diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1afc379..eebe799 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,7 +13,7 @@ jobs: fail-fast: false matrix: GO_VERSION: - - 1.22.1 + - 1.22.2 steps: - name: Checkout diff --git a/build/Dockerfile-boulder b/build/Dockerfile-boulder index 0e32782..eb171a9 100644 --- a/build/Dockerfile-boulder +++ b/build/Dockerfile-boulder @@ -1,4 +1,4 @@ -FROM letsencrypt/boulder-tools:go1.22.1_2024-03-05 AS boulder-tools +FROM letsencrypt/boulder-tools:go1.22.2_2024-04-04 AS boulder-tools FROM ubuntu:focal diff --git a/build/build.sh b/build/build.sh index 97b72ac..60581df 100755 --- a/build/build.sh +++ b/build/build.sh @@ -8,7 +8,7 @@ TMP_DIR=$(pwd)/tmp rm -rf $TMP_DIR && mkdir -p $TMP_DIR/{admin,bin,logs,src} boulderDir=$TMP_DIR/src -boulderTag="release-2024-04-01" +boulderTag="release-2024-04-08" boulderUrl="https://github.com/letsencrypt/boulder/" cloneDir=$(pwd)/.. diff --git a/build/tmp2.patch b/build/tmp2.patch index 76fca10..4648be1 100644 --- a/build/tmp2.patch +++ b/build/tmp2.patch @@ -1,8 +1,8 @@ diff --git a/test/startservers.py b/test/startservers.py -index 0169251a5..da9ee1565 100644 +index e24e9085a..6262eccd0 100644 --- a/test/startservers.py +++ b/test/startservers.py -@@ -172,6 +172,9 @@ def setupHierarchyOriginal(): +@@ -175,6 +175,9 @@ def setupHierarchyOriginal(): def install(race_detection): diff --git a/install b/install index 146c0e3..f112d8c 100755 --- a/install +++ b/install @@ -30,7 +30,7 @@ dockerComposeVersion="v2.5.0" labcaUrl="https://github.com/hakwerk/labca/" boulderUrl="https://github.com/letsencrypt/boulder/" -boulderTag="release-2024-04-01" +boulderTag="release-2024-04-08" # Feature flags flag_skip_redis=true diff --git a/patch-cfg.sh b/patch-cfg.sh index b588d47..9f59a56 100755 --- a/patch-cfg.sh +++ b/patch-cfg.sh @@ -47,22 +47,22 @@ sed -i -e "s/test-ca2.pem/test-ca.pem/" config/ocsp-responder.json sed -i -e "s/test-ca2.pem/test-ca.pem/" config/publisher.json sed -i -e "s/test-ca2.pem/test-ca.pem/" config/ra.json sed -i -e "s/test-ca2.pem/test-ca.pem/" config/wfe2.json -sed -i -e "s|/hierarchy/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" config/akamai-purger.json -sed -i -e "s|/hierarchy/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" config/ocsp-responder.json -sed -i -e "s|/hierarchy/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" config/publisher.json -sed -i -e "s|/hierarchy/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" config/ra.json -sed -i -e "s|/hierarchy/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" config/wfe2.json -sed -i -e "s|/hierarchy/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" config/crl-storer.json -sed -i -e "s|/hierarchy/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" config/crl-updater.json -sed -i -e "s|/hierarchy/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" config/ra.json -sed -i -e "s|/hierarchy/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" v2_integration.py -sed -i -e "s|/hierarchy/root-cert-rsa.pem|labca/test-root.pem|" cert-ceremonies/root-ceremony-rsa.yaml -sed -i -e "s|/hierarchy/root-cert-rsa.pem|labca/test-root.pem|" cert-ceremonies/root-crl-rsa.yaml -sed -i -e "s|/hierarchy/root-cert-rsa.pem|labca/test-root.pem|" cert-ceremonies/intermediate-ceremony-rsa.yaml -sed -i -e "s|/hierarchy/root-cert-rsa.pem|labca/test-root.pem|" config/publisher.json -sed -i -e "s|/hierarchy/root-cert-rsa.pem|labca/test-root.pem|" config/wfe2.json -sed -i -e "s|/hierarchy/root-cert-rsa.pem|labca/test-root.pem|" integration-test.py -sed -i -e "s|/hierarchy/root-cert-rsa.pem|labca/test-root.pem|" helpers.py +sed -i -e "s|/hierarchy/int-rsa-a.cert.pem|labca/test-ca.pem|" config/akamai-purger.json +sed -i -e "s|/hierarchy/int-rsa-a.cert.pem|labca/test-ca.pem|" config/ocsp-responder.json +sed -i -e "s|/hierarchy/int-rsa-a.cert.pem|labca/test-ca.pem|" config/publisher.json +sed -i -e "s|/hierarchy/int-rsa-a.cert.pem|labca/test-ca.pem|" config/ra.json +sed -i -e "s|/hierarchy/int-rsa-a.cert.pem|labca/test-ca.pem|" config/wfe2.json +sed -i -e "s|/hierarchy/int-rsa-a.cert.pem|labca/test-ca.pem|" config/crl-storer.json +sed -i -e "s|/hierarchy/int-rsa-a.cert.pem|labca/test-ca.pem|" config/crl-updater.json +sed -i -e "s|/hierarchy/int-rsa-a.cert.pem|labca/test-ca.pem|" config/ra.json +sed -i -e "s|/hierarchy/int-rsa-a.cert.pem|labca/test-ca.pem|" v2_integration.py +sed -i -e "s|/hierarchy/root-rsa.cert.pem|labca/test-root.pem|" cert-ceremonies/root-ceremony-rsa.yaml +sed -i -e "s|/hierarchy/root-rsa.cert.pem|labca/test-root.pem|" cert-ceremonies/root-crl-rsa.yaml +sed -i -e "s|/hierarchy/root-rsa.cert.pem|labca/test-root.pem|" cert-ceremonies/intermediate-cert-ceremony-rsa.yaml +sed -i -e "s|/hierarchy/root-rsa.cert.pem|labca/test-root.pem|" config/publisher.json +sed -i -e "s|/hierarchy/root-rsa.cert.pem|labca/test-root.pem|" config/wfe2.json +sed -i -e "s|/hierarchy/root-rsa.cert.pem|labca/test-root.pem|" integration-test.py +sed -i -e "s|/hierarchy/root-rsa.cert.pem|labca/test-root.pem|" helpers.py sed -i -e "s/5001/443/g" config/va.json sed -i -e "s/5002/80/g" config/va.json sed -i -e "s/5001/443/g" config/va-remote-a.json diff --git a/patches/config_crl-storer.patch b/patches/config_crl-storer.patch index c48c2e0..1c1c087 100644 --- a/patches/config_crl-storer.patch +++ b/patches/config_crl-storer.patch @@ -6,12 +6,12 @@ index ef70c2ffc..a53b75d86 100644 } }, "issuerCerts": [ -- "/hierarchy/intermediate-cert-rsa-a.pem", -- "/hierarchy/intermediate-cert-rsa-b.pem", -- "/hierarchy/intermediate-cert-ecdsa-a.pem" -+ "/hierarchy/intermediate-cert-rsa-a.pem" +- "/hierarchy/int-rsa-a.cert.pem", +- "/hierarchy/int-rsa-b.cert.pem", +- "/hierarchy/int-ecdsa-a.cert.pem" ++ "/hierarchy/int-rsa-a.cert.pem" ], + "localStorePath": "/opt/wwwstatic/crl", - "s3Endpoint": "http://localhost:7890", + "s3Endpoint": "http://localhost:4501", "s3Bucket": "lets-encrypt-crls", "awsConfigFile": "test/config/crl-storer.ini", diff --git a/patches/config_crl-updater.patch b/patches/config_crl-updater.patch index 8556070..9c9fb44 100644 --- a/patches/config_crl-updater.patch +++ b/patches/config_crl-updater.patch @@ -6,10 +6,10 @@ index f6b70123f..a6c1471e5 100644 "hostOverride": "crl-storer.boulder" }, "issuerCerts": [ -- "/hierarchy/intermediate-cert-rsa-a.pem", -- "/hierarchy/intermediate-cert-rsa-b.pem", -- "/hierarchy/intermediate-cert-ecdsa-a.pem" -+ "/hierarchy/intermediate-cert-rsa-a.pem" +- "/hierarchy/int-rsa-a.cert.pem", +- "/hierarchy/int-rsa-b.cert.pem", +- "/hierarchy/int-ecdsa-a.cert.pem" ++ "/hierarchy/int-rsa-a.cert.pem" ], - "numShards": 10, - "shardWidth": "240h", diff --git a/patches/config_ocsp-responder.patch b/patches/config_ocsp-responder.patch index d395cf0..42f7616 100644 --- a/patches/config_ocsp-responder.patch +++ b/patches/config_ocsp-responder.patch @@ -29,10 +29,10 @@ index bfea858d..fecea919 100644 "path": "/", "listenAddress": "0.0.0.0:4002", "issuerCerts": [ -- "/hierarchy/intermediate-cert-rsa-a.pem", -- "/hierarchy/intermediate-cert-rsa-b.pem", -- "/hierarchy/intermediate-cert-ecdsa-a.pem" -+ "/hierarchy/intermediate-cert-rsa-a.pem" +- "/hierarchy/int-rsa-a.cert.pem", +- "/hierarchy/int-rsa-b.cert.pem", +- "/hierarchy/int-ecdsa-a.cert.pem" ++ "/hierarchy/int-rsa-a.cert.pem" ], "liveSigningPeriod": "60h", "timeout": "4.9s", diff --git a/patches/config_publisher.patch b/patches/config_publisher.patch index 6dbfed5..a552799 100644 --- a/patches/config_publisher.patch +++ b/patches/config_publisher.patch @@ -4,20 +4,20 @@ index 6e0337c..1e5ed7b 100644 +++ b/test/config/publisher.json @@ -6,18 +6,6 @@ [ - "/hierarchy/intermediate-cert-rsa-a.pem", - "/hierarchy/root-cert-rsa.pem" + "/hierarchy/int-rsa-a.cert.pem", + "/hierarchy/root-rsa.cert.pem" - ], - [ -- "/hierarchy/intermediate-cert-rsa-b.pem", -- "/hierarchy/root-cert-rsa.pem" +- "/hierarchy/int-rsa-b.cert.pem", +- "/hierarchy/root-rsa.cert.pem" - ], - [ -- "/hierarchy/intermediate-cert-ecdsa-a.pem", -- "/hierarchy/root-cert-ecdsa.pem" +- "/hierarchy/int-ecdsa-a.cert.pem", +- "/hierarchy/root-ecdsa.cert.pem" - ], - [ -- "/hierarchy/intermediate-cert-ecdsa-b.pem", -- "/hierarchy/root-cert-ecdsa.pem" +- "/hierarchy/int-ecdsa-b.cert.pem", +- "/hierarchy/root-ecdsa.cert.pem" ] ], "debugAddr": ":8009", diff --git a/patches/config_ra.patch b/patches/config_ra.patch index ecadfbe..0fe8b78 100644 --- a/patches/config_ra.patch +++ b/patches/config_ra.patch @@ -6,10 +6,10 @@ index 6f0baae9..6ad0f08c 100644 }, "orderLifetime": "168h", "issuerCerts": [ -- "/hierarchy/intermediate-cert-rsa-a.pem", -- "/hierarchy/intermediate-cert-rsa-b.pem", -- "/hierarchy/intermediate-cert-ecdsa-a.pem" -+ "/hierarchy/intermediate-cert-rsa-a.pem" +- "/hierarchy/int-rsa-a.cert.pem", +- "/hierarchy/int-rsa-b.cert.pem", +- "/hierarchy/int-ecdsa-a.cert.pem" ++ "/hierarchy/int-rsa-a.cert.pem" ], "tls": { "caCertFile": "test/grpc-creds/minica.pem", diff --git a/patches/config_wfe2.patch b/patches/config_wfe2.patch index 7f77c24..8942ae3 100644 --- a/patches/config_wfe2.patch +++ b/patches/config_wfe2.patch @@ -4,28 +4,28 @@ index c0093044..e8ba4263 100644 +++ b/test/config/wfe2.json @@ -79,26 +79,6 @@ [ - "/hierarchy/intermediate-cert-rsa-a.pem", - "/hierarchy/root-cert-rsa.pem" + "/hierarchy/int-rsa-a.cert.pem", + "/hierarchy/root-rsa.cert.pem" - ], - [ -- "/hierarchy/intermediate-cert-rsa-b.pem", -- "/hierarchy/root-cert-rsa.pem" +- "/hierarchy/int-rsa-b.cert.pem", +- "/hierarchy/root-rsa.cert.pem" - ], - [ -- "/hierarchy/intermediate-cert-ecdsa-a.pem", -- "/hierarchy/root-cert-ecdsa.pem" +- "/hierarchy/int-ecdsa-a.cert.pem", +- "/hierarchy/root-ecdsa.cert.pem" - ], - [ -- "/hierarchy/intermediate-cert-ecdsa-b.pem", -- "/hierarchy/root-cert-ecdsa.pem" +- "/hierarchy/int-ecdsa-b.cert.pem", +- "/hierarchy/root-ecdsa.cert.pem" - ], - [ -- "/hierarchy/intermediate-cross-cert-ecdsa-a.pem", -- "/hierarchy/root-cert-rsa.pem" +- "/hierarchy/int-ecdsa-a-cross.cert.pem", +- "/hierarchy/root-rsa.cert.pem" - ], - [ -- "/hierarchy/intermediate-cross-cert-ecdsa-b.pem", -- "/hierarchy/root-cert-rsa.pem" +- "/hierarchy/int-ecdsa-b-cross.cert.pem", +- "/hierarchy/root-rsa.cert.pem" ] ], "staleTimeout": "5m", diff --git a/patches/startservers.patch b/patches/startservers.patch index 1e229f5..a00f3cc 100644 --- a/patches/startservers.patch +++ b/patches/startservers.patch @@ -1,8 +1,8 @@ diff --git a/test/startservers.py b/test/startservers.py -index 1ddfef04d..0169251a5 100644 +index 022e08949..e24e9085a 100644 --- a/test/startservers.py +++ b/test/startservers.py -@@ -158,6 +158,9 @@ processes = [] +@@ -161,6 +161,9 @@ processes = [] challSrvProcess = None def setupHierarchy(): diff --git a/patches/test_config_ca.patch b/patches/test_config_ca.patch index d1f366d..b50b35e 100644 --- a/patches/test_config_ca.patch +++ b/patches/test_config_ca.patch @@ -2,40 +2,39 @@ diff --git a/test/config/ca.json b/test/config/ca.json index 53ae91f2d..1937e5580 100644 --- a/test/config/ca.json +++ b/test/config/ca.json -@@ -58,36 +58,14 @@ - "maxValidityBackdate": "1h5m" +@@ -59,35 +59,13 @@ }, "issuers": [ -- { + { - "useForRSALeaves": false, - "useForECDSALeaves": true, -- "issuerURL": "http://127.0.0.1:4001/aia/issuer/5214744660557630", +- "issuerURL": "http://127.0.0.1:4502/int ecdsa a", - "ocspURL": "http://127.0.0.1:4002/", - "location": { -- "configFile": "/hierarchy/intermediate-signing-key-ecdsa.pkcs11.json", -- "certFile": "/hierarchy/intermediate-cert-ecdsa-a.pem", +- "configFile": "/hierarchy/int-ecdsa-a.pkcs11.json", +- "certFile": "/hierarchy/int-ecdsa-a.cert.pem", - "numSessions": 2 - } - }, - { +- { "useForRSALeaves": true, "useForECDSALeaves": true, - "issuerURL": "http://127.0.0.1:4001/aia/issuer/6605440498369741", + "issuerURL": "http://127.0.0.1:4502/int rsa a", "ocspURL": "http://127.0.0.1:4002/", "location": { -- "configFile": "/hierarchy/intermediate-signing-key-rsa.pkcs11.json", -- "certFile": "/hierarchy/intermediate-cert-rsa-a.pem", +- "configFile": "/hierarchy/int-rsa-a.pkcs11.json", +- "certFile": "/hierarchy/int-rsa-a.cert.pem", - "numSessions": 2 - } - }, - { - "useForRSALeaves": false, - "useForECDSALeaves": false, -- "issuerURL": "http://127.0.0.1:4001/aia/issuer/41127673797486028", +- "issuerURL": "http://127.0.0.1:4502/int rsa b", - "ocspURL": "http://127.0.0.1:4002/", - "location": { -- "configFile": "/hierarchy/intermediate-signing-key-rsa.pkcs11.json", -- "certFile": "/hierarchy/intermediate-cert-rsa-b.pem", +- "configFile": "/hierarchy/int-rsa-b.pkcs11.json", +- "certFile": "/hierarchy/int-rsa-b.cert.pem", + "configFile": "test/test-ca.key-pkcs11.json", + "certFile": "test/test-ca.pem", "numSessions": 2