mirror of
https://github.com/outbackdingo/labca.git
synced 2026-01-27 10:19:34 +00:00
Bump boulder version to release-2022-11-01
This commit is contained in:
Arjan H
2
install
2
install
@@ -24,7 +24,7 @@ dockerComposeVersion="v2.5.0"
|
||||
|
||||
labcaUrl="https://github.com/hakwerk/labca/"
|
||||
boulderUrl="https://github.com/letsencrypt/boulder/"
|
||||
boulderTag="release-2022-10-25"
|
||||
boulderTag="release-2022-11-01"
|
||||
|
||||
# Feature flags
|
||||
flag_skip_redis=true
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
diff --git a/cmd/bad-key-revoker/main.go b/cmd/bad-key-revoker/main.go
|
||||
index 4f7a476b5..e907b43a1 100644
|
||||
index 066b69b8..d9e0b57e 100644
|
||||
--- a/cmd/bad-key-revoker/main.go
|
||||
+++ b/cmd/bad-key-revoker/main.go
|
||||
@@ -14,6 +14,7 @@ import (
|
||||
@@ -33,7 +33,7 @@ index 4f7a476b5..e907b43a1 100644
|
||||
}
|
||||
|
||||
func main() {
|
||||
@@ -455,6 +465,32 @@ func main() {
|
||||
@@ -454,6 +464,32 @@ func main() {
|
||||
cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to RA")
|
||||
rac := rapb.NewRegistrationAuthorityClient(conn)
|
||||
|
||||
@@ -66,7 +66,7 @@ index 4f7a476b5..e907b43a1 100644
|
||||
var smtpRoots *x509.CertPool
|
||||
if config.BadKeyRevoker.Mailer.SMTPTrustedRootFile != "" {
|
||||
pem, err := os.ReadFile(config.BadKeyRevoker.Mailer.SMTPTrustedRootFile)
|
||||
@@ -476,6 +512,7 @@ func main() {
|
||||
@@ -475,6 +511,7 @@ func main() {
|
||||
config.BadKeyRevoker.Mailer.Username,
|
||||
smtpPassword,
|
||||
smtpRoots,
|
||||
|
||||
@@ -2,7 +2,7 @@ diff --git a/test/config/crl-updater.json b/test/config/crl-updater.json
|
||||
index f6b70123f..a6c1471e5 100644
|
||||
--- a/test/config/crl-updater.json
|
||||
+++ b/test/config/crl-updater.json
|
||||
@@ -22,15 +22,13 @@
|
||||
@@ -22,15 +22,15 @@
|
||||
"hostOverride": "crl-storer.boulder"
|
||||
},
|
||||
"issuerCerts": [
|
||||
@@ -17,6 +17,8 @@ index f6b70123f..a6c1471e5 100644
|
||||
- "updatePeriod": "6h",
|
||||
- "updateOffset": "9120s",
|
||||
- "maxParallelism": 10
|
||||
+ "shardWidth": "24h",
|
||||
+ "lookbackPeriod": "96h",
|
||||
+ "updatePeriod": "24h",
|
||||
+ "updateOffset": "62m",
|
||||
+ "maxParallelism": 1
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
diff --git a/cmd/crl-storer/main.go b/cmd/crl-storer/main.go
|
||||
index 4212f1849..a1369113d 100644
|
||||
index 26caa01f..b047597d 100644
|
||||
--- a/cmd/crl-storer/main.go
|
||||
+++ b/cmd/crl-storer/main.go
|
||||
@@ -49,6 +49,9 @@ type Config struct {
|
||||
@@ -47,6 +47,9 @@ type Config struct {
|
||||
// https://docs.aws.amazon.com/sdkref/latest/guide/file-format.html.
|
||||
AWSCredsFile string
|
||||
|
||||
@@ -12,7 +12,7 @@ index 4212f1849..a1369113d 100644
|
||||
Features map[string]bool
|
||||
}
|
||||
|
||||
@@ -129,7 +132,7 @@ func main() {
|
||||
@@ -127,7 +130,7 @@ func main() {
|
||||
}
|
||||
s3client := s3.NewFromConfig(awsConfig, s3opts...)
