github-personal/labca
1
0
Fork 0
mirror of https://github.com/outbackdingo/labca.git synced 2026-01-27 18:19:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Bump boulder version to release-2020-08-18

Browse Source
This commit is contained in:
Arjan H
2020-08-25 18:41:47 +02:00
parent 6809f4047c
commit c3a7917838
10 changed files with 28 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config_bad-key-revoker.patch
View File

@@ -19,7 +19,7 @@ index 482fd85fc..3e678aa5b 100644
"maximumRevocations": 15,
"findCertificatesBatchSize": 10,
- "interval": "1s"
+ "interval": "1h"
+ "interval": "5m"
},
"syslog": {
"stdoutlevel": 6,

5
config_notify-mailer.patch
View File

@@ -1,13 +1,14 @@
diff --git a/test/config/notify-mailer.json b/test/config/notify-mailer.json
index 73864aeb5..5e43e7689 100644
index 73864aeb5..93b17c28e 100644
--- a/test/config/notify-mailer.json
+++ b/test/config/notify-mailer.json
@@ -2,11 +2,19 @@
@@ -2,11 +2,20 @@
"notifyMailer": {
"server": "localhost",
"port": "9380",
+ "hostnamePolicyFile": "test/hostname-policy.yaml",
"username": "cert-manager@example.com",
+ "from": "notify mailer <test@example.com>",
"passwordFile": "test/secrets/smtp_password",
"dbConnectFile": "test/secrets/mailer_dburl",
"maxDBConns": 10

6
core_interfaces.patch
View File

@@ -1,11 +1,11 @@
diff --git a/core/interfaces.go b/core/interfaces.go
index c57358c9b..5c5087c2f 100644
index 3e0d3f1ae..ffbbe7d11 100644
--- a/core/interfaces.go
+++ b/core/interfaces.go
@@ -108,6 +108,7 @@ type PolicyAuthority interface {
@@ -113,6 +113,7 @@ type PolicyAuthority interface {
WillingToIssueWildcards(identifiers []identifier.ACMEIdentifier) error
ChallengesFor(domain identifier.ACMEIdentifier) ([]Challenge, error)
ChallengeTypeEnabled(t string) bool
ChallengeTypeEnabled(t AcmeChallenge) bool
+ ValidEmail(address string) error
}

16
docker-compose.patch
View File

@@ -1,9 +1,9 @@
diff --git a/docker-compose.yml b/docker-compose.yml
index a915b77ad..14fdb1fa6 100644
index c5239fb0e..1334f34c1 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -5,7 +5,7 @@ services:
image: letsencrypt/boulder-tools-go${TRAVIS_GO_VERSION:-1.14.1}:2020-06-01
image: letsencrypt/boulder-tools-go${TRAVIS_GO_VERSION:-1.14.5}:2020-08-12
environment:
- FAKE_DNS=10.77.77.77
- - BOULDER_CONFIG_DIR=test/config
@@ -19,19 +19,13 @@ index a915b77ad..14fdb1fa6 100644
- ./.gocache:/root/.cache/go-build:cached
networks:
bluenet:
@@ -57,7 +58,7 @@ services:
@@ -57,10 +58,18 @@ services:
- 8055:8055 # dns-test-srv updates
depends_on:
- bmysql
- entrypoint: test/entrypoint.sh
+ entrypoint: labca/entrypoint.sh
working_dir: /go/src/github.com/letsencrypt/boulder
# This works around a kernel bug that is tickled by Go 1.14:
# https://github.com/golang/go/issues/37436
@@ -66,8 +67,16 @@ services:
memlock:
soft: -1
hard: -1
+ logging:
+ driver: "json-file"
+ options:
@@ -45,7 +39,7 @@ index a915b77ad..14fdb1fa6 100644
networks:
bluenet:
aliases:
@@ -81,20 +90,36 @@ services:
@@ -74,20 +83,36 @@ services:
# small.
command: mysqld --bind-address=0.0.0.0 --slow-query-log --log-output=TABLE --log-queries-not-using-indexes=ON
logging:
@@ -57,7 +51,7 @@ index a915b77ad..14fdb1fa6 100644
+ max-file: "5"
+ restart: always
+ labca:
image: letsencrypt/boulder-tools-go${TRAVIS_GO_VERSION:-1.14.1}:2020-06-01
image: letsencrypt/boulder-tools-go${TRAVIS_GO_VERSION:-1.14.5}:2020-08-12
- environment:
- GO111MODULE: "on"
- GOFLAGS: "-mod=vendor"

