diff --git a/build/Dockerfile-boulder b/build/Dockerfile-boulder index 38a3f8c..fa42b7d 100644 --- a/build/Dockerfile-boulder +++ b/build/Dockerfile-boulder @@ -1,4 +1,4 @@ -FROM letsencrypt/boulder-tools:go1.21.5_2023-12-11 AS boulder-tools +FROM letsencrypt/boulder-tools:go1.21.5_2024-01-17 AS boulder-tools FROM ubuntu:focal diff --git a/build/build.sh b/build/build.sh index 933a5a5..f950f7a 100755 --- a/build/build.sh +++ b/build/build.sh @@ -8,7 +8,7 @@ TMP_DIR=$(pwd)/tmp rm -rf $TMP_DIR && mkdir -p $TMP_DIR/{admin,bin,logs,src} boulderDir=$TMP_DIR/src -boulderTag="release-2024-01-08" +boulderTag="release-2024-01-22" boulderUrl="https://github.com/letsencrypt/boulder/" cloneDir=$(pwd)/.. diff --git a/build/tmp2.patch b/build/tmp2.patch index 59b4028..76fca10 100644 --- a/build/tmp2.patch +++ b/build/tmp2.patch @@ -1,8 +1,8 @@ diff --git a/test/startservers.py b/test/startservers.py -index 135e6c9e4..04cd88adf 100644 +index 0169251a5..da9ee1565 100644 --- a/test/startservers.py +++ b/test/startservers.py -@@ -160,6 +160,9 @@ def setupHierarchyOriginal(): +@@ -172,6 +172,9 @@ def setupHierarchyOriginal(): def install(race_detection): diff --git a/control_do.sh b/control_do.sh index 143ed06..b7ee02a 100755 --- a/control_do.sh +++ b/control_do.sh @@ -27,12 +27,9 @@ setup_boulder_data() { sed -i -e "s|https://boulder.service.consul:4431/terms/v7|https://$LABCA_FQDN/terms/v1|" config/wfe2.json sed -i -e "s|boulder.service.consul:4000|$LABCA_FQDN|g" config/wfe2.json - sed -i -e "s|http://127.0.0.1:4002/|http://$LABCA_FQDN/ocsp/|g" config/ca-a.json - sed -i -e "s|http://127.0.0.1:4002/|http://$LABCA_FQDN/ocsp/|g" config/ca-b.json - sed -i -e "s|http://example.com/cps|http://$LABCA_FQDN/cps/|g" config/ca-a.json - sed -i -e "s|http://example.com/cps|http://$LABCA_FQDN/cps/|g" config/ca-b.json - sed -i -e "s|http://example.com/crl|http://$LABCA_FQDN/crl/|g" config/ca-a.json - sed -i -e "s|http://example.com/crl|http://$LABCA_FQDN/crl/|g" config/ca-b.json + sed -i -e "s|http://127.0.0.1:4002/|http://$LABCA_FQDN/ocsp/|g" config/ca.json + sed -i -e "s|http://example.com/cps|http://$LABCA_FQDN/cps/|g" config/ca.json + sed -i -e "s|http://example.com/crl|http://$LABCA_FQDN/crl/|g" config/ca.json sed -i -e "s|boulder.service.consul:4000|$LABCA_FQDN|g" config/va.json sed -i -e "s|boulder.service.consul:4001|$LABCA_FQDN|g" config/va.json sed -i -e "s|boulder.service.consul:4000|$LABCA_FQDN|g" config/va-remote-a.json diff --git a/gui/apply-boulder b/gui/apply-boulder index 966abaa..92eba0a 100755 --- a/gui/apply-boulder +++ b/gui/apply-boulder @@ -69,14 +69,12 @@ sed -i -e "s/\"directoryCAAIdentity\": \".*\"/\"directoryCAAIdentity\": \"$PKI_D if ([ "$PKI_DOMAIN_MODE" == "lockdown" ] && [ "$PKI_LOCKDOWN_DOMAINS" != "" ]) || ([ "$PKI_DOMAIN_MODE" == "whitelist" ] && [ "$PKI_WHITELIST_DOMAINS" != "" ]); then perl -i -p0e "s/(\"badResultsOnly\":[^\n]*).*?(\s+)(\"checkPeriod\":)/\1\2\"skipForbiddenDomains\": true,\2\3/igs" config/cert-checker.json perl -i -p0e "s/(\"ignoredLints\": \[).