diff --git a/build/build.sh b/build/build.sh index eb11b8a..a1de0ac 100755 --- a/build/build.sh +++ b/build/build.sh @@ -8,7 +8,7 @@ TMP_DIR=$(pwd)/tmp rm -rf $TMP_DIR && mkdir -p $TMP_DIR/{admin,bin,logs,src} boulderDir=$TMP_DIR/src -boulderTag="release-2024-02-20" +boulderTag="release-2024-02-26" boulderUrl="https://github.com/letsencrypt/boulder/" cloneDir=$(pwd)/.. diff --git a/gui/apply-boulder b/gui/apply-boulder index 7609e7a..a139a17 100755 --- a/gui/apply-boulder +++ b/gui/apply-boulder @@ -53,11 +53,11 @@ else fi -perl -i -p0e "s/(\"dnsResolvers\": \[\n).*?(\s+\],)/\1\t\t\t\"$PKI_DNS\"\2/igs" config/va.json -perl -i -p0e "s/(\"dnsResolvers\": \[\n).*?(\s+\],)/\1\t\t\t\"$PKI_DNS\"\2/igs" config/va-remote-a.json -perl -i -p0e "s/(\"dnsResolvers\": \[\n).*?(\s+\],)/\1\t\t\t\"$PKI_DNS\"\2/igs" config/va-remote-b.json -perl -i -p0e "s/(\"dnsResolvers\": \[\n).*?(\s+\],)/\1\t\t\t\"$PKI_DNS\"\2/igs" config/bad-key-revoker.json -perl -i -p0e "s/(\"dnsResolvers\": \[\n).*?(\s+\],)/\1\t\t\t\"$PKI_DNS\"\2/igs" config/expiration-mailer.json +perl -i -p0e "s/(\"dnsStaticResolvers\": \[\n).*?(\s+\],)/\1\t\t\t\"$PKI_DNS\"\2/igs" config/va.json +perl -i -p0e "s/(\"dnsStaticResolvers\": \[\n).*?(\s+\],)/\1\t\t\t\"$PKI_DNS\"\2/igs" config/va-remote-a.json +perl -i -p0e "s/(\"dnsStaticResolvers\": \[\n).*?(\s+\],)/\1\t\t\t\"$PKI_DNS\"\2/igs" config/va-remote-b.json +perl -i -p0e "s/(\"dnsStaticResolvers\": \[\n).*?(\s+\],)/\1\t\t\t\"$PKI_DNS\"\2/igs" config/bad-key-revoker.json +perl -i -p0e "s/(\"dnsStaticResolvers\": \[\n).*?(\s+\],)/\1\t\t\t\"$PKI_DNS\"\2/igs" config/expiration-mailer.json for fl in $(grep -Rl maxConnectionAge config/); do perl -i -p0e "s/(\s+\"maxConnectionAge\":[^\n]+)//igs" $fl done diff --git a/install b/install index 1043cf8..7535834 100755 --- a/install +++ b/install @@ -30,7 +30,7 @@ dockerComposeVersion="v2.5.0" labcaUrl="https://github.com/hakwerk/labca/" boulderUrl="https://github.com/letsencrypt/boulder/" -boulderTag="release-2024-02-20" +boulderTag="release-2024-02-26" # Feature flags flag_skip_redis=true @@ -786,7 +786,7 @@ startup() { [ -d /home/labca/control_logs ] || mkdir -p /home/labca/control_logs - docker network rm -f labca_bluenet &>>$installLog || true + docker network rm -f labca_bluenet labca_rednet &>>$installLog || true # Restore MySQL data when moving from boulder-bmysql-1 to labca-bmysql-1 if [ -z "$(docker volume ls | grep labca_dbdata)" ] && [ ! -z "$(docker volume ls | grep boulder_dbdata)" ]; then diff --git a/mail-tester.go b/mail-tester.go index b0a0a45..6dd204c 100644 --- a/mail-tester.go +++ b/mail-tester.go @@ -48,7 +48,7 @@ type config struct { SAService *cmd.GRPCClientConfig DNSTries int - DNSResolvers []string + DNSStaticResolvers []string DNSTimeout string DNSAllowLoopbackAddresses bool @@ -97,8 +97,8 @@ func main() { dnsTries = 1 } var resolver bdns.Client - servers, err := bdns.NewStaticProvider(c.Mailer.DNSResolvers) - cmd.FailOnError(err, "Couldn't parse static DNS server(s)") + servers, err := bdns.NewStaticProvider(c.Mailer.DNSStaticResolvers) + cmd.FailOnError(err, "Couldn't start static DNS server resolver") tlsConfig, err := c.Mailer.TLS.Load(scope) cmd.FailOnError(err, "TLS config") if !c.Mailer.DNSAllowLoopbackAddresses { diff --git a/patch-cfg.sh b/patch-cfg.sh index ea3fb24..b588d47 100755 --- a/patch-cfg.sh +++ b/patch-cfg.sh @@ -29,9 +29,9 @@ $SUDO patch -p1 -o "$boulderLabCADir/config/ra.json" < $cloneDir/patches/config_ $SUDO patch -p1 -o "$boulderLabCADir/config/akamai-purger.json" < $cloneDir/patches/config_akamai-purger.patch cp test/config/va*.json "$boulderLabCADir/config/" -perl -i -p0e "s/\"dnsProvider\": \{.