From f4df236700463a2d4aed8e9004ac89ca2b01523f Mon Sep 17 00:00:00 2001 From: Arjan H Date: Sat, 5 Nov 2022 10:29:27 +0100 Subject: [PATCH] Bump boulder version to release-2022-11-01 --- install | 2 +- patches/bad-key-revoker_main.patch | 6 +++--- patches/config_crl-updater.patch | 4 +++- patches/crl-storer_main.patch | 8 ++++---- patches/expiration-mailer_main.patch | 6 +++--- patches/ocsp-responder_main.patch | 28 ++++++++++++++-------------- 6 files changed, 28 insertions(+), 26 deletions(-) diff --git a/install b/install index 42e837b..baaf9e4 100755 --- a/install +++ b/install @@ -24,7 +24,7 @@ dockerComposeVersion="v2.5.0" labcaUrl="https://github.com/hakwerk/labca/" boulderUrl="https://github.com/letsencrypt/boulder/" -boulderTag="release-2022-10-25" +boulderTag="release-2022-11-01" # Feature flags flag_skip_redis=true diff --git a/patches/bad-key-revoker_main.patch b/patches/bad-key-revoker_main.patch index 241ae75..df000ce 100644 --- a/patches/bad-key-revoker_main.patch +++ b/patches/bad-key-revoker_main.patch @@ -1,5 +1,5 @@ diff --git a/cmd/bad-key-revoker/main.go b/cmd/bad-key-revoker/main.go -index 4f7a476b5..e907b43a1 100644 +index 066b69b8..d9e0b57e 100644 --- a/cmd/bad-key-revoker/main.go +++ b/cmd/bad-key-revoker/main.go @@ -14,6 +14,7 @@ import ( @@ -33,7 +33,7 @@ index 4f7a476b5..e907b43a1 100644 } func main() { -@@ -455,6 +465,32 @@ func main() { +@@ -454,6 +464,32 @@ func main() { cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to RA") rac := rapb.NewRegistrationAuthorityClient(conn) @@ -66,7 +66,7 @@ index 4f7a476b5..e907b43a1 100644 var smtpRoots *x509.CertPool if config.BadKeyRevoker.Mailer.SMTPTrustedRootFile != "" { pem, err := os.ReadFile(config.BadKeyRevoker.Mailer.SMTPTrustedRootFile) -@@ -476,6 +512,7 @@ func main() { +@@ -475,6 +511,7 @@ func main() { config.BadKeyRevoker.Mailer.Username, smtpPassword, smtpRoots, diff --git a/patches/config_crl-updater.patch b/patches/config_crl-updater.patch index e167be0..6ab9f06 100644 --- a/patches/config_crl-updater.patch +++ b/patches/config_crl-updater.patch @@ -2,7 +2,7 @@ diff --git a/test/config/crl-updater.json b/test/config/crl-updater.json index f6b70123f..a6c1471e5 100644 --- a/test/config/crl-updater.json +++ b/test/config/crl-updater.json -@@ -22,15 +22,13 @@ +@@ -22,15 +22,15 @@ "hostOverride": "crl-storer.boulder" }, "issuerCerts": [ @@ -17,6 +17,8 @@ index f6b70123f..a6c1471e5 100644 - "updatePeriod": "6h", - "updateOffset": "9120s", - "maxParallelism": 10 ++ "shardWidth": "24h", ++ "lookbackPeriod": "96h", + "updatePeriod": "24h", + "updateOffset": "62m", + "maxParallelism": 1 diff --git a/patches/crl-storer_main.patch b/patches/crl-storer_main.patch index a3411ee..518693d 100644 --- a/patches/crl-storer_main.patch +++ b/patches/crl-storer_main.patch @@ -1,8 +1,8 @@ diff --git a/cmd/crl-storer/main.go b/cmd/crl-storer/main.go -index 4212f1849..a1369113d 100644 +index 26caa01f..b047597d 100644 --- a/cmd/crl-storer/main.go +++ b/cmd/crl-storer/main.go -@@ -49,6 +49,9 @@ type Config struct { +@@ -47,6 +47,9 @@ type Config