This commit updates the `github.com/weppos/publicsuffix-go` dependency to
67ec7c1, the tip of master at the time of writing.
Unit tests are verified to pass:
```
$ go test ./...
? github.com/weppos/publicsuffix-go/cmd/load [no test files]
ok github.com/weppos/publicsuffix-go/net/publicsuffix (cached)
ok github.com/weppos/publicsuffix-go/publicsuffix (cached)
```
Prior to this commit the builds of master are failing in Travis with an
error during the `godep-restore` phase of our CI:
```
[ godep-restore] Starting
godep restore
rm -rf Godeps/ vendor/
godep save ./...
diff /dev/fd/63 /dev/fd/62
254c254
< "Comment": "v1.3-28-g3955978",
---
> "Comment": "v1.3.0-28-g3955978",
> git diff --exit-code -- ./vendor/
>
```
This seems to be a mysterious difference in the "Comment" field of the
`github.com/go-sql-driver/mysql` dependency. This dep hasn't changed
versions so given the general level of frustration involved with
debugging Godep it seems like the easiest path forward is to mimick the
diff.
This commit updates the "Comment" filed to match what CI expects.
Updates `golang.org/x/net` to master (d11bb6cd).
```
$ go test ./...
ok golang.org/x/net/bpf (cached)
ok golang.org/x/net/context (cached)
ok golang.org/x/net/context/ctxhttp (cached)
? golang.org/x/net/dict [no test files]
ok golang.org/x/net/dns/dnsmessage (cached)
ok golang.org/x/net/html (cached)
ok golang.org/x/net/html/atom (cached)
ok golang.org/x/net/html/charset (cached)
ok golang.org/x/net/http/httpguts (cached)
ok golang.org/x/net/http/httpproxy (cached)
ok golang.org/x/net/http2 (cached)
? golang.org/x/net/http2/h2i [no test files]
ok golang.org/x/net/http2/hpack (cached)
ok golang.org/x/net/icmp 0.199s
ok golang.org/x/net/idna (cached)
? golang.org/x/net/internal/iana [no test files]
? golang.org/x/net/internal/nettest [no test files]
ok golang.org/x/net/internal/socket (cached)
ok golang.org/x/net/internal/socks (cached)
ok golang.org/x/net/internal/sockstest (cached)
ok golang.org/x/net/internal/timeseries (cached)
ok golang.org/x/net/ipv4 (cached)
ok golang.org/x/net/ipv6 (cached)
ok golang.org/x/net/nettest (cached)
ok golang.org/x/net/netutil (cached)
ok golang.org/x/net/proxy (cached)
ok golang.org/x/net/publicsuffix (cached)
ok golang.org/x/net/trace (cached)
ok golang.org/x/net/webdav (cached)
ok golang.org/x/net/webdav/internal/xml (cached)
ok golang.org/x/net/websocket (cached)
ok golang.org/x/net/xsrftoken (cached)
```
Fixes#3692.
This PR updates the Boulder github.com/weppos/publicsuffix-go dependency to
weppos/publicsuffix-go@542377b - the tip of master at the time of writing.
Unit tests are confirmed to pass:
$ go test ./...
? github.com/weppos/publicsuffix-go/cmd/load [no test files]
ok github.com/weppos/publicsuffix-go/net/publicsuffix 0.005s
ok github.com/weppos/publicsuffix-go/publicsuffix 0.022s
Notably this update adds the .sport TLD and we've had some requests to support issuance for domains under this newly created TLD.
* Update `globalsign/certlint` to d4a45be.
This commit updates the `github.com/globalsign/certlint` dependency to
the latest tip of master (d4a45be06892f3e664f69892aca79a48df510be0).
Unit tests are confirmed to pass:
```
$ go test ./...
ok github.com/globalsign/certlint 3.816s
ok github.com/globalsign/certlint/asn1 (cached)
? github.com/globalsign/certlint/certdata [no test files]
? github.com/globalsign/certlint/checks [no test files]
? github.com/globalsign/certlint/checks/certificate/aiaissuers [no
test files]
? github.com/globalsign/certlint/checks/certificate/all [no test
files]
? github.com/globalsign/certlint/checks/certificate/basicconstraints
[no test files]
? github.com/globalsign/certlint/checks/certificate/extensions [no
test files]
? github.com/globalsign/certlint/checks/certificate/extkeyusage [no
test files]
ok github.com/globalsign/certlint/checks/certificate/internal
(cached)
? github.com/globalsign/certlint/checks/certificate/issuerdn [no
test files]
? github.com/globalsign/certlint/checks/certificate/keyusage [no
test files]
? github.com/globalsign/certlint/checks/certificate/publickey [no
test files]
? github.com/globalsign/certlint/checks/certificate/publickey/goodkey
[no test files]
ok github.com/globalsign/certlint/checks/certificate/publicsuffix
(cached)
? github.com/globalsign/certlint/checks/certificate/revocation [no
test files]
? github.com/globalsign/certlint/checks/certificate/serialnumber
[no test files]
? github.com/globalsign/certlint/checks/certificate/signaturealgorithm
[no test files]
ok github.com/globalsign/certlint/checks/certificate/subject (cached)
ok github.com/globalsign/certlint/checks/certificate/subjectaltname
(cached)
? github.com/globalsign/certlint/checks/certificate/validity [no
test files]
? github.com/globalsign/certlint/checks/certificate/version [no test
files]
? github.com/globalsign/certlint/checks/certificate/wildcard [no
test files]
? github.com/globalsign/certlint/checks/extensions/adobetimestamp
[no test files]
? github.com/globalsign/certlint/checks/extensions/all [no test
files]
? github.com/globalsign/certlint/checks/extensions/authorityinfoaccess
[no test files]
? github.com/globalsign/certlint/checks/extensions/authoritykeyid
[no test files]
? github.com/globalsign/certlint/checks/extensions/basicconstraints
[no test files]
? github.com/globalsign/certlint/checks/extensions/crldistributionpoints
[no test files]
? github.com/globalsign/certlint/checks/extensions/ct [no test
files]
? github.com/globalsign/certlint/checks/extensions/extkeyusage [no
test files]
? github.com/globalsign/certlint/checks/extensions/keyusage [no test
files]
? github.com/globalsign/certlint/checks/extensions/nameconstraints
[no test files]
ok github.com/globalsign/certlint/checks/extensions/ocspmuststaple
(cached)
? github.com/globalsign/certlint/checks/extensions/ocspnocheck [no
test files]
? github.com/globalsign/certlint/checks/extensions/pdfrevocation
[no test files]
? github.com/globalsign/certlint/checks/extensions/policyidentifiers
[no test files]
? github.com/globalsign/certlint/checks/extensions/smimecapabilities
[no test files]
? github.com/globalsign/certlint/checks/extensions/subjectaltname
[no test files]
? github.com/globalsign/certlint/checks/extensions/subjectkeyid [no
test files]
ok github.com/globalsign/certlint/errors (cached)
? github.com/globalsign/certlint/examples/ct [no test files]
? github.com/globalsign/certlint/examples/specificchecks [no test
files]
```
* Certchecker: Remove OCSP Must Staple err ignore, fix typos.
This commit removes the explicit ignore for OCSP Must Staple errors that
was added when the upstream `certlint` package didn't understand that
PKIX extension. That problem was resolved and so we can remove the
ignore from `cert-checker`.
This commit also fixes two typos that were fixed upstream and needed to
be reflected in expected error messages in the `certlint` unit test.
* Certchecker: Ignore Certlint CN/SAN == PSL errors.
`globalsign/certlint`, used by `cmd/cert-checker` to vet certs,
improperly flags certificates that have subj CN/SANs equal to a private
entry in the public suffix list as faulty.
This commit adds a regex that will skip errors that match the certlint
PSL error string. Prior to this workaround the addition of a private PSL
entry as a SAN in the `TestCheckCert` test cert fails the test:
```
--- FAIL: TestCheckCert (1.72s)
main_test.go:221: Found unexpected problem 'Certificate subjectAltName
"dev-myqnapcloud.com" equals "dev-myqnapcloud.com" from the public
suffix list'.
