Bump boulder version to release-2024-04-08

2026-01-27 10:19:34 +00:00 · 2024-04-09 21:00:36 +02:00
parent 5c41c8eff9
commit 8b116d08e2
14 changed files with 73 additions and 74 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -13,7 +13,7 @@ jobs:
      fail-fast: false
      matrix:
        GO_VERSION:
-          - 1.22.1
+          - 1.22.2

    steps:
      - name: Checkout
--- a/build/Dockerfile-boulder
+++ b/build/Dockerfile-boulder
@@ -1,4 +1,4 @@
-FROM letsencrypt/boulder-tools:go1.22.1_2024-03-05 AS boulder-tools
+FROM letsencrypt/boulder-tools:go1.22.2_2024-04-04 AS boulder-tools

 FROM ubuntu:focal

--- a/build/build.sh
+++ b/build/build.sh
@@ -8,7 +8,7 @@ TMP_DIR=$(pwd)/tmp
 rm -rf $TMP_DIR && mkdir -p $TMP_DIR/{admin,bin,logs,src}

 boulderDir=$TMP_DIR/src
-boulderTag="release-2024-04-01"
+boulderTag="release-2024-04-08"
 boulderUrl="https://github.com/letsencrypt/boulder/"
 cloneDir=$(pwd)/..

--- a/build/tmp2.patch
+++ b/build/tmp2.patch
@@ -1,8 +1,8 @@
 diff --git a/test/startservers.py b/test/startservers.py
-index 0169251a5..da9ee1565 100644
+index e24e9085a..6262eccd0 100644
 --- a/test/startservers.py
 +++ b/test/startservers.py
-@@ -172,6 +172,9 @@ def setupHierarchyOriginal():
+@@ -175,6 +175,9 @@ def setupHierarchyOriginal():
 
 
 def install(race_detection):
--- a/2
+++ b/2
@@ -30,7 +30,7 @@ dockerComposeVersion="v2.5.0"

 labcaUrl="https://github.com/hakwerk/labca/"
 boulderUrl="https://github.com/letsencrypt/boulder/"
-boulderTag="release-2024-04-01"
+boulderTag="release-2024-04-08"

