github-personal/labca
1
0
Fork 0
mirror of https://github.com/outbackdingo/labca.git synced 2026-01-27 18:19:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Bump boulder version to release-2021-11-02

Browse Source
This commit is contained in:
Arjan H
2021-11-06 09:25:25 +01:00
parent 49c6eed6c0
commit d045cd4639
13 changed files with 72 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
gui/apply-boulder
View File

@@ -55,6 +55,7 @@ if [ "$PKI_EXTENDED_TIMEOUT" == "1" ]; then
sed -i -e "s/\"timeout\": \"20s\"/\"timeout\": \"40s\"/" config/ra.json
sed -i -e "s/\"timeout\": \"15s\"/\"timeout\": \"30s\"/" config/ocsp-updater.json
sed -i -e "s/\"timeout\": \"15s\"/\"timeout\": \"30s\"/" config/orphan-finder.json
sed -i -e "s/\"timeout\": \"1s\"/\"timeout\": \"5s\"/" config/health-checker.json
fi
sed -i -e "s/\"server\": \".*\"/\"server\": \"$PKI_EMAIL_SERVER\"/" config/bad-key-revoker.json

31
install
View File

@@ -24,7 +24,7 @@ dockerComposeVersion="1.28.5"
labcaUrl="https://github.com/hakwerk/labca/"
boulderUrl="https://github.com/letsencrypt/boulder/"
boulderTag="release-2021-08-31"
boulderTag="release-2021-11-02"
#
# Color configuration
@@ -515,6 +515,8 @@ config_boulder() {
[ ! -e "$boulderLabCADir/secrets/smtp_password_PRESERVE" ] || mv "$boulderLabCADir/secrets/smtp_password_PRESERVE" "$boulderLabCADir/secrets/smtp_password"
chown -R labca:labca "$boulderLabCADir"
rm -rf authz-filler challtestsrv gsb-test-srv
msg_ok "$msg"
msg="Configure the boulder application"
msg_info "$msg"
@@ -591,17 +593,17 @@ config_boulder() {
sed -i -e "s/test-ca2.pem/test-ca.pem/" config/ra.json
sed -i -e "s/test-ca2.pem/test-ca.pem/" config/wfe.json
sed -i -e "s/test-ca2.pem/test-ca.pem/" config/wfe2.json
sed -i -e "s|/tmp/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" config/akamai-purger.json
sed -i -e "s|/tmp/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" config/ocsp-responder.json
sed -i -e "s|/tmp/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" config/ocsp-updater.json
sed -i -e "s|/tmp/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" config/publisher.json
sed -i -e "s|/tmp/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" config/ra.json
sed -i -e "s|/tmp/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" config/wfe.json
sed -i -e "s|/tmp/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" config/wfe2.json
sed -i -e "s|/tmp/root-cert-rsa.pem|labca/test-root.pem|" config/publisher.json
sed -i -e "s|/tmp/root-cert-rsa.pem|labca/test-root.pem|" integration-test.py
sed -i -e "s|/tmp/root-cert-rsa.pem|labca/test-root.pem|" helpers.py
sed -i -e "s|/tmp/root-cert-rsa.pem|labca/test-root.pem|" v1_integration.py
sed -i -e "s|/hierarchy/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" config/akamai-purger.json
sed -i -e "s|/hierarchy/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" config/ocsp-responder.json
sed -i -e "s|/hierarchy/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" config/ocsp-updater.json
sed -i -e "s|/hierarchy/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" config/publisher.json
sed -i -e "s|/hierarchy/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" config/ra.json
sed -i -e "s|/hierarchy/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" config/wfe.json
sed -i -e "s|/hierarchy/intermediate-cert-rsa-a.pem|labca/test-ca.pem|" config/wfe2.json
sed -i -e "s|/hierarchy/root-cert-rsa.pem|labca/test-root.pem|" config/publisher.json
sed -i -e "s|/hierarchy/root-cert-rsa.pem|labca/test-root.pem|" integration-test.py
sed -i -e "s|/hierarchy/root-cert-rsa.pem|labca/test-root.pem|" helpers.py
sed -i -e "s|/hierarchy/root-cert-rsa.pem|labca/test-root.pem|" v1_integration.py
sed -i -e "s/5001/443/g" config/va.json
sed -i -e "s/5002/80/g" config/va.json
sed -i -e "s/5001/443/g" config/va-remote-a.json
@@ -665,6 +667,11 @@ config_boulder() {
export PKI_EMAIL_FROM="Expiry bot <test@example.com>"
fi
local extended_timeout=$(grep extended_timeout $adminDir/data/config.json | grep true)
if [ "$extended_timeout" != "" ]; then
export PKI_EXTENDED_TIMEOUT=1
fi
$adminDir/apply-boulder &>>$installLog
else
chown -R labca:labca "$boulderLabCADir"