struct { // https://docs.aws.amazon.com/sdkref/latest/guide/file-format.html. AWSCredsFile string @@ -12,7 +12,7 @@ index 4212f1849..a1369113d 100644 Features map[string]bool } -@@ -129,7 +132,7 @@ func main() { +@@ -127,7 +130,7 @@ func main() { } s3client := s3.NewFromConfig(awsConfig, s3opts...) @@ -20,4 +20,4 @@ index 4212f1849..a1369113d 100644 + csi, err := storer.New(issuers, s3client, c.CRLStorer.S3Bucket, c.CRLStorer.LocalStorePath, scope, logger, clk) cmd.FailOnError(err, "Failed to create CRLStorer impl") - serverMetrics := bgrpc.NewServerMetrics(scope) + start, stop, err := bgrpc.Server[cspb.CRLStorerServer]{}.Setup( diff --git a/patches/expiration-mailer_main.patch b/patches/expiration-mailer_main.patch index 6d5a191..205f795 100644 --- a/patches/expiration-mailer_main.patch +++ b/patches/expiration-mailer_main.patch @@ -1,5 +1,5 @@ diff --git a/cmd/expiration-mailer/main.go b/cmd/expiration-mailer/main.go -index cff3479a2..7808fadd9 100644 +index 34299f02..5a25cdd4 100644 --- a/cmd/expiration-mailer/main.go +++ b/cmd/expiration-mailer/main.go @@ -22,6 +22,7 @@ import ( @@ -42,7 +42,7 @@ index cff3479a2..7808fadd9 100644 } func initStats(stats prometheus.Registerer) mailerStats { -@@ -669,6 +679,32 @@ func main() { +@@ -668,6 +678,32 @@ func main() { cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA") sac := sapb.NewStorageAuthorityClient(conn) @@ -75,7 +75,7 @@ index cff3479a2..7808fadd9 100644 var smtpRoots *x509.CertPool if c.Mailer.SMTPTrustedRootFile != "" { pem, err := os.ReadFile(c.Mailer.SMTPTrustedRootFile) -@@ -704,6 +740,7 @@ func main() { +@@ -703,6 +739,7 @@ func main() { c.Mailer.Username, smtpPassword, smtpRoots, diff --git a/patches/ocsp-responder_main.patch b/patches/ocsp-responder_main.patch index da80273..13fffe1 100644 --- a/patches/ocsp-responder_main.patch +++ b/patches/ocsp-responder_main.patch @@ -1,13 +1,13 @@ diff --git a/cmd/ocsp-responder/main.go b/cmd/ocsp-responder/main.go -index f23cf2ad..c5aa7917 100644 +index c50b8709..c2557ff2 100644 --- a/cmd/ocsp-responder/main.go +++ b/cmd/ocsp-responder/main.go @@ -166,42 +166,44 @@ as generated by Boulder's ceremony command. - dbMap, err := sa.InitWrappedDb(config.DB, stats, logger) + dbMap, err := sa.InitWrappedDb(config.DB, scope, logger) cmd.FailOnError(err, "While initializing dbMap") - // Set up the redis source and the combined multiplex source. -- rocspReader, err := rocsp_config.MakeClient(&c.OCSPResponder.Redis, clk, stats) +- rocspReader, err := rocsp_config.MakeClient(&c.OCSPResponder.Redis, clk, scope) - cmd.FailOnError(err, "Could not make redis client") - - err = rocspReader.Ping(context.Background()) @@ -20,8 +20,8 @@ index f23cf2ad..c5aa7917 100644 - - tlsConfig, err := c.OCSPResponder.TLS.Load() - cmd.FailOnError(err, "TLS config") -- clientMetrics := bgrpc.NewClientMetrics(stats) -- raConn, err := bgrpc.ClientSetup(c.OCSPResponder.RAService, tlsConfig, clientMetrics, clk) +- +- raConn, err := bgrpc.ClientSetup(c.OCSPResponder.RAService, tlsConfig, scope, clk) - cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to