 # Feature flags
 flag_skip_redis=true
--- a/patch-cfg.sh
+++ b/patch-cfg.sh
@@ -47,22 +47,22 @@ sed -i -e "s/test-ca2.pem/test-ca.pem/" config/ocsp-responder.json
 sed -i -e "s/test-ca2.pem/test-ca.pem/" config/publisher.json
 sed -i -e "s/test-ca2.pem/test-ca.pem/" config/ra.json
 sed -i -e "s/test-ca2.pem/test-ca.pem/" config/wfe2.json
-sed -i -e "s|/hierarchy/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" config/akamai-purger.json
-sed -i -e "s|/hierarchy/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" config/ocsp-responder.json
-sed -i -e "s|/hierarchy/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" config/publisher.json
-sed -i -e "s|/hierarchy/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" config/ra.json
-sed -i -e "s|/hierarchy/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" config/wfe2.json
-sed -i -e "s|/hierarchy/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" config/crl-storer.json
-sed -i -e "s|/hierarchy/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" config/crl-updater.json
-sed -i -e "s|/hierarchy/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" config/ra.json
-sed -i -e "s|/hierarchy/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" v2_integration.py
-sed -i -e "s|/hierarchy/root-cert-rsa.pem|labca/test-root.pem|" cert-ceremonies/root-ceremony-rsa.yaml
-sed -i -e "s|/hierarchy/root-cert-rsa.pem|labca/test-root.pem|" cert-ceremonies/root-crl-rsa.yaml
-sed -i -e "s|/hierarchy/root-cert-rsa.pem|labca/test-root.pem|" cert-ceremonies/intermediate-ceremony-rsa.yaml
-sed -i -e "s|/hierarchy/root-cert-rsa.pem|labca/test-root.pem|" config/publisher.json
-sed -i -e "s|/hierarchy/root-cert-rsa.pem|labca/test-root.pem|" config/wfe2.json
-sed -i -e "s|/hierarchy/root-cert-rsa.pem|labca/test-root.pem|" integration-test.py
-sed -i -e "s|/hierarchy/root-cert-rsa.pem|labca/test-root.pem|" helpers.py
+sed -i -e "s|/hierarchy/int-rsa-a.cert.pem|labca/test-ca.pem|" config/akamai-purger.json
+sed -i -e "s|/hierarchy/int-rsa-a.cert.pem|labca/test-ca.pem|" config/ocsp-responder.json
+sed -i -e "s|/hierarchy/int-rsa-a.cert.pem|labca/test-ca.pem|" config/publisher.json
+sed -i -e "s|/hierarchy/int-rsa-a.cert.pem|labca/test-ca.pem|" config/ra.json
+sed -i -e "s|/hierarchy/int-rsa-a.cert.pem|labca/test-ca.pem|" config/wfe2.json
+sed -i -e "s|/hierarchy/int-rsa-a.cert.pem|labca/test-ca.pem|" config/crl-storer.json
+sed -i -e "s|/hierarchy/int-rsa-a.cert.pem|labca/test-ca.pem|" config/crl-updater.json
+sed -i -e "s|/hierarchy/int-rsa-a.cert.pem|labca/test-ca.pem|" config/ra.json
+sed -i -e "s|/hierarchy/int-rsa-a.cert.pem|labca/test-ca.pem|" v2_integration.py
+sed -i -e "s|/hierarchy/root-rsa.cert.pem|labca/test-root.pem|" cert-ceremonies/root-ceremony-rsa.yaml
+sed -i -e "s|/hierarchy/root-rsa.cert.pem|labca/test-root.pem|" cert-ceremonies/root-crl-rsa.yaml
+sed -i -e "s|/hierarchy/root-rsa.cert.pem|labca/test-root.pem|" cert-ceremonies/intermediate-cert-ceremony-rsa.yaml
+sed -i -e "s|/hierarchy/root-rsa.cert.pem|labca/test-root.pem|" config/publisher.json
+sed -i -e "s|/hierarchy/root-rsa.cert.pem|labca/test-root.pem|" config/wfe2.json
+sed -i -e "s|/hierarchy/root-rsa.cert.pem|labca/test-root.pem|" integration-test.py
+sed -i -e "s|/hierarchy/root-rsa.cert.pem|labca/test-root.pem|" helpers.py
 sed -i -e "s/5001/443/g" config/va.json
 sed -i -e "s/5002/80/g" config/va.json
 sed -i -e "s/5001/443/g" config/va-remote-a.json
--- a/patches/config_crl-storer.patch
+++ b/patches/config_crl-storer.patch
@@ -6,12 +6,12 @@ index ef70c2ffc..a53b75d86 100644
 			}
 		},
 		"issuerCerts": [
-			"/hierarchy/intermediate-cert-rsa-a.pem",
-			"/hierarchy/intermediate-cert-rsa-b.pem",
-			"/hierarchy/intermediate-cert-ecdsa-a.pem"
-+			"/hierarchy/intermediate-cert-rsa-a.pem"
+-			"/hierarchy/int-rsa-a.cert.pem",
+-			"/hierarchy/int-rsa-b.cert.pem",
+-			"/hierarchy/int-ecdsa-a.cert.pem"
+			"/hierarchy/int-rsa-a.cert.pem"
 		],
 +		"localStorePath": "/opt/wwwstatic/crl",
- 		"s3Endpoint": "http://localhost:7890",
+ 		"s3Endpoint": "http://localhost:4501",
 		"s3Bucket": "lets-encrypt-crls",
 		"awsConfigFile": "test/config/crl-storer.ini",
--- a/patches/config_crl-updater.patch
+++ b/patches/config_crl-updater.patch