2
patches/cmd_shell.patch
View File

@@ -2,7 +2,7 @@ diff --git a/cmd/shell.go b/cmd/shell.go
index 38f1edaf4..795815483 100644
--- a/cmd/shell.go
+++ b/cmd/shell.go
@@ -163,7 +163,7 @@ func NewLogger(logConf SyslogConfig) blog.Logger {
@@ -165,7 +165,7 @@ func NewLogger(logConf SyslogConfig) blog.Logger {
// Boulder's conception of time.
go func() {
for {

4
patches/config_expiration-mailer.patch
View File

@@ -2,7 +2,7 @@ diff --git a/test/config/expiration-mailer.json b/test/config/expiration-mailer.
index 4519fe4d..f52a408c 100644
--- a/test/config/expiration-mailer.json
+++ b/test/config/expiration-mailer.json
@@ -13,6 +13,11 @@
@@ -14,6 +14,11 @@
"nagCheckInterval": "24h",
"emailTemplate": "test/example-expiration-template",
"debugAddr": ":8008",
@@ -14,7 +14,7 @@ index 4519fe4d..f52a408c 100644
"tls": {
"caCertFile": "test/grpc-creds/minica.pem",
"certFile": "test/grpc-creds/expiration-mailer.boulder/cert.pem",
@@ -33,5 +38,9 @@
@@ -34,5 +39,9 @@
"beeline": {
"mute": true,
"dataset": "Test"

10
patches/config_ocsp-responder.patch
View File

@@ -1,15 +1,15 @@
diff --git a/test/config/ocsp-responder.json b/test/config/ocsp-responder.json
index fd2c4a8..a5e65d2 100644
index ed874d3..a1a78f3 100644
--- a/test/config/ocsp-responder.json
+++ b/test/config/ocsp-responder.json
@@ -7,9 +7,7 @@
"path": "/",
"listenAddress": "0.0.0.0:4002",
"issuerCerts": [
- "/tmp/intermediate-cert-rsa-a.pem",
- "/tmp/intermediate-cert-rsa-b.pem",
- "/tmp/intermediate-cert-ecdsa-a.pem"
+ "/tmp/intermediate-cert-rsa-a.pem"
- "/hierarchy/intermediate-cert-rsa-a.pem",
- "/hierarchy/intermediate-cert-rsa-b.pem",
- "/hierarchy/intermediate-cert-ecdsa-a.pem"
+ "/hierarchy/intermediate-cert-rsa-a.pem"
],
"maxAge": "10s",
"timeout": "4.9s",

18
patches/config_publisher.patch
View File

@@ -1,23 +1,23 @@
diff --git a/test/config/publisher.json b/test/config/publisher.json
index 6c75f71..54fb877 100644
index 6e0337c..1e5ed7b 100644
--- a/test/config/publisher.json
+++ b/test/config/publisher.json
@@ -6,18 +6,6 @@
[
"/tmp/intermediate-cert-rsa-a.pem",
"/tmp/root-cert-rsa.pem"
"/hierarchy/intermediate-cert-rsa-a.pem",
"/hierarchy/root-cert-rsa.pem"
- ],
- [
- "/tmp/intermediate-cert-rsa-b.pem",
- "/tmp/root-cert-rsa.pem"
- "/hierarchy/intermediate-cert-rsa-b.pem",
- "/hierarchy/root-cert-rsa.pem"
- ],
- [
- "/tmp/intermediate-cert-ecdsa-a.pem",
- "/tmp/root-cert-ecdsa.pem"
- "/hierarchy/intermediate-cert-ecdsa-a.pem",
- "/hierarchy/root-cert-ecdsa.pem"
- ],
- [
- "/tmp/intermediate-cert-ecdsa-b.pem",
- "/tmp/root-cert-ecdsa.pem"
- "/hierarchy/intermediate-cert-ecdsa-b.pem",
- "/hierarchy/root-cert-ecdsa.pem"
]
],
"debugAddr": ":8009",

