github-personal/labca
1
0
Fork 0
mirror of https://github.com/outbackdingo/labca.git synced 2026-01-27 10:19:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Bump boulder version to release-2022-05-31

Browse Source
This commit is contained in:
Arjan H
2022-06-04 16:40:56 +02:00
parent 691a0bd29f
commit b004ec5466
7 changed files with 35 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
gui/setup.sh
View File

@@ -8,7 +8,7 @@ set -e
if [ ! -e bin/labca ]; then
go mod download
go build -o bin/labca
go build -buildvcs=false -o bin/labca
fi
[ -e /bin/ip ] || (apt update && apt install -y iproute2)

2
install
View File

@@ -24,7 +24,7 @@ dockerComposeVersion="v2.5.0"
labcaUrl="https://github.com/hakwerk/labca/"
boulderUrl="https://github.com/letsencrypt/boulder/"
boulderTag="release-2022-05-09"
boulderTag="release-2022-05-31"
# Feature flags
flag_skip_redis=true

7
mail-tester.go
View File

@@ -136,13 +136,14 @@ func main() {
1*time.Second,
5*60*time.Second)
mailClient.Connect()
defer mailClient.Close()
conn, err := mailClient.Connect()
cmd.FailOnError(err, "mail-tester failed to connect")
defer conn.Close()
recipients := []string{}
recipients = append(recipients, recipient)
err = mailClient.SendMail(recipients, "Test Email from LabCA", "Test sending email from the LabCA server")
err = conn.SendMail(recipients, "Test Email from LabCA", "Test sending email from the LabCA server")
cmd.FailOnError(err, "mail-tester has failed")
}

14
patches/cert-checker_main.patch
View File

@@ -1,8 +1,8 @@
diff --git a/cmd/cert-checker/main.go b/cmd/cert-checker/main.go
index 725c5d08..f2f730cc 100644
index b1fccdbd..8b64cfa2 100644
--- a/cmd/cert-checker/main.go
+++ b/cmd/cert-checker/main.go
@@ -95,9 +95,10 @@ type certChecker struct {
@@ -97,9 +97,10 @@ type certChecker struct {
issuedReport report
checkPeriod time.Duration
acceptableValidityDurations map[time.Duration]bool
@@ -14,7 +14,7 @@ index 725c5d08..f2f730cc 100644
return certChecker{
pa: pa,
kp: kp,
@@ -108,6 +109,7 @@ func newChecker(saDbMap certDB, clk clock.Clock, pa core.PolicyAuthority, kp goo
@@ -110,6 +111,7 @@ func newChecker(saDbMap certDB, clk clock.Clock, pa core.PolicyAuthority, kp goo
issuedReport: report{Entries: make(map[string]reportEntry)},
checkPeriod: period,
acceptableValidityDurations: avd,
@@ -22,7 +22,7 @@ index 725c5d08..f2f730cc 100644
}
}
@@ -283,7 +285,7 @@ func (c *certChecker) checkCert(cert core.Certificate, ignoredLints map[string]b
@@ -285,7 +287,7 @@ func (c *certChecker) checkCert(cert core.Certificate, ignoredLints map[string]b
err = c.pa.WillingToIssueWildcards([]identifier.ACMEIdentifier{id})
if err != nil {
problems = append(problems, fmt.Sprintf("Policy Authority isn't willing to issue for '%s': %s", name, err))
@@ -31,7 +31,7 @@ index 725c5d08..f2f730cc 100644
// For defense-in-depth, even if the PA was willing to issue for a name
// we double check it against a list of forbidden domains. This way even
// if the hostnamePolicyFile malfunctions we will flag the forbidden
@@ -334,11 +336,12 @@ type Config struct {
@@ -336,11 +338,12 @@ type Config struct {
DB cmd.DBConfig
cmd.HostnamePolicyConfig
@@ -49,7 +49,7 @@ index 725c5d08..f2f730cc 100644
// AcceptableValidityDurations is a list of durations which are
// acceptable for certificates we issue.
@@ -398,6 +401,8 @@ func main() {
@@ -406,6 +409,8 @@ func main() {
acceptableValidityDurations[ninetyDays] = true
}
@@ -58,7 +58,7 @@ index 725c5d08..f2f730cc 100644
// Validate PA config and set defaults if needed.
cmd.FailOnError(config.PA.CheckChallenges(), "Invalid PA configuration")
@@ -432,6 +437,7 @@ func main() {
@@ -445,6 +450,7 @@ func main() {
kp,
config.CertChecker.CheckPeriod.Duration,
acceptableValidityDurations,

2
patches/docker-compose.patch
View File

@@ -3,7 +3,7 @@ index 0cd8c8dd..36619190 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -8,7 +8,7 @@ services:
image: &boulder_image letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-go1.18.1_2022-04-12}
image: &boulder_image letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-go1.18.1_2022-05-19}
environment:
FAKE_DNS: 10.77.77.77
- BOULDER_CONFIG_DIR: test/config