@@ -6,10 +6,10 @@ index f6b70123f..a6c1471e5 100644
 			"hostOverride": "crl-storer.boulder"
 		},
 		"issuerCerts": [
-			"/hierarchy/intermediate-cert-rsa-a.pem",
-			"/hierarchy/intermediate-cert-rsa-b.pem",
-			"/hierarchy/intermediate-cert-ecdsa-a.pem"
-+			"/hierarchy/intermediate-cert-rsa-a.pem"
+-			"/hierarchy/int-rsa-a.cert.pem",
+-			"/hierarchy/int-rsa-b.cert.pem",
+-			"/hierarchy/int-ecdsa-a.cert.pem"
+			"/hierarchy/int-rsa-a.cert.pem"
 		],
 -		"numShards": 10,
 -		"shardWidth": "240h",
--- a/patches/config_ocsp-responder.patch
+++ b/patches/config_ocsp-responder.patch
@@ -29,10 +29,10 @@ index bfea858d..fecea919 100644
 		"path": "/",
 		"listenAddress": "0.0.0.0:4002",
 		"issuerCerts": [
-			"/hierarchy/intermediate-cert-rsa-a.pem",
-			"/hierarchy/intermediate-cert-rsa-b.pem",
-			"/hierarchy/intermediate-cert-ecdsa-a.pem"
-+			"/hierarchy/intermediate-cert-rsa-a.pem"
+-			"/hierarchy/int-rsa-a.cert.pem",
+-			"/hierarchy/int-rsa-b.cert.pem",
+-			"/hierarchy/int-ecdsa-a.cert.pem"
+			"/hierarchy/int-rsa-a.cert.pem"
 		],
 		"liveSigningPeriod": "60h",
 		"timeout": "4.9s",
--- a/patches/config_publisher.patch
+++ b/patches/config_publisher.patch
@@ -4,20 +4,20 @@ index 6e0337c..1e5ed7b 100644
 +++ b/test/config/publisher.json
@@ -6,18 +6,6 @@
 			[
- 				"/hierarchy/intermediate-cert-rsa-a.pem",
- 				"/hierarchy/root-cert-rsa.pem"
+ 				"/hierarchy/int-rsa-a.cert.pem",
+ 				"/hierarchy/root-rsa.cert.pem"
 -			],
 -			[
-				"/hierarchy/intermediate-cert-rsa-b.pem",
-				"/hierarchy/root-cert-rsa.pem"
+-				"/hierarchy/int-rsa-b.cert.pem",
+-				"/hierarchy/root-rsa.cert.pem"
 -			],
 -			[
-				"/hierarchy/intermediate-cert-ecdsa-a.pem",
-				"/hierarchy/root-cert-ecdsa.pem"
+-				"/hierarchy/int-ecdsa-a.cert.pem",
+-				"/hierarchy/root-ecdsa.cert.pem"
 -			],
 -			[
-				"/hierarchy/intermediate-cert-ecdsa-b.pem",
-				"/hierarchy/root-cert-ecdsa.pem"
+-				"/hierarchy/int-ecdsa-b.cert.pem",
+-				"/hierarchy/root-ecdsa.cert.pem"
 			]
 		],
 		"debugAddr": ":8009",
--- a/patches/config_ra.patch
+++ b/patches/config_ra.patch
@@ -6,10 +6,10 @@ index 6f0baae9..6ad0f08c 100644
 		},
 		"orderLifetime": "168h",
 		"issuerCerts": [
-			"/hierarchy/intermediate-cert-rsa-a.pem",
-			"/hierarchy/intermediate-cert-rsa-b.pem",
-			"/hierarchy/intermediate-cert-ecdsa-a.pem"
-+			"/hierarchy/intermediate-cert-rsa-a.pem"
+-			"/hierarchy/int-rsa-a.cert.pem",
+-			"/hierarchy/int-rsa-b.cert.pem",
+-			"/hierarchy/int-ecdsa-a.cert.pem"
+			"/hierarchy/int-rsa-a.cert.pem"
 		],
 		"tls": {
 			"caCertFile": "test/grpc-creds/minica.pem",
--- a/patches/config_wfe2.patch
+++ b/patches/config_wfe2.patch
@@ -4,28 +4,28 @@ index c0093044..e8ba4263 100644
 +++ b/test/config/wfe2.json
@@ -79,26 +79,6 @@
 			[
- 				"/hierarchy/intermediate-cert-rsa-a.pem",
- 				"/hierarchy/root-cert-rsa.pem"
+ 				"/hierarchy/int-rsa-a.cert.pem",
+ 				"/hierarchy/root-rsa.cert.pem"
 -			],
 -			[
-				"/hierarchy/intermediate-cert-rsa-b.pem",
-				"/hierarchy/root-cert-rsa.pem"
+-				"/hierarchy/int-rsa-b.cert.pem",
+-				"/hierarchy/root-rsa.cert.pem"
 -			],
 -			[
-				"/hierarchy/intermediate-cert-ecdsa-a.pem",
-				"/hierarchy/root-cert-ecdsa.pem"
+-				"/hierarchy/int-ecdsa-a.cert.pem",
+-				"/hierarchy/root-ecdsa.cert.pem"
 -			],
 -			[
-				"/hierarchy/intermediate-cert-ecdsa-b.pem",
-				"/hierarchy/root-cert-ecdsa.pem"
+-				"/hierarchy/int-ecdsa-b.cert.pem",
+-				"/hierarchy/root-ecdsa.cert.pem"
 -			],
 -			[
-				"/hierarchy/intermediate-cross-cert-ecdsa-a.pem",
-				"/hierarchy/root-cert-rsa.pem"
+-				"/hierarchy/int-ecdsa-a-cross.cert.pem",
+-				"/hierarchy/root-rsa.cert.pem"
 -			],
 -			[
-				"/hierarchy/intermediate-cross-cert-ecdsa-b.pem",
-				"/hierarchy/root-cert-rsa.pem"
+-				"/hierarchy/int-ecdsa-b-cross.cert.pem",
+-				"/hierarchy/root-rsa.cert.pem"
 			]
 		],
 		"staleTimeout": "5m",
--- a/patches/startservers.patch
+++ b/patches/startservers.patch
@@ -1,8 +1,8 @@
 diff --git a/test/startservers.py b/test/startservers.py
-index 1ddfef04d..0169251a5 100644
+index 022e08949..e24e9085a 100644
 --- a/test/startservers.py
 +++ b/test/startservers.py
-@@ -158,6 +158,9 @@ processes = []
+@@ -161,6 +161,9 @@ processes = []
 challSrvProcess = None
 
