Bump boulder version to release-2022-03-22

2026-01-27 18:19:33 +00:00 · 2022-03-24 18:06:57 +01:00
parent c14468af6a
commit ba9feed4f4
8 changed files with 34 additions and 31 deletions
--- a/2
+++ b/2
@@ -24,7 +24,7 @@ dockerComposeVersion="1.28.5"

 labcaUrl="https://github.com/hakwerk/labca/"
 boulderUrl="https://github.com/letsencrypt/boulder/"
-boulderTag="release-2022-02-14"
+boulderTag="release-2022-03-22"

 # Feature flags
 flag_skip_redis=true
--- a/patches/cert-checker_main.patch
+++ b/patches/cert-checker_main.patch
@@ -58,7 +58,7 @@ index cfc72632..de4b01ca 100644
 	// Validate PA config and set defaults if needed.
 	cmd.FailOnError(config.PA.CheckChallenges(), "Invalid PA configuration")
 
-@@ -421,6 +426,7 @@ func main() {
+@@ -420,6 +425,7 @@ func main() {
 		kp,
 		config.CertChecker.CheckPeriod.Duration,
 		acceptableValidityDurations,
--- a/patches/config_rocsp-tool.patch
+++ b/patches/config_rocsp-tool.patch
@@ -12,5 +12,5 @@ index 9b0a1d13..eace2cf9 100644
 -      ".hierarchy/intermediate-cert-rsa-b.pem": 4
 +      ".hierarchy/intermediate-cert-rsa-a.pem": 1
     }
-   }
- }
+   },
+   "syslog": {
--- a/patches/config_wfe2.patch
+++ b/patches/config_wfe2.patch
@@ -2,7 +2,7 @@ diff --git a/test/config/wfe2.json b/test/config/wfe2.json
 index c0093044..e8ba4263 100644
 --- a/test/config/wfe2.json
 +++ b/test/config/wfe2.json
-@@ -43,18 +43,6 @@
+@@ -45,18 +45,6 @@
       [
         "/hierarchy/intermediate-cert-rsa-a.pem",
         "/hierarchy/root-cert-rsa.pem"
--- a/patches/docker-compose-redis.patch
+++ b/patches/docker-compose-redis.patch
@@ -1,8 +1,8 @@
 diff --git a/docker-compose.yml b/docker-compose.yml
-index c1d54f23..2b6de7cb 100644
+index e88f7c19f..d771aa011 100644
 --- a/docker-compose.yml
 +++ b/docker-compose.yml
-@@ -17,8 +17,6 @@ services:
+@@ -26,8 +26,6 @@ services:
         ipv4_address: 10.77.77.77
       rednet:
         ipv4_address: 10.88.88.88
@@ -11,15 +11,15 @@ index c1d54f23..2b6de7cb 100644
     # Use sd-test-srv as a backup to Docker's embedded DNS server
     # (https://docs.docker.com/config/containers/container-networking/#dns-services).
     # If there's a name Docker's DNS server doesn't know about, it will
-@@ -34,7 +32,6 @@ services:
-       - 8055:8055 # dns-test-srv updates
+@@ -41,7 +39,6 @@ services:
+       - 4003:4003 # OCSP
     depends_on:
       - bmysql
 -      - bredis_clusterer
     entrypoint: labca/entrypoint.sh
-     working_dir: &boulder_working_dir /go/src/github.com/letsencrypt/boulder
+     working_dir: &boulder_working_dir /boulder
     logging:
-@@ -67,78 +64,6 @@ services:
+@@ -74,78 +71,6 @@ services:
         max-file: "5"
     restart: always
 
@@ -98,7 +98,7 @@ index c1d54f23..2b6de7cb 100644
 
   labca:
     image: *boulder_image
-@@ -179,10 +104,3 @@ networks:
+@@ -186,10 +111,3 @@ networks:
       driver: default
       config:
         - subnet: 10.88.88.0/24
--- a/patches/docker-compose.patch
+++ b/patches/docker-compose.patch
@@ -1,27 +1,31 @@
 diff --git a/docker-compose.yml b/docker-compose.yml
-index f515225e4..c1d54f235 100644
+index b0c235a91..d72c08883 100644
 --- a/docker-compose.yml
 +++ b/docker-compose.yml
-@@ -4,10 +4,11 @@ services:
+@@ -8,7 +8,7 @@ services:
     image: &boulder_image letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-go1.17.7_2022-02-10}
     environment:
       FAKE_DNS: 10.77.77.77
 -      BOULDER_CONFIG_DIR: test/config
 +      BOULDER_CONFIG_DIR: labca/config
       GOFLAGS: -mod=vendor
+       # Go 1.18 turns off SHA-1 validation on CSRs (and certs, but that doesn't
+       # affect us). It also turns off TLS 1.0 and TLS 1.1. Temporarily go back
+@@ -17,6 +17,7 @@ services:
+       GODEBUG: x509sha1=1,tls10default=1
     volumes:
-       - .:/go/src/github.com/letsencrypt/boulder:cached
-+      - /home/labca/boulder_labca:/go/src/github.com/letsencrypt/boulder/labca
+       - .:/boulder:cached
+      - /home/labca/boulder_labca:/boulder/labca
       - ./.gocache:/root/.cache/go-build:cached
       - ./.hierarchy:/hierarchy/:cached
       - ./.softhsm-tokens/:/var/lib/softhsm/tokens/:cached
-@@ -34,11 +35,19 @@ services:
+@@ -41,11 +42,19 @@ services:
     depends_on:
       - bmysql
       - bredis_clusterer
 -    entrypoint: test/entrypoint.sh
 +    entrypoint: labca/entrypoint.sh
-     working_dir: &boulder_working_dir /go/src/github.com/letsencrypt/boulder
+     working_dir: &boulder_working_dir /boulder
 +    logging:
 +      driver: "json-file"
 +      options:
@@ -36,7 +40,7 @@ index f515225e4..c1d54f235 100644
     networks:
       bluenet:
         aliases:
-@@ -52,7 +61,11 @@ services:
+@@ -59,7 +68,11 @@ services:
     # small.
     command: mysqld --bind-address=0.0.0.0 --slow-query-log --log-output=TABLE --log-queries-not-using-indexes=ON
     logging:
@@ -49,7 +53,7 @@ index f515225e4..c1d54f235 100644
 