*?(\s+)(\"n_subject_common_name_included\")/\1\2\"e_dnsname_not_valid_tld\",\2\3/igs" config/cert-checker.json - perl -i -p0e "s/(\"ignoredLints\": \[).*?(\s+)(\"n_subject_common_name_included\")/\1\2\"e_dnsname_not_valid_tld\",\2\3/igs" config/ca-a.json - perl -i -p0e "s/(\"ignoredLints\": \[).*?(\s+)(\"n_subject_common_name_included\")/\1\2\"e_dnsname_not_valid_tld\",\2\3/igs" config/ca-b.json + perl -i -p0e "s/(\"ignoredLints\": \[).*?(\s+)(\"n_subject_common_name_included\")/\1\2\"e_dnsname_not_valid_tld\",\2\3/igs" config/ca.json fi [ -e ../test/hostname-policy.yaml ] && cp ../test/hostname-policy.yaml ./ || true [ -e ../boulder/test/hostname-policy.yaml ] && cp ../boulder/test/hostname-policy.yaml ./ || true [ -e hostname-policy.json ] && rm hostname-policy.json || true -[ -e config/ca.json ] && rm config/ca.json || true [ -e config/expired-authz-purger2.json ] && rm config/expired-authz-purger2.json || true [ -e config/janitor.json ] && rm config/janitor.json || true cat hostname-policy.yaml | tr '\n' '\r' | sed -e "s/\r# Lockdown.*//" | tr '\r' '\n' > hostname-policy.yaml.bak && mv hostname-policy.yaml.bak hostname-policy.yaml @@ -99,8 +97,7 @@ if [ "$PKI_DOMAIN_MODE" == "whitelist" ] && [ "$PKI_WHITELIST_DOMAINS" != "" ]; done fi if [ "$PKI_DOMAIN_MODE" == "lockdown" ] || [ "$PKI_DOMAIN_MODE" == "whitelist" ]; then - sed -i -e "s/\(\"n_subject_common_name_included\"\).*\]/\1,\"e_dnsname_not_valid_tld\"\]/" config/ca-a.json - sed -i -e "s/\(\"n_subject_common_name_included\"\).*\]/\1,\"e_dnsname_not_valid_tld\"\]/" config/ca-b.json + sed -i -e "s/\(\"n_subject_common_name_included\"\).*\]/\1,\"e_dnsname_not_valid_tld\"\]/" config/ca.json REPLACEMENT="" if [ "$PKI_DOMAIN_MODE" == "lockdown" ] && [ "$PKI_LOCKDOWN_DOMAINS" != "" ]; then @@ -127,23 +124,21 @@ fi sed -i -e "s/\"shardWidth\": \".*\"/\"shardWidth\": \"$CRLINT\"/" config/crl-updater.json sed -i -e "s/\"updatePeriod\": \".*\"/\"updatePeriod\": \"$CRLINT\"/" config/crl-updater.json sed -i -e "s/\"lookbackPeriod\": \".*\"/\"lookbackPeriod\": \"$CRLLIFE\"/" config/crl-updater.json -sed -i -e "s/\"lifespanCRL\": \".*\"/\"lifespanCRL\": \"$CRLLIFE\"/" config/ca-a.json -sed -i -e "s/\"lifespanCRL\": \".*\"/\"lifespanCRL\": \"$CRLLIFE\"/" config/ca-b.json +sed -i -e "s/\"lifespanCRL\": \".*\"/\"lifespanCRL\": \"$CRLLIFE\"/" config/ca.json rm -f config/contact-exporter.json rm -f config/nonce.json rm -f config/ocsp-updater.json rm -f config/wfe.json +rm -f config/orphan-finder.json +rm -f config/ca-a.json +rm -f config/ca-b.json -sed -i -e "s|\"issuerURL\": \".*\"|\"issuerURL\": \"http://$PKI_FQDN/aia/issuer/$PKI_ISSUER_NAME_ID\"|" config/ca-a.json -sed -i -e "s|\"issuerURL\": \".*\"|\"issuerURL\": \"http://$PKI_FQDN/aia/issuer/$PKI_ISSUER_NAME_ID\"|" config/ca-b.json -sed -i -e "s|\"crlURL\": \".*\"|\"crlURL\": \"http://$PKI_FQDN/crl/$PKI_ISSUER_NAME_ID.crl\"|" config/ca-a.json -sed -i -e "s|\"crlURL\": \".*\"|\"crlURL\": \"http://$PKI_FQDN/crl/$PKI_ISSUER_NAME_ID.crl\"|" config/ca-b.json -sed -i -e "s|\"crldpBase\": \".