Bump boulder version to release-2024-04-01

2026-01-27 10:19:34 +00:00 · 2024-04-07 13:47:10 +02:00
parent f8a358793c
commit cbe2f4089c
12 changed files with 36 additions and 35 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -13,7 +13,7 @@ jobs:
      fail-fast: false
      matrix:
        GO_VERSION:
-          - 1.21.5
+          - 1.22.1

    steps:
      - name: Checkout
--- a/build/Dockerfile-boulder
+++ b/build/Dockerfile-boulder
@@ -1,4 +1,4 @@
-FROM letsencrypt/boulder-tools:go1.21.5_2024-02-14 AS boulder-tools
+FROM letsencrypt/boulder-tools:go1.22.1_2024-03-05 AS boulder-tools

 FROM ubuntu:focal

--- a/build/build.sh
+++ b/build/build.sh
@@ -8,7 +8,7 @@ TMP_DIR=$(pwd)/tmp
 rm -rf $TMP_DIR && mkdir -p $TMP_DIR/{admin,bin,logs,src}

 boulderDir=$TMP_DIR/src
-boulderTag="release-2024-02-26"
+boulderTag="release-2024-04-01"
 boulderUrl="https://github.com/letsencrypt/boulder/"
 cloneDir=$(pwd)/..

--- a/build/docker-compose.yml
+++ b/build/docker-compose.yml
@@ -8,9 +8,9 @@ services:
    image: ghcr.io/hakwerk/labca-boulder:${LABCA_IMAGE_VERSION:-latest}
    build:
      context: test/boulder-tools/
-      # Should match one of the GO_DEV_VERSIONS in test/boulder-tools/tag_and_upload.sh.
+      # Should match one of the GO_CI_VERSIONS in test/boulder-tools/tag_and_upload.sh.
      args:
-        GO_VERSION: 1.21.5
+        GO_VERSION: 1.22.1
    environment:
      # To solve HTTP-01 and TLS-ALPN-01 challenges, change the IP in FAKE_DNS
      # to the IP address where your ACME client's solver is listening.
--- a/build/tmp.patch
+++ b/build/tmp.patch
@@ -1,5 +1,5 @@
 diff --git a/docker-compose.yml b/docker-compose.yml
-index 423aed0ff..e3389ca21 100644
+index a6d1db857..169ded339 100644
 --- a/docker-compose.yml
 +++ b/docker-compose.yml
@@ -5,7 +5,7 @@ services:
@@ -10,7 +10,7 @@ index 423aed0ff..e3389ca21 100644
 +    image: ghcr.io/hakwerk/labca-boulder:${LABCA_IMAGE_VERSION:-latest}
     build:
       context: test/boulder-tools/
-       # Should match one of the GO_DEV_VERSIONS in test/boulder-tools/tag_and_upload.sh.
+       # Should match one of the GO_CI_VERSIONS in test/boulder-tools/tag_and_upload.sh.
@@ -22,12 +22,9 @@ services:
       # Forward the parent env's GOEXPERIMENT value into the container.
       GOEXPERIMENT: ${GOEXPERIMENT:-}
--- a/2
+++ b/2
@@ -30,7 +30,7 @@ dockerComposeVersion="v2.5.0"

 labcaUrl="https://github.com/hakwerk/labca/"
 boulderUrl="https://github.com/letsencrypt/boulder/"
-boulderTag="release-2024-02-26"
+boulderTag="release-2024-04-01"

