Bump boulder version to release-2024-02-26

2026-01-27 18:19:33 +00:00 · 2024-03-03 11:41:24 +01:00
parent 578a0faaea
commit df520e64f7
10 changed files with 27 additions and 62 deletions
--- a/build/build.sh
+++ b/build/build.sh
@@ -8,7 +8,7 @@ TMP_DIR=$(pwd)/tmp
 rm -rf $TMP_DIR && mkdir -p $TMP_DIR/{admin,bin,logs,src}

 boulderDir=$TMP_DIR/src
-boulderTag="release-2024-02-20"
+boulderTag="release-2024-02-26"
 boulderUrl="https://github.com/letsencrypt/boulder/"
 cloneDir=$(pwd)/..

--- a/gui/apply-boulder
+++ b/gui/apply-boulder
@@ -53,11 +53,11 @@ else
 fi


-perl -i -p0e "s/(\"dnsResolvers\": \[\n).*?(\s+\],)/\1\t\t\t\"$PKI_DNS\"\2/igs" config/va.json
-perl -i -p0e "s/(\"dnsResolvers\": \[\n).*?(\s+\],)/\1\t\t\t\"$PKI_DNS\"\2/igs" config/va-remote-a.json
-perl -i -p0e "s/(\"dnsResolvers\": \[\n).*?(\s+\],)/\1\t\t\t\"$PKI_DNS\"\2/igs" config/va-remote-b.json
-perl -i -p0e "s/(\"dnsResolvers\": \[\n).*?(\s+\],)/\1\t\t\t\"$PKI_DNS\"\2/igs" config/bad-key-revoker.json
-perl -i -p0e "s/(\"dnsResolvers\": \[\n).*?(\s+\],)/\1\t\t\t\"$PKI_DNS\"\2/igs" config/expiration-mailer.json
+perl -i -p0e "s/(\"dnsStaticResolvers\": \[\n).*?(\s+\],)/\1\t\t\t\"$PKI_DNS\"\2/igs" config/va.json
+perl -i -p0e "s/(\"dnsStaticResolvers\": \[\n).*?(\s+\],)/\1\t\t\t\"$PKI_DNS\"\2/igs" config/va-remote-a.json
+perl -i -p0e "s/(\"dnsStaticResolvers\": \[\n).*?(\s+\],)/\1\t\t\t\"$PKI_DNS\"\2/igs" config/va-remote-b.json
+perl -i -p0e "s/(\"dnsStaticResolvers\": \[\n).*?(\s+\],)/\1\t\t\t\"$PKI_DNS\"\2/igs" config/bad-key-revoker.json
+perl -i -p0e "s/(\"dnsStaticResolvers\": \[\n).*?(\s+\],)/\1\t\t\t\"$PKI_DNS\"\2/igs" config/expiration-mailer.json
 for fl in $(grep -Rl maxConnectionAge config/); do
    perl -i -p0e "s/(\s+\"maxConnectionAge\":[^\n]+)//igs" $fl
 done
--- a/4
+++ b/4
@@ -30,7 +30,7 @@ dockerComposeVersion="v2.5.0"

 labcaUrl="https://github.com/hakwerk/labca/"
 boulderUrl="https://github.com/letsencrypt/boulder/"
-boulderTag="release-2024-02-20"
+boulderTag="release-2024-02-26"

 # Feature flags
 flag_skip_redis=true
@@ -786,7 +786,7 @@ startup() {

    [ -d /home/labca/control_logs ] || mkdir -p /home/labca/control_logs

-    docker network rm -f labca_bluenet &>>$installLog || true
+    docker network rm -f labca_bluenet labca_rednet &>>$installLog || true

    # Restore MySQL data when moving from boulder-bmysql-1 to labca-bmysql-1
    if [ -z "$(docker volume ls | grep labca_dbdata)" ] && [ ! -z "$(docker volume ls | grep boulder_dbdata)" ]; then
--- a/mail-tester.go
+++ b/mail-tester.go
@@ -48,7 +48,7 @@ type config struct {
 		SAService *cmd.GRPCClientConfig

 		DNSTries                  int
-		DNSResolvers              []string
+		DNSStaticResolvers        []string
 		DNSTimeout                string
 		DNSAllowLoopbackAddresses bool