*?\t\t},/\"dnsResolvers\": [\n\t\t\t\"127.0.0.1:8053\",\n\t\t\t\"127.0.0.1:8054\"\n\t\t],/igs" $boulderLabCADir/config/va.json -perl -i -p0e "s/\"dnsProvider\": \{.*?\t\t},/\"dnsResolvers\": [\n\t\t\t\"127.0.0.1:8053\",\n\t\t\t\"127.0.0.1:8054\"\n\t\t],/igs" $boulderLabCADir/config/va-remote-a.json -perl -i -p0e "s/\"dnsProvider\": \{.*?\t\t},/\"dnsResolvers\": [\n\t\t\t\"127.0.0.1:8053\",\n\t\t\t\"127.0.0.1:8054\"\n\t\t],/igs" $boulderLabCADir/config/va-remote-b.json +perl -i -p0e "s/\"dnsProvider\": \{.*?\t\t},/\"dnsStaticResolvers\": [\n\t\t\t\"127.0.0.1:8053\",\n\t\t\t\"127.0.0.1:8054\"\n\t\t],/igs" $boulderLabCADir/config/va.json +perl -i -p0e "s/\"dnsProvider\": \{.*?\t\t},/\"dnsStaticResolvers\": [\n\t\t\t\"127.0.0.1:8053\",\n\t\t\t\"127.0.0.1:8054\"\n\t\t],/igs" $boulderLabCADir/config/va-remote-a.json +perl -i -p0e "s/\"dnsProvider\": \{.*?\t\t},/\"dnsStaticResolvers\": [\n\t\t\t\"127.0.0.1:8053\",\n\t\t\t\"127.0.0.1:8054\"\n\t\t],/igs" $boulderLabCADir/config/va-remote-b.json perl -i -p0e "s/(\"accountURIPrefixes\": \[\n.*?\s+\])/\1,\n\t\t\"labcaDomains\": [\n\t\t]/igs" $boulderLabCADir/config/va.json perl -i -p0e "s/(\"accountURIPrefixes\": \[\n.*?\s+\])/\1,\n\t\t\"labcaDomains\": [\n\t\t]/igs" $boulderLabCADir/config/va-remote-a.json perl -i -p0e "s/(\"accountURIPrefixes\": \[\n.*?\s+\])/\1,\n\t\t\"labcaDomains\": [\n\t\t]/igs" $boulderLabCADir/config/va-remote-b.json diff --git a/patches/bad-key-revoker_main.patch b/patches/bad-key-revoker_main.patch index 1cc4e0c..96b323d 100644 --- a/patches/bad-key-revoker_main.patch +++ b/patches/bad-key-revoker_main.patch @@ -1,5 +1,5 @@ diff --git a/cmd/bad-key-revoker/main.go b/cmd/bad-key-revoker/main.go -index e7015e0c8..860c3d0dd 100644 +index e7015e0c8..5e4e73a12 100644 --- a/cmd/bad-key-revoker/main.go +++ b/cmd/bad-key-revoker/main.go @@ -18,6 +18,7 @@ import ( @@ -15,7 +15,7 @@ index e7015e0c8..860c3d0dd 100644 RAService *cmd.GRPCClientConfig + DNSTries int -+ DNSResolvers []string ++ DNSStaticResolvers []string + DNSTimeout string + DNSAllowLoopbackAddresses bool + @@ -33,8 +33,8 @@ index e7015e0c8..860c3d0dd 100644 + dnsTries = 1 + } + var resolver bdns.Client -+ servers, err := bdns.NewStaticProvider(config.BadKeyRevoker.DNSResolvers) -+ cmd.FailOnError(err, "Couldn't parse static DNS server(s)") ++ servers, err := bdns.NewStaticProvider(config.BadKeyRevoker.DNSStaticResolvers) ++ cmd.FailOnError(err, "Couldn't start static DNS server resolver") + if !config.BadKeyRevoker.DNSAllowLoopbackAddresses { + r := bdns.New( + dnsTimeout, diff --git a/patches/boulder-va_main.patch b/patches/boulder-va_main.patch index f8e8b07..5b7fedd 100644 --- a/patches/boulder-va_main.patch +++ b/patches/boulder-va_main.patch @@ -1,18 +1,8 @@ diff --git a/cmd/boulder-va/main.go b/cmd/boulder-va/main.go -index 495acf823..7dfc2ae89 100644 +index 0bef1d4f1..ec03f44e7 100644 --- a/cmd/boulder-va/main.go +++ b/cmd/boulder-va/main.go -@@ -27,7 +27,8 @@ type Config struct { - // before giving up. May be short-circuited by deadlines. A zero value - // will be turned into 