4
patches/core_interfaces.patch
View File

@@ -2,11 +2,9 @@ diff --git a/core/interfaces.go b/core/interfaces.go
index d19eb4fb8..3ae50d737 100644
--- a/core/interfaces.go
+++ b/core/interfaces.go
@@ -91,6 +91,7 @@ type PolicyAuthority interface {
@@ -50,4 +50,5 @@ type PolicyAuthority interface {
WillingToIssueWildcards(identifiers []identifier.ACMEIdentifier) error
ChallengesFor(domain identifier.ACMEIdentifier) ([]Challenge, error)
ChallengeTypeEnabled(t AcmeChallenge) bool
+ ValidEmail(address string) error
}
// StorageGetter are the Boulder SA's read-only methods

26
patches/docker-compose.patch
View File

@@ -1,9 +1,9 @@
diff --git a/docker-compose.yml b/docker-compose.yml
index 713667d60..0a384c8ab 100644
index f2c81aad9..116b858be 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -4,10 +4,11 @@ services:
image: &boulder_image letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-go1.16.6_2021-07-12}
image: &boulder_image letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-go1.17_2021-10-22}
environment:
FAKE_DNS: 10.77.77.77
- BOULDER_CONFIG_DIR: test/config
@@ -13,12 +13,12 @@ index 713667d60..0a384c8ab 100644
- .:/go/src/github.com/letsencrypt/boulder:cached
+ - /home/labca/boulder_labca:/go/src/github.com/letsencrypt/boulder/labca
- ./.gocache:/root/.cache/go-build:cached
networks:
bluenet:
@@ -49,11 +50,19 @@ services:
- 8055:8055 # dns-test-srv updates
depends_on:
- ./.hierarchy:/hierarchy/:cached
- ./.softhsm-tokens/:/var/lib/softhsm/tokens/:cached
@@ -37,11 +38,19 @@ services:
- bmysql
- bredis
- bredis_clusterer
- entrypoint: test/entrypoint.sh
+ entrypoint: labca/entrypoint.sh
working_dir: &boulder_working_dir /go/src/github.com/letsencrypt/boulder
@@ -36,7 +36,7 @@ index 713667d60..0a384c8ab 100644
networks:
bluenet:
aliases:
@@ -67,22 +76,37 @@ services:
@@ -55,7 +64,11 @@ services:
# small.
command: mysqld --bind-address=0.0.0.0 --slow-query-log --log-output=TABLE --log-queries-not-using-indexes=ON
logging:
@@ -47,6 +47,12 @@ index 713667d60..0a384c8ab 100644
+ max-file: "5"
+ restart: always
bredis:
image: redis:latest
@@ -82,18 +95,31 @@ services:
aliases:
- boulder-redis-clusterer
- netaccess:
+ labca:
image: *boulder_image
@@ -67,8 +73,8 @@ index 713667d60..0a384c8ab 100644
+ - /home/labca/boulder_labca:/boulder/labca
+ ports:
+ - 3000:3000
depends_on:
- bmysql
+ depends_on:
+ - bmysql
+ working_dir: /go/src/labca
+ command: ./setup.sh
+ logging:

18
patches/expiration-mailer_main.patch
View File

@@ -1,16 +1,16 @@
diff --git a/cmd/expiration-mailer/main.go b/cmd/expiration-mailer/main.go
index f6b02976e..0b00b794d 100644
index a471e1db5..4b7f7374f 100644
--- a/cmd/expiration-mailer/main.go
+++ b/cmd/expiration-mailer/main.go
@@ -20,6 +20,7 @@ import (
"github.com/honeycombio/beeline-go"
@@ -23,6 +23,7 @@ import (
"github.com/jmhodges/clock"
"google.golang.org/grpc"
+ "github.com/letsencrypt/boulder/bdns"
"github.com/letsencrypt/boulder/cmd"
"github.com/letsencrypt/boulder/core"
corepb "github.com/letsencrypt/boulder/core/proto"
@@ -36,7 +37,7 @@ import (
@@ -39,7 +40,7 @@ import (
const (
defaultNagCheckInterval = 24 * time.Hour
@@ -19,7 +19,7 @@ index f6b02976e..0b00b794d 100644
)
type regStore interface {
@@ -385,6 +386,9 @@ type config struct {
@@ -419,6 +420,9 @@ type config struct {
TLS cmd.TLSConfig
SAService *cmd.GRPCClientConfig
@@ -29,7 +29,7 @@ index f6b02976e..0b00b794d 100644
// Path to a file containing a list of trusted root certificates for use
// during the SMTP connection (as opposed to the gRPC connections).
SMTPTrustedRootFile string
@@ -394,6 +398,12 @@ type config struct {
@@ -428,6 +432,12 @@ type config struct {
Syslog cmd.SyslogConfig
Beeline cmd.BeelineConfig
@@ -42,9 +42,9 @@ index f6b02976e..0b00b794d 100644
}
func initStats(stats prometheus.Registerer) mailerStats {
@@ -511,6 +521,32 @@ func main() {
@@ -545,6 +555,32 @@ func main() {
cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA")
sac := bgrpc.NewStorageAuthorityClient(sapb.NewStorageAuthorityClient(conn))
sac := sapb.NewStorageAuthorityClient(conn)
+ dnsTimeout, err := time.ParseDuration(c.Common.DNSTimeout)
+ cmd.FailOnError(err, "Couldn't parse DNS timeout")
@@ -75,7 +75,7 @@ index f6b02976e..0b00b794d 100644
var smtpRoots *x509.CertPool
if c.Mailer.SMTPTrustedRootFile != "" {
pem, err := ioutil.ReadFile(c.Mailer.SMTPTrustedRootFile)
@@ -546,6 +582,7 @@ func main() {
@@ -580,6 +616,7 @@ func main() {
c.Mailer.Username,
smtpPassword,
smtpRoots,