*\"|\"crldpBase\": \"http://$PKI_FQDN/crl\"|" config/ca-a.json -sed -i -e "s|\"crldpBase\": \".*\"|\"crldpBase\": \"http://$PKI_FQDN/crl\"|" config/ca-b.json +sed -i -e "s|\"issuerURL\": \".*\"|\"issuerURL\": \"http://$PKI_FQDN/aia/issuer/$PKI_ISSUER_NAME_ID\"|" config/ca.json +sed -i -e "s|\"crlURL\": \".*\"|\"crlURL\": \"http://$PKI_FQDN/crl/$PKI_ISSUER_NAME_ID.crl\"|" config/ca.json +sed -i -e "s|\"crldpBase\": \".*\"|\"crldpBase\": \"http://$PKI_FQDN/crl\"|" config/ca.json if [ "$PKI_EXTENDED_TIMEOUT" == "1" ]; then - sed -i -e "s/\"timeout\": \"15s\"/\"timeout\": \"30s\"/" config/ca-a.json - sed -i -e "s/\"timeout\": \"15s\"/\"timeout\": \"30s\"/" config/ca-b.json + sed -i -e "s/\"timeout\": \"15s\"/\"timeout\": \"30s\"/" config/ca.json sed -i -e "s/\"timeout\": \"15s\"/\"timeout\": \"30s\"/" config/admin-revoker.json sed -i -e "s/\"timeout\": \"15s\"/\"timeout\": \"30s\"/" config/wfe2.json sed -i -e "s/\"timeout\": \"20s\"/\"timeout\": \"40s\"/" config/wfe2.json diff --git a/gui/chains.go b/gui/chains.go index 3e00bc8..2f198a4 100644 --- a/gui/chains.go +++ b/gui/chains.go @@ -14,8 +14,7 @@ import ( "github.com/spf13/viper" ) -const caaConfFile = "/opt/boulder/labca/config/ca-a.json" -const cabConfFile = "/opt/boulder/labca/config/ca-b.json" +const caConfFile = "/opt/boulder/labca/config/ca.json" const wfeConfFile = "/opt/boulder/labca/config/wfe2.json" // From boulder: cmd/boulder-wfe2/main.go @@ -118,7 +117,7 @@ func getCertFileSubject(certFile string) (string, error) { } func getRawCAChains() []IssuerConfig { - caConf, err := os.Open(caaConfFile) + caConf, err := os.Open(caConfFile) if err != nil { fmt.Println(err) return nil @@ -304,26 +303,16 @@ func setUseForLeavesFile(filename, forRSA, forECDSA string) error { } func setUseForLeaves(forRSA, forECDSA string) error { - if err := exec.Command("cp", "-f", caaConfFile, caaConfFile+"_BAK").Run(); err != nil { - return errors.New("could not create ca-a backup file: " + err.Error()) - } - if err := exec.Command("cp", "-f", cabConfFile, cabConfFile+"_BAK").Run(); err != nil { - return errors.New("could not create ca-b backup file: " + err.Error()) + if err := exec.Command("cp", "-f", caConfFile, caConfFile+"_BAK").Run(); err != nil { + return errors.New("could not create ca backup file: " + err.Error()) } - if err := setUseForLeavesFile(caaConfFile, forRSA, forECDSA); err != nil { - exec.Command("mv", caaConfFile+"_BAK", caaConfFile).Run() - exec.Command("mv", cabConfFile+"_BAK", cabConfFile).Run() - return err - } - if err := setUseForLeavesFile(cabConfFile, forRSA, forECDSA); err != nil { - exec.Command("mv", caaConfFile+"_BAK", caaConfFile).Run() - exec.Command("mv", cabConfFile+"_BAK", cabConfFile).Run() + if err := setUseForLeavesFile(caConfFile, forRSA, forECDSA); err != nil { + exec.Command("mv", caConfFile+"_BAK", caConfFile).Run() return err } - exec.Command("rm", caaConfFile+"_BAK").Run() - exec.Command("rm", cabConfFile+"_BAK").Run() + exec.Command("rm", caConfFile+"_BAK").Run() if