|
||||
|
||||
@@ -20,4 +20,4 @@ index 4212f1849..a1369113d 100644
|
||||
+ csi, err := storer.New(issuers, s3client, c.CRLStorer.S3Bucket, c.CRLStorer.LocalStorePath, scope, logger, clk)
|
||||
cmd.FailOnError(err, "Failed to create CRLStorer impl")
|
||||
|
||||
serverMetrics := bgrpc.NewServerMetrics(scope)
|
||||
start, stop, err := bgrpc.Server[cspb.CRLStorerServer]{}.Setup(
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
diff --git a/cmd/expiration-mailer/main.go b/cmd/expiration-mailer/main.go
|
||||
index cff3479a2..7808fadd9 100644
|
||||
index 34299f02..5a25cdd4 100644
|
||||
--- a/cmd/expiration-mailer/main.go
|
||||
+++ b/cmd/expiration-mailer/main.go
|
||||
@@ -22,6 +22,7 @@ import (
|
||||
@@ -42,7 +42,7 @@ index cff3479a2..7808fadd9 100644
|
||||
}
|
||||
|
||||
func initStats(stats prometheus.Registerer) mailerStats {
|
||||
@@ -669,6 +679,32 @@ func main() {
|
||||
@@ -668,6 +678,32 @@ func main() {
|
||||
cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA")
|
||||
sac := sapb.NewStorageAuthorityClient(conn)
|
||||
|
||||
@@ -75,7 +75,7 @@ index cff3479a2..7808fadd9 100644
|
||||
var smtpRoots *x509.CertPool
|
||||
if c.Mailer.SMTPTrustedRootFile != "" {
|
||||
pem, err := os.ReadFile(c.Mailer.SMTPTrustedRootFile)
|
||||
@@ -704,6 +740,7 @@ func main() {
|
||||
@@ -703,6 +739,7 @@ func main() {
|
||||
c.Mailer.Username,
|
||||
smtpPassword,
|
||||
smtpRoots,
|
||||
|
||||
@@ -1,13 +1,13 @@
|
||||
diff --git a/cmd/ocsp-responder/main.go b/cmd/ocsp-responder/main.go
|
||||
index f23cf2ad..c5aa7917 100644
|
||||
index c50b8709..c2557ff2 100644
|
||||
--- a/cmd/ocsp-responder/main.go
|
||||
+++ b/cmd/ocsp-responder/main.go
|
||||
@@ -166,42 +166,44 @@ as generated by Boulder's ceremony command.
|
||||
dbMap, err := sa.InitWrappedDb(config.DB, stats, logger)
|
||||
dbMap, err := sa.InitWrappedDb(config.DB, scope, logger)
|
||||
cmd.FailOnError(err, "While initializing dbMap")
|
||||
|
||||
- // Set up the redis source and the combined multiplex source.
|
||||
- rocspReader, err := rocsp_config.MakeClient(&c.OCSPResponder.Redis, clk, stats)
|
||||
- rocspReader, err := rocsp_config.MakeClient(&c.OCSPResponder.Redis, clk, scope)
|
||||
- cmd.FailOnError(err, "Could not make redis client")
|
||||
-
|
||||
- err = rocspReader.Ping(context.Background())
|
||||
@@ -20,8 +20,8 @@ index f23cf2ad..c5aa7917 100644
|
||||
-
|
||||
- tlsConfig, err := c.OCSPResponder.TLS.Load()
|
||||
- cmd.FailOnError(err, "TLS config")
|
||||
- clientMetrics := bgrpc.NewClientMetrics(stats)
|
||||
- raConn, err := bgrpc.ClientSetup(c.OCSPResponder.RAService, tlsConfig, clientMetrics, clk)
|
||||
-
|
||||
- raConn, err := bgrpc.ClientSetup(c.OCSPResponder.RAService, tlsConfig, scope, clk)
|
||||
- cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to RA")
|
||||
- rac := rapb.NewRegistrationAuthorityClient(raConn)
|
||||
-
|
||||
@@ -31,17 +31,17 @@ index f23cf2ad..c5aa7917 100644
|
||||
- }
|
||||
- liveSource := live.New(rac, int64(maxInflight))
|
||||
-
|
||||
- rocspSource, err := redis_responder.NewRedisSource(rocspReader, liveSource, liveSigningPeriod, clk, stats, logger)
|
||||
- rocspSource, err := redis_responder.NewRedisSource(rocspReader, liveSource, liveSigningPeriod, clk, scope, logger)
|
||||
- cmd.FailOnError(err, "Could not create redis source")
|
||||
-
|
||||
- var sac sapb.StorageAuthorityClient
|
||||
- if c.OCSPResponder.SAService != nil {
|
||||
- saConn, err := bgrpc.ClientSetup(c.OCSPResponder.SAService, tlsConfig, clientMetrics, clk)
|
||||
- saConn, err := bgrpc.ClientSetup(c.OCSPResponder.SAService, tlsConfig, scope, clk)
|
||||
- cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA")
|
||||
- sac = sapb.NewStorageAuthorityClient(saConn)
|
||||
+ if c.OCSPResponder.Redis.Addrs != nil {
|
||||
+ // Set up the redis source and the combined multiplex source.
