Merge branch 'vendorize' into vendorize2

Conflicts: analysis/analysis-engine.go analysis/analysis-engine_test.go ca/certificate-authority.go ca/certificate-authority_test.go cmd/activity-monitor/main.go cmd/boulder-sa/main.go cmd/boulder/main.go cmd/mkcrl/main.go cmd/mkroot/main.go cmd/shell.go ra/registration-authority_test.go rpc/amqp-rpc.go rpc/rpc-wrappers.go
2015-03-26 14:21:48 -07:00 · 2015-03-26 14:21:48 -07:00 · 2940bb3c7c
parent 99bf61c0ac 9a628b7b16
commit 2940bb3c7c
22 changed files with 131 additions and 60 deletions
--- a/.gitignore
+++ b/.gitignore
@ -11,6 +11,9 @@ _test
 *.[568vq]
 [568vq].out

+# Vim swap files
+*.sw?
+
 *.cgo1.go
 *.cgo2.c
 _cgo_defun.c
--- a/.travis.yml
+++ b/.travis.yml
@ -13,21 +13,5 @@ before_install:
  - go get github.com/mattn/goveralls
  - go get github.com/modocache/gover

-install:
-  - go get -t -v -tags "pkcs11" ./...
-
 script:
-  - go vet -x ./...
-  - $HOME/gopath/bin/golint ./...
-  - go test -covermode=count -coverprofile=analysis.coverprofile ./analysis/
-  - go test -covermode=count -coverprofile=ca.coverprofile ./ca/
-  - go test -covermode=count -coverprofile=core.coverprofile ./core/
-  - go test -covermode=count -coverprofile=log.coverprofile ./log/
-  - go test -covermode=count -coverprofile=ra.coverprofile ./ra/
-  - go test -covermode=count -coverprofile=rpc.coverprofile ./rpc/
-  - go test -covermode=count -coverprofile=sa.coverprofile ./sa/
-  - go test -covermode=count -coverprofile=test.coverprofile ./test/
-  - go test -covermode=count -coverprofile=va.coverprofile ./va/
-  - go test -covermode=count -coverprofile=wfe.coverprofile ./wfe/
-  - $HOME/gopath/bin/gover
-  - $HOME/gopath/bin/goveralls -coverprofile=gover.coverprofile -service=travis-ci
+  - bash test.sh
--- a/10
+++ b/10
@ -9,14 +9,8 @@ EXPOSE 4000
 ENV BOULDER_CONFIG=/boulder/config.json

 # Load the dependencies
-RUN go-wrapper download github.com/bifurcation/gose && \
-    go-wrapper download github.com/codegangsta/cli && \
-    go-wrapper download github.com/streadway/amqp && \
-    go-wrapper download github.com/mattn/go-sqlite3 && \
-    go-wrapper download github.com/go-sql-driver/mysql && \
-    go-wrapper download github.com/cloudflare/cfssl/auth && \
-    go-wrapper download github.com/cloudflare/cfssl/config && \
-    go-wrapper download github.com/cloudflare/cfssl/signer
+RUN go-wrapper download github.com/mattn/go-sqlite3 && \
+    go-wrapper download github.com/go-sql-driver/mysql