forRSA != "" { viper.Set("certs.issuerRSA", forRSA) @@ -336,4 +325,4 @@ func setUseForLeaves(forRSA, forECDSA string) error { } return nil -} \ No newline at end of file +} diff --git a/install b/install index c81e7bf..2c4550e 100755 --- a/install +++ b/install @@ -30,7 +30,7 @@ dockerComposeVersion="v2.5.0" labcaUrl="https://github.com/hakwerk/labca/" boulderUrl="https://github.com/letsencrypt/boulder/" -boulderTag="release-2024-01-08" +boulderTag="release-2024-01-22" # Feature flags flag_skip_redis=true @@ -666,12 +666,9 @@ config_boulder() { cd "$boulderLabCADir" sed -i -e "s|https://boulder.service.consul:4431/terms/v7|https://$LABCA_FQDN/terms/v1|" config/wfe2.json sed -i -e "s|boulder.service.consul:4000|$LABCA_FQDN|g" config/wfe2.json - sed -i -e "s|http://127.0.0.1:4002/|http://$LABCA_FQDN/ocsp/|g" config/ca-a.json - sed -i -e "s|http://127.0.0.1:4002/|http://$LABCA_FQDN/ocsp/|g" config/ca-b.json - sed -i -e "s|http://example.com/cps|http://$LABCA_FQDN/cps/|g" config/ca-a.json - sed -i -e "s|http://example.com/cps|http://$LABCA_FQDN/cps/|g" config/ca-b.json - sed -i -e "s|http://example.com/crl|http://$LABCA_FQDN/crl/|g" config/ca-a.json - sed -i -e "s|http://example.com/crl|http://$LABCA_FQDN/crl/|g" config/ca-b.json + sed -i -e "s|http://127.0.0.1:4002/|http://$LABCA_FQDN/ocsp/|g" config/ca.json + sed -i -e "s|http://example.com/cps|http://$LABCA_FQDN/cps/|g" config/ca.json + sed -i -e "s|http://example.com/crl|http://$LABCA_FQDN/crl/|g" config/ca.json sed -i -e "s|boulder.service.consul:4000|$LABCA_FQDN|g" config/va.json sed -i -e "s|boulder.service.consul:4001|$LABCA_FQDN|g" config/va.json sed -i -e "s|boulder.service.consul:4000|$LABCA_FQDN|g" config/va-remote-a.json diff --git a/patch-cfg.sh b/patch-cfg.sh index e23552f..9a47be5 100755 --- a/patch-cfg.sh +++ b/patch-cfg.sh @@ -15,8 +15,7 @@ boulderLabCADir="${2:-labca}" $SUDO patch -p1 -o "$boulderLabCADir/entrypoint.sh" < $cloneDir/patches/entrypoint.patch cp test/startservers.py "$boulderLabCADir/startservers.py" -$SUDO patch -p1 -o "$boulderLabCADir/config/ca-a.json" < $cloneDir/patches/test_config_ca_a.patch -$SUDO patch -p1 -o "$boulderLabCADir/config/ca-b.json" < $cloneDir/patches/test_config_ca_b.patch +$SUDO patch -p1 -o "$boulderLabCADir/config/ca.json" < $cloneDir/patches/test_config_ca.patch $SUDO patch -p1 -o "$boulderLabCADir/config/expiration-mailer.json" < $cloneDir/patches/config_expiration-mailer.patch $SUDO patch -p1 -o "$boulderLabCADir/config/notify-mailer.json" < $cloneDir/patches/config_notify-mailer.patch @@ -68,15 +67,13 @@ sed -i -e "s/5002/80/g" config/va-remote-a.json sed -i -e "s/5001/443/g" config/va-remote-b.json sed -i -e "s/5002/80/g" config/va-remote-b.json sed -i -e "s|letsencrypt/boulder|hakwerk/labca|" config/wfe2.json -sed -i -e "s|1.2.3.4|1.3.6.1.4.1.44947.1.1.1|g" config/ca-a.json -sed -i -e "s|1.2.3.4|1.3.6.1.4.1.44947.1.1.1|g" config/ca-b.json +sed -i -e "s|1.2.3.4|1.3.6.1.4.1.44947.1.1.1|g" config/ca.json sed -i -e "s/ocspURL.Path = encodedReq/ocspURL.Path += encodedReq/" ocsp/helper/helper.go sed -i -e "s/\"dnsTimeout\": \".