```
With the workaround in place, the test passes again.
Pulls in SCT list serialization fix, unblocks #3521.
```
ok github.com/cloudflare/cfssl/api/client 1.137s coverage: 52.2% of statements
ok github.com/cloudflare/cfssl/api/crl 1.110s coverage: 75.0% of statements
ok github.com/cloudflare/cfssl/api/gencrl 1.062s coverage: 72.5% of statements
ok github.com/cloudflare/cfssl/api/generator 1.304s coverage: 33.3% of statements
ok github.com/cloudflare/cfssl/api/info 1.133s coverage: 84.1% of statements
ok github.com/cloudflare/cfssl/api/initca 1.068s coverage: 90.5% of statements
ok github.com/cloudflare/cfssl/api/ocsp 1.152s coverage: 93.8% of statements
ok github.com/cloudflare/cfssl/api/revoke 2.574s coverage: 75.0% of statements
ok github.com/cloudflare/cfssl/api/scan 2.885s coverage: 62.1% of statements
ok github.com/cloudflare/cfssl/api/sign 3.188s coverage: 83.3% of statements
ok github.com/cloudflare/cfssl/api/signhandler 1.179s coverage: 26.3% of statements
ok github.com/cloudflare/cfssl/auth 1.012s coverage: 68.2% of statements
ok github.com/cloudflare/cfssl/bundler 15.700s coverage: 84.5% of statements
ok github.com/cloudflare/cfssl/certdb/dbconf 1.016s coverage: 84.2% of statements
ok github.com/cloudflare/cfssl/certdb/ocspstapling 1.415s coverage: 69.2% of statements
ok github.com/cloudflare/cfssl/certdb/sql 1.248s coverage: 70.5% of statements
ok github.com/cloudflare/cfssl/cli 1.013s coverage: 61.9% of statements
ok github.com/cloudflare/cfssl/cli/bundle 1.012s coverage: 0.0% of statements [no tests to run]
ok github.com/cloudflare/cfssl/cli/crl 1.091s coverage: 57.8% of statements
ok github.com/cloudflare/cfssl/cli/gencert 11.960s coverage: 83.6% of statements
ok github.com/cloudflare/cfssl/cli/gencrl 1.089s coverage: 73.3% of statements
ok github.com/cloudflare/cfssl/cli/gencsr 1.064s coverage: 70.3% of statements
ok github.com/cloudflare/cfssl/cli/genkey 6.415s coverage: 70.0% of statements
ok github.com/cloudflare/cfssl/cli/ocsprefresh 1.060s coverage: 64.3% of statements
ok github.com/cloudflare/cfssl/cli/revoke 1.033s coverage: 88.2% of statements
ok github.com/cloudflare/cfssl/cli/scan 1.013s coverage: 36.0% of statements
ok github.com/cloudflare/cfssl/cli/selfsign 2.029s coverage: 73.2% of statements
ok github.com/cloudflare/cfssl/cli/serve 1.073s coverage: 39.0% of statements
ok github.com/cloudflare/cfssl/cli/sign 1.054s coverage: 54.8% of statements
ok github.com/cloudflare/cfssl/cli/version 1.012s coverage: 100.0% of statements
ok github.com/cloudflare/cfssl/cmd/cfssl 1.036s coverage: 0.0% of statements [no tests to run]
ok github.com/cloudflare/cfssl/cmd/cfssljson 1.018s coverage: 3.4% of statements
ok github.com/cloudflare/cfssl/cmd/mkbundle 1.012s coverage: 0.0% of statements [no tests to run]
ok github.com/cloudflare/cfssl/config 1.029s coverage: 67.7% of statements
ok github.com/cloudflare/cfssl/crl 1.056s coverage: 68.3% of statements
ok github.com/cloudflare/cfssl/csr 31.882s coverage: 89.6% of statements
ok github.com/cloudflare/cfssl/errors 1.016s coverage: 79.6% of statements
ok github.com/cloudflare/cfssl/helpers 1.251s coverage: 82.8% of statements
ok github.com/cloudflare/cfssl/helpers/testsuite 6.974s coverage: 65.8% of statements
ok github.com/cloudflare/cfssl/initca 207.580s coverage: 73.2% of statements
ok github.com/cloudflare/cfssl/log 1.010s coverage: 59.3% of statements
ok github.com/cloudflare/cfssl/multiroot/config 1.161s coverage: 77.4% of statements
ok github.com/cloudflare/cfssl/ocsp 1.230s coverage: 77.4% of statements
ok github.com/cloudflare/cfssl/revoke 1.336s coverage: 77.9% of statements
ok github.com/cloudflare/cfssl/scan 1.016s coverage: 1.1% of statements
ok github.com/cloudflare/cfssl/selfsign 1.059s coverage: 70.0% of statements
ok github.com/cloudflare/cfssl/signer 1.014s coverage: 19.4% of statements
ok github.com/cloudflare/cfssl/signer/local 3.355s coverage: 77.9% of statements
ok github.com/cloudflare/cfssl/signer/remote 2.371s coverage: 70.0% of statements
ok github.com/cloudflare/cfssl/signer/universal 2.163s coverage: 67.7% of statements
ok github.com/cloudflare/cfssl/transport 1.012s
ok github.com/cloudflare/cfssl/transport/ca/localca 1.043s coverage: 94.9% of statements
ok github.com/cloudflare/cfssl/transport/core 1.030s coverage: 90.9% of statements
ok github.com/cloudflare/cfssl/transport/kp 1.032s coverage: 37.1% of statements
ok github.com/cloudflare/cfssl/ubiquity 1.034s coverage: 88.3% of statements
ok github.com/cloudflare/cfssl/whitelist 2.879s coverage: 100.0% of statements
```
This pulls in an upstream change that allows us to reference the Protected
header separately from the unprotected one (confusingly just called Header).
$ go test gopkg.in/square/go-jose.v2/...