   bredis_1:
     image: redis:latest
-@@ -127,18 +140,31 @@ services:
+@@ -134,18 +147,31 @@ services:
           aliases:
             - boulder-redis-clusterer
 
@@ -63,13 +67,12 @@ index f515225e4..c1d54f235 100644
     networks:
       - bluenet
     volumes:
-      - .:/go/src/github.com/letsencrypt/boulder
-    working_dir: *boulder_working_dir
-    entrypoint: test/entrypoint-netaccess.sh
 +      - /home/labca/admin:/go/src/labca
 +      - ./.gocache:/root/.cache/go-build
 +      - /var/www/html:/wwwstatic
-+      - .:/boulder
+       - .:/boulder
+-    working_dir: *boulder_working_dir
+-    entrypoint: test/entrypoint-netaccess.sh
 +      - /home/labca/boulder_labca:/boulder/labca
 +    ports:
 +      - 3000:3000
--- a/patches/expiration-mailer_main.patch
+++ b/patches/expiration-mailer_main.patch
@@ -19,7 +19,7 @@ index f488b73c..ef2ed34a 100644
 )
 
 type regStore interface {
-@@ -409,6 +410,9 @@ type Config struct {
+@@ -407,6 +408,9 @@ type Config struct {
 		TLS       cmd.TLSConfig
 		SAService *cmd.GRPCClientConfig
 
@@ -29,7 +29,7 @@ index f488b73c..ef2ed34a 100644
 		// Path to a file containing a list of trusted root certificates for use
 		// during the SMTP connection (as opposed to the gRPC connections).
 		SMTPTrustedRootFile string
-@@ -418,6 +422,12 @@ type Config struct {
+@@ -416,6 +420,12 @@ type Config struct {
 
 	Syslog  cmd.SyslogConfig
 	Beeline cmd.BeelineConfig
@@ -42,7 +42,7 @@ index f488b73c..ef2ed34a 100644
 }
 
 func initStats(stats prometheus.Registerer) mailerStats {
-@@ -520,6 +530,32 @@ func main() {
+@@ -518,6 +528,32 @@ func main() {
 	cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA")
 	sac := sapb.NewStorageAuthorityClient(conn)
 
@@ -75,7 +75,7 @@ index f488b73c..ef2ed34a 100644
 	var smtpRoots *x509.CertPool
 	if c.Mailer.SMTPTrustedRootFile != "" {
 		pem, err := ioutil.ReadFile(c.Mailer.SMTPTrustedRootFile)
-@@ -555,6 +591,7 @@ func main() {
+@@ -553,6 +589,7 @@ func main() {
 		c.Mailer.Username,
 		smtpPassword,
 		smtpRoots,
--- a/patches/ra_ra.patch
+++ b/patches/ra_ra.patch
@@ -1,8 +1,8 @@
 diff --git a/ra/ra.go b/ra/ra.go
-index 1ea20982..937f2859 100644
+index 63d0ce8ef..c33f23180 100644
 --- a/ra/ra.go
 +++ b/ra/ra.go
-@@ -31,7 +31,6 @@ import (
+@@ -32,7 +32,6 @@ import (
 	"github.com/letsencrypt/boulder/issuance"
 	blog "github.com/letsencrypt/boulder/log"
 	"github.com/letsencrypt/boulder/metrics"
@@ -10,7 +10,7 @@ index 1ea20982..937f2859 100644
 	"github.com/letsencrypt/boulder/probs"
 	pubpb "github.com/letsencrypt/boulder/publisher/proto"
 	rapb "github.com/letsencrypt/boulder/ra/proto"
-@@ -454,7 +453,7 @@ func (ra *RegistrationAuthorityImpl) validateContacts(ctx context.Context, conta
+@@ -477,7 +476,7 @@ func (ra *RegistrationAuthorityImpl) validateContacts(ctx context.Context, conta
 				contact,
 			)
 		}