RA") - rac := rapb.NewRegistrationAuthorityClient(raConn) - @@ -31,17 +31,17 @@ index f23cf2ad..c5aa7917 100644 - } - liveSource := live.New(rac, int64(maxInflight)) - -- rocspSource, err := redis_responder.NewRedisSource(rocspReader, liveSource, liveSigningPeriod, clk, stats, logger) +- rocspSource, err := redis_responder.NewRedisSource(rocspReader, liveSource, liveSigningPeriod, clk, scope, logger) - cmd.FailOnError(err, "Could not create redis source") - - var sac sapb.StorageAuthorityClient - if c.OCSPResponder.SAService != nil { -- saConn, err := bgrpc.ClientSetup(c.OCSPResponder.SAService, tlsConfig, clientMetrics, clk) +- saConn, err := bgrpc.ClientSetup(c.OCSPResponder.SAService, tlsConfig, scope, clk) - cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA") - sac = sapb.NewStorageAuthorityClient(saConn) + if c.OCSPResponder.Redis.Addrs != nil { + // Set up the redis source and the combined multiplex source. -+ rocspReader, err := rocsp_config.MakeClient(&c.OCSPResponder.Redis, clk, stats) ++ rocspReader, err := rocsp_config.MakeClient(&c.OCSPResponder.Redis, clk, scope) + cmd.FailOnError(err, "Could not make redis client") + + err = rocspReader.Ping(context.Background()) @@ -54,8 +54,8 @@ index f23cf2ad..c5aa7917 100644 + + tlsConfig, err := c.OCSPResponder.TLS.Load() + cmd.FailOnError(err, "TLS config") -+ clientMetrics := bgrpc.NewClientMetrics(stats) -+ raConn, err := bgrpc.ClientSetup(c.OCSPResponder.RAService, tlsConfig, clientMetrics, clk) ++ ++ raConn, err := bgrpc.ClientSetup(c.OCSPResponder.RAService, tlsConfig, scope, clk) + cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to RA") + rac := rapb.NewRegistrationAuthorityClient(raConn) + @@ -65,19 +65,19 @@ index f23cf2ad..c5aa7917 100644 + } + liveSource := live.New(rac, int64(maxInflight)) + -+ rocspSource, err := redis_responder.NewRedisSource(rocspReader, liveSource, liveSigningPeriod, clk, stats, logger) ++ rocspSource, err := redis_responder.NewRedisSource(rocspReader, liveSource, liveSigningPeriod, clk, scope, logger) + cmd.FailOnError(err, "Could not create redis source") + + var sac sapb.StorageAuthorityClient + if c.OCSPResponder.SAService != nil { -+ saConn, err := bgrpc.ClientSetup(c.OCSPResponder.SAService, tlsConfig, clientMetrics, clk) ++ saConn, err := bgrpc.ClientSetup(c.OCSPResponder.SAService, tlsConfig, scope, clk) + cmd.FailOnError(err, "Failed to load credentials and create gRPC connection to SA") + sac = sapb.NewStorageAuthorityClient(saConn) + } -+ source, err = redis_responder.NewCheckedRedisSource(rocspSource, dbMap, sac, stats, logger) ++ source, err = redis_responder.NewCheckedRedisSource(rocspSource, dbMap, sac, scope, logger) + cmd.FailOnError(err, "Could not create checkedRedis source") } -- source, err = redis_responder.NewCheckedRedisSource(rocspSource, dbMap, sac, stats, logger) +- source, err = redis_responder.NewCheckedRedisSource(rocspSource, dbMap, sac, scope, logger) - cmd.FailOnError(err, "Could not create checkedRedis source") // Load the certificate from the file path.