ok gopkg.in/square/go-jose.v2 16.625s
ok gopkg.in/square/go-jose.v2/cipher 0.004s
? gopkg.in/square/go-jose.v2/jose-util [no test files]
ok gopkg.in/square/go-jose.v2/json 2.080s
? gopkg.in/square/go-jose.v2/jwk-keygen [no test files]
ok gopkg.in/square/go-jose.v2/jwt 0.128s
```
roland@catbus ~/code/go/src/github.com/cloudflare/cfssl master ./test.sh
BUILDING.md Gopkg.toml certdb crl helpers revoke test.sh
CHANGELOG LICENSE certinfo crypto info scan testdata
Dockerfile README.md cli csr initca script transport
Dockerfile.build api cmd doc log selfsign ubiquity
Dockerfile.minimal auth config errors multiroot signer vendor
Gopkg.lock bundler coverprofile.txt gopath ocsp test.prof whitelist
ok github.com/cloudflare/cfssl/api 1.043s coverage: 81.1% of statements
ok github.com/cloudflare/cfssl/api/bundle 1.570s coverage: 87.2% of statements
ok github.com/cloudflare/cfssl/api/certadd 12.607s coverage: 86.8% of statements
ok github.com/cloudflare/cfssl/api/client 1.070s coverage: 52.2% of statements
ok github.com/cloudflare/cfssl/api/crl 1.107s coverage: 75.0% of statements
ok github.com/cloudflare/cfssl/api/gencrl 1.057s coverage: 72.5% of statements
ok github.com/cloudflare/cfssl/api/generator 1.262s coverage: 33.3% of statements
ok github.com/cloudflare/cfssl/api/info 1.102s coverage: 84.1% of statements
ok github.com/cloudflare/cfssl/api/initca 1.073s coverage: 90.5% of statements
ok github.com/cloudflare/cfssl/api/ocsp 1.116s coverage: 93.8% of statements
ok github.com/cloudflare/cfssl/api/revoke 2.923s coverage: 75.0% of statements
ok github.com/cloudflare/cfssl/api/scan 17.178s coverage: 62.1% of statements
ok github.com/cloudflare/cfssl/api/sign 2.221s coverage: 83.3% of statements
ok github.com/cloudflare/cfssl/api/signhandler 1.145s coverage: 26.3% of statements
ok github.com/cloudflare/cfssl/auth 1.022s coverage: 68.2% of statements
ok github.com/cloudflare/cfssl/bundler 14.899s coverage: 84.5% of statements
ok github.com/cloudflare/cfssl/certdb/dbconf 1.040s coverage: 84.2% of statements
ok github.com/cloudflare/cfssl/certdb/ocspstapling 1.283s coverage: 69.2% of statements
ok github.com/cloudflare/cfssl/certdb/sql 1.092s coverage: 70.5% of statements
ok github.com/cloudflare/cfssl/cli 1.036s coverage: 61.9% of statements
ok github.com/cloudflare/cfssl/cli/bundle 1.034s coverage: 0.0% of statements [no tests to run]
ok github.com/cloudflare/cfssl/cli/crl 1.106s coverage: 57.8% of statements
ok github.com/cloudflare/cfssl/cli/gencert 6.106s coverage: 83.6% of statements
ok github.com/cloudflare/cfssl/cli/gencrl 1.081s coverage: 73.3% of statements
ok github.com/cloudflare/cfssl/cli/gencsr 1.075s coverage: 70.3% of statements
ok github.com/cloudflare/cfssl/cli/genkey 2.903s coverage: 70.0% of statements
ok github.com/cloudflare/cfssl/cli/ocsprefresh 1.074s coverage: 64.3% of statements
ok github.com/cloudflare/cfssl/cli/revoke 1.054s coverage: 88.2% of statements
ok github.com/cloudflare/cfssl/cli/scan 1.032s coverage: 36.0% of statements
ok github.com/cloudflare/cfssl/cli/selfsign 2.429s coverage: 73.2% of statements
ok github.com/cloudflare/cfssl/cli/serve 1.172s coverage: 39.0% of statements
ok github.com/cloudflare/cfssl/cli/sign 1.058s coverage: 54.8% of statements
ok github.com/cloudflare/cfssl/cli/version 1.028s coverage: 100.0% of statements
ok github.com/cloudflare/cfssl/cmd/cfssl 1.196s coverage: 0.0% of statements [no tests to run]
ok github.com/cloudflare/cfssl/cmd/cfssljson 1.031s coverage: 3.4% of statements
ok github.com/cloudflare/cfssl/cmd/mkbundle 1.032s coverage: 0.0% of statements [no tests to run]
ok github.com/cloudflare/cfssl/config 1.054s coverage: 67.7% of statements
ok github.com/cloudflare/cfssl/crl 1.072s coverage: 68.3% of statements
ok github.com/cloudflare/cfssl/csr 20.657s coverage: 89.6% of statements
ok github.com/cloudflare/cfssl/errors 1.029s coverage: 79.6% of statements
ok github.com/cloudflare/cfssl/helpers 1.225s coverage: 82.8% of statements
ok github.com/cloudflare/cfssl/helpers/testsuite 6.558s coverage: 65.8% of statements
ok github.com/cloudflare/cfssl/initca 81.870s coverage: 73.2% of statements
ok github.com/cloudflare/cfssl/log 1.019s coverage: 59.3% of statements
ok github.com/cloudflare/cfssl/multiroot/config 1.190s coverage: 77.4% of statements
ok github.com/cloudflare/cfssl/ocsp 1.226s coverage: 77.4% of statements
ok github.com/cloudflare/cfssl/revoke 1.832s coverage: 77.9% of statements
ok github.com/cloudflare/cfssl/scan 1.042s coverage: 1.1% of statements
ok github.com/cloudflare/cfssl/selfsign 1.073s coverage: 70.0% of statements
ok github.com/cloudflare/cfssl/signer 1.030s coverage: 19.4% of statements
ok github.com/cloudflare/cfssl/signer/local 3.171s coverage: 78.1% of statements
ok github.com/cloudflare/cfssl/signer/remote 2.197s coverage: 70.0% of statements
ok github.com/cloudflare/cfssl/signer/universal 2.061s coverage: 67.7% of statements
ok github.com/cloudflare/cfssl/transport 1.031s
ok github.com/cloudflare/cfssl/transport/ca/localca 1.062s coverage: 94.9% of statements
ok github.com/cloudflare/cfssl/transport/core 1.054s coverage: 90.9% of statements
ok github.com/cloudflare/cfssl/transport/kp 1.059s coverage: 37.1% of statements
ok github.com/cloudflare/cfssl/transport/roots/system 1.384s coverage: 77.1% of statements
ok github.com/cloudflare/cfssl/ubiquity 1.057s coverage: 88.3% of statements
ok github.com/cloudflare/cfssl/whitelist 2.060s coverage: 100.0% of statements
```
This change updates boulder-tools to use Go 1.10, and references a
newly-pushed image built using that new config.
Since boulder-tools pulls in the latest Certbot master at the time of
build, this also pulls in the latest changes to Certbot's acme module,
which now supports ACME v2. This means we no longer have to check out
the special acme-v2-integration branch in our integration tests.
This also updates chisel2.py to reflect some of the API changes that
landed in the acme module as it was merged to master.
Since we don't need additional checkouts to get the ACMEv2-compatible
version of the acme module, we can include it in the default RUN set for
local tests.
* Re-vendor certificate-transparency-go to latest.
$ go test github.com/google/certificate-transparency-go{,/asn1,/client,/client/configpb,/jsonclient,/tls,/x509/pkix} golang.org/x/crypto/cryptobyte{,/asn1}
ok github.com/google/certificate-transparency-go 0.722s
ok github.com/google/certificate-transparency-go/asn1 0.011s
ok github.com/google/certificate-transparency-go/client 22.995s
? github.com/google/certificate-transparency-go/client/configpb [no test files]
ok github.com/google/certificate-transparency-go/jsonclient 0.020s
ok github.com/google/certificate-transparency-go/tls 0.096s
? github.com/google/certificate-transparency-go/x509/pkix [no test files]
ok golang.org/x/crypto/cryptobyte 0.013s
? golang.org/x/crypto/cryptobyte/asn1 [no test files]
* Bring in latest ct-go master.
In #3454, I tried to update certificate-transparency-go, but that pulled in a bunch of extra package updates, making for a complicated PR. This PR breaks out one of the packages that needed update, to allow us to bring things up to date in a simpler, more piecemeal fashion.
$ go test golang.org/x/crypto/...
