| blob | aca011e0fba28380c9392587e03ec0e6898e79ca |
1 {
2 lib,
3 fetchFromGitHub,
4 buildGoModule,
5 testers,
6 boulder,
7 }:
9 buildGoModule rec {
10 pname = "boulder";
11 version = "2024-07-16";
13 src = fetchFromGitHub {
14 owner = "letsencrypt";
15 repo = "boulder";
16 rev = "release-${version}";
17 leaveDotGit = true;
18 postFetch = ''
19 pushd $out
20 git rev-parse --short=8 HEAD 2>/dev/null >$out/COMMIT
21 find $out -name .git -print0 | xargs -0 rm -rf
22 popd
23 '';
24 hash = "sha256-mIUT9qVBPWrL0ySORwgEH6azaQmzMCl7ha/eYRtvAg4=";
25 };
27 vendorHash = null;
29 subPackages = [ "cmd/boulder" ];
31 ldflags = [
32 "-s"
33 "-w"
34 "-X github.com/letsencrypt/boulder/core.BuildHost=nixbld@localhost"
35 ];
37 preBuild = ''
38 ldflags+=" -X \"github.com/letsencrypt/boulder/core.BuildID=${version} +$(cat COMMIT)\""
39 ldflags+=" -X \"github.com/letsencrypt/boulder/core.BuildTime=$(date -u -d @0)\""
40 '';
42 preCheck = ''
43 # Test all targets.
44 unset subPackages
45 '';
47 # Tests that fail or require additional services.
48 disabledTests = [
49 "TestARI"
50 "TestAccount"
51 "TestAddBlockedKeyUnknownSource"
52 "TestAddCertificate"
53 "TestAddCertificateDuplicate"
54 "TestAddCertificateRenewalBit"
55 "TestAddPreCertificateDuplicate"
56 "TestAddPrecertificate"
57 "TestAddPrecertificateIncomplete"
58 "TestAddPrecertificateKeyHash"
59 "TestAddPrecertificateNoOCSP"
60 "TestAddRegistration"
61 "TestAddSerial"
62 "TestAdministrativelyRevokeCertificate"
63 "TestAuthorization500"
64 "TestAuthorizationChallengeNamespace"
65 "TestAuthzFailedRateLimitingNewOrder"
66 "TestAutoIncrementSchema"
67 "TestBadNonce"
68 "TestBlockedKey"
69 "TestBlockedKeyRevokedBy"
70 "TestBuildID"
71 "TestCTPolicyMeasurements"
72 "TestCertIsRenewed"
73 "TestCertificateAbsent"
74 "TestCertificateKeyNotEqualAccountKey"
75 "TestCertificatesTableContainsDuplicateSerials"
76 "TestCertsPerNameRateLimitTable"
77 "TestChallenge"
78 "TestCheckCert"
79 "TestCheckCert"
80 "TestCheckCertReturnsDNSNames"
81 "TestCheckCertReturnsDNSNames"
82 "TestCheckExactCertificateLimit"
83 "TestCheckFQDNSetRateLimitOverride"
84 "TestCheckWildcardCert"
85 "TestCheckWildcardCert"
86 "TestClientTransportCredentials"
87 "TestContactAuditor"
88 "TestCountCertificatesByNamesParallel"
89 "TestCountCertificatesByNamesTimeRange"
90 "TestCountCertificatesRenewalBit"
91 "TestCountInvalidAuthorizations2"
92 "TestCountNewOrderWithReplaces"
93 "TestCountOrders"
94 "TestCountPendingAuthorizations2"
95 "TestCountRegistrationsByIP"
96 "TestCountRegistrationsByIPRange"
97 "TestDbSettings"
98 "TestDeactivateAccount"
99 "TestDeactivateAuthorization"
100 "TestDeactivateRegistration"
101 "TestDedupOnRegistration"
102 "TestDirectory"
103 "TestDontFindRevokedCert"
104 "TestEarlyOrderRateLimiting"
105 "TestEmptyAccount"
106 "TestEnforceJWSAuthType"
107 "TestExactPublicSuffixCertLimit"
108 "TestExtractJWK"
109 "TestFQDNSetTimestampsForWindow"
110 "TestFQDNSets"
111 "TestFQDNSetsExists"
112 "TestFailExit"
113 "TestFasterGetOrderForNames"
114 "TestFinalizeAuthorization2"
115 "TestFinalizeOrder"
116 "TestFinalizeOrderWildcard"
117 "TestFinalizeOrderWithMixedSANAndCN"
118 "TestFinalizeSCTError"
119 "TestFindCertsAtCapacity"
120 "TestFindExpiringCertificates"
121 "TestFindIDs"
122 "TestFindIDsForHostnames"
123 "TestFindIDsWithExampleHostnames"
124 "TestFindUnrevoked"
125 "TestFindUnrevokedNoRows"
126 "TestGETAPIAuthz"
127 "TestGETAPIChallenge"
128 "TestGenerateOCSP"
129 "TestGenerateOCSPLongExpiredSerial"
130 "TestGenerateOCSPUnknownSerial"
131 "TestGetAndProcessCerts"
132 "TestGetAndProcessCerts"
133 "TestGetAuthorization"
134 "TestGetAuthorization2NoRows"
135 "TestGetAuthorizations2"
136 "TestGetCertificate"
137 "TestGetCertificateHEADHasCorrectBodyLength"
138 "TestGetCertificateNew"
139 "TestGetCertificateServerError"
140 "TestGetCertsEmptyResults"
141 "TestGetCertsEmptyResults"