@@ -97,8 +97,8 @@ func main() {
 		dnsTries = 1
 	}
 	var resolver bdns.Client
-	servers, err := bdns.NewStaticProvider(c.Mailer.DNSResolvers)
-	cmd.FailOnError(err, "Couldn't parse static DNS server(s)")
+	servers, err := bdns.NewStaticProvider(c.Mailer.DNSStaticResolvers)
+	cmd.FailOnError(err, "Couldn't start static DNS server resolver")
 	tlsConfig, err := c.Mailer.TLS.Load(scope)
 	cmd.FailOnError(err, "TLS config")
 	if !c.Mailer.DNSAllowLoopbackAddresses {
--- a/patch-cfg.sh
+++ b/patch-cfg.sh
@@ -29,9 +29,9 @@ $SUDO patch -p1 -o "$boulderLabCADir/config/ra.json" < $cloneDir/patches/config_
 $SUDO patch -p1 -o "$boulderLabCADir/config/akamai-purger.json" < $cloneDir/patches/config_akamai-purger.patch

 cp test/config/va*.json "$boulderLabCADir/config/"
-perl -i -p0e "s/\"dnsProvider\": \{.*?\t\t},/\"dnsResolvers\": [\n\t\t\t\"127.0.0.1:8053\",\n\t\t\t\"127.0.0.1:8054\"\n\t\t],/igs" $boulderLabCADir/config/va.json
-perl -i -p0e "s/\"dnsProvider\": \{.*?\t\t},/\"dnsResolvers\": [\n\t\t\t\"127.0.0.1:8053\",\n\t\t\t\"127.0.0.1:8054\"\n\t\t],/igs" $boulderLabCADir/config/va-remote-a.json
-perl -i -p0e "s/\"dnsProvider\": \{.*?\t\t},/\"dnsResolvers\": [\n\t\t\t\"127.0.0.1:8053\",\n\t\t\t\"127.0.0.1:8054\"\n\t\t],/igs" $boulderLabCADir/config/va-remote-b.json
+perl -i -p0e "s/\"dnsProvider\": \{.*?\t\t},/\"dnsStaticResolvers\": [\n\t\t\t\"127.0.0.1:8053\",\n\t\t\t\"127.0.0.1:8054\"\n\t\t],/igs" $boulderLabCADir/config/va.json
+perl -i -p0e "s/\"dnsProvider\": \{.*?\t\t},/\"dnsStaticResolvers\": [\n\t\t\t\"127.0.0.1:8053\",\n\t\t\t\"127.0.0.1:8054\"\n\t\t],/igs" $boulderLabCADir/config/va-remote-a.json
+perl -i -p0e "s/\"dnsProvider\": \{.*?\t\t},/\"dnsStaticResolvers\": [\n\t\t\t\"127.0.0.1:8053\",\n\t\t\t\"127.0.0.1:8054\"\n\t\t],/igs" $boulderLabCADir/config/va-remote-b.json
 perl -i -p0e "s/(\"accountURIPrefixes\": \[\n.*?\s+\])/\1,\n\t\t\"labcaDomains\": [\n\t\t]/igs" $boulderLabCADir/config/va.json
 perl -i -p0e "s/(\"accountURIPrefixes\": \[\n.*?\s+\])/\1,\n\t\t\"labcaDomains\": [\n\t\t]/igs" $boulderLabCADir/config/va-remote-a.json
 perl -i -p0e "s/(\"accountURIPrefixes\": \[\n.*?\s+\])/\1,\n\t\t\"labcaDomains\": [\n\t\t]/igs" $boulderLabCADir/config/va-remote-b.json
--- a/patches/bad-key-revoker_main.patch
+++ b/patches/bad-key-revoker_main.patch
@@ -1,5 +1,5 @@
 diff --git a/cmd/bad-key-revoker/main.go b/cmd/bad-key-revoker/main.go
-index e7015e0c8..860c3d0dd 100644
+index e7015e0c8..5e4e73a12 100644
 --- a/cmd/bad-key-revoker/main.go
 +++ b/cmd/bad-key-revoker/main.go
@@ -18,6 +18,7 @@ import (
@@ -15,7 +15,7 @@ index e7015e0c8..860c3d0dd 100644
 		RAService *cmd.GRPCClientConfig
 
 +		DNSTries                  int
-+		DNSResolvers              []string
+		DNSStaticResolvers        []string
 +		DNSTimeout                string
 +		DNSAllowLoopbackAddresses bool
 +
@@ -33,8 +33,8 @@ index e7015e0c8..860c3d0dd 100644
 +		dnsTries = 1
 +	}
 +	var resolver bdns.Client
-+	servers, err := bdns.NewStaticProvider(config.BadKeyRevoker.DNSResolvers)
-+	cmd.FailOnError(err, "Couldn't parse static DNS server(s)")
+	servers, err := bdns.NewStaticProvider(config.BadKeyRevoker.DNSStaticResolvers)
+	cmd.FailOnError(err, "Couldn't start static DNS server resolver")
 +	if !config.BadKeyRevoker.DNSAllowLoopbackAddresses {
 +		r := bdns.New(
 +			dnsTimeout,
--- a/patches/boulder-va_main.patch
+++ b/patches/boulder-va_main.patch
@@ -1,18 +1,8 @@
 diff --git a/cmd/boulder-va/main.go b/cmd/boulder-va/main.go
-index 495acf823..7dfc2ae89 100644
+index 0bef1d4f1..ec03f44e7 100644
 --- a/cmd/boulder-va/main.go
 +++ b/cmd/boulder-va/main.go
-@@ -27,7 +27,8 @@ type Config struct {
- 		// before giving up. May be short-circuited by deadlines. A zero value
- 		// will be turned into 1.
- 		DNSTries                  int
-		DNSProvider               *cmd.DNSProvider `validate:"required"`
-+		DNSResolvers              []string
-+		DNSProvider               *cmd.DNSProvider `validate:"omitempty"`
- 		DNSTimeout                config.Duration  `validate:"required"`
- 		DNSAllowLoopbackAddresses bool
- 
-@@ -37,6 +38,7 @@ type Config struct {
+@@ -41,6 +41,7 @@ type Config struct {
 		Features features.Config
 