ok golang.org/x/crypto/acme 2.564s
ok golang.org/x/crypto/acme/autocert 0.634s
ok golang.org/x/crypto/argon2 0.118s
ok golang.org/x/crypto/bcrypt 2.282s
ok golang.org/x/crypto/blake2b 0.103s
ok golang.org/x/crypto/blake2s 0.072s
ok golang.org/x/crypto/blowfish 0.006s
ok golang.org/x/crypto/bn256 0.462s
2ok golang.org/x/crypto/cast5 4.288s
ok golang.org/x/crypto/chacha20poly1305 0.037s
ok golang.org/x/crypto/cryptobyte 0.012s
? golang.org/x/crypto/cryptobyte/asn1 [no test files]
ok golang.org/x/crypto/curve25519 0.029s
ok golang.org/x/crypto/ed25519 0.082s
? golang.org/x/crypto/ed25519/internal/edwards25519 [no test files]
ok golang.org/x/crypto/hkdf 0.003s
ok golang.org/x/crypto/internal/chacha20 0.002s
ok golang.org/x/crypto/md4 0.002s
ok golang.org/x/crypto/nacl/auth 1.473s
ok golang.org/x/crypto/nacl/box 0.007s
ok golang.org/x/crypto/nacl/secretbox 0.004s
ok golang.org/x/crypto/ocsp 0.034s
ok golang.org/x/crypto/openpgp 7.275s
ok golang.org/x/crypto/openpgp/armor 0.015s
ok golang.org/x/crypto/openpgp/clearsign 0.028s
ok golang.org/x/crypto/openpgp/elgamal 0.015s
? golang.org/x/crypto/openpgp/errors [no test files]
ok golang.org/x/crypto/openpgp/packet 0.170s
ok golang.org/x/crypto/openpgp/s2k 9.401s
ok golang.org/x/crypto/otr 0.321s
ok golang.org/x/crypto/pbkdf2 0.046s
ok golang.org/x/crypto/pkcs12 0.065s
ok golang.org/x/crypto/pkcs12/internal/rc2 0.014s
ok golang.org/x/crypto/poly1305 0.023s
ok golang.org/x/crypto/ripemd160 0.061s
ok golang.org/x/crypto/salsa20 0.029s
ok golang.org/x/crypto/salsa20/salsa 0.043s
ok golang.org/x/crypto/scrypt 0.815s
ok golang.org/x/crypto/sha3 0.263s
ok golang.org/x/crypto/ssh 1.175s
ok golang.org/x/crypto/ssh/agent 0.827s
ok golang.org/x/crypto/ssh/knownhosts 0.038s
ok golang.org/x/crypto/ssh/terminal 0.029s
ok golang.org/x/crypto/ssh/test 0.148s
ok golang.org/x/crypto/tea 0.012s
ok golang.org/x/crypto/twofish 0.013s
ok golang.org/x/crypto/xtea 0.002s
ok golang.org/x/crypto/xts 0.016s
In #3454, I tried to update certificate-transparency-go, but that pulled in a bunch of extra package updates, making for a complicated PR. This PR breaks out one of the packages that needed update, to allow us to bring things up to date in a simpler, more piecemeal fashion.
$ go test github.com/golang/protobuf/...
ok github.com/golang/protobuf/descriptor 0.004s
ok github.com/golang/protobuf/jsonpb 0.012s
? github.com/golang/protobuf/jsonpb/jsonpb_test_proto [no test
files]
ok github.com/golang/protobuf/proto 0.062s
? github.com/golang/protobuf/proto/proto3_proto [no test files]
? github.com/golang/protobuf/protoc-gen-go [no test files]
? github.com/golang/protobuf/protoc-gen-go/descriptor [no test
files]
ok github.com/golang/protobuf/protoc-gen-go/generator 0.002s
? github.com/golang/protobuf/protoc-gen-go/grpc [no test files]
? github.com/golang/protobuf/protoc-gen-go/plugin [no test files]
ok github.com/golang/protobuf/ptypes 0.014s
? github.com/golang/protobuf/ptypes/any [no test files]
? github.com/golang/protobuf/ptypes/duration [no test files]
? github.com/golang/protobuf/ptypes/empty [no test files]
? github.com/golang/protobuf/ptypes/struct [no test files]
? github.com/golang/protobuf/ptypes/timestamp [no test files]
? github.com/golang/protobuf/ptypes/wrappers [no test files]
This commit updates the github.com/miekg/pkcs11 dependency to
88ac7c418f89b164432a00c46ec7b7612d686b57, the tip of master at the time
of writing.
This incorporates a fix for Golang 1.9.4.
Confirmed upstream unit tests pass:
$> git rev-parse HEAD
88ac7c418f89b164432a00c46ec7b7612d686b57
$> go test ./...
ok github.com/miekg/pkcs11 0.676s
Resolves#3442
Update CFSSL to get upstream ocsp changes required to minimize log
volume.
Confirmed that unit tests pass:
```
$ git rev-parse HEAD
ed5223a490ece4d66899bbb292e3e46c0677cb86
$> go test ./...
ok github.com/cloudflare/cfssl/api 0.009s
ok github.com/cloudflare/cfssl/api/bundle 0.811s
ok github.com/cloudflare/cfssl/api/certadd 6.735s
? github.com/cloudflare/cfssl/api/certinfo [no test files]
ok github.com/cloudflare/cfssl/api/client 0.069s
ok github.com/cloudflare/cfssl/api/crl 0.103s
ok github.com/cloudflare/cfssl/api/gencrl 0.008s
ok github.com/cloudflare/cfssl/api/generator 0.051s
ok github.com/cloudflare/cfssl/api/info 0.027s
ok github.com/cloudflare/cfssl/api/initca 0.022s
ok github.com/cloudflare/cfssl/api/ocsp 0.026s
ok github.com/cloudflare/cfssl/api/revoke 0.614s
ok github.com/cloudflare/cfssl/api/scan 51.888s
ok github.com/cloudflare/cfssl/api/sign 0.329s
ok github.com/cloudflare/cfssl/api/signhandler 0.056s
ok github.com/cloudflare/cfssl/auth 0.002s
ok github.com/cloudflare/cfssl/bundler 7.864s
? github.com/cloudflare/cfssl/certdb [no test files]
ok github.com/cloudflare/cfssl/certdb/dbconf 0.003s
ok github.com/cloudflare/cfssl/certdb/ocspstapling 1.103s
ok github.com/cloudflare/cfssl/certdb/sql 0.369s
? github.com/cloudflare/cfssl/certdb/testdb [no test files]
? github.com/cloudflare/cfssl/certinfo [no test files]
ok github.com/cloudflare/cfssl/cli 0.003s
ok github.com/cloudflare/cfssl/cli/bundle 0.003s [no tests to run]
? github.com/cloudflare/cfssl/cli/certinfo [no test files]
ok github.com/cloudflare/cfssl/cli/crl 0.061s
ok github.com/cloudflare/cfssl/cli/gencert 1.518s
ok github.com/cloudflare/cfssl/cli/gencrl 0.011s
ok github.com/cloudflare/cfssl/cli/gencsr 0.010s
ok github.com/cloudflare/cfssl/cli/genkey 0.583s
? github.com/cloudflare/cfssl/cli/info [no test files]
? github.com/cloudflare/cfssl/cli/ocspdump [no test files]
ok github.com/cloudflare/cfssl/cli/ocsprefresh 0.068s
? github.com/cloudflare/cfssl/cli/ocspserve [no test files]
? github.com/cloudflare/cfssl/cli/ocspsign [no test files]
? github.com/cloudflare/cfssl/cli/printdefault [no test files]
ok github.com/cloudflare/cfssl/cli/revoke 0.092s
ok github.com/cloudflare/cfssl/cli/scan 0.003s
ok github.com/cloudflare/cfssl/cli/selfsign 0.648s
ok github.com/cloudflare/cfssl/cli/serve 0.016s
ok github.com/cloudflare/cfssl/cli/sign 0.041s
ok github.com/cloudflare/cfssl/cli/version 0.003s
ok github.com/cloudflare/cfssl/cmd/cfssl 0.005s [no tests to run]
? github.com/cloudflare/cfssl/cmd/cfssl-bundle [no test files]
? github.com/cloudflare/cfssl/cmd/cfssl-certinfo [no test files]
? github.com/cloudflare/cfssl/cmd/cfssl-newkey [no test files]
? github.com/cloudflare/cfssl/cmd/cfssl-scan [no test files]
ok github.com/cloudflare/cfssl/cmd/cfssljson 0.012s
ok github.com/cloudflare/cfssl/cmd/mkbundle 0.011s [no tests
to run]
? github.com/cloudflare/cfssl/cmd/multirootca [no test files]
ok github.com/cloudflare/cfssl/config 0.004s
ok github.com/cloudflare/cfssl/crl 0.013s
? github.com/cloudflare/cfssl/crypto [no test files]
? github.com/cloudflare/cfssl/crypto/pkcs7 [no test files]
ok github.com/cloudflare/cfssl/csr 4.836s
ok github.com/cloudflare/cfssl/errors 0.004s
ok github.com/cloudflare/cfssl/helpers 0.037s
? github.com/cloudflare/cfssl/helpers/derhelpers [no test files]
ok github.com/cloudflare/cfssl/helpers/testsuite 4.830s
? github.com/cloudflare/cfssl/info [no test files]
ok github.com/cloudflare/cfssl/initca 17.794s
ok github.com/cloudflare/cfssl/log 0.002s
