Replace master with main. (#4917)

Also, update an example username in mailer tests.

.travis.yml

@@ -10,7 +10,7 @@ go_import_path: github.com/letsencrypt/boulder
 services:
   - docker
 
-# Only build pushes to the master branch, PRs, and branches beginning with
+# Only build pushes to the main branch, PRs, and branches beginning with
 # `test-`. You should not push branches beginning with `test-` to the
 # letsencrypt repository, but this is a convenient way to push branches to your
 # own fork of the repository to ensure Travis passes before submitting a PR.
@@ -18,13 +18,12 @@ services:
 # git push myremote branchname:test-branchname
 branches:
   only:
-    - master
     - main
     - /^test-.*$/
 
 env:
     - RUN="lints integration generate rpm" BOULDER_CONFIG_DIR="test/config"
-    # Config changes that have landed in master but not yet been applied to
+    # Config changes that have landed in main but not yet been applied to
     # production can be made in boulder-config-next.json.
     - RUN="integration" BOULDER_CONFIG_DIR="test/config-next"
     - RUN="unit"

CONTRIBUTING.md

@@ -298,7 +298,7 @@ The current Boulder release process is described in the [boulder release process
 repository](https://github.com/letsencrypt/boulder-release-process). It includes
 [an example](https://github.com/letsencrypt/boulder-release-process#example) git
 history showing a regular release being tagged, a hotfix being tagged from
-a clean master, and a hotfix being tagged from a release branch because master
+a clean main, and a hotfix being tagged from a release branch because main
 was dirty.
 
 Previously we used dedicated
@@ -361,12 +361,12 @@ repository for a refactoring to reduce the number of transitive dependencies.
 # Go Version
 
 The [Boulder development
-environment](https://github.com/letsencrypt/boulder/blob/master/README.md#setting-up-boulder)
+environment](https://github.com/letsencrypt/boulder/blob/main/README.md#setting-up-boulder)
 does not use the Go version installed on the host machine, and instead uses a
 Go environment baked into a "boulder-tools" Docker image. We build a separate
 boulder-tools container for each supported Go version. Please see [the
 Boulder-tools
-README](https://github.com/letsencrypt/boulder/blob/master/test/boulder-tools/README.md)
+README](https://github.com/letsencrypt/boulder/blob/main/test/boulder-tools/README.md)
 for more information on upgrading Go versions.
 
 # ACME Protocol Divergences
@@ -375,7 +375,7 @@ While Boulder attempts to implement the ACME specification as strictly as
 possible there are places at which we will diverge from the letter of the
 specification for various reasons. We detail these divergences (for both the
 V1 and V2 API) in the [ACME divergences
-doc](https://github.com/letsencrypt/boulder/blob/master/docs/acme-divergences.md).
+doc](https://github.com/letsencrypt/boulder/blob/main/docs/acme-divergences.md).
 
 ## Problems or questions?
 

README.md

@@ -1,7 +1,7 @@
 # Boulder - An ACME CA
 
-[![Build Status](https://travis-ci.com/letsencrypt/boulder.svg?branch=master)](https://travis-ci.com/letsencrypt/boulder)
-[![Coverage Status](https://coveralls.io/repos/github/letsencrypt/boulder/badge.svg?branch=master)](https://coveralls.io/github/letsencrypt/boulder?branch=master)
+[![Build Status](https://travis-ci.com/letsencrypt/boulder.svg?branch=main)](https://travis-ci.com/letsencrypt/boulder)
+[![Coverage Status](https://coveralls.io/repos/github/letsencrypt/boulder/badge.svg?branch=main)](https://coveralls.io/github/letsencrypt/boulder?branch=main)
 
 This is an implementation of an ACME-based CA. The [ACME
 protocol](https://github.com/ietf-wg-acme/acme/) allows the CA to
@@ -83,7 +83,7 @@ documentation](http://www.grpc.io/docs/).
 
 The full details of how the various ACME operations happen in Boulder are
 laid out in
-[DESIGN.md](https://github.com/letsencrypt/boulder/blob/master/docs/DESIGN.md).
+[DESIGN.md](https://github.com/letsencrypt/boulder/blob/main/docs/DESIGN.md).
 
 ## Setting up Boulder
 
@@ -221,7 +221,7 @@ the following URLs:
 To access the HTTPS versions of the endpoints you will need to configure your
 ACME client software to use a CA truststore that contains the
 `test/wfe-tls/minica.pem` CA certificate. See
-[`test/PKI.md`](https://github.com/letsencrypt/boulder/blob/master/test/PKI.md)
+[`test/PKI.md`](https://github.com/letsencrypt/boulder/blob/main/test/PKI.md)
 for more information.
 
 Your local Boulder instance uses a fake DNS resolver that returns 127.0.0.1
@@ -263,7 +263,7 @@ fit we're happy to answer questions to the best of our ability.
 ## Contributing
 
 Please take a look at
-[CONTRIBUTING.md](https://github.com/letsencrypt/boulder/blob/master/CONTRIBUTING.md)
+[CONTRIBUTING.md](https://github.com/letsencrypt/boulder/blob/main/CONTRIBUTING.md)
 for our guidelines on submitting patches, code review process, code of conduct,
 and various other tips related to working on the codebase.
 
@@ -271,5 +271,5 @@ and various other tips related to working on the codebase.
 
 This project is licensed under the Mozilla Public License 2.0, the full text
 of which can be found in the
-[LICENSE.txt](https://github.com/letsencrypt/boulder/blob/master/LICENSE.txt)
+[LICENSE.txt](https://github.com/letsencrypt/boulder/blob/main/LICENSE.txt)
 file.

docs/DESIGN.md

@@ -23,7 +23,7 @@ A couple of notes:
   components.  These calls are done via [gRPC](https://grpc.io/).
 