9
gui/apply-boulder
View File

@@ -5,6 +5,7 @@ set -e
perl -i -p0e "s/(\"dnsResolvers\": \[\n).*?(\s+\],)/\1 \"$PKI_DNS\"\2/igs" config/va.json
perl -i -p0e "s/(\"dnsResolvers\": \[\n).*?(\s+\],)/\1 \"$PKI_DNS\"\2/igs" config/va-remote-a.json
perl -i -p0e "s/(\"dnsResolvers\": \[\n).*?(\s+\],)/\1 \"$PKI_DNS\"\2/igs" config/va-remote-b.json
perl -i -p0e "s/(\"dnsResolvers\": \[\n).*?(\s+\],)/\1 \"$PKI_DNS\"\2/igs" config/bad-key-revoker.json
perl -i -p0e "s/(\"dnsResolvers\": \[\n).*?(\s+\],)/\1 \"$PKI_DNS\"\2/igs" config/expiration-mailer.json
sed -i -e "s/\"issuerDomain\": \".*\"/\"issuerDomain\": \"$PKI_DOMAIN\"/" config/va.json
sed -i -e "s/\"issuerDomain\": \".*\"/\"issuerDomain\": \"$PKI_DOMAIN\"/" config/va-remote-a.json
@@ -44,10 +45,18 @@ if [ "$PKI_EXTENDED_TIMEOUT" == "1" ]; then
sed -i -e "s/\"timeout\": \"15s\"/\"timeout\": \"30s\"/" config/orphan-finder.json
fi
sed -i -e "s/\"server\": \".*\"/\"server\": \"$PKI_EMAIL_SERVER\"/" config/bad-key-revoker.json
sed -i -e "s/\"port\": \".*\"/\"port\": \"$PKI_EMAIL_PORT\"/" config/bad-key-revoker.json
sed -i -e "s/\"username\": \".*\"/\"username\": \"$PKI_EMAIL_USER\"/" config/bad-key-revoker.json
sed -i -e "s/\"from\": \".*\"/\"from\": \"$PKI_EMAIL_FROM\"/" config/bad-key-revoker.json
sed -i -e "s/\"server\": \".*\"/\"server\": \"$PKI_EMAIL_SERVER\"/" config/expiration-mailer.json
sed -i -e "s/\"port\": \".*\"/\"port\": \"$PKI_EMAIL_PORT\"/" config/expiration-mailer.json
sed -i -e "s/\"username\": \".*\"/\"username\": \"$PKI_EMAIL_USER\"/" config/expiration-mailer.json
sed -i -e "s/\"from\": \".*\"/\"from\": \"$PKI_EMAIL_FROM\"/" config/expiration-mailer.json
sed -i -e "s/\"server\": \".*\"/\"server\": \"$PKI_EMAIL_SERVER\"/" config/notify-mailer.json
sed -i -e "s/\"port\": \".*\"/\"port\": \"$PKI_EMAIL_PORT\"/" config/notify-mailer.json
sed -i -e "s/\"username\": \".*\"/\"username\": \"$PKI_EMAIL_USER\"/" config/notify-mailer.json
sed -i -e "s/\"from\": \".*\"/\"from\": \"$PKI_EMAIL_FROM\"/" config/notify-mailer.json
sed -i -e "s/\"purgeInterval\": \".*\"/\"purgeInterval\": \"1s\"/" config/akamai-purger.json
if [ "$PKI_EMAIL_PASS" != "" ]; then

2
install
View File

@@ -24,7 +24,7 @@ dockerComposeVersion="1.22.0"
labcaUrl="https://github.com/hakwerk/labca/"
boulderUrl="https://github.com/letsencrypt/boulder/"
boulderTag="release-2020-07-13"
boulderTag="release-2020-08-18"
#
# Color configuration

4
policy_pa.patch
View File

@@ -1,5 +1,5 @@
diff --git a/policy/pa.go b/policy/pa.go
index 230eaa1e0..4f9c09633 100644
index 599dcdb10..084cb3ba8 100644
--- a/policy/pa.go
+++ b/policy/pa.go
@@ -30,6 +30,8 @@ type AuthorityImpl struct {
@@ -10,7 +10,7 @@ index 230eaa1e0..4f9c09633 100644
+ lockdown map[string]bool
blocklistMu sync.RWMutex
enabledChallenges map[string]bool
enabledChallenges map[core.AcmeChallenge]bool
@@ -70,6 +72,9 @@ type blockedNamesPolicy struct {
// time above and beyond the high-risk domains. Managing these entries separately
// from HighRiskBlockedNames makes it easier to vet changes accurately.

4
ra_ra.patch
View File

@@ -1,5 +1,5 @@
diff --git a/ra/ra.go b/ra/ra.go
index 23445de96..30203a80a 100644
index a92965189..aeccb9c3c 100644
--- a/ra/ra.go
+++ b/ra/ra.go
@@ -28,7 +28,6 @@ import (
@@ -10,7 +10,7 @@ index 23445de96..30203a80a 100644
"github.com/letsencrypt/boulder/probs"
rapb "github.com/letsencrypt/boulder/ra/proto"
"github.com/letsencrypt/boulder/ratelimit"
@@ -394,7 +393,7 @@ func (ra *RegistrationAuthorityImpl) validateContacts(ctx context.Context, conta
@@ -399,7 +398,7 @@ func (ra *RegistrationAuthorityImpl) validateContacts(ctx context.Context, conta
contact,
)
}

2
test_config_ca_a.patch
View File

@@ -2,7 +2,7 @@ diff --git a/test/config/ca-a.json b/test/config/ca-a.json
index be064a52e..e7ef8fcf6 100644
--- a/test/config/ca-a.json
+++ b/test/config/ca-a.json
@@ -29,11 +29,7 @@
@@ -30,11 +30,7 @@
},
"Issuers": [{
"ConfigFile": "test/test-ca.key-pkcs11.json",

2
test_config_ca_b.patch
View File

@@ -2,7 +2,7 @@ diff --git a/test/config/ca-b.json b/test/config/ca-b.json
index ed2498f1a..4d24ffa94 100644
--- a/test/config/ca-b.json
+++ b/test/config/ca-b.json
@@ -29,11 +29,7 @@
@@ -30,11 +30,7 @@
},
"Issuers": [{
"ConfigFile": "test/test-ca.key-pkcs11.json",