From c3a79178389910f9d45ea1cc0ffc1deffc809e5f Mon Sep 17 00:00:00 2001
From: Arjan H <github@hakwerk.com>
Date: Tue, 25 Aug 2020 18:41:47 +0200
Subject: [PATCH] Bump boulder version to release-2020-08-18

---
 config_bad-key-revoker.patch |  2 +-
 config_notify-mailer.patch   |  5 +++--
 core_interfaces.patch        |  6 +++---
 docker-compose.patch         | 16 +++++-----------
 gui/apply-boulder            |  9 +++++++++
 install                      |  2 +-
 policy_pa.patch              |  4 ++--
 ra_ra.patch                  |  4 ++--
 test_config_ca_a.patch       |  2 +-
 test_config_ca_b.patch       |  2 +-
 10 files changed, 28 insertions(+), 24 deletions(-)

diff --git a/config_bad-key-revoker.patch b/config_bad-key-revoker.patch
index 8019e00..9498e06 100644
--- a/config_bad-key-revoker.patch
+++ b/config_bad-key-revoker.patch
@@ -19,7 +19,7 @@ index 482fd85fc..3e678aa5b 100644
          "maximumRevocations": 15,
          "findCertificatesBatchSize": 10,
 -        "interval": "1s"
-+        "interval": "1h"
++        "interval": "5m"
      },
      "syslog": {
          "stdoutlevel": 6,
diff --git a/config_notify-mailer.patch b/config_notify-mailer.patch
index 56632ef..bb75295 100644
--- a/config_notify-mailer.patch
+++ b/config_notify-mailer.patch
@@ -1,13 +1,14 @@
 diff --git a/test/config/notify-mailer.json b/test/config/notify-mailer.json
-index 73864aeb5..5e43e7689 100644
+index 73864aeb5..93b17c28e 100644
 --- a/test/config/notify-mailer.json
 +++ b/test/config/notify-mailer.json
-@@ -2,11 +2,19 @@
+@@ -2,11 +2,20 @@
    "notifyMailer": {
      "server": "localhost",
      "port": "9380",
 +    "hostnamePolicyFile": "test/hostname-policy.yaml",
      "username": "cert-manager@example.com",
++    "from": "notify mailer <test@example.com>",
      "passwordFile": "test/secrets/smtp_password",
      "dbConnectFile": "test/secrets/mailer_dburl",
      "maxDBConns": 10
diff --git a/core_interfaces.patch b/core_interfaces.patch
index 79f6d6f..3366687 100644
--- a/core_interfaces.patch
+++ b/core_interfaces.patch
@@ -1,11 +1,11 @@
 diff --git a/core/interfaces.go b/core/interfaces.go
-index c57358c9b..5c5087c2f 100644
+index 3e0d3f1ae..ffbbe7d11 100644
 --- a/core/interfaces.go
 +++ b/core/interfaces.go
-@@ -108,6 +108,7 @@ type PolicyAuthority interface {
+@@ -113,6 +113,7 @@ type PolicyAuthority interface {
  	WillingToIssueWildcards(identifiers []identifier.ACMEIdentifier) error
  	ChallengesFor(domain identifier.ACMEIdentifier) ([]Challenge, error)
- 	ChallengeTypeEnabled(t string) bool
+ 	ChallengeTypeEnabled(t AcmeChallenge) bool
 +	ValidEmail(address string) error
  }
  