 # Copy in the Boulder sources
 RUN mkdir -p /go/src/github.com/letsencrypt/boulder
--- a/Nut.toml
+++ b/Nut.toml
@ -0,0 +1,33 @@
+# Nut config file, see https://github.com/jingweno/nut/blob/master/README.md
+# NOTE: Before you run `nut install`, make sure to run:
+# sudo /sbin/iptables -A OUTPUT -p tcp --dport 80 -j DROP
+# To block insecure HTTP fallback in go get. When you're done:
+# sudo iptables -D OUTPUT NN
+# If you have no other iptables rules, NN will be 1. Check with iptables -L.
+[application]
+
+name = "boulder"
+version = "0.0.1"
+authors = ["ISRG <info@letsencrypt.org>"]
+
+# Rewrote dependencies in our source tree using:
+# find analysis/ cmd/ core/ jose/ log/ policy/ ra/ rpc/ sa/ test/ va/ wfe/ -name '*.go' | xargs perl -ibak -lpe 's,"(github.com/(?!letsencrypt).*)","github.com/letsencrypt/boulder/vendor/_nuts/$1",'
+# TODO: I think nut is supposed to do this for you but it may only apply to
+# internal imports within your dependencies.
+[dependencies]
+# We have to specify a path within cfssl, otherwise we get an error about no
+# buildable files. But this fetches the whole repo.
+"github.com/cloudflare/cfssl/auth" = "1415724f395ffd7aa29176066765cabc68193453"
+"github.com/cloudflare/cfssl/config" = "1415724f395ffd7aa29176066765cabc68193453"
+"github.com/cloudflare/cfssl/crypto/pkcs11key" = "1415724f395ffd7aa29176066765cabc68193453"
+"github.com/cloudflare/cfssl/api/sign" = "1415724f395ffd7aa29176066765cabc68193453"
+"github.com/cloudflare/cfssl/log" = "1415724f395ffd7aa29176066765cabc68193453"
+"github.com/cloudflare/cfssl/signer" = "1415724f395ffd7aa29176066765cabc68193453"
+"github.com/cloudflare/cfssl/signer/local" = "1415724f395ffd7aa29176066765cabc68193453"
+"github.com/cloudflare/cfssl/signer/remote" = "1415724f395ffd7aa29176066765cabc68193453"
+
+"github.com/streadway/amqp" = "150b7f24d6ad507e6026c13d85ce1f1391ac7400"
+"github.com/mattn/go-sqlite3" = "308067797b0fcce4ca06362580dc6db77c1bfeda"
+"github.com/codegangsta/cli" = "e1712f381785e32046927f64a7c86fe569203196"
+"github.com/go-sql-driver/mysql" = "a197e5d40516f2e9f74dcee085a5f2d4604e94df"
+
--- a/README.md
+++ b/README.md
@ -104,10 +104,11 @@ Files

 Dependencies:

-* [Go platform libraries](https://golang.org/pkg/)
-* [GOSE](https://github.com/bifurcation/gose)
-* [CLI](https://github.com/codegangsta/cli)
-
+All dependencies are vendorized under the vendor/_nuts directory,
+both to [make dependency management
+easier](https://groups.google.com/forum/m/#!topic/golang-dev/nMWoEAG55v8)
+and to [avoid insecure fallback in go
+get](https://github.com/golang/go/issues/9637)

 ACME Processing
 ---------------
--- a/analysis/analysis-engine.go
+++ b/analysis/analysis-engine.go
@ -10,7 +10,7 @@ import (

 	"encoding/json"
 	"fmt"
-	"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/streadway/amqp"
+	"github.com/streadway/amqp"
 )

 // This file analyzes messages obtained from the Message Broker to determine
--- a/analysis/analysis-engine_test.go
+++ b/analysis/analysis-engine_test.go
@ -9,8 +9,8 @@ import (
 	"log/syslog"
 	"testing"

-	"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/streadway/amqp"
 	"github.com/letsencrypt/boulder/log"
+	"github.com/streadway/amqp"
 )

 func TestNewLoggingAnalysisEngine(t *testing.T) {
--- a/ca/certificate-authority.go
+++ b/ca/certificate-authority.go
@ -15,10 +15,10 @@ import (
 	blog "github.com/letsencrypt/boulder/log"
 	"github.com/letsencrypt/boulder/policy"

-	"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/cloudflare/cfssl/auth"
-	"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/cloudflare/cfssl/config"
-	"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/cloudflare/cfssl/signer"
-	"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/cloudflare/cfssl/signer/remote"
+	"github.com/cloudflare/cfssl/auth"
+	"github.com/cloudflare/cfssl/config"
+	"github.com/cloudflare/cfssl/signer"
+	"github.com/cloudflare/cfssl/signer/remote"
 )

 type CertificateAuthorityImpl struct {
--- a/ca/certificate-authority_test.go
+++ b/ca/certificate-authority_test.go
@ -14,11 +14,12 @@ import (
 	"testing"
 	"time"

-	apisign "github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/cloudflare/cfssl/api/sign"
-	"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/cloudflare/cfssl/auth"
-	"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/cloudflare/cfssl/config"
-	"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/cloudflare/cfssl/signer/local"
-	_ "github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/mattn/go-sqlite3"
+	apisign "github.com/cloudflare/cfssl/api/sign"
+	"github.com/cloudflare/cfssl/auth"
+	"github.com/cloudflare/cfssl/config"
+	"github.com/cloudflare/cfssl/signer/local"
+	_ "github.com/mattn/go-sqlite3"
+
 	blog "github.com/letsencrypt/boulder/log"
 	"github.com/letsencrypt/boulder/sa"
 	"github.com/letsencrypt/boulder/test"
--- a/cmd/activity-monitor/main.go
+++ b/cmd/activity-monitor/main.go
@ -13,7 +13,8 @@ import (
 	"fmt"
 	"os"