ok github.com/cloudflare/cfssl/multiroot/config 0.022s
ok github.com/cloudflare/cfssl/ocsp 0.119s
? github.com/cloudflare/cfssl/ocsp/config [no test files]
? github.com/cloudflare/cfssl/ocsp/universal [no test files]
ok github.com/cloudflare/cfssl/revoke 2.172s
ok github.com/cloudflare/cfssl/scan 0.003s
? github.com/cloudflare/cfssl/scan/vendor/crypto [no test files]
? github.com/cloudflare/cfssl/scan/vendor/crypto/md5 [no test
files]
? github.com/cloudflare/cfssl/scan/vendor/crypto/rsa [no test
files]
? github.com/cloudflare/cfssl/scan/vendor/crypto/sha1 [no test
files]
? github.com/cloudflare/cfssl/scan/vendor/crypto/sha256 [no test
files]
? github.com/cloudflare/cfssl/scan/vendor/crypto/sha512 [no test
files]
? github.com/cloudflare/cfssl/scan/vendor/crypto/tls [no test
files]
ok github.com/cloudflare/cfssl/selfsign 0.011s
ok github.com/cloudflare/cfssl/signer 0.003s
ok github.com/cloudflare/cfssl/signer/local 0.419s
ok github.com/cloudflare/cfssl/signer/remote 0.341s
ok github.com/cloudflare/cfssl/signer/universal 0.262s
ok github.com/cloudflare/cfssl/transport 0.017s
? github.com/cloudflare/cfssl/transport/ca [no test files]
ok github.com/cloudflare/cfssl/transport/ca/localca 0.020s
ok github.com/cloudflare/cfssl/transport/core 0.021s
? github.com/cloudflare/cfssl/transport/example/exlib [no test
files]
? github.com/cloudflare/cfssl/transport/example/maclient [no test
files]
? github.com/cloudflare/cfssl/transport/example/maserver [no test
files]
ok github.com/cloudflare/cfssl/transport/kp 0.021s
? github.com/cloudflare/cfssl/transport/roots [no test files]
? github.com/cloudflare/cfssl/transport/roots/system [no test
files]
ok github.com/cloudflare/cfssl/ubiquity 0.012s
ok github.com/cloudflare/cfssl/whitelist 0.086s
? github.com/cloudflare/cfssl/whitelist/example [no test files]
```
This change is pulled out of #3294 in hopes of simplifying that change.
Tests run:
```
$ go test github.com/golang/mock/gomock/...
ok github.com/golang/mock/gomock 0.002s
? github.com/golang/mock/gomock/mock_matcher [no test files]
```
The go-grpc-prometheus package by default registers its metrics with Prometheus' global registry. In #3167, when we stopped using the global registry, we accidentally lost our gRPC metrics. This change adds them back.
Specifically, it adds two convenience functions, one for clients and one for servers, that makes the necessary metrics object and registers it. We run these in the main function of each server.
I considered adding these as part of StatsAndLogging, but the corresponding ClientMetrics and ServerMetrics objects (defined by go-grpc-prometheus) need to be subsequently made available during construction of the gRPC clients and servers. We could add them as fields on Scope, but this seemed like a little too much tight coupling.
Also, update go-grpc-prometheus to get the necessary methods.
```
$ go test github.com/grpc-ecosystem/go-grpc-prometheus/...
ok github.com/grpc-ecosystem/go-grpc-prometheus 0.069s
? github.com/grpc-ecosystem/go-grpc-prometheus/examples/testproto [no test files]
```
This pulls in multilog support (logs sharded by date). As a result,
it also pulls in new dependencies gogo/protobuf (for UnmarshalText) and
golang/protobuf/ptypes (for Timestamp).
Replaces #3202, adding a smaller set of dependencies. See also #3205.
Tests run:
```
$ go test github.com/gogo/protobuf/proto github.com/golang/protobuf/ptypes/... github.com/google/certificate-transparency-go/...
ok github.com/gogo/protobuf/proto 0.063s
ok github.com/golang/protobuf/ptypes 0.009s
? github.com/golang/protobuf/ptypes/any [no test files]
? github.com/golang/protobuf/ptypes/duration [no test files]
? github.com/golang/protobuf/ptypes/empty [no test files]
? github.com/golang/protobuf/ptypes/struct [no test files]
? github.com/golang/protobuf/ptypes/timestamp [no test files]
? github.com/golang/protobuf/ptypes/wrappers [no test files]
ok github.com/google/certificate-transparency-go 1.005s
ok github.com/google/certificate-transparency-go/asn1 0.021s
ok github.com/google/certificate-transparency-go/client 22.034s
? github.com/google/certificate-transparency-go/client/ctclient [no test files]
ok github.com/google/certificate-transparency-go/fixchain 0.145s
? github.com/google/certificate-transparency-go/fixchain/main [no test files]
ok github.com/google/certificate-transparency-go/fixchain/ratelimiter 27.745s
ok github.com/google/certificate-transparency-go/gossip 0.772s
? github.com/google/certificate-transparency-go/gossip/main [no test files]
ok github.com/google/certificate-transparency-go/jsonclient 25.523s
ok github.com/google/certificate-transparency-go/merkletree 0.004s
? github.com/google/certificate-transparency-go/preload [no test files]
? github.com/google/certificate-transparency-go/preload/dumpscts/main [no test files]
? github.com/google/certificate-transparency-go/preload/main [no test files]
ok github.com/google/certificate-transparency-go/scanner 0.010s
? github.com/google/certificate-transparency-go/scanner/main [no test files]
ok github.com/google/certificate-transparency-go/tls 0.026s
ok github.com/google/certificate-transparency-go/x509 0.417s
? github.com/google/certificate-transparency-go/x509/pkix [no test files]
? github.com/google/certificate-transparency-go/x509util [no test files]
```
Fixes https://github.com/letsencrypt/boulder/issues/3205.
Previously, we would only move aside Godeps.json before running `godep save ./...`. However, in order to get a true picture of what is needed, we must also remove the existing `vendor/` directory.
This change also removes some unnecessary dependencies that have piled up over the years, generally test dependencies. Godep used to vendor such dependencies but no longer does.
This pulls in google/safebrowsing#74, which introduces a new LookupURLsContext that allows us to pass through timeout information nicely.
Also, update calling code to use LookupURLsContext instead of LookupURLs.
The 2.1.3 release of go-jose.v2 contains a bug fix for a nil panic
encountering null values in JWS headers that affects Boulder. This
commit updates Boulder to use the 2.1.3 release.
Unit tests were confirmed to pass:
```
$ go test ./...
ok gopkg.in/square/go-jose.v2 13.648s
ok gopkg.in/square/go-jose.v2/cipher 0.003s
? gopkg.in/square/go-jose.v2/jose-util [no test files]
ok gopkg.in/square/go-jose.v2/json 1.199s
ok gopkg.in/square/go-jose.v2/jwt 0.064s
```
This commit updates the `github.com/google/safebrowsing` dependency to
commit f387af, the tip of master at the time of writing.
Unit tests were confirmed to pass per CONTRIBUTING.md:
```
$ go test ./...
ok github.com/google/safebrowsing 2.500s
? github.com/google/safebrowsing/cmd/sblookup [no test files]
? github.com/google/safebrowsing/cmd/sbserver [no test files]
? github.com/google/safebrowsing/cmd/sbserver/statik [no test files]
? github.com/google/safebrowsing/internal/safebrowsing_proto [no test files]
```
This commit updates the publicsuffix-go dependency to
6787cd3b348b18fab6371264ae5392cd8eca1723 the tip of master at the time
of writing.