diff --git a/docker-compose.patch b/docker-compose.patch
index 80b2ff4..9b5bac7 100644
--- a/docker-compose.patch
+++ b/docker-compose.patch
@@ -1,9 +1,9 @@
 diff --git a/docker-compose.yml b/docker-compose.yml
-index a915b77ad..14fdb1fa6 100644
+index c5239fb0e..1334f34c1 100644
 --- a/docker-compose.yml
 +++ b/docker-compose.yml
 @@ -5,7 +5,7 @@ services:
-         image: letsencrypt/boulder-tools-go${TRAVIS_GO_VERSION:-1.14.1}:2020-06-01
+         image: letsencrypt/boulder-tools-go${TRAVIS_GO_VERSION:-1.14.5}:2020-08-12
          environment:
              - FAKE_DNS=10.77.77.77
 -            - BOULDER_CONFIG_DIR=test/config
@@ -19,19 +19,13 @@ index a915b77ad..14fdb1fa6 100644
            - ./.gocache:/root/.cache/go-build:cached
          networks:
            bluenet:
-@@ -57,7 +58,7 @@ services:
+@@ -57,10 +58,18 @@ services:
            - 8055:8055 # dns-test-srv updates
          depends_on:
            - bmysql
 -        entrypoint: test/entrypoint.sh
 +        entrypoint: labca/entrypoint.sh
          working_dir: /go/src/github.com/letsencrypt/boulder
-         # This works around a kernel bug that is tickled by Go 1.14:
-         # https://github.com/golang/go/issues/37436
-@@ -66,8 +67,16 @@ services:
-           memlock:
-             soft: -1
-             hard: -1
 +        logging:
 +          driver: "json-file"
 +          options:
@@ -45,7 +39,7 @@ index a915b77ad..14fdb1fa6 100644
          networks:
            bluenet:
              aliases:
-@@ -81,20 +90,36 @@ services:
+@@ -74,20 +83,36 @@ services:
          # small.
          command: mysqld --bind-address=0.0.0.0 --slow-query-log --log-output=TABLE --log-queries-not-using-indexes=ON
          logging:
@@ -57,7 +51,7 @@ index a915b77ad..14fdb1fa6 100644
 +            max-file: "5"
 +        restart: always
 +    labca:
-         image: letsencrypt/boulder-tools-go${TRAVIS_GO_VERSION:-1.14.1}:2020-06-01
+         image: letsencrypt/boulder-tools-go${TRAVIS_GO_VERSION:-1.14.5}:2020-08-12
 -        environment:
 -            GO111MODULE: "on"
 -            GOFLAGS: "-mod=vendor"
diff --git a/gui/apply-boulder b/gui/apply-boulder
index 3e02047..97bfeee 100755
--- a/gui/apply-boulder
+++ b/gui/apply-boulder
@@ -5,6 +5,7 @@ set -e
 perl -i -p0e "s/(\"dnsResolvers\": \[\n).*?(\s+\],)/\1      \"$PKI_DNS\"\2/igs" config/va.json
 perl -i -p0e "s/(\"dnsResolvers\": \[\n).*?(\s+\],)/\1      \"$PKI_DNS\"\2/igs" config/va-remote-a.json
 perl -i -p0e "s/(\"dnsResolvers\": \[\n).*?(\s+\],)/\1      \"$PKI_DNS\"\2/igs" config/va-remote-b.json
+perl -i -p0e "s/(\"dnsResolvers\": \[\n).*?(\s+\],)/\1      \"$PKI_DNS\"\2/igs" config/bad-key-revoker.json
 perl -i -p0e "s/(\"dnsResolvers\": \[\n).*?(\s+\],)/\1      \"$PKI_DNS\"\2/igs" config/expiration-mailer.json
 sed -i -e "s/\"issuerDomain\": \".*\"/\"issuerDomain\": \"$PKI_DOMAIN\"/" config/va.json
 sed -i -e "s/\"issuerDomain\": \".*\"/\"issuerDomain\": \"$PKI_DOMAIN\"/" config/va-remote-a.json
@@ -44,10 +45,18 @@ if [ "$PKI_EXTENDED_TIMEOUT" == "1" ]; then
     sed -i -e "s/\"timeout\": \"15s\"/\"timeout\": \"30s\"/" config/orphan-finder.json
 fi
 
+sed -i -e "s/\"server\": \".*\"/\"server\": \"$PKI_EMAIL_SERVER\"/" config/bad-key-revoker.json
+sed -i -e "s/\"port\": \".*\"/\"port\": \"$PKI_EMAIL_PORT\"/" config/bad-key-revoker.json
+sed -i -e "s/\"username\": \".*\"/\"username\": \"$PKI_EMAIL_USER\"/" config/bad-key-revoker.json
+sed -i -e "s/\"from\": \".*\"/\"from\": \"$PKI_EMAIL_FROM\"/" config/bad-key-revoker.json
 sed -i -e "s/\"server\": \".*\"/\"server\": \"$PKI_EMAIL_SERVER\"/" config/expiration-mailer.json
 sed -i -e "s/\"port\": \".*\"/\"port\": \"$PKI_EMAIL_PORT\"/" config/expiration-mailer.json
 sed -i -e "s/\"username\": \".*\"/\"username\": \"$PKI_EMAIL_USER\"/" config/expiration-mailer.json
 sed -i -e "s/\"from\": \".*\"/\"from\": \"$PKI_EMAIL_FROM\"/" config/expiration-mailer.json
+sed -i -e "s/\"server\": \".*\"/\"server\": \"$PKI_EMAIL_SERVER\"/" config/notify-mailer.json
+sed -i -e "s/\"port\": \".*\"/\"port\": \"$PKI_EMAIL_PORT\"/" config/notify-mailer.json
+sed -i -e "s/\"username\": \".*\"/\"username\": \"$PKI_EMAIL_USER\"/" config/notify-mailer.json
+sed -i -e "s/\"from\": \".*\"/\"from\": \"$PKI_EMAIL_FROM\"/" config/notify-mailer.json
 sed -i -e "s/\"purgeInterval\": \".*\"/\"purgeInterval\": \"1s\"/" config/akamai-purger.json
 