|
||||
+ rocspReader, err := rocsp_config.MakeClient(&c.OCSPResponder.Redis, clk, stats)
|
||||
+ rocspReader, err := rocsp_config.MakeClient(&c.OCSPResponder.Redis, clk, scope)
|
||||
+ cmd.FailOnError(err, "Could not make redis client")
|
||||
+
|
||||
+ err = rocspReader.Ping(context.Background())
|
||||
@@ -54,8 +54,8 @@ index f23cf2ad..c5aa7917 100644
|
||||
+
|
||||
+ tlsConfig, err := c.OCSPResponder.TLS.Load()
|
||||
+ cmd.FailOnError(err, "TLS config")
|
||||
+ clientMetrics := bgrpc.NewClientMetrics(stats)
|
||||
+ raConn, err := bgrpc.ClientSetup(c.OCSPResponder.RAService, tlsConfig, clientMetrics, clk)
|
||||
+
|
||||
+ raConn, err := bgrpc.ClientSetup(c.OCSPResponder.RAService, tlsConfig, scope, clk)
|
||||
+ cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to RA")
|
||||
+ rac := rapb.NewRegistrationAuthorityClient(raConn)
|
||||
+
|
||||
@@ -65,19 +65,19 @@ index f23cf2ad..c5aa7917 100644
|
||||
+ }
|
||||
+ liveSource := live.New(rac, int64(maxInflight))
|
||||
+
|
||||
+ rocspSource, err := redis_responder.NewRedisSource(rocspReader, liveSource, liveSigningPeriod, clk, stats, logger)
|
||||
+ rocspSource, err := redis_responder.NewRedisSource(rocspReader, liveSource, liveSigningPeriod, clk, scope, logger)
|
||||
+ cmd.FailOnError(err, "Could not create redis source")
|
||||
+
|
||||
+ var sac sapb.StorageAuthorityClient
|
||||
+ if c.OCSPResponder.SAService != nil {
|
||||
+ saConn, err := bgrpc.ClientSetup(c.OCSPResponder.SAService, tlsConfig, clientMetrics, clk)
|
||||
+ saConn, err := bgrpc.ClientSetup(c.OCSPResponder.SAService, tlsConfig, scope, clk)
|
||||
+ cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA")
|
||||
+ sac = sapb.NewStorageAuthorityClient(saConn)
|
||||
+ }
|
||||
+ source, err = redis_responder.NewCheckedRedisSource(rocspSource, dbMap, sac, stats, logger)
|
||||
+ source, err = redis_responder.NewCheckedRedisSource(rocspSource, dbMap, sac, scope, logger)
|
||||
+ cmd.FailOnError(err, "Could not create checkedRedis source")
|
||||
}
|
||||
- source, err = redis_responder.NewCheckedRedisSource(rocspSource, dbMap, sac, stats, logger)
|
||||
- source, err = redis_responder.NewCheckedRedisSource(rocspSource, dbMap, sac, scope, logger)
|
||||
- cmd.FailOnError(err, "Could not create checkedRedis source")
|
||||
|
||||
// Load the certificate from the file path.
|
||||
|
||||
Reference in New Issue
Block a user