1. - DNSTries int -- DNSProvider *cmd.DNSProvider `validate:"required"` -+ DNSResolvers []string -+ DNSProvider *cmd.DNSProvider `validate:"omitempty"` - DNSTimeout config.Duration `validate:"required"` - DNSAllowLoopbackAddresses bool - -@@ -37,6 +38,7 @@ type Config struct { +@@ -41,6 +41,7 @@ type Config struct { Features features.Config AccountURIPrefixes []string `validate:"min=1,dive,required,url"` @@ -20,32 +10,7 @@ index 495acf823..7dfc2ae89 100644 } Syslog cmd.SyslogConfig -@@ -79,7 +81,7 @@ func main() { - } - clk := cmd.Clock() - -- if c.VA.DNSProvider == nil { -+ if c.VA.DNSProvider == nil && len(c.VA.DNSResolvers) == 0 { - cmd.Fail("Must specify dnsProvider") - } - -@@ -88,8 +90,13 @@ func main() { - if features.Get().DOH { - proto = "tcp" - } -- servers, err = bdns.StartDynamicProvider(c.VA.DNSProvider, 60*time.Second, proto) -- cmd.FailOnError(err, "Couldn't start dynamic DNS server resolver") -+ if len(c.VA.DNSResolvers) > 0 { -+ servers, err = bdns.NewStaticProvider(c.VA.DNSResolvers) -+ cmd.FailOnError(err, "Couldn't parse static DNS server(s)") -+ } else { -+ servers, err = bdns.StartDynamicProvider(c.VA.DNSProvider, 60*time.Second, proto) -+ cmd.FailOnError(err, "Couldn't start dynamic DNS server resolver") -+ } - defer servers.Stop() - - tlsConfig, err := c.VA.TLS.Load(scope) -@@ -144,7 +151,8 @@ func main() { +@@ -150,7 +151,8 @@ func main() { scope, clk, logger, diff --git a/patches/config_bad-key-revoker.patch b/patches/config_bad-key-revoker.patch index 78e009a..27eee0b 100644 --- a/patches/config_bad-key-revoker.patch +++ b/patches/config_bad-key-revoker.patch @@ -7,7 +7,7 @@ index f4696dc2..b9c19ce3 100644 }, "debugAddr": ":8020", + "dnsTries": 3, -+ "dnsResolvers": [ ++ "dnsStaticResolvers": [ + "127.0.0.1:8053", + "127.0.0.1:8054" + ], diff --git a/patches/config_expiration-mailer.patch b/patches/config_expiration-mailer.patch index b41ec65..0423265 100644 --- a/patches/config_expiration-mailer.patch +++ b/patches/config_expiration-mailer.patch @@ -7,7 +7,7 @@ index 3b813060..6c709172 100644 "emailTemplate": "test/config/expiration-mailer.gotmpl", "debugAddr": ":8008", + "dnsTries": 3, -+ "dnsResolvers": [ ++ "dnsStaticResolvers": [ + "127.0.0.1:8053", + "127.0.0.1:8054" + ], diff --git a/patches/expiration-mailer_main.patch b/patches/expiration-mailer_main.patch index 07b55e5..12d6282 100644 --- a/patches/expiration-mailer_main.patch +++ b/patches/expiration-mailer_main.patch @@ -1,5 +1,5 @@ diff --git a/cmd/expiration-mailer/main.go b/cmd/expiration-mailer/main.go -index e1014ebab..db289ca96 100644 +index e1014ebab..4cf2fdbfc 100644 --- a/cmd/expiration-mailer/main.go +++ b/cmd/expiration-mailer/main.go @@ -23,6 +23,7 @@ import ( @@ -38,7 +38,7 @@ index e1014ebab..db289ca96 100644 SAService *cmd.GRPCClientConfig + DNSTries int -+ DNSResolvers []string ++ DNSStaticResolvers []string + DNSTimeout string + DNSAllowLoopbackAddresses bool + @@ -56,8 +56,8 @@ index e1014ebab..db289ca96 100644 + dnsTries = 1 + } + var resolver bdns.Client -+ servers, err := bdns.NewStaticProvider(c.Mailer.DNSResolvers) -+ cmd.FailOnError(err, "Couldn't parse static DNS server(s)") ++ servers, err := bdns.NewStaticProvider(c.Mailer.DNSStaticResolvers) ++ cmd.FailOnError(err, "Couldn't start static DNS server resolver") + if !c.Mailer.DNSAllowLoopbackAddresses { + r := bdns.New( + dnsTimeout,