 		AccountURIPrefixes []string `validate:"min=1,dive,required,url"`
@@ -20,32 +10,7 @@ index 495acf823..7dfc2ae89 100644
 	}
 
 	Syslog        cmd.SyslogConfig
-@@ -79,7 +81,7 @@ func main() {
- 	}
- 	clk := cmd.Clock()
- 
-	if c.VA.DNSProvider == nil {
-+	if c.VA.DNSProvider == nil && len(c.VA.DNSResolvers) == 0 {
- 		cmd.Fail("Must specify dnsProvider")
- 	}
- 
-@@ -88,8 +90,13 @@ func main() {
- 	if features.Get().DOH {
- 		proto = "tcp"
- 	}
-	servers, err = bdns.StartDynamicProvider(c.VA.DNSProvider, 60*time.Second, proto)
-	cmd.FailOnError(err, "Couldn't start dynamic DNS server resolver")
-+	if len(c.VA.DNSResolvers) > 0 {
-+		servers, err = bdns.NewStaticProvider(c.VA.DNSResolvers)
-+		cmd.FailOnError(err, "Couldn't parse static DNS server(s)")
-+	} else {
-+		servers, err = bdns.StartDynamicProvider(c.VA.DNSProvider, 60*time.Second, proto)
-+		cmd.FailOnError(err, "Couldn't start dynamic DNS server resolver")
-+	}
- 	defer servers.Stop()
- 
- 	tlsConfig, err := c.VA.TLS.Load(scope)
-@@ -144,7 +151,8 @@ func main() {
+@@ -150,7 +151,8 @@ func main() {
 		scope,
 		clk,
 		logger,
--- a/patches/config_bad-key-revoker.patch
+++ b/patches/config_bad-key-revoker.patch
@@ -7,7 +7,7 @@ index f4696dc2..b9c19ce3 100644
 		},
 		"debugAddr": ":8020",
 +		"dnsTries": 3,
-+		"dnsResolvers": [
+		"dnsStaticResolvers": [
 +			"127.0.0.1:8053",
 +			"127.0.0.1:8054"
 +		],
--- a/patches/config_expiration-mailer.patch
+++ b/patches/config_expiration-mailer.patch
@@ -7,7 +7,7 @@ index 3b813060..6c709172 100644
 		"emailTemplate": "test/config/expiration-mailer.gotmpl",
 		"debugAddr": ":8008",
 +		"dnsTries": 3,
-+		"dnsResolvers": [
+		"dnsStaticResolvers": [
 +			"127.0.0.1:8053",
 +			"127.0.0.1:8054"
 +		],
--- a/patches/expiration-mailer_main.patch
+++ b/patches/expiration-mailer_main.patch
@@ -1,5 +1,5 @@
 diff --git a/cmd/expiration-mailer/main.go b/cmd/expiration-mailer/main.go
-index e1014ebab..db289ca96 100644
+index e1014ebab..4cf2fdbfc 100644
 --- a/cmd/expiration-mailer/main.go
 +++ b/cmd/expiration-mailer/main.go
@@ -23,6 +23,7 @@ import (
@@ -38,7 +38,7 @@ index e1014ebab..db289ca96 100644
 		SAService *cmd.GRPCClientConfig
 
 +		DNSTries                  int
-+		DNSResolvers              []string
+		DNSStaticResolvers        []string
 +		DNSTimeout                string
 +		DNSAllowLoopbackAddresses bool
 +
@@ -56,8 +56,8 @@ index e1014ebab..db289ca96 100644
 +		dnsTries = 1
 +	}
 +	var resolver bdns.Client
-+	servers, err := bdns.NewStaticProvider(c.Mailer.DNSResolvers)
-+	cmd.FailOnError(err, "Couldn't parse static DNS server(s)")
+	servers, err := bdns.NewStaticProvider(c.Mailer.DNSStaticResolvers)
+	cmd.FailOnError(err, "Couldn't start static DNS server resolver")
 +	if !c.Mailer.DNSAllowLoopbackAddresses {
 +		r := bdns.New(
 +			dnsTimeout,