The unit tests were verified to pass:
```
? github.com/weppos/publicsuffix-go/cmd/load [no test files]
ok github.com/weppos/publicsuffix-go/net/publicsuffix 0.006s
ok github.com/weppos/publicsuffix-go/publicsuffix 0.024s
```
Godep apparently breaks when trying to parse code that specifies build tags for versions of golang above that with which it was built (which it shouldn't be parsing in the first place). This breaks the travis tests since `golang.org/x/net/context` now contains golang 1.9 specific code. In order to get around this we temporarily disable the error check for `godep save ./...` in test.sh. Opened #2965 to revert this once Godep is fixed or we move to golang 1.9.
Requires an update to `golang.org/x/net` and adding `golang.org/x/text`.
```
[roland@niya:~/gopath/src/golang.org/x/net]$ go test ./...
ok golang.org/x/net/bpf 0.472s
ok golang.org/x/net/context 0.090s
ok golang.org/x/net/context/ctxhttp 0.161s
? golang.org/x/net/dict [no test files]
ok golang.org/x/net/dns/dnsmessage 0.044s
ok golang.org/x/net/html 0.094s
ok golang.org/x/net/html/atom 0.003s
ok golang.org/x/net/html/charset 0.027s
ok golang.org/x/net/http2 80.253s
? golang.org/x/net/http2/h2i [no test files]
ok golang.org/x/net/http2/hpack 0.064s
ok golang.org/x/net/icmp 0.026s
ok golang.org/x/net/idna 0.035s
? golang.org/x/net/internal/iana [no test files]
? golang.org/x/net/internal/nettest [no test files]
ok golang.org/x/net/internal/socket 0.005s
ok golang.org/x/net/internal/timeseries 0.024s
ok golang.org/x/net/ipv4 0.013s
ok golang.org/x/net/ipv6 0.036s
ok golang.org/x/net/lex/httplex 0.004s
ok golang.org/x/net/nettest 1.164s
ok golang.org/x/net/netutil 0.898s
ok golang.org/x/net/proxy 0.004s
ok golang.org/x/net/publicsuffix 0.202s
ok golang.org/x/net/trace 0.018s
ok golang.org/x/net/webdav 0.061s
ok golang.org/x/net/webdav/internal/xml 0.014s
ok golang.org/x/net/websocket 0.022s
ok golang.org/x/net/xsrftoken 0.025s
[roland@niya:~/gopath/src/golang.org/x/text]$ go test ./...
? golang.org/x/text [no test files]
ok golang.org/x/text/cases 0.439s
? golang.org/x/text/cmd/gotext [no test files]
ok golang.org/x/text/collate 0.038s
ok golang.org/x/text/collate/build 0.024s
? golang.org/x/text/collate/tools/colcmp [no test files]
ok golang.org/x/text/currency 2.961s
ok golang.org/x/text/encoding 0.005s
ok golang.org/x/text/encoding/charmap 0.060s
ok golang.org/x/text/encoding/htmlindex 0.005s
ok golang.org/x/text/encoding/ianaindex 0.030s
? golang.org/x/text/encoding/internal [no test files]
? golang.org/x/text/encoding/internal/enctest [no test files]
? golang.org/x/text/encoding/internal/identifier [no test files]
ok golang.org/x/text/encoding/japanese 0.098s
ok golang.org/x/text/encoding/korean 0.032s
ok golang.org/x/text/encoding/simplifiedchinese 0.100s
ok golang.org/x/text/encoding/traditionalchinese 0.012s
ok golang.org/x/text/encoding/unicode 0.013s
ok golang.org/x/text/encoding/unicode/utf32 0.071s
ok golang.org/x/text/feature/plural 0.352s
ok golang.org/x/text/internal 0.009s
ok golang.org/x/text/internal/catmsg 0.034s
ok golang.org/x/text/internal/colltab 1.817s
ok golang.org/x/text/internal/export/idna 0.040s
? golang.org/x/text/internal/format [no test files]
? golang.org/x/text/internal/gen [no test files]
ok golang.org/x/text/internal/number 0.028s
ok golang.org/x/text/internal/stringset 0.021s
ok golang.org/x/text/internal/tag 0.044s
? golang.org/x/text/internal/testtext [no test files]
ok golang.org/x/text/internal/triegen 0.357s
ok golang.org/x/text/internal/ucd 0.023s
? golang.org/x/text/internal/utf8internal [no test files]
ok golang.org/x/text/language 0.033s
ok golang.org/x/text/language/display 3.917s
ok golang.org/x/text/message 0.033s
ok golang.org/x/text/message/catalog 0.069s
ok golang.org/x/text/runes 0.039s
ok golang.org/x/text/search 0.019s
? golang.org/x/text/secure [no test files]
ok golang.org/x/text/secure/bidirule 0.032s
ok golang.org/x/text/secure/precis 0.066s
ok golang.org/x/text/transform 0.106s
? golang.org/x/text/unicode [no test files]
ok golang.org/x/text/unicode/bidi 0.026s
ok golang.org/x/text/unicode/cldr 0.114s
ok golang.org/x/text/unicode/norm 4.009s
ok golang.org/x/text/unicode/rangetable 1.516s
ok golang.org/x/text/unicode/runenames 0.011s
ok golang.org/x/text/width 0.310s
```
Fixes#2963.
This commit replaces the Boulder dependency on
gopkg.in/square/go-jose.v1 with gopkg.in/square/go-jose.v2. This is
necessary both to stay in front of bitrot and because the ACME v2 work
will require a feature from go-jose.v2 for JWS validation.
The largest part of this diff is cosmetic changes:
Changing import paths
jose.JsonWebKey -> jose.JSONWebKey
jose.JsonWebSignature -> jose.JSONWebSignature
jose.JoseHeader -> jose.Header
Some more significant changes were caused by updates in the API for
for creating new jose.Signer instances. Previously we constructed
these with jose.NewSigner(algorithm, key). Now these are created with
jose.NewSigner(jose.SigningKey{},jose.SignerOptions{}). At present all
signers specify EmbedJWK: true but this will likely change with
follow-up ACME V2 work.
Another change was the removal of the jose.LoadPrivateKey function
that the wfe tests relied on. The jose v2 API removed these functions,
moving them to a cmd's main package where we can't easily import them.
This function was reimplemented in the WFE's test code & updated to fail
fast rather than return errors.
Per CONTRIBUTING.md I have verified the go-jose.v2 tests at the imported
commit pass:
ok gopkg.in/square/go-jose.v2 14.771s
ok gopkg.in/square/go-jose.v2/cipher 0.025s
? gopkg.in/square/go-jose.v2/jose-util [no test files]
ok gopkg.in/square/go-jose.v2/json 1.230s
ok gopkg.in/square/go-jose.v2/jwt 0.073s
Resolves#2880
This uses the mysql driver library's capability to use `SET` to set the system
variables that prefixdb previously was.
Unfortunately, the library doesn't sort the params when making the string, so we
have to do a little munging to TestNewDbMap.
Ran it in a checkout of the repo since godeps now doesn't include the test files (which is great!).
```
MYSQL_TEST_ADDR=127.0.0.1:3306 go test .
ok github.com/go-sql-driver/mysql 46.099s
```
This commit updates the
`github.com/weppos/publicsuffix-go/publicsuffix` dependency to commit
e91dbc7, the tip of master at the time of writing.
Unit tests are confirmed to pass:
```
:~/go/src/github.com/weppos/publicsuffix-go$ go test ./...
? github.com/weppos/publicsuffix-go/cmd/load [no test files]
ok github.com/weppos/publicsuffix-go/net/publicsuffix 0.006s
ok github.com/weppos/publicsuffix-go/publicsuffix 0.025s
```
Update github.com/google/safebrowsing and block on database health before starting VA
before starting `boulder-va`.
```
$ go test .
ok github.com/google/safebrowsing 4.510s
$ go test .
ok github.com/golang/protobuf/ptypes 0.002s
```
Fixes#2742.