 def setupHierarchy():
--- a/patches/test_config_ca.patch
+++ b/patches/test_config_ca.patch
@@ -2,40 +2,39 @@ diff --git a/test/config/ca.json b/test/config/ca.json
 index 53ae91f2d..1937e5580 100644
 --- a/test/config/ca.json
 +++ b/test/config/ca.json
-@@ -58,36 +58,14 @@
- 				"maxValidityBackdate": "1h5m"
+@@ -59,35 +59,13 @@
 			},
 			"issuers": [
-				{
+ 				{
 -					"useForRSALeaves": false,
 -					"useForECDSALeaves": true,
-					"issuerURL": "http://127.0.0.1:4001/aia/issuer/5214744660557630",
+-					"issuerURL": "http://127.0.0.1:4502/int ecdsa a",
 -					"ocspURL": "http://127.0.0.1:4002/",
 -					"location": {
-						"configFile": "/hierarchy/intermediate-signing-key-ecdsa.pkcs11.json",
-						"certFile": "/hierarchy/intermediate-cert-ecdsa-a.pem",
+-						"configFile": "/hierarchy/int-ecdsa-a.pkcs11.json",
+-						"certFile": "/hierarchy/int-ecdsa-a.cert.pem",
 -						"numSessions": 2
 -					}
 -				},
- 				{
+-				{
 					"useForRSALeaves": true,
 					"useForECDSALeaves": true,
- 					"issuerURL": "http://127.0.0.1:4001/aia/issuer/6605440498369741",
+ 					"issuerURL": "http://127.0.0.1:4502/int rsa a",
 					"ocspURL": "http://127.0.0.1:4002/",
 					"location": {
-						"configFile": "/hierarchy/intermediate-signing-key-rsa.pkcs11.json",
-						"certFile": "/hierarchy/intermediate-cert-rsa-a.pem",
+-						"configFile": "/hierarchy/int-rsa-a.pkcs11.json",
+-						"certFile": "/hierarchy/int-rsa-a.cert.pem",
 -						"numSessions": 2
 -					}
 -				},
 -				{
 -					"useForRSALeaves": false,
 -					"useForECDSALeaves": false,
-					"issuerURL": "http://127.0.0.1:4001/aia/issuer/41127673797486028",
+-					"issuerURL": "http://127.0.0.1:4502/int rsa b",
 -					"ocspURL": "http://127.0.0.1:4002/",
 -					"location": {
-						"configFile": "/hierarchy/intermediate-signing-key-rsa.pkcs11.json",
-						"certFile": "/hierarchy/intermediate-cert-rsa-b.pem",
+-						"configFile": "/hierarchy/int-rsa-b.pkcs11.json",
+-						"certFile": "/hierarchy/int-rsa-b.cert.pem",
 +						"configFile": "test/test-ca.key-pkcs11.json",
 +						"certFile": "test/test-ca.pem",
 						"numSessions": 2