 if [ "$PKI_EMAIL_PASS" != "" ]; then
diff --git a/install b/install
index e13dc53..8542390 100755
--- a/install
+++ b/install
@@ -24,7 +24,7 @@ dockerComposeVersion="1.22.0"
 
 labcaUrl="https://github.com/hakwerk/labca/"
 boulderUrl="https://github.com/letsencrypt/boulder/"
-boulderTag="release-2020-07-13"
+boulderTag="release-2020-08-18"
 
 #
 # Color configuration
diff --git a/policy_pa.patch b/policy_pa.patch
index 1b59d18..951bf15 100644
--- a/policy_pa.patch
+++ b/policy_pa.patch
@@ -1,5 +1,5 @@
 diff --git a/policy/pa.go b/policy/pa.go
-index 230eaa1e0..4f9c09633 100644
+index 599dcdb10..084cb3ba8 100644
 --- a/policy/pa.go
 +++ b/policy/pa.go
 @@ -30,6 +30,8 @@ type AuthorityImpl struct {
@@ -10,7 +10,7 @@ index 230eaa1e0..4f9c09633 100644
 +	lockdown               map[string]bool
  	blocklistMu            sync.RWMutex
  
- 	enabledChallenges map[string]bool
+ 	enabledChallenges map[core.AcmeChallenge]bool
 @@ -70,6 +72,9 @@ type blockedNamesPolicy struct {
  	// time above and beyond the high-risk domains. Managing these entries separately
  	// from HighRiskBlockedNames makes it easier to vet changes accurately.
diff --git a/ra_ra.patch b/ra_ra.patch
index 14547db..7296023 100644
--- a/ra_ra.patch
+++ b/ra_ra.patch
@@ -1,5 +1,5 @@
 diff --git a/ra/ra.go b/ra/ra.go
-index 23445de96..30203a80a 100644
+index a92965189..aeccb9c3c 100644
 --- a/ra/ra.go
 +++ b/ra/ra.go
 @@ -28,7 +28,6 @@ import (
@@ -10,7 +10,7 @@ index 23445de96..30203a80a 100644
  	"github.com/letsencrypt/boulder/probs"
  	rapb "github.com/letsencrypt/boulder/ra/proto"
  	"github.com/letsencrypt/boulder/ratelimit"
-@@ -394,7 +393,7 @@ func (ra *RegistrationAuthorityImpl) validateContacts(ctx context.Context, conta
+@@ -399,7 +398,7 @@ func (ra *RegistrationAuthorityImpl) validateContacts(ctx context.Context, conta
  				contact,
  			)
  		}
diff --git a/test_config_ca_a.patch b/test_config_ca_a.patch
index 1312e17..1b316d6 100644
--- a/test_config_ca_a.patch
+++ b/test_config_ca_a.patch
@@ -2,7 +2,7 @@ diff --git a/test/config/ca-a.json b/test/config/ca-a.json
 index be064a52e..e7ef8fcf6 100644
 --- a/test/config/ca-a.json
 +++ b/test/config/ca-a.json
-@@ -29,11 +29,7 @@
+@@ -30,11 +30,7 @@
      },
      "Issuers": [{
        "ConfigFile": "test/test-ca.key-pkcs11.json",
diff --git a/test_config_ca_b.patch b/test_config_ca_b.patch
index fc21282..04eeaeb 100644
--- a/test_config_ca_b.patch
+++ b/test_config_ca_b.patch
@@ -2,7 +2,7 @@ diff --git a/test/config/ca-b.json b/test/config/ca-b.json
 index ed2498f1a..4d24ffa94 100644
 --- a/test/config/ca-b.json
 +++ b/test/config/ca-b.json
-@@ -29,11 +29,7 @@
+@@ -30,11 +30,7 @@
      },
      "Issuers": [{
        "ConfigFile": "test/test-ca.key-pkcs11.json",