14
patches/expiration-mailer_main.patch
View File

@@ -1,8 +1,8 @@
diff --git a/cmd/expiration-mailer/main.go b/cmd/expiration-mailer/main.go
index 0ea463a8..1c7c6931 100644
index df8adaf4..000b1c03 100644
--- a/cmd/expiration-mailer/main.go
+++ b/cmd/expiration-mailer/main.go
@@ -22,6 +22,7 @@ import (
@@ -23,6 +23,7 @@ import (
"github.com/jmhodges/clock"
"google.golang.org/grpc"
@@ -11,15 +11,15 @@ index 0ea463a8..1c7c6931 100644
"github.com/letsencrypt/boulder/core"
corepb "github.com/letsencrypt/boulder/core/proto"
@@ -38,7 +39,7 @@ import (
)
const (
defaultNagCheckInterval = 24 * time.Hour
- defaultExpirationSubject = "Let's Encrypt certificate expiration notice for domain {{.ExpirationSubject}}"
+ defaultExpirationSubject = "LabCA certificate expiration notice for domain {{.ExpirationSubject}}"
)
type regStore interface {
@@ -415,6 +416,9 @@ type Config struct {
@@ -495,6 +496,9 @@ type Config struct {
TLS cmd.TLSConfig
SAService *cmd.GRPCClientConfig
@@ -29,7 +29,7 @@ index 0ea463a8..1c7c6931 100644
// Path to a file containing a list of trusted root certificates for use
// during the SMTP connection (as opposed to the gRPC connections).
SMTPTrustedRootFile string
@@ -424,6 +428,12 @@ type Config struct {
@@ -504,6 +508,12 @@ type Config struct {
Syslog cmd.SyslogConfig
Beeline cmd.BeelineConfig
@@ -42,7 +42,7 @@ index 0ea463a8..1c7c6931 100644
}
func initStats(stats prometheus.Registerer) mailerStats {
@@ -542,6 +552,32 @@ func main() {
@@ -631,6 +641,32 @@ func main() {
cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA")
sac := sapb.NewStorageAuthorityClient(conn)
@@ -75,7 +75,7 @@ index 0ea463a8..1c7c6931 100644
var smtpRoots *x509.CertPool
if c.Mailer.SMTPTrustedRootFile != "" {
pem, err := ioutil.ReadFile(c.Mailer.SMTPTrustedRootFile)
@@ -577,6 +613,7 @@ func main() {
@@ -666,6 +702,7 @@ func main() {
c.Mailer.Username,
smtpPassword,
smtpRoots,

38
patches/mail_mailer.patch
View File

@@ -1,5 +1,5 @@
diff --git a/mail/mailer.go b/mail/mailer.go
index b20de949..91979e9c 100644
index 4249108e..ee8b6fb4 100644
--- a/mail/mailer.go
+++ b/mail/mailer.go
@@ -21,10 +21,14 @@ import (
@@ -17,7 +17,7 @@ index b20de949..91979e9c 100644
)
type idGenerator interface {
@@ -122,6 +126,7 @@ func New(
@@ -139,6 +143,7 @@ func New(
username,
password string,
rootCAs *x509.CertPool,
@@ -25,34 +25,24 @@ index b20de949..91979e9c 100644
from mail.Address,
logger blog.Logger,
stats prometheus.Registerer,
@@ -136,11 +141,12 @@ func New(
return &MailerImpl{
dialer: &dialerImpl{
- username: username,
- password: password,
- server: server,
- port: port,
- rootCAs: rootCAs,
+ username: username,
+ password: password,
+ server: server,
+ port: port,
+ rootCAs: rootCAs,
+ dnsClient: resolver,
},
log: logger,
from: from,
@@ -181,7 +187,7 @@ func (m *MailerImpl) generateMessage(to []string, subject, body string) ([]byte,
@@ -159,6 +164,7 @@ func New(
server: server,
port: port,
rootCAs: rootCAs,
+ dnsClient: resolver,
},
log: logger,
from: from,
@@ -202,7 +208,7 @@ func (c config) generateMessage(to []string, subject, body string) ([]byte, erro
fmt.Sprintf("To: %s", strings.Join(addrs, ", ")),
fmt.Sprintf("From: %s", m.from.String()),
fmt.Sprintf("From: %s", c.from.String()),
fmt.Sprintf("Subject: %s", subject),
- fmt.Sprintf("Date: %s", now.Format(time.RFC822)),
+ fmt.Sprintf("Date: %s", now.Format(time.RFC1123Z)),
fmt.Sprintf("Message-Id: <%s.%s.%s>", now.Format("20060102T150405"), mid.String(), m.from.Address),
fmt.Sprintf("Message-Id: <%s.%s.%s>", now.Format("20060102T150405"), mid.String(), c.from.Address),
"MIME-Version: 1.0",
"Content-Type: text/plain; charset=UTF-8",
@@ -238,23 +244,32 @@ func (m *MailerImpl) Connect() error {
@@ -259,23 +265,32 @@ func (m *mailerImpl) Connect() (Conn, error) {
type dialerImpl struct {
username, password, server, port string
rootCAs *x509.CertPool