diff --git a/install b/install index 60cc1bd..d66e674 100755 --- a/install +++ b/install @@ -24,7 +24,7 @@ dockerComposeVersion="1.28.5" labcaUrl="https://github.com/hakwerk/labca/" boulderUrl="https://github.com/letsencrypt/boulder/" -boulderTag="release-2022-02-14" +boulderTag="release-2022-03-22" # Feature flags flag_skip_redis=true diff --git a/patches/cert-checker_main.patch b/patches/cert-checker_main.patch index 070caef..16304b1 100644 --- a/patches/cert-checker_main.patch +++ b/patches/cert-checker_main.patch @@ -58,7 +58,7 @@ index cfc72632..de4b01ca 100644 // Validate PA config and set defaults if needed. cmd.FailOnError(config.PA.CheckChallenges(), "Invalid PA configuration") -@@ -421,6 +426,7 @@ func main() { +@@ -420,6 +425,7 @@ func main() { kp, config.CertChecker.CheckPeriod.Duration, acceptableValidityDurations, diff --git a/patches/config_rocsp-tool.patch b/patches/config_rocsp-tool.patch index 5dbb5b2..5f2b82f 100644 --- a/patches/config_rocsp-tool.patch +++ b/patches/config_rocsp-tool.patch @@ -12,5 +12,5 @@ index 9b0a1d13..eace2cf9 100644 - ".hierarchy/intermediate-cert-rsa-b.pem": 4 + ".hierarchy/intermediate-cert-rsa-a.pem": 1 } - } - } + }, + "syslog": { diff --git a/patches/config_wfe2.patch b/patches/config_wfe2.patch index ba850be..929d6ef 100644 --- a/patches/config_wfe2.patch +++ b/patches/config_wfe2.patch @@ -2,7 +2,7 @@ diff --git a/test/config/wfe2.json b/test/config/wfe2.json index c0093044..e8ba4263 100644 --- a/test/config/wfe2.json +++ b/test/config/wfe2.json -@@ -43,18 +43,6 @@ +@@ -45,18 +45,6 @@ [ "/hierarchy/intermediate-cert-rsa-a.pem", "/hierarchy/root-cert-rsa.pem" diff --git a/patches/docker-compose-redis.patch b/patches/docker-compose-redis.patch index 24aac52..4c36191 100644 --- a/patches/docker-compose-redis.patch +++ b/patches/docker-compose-redis.patch @@ -1,8 +1,8 @@ diff --git a/docker-compose.yml b/docker-compose.yml -index c1d54f23..2b6de7cb 100644 +index e88f7c19f..d771aa011 100644 --- a/docker-compose.yml +++ b/docker-compose.yml -@@ -17,8 +17,6 @@ services: +@@ -26,8 +26,6 @@ services: ipv4_address: 10.77.77.77 rednet: ipv4_address: 10.88.88.88 @@ -11,15 +11,15 @@ index c1d54f23..2b6de7cb 100644 # Use sd-test-srv as a backup to Docker's embedded DNS server # (https://docs.docker.com/config/containers/container-networking/#dns-services). # If there's a name Docker's DNS server doesn't know about, it will -@@ -34,7 +32,6 @@ services: - - 8055:8055 # dns-test-srv updates +@@ -41,7 +39,6 @@ services: + - 4003:4003 # OCSP depends_on: - bmysql - - bredis_clusterer entrypoint: labca/entrypoint.sh - working_dir: &boulder_working_dir /go/src/github.com/letsencrypt/boulder + working_dir: &boulder_working_dir /boulder logging: -@@ -67,78 +64,6 @@ services: +@@ -74,78 +71,6 @@ services: max-file: "5" restart: always @@ -98,7 +98,7 @@ index c1d54f23..2b6de7cb 100644 labca: image: *boulder_image -@@ -179,10 +104,3 @@ networks: +@@ -186,10 +111,3 @@ networks: driver: default config: - subnet: 10.88.88.0/24 diff --git a/patches/docker-compose.patch b/patches/docker-compose.patch index 4f75f02..597d3b8 100644 --- a/patches/docker-compose.patch +++ b/patches/docker-compose.patch @@ -1,27 +1,31 @@ diff --git a/docker-compose.yml b/docker-compose.yml -index f515225e4..c1d54f235 100644 +index b0c235a91..d72c08883 100644 --- a/docker-compose.yml +++ b/docker-compose.yml -@@ -4,10 +4,11 @@ services: +@@ -8,7 +8,7 @@ services: image: &boulder_image letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-go1.17.7_2022-02-10} environment: FAKE_DNS: 10.77.77.77 - BOULDER_CONFIG_DIR: test/config + BOULDER_CONFIG_DIR: labca/config GOFLAGS: -mod=vendor + # Go 1.18 turns off SHA-1 validation on CSRs (and certs, but that doesn't + # affect us). It also turns off TLS 1.0 and TLS 1.1. Temporarily go back +@@ -17,6 +17,7 @@ services: + GODEBUG: x509sha1=1,tls10default=1 volumes: - - .:/go/src/github.com/letsencrypt/boulder:cached -+ - /home/labca/boulder_labca:/go/src/github.com/letsencrypt/boulder/labca + - .:/boulder:cached ++ - /home/labca/boulder_labca:/boulder/labca - ./.gocache:/root/.cache/go-build:cached - ./.hierarchy:/hierarchy/:cached - ./.softhsm-tokens/:/var/lib/softhsm/tokens/:cached -@@ -34,11 +35,19 @@ services: +@@ -41,11 +42,19 @@ services: depends_on: - bmysql - bredis_clusterer - entrypoint: test/entrypoint.sh + entrypoint: labca/entrypoint.sh - working_dir: &boulder_working_dir /go/src/github.com/letsencrypt/boulder + working_dir: &boulder_working_dir /boulder + logging: + driver: "json-file" + options: @@ -36,7 +40,7 @@ index f515225e4..c1d54f235 100644 networks: bluenet: aliases: -@@ -52,7 +61,11 @@ services: +@@ -59,7 +68,11 @@ services: # small. command: mysqld --bind-address=0.0.0.0 --slow-query-log --log-output=TABLE --log-queries-not-using-indexes=ON logging: @@ -49,7 +53,7 @@ index f515225e4..c1d54f235 100644 bredis_1: image: redis:latest -@@ -127,18 +140,31 @@ services: +@@ -134,18 +147,31 @@ services: aliases: - boulder-redis-clusterer @@ -63,13 +67,12 @@ index f515225e4..c1d54f235 100644 networks: - bluenet volumes: -- - .:/go/src/github.com/letsencrypt/boulder -- working_dir: *boulder_working_dir -- entrypoint: test/entrypoint-netaccess.sh + - /home/labca/admin:/go/src/labca + - ./.gocache:/root/.cache/go-build + - /var/www/html:/wwwstatic -+ - .:/boulder + - .:/boulder +- working_dir: *boulder_working_dir +- entrypoint: test/entrypoint-netaccess.sh + - /home/labca/boulder_labca:/boulder/labca + ports: + - 3000:3000 diff --git a/patches/expiration-mailer_main.patch b/patches/expiration-mailer_main.patch index db83d7c..89c580d 100644 --- a/patches/expiration-mailer_main.patch +++ b/patches/expiration-mailer_main.patch @@ -19,7 +19,7 @@ index f488b73c..ef2ed34a 100644 ) type regStore interface { -@@ -409,6 +410,9 @@ type Config struct { +@@ -407,6 +408,9 @@ type Config struct { TLS cmd.TLSConfig SAService *cmd.GRPCClientConfig @@ -29,7 +29,7 @@ index f488b73c..ef2ed34a 100644 // Path to a file containing a list of trusted root certificates for use // during the SMTP connection (as opposed to the gRPC connections). SMTPTrustedRootFile string -@@ -418,6 +422,12 @@ type Config struct { +@@ -416,6 +420,12 @@ type Config struct { Syslog cmd.SyslogConfig Beeline cmd.BeelineConfig @@ -42,7 +42,7 @@ index f488b73c..ef2ed34a 100644 } func initStats(stats prometheus.Registerer) mailerStats { -@@ -520,6 +530,32 @@ func main() { +@@ -518,6 +528,32 @@ func main() { cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA") sac := sapb.NewStorageAuthorityClient(conn) @@ -75,7 +75,7 @@ index f488b73c..ef2ed34a 100644 var smtpRoots *x509.CertPool if c.Mailer.SMTPTrustedRootFile != "" { pem, err := ioutil.ReadFile(c.Mailer.SMTPTrustedRootFile) -@@ -555,6 +591,7 @@ func main() { +@@ -553,6 +589,7 @@ func main() { c.Mailer.Username, smtpPassword, smtpRoots, diff --git a/patches/ra_ra.patch b/patches/ra_ra.patch index ac5f31e..bb8de64 100644 --- a/patches/ra_ra.patch +++ b/patches/ra_ra.patch @@ -1,8 +1,8 @@ diff --git a/ra/ra.go b/ra/ra.go -index 1ea20982..937f2859 100644 +index 63d0ce8ef..c33f23180 100644 --- a/ra/ra.go +++ b/ra/ra.go -@@ -31,7 +31,6 @@ import ( +@@ -32,7 +32,6 @@ import ( "github.com/letsencrypt/boulder/issuance" blog "github.com/letsencrypt/boulder/log" "github.com/letsencrypt/boulder/metrics" @@ -10,7 +10,7 @@ index 1ea20982..937f2859 100644 "github.com/letsencrypt/boulder/probs" pubpb "github.com/letsencrypt/boulder/publisher/proto" rapb "github.com/letsencrypt/boulder/ra/proto" -@@ -454,7 +453,7 @@ func (ra *RegistrationAuthorityImpl) validateContacts(ctx context.Context, conta +@@ -477,7 +476,7 @@ func (ra *RegistrationAuthorityImpl) validateContacts(ctx context.Context, conta contact, ) }