 # Feature flags
 flag_skip_redis=true
--- a/patches/docker-compose.patch
+++ b/patches/docker-compose.patch
@@ -1,5 +1,5 @@
 diff --git a/docker-compose.yml b/docker-compose.yml
-index 0d59c1228..85791692b 100644
+index 8971dbdb4..a6d1db857 100644
 --- a/docker-compose.yml
 +++ b/docker-compose.yml
@@ -1,10 +1,11 @@
@@ -14,7 +14,7 @@ index 0d59c1228..85791692b 100644
 +    image: &boulder_image letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-latest}
     build:
       context: test/boulder-tools/
-       # Should match one of the GO_DEV_VERSIONS in test/boulder-tools/tag_and_upload.sh.
+       # Should match one of the GO_CI_VERSIONS in test/boulder-tools/tag_and_upload.sh.
@@ -15,13 +16,15 @@ services:
       # to the IP address where your ACME client's solver is listening.
       # FAKE_DNS: 172.17.0.1
@@ -102,10 +102,14 @@ index 0d59c1228..85791692b 100644
         ipv4_address: 10.77.77.10
     command: "consul agent -dev -config-format=hcl -config-file=/test/consul/config.hcl"
 +    restart: always
-+
+ 
+-  bjaeger:
+-    image: jaegertracing/all-in-one:1.50
 +  gui:
 +    image: *boulder_image
-+    networks:
+     networks:
+-      bouldernet:
+-        ipv4_address: 10.77.77.17
 +      - bouldernet
 +    volumes:
 +      - /var/run/docker.sock:/var/run/docker.sock
@@ -127,15 +131,11 @@ index 0d59c1228..85791692b 100644
 +        max-size: "500k"
 +        max-file: "5"
 +    restart: always
- 
-  bjaeger:
-    image: jaegertracing/all-in-one:1.50
+
 +  nginx:
 +    image: nginx:1.25.4
 +    restart: always
-     networks:
-      bouldernet:
-        ipv4_address: 10.77.77.17
+    networks:
 +      - bouldernet
 +    ports:
 +      - 80:80
--- a/patches/errors_errors.patch
+++ b/patches/errors_errors.patch
@@ -1,8 +1,8 @@
 diff --git a/errors/errors.go b/errors/errors.go
-index 206857bd..9b185064 100644
+index d7328b08d..00bd834d8 100644
 --- a/errors/errors.go
 +++ b/errors/errors.go
-@@ -168,10 +168,10 @@ func NotFoundError(msg string, args ...interface{}) error {
+@@ -171,10 +171,10 @@ func NotFoundError(msg string, args ...interface{}) error {
 	return New(NotFound, msg, args...)
 }
 