This commit updates the `publicsuffix-go` dependency to f5c9a8, the tip
of master at the time of writing.
Per CONTRIBUTING.md, the unit tests were run:
```
~/go/src/github.com/weppos/publicsuffix-go$ go test
./...
? github.com/weppos/publicsuffix-go/cmd/load [no test files]
ok github.com/weppos/publicsuffix-go/net/publicsuffix 0.006s
ok github.com/weppos/publicsuffix-go/publicsuffix 0.025s
```
When running `gomock` to generate mocks in the boulder-tools image there is a requirement on `github.com/golang/mock/mockgen/model` but only during runtime (it is not required to build `gomock`). So that we don't require users to `go get` this package so that it exists in their GOPATH we need to vendor it so that it is always in the GOPATH of the boulder-tools image. In order to vendor this package (since it isn't actually used anywhere) we need to add a special file that imports this package and uses it for a variable that isn't actually used anywhere so that we can satisfy `godep`, this is done in the `test` package.
Fixes#2751.
Per review policy, running tests in updated dependencies yields:
```
$ go test ./vendor/github.com/cloudflare/cfssl/ocsp/
? github.com/letsencrypt/boulder/vendor/github.com/cloudflare/cfssl/ocsp [no test files]
```
Switches imports from `github.com/google/certificate-transparency` to `github.com/google/certificate-transparency-go` and vendors the new code. Also fixes a number of small breakages caused by API changes since the last time we vendored the code. Also updates `github.com/cloudflare/cfssl` since you can't vendor both `github.com/google/certificate-transparency` and `github.com/google/certificate-transparency-go`.
Side note: while doing this `godep` tried to pull in a number of imports under the `golang.org/x/text` repo that I couldn't find actually being used anywhere so I just dropped the changes to `Godeps/Godeps.json` and didn't add the vendored dir to the tree, let's see if this breaks any tests...
All tests pass
```
$ go test ./...
ok github.com/google/certificate-transparency-go 0.640s
ok github.com/google/certificate-transparency-go/asn1 0.005s
ok github.com/google/certificate-transparency-go/client 22.054s
? github.com/google/certificate-transparency-go/client/ctclient [no test files]
ok github.com/google/certificate-transparency-go/fixchain 0.133s
? github.com/google/certificate-transparency-go/fixchain/main [no test files]
ok github.com/google/certificate-transparency-go/fixchain/ratelimiter 27.752s
ok github.com/google/certificate-transparency-go/gossip 0.322s
? github.com/google/certificate-transparency-go/gossip/main [no test files]
ok github.com/google/certificate-transparency-go/jsonclient 25.701s
ok github.com/google/certificate-transparency-go/merkletree 0.006s
? github.com/google/certificate-transparency-go/preload [no test files]
? github.com/google/certificate-transparency-go/preload/dumpscts/main [no test files]
? github.com/google/certificate-transparency-go/preload/main [no test files]
ok github.com/google/certificate-transparency-go/scanner 0.013s
? github.com/google/certificate-transparency-go/scanner/main [no test files]
ok github.com/google/certificate-transparency-go/tls 0.033s
ok github.com/google/certificate-transparency-go/x509 1.071s
? github.com/google/certificate-transparency-go/x509/pkix [no test files]
? github.com/google/certificate-transparency-go/x509util [no test files]
```
```
$ ./test.sh
...
ok github.com/cloudflare/cfssl/api 1.089s coverage: 81.1% of statements
ok github.com/cloudflare/cfssl/api/bundle 1.548s coverage: 87.2% of statements
ok github.com/cloudflare/cfssl/api/certadd 13.681s coverage: 86.8% of statements
ok github.com/cloudflare/cfssl/api/client 1.314s coverage: 55.2% of statements
ok github.com/cloudflare/cfssl/api/crl 1.124s coverage: 75.0% of statements
ok github.com/cloudflare/cfssl/api/gencrl 1.067s coverage: 72.5% of statements
ok github.com/cloudflare/cfssl/api/generator 2.809s coverage: 33.3% of statements
ok github.com/cloudflare/cfssl/api/info 1.112s coverage: 84.1% of statements
ok github.com/cloudflare/cfssl/api/initca 1.059s coverage: 90.5% of statements
ok github.com/cloudflare/cfssl/api/ocsp 1.178s coverage: 93.8% of statements
ok github.com/cloudflare/cfssl/api/revoke 2.282s coverage: 75.0% of statements
ok github.com/cloudflare/cfssl/api/scan 2.729s coverage: 62.1% of statements
ok github.com/cloudflare/cfssl/api/sign 2.483s coverage: 83.3% of statements
ok github.com/cloudflare/cfssl/api/signhandler 1.137s coverage: 26.3% of statements
ok github.com/cloudflare/cfssl/auth 1.030s coverage: 68.2% of statements
ok github.com/cloudflare/cfssl/bundler 15.014s coverage: 85.1% of statements
ok github.com/cloudflare/cfssl/certdb/dbconf 1.042s coverage: 78.9% of statements
ok github.com/cloudflare/cfssl/certdb/ocspstapling 1.919s coverage: 69.2% of statements
ok github.com/cloudflare/cfssl/certdb/sql 1.265s coverage: 65.7% of statements
ok github.com/cloudflare/cfssl/cli 1.050s coverage: 61.9% of statements
ok github.com/cloudflare/cfssl/cli/bundle 1.023s coverage: 0.0% of statements
ok github.com/cloudflare/cfssl/cli/crl 1.669s coverage: 57.8% of statements
ok github.com/cloudflare/cfssl/cli/gencert 9.278s coverage: 83.6% of statements
ok github.com/cloudflare/cfssl/cli/gencrl 1.310s coverage: 73.3% of statements
ok github.com/cloudflare/cfssl/cli/genkey 3.028s coverage: 70.0% of statements
ok github.com/cloudflare/cfssl/cli/ocsprefresh 1.106s coverage: 64.3% of statements
ok github.com/cloudflare/cfssl/cli/revoke 1.081s coverage: 88.2% of statements
ok github.com/cloudflare/cfssl/cli/scan 1.217s coverage: 36.0% of statements
ok github.com/cloudflare/cfssl/cli/selfsign 2.201s coverage: 73.2% of statements
ok github.com/cloudflare/cfssl/cli/serve 1.133s coverage: 39.0% of statements
ok github.com/cloudflare/cfssl/cli/sign 1.210s coverage: 54.8% of statements
ok github.com/cloudflare/cfssl/cli/version 2.475s coverage: 100.0% of statements
ok github.com/cloudflare/cfssl/cmd/cfssl 1.082s coverage: 0.0% of statements
ok github.com/cloudflare/cfssl/cmd/cfssljson 1.016s coverage: 4.0% of statements
ok github.com/cloudflare/cfssl/cmd/mkbundle 1.024s coverage: 0.0% of statements
ok github.com/cloudflare/cfssl/config 2.754s coverage: 67.7% of statements
ok github.com/cloudflare/cfssl/crl 1.063s coverage: 68.3% of statements
ok github.com/cloudflare/cfssl/csr 27.016s coverage: 89.6% of statements
ok github.com/cloudflare/cfssl/errors 1.081s coverage: 81.2% of statements
ok github.com/cloudflare/cfssl/helpers 1.217s coverage: 80.4% of statements
ok github.com/cloudflare/cfssl/helpers/testsuite 7.658s coverage: 65.8% of statements
ok github.com/cloudflare/cfssl/initca 205.809s coverage: 74.2% of statements
ok github.com/cloudflare/cfssl/log 1.016s coverage: 59.3% of statements
ok github.com/cloudflare/cfssl/multiroot/config 1.107s coverage: 77.4% of statements
ok github.com/cloudflare/cfssl/ocsp 1.524s coverage: 77.7% of statements
ok github.com/cloudflare/cfssl/revoke 1.775s coverage: 79.6% of statements
ok github.com/cloudflare/cfssl/scan 1.022s coverage: 1.1% of statements
ok github.com/cloudflare/cfssl/selfsign 1.119s coverage: 70.0% of statements
ok github.com/cloudflare/cfssl/signer 1.019s coverage: 20.0% of statements
ok github.com/cloudflare/cfssl/signer/local 3.146s coverage: 81.2% of statements
ok github.com/cloudflare/cfssl/signer/remote 2.328s coverage: 71.8% of statements
ok github.com/cloudflare/cfssl/signer/universal 2.280s coverage: 67.7% of statements
ok github.com/cloudflare/cfssl/transport 1.028s
ok github.com/cloudflare/cfssl/transport/ca/localca 1.056s coverage: 94.9% of statements
ok github.com/cloudflare/cfssl/transport/core 1.538s coverage: 90.9% of statements
ok github.com/cloudflare/cfssl/transport/kp 1.054s coverage: 37.1% of statements
ok github.com/cloudflare/cfssl/ubiquity 1.042s coverage: 88.3% of statements
ok github.com/cloudflare/cfssl/whitelist 2.304s coverage: 100.0% of statements
```
Fixes#2746.