 * In various places the Boulder implementation of ACME diverges from the current
-  RFC draft. These divergences are documented in [docs/acme-divergences.md](https://github.com/letsencrypt/boulder/blob/master/docs/acme-divergences.md).
+  RFC draft. These divergences are documented in [docs/acme-divergences.md](https://github.com/letsencrypt/boulder/blob/main/docs/acme-divergences.md).
 
 * We focus on the primary ACME operations and do not include all possible
   interactions (e.g. account key change, authorization deactivation)

docs/multi-va.md

@@ -16,8 +16,8 @@ primary validation). Of course this is a development environment so both the
 primary and remote VAs are all running on one host.
 
 The primary and remote VAs are both the same piece of software, the `boulder-va`
-service ([cmd here](https://github.com/letsencrypt/boulder/tree/master/cmd/boulder-va),
-[package here](https://github.com/letsencrypt/boulder/tree/master/va)).
+service ([cmd here](https://github.com/letsencrypt/boulder/tree/main/cmd/boulder-va),
+[package here](https://github.com/letsencrypt/boulder/tree/main/va)).
 The boulder-ra uses [the same RPC interface](https://github.com/letsencrypt/boulder/blob/ea231adc36746cce97f860e818c2cdf92f060543/va/proto/va.proto#L8-L10)
 to ask for a primary validation as the primary VA uses to ask a remote VA for a
 confirmation validation.

grpc/interceptors_test.go

@@ -76,7 +76,7 @@ func TestClientInterceptor(t *testing.T) {
 // TestFailFastFalse sends a gRPC request to a backend that is
 // unavailable, and ensures that the request doesn't error out until the
 // timeout is reached, i.e. that FailFast is set to false.
-// https://github.com/grpc/grpc/blob/master/doc/wait-for-ready.md
+// https://github.com/grpc/grpc/blob/main/doc/wait-for-ready.md
 func TestFailFastFalse(t *testing.T) {
 	ci := &clientInterceptor{
 		timeout: 100 * time.Millisecond,

test/config-next/bad-key-revoker.json

@@ -15,7 +15,7 @@
         "mailer": {
             "server": "localhost",
             "port": "9380",
-            "username": "cert-master@example.com",
+            "username": "cert-manager@example.com",
             "from": "bad key revoker <test@example.com>",
             "passwordFile": "test/secrets/smtp_password",
             "SMTPTrustedRootFile": "test/mail-test-srv/minica.pem",

test/config-next/expiration-mailer.json

@@ -2,7 +2,7 @@
   "mailer": {
     "server": "localhost",
     "port": "9380",
-    "username": "cert-master@example.com",
+    "username": "cert-manager@example.com",
     "from": "Expiry bot <test@example.com>",
     "passwordFile": "test/secrets/smtp_password",
     "dbConnectFile": "test/secrets/mailer_dburl",

test/config-next/notify-mailer.json

@@ -2,7 +2,7 @@
   "notifyMailer": {
     "server": "localhost",
     "port": "9380",
-    "username": "cert-master@example.com",
+    "username": "cert-manager@example.com",
     "passwordFile": "test/secrets/smtp_password",
     "dbConnectFile": "test/secrets/mailer_dburl",
     "maxDBConns": 10

test/config/expiration-mailer.json

@@ -2,7 +2,7 @@
   "mailer": {
     "server": "localhost",
     "port": "9380",
-    "username": "cert-master@example.com",
+    "username": "cert-manager@example.com",
     "from": "Expiry bot <test@example.com>",
     "passwordFile": "test/secrets/smtp_password",
     "dbConnectFile": "test/secrets/mailer_dburl",

test/config/notify-mailer.json

@@ -2,7 +2,7 @@
   "notifyMailer": {
     "server": "localhost",
     "port": "9380",
-    "username": "cert-master@example.com",
+    "username": "cert-manager@example.com",
     "passwordFile": "test/secrets/smtp_password",
     "dbConnectFile": "test/secrets/mailer_dburl",
     "maxDBConns": 10

test/mail-test-srv/main.go

@@ -65,7 +65,9 @@ func (srv *mailSrv) handleConn(conn net.Conn) {
 	conn.Write([]byte("250-PIPELINING\r\n"))
 	conn.Write([]byte("250-AUTH PLAIN LOGIN\r\n"))
 	conn.Write([]byte("250 8BITMIME\r\n"))
-	if err := expectLine(readBuf, "AUTH PLAIN AGNlcnQtbWFzdGVyQGV4YW1wbGUuY29tAHBhc3N3b3Jk"); err != nil {
+	// This AUTH PLAIN is the output of: echo -en '\0cert-manager@example.com\0password' | base64
+	// Must match the mail configs for integration tests.
+	if err := expectLine(readBuf, "AUTH PLAIN AGNlcnQtbWFuYWdlckBleGFtcGxlLmNvbQBwYXNzd29yZA=="); err != nil {
 		log.Printf("mail-test-srv: %s: %v\n", conn.RemoteAddr(), err)
 		return
 	}

test/test-no-outdated-migrations.sh

@@ -12,7 +12,7 @@ trap 'rm ${NEW_FILES_LIST}' EXIT
 for svc in $SERVICES; do
   for dbenv in $DBENVS; do
     DB_DIR=$svc/_db/
-    git diff --name-only master -- ${DB_DIR} > ${NEW_FILES_LIST}
+    git diff --name-only main -- ${DB_DIR} > ${NEW_FILES_LIST}
     # Search for files in the migrations directory match the new files or come
     # lexically after them, then filter out the new files.
     GREP_OUT="$(ls ${DB_DIR}migrations/* | sort | \