--- a/patches/issuance_crl.patch
+++ b/patches/issuance_crl.patch
@@ -1,13 +1,13 @@
 diff --git a/issuance/crl.go b/issuance/crl.go
-index 2f36d695c..c9c2a6548 100644
+index 9f9619ff1..f0a180a6f 100644
 --- a/issuance/crl.go
 +++ b/issuance/crl.go
-@@ -90,7 +90,7 @@ func (i *Issuer) IssueCRL(prof *CRLProfile, req *CRLRequest) ([]byte, error) {
+@@ -91,7 +91,7 @@ func (i *Issuer) IssueCRL(prof *CRLProfile, req *CRLRequest) ([]byte, error) {
 	if req.DeprecatedIDPBaseURL != "" {
 		// TODO(#7296): Remove this fallback once CCADB and all non-expired certs
 		// contain the new-style CRLDP URL instead.
 -		idps = append(idps, fmt.Sprintf("%s/%d/%d.crl", req.DeprecatedIDPBaseURL, i.NameID(), req.Shard))
 +		idps = append(idps, fmt.Sprintf("%s/%d.crl", req.DeprecatedIDPBaseURL, i.NameID()))
 	}
- 	idp, err := makeIDPExt(idps)
+ 	idp, err := idp.MakeUserCertsExt(idps)
 	if err != nil {
--- a/patches/ra_ra.patch
+++ b/patches/ra_ra.patch
@@ -1,5 +1,5 @@
 diff --git a/ra/ra.go b/ra/ra.go
-index 7c62ad078..21bc601b4 100644
+index ea609da8f..2ad0fb2a6 100644
 --- a/ra/ra.go
 +++ b/ra/ra.go
@@ -43,7 +43,6 @@ import (
@@ -10,7 +10,7 @@ index 7c62ad078..21bc601b4 100644
 	"github.com/letsencrypt/boulder/probs"
 	pubpb "github.com/letsencrypt/boulder/publisher/proto"
 	rapb "github.com/letsencrypt/boulder/ra/proto"
-@@ -555,7 +554,7 @@ func (ra *RegistrationAuthorityImpl) validateContacts(contacts []string) error {
+@@ -561,7 +560,7 @@ func (ra *RegistrationAuthorityImpl) validateContacts(contacts []string) error {
 				contact,
 			)
 		}
--- a/patches/ratelimits_names.patch
+++ b/patches/ratelimits_names.patch
@@ -1,8 +1,8 @@
 diff --git a/ratelimits/names.go b/ratelimits/names.go
-index 4a541d1e6..433aaa522 100644
+index c92970498..f4d6c282b 100644
 --- a/ratelimits/names.go
 +++ b/ratelimits/names.go
-@@ -145,7 +145,11 @@ func validateRegId(id string) error {
+@@ -148,7 +148,11 @@ func validateRegId(id string) error {
 // validateDomain validates that the provided string is formatted 'domain',
 // where domain is a domain name.
 func validateDomain(id string) error {
@@ -15,7 +15,7 @@ index 4a541d1e6..433aaa522 100644
 	if err != nil {
 		return fmt.Errorf("invalid domain, %q must be formatted 'domain': %w", id, err)
 	}
-@@ -166,7 +170,11 @@ func validateRegIdDomain(id string) error {
+@@ -169,7 +173,11 @@ func validateRegIdDomain(id string) error {
 		return fmt.Errorf(
 			"invalid regId, %q must be formatted 'regId:domain'", id)
 	}
@@ -28,7 +28,7 @@ index 4a541d1e6..433aaa522 100644
 	if err != nil {
 		return fmt.Errorf(
 			"invalid domain, %q must be formatted 'regId:domain': %w", id, err)
-@@ -182,8 +190,12 @@ func validateFQDNSet(id string) error {
+@@ -185,8 +193,12 @@ func validateFQDNSet(id string) error {
 		return fmt.Errorf(
 			"invalid fqdnSet, %q must be formatted 'fqdnSet'", id)
 	}
--- a/patches/storer_storer.patch
+++ b/patches/storer_storer.patch
@@ -1,8 +1,8 @@
 diff --git a/crl/storer/storer.go b/crl/storer/storer.go
-index 296852415..00dc7da90 100644
+index 10b1753c7..2cbc2eb17 100644
 --- a/crl/storer/storer.go
 +++ b/crl/storer/storer.go
-@@ -11,7 +11,11 @@ import (
+@@ -9,8 +9,12 @@ import (
 	"errors"
 	"fmt"
 	"io"
@@ -10,6 +10,7 @@ index 296852415..00dc7da90 100644
 	"math/big"
 +	"os"
 +	"path/filepath"
+ 	"slices"
 +	"sort"
 	"time"
 
@@ -38,7 +39,7 @@ index 296852415..00dc7da90 100644
 		uploadCount:      uploadCount,
 		sizeHistogram:    sizeHistogram,
 		latencyHistogram: latencyHistogram,
-@@ -203,15 +210,19 @@ func (cs *crlStorer) UploadCRL(stream cspb.CRLStorer_UploadCRLServer) error {
+@@ -218,15 +225,19 @@ func (cs *crlStorer) UploadCRL(stream cspb.CRLStorer_UploadCRLServer) error {
 	checksum := sha256.Sum256(crlBytes)
 	checksumb64 := base64.StdEncoding.EncodeToString(checksum[:])
 	crlContentType := "application/pkix-crl"
@@ -67,9 +68,9 @@ index 296852415..00dc7da90 100644
 
 	latency := cs.clk.Now().Sub(start)
 	cs.latencyHistogram.WithLabelValues(issuer.Subject.CommonName).Observe(latency.Seconds())
-@@ -240,3 +251,46 @@ func getIDPExt(exts []pkix.Extension) []byte {
- 	}
- 	return nil
+@@ -245,3 +256,46 @@ func (cs *crlStorer) UploadCRL(stream cspb.CRLStorer_UploadCRLServer) error {
+ 
+ 	return stream.SendAndClose(&emptypb.Empty{})
 }
 +
 +func storeLocalFile(path string, nameID issuance.NameID, crlNumber *big.Int, shardIdx int64, crlBytes io.Reader) error {