This removes the config and code to output to statsd.
- Change `cmd.StatsAndLogging` to output a `Scope`, not a `Statter`.
- Remove the prefixing of component name (e.g. "VA") in front of stats; this was stripped by `autoProm` but now no longer needs to be.
- Delete vendored statsd client.
- Delete `MockStatter` (generated by gomock) and `mocks.Statter` (hand generated) in favor of mocking `metrics.Scope`, which is the interface we now use everywhere.
- Remove a few unused methods on `metrics.Scope`, and update its generated mock.
- Refactor `autoProm` and add `autoRegisterer`, which can be included in a `metrics.Scope`, avoiding global state. `autoProm` now registers everything with the `prometheus.Registerer` it is given.
- Change va_test.go's `setup()` to not return a stats object; instead the individual tests that care about stats override `va.stats` directly.
Fixes#2639, #2733.
This commit updates the `publicsuffix-go` dependency to 908fd3b. Per
CONTRIBUTING.md the upstream unit tests were verified to pass:
```
daniel@XXXX:~/go/src/github.com/weppos/publicsuffix-go$ git log --oneline | head -n1
908fd3b autopull: 2017-04-25T06:00:35Z (#75)
daniel@XXXX:~/go/src/github.com/weppos/publicsuffix-go$ go test ./...
? github.com/weppos/publicsuffix-go/cmd/load [no test files]
ok github.com/weppos/publicsuffix-go/net/publicsuffix 0.014s
ok github.com/weppos/publicsuffix-go/publicsuffix 0.027s
```
Deletes github.com/streadway/amqp and the various RabbitMQ setup tools etc. Changes how listenbuddy is used to proxy all of the gRPC client -> server connections so we test reconnection logic.
+49 -8,221 😁Fixes#2640 and #2562.
This PR updates the `publicsuffix-go` dependency to `fb1fc94`, the
latest autopull and the HEAD of master at the time of writing.
Per CONTRIBUTING.md the tests were verified to pass:
```
? github.com/weppos/publicsuffix-go/cmd/load [no test files]
ok github.com/weppos/publicsuffix-go/net/publicsuffix 0.007s
ok github.com/weppos/publicsuffix-go/publicsuffix 0.027s
```
Updates the various gRPC/protobuf libs (google.golang.org/grpc/... and github.com/golang/protobuf/proto) and the boulder-tools image so that we can update to the newest github.com/grpc-ecosystem/go-grpc-prometheus. Also regenerates all of the protobuf definition files.
Tests run on updated packages all pass.
Unblocks #2633fixes#2636.
Switch from `gorp.v1` to `gorp.v2`. Removes `vendor/gopkg.in/gorp.v1` and vendors `vendor/gopkg/go-gorp/gorp.v2`, all tests pass.
Changes between `v1.7.1` and `v2.0.0`: c87af80f3c...4deece6103Fixes#2490.
This commit updates the `publicsuffix-go` dependency to version 0.3.2,
the latest autopull.
Per CONTRIBUTING.md the tests are verified to pass:
```
HEAD position was 5ebfcac... Fix outdated version number
HEAD is now at c12e7e9... autopull: 2017-03-04T06:00:47Z (#62)
? github.com/weppos/publicsuffix-go/cmd/load [no test files]
=== RUN TestPublicSuffix
--- PASS: TestPublicSuffix (0.00s)
=== RUN TestEffectiveTLDPlusOne
--- PASS: TestEffectiveTLDPlusOne (0.00s)
PASS
ok github.com/weppos/publicsuffix-go/net/publicsuffix 0.007s
=== RUN TestValid
--- PASS: TestValid (0.00s)
=== RUN TestIncludePrivate
--- PASS: TestIncludePrivate (0.00s)
=== RUN TestIDNA
--- PASS: TestIDNA (0.00s)
=== RUN TestPsl
--- PASS: TestPsl (0.01s)
=== RUN TestNewListFromString
--- PASS: TestNewListFromString (0.00s)
=== RUN TestNewListFromString_IDNAInputIsUnicode
--- PASS: TestNewListFromString_IDNAInputIsUnicode (0.00s)
=== RUN TestNewListFromString_IDNAInputIsAscii
--- PASS: TestNewListFromString_IDNAInputIsAscii (0.00s)
=== RUN TestNewListFromFile
--- PASS: TestNewListFromFile (0.00s)
=== RUN TestListAddRule
--- PASS: TestListAddRule (0.00s)
=== RUN TestListFind
--- PASS: TestListFind (0.00s)
=== RUN TestNewRule_Normal
--- PASS: TestNewRule_Normal (0.00s)
=== RUN TestNewRule_Wildcard
--- PASS: TestNewRule_Wildcard (0.00s)
=== RUN TestNewRule_Exception
--- PASS: TestNewRule_Exception (0.00s)
=== RUN TestNewRule_FromASCII
--- PASS: TestNewRule_FromASCII (0.00s)
=== RUN TestNewRule_FromUnicode
--- PASS: TestNewRule_FromUnicode (0.00s)
=== RUN TestNewRuleUnicode_FromASCII
--- PASS: TestNewRuleUnicode_FromASCII (0.00s)
=== RUN TestNewRuleUnicode_FromUnicode
--- PASS: TestNewRuleUnicode_FromUnicode (0.00s)
=== RUN TestRuleMatch
--- PASS: TestRuleMatch (0.00s)
=== RUN TestRuleDecompose
--- PASS: TestRuleDecompose (0.00s)
=== RUN TestLabels
--- PASS: TestLabels (0.00s)
=== RUN TestCookieJarList
--- PASS: TestCookieJarList (0.00s)
PASS
ok github.com/weppos/publicsuffix-go/publicsuffix 0.027s
```
In the last weeks we made some large changes to the list of .RU and .SU domains in the PSL, due to some very old policy changes at the registry (2009) and more recent follow up.
Given the amount of pressure about these changes from certain users, most certainly because LE limits, I figured out you'll soon have people asking you to merge the changes. I've packaged a new release of publicsuffix-go, and updated the dependency in this PR.
$ git show master
commit c5490f26d8f43b84857ac54e23387b8ed9b100dd
Author: Simone Carletti <weppos@weppos.net>
Date: Tue Feb 7 23:26:14 2017 +0100
Release 0.3.2
➜ publicsuffix-go git:(master) go test ./...
? github.com/weppos/publicsuffix-go/cmd/load [no test files]
ok github.com/weppos/publicsuffix-go/net/publicsuffix 0.023s
ok github.com/weppos/publicsuffix-go/publicsuffix 0.039s
Please note this release also includes the .ONION as per publicsuffix/list#374
Pulls in logging improvements in OCSP Responder and the CT client, plus a handful of API changes. Also, the CT client verifies responses by default now.
This change includes some Boulder diffs to accommodate the API changes.
Daniel McCarney