*\"/\"dnsTimeout\": \"3s\"/" config/ra.json sed -i -e "s/\"dnsTimeout\": \".*\"/\"dnsTimeout\": \"3s\"/" config/va.json sed -i -e "s/\"dnsTimeout\": \".*\"/\"dnsTimeout\": \"3s\"/" config/va-remote-a.json sed -i -e "s/\"dnsTimeout\": \".*\"/\"dnsTimeout\": \"3s\"/" config/va-remote-b.json -sed -i -e "s/\"stdoutlevel\": 4,/\"stdoutlevel\": 6,/" config/ca-a.json -sed -i -e "s/\"stdoutlevel\": 4,/\"stdoutlevel\": 6,/" config/ca-b.json +sed -i -e "s/\"stdoutlevel\": 4,/\"stdoutlevel\": 6,/" config/ca.json sed -i -e "s/\"stdoutlevel\": 4,/\"stdoutlevel\": 6,/" config/va-remote-a.json sed -i -e "s/\"stdoutlevel\": 4,/\"stdoutlevel\": 6,/" config/va-remote-b.json diff --git a/patches/ca_crl.patch b/patches/ca_crl.patch index 5e617ab..6f027a7 100644 --- a/patches/ca_crl.patch +++ b/patches/ca_crl.patch @@ -1,13 +1,13 @@ diff --git a/ca/crl.go b/ca/crl.go -index 10cbde3e2..91db977c4 100644 +index 3232ab419..ce6f76e36 100644 --- a/ca/crl.go +++ b/ca/crl.go @@ -117,7 +117,7 @@ func (ci *crlImpl) GenerateCRL(stream capb.CRLGenerator_GenerateCRLServer) error } // Add the Issuing Distribution Point extension. -- idp, err := makeIDPExt(ci.idpBase, issuer.Cert.NameID(), shard) -+ idp, err := makeIDPExt(ci.idpBase, issuer.Cert.NameID()) +- idp, err := makeIDPExt(ci.idpBase, issuer.NameID(), shard) ++ idp, err := makeIDPExt(ci.idpBase, issuer.NameID()) if err != nil { return fmt.Errorf("creating IDP extension: %w", err) } @@ -28,8 +28,8 @@ index 10cbde3e2..91db977c4 100644 // makeIDPExt returns a critical IssuingDistributionPoint extension containing a // URI built from the base url, the issuer's NameID, and the shard number. It // also sets the OnlyContainsUserCerts boolean to true. --func makeIDPExt(base string, issuer issuance.IssuerNameID, shardIdx int64) (*pkix.Extension, error) { -+func makeIDPExt(base string, issuer issuance.IssuerNameID) (*pkix.Extension, error) { +-func makeIDPExt(base string, issuer issuance.NameID, shardIdx int64) (*pkix.Extension, error) { ++func makeIDPExt(base string, issuer issuance.NameID) (*pkix.Extension, error) { val := issuingDistributionPoint{ DistributionPoint: distributionPointName{ []asn1.RawValue{ // GeneralNames diff --git a/patches/config_bad-key-revoker.patch b/patches/config_bad-key-revoker.patch index 847980c..78e009a 100644 --- a/patches/config_bad-key-revoker.patch +++ b/patches/config_bad-key-revoker.patch @@ -16,7 +16,7 @@ index f4696dc2..b9c19ce3 100644 "tls": { "caCertFile": "test/grpc-creds/minica.pem", "certFile": "test/grpc-creds/bad-key-revoker.boulder/cert.pem", -@@ -27,7 +34,7 @@ +@@ -32,7 +39,7 @@ }, "maximumRevocations": 15, "findCertificatesBatchSize": 10, diff --git a/patches/config_crl-updater.patch b/patches/config_crl-updater.patch index 88ceb0b..8556070 100644 --- a/patches/config_crl-updater.patch +++ b/patches/config_crl-updater.patch @@ -2,7 +2,7 @@ diff --git a/test/config/crl-updater.json b/test/config/crl-updater.json