0a3ca 100644
 --- a/test/config/ca-a.json
 +++ b/test/config/ca-a.json
-@@ -24,6 +24,14 @@
-         "orphan-finder.boulder"
-       ]
-     },
-+    "grpcCRLGenerator": {
-+      "maxConnectionAge": "30s",
-+      "address": ":9106",
-+      "clientNames": [
-+        "health-checker.boulder",
-+        "crl-updater.boulder"
-+      ]
-+    },
-     "saService": {
-       "serverAddress": "sa.boulder:9095",
-       "timeout": "15s"
-@@ -60,19 +68,7 @@
+@@ -68,30 +68,7 @@
            "crlURL": "http://example.com/crl",
            "location": {
              "configFile": "test/test-ca.key-pkcs11.json",
@@ -27,6 +12,17 @@ index 9cb9720e..3c4a0a3c 100644
 -        },
 -        {
 -          "useForRSALeaves": false,
+-          "useForECDSALeaves": true,
+-          "issuerURL": "http://127.0.0.1:4001/aia/issuer/5214744660557630",
+-          "ocspURL": "http://127.0.0.1:4002/",
+-          "location": {
+-            "configFile": "/hierarchy/intermediate-signing-key-ecdsa.pkcs11.json",
+-            "certFile": "/hierarchy/intermediate-cert-ecdsa-a.pem",
+-            "numSessions": 2
+-          }
+-        },
+-        {
+-          "useForRSALeaves": false,
 -          "useForECDSALeaves": false,
 -          "issuerURL": "http://127.0.0.1:4001/aia/issuer/41127673797486028",
 -          "ocspURL": "http://127.0.0.1:4002/",

patches/test_config_ca_b.patch

@@ -1,23 +1,8 @@
 diff --git a/test/config/ca-b.json b/test/config/ca-b.json
-index 122bcfa7..54b25dd8 100644
+index 960d62f95..54b25dd81 100644
 --- a/test/config/ca-b.json
 +++ b/test/config/ca-b.json
-@@ -24,6 +24,14 @@
-         "orphan-finder.boulder"
-       ]
-     },
-+    "grpcCRLGenerator": {
-+      "maxConnectionAge": "30s",
-+      "address": ":9106",
-+      "clientNames": [
-+        "health-checker.boulder",
-+        "crl-updater.boulder"
-+      ]
-+    },
-     "saService": {
-       "serverAddress": "sa.boulder:9095",
-       "timeout": "15s"
-@@ -60,19 +68,7 @@
+@@ -68,30 +68,7 @@
            "crlURL": "http://example.com/crl",
            "location": {
              "configFile": "test/test-ca.key-pkcs11.json",
@@ -27,6 +12,17 @@ index 122bcfa7..54b25dd8 100644
 -        },
 -        {
 -          "useForRSALeaves": false,
+-          "useForECDSALeaves": true,
+-          "issuerURL": "http://127.0.0.1:4001/aia/issuer/5214744660557630",
+-          "ocspURL": "http://127.0.0.1:4002/",
+-          "location": {
+-            "configFile": "/hierarchy/intermediate-signing-key-ecdsa.pkcs11.json",
+-            "certFile": "/hierarchy/intermediate-cert-ecdsa-a.pem",
+-            "numSessions": 2
+-          }
+-        },
+-        {
+-          "useForRSALeaves": false,
 -          "useForECDSALeaves": false,
 -          "issuerURL": "http://127.0.0.1:4001/aia/issuer/41127673797486028",
 -          "ocspURL": "http://127.0.0.1:4002/",