-	"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/streadway/amqp"
+	"github.com/streadway/amqp"
+
 	"github.com/letsencrypt/boulder/analysis"
 	"github.com/letsencrypt/boulder/cmd"
 	blog "github.com/letsencrypt/boulder/log"
--- a/cmd/boulder-sa/main.go
+++ b/cmd/boulder-sa/main.go
@ -7,8 +7,9 @@ package main

 import (
 	// Load both drivers to allow configuring either
-	_ "github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/go-sql-driver/mysql"
-	_ "github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/mattn/go-sqlite3"
+	_ "github.com/go-sql-driver/mysql"
+	_ "github.com/mattn/go-sqlite3"
+
 	"github.com/letsencrypt/boulder/cmd"
 	blog "github.com/letsencrypt/boulder/log"
 	"github.com/letsencrypt/boulder/rpc"
--- a/cmd/boulder/main.go
+++ b/cmd/boulder/main.go
@ -11,8 +11,9 @@ import (
 	"os"

 	// Load both drivers to allow configuring either
-	_ "github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/go-sql-driver/mysql"
-	_ "github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/mattn/go-sqlite3"
+	_ "github.com/go-sql-driver/mysql"
+	_ "github.com/mattn/go-sqlite3"
+
 	"github.com/letsencrypt/boulder/ca"
 	"github.com/letsencrypt/boulder/cmd"
 	blog "github.com/letsencrypt/boulder/log"
--- a/cmd/mkcrl/main.go
+++ b/cmd/mkcrl/main.go
@ -11,8 +11,8 @@ import (
 	"io/ioutil"
 	"time"

-	//	"github.com/cloudflare/cfssl/crypto/pkcs11key"
-	"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/cloudflare/cfssl/log"
+	"github.com/cloudflare/cfssl/crypto/pkcs11key"
+	"github.com/cloudflare/cfssl/log"
 )

 var certFile = flag.String("ca", "", "JSON file for subject and validity")
--- a/cmd/mkroot/main.go
+++ b/cmd/mkroot/main.go
@ -13,8 +13,8 @@ import (
 	"math/big"
 	"time"

-	//	"github.com/cloudflare/cfssl/crypto/pkcs11key"
-	"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/cloudflare/cfssl/log"
+	"github.com/cloudflare/cfssl/crypto/pkcs11key"
+	"github.com/cloudflare/cfssl/log"
 )

 var configFile = flag.String("config", "", "JSON file for subject and validity")
--- a/cmd/shell.go
+++ b/cmd/shell.go
@ -27,9 +27,9 @@ import (
 	"io/ioutil"
 	"os"

-	"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/codegangsta/cli"
-	"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/streadway/amqp"
+	"github.com/codegangsta/cli"
 	"github.com/letsencrypt/boulder/rpc"
+	"github.com/streadway/amqp"
 )

 // Config stores configuration parameters that applications
--- a/jose/jws.go
+++ b/jose/jws.go
@ -190,7 +190,9 @@ func Sign(alg JoseAlgorithm, privateKey interface{}, payload []byte) (JsonWebSig
 		if rsaPriv == nil {
 			return zero, errors.New(fmt.Sprintf("Algorithm %s requres RSA private key", jws.Header.Algorithm))
 		}
-		sig, err = rsa.SignPSS(rand.Reader, rsaPriv, hashID, inputHash, nil)
+		// Contrary to docs, you can't pass a nil instead of the PSSOptions; You'll
+		// get a nil dereference.
+		sig, err = rsa.SignPSS(rand.Reader, rsaPriv, hashID, inputHash, &rsa.PSSOptions{})
 	case "E":
 		if ecPriv == nil {
 			return zero, errors.New(fmt.Sprintf("Algorithm %s requres EC private key", jws.Header.Algorithm))
--- a/jose/jws_test.go
+++ b/jose/jws_test.go
@ -154,7 +154,7 @@ func TestRsaPssJwsSign(t *testing.T) {
 		Primes:    []*big.Int{p, q},
 	}

-	payload, _ := B64dec("It\xe2\x80\x99s a dangerous business, Frodo, going out your door. You step onto the road, and if you don't keep your feet, there\xe2\x80\x99s no knowing where you might be swept off to.")
+	payload := []byte("It\xe2\x80\x99s a dangerous business, Frodo, going out your door. You step onto the road, and if you don't keep your feet, there\xe2\x80\x99s no knowing where you might be swept off to.")