index f6b70123f..a6c1471e5 100644 --- a/test/config/crl-updater.json +++ b/test/config/crl-updater.json -@@ -22,16 +22,14 @@ +@@ -36,16 +36,14 @@ "hostOverride": "crl-storer.boulder" }, "issuerCerts": [ diff --git a/patches/config_ocsp-responder.patch b/patches/config_ocsp-responder.patch index d5894bb..d395cf0 100644 --- a/patches/config_ocsp-responder.patch +++ b/patches/config_ocsp-responder.patch @@ -25,7 +25,7 @@ index bfea858d..fecea919 100644 "tls": { "caCertFile": "test/grpc-creds/minica.pem", "certFile": "test/grpc-creds/ocsp-responder.boulder/cert.pem", -@@ -39,9 +23,7 @@ +@@ -49,9 +33,7 @@ "path": "/", "listenAddress": "0.0.0.0:4002", "issuerCerts": [ diff --git a/patches/config_wfe2.patch b/patches/config_wfe2.patch index f5db3d1..7f77c24 100644 --- a/patches/config_wfe2.patch +++ b/patches/config_wfe2.patch @@ -2,7 +2,7 @@ diff --git a/test/config/wfe2.json b/test/config/wfe2.json index c0093044..e8ba4263 100644 --- a/test/config/wfe2.json +++ b/test/config/wfe2.json -@@ -56,26 +56,6 @@ +@@ -79,26 +79,6 @@ [ "/hierarchy/intermediate-cert-rsa-a.pem", "/hierarchy/root-cert-rsa.pem" diff --git a/patches/ra_ra.patch b/patches/ra_ra.patch index 1d9387c..36867bd 100644 --- a/patches/ra_ra.patch +++ b/patches/ra_ra.patch @@ -10,7 +10,7 @@ index 7c62ad078..21bc601b4 100644 "github.com/letsencrypt/boulder/probs" pubpb "github.com/letsencrypt/boulder/publisher/proto" rapb "github.com/letsencrypt/boulder/ra/proto" -@@ -559,7 +558,7 @@ func (ra *RegistrationAuthorityImpl) validateContacts(contacts []string) error { +@@ -555,7 +554,7 @@ func (ra *RegistrationAuthorityImpl) validateContacts(contacts []string) error { contact, ) } diff --git a/patches/startservers.patch b/patches/startservers.patch index d52276f..1e229f5 100644 --- a/patches/startservers.patch +++ b/patches/startservers.patch @@ -1,8 +1,8 @@ diff --git a/test/startservers.py b/test/startservers.py -index b5fc73439..135e6c9e4 100644 +index 1ddfef04d..0169251a5 100644 --- a/test/startservers.py +++ b/test/startservers.py -@@ -146,6 +146,9 @@ processes = [] +@@ -158,6 +158,9 @@ processes = [] challSrvProcess = None def setupHierarchy(): diff --git a/patches/storer_storer.patch b/patches/storer_storer.patch index 08b3e43..c790ab9 100644 --- a/patches/storer_storer.patch +++ b/patches/storer_storer.patch @@ -1,5 +1,5 @@ diff --git a/crl/storer/storer.go b/crl/storer/storer.go -index cd0bf86c0..26e52f789 100644 +index 296852415..00dc7da90 100644 --- a/crl/storer/storer.go +++ b/crl/storer/storer.go @@ -11,7 +11,11 @@ import ( @@ -19,7 +19,7 @@ index cd0bf86c0..26e52f789 100644 s3Client simpleS3 s3Bucket string + localStorePath string - issuers map[issuance.IssuerNameID]*issuance.Certificate + issuers map[issuance.NameID]*issuance.Certificate uploadCount *prometheus.CounterVec sizeHistogram *prometheus.HistogramVec @@ -50,6 +55,7 @@ func New( @@ -72,7 +72,7 @@ index cd0bf86c0..26e52f789 100644 return nil } + -+func storeLocalFile(path string, nameID issuance.IssuerNameID, crlNumber *big.Int, shardIdx