diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c34f92c..cd5e289 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,7 +13,7 @@ jobs: fail-fast: false matrix: GO_VERSION: - - 1.20.4 + - 1.20.5 steps: - name: Checkout diff --git a/build/build.sh b/build/build.sh index 849aa3c..288ed04 100755 --- a/build/build.sh +++ b/build/build.sh @@ -8,7 +8,7 @@ TMP_DIR=$(pwd)/tmp rm -rf $TMP_DIR && mkdir -p $TMP_DIR/{admin,bin,logs,src} boulderDir=$TMP_DIR/src -boulderTag="release-2023-06-12" +boulderTag="release-2023-07-11" boulderUrl="https://github.com/letsencrypt/boulder/" cloneDir=$(pwd)/.. diff --git a/build/docker-compose.yml b/build/docker-compose.yml index c93ed0e..869b7d5 100644 --- a/build/docker-compose.yml +++ b/build/docker-compose.yml @@ -11,6 +11,8 @@ services: FAKE_DNS: 10.77.77.77 BOULDER_CONFIG_DIR: &boulder_config_dir labca/config GOFLAGS: -mod=vendor + # Forward the parent env's GOEXPERIMENT value into the container. + GOEXPERIMENT: ${GOEXPERIMENT:-} volumes: - boulder_data:/opt/boulder/labca - nginx_html:/opt/wwwstatic diff --git a/build/tmp.patch b/build/tmp.patch index 170fe96..c68bb8c 100644 --- a/build/tmp.patch +++ b/build/tmp.patch @@ -1,5 +1,5 @@ diff --git a/docker-compose.yml b/docker-compose.yml -index 6a1d77c44..c93ed0e3c 100644 +index 02958b245..869b7d5de 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,8 +1,9 @@ @@ -8,14 +8,14 @@ index 6a1d77c44..c93ed0e3c 100644 services: boulder: # Should match one of the GO_DEV_VERSIONS in test/boulder-tools/tag_and_upload.sh. -- image: &boulder_image letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-go1.20.4_2023-05-02} +- image: &boulder_image letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-go1.20.5_2023-06-20} + image: ghcr.io/hakwerk/labca-boulder:${LABCA_IMAGE_VERSION:-latest} environment: # To solve HTTP-01 and TLS-ALPN-01 challenges, change the IP in FAKE_DNS # to the IP address where your ACME client's solver is listening. -@@ -11,12 +12,9 @@ services: - BOULDER_CONFIG_DIR: &boulder_config_dir labca/config - GOFLAGS: -mod=vendor +@@ -13,12 +14,9 @@ services: + # Forward the parent env's GOEXPERIMENT value into the container. + GOEXPERIMENT: ${GOEXPERIMENT:-} volumes: - - .:/opt/boulder:cached - - /home/labca/boulder_labca:/opt/boulder/labca @@ -29,7 +29,7 @@ index 6a1d77c44..c93ed0e3c 100644 networks: bluenet: ipv4_address: 10.77.77.77 -@@ -40,6 +38,7 @@ services: +@@ -42,6 +40,7 @@ services: depends_on: - bmysql - bconsul @@ -37,7 +37,7 @@ index 6a1d77c44..c93ed0e3c 100644 entrypoint: labca/entrypoint.sh working_dir: &boulder_working_dir /opt/boulder logging: -@@ -74,8 +73,10 @@ services: +@@ -76,8 +75,10 @@ services: bconsul: image: hashicorp/consul:1.14.2 @@ -49,7 +49,7 @@ index 6a1d77c44..c93ed0e3c 100644 networks: consulnet: ipv4_address: 10.55.55.10 -@@ -83,27 +84,28 @@ services: +@@ -85,27 +86,28 @@ services: ipv4_address: 10.77.77.10 rednet: ipv4_address: 10.88.88.10 @@ -88,7 +88,7 @@ index 6a1d77c44..c93ed0e3c 100644 logging: driver: "json-file" options: -@@ -120,27 +122,26 @@ services: +@@ -122,27 +124,26 @@ services: - 80:80 - 443:443 volumes: @@ -130,7 +130,7 @@ index 6a1d77c44..c93ed0e3c 100644 expose: - 3030 environment: -@@ -151,6 +152,14 @@ services: +@@ -153,6 +154,14 @@ services: volumes: dbdata: diff --git a/cron_d b/cron_d index 90458bf..7790c33 100644 --- a/cron_d +++ b/cron_d @@ -2,7 +2,7 @@ SHELL=/bin/bash PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin -1 6 * * Mon root /opt/labca/backup cron &>>/opt/logs/cron.log 1 7 * * * root /opt/labca/mailer &>>/opt/logs/cron.log 5 7 * * * root /opt/labca/checkrenew &>>/opt/logs/cron.log +11 7 * * Mon root /opt/labca/backup cron &>>/opt/logs/cron.log */5 * * * * root /opt/labca/checkcrl &>>/opt/logs/cron.log diff --git a/install b/install index dbfce10..b347006 100755 --- a/install +++ b/install @@ -30,7 +30,7 @@ dockerComposeVersion="v2.5.0" labcaUrl="https://github.com/hakwerk/labca/" boulderUrl="https://github.com/letsencrypt/boulder/" -boulderTag="release-2023-06-12" +boulderTag="release-2023-07-11" # Feature flags flag_skip_redis=true @@ -877,15 +877,6 @@ main() { get_boulder config_boulder - #if [ $alphaTest -eq 1 ]; then - # msg="TEST modify docker-compose.yml" - # msg_info "$msg" - # cd "$boulderDir" - # patch -p1 < $(dirname $this)/build/tmp.patch &>>$installLog - # patch -p1 -o "$boulderLabCADir/startservers.py" < $(dirname $this)/build/tmp2.patch - # msg_ok "$msg" - #fi - cleanup startup diff --git a/mail-tester.go b/mail-tester.go index d1f364f..4ee7457 100644 --- a/mail-tester.go +++ b/mail-tester.go @@ -86,7 +86,6 @@ func main() { scope, logger, oTelShutdown := cmd.StatsAndLogging(c.Syslog, c.OpenTelemetry, c.Mailer.DebugAddr) defer oTelShutdown(context.Background()) - defer logger.AuditPanic() logger.Info(cmd.VersionString()) clk := cmd.Clock() diff --git a/patches/boulder-va_main.patch b/patches/boulder-va_main.patch index 990f12c..eeb0340 100644 --- a/patches/boulder-va_main.patch +++ b/patches/boulder-va_main.patch @@ -1,5 +1,5 @@ diff --git a/cmd/boulder-va/main.go b/cmd/boulder-va/main.go -index 3625dace9..55cb7cc18 100644 +index 8994b9b20..a0f0f9aa6 100644 --- a/cmd/boulder-va/main.go +++ b/cmd/boulder-va/main.go @@ -27,8 +27,9 @@ type Config struct { @@ -14,7 +14,7 @@ index 3625dace9..55cb7cc18 100644 DNSTimeout config.Duration `validate:"required"` DNSAllowLoopbackAddresses bool -@@ -88,7 +89,7 @@ func main() { +@@ -87,7 +88,7 @@ func main() { cmd.Fail("Cannot specify both 'dnsResolver' and dnsProvider") } @@ -23,7 +23,7 @@ index 3625dace9..55cb7cc18 100644 cmd.Fail("Must specify either 'dnsResolver' or dnsProvider") } -@@ -101,8 +102,13 @@ func main() { +@@ -100,8 +101,13 @@ func main() { } var servers bdns.ServerProvider diff --git a/patches/cmd_shell.patch b/patches/cmd_shell.patch index c575321..3fd8108 100644 --- a/patches/cmd_shell.patch +++ b/patches/cmd_shell.patch @@ -1,8 +1,8 @@ diff --git a/cmd/shell.go b/cmd/shell.go -index 2400becf9..0d37c738c 100644 +index 373bb0229..e660317d2 100644 --- a/cmd/shell.go +++ b/cmd/shell.go -@@ -215,7 +215,7 @@ func NewLogger(logConf SyslogConfig) blog.Logger { +@@ -221,7 +221,7 @@ func NewLogger(logConf SyslogConfig) blog.Logger { // Boulder's conception of time. go func() { for { diff --git a/patches/crl-storer_main.patch b/patches/crl-storer_main.patch index 0c3f764..ac1c910 100644 --- a/patches/crl-storer_main.patch +++ b/patches/crl-storer_main.patch @@ -1,5 +1,5 @@ diff --git a/cmd/crl-storer/main.go b/cmd/crl-storer/main.go -index 073c62032..b59db781c 100644 +index d2fde00a8..410bbbd64 100644 --- a/cmd/crl-storer/main.go +++ b/cmd/crl-storer/main.go @@ -46,6 +46,9 @@ type Config struct { @@ -12,7 +12,7 @@ index 073c62032..b59db781c 100644 Features map[string]bool } -@@ -122,7 +125,7 @@ func main() { +@@ -121,7 +124,7 @@ func main() { } s3client := s3.NewFromConfig(awsConfig, s3opts...) diff --git a/patches/docker-compose-redis.patch b/patches/docker-compose-redis.patch index fa81cef..24c2f0b 100644 --- a/patches/docker-compose-redis.patch +++ b/patches/docker-compose-redis.patch @@ -1,8 +1,8 @@ diff --git a/docker-compose.yml b/docker-compose.yml -index 4b62cf28d..f2b242fb5 100644 +index f7c4e45c0..59f5423d4 100644 --- a/docker-compose.yml +++ b/docker-compose.yml -@@ -20,8 +20,6 @@ services: +@@ -22,8 +22,6 @@ services: ipv4_address: 10.77.77.77 rednet: ipv4_address: 10.88.88.88 @@ -11,7 +11,7 @@ index 4b62cf28d..f2b242fb5 100644 consulnet: ipv4_address: 10.55.55.55 # Use consul as a backup to Docker's embedded DNS server. If there's a name -@@ -40,8 +38,6 @@ services: +@@ -42,8 +40,6 @@ services: depends_on: - bmysql - bproxysql @@ -20,7 +20,7 @@ index 4b62cf28d..f2b242fb5 100644 - bconsul - bjaeger entrypoint: test/entrypoint.sh -@@ -79,24 +75,6 @@ services: +@@ -81,24 +77,6 @@ services: aliases: - boulder-proxysql @@ -45,7 +45,7 @@ index 4b62cf28d..f2b242fb5 100644 bconsul: image: hashicorp/consul:1.14.2 volumes: -@@ -146,13 +124,6 @@ networks: +@@ -148,13 +126,6 @@ networks: config: - subnet: 10.88.88.0/24 diff --git a/patches/docker-compose.patch b/patches/docker-compose.patch index 8a59946..abdb9db 100644 --- a/patches/docker-compose.patch +++ b/patches/docker-compose.patch @@ -1,14 +1,17 @@ diff --git a/docker-compose.yml b/docker-compose.yml -index f2b242fb5..35714ad44 100644 +index 59f5423d4..02958b245 100644 --- a/docker-compose.yml +++ b/docker-compose.yml -@@ -8,10 +8,12 @@ services: +@@ -8,12 +8,14 @@ services: # to the IP address where your ACME client's solver is listening. # FAKE_DNS: 172.17.0.1 FAKE_DNS: 10.77.77.77 - BOULDER_CONFIG_DIR: &boulder_config_dir test/config + BOULDER_CONFIG_DIR: &boulder_config_dir labca/config GOFLAGS: -mod=vendor + # Forward the parent env's GOEXPERIMENT value into the container. +- GOEXPERIMENT: ${GOEXPERIMENT} ++ GOEXPERIMENT: ${GOEXPERIMENT:-} volumes: - - .:/boulder:cached + - .:/opt/boulder:cached @@ -17,7 +20,7 @@ index f2b242fb5..35714ad44 100644 - ./.gocache:/root/.cache/go-build:cached - ./.hierarchy:/hierarchy/:cached - ./.softhsm-tokens/:/var/lib/softhsm/tokens/:cached -@@ -31,20 +33,26 @@ services: +@@ -33,20 +35,26 @@ services: # TODO: Remove this when ServerAddress is deprecated in favor of SRV records # and DNSAuthority. dns: 10.55.55.10 @@ -52,7 +55,7 @@ index f2b242fb5..35714ad44 100644 networks: bluenet: aliases: -@@ -58,22 +66,11 @@ services: +@@ -60,22 +68,11 @@ services: # small. command: mysqld --bind-address=0.0.0.0 --slow-query-log --log-output=TABLE --log-queries-not-using-indexes=ON logging: @@ -80,7 +83,7 @@ index f2b242fb5..35714ad44 100644 bconsul: image: hashicorp/consul:1.14.2 -@@ -87,27 +84,73 @@ services: +@@ -89,27 +86,73 @@ services: rednet: ipv4_address: 10.88.88.10 command: "consul agent -dev -config-format=hcl -config-file=/test/consul/config.hcl" diff --git a/patches/expiration-mailer_main.patch b/patches/expiration-mailer_main.patch index 5272a19..3e720bb 100644 --- a/patches/expiration-mailer_main.patch +++ b/patches/expiration-mailer_main.patch @@ -1,5 +1,5 @@ diff --git a/cmd/expiration-mailer/main.go b/cmd/expiration-mailer/main.go -index c1d239343..e7b6a2868 100644 +index d41bc5a0b..cde94e5a0 100644 --- a/cmd/expiration-mailer/main.go +++ b/cmd/expiration-mailer/main.go @@ -23,6 +23,7 @@ import ( @@ -31,7 +31,7 @@ index c1d239343..e7b6a2868 100644 // Path to a file containing a list of trusted root certificates for use // during the SMTP connection (as opposed to the gRPC connections). SMTPTrustedRootFile string -@@ -834,6 +840,29 @@ func main() { +@@ -833,6 +839,29 @@ func main() { cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA") sac := sapb.NewStorageAuthorityClient(conn) @@ -61,7 +61,7 @@ index c1d239343..e7b6a2868 100644 var smtpRoots *x509.CertPool if c.Mailer.SMTPTrustedRootFile != "" { pem, err := os.ReadFile(c.Mailer.SMTPTrustedRootFile) -@@ -869,6 +898,7 @@ func main() { +@@ -868,6 +897,7 @@ func main() { c.Mailer.Username, smtpPassword, smtpRoots, diff --git a/patches/linter_linter.patch b/patches/linter_linter.patch index 9a30e85..36263aa 100644 --- a/patches/linter_linter.patch +++ b/patches/linter_linter.patch @@ -1,8 +1,8 @@ diff --git a/linter/linter.go b/linter/linter.go -index cb87fcc3e..38ba70b02 100644 +index 7310ef9d4..e179415d1 100644 --- a/linter/linter.go +++ b/linter/linter.go -@@ -157,10 +157,21 @@ func makeIssuer(realIssuer *x509.Certificate, lintSigner crypto.Signer) (*x509.C +@@ -155,10 +155,21 @@ func makeIssuer(realIssuer *x509.Certificate, lintSigner crypto.Signer) (*x509.C SubjectKeyId: realIssuer.SubjectKeyId, URIs: realIssuer.URIs, UnknownExtKeyUsage: realIssuer.UnknownExtKeyUsage, diff --git a/patches/notify-mailer_main.patch b/patches/notify-mailer_main.patch index 18136a2..f5e9c3a 100644 --- a/patches/notify-mailer_main.patch +++ b/patches/notify-mailer_main.patch @@ -1,5 +1,5 @@ diff --git a/cmd/notify-mailer/main.go b/cmd/notify-mailer/main.go -index f39ff696..8ab2de84 100644 +index e4b9ef739..7fd57e8f2 100644 --- a/cmd/notify-mailer/main.go +++ b/cmd/notify-mailer/main.go @@ -36,6 +36,7 @@ type mailer struct { @@ -29,7 +29,7 @@ index f39ff696..8ab2de84 100644 Syslog cmd.SyslogConfig } -@@ -569,6 +572,15 @@ func main() { +@@ -568,6 +571,15 @@ func main() { log.Infof("While reading the recipient list file %s", probs) } @@ -45,7 +45,7 @@ index f39ff696..8ab2de84 100644 var mailClient bmail.Mailer if *dryRun { log.Infof("Starting %s in dry-run mode", cmd.VersionString()) -@@ -584,6 +596,7 @@ func main() { +@@ -583,6 +595,7 @@ func main() { cfg.NotifyMailer.Username, smtpPassword, nil, @@ -53,7 +53,7 @@ index f39ff696..8ab2de84 100644 *address, log, metrics.NoopRegisterer, -@@ -604,6 +617,7 @@ func main() { +@@ -603,6 +616,7 @@ func main() { end: *end, }, sleepInterval: *sleep, diff --git a/patches/ocsp-responder_main.patch b/patches/ocsp-responder_main.patch index 6ed694a..bbd641c 100644 --- a/patches/ocsp-responder_main.patch +++ b/patches/ocsp-responder_main.patch @@ -1,5 +1,5 @@ diff --git a/cmd/ocsp-responder/main.go b/cmd/ocsp-responder/main.go -index 52027e8cd..4dcc9118a 100644 +index 194b417ce..dfa1a95db 100644 --- a/cmd/ocsp-responder/main.go +++ b/cmd/ocsp-responder/main.go @@ -88,7 +88,7 @@ type Config struct { @@ -11,7 +11,7 @@ index 52027e8cd..4dcc9118a 100644 // TLS client certificate, private key, and trusted root bundle. TLS cmd.TLSConfig `validate:"required_without=Source,structonly"` -@@ -153,7 +153,7 @@ as generated by Boulder's ceremony command. +@@ -152,7 +152,7 @@ as generated by Boulder's ceremony command. } source, err = responder.NewMemorySourceFromFile(filename, logger) cmd.FailOnError(err, fmt.Sprintf("Couldn't read file: %s", url.Path)) @@ -20,7 +20,7 @@ index 52027e8cd..4dcc9118a 100644 // Set up the redis source and the combined multiplex source. rocspRWClient, err := rocsp_config.MakeClient(c.OCSPResponder.Redis, clk, scope) cmd.FailOnError(err, "Could not make redis client") -@@ -197,6 +197,19 @@ as generated by Boulder's ceremony command. +@@ -196,6 +196,19 @@ as generated by Boulder's ceremony command. source, err = redis_responder.NewCheckedRedisSource(rocspSource, dbMap, sac, scope, logger) cmd.FailOnError(err, "Could not create checkedRedis source")