 	jws, err := Sign(RSAPSSWithSHA256, priv, payload)
 	if err != nil {
@ -177,7 +177,7 @@ func TestEcJwsSign(t *testing.T) {

 	priv := ecdsa.PrivateKey{PublicKey: ecdsa.PublicKey{Curve: elliptic.P521(), X: x, Y: y}, D: d}

-	payload, _ := B64dec("It\xe2\x80\x99s a dangerous business, Frodo, going out your door. You step onto the road, and if you don't keep your feet, there\xe2\x80\x99s no knowing where you might be swept off to.")
+	payload := []byte("It\xe2\x80\x99s a dangerous business, Frodo, going out your door. You step onto the road, and if you don't keep your feet, there\xe2\x80\x99s no knowing where you might be swept off to.")

 	jws, err := Sign(ECDSAWithSHA512, priv, payload)
 	if err != nil {
--- a/policy/policy-authority_test.go
+++ b/policy/policy-authority_test.go
@ -58,14 +58,14 @@ func TestWillingToIssue(t *testing.T) {
 		// implementations accept them but we will be conservative.
 		`www.zom_bo.com`,
 		`zombocom`,
+		`localhost`,
+		`mail`,
 	}

 	shouldBeNonPublic := []string{
 		`co.uk`,
 		`example.acting`,
 		`example.internal`,
-		`localhost`,
-		`mail`,
 		// All-numeric final label not okay.
 		`www.zombo.163`,
 	}
--- a/ra/registration-authority_test.go
+++ b/ra/registration-authority_test.go
@ -14,8 +14,9 @@ import (
 	"net/url"
 	"testing"

-	"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/cloudflare/cfssl/signer/local"
-	_ "github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/mattn/go-sqlite3"
+	"github.com/cloudflare/cfssl/signer/local"
+	_ "github.com/mattn/go-sqlite3"
+
 	"github.com/letsencrypt/boulder/ca"
 	"github.com/letsencrypt/boulder/core"
 	"github.com/letsencrypt/boulder/jose"
--- a/rpc/amqp-rpc.go
+++ b/rpc/amqp-rpc.go
@ -10,8 +10,8 @@ import (
 	"log"
 	"time"

-	"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/streadway/amqp"
 	"github.com/letsencrypt/boulder/core"
+	"github.com/streadway/amqp"
 )

 // TODO: AMQP-RPC messages should be wrapped in JWS.  To implement that,
--- a/rpc/rpc-wrappers.go
+++ b/rpc/rpc-wrappers.go
@ -11,7 +11,8 @@ import (
 	"errors"
 	"log"

-	"github.com/letsencrypt/boulder/Godeps/_workspace/src/github.com/streadway/amqp"
+	"github.com/streadway/amqp"
+
 	"github.com/letsencrypt/boulder/core"
 	"github.com/letsencrypt/boulder/jose"
 )
--- a/test.sh
+++ b/test.sh
@ -0,0 +1,48 @@
+#!/bin/bash 
+# Run all tests and coverage checks. Called from Travis automatically, also
+# suitable to run manually. See list of prerequisite packages in .travis.yml
+cd $(realpath $(dirname $0))
+
+FAILURE=0
+
+run() {
+  $* || FAILURE=1
+}
+
+doTest() {
+  local dir=$1
+  run go test -covermode=count -coverprofile=${dir}.coverprofile ./${dir}/
+}
+
+# Path for installed go package binaries. If yours is different, override with
+# GOBIN=/my/path/to/bin ./test.sh
+GOBIN=${GOBIN:-$HOME/gopath/bin}
+
+# Ask vet to check in on things
+run go vet -x ./...
+
+[ -e $GOBIN/golint ] && run $GOBIN/golint ./...
+
+# All the subdirectories
+doTest analysis
+doTest ca
+#doTest cmd
+doTest core
+doTest jose
+doTest log
+doTest policy
+doTest ra
+doTest rpc
+doTest sa
+doTest test
+doTest va
+#doTest vendor
+doTest wfe
+
+[ -e $GOBIN/gover ] && run $GOBIN/gover
+
+if [ "${TRAVIS}" == "true" ] ; then
+  run $GOBIN/goveralls -coverprofile=gover.coverprofile -service=travis-ci
+fi
+
+exit ${FAILURE}