int64, crlBytes io.Reader) error { ++func storeLocalFile(path string, nameID issuance.NameID, crlNumber *big.Int, shardIdx int64, crlBytes io.Reader) error { + // Write the file + fn := fmt.Sprintf("%s%c%d-%d-%d.crl", path, os.PathSeparator, nameID, crlNumber, shardIdx) + out, err := os.Create(fn) diff --git a/patches/test_config_ca_a.patch b/patches/test_config_ca.patch similarity index 89% rename from patches/test_config_ca_a.patch rename to patches/test_config_ca.patch index 3687fc1..78ddc7d 100644 --- a/patches/test_config_ca_a.patch +++ b/patches/test_config_ca.patch @@ -1,8 +1,8 @@ -diff --git a/test/config/ca-a.json b/test/config/ca-a.json +diff --git a/test/config/ca.json b/test/config/ca.json index 1233a9c95..3c4a0a3ca 100644 ---- a/test/config/ca-a.json -+++ b/test/config/ca-a.json -@@ -54,35 +54,13 @@ +--- a/test/config/ca.json ++++ b/test/config/ca.json +@@ -59,35 +59,13 @@ }, "issuers": [ { diff --git a/patches/test_config_ca_b.patch b/patches/test_config_ca_b.patch deleted file mode 100644 index 6a125c7..0000000 --- a/patches/test_config_ca_b.patch +++ /dev/null @@ -1,41 +0,0 @@ -diff --git a/test/config/ca-b.json b/test/config/ca-b.json -index 960d62f95..54b25dd81 100644 ---- a/test/config/ca-b.json -+++ b/test/config/ca-b.json -@@ -54,35 +54,13 @@ - }, - "issuers": [ - { -- "useForRSALeaves": false, -- "useForECDSALeaves": true, -- "issuerURL": "http://127.0.0.1:4001/aia/issuer/5214744660557630", -- "ocspURL": "http://127.0.0.1:4002/", -- "location": { -- "configFile": "/hierarchy/intermediate-signing-key-ecdsa.pkcs11.json", -- "certFile": "/hierarchy/intermediate-cert-ecdsa-a.pem", -- "numSessions": 2 -- } -- }, -- { - "useForRSALeaves": true, - "useForECDSALeaves": true, - "issuerURL": "http://127.0.0.1:4001/aia/issuer/6605440498369741", - "ocspURL": "http://127.0.0.1:4002/", - "location": { - "configFile": "test/test-ca.key-pkcs11.json", -- "certFile": "/hierarchy/intermediate-cert-rsa-a.pem", -- "numSessions": 2 -- } -- }, -- { -- "useForRSALeaves": false, -- "useForECDSALeaves": false, -- "issuerURL": "http://127.0.0.1:4001/aia/issuer/41127673797486028", -- "ocspURL": "http://127.0.0.1:4002/", -- "location": { -- "configFile": "test/test-ca.key-pkcs11.json", -- "certFile": "/hierarchy/intermediate-cert-rsa-b.pem", -+ "certFile": "test/test-ca.pem", - "numSessions": 2 - } - } diff --git a/patches/updater_continuous.patch b/patches/updater_continuous.patch index e0090ea..170bfd6 100644 --- a/patches/updater_continuous.patch +++ b/patches/updater_continuous.patch @@ -1,5 +1,5 @@ diff --git a/crl/updater/continuous.go b/crl/updater/continuous.go -index 05f1d1bf..1c678a9c 100644 +index e4552f68f..7aaef33c0 100644 --- a/crl/updater/continuous.go +++ b/crl/updater/continuous.go @@ -3,6 +3,7 @@ package updater @@ -37,6 +37,6 @@ index 05f1d1bf..1c678a9c 100644 + cu.RunOnce(ctx) + } + - shardWorker := func(issuerNameID issuance.IssuerNameID, shardIdx int) { + shardWorker := func(issuerNameID issuance.NameID, shardIdx int) { defer wg.Done()