2
patches/ra_ra.patch
View File

@@ -10,7 +10,7 @@ index 1023d0232..3f8d86d87 100644
"github.com/letsencrypt/boulder/probs"
pubpb "github.com/letsencrypt/boulder/publisher/proto"
rapb "github.com/letsencrypt/boulder/ra/proto"
@@ -435,7 +434,7 @@ func (ra *RegistrationAuthorityImpl) validateContacts(ctx context.Context, conta
@@ -436,7 +435,7 @@ func (ra *RegistrationAuthorityImpl) validateContacts(ctx context.Context, conta
contact,
)
}

4
patches/startservers.patch
View File

@@ -1,5 +1,5 @@
diff --git a/test/startservers.py b/test/startservers.py
index ec8ada190..be5b7a2f2 100644
index 0df56a4..14aa548 100644
--- a/test/startservers.py
+++ b/test/startservers.py
@@ -146,6 +146,9 @@ processes = []
@@ -9,6 +9,6 @@ index ec8ada190..be5b7a2f2 100644
+ pass
+
+def setupHierarchyOriginal():
"""Set up the issuance hierarchy. Must have called install() before this."""
e = os.environ.copy()
e.setdefault("GOBIN", "%s/bin" % os.getcwd())
try:

6
patches/test_config_ca_a.patch
View File

@@ -1,12 +1,12 @@
diff --git a/test/config/ca-a.json b/test/config/ca-a.json
index 92b32f094..e220d7d4f 100644
index 0be07e4..cd5de49 100644
--- a/test/config/ca-a.json
+++ b/test/config/ca-a.json
@@ -60,19 +60,7 @@
"crlURL": "http://example.com/crl",
"location": {
"configFile": "test/test-ca.key-pkcs11.json",
- "certFile": "/tmp/intermediate-cert-rsa-a.pem",
- "certFile": "/hierarchy/intermediate-cert-rsa-a.pem",
- "numSessions": 2
- }
- },
@@ -18,7 +18,7 @@ index 92b32f094..e220d7d4f 100644
- "crlURL": "http://example.com/crl",
- "location": {
- "configFile": "test/test-ca.key-pkcs11.json",
- "certFile": "/tmp/intermediate-cert-rsa-b.pem",
- "certFile": "/hierarchy/intermediate-cert-rsa-b.pem",
+ "certFile": "test/test-ca.pem",
"numSessions": 2
}

6
patches/test_config_ca_b.patch
View File

@@ -1,12 +1,12 @@
diff --git a/test/config/ca-b.json b/test/config/ca-b.json
index 6c7d9d272..4e428bc4a 100644
index baf5483..0aa6fd4 100644
--- a/test/config/ca-b.json
+++ b/test/config/ca-b.json
@@ -60,19 +60,7 @@
"crlURL": "http://example.com/crl",
"location": {
"configFile": "test/test-ca.key-pkcs11.json",
- "certFile": "/tmp/intermediate-cert-rsa-a.pem",
- "certFile": "/hierarchy/intermediate-cert-rsa-a.pem",
- "numSessions": 2
- }
- },
@@ -18,7 +18,7 @@ index 6c7d9d272..4e428bc4a 100644
- "crlURL": "http://example.com/crl",
- "location": {
- "configFile": "test/test-ca.key-pkcs11.json",
- "certFile": "/tmp/intermediate-cert-rsa-b.pem",
- "certFile": "/hierarchy/intermediate-cert-rsa-b.pem",
+ "certFile": "test/test-ca.pem",
"numSessions": 2
}