142 "TestGetChallenge"
143 "TestGetChallengeUpRel"
144 "TestGetMaxExpiration"
145 "TestGetOrder"
146 "TestGetOrderExpired"
147 "TestGetOrderForNames"
148 "TestGetPendingAuthorization2"
149 "TestGetRevokedCerts"
150 "TestGetSerialMetadata"
151 "TestGetSerialsByAccount"
152 "TestGetSerialsByKey"
153 "TestGetStartingID"
154 "TestGetValidAuthorizations2"
155 "TestGetValidOrderAuthorizations2"
156 "TestHTTPDialTimeout"
157 "TestHTTPMethods"
158 "TestHandleFunc"
159 "TestHeaderBoulderRequester"
160 "TestIgnoredLint"
161 "TestIgnoredLint"
162 "TestIncidentARI"
163 "TestIncidentSerialModel"
164 "TestIncidentsForSerial"
165 "TestIndex"
166 "TestIndexGet404"
167 "TestInvoke"
168 "TestInvokeRevokerHasNoExtantCerts"
169 "TestIssueCertificateAuditLog"
170 "TestIssueCertificateCAACheckLog"
171 "TestIssueCertificateInnerErrs"
172 "TestIssueCertificateInnerWithProfile"
173 "TestIssueCertificateOuter"
174 "TestKeyRollover"
175 "TestKeyRolloverMismatchedJWSURLs"
176 "TestLeaseOldestCRLShard"
177 "TestLeaseSpecificCRLShard"
178 "TestLifetimeOfACert"
179 "TestLimiter_CheckWithLimitOverrides"
180 "TestLimiter_DefaultLimits"
181 "TestLimiter_InitializationViaCheckAndSpend"
182 "TestLimiter_RefundAndReset"
183 "TestLoadFromDB"
184 "TestLookupJWK"
185 "TestMatchJWSURLs"
186 "TestNewAccount"
187 "TestNewAccountNoID"
188 "TestNewAccountWhenAccountHasBeenDeactivated"
189 "TestNewAccountWhenGetRegByKeyFails"
190 "TestNewAccountWhenGetRegByKeyNotFound"
191 "TestNewECDSAAccount"
192 "TestNewLookup"
193 "TestNewLookupWithAllFailingSRV"
194 "TestNewLookupWithOneFailingSRV"
195 "TestNewOrder"
196 "TestNewOrderAuthzReuseSafety"
197 "TestNewOrderCheckFailedAuthorizationsFirst"
198 "TestNewOrderExpiry"
199 "TestNewOrderFailedAuthzRateLimitingExempt"
200 "TestNewOrderMaxNames"
201 "TestNewOrderRateLimiting"
202 "TestNewOrderRateLimitingExempt"
203 "TestNewOrderReplacesSerialCarriesThroughToSA"
204 "TestNewOrderReuse"
205 "TestNewOrderReuseInvalidAuthz"
206 "TestNewOrderWildcard"
207 "TestNewRegistration"
208 "TestNewRegistrationBadKey"
209 "TestNewRegistrationContactsPresent"
210 "TestNewRegistrationNoFieldOverwrite"
211 "TestNewRegistrationRateLimit"
212 "TestNewRegistrationSAFailure"
213 "TestNoContactCertIsNotRenewed"
214 "TestNoContactCertIsRenewed"
215 "TestNoSuchRegistrationErrors"
216 "TestNonceEndpoint"
217 "TestOldTLSInbound"
218 "TestOrderMatchesReplacement"
219 "TestOrderToOrderJSONV2Authorizations"
220 "TestOrderWithOrderModelv1"
221 "TestPOST404"
222 "TestPanicStackTrace"
223 "TestParseJWSRequest"
224 "TestPendingAuthorizationsUnlimited"
225 "TestPerformValidationAlreadyValid"
226 "TestPerformValidationBadChallengeType"
227 "TestPerformValidationExpired"
228 "TestPerformValidationSuccess"
229 "TestPerformValidationVAError"
230 "TestPrepAuthzForDisplay"
231 "TestPreresolvedDialerTimeout"
232 "TestProcessCerts"
233 "TestProcessCertsConnectError"
234 "TestProcessCertsParallel"
235 "TestRecheckCAADates"
236 "TestRecheckCAAEmpty"
237 "TestRecheckCAAFail"
238 "TestRecheckCAAInternalServerError"
239 "TestRecheckCAASuccess"
240 "TestRedisSource_BatchSetAndGet"
241 "TestRedisSource_Ping"
242 "TestRegistrationsPerIPOverrideUsage"
243 "TestRehydrateHostPort"
244 "TestRelativeDirectory"
245 "TestReplicationLagRetries"
246 "TestResolveContacts"
247 "TestRevokeCertByApplicant_Controller"
248 "TestRevokeCertByApplicant_Subscriber"
249 "TestRevokeCertByKey"
250 "TestRevokeCertificate"
251 "TestRevokeCerts"
252 "TestRollback"
253 "TestSPKIHashFromPrivateKey"
254 "TestSPKIHashesFromFile"
255 "TestSelectRegistration"
256 "TestSelectUncheckedRows"
257 "TestSendEarliestCertInfo"
258 "TestSerialsForIncident"
259 "TestSerialsFromFile"
260 "TestSerialsFromPrivateKey"
261 "TestSetAndGet"
262 "TestSetOrderProcessing"
263 "TestSingleton"
264 "TestStart"
265 "TestStatusForOrder"
266 "TestStoreResponse"
267 "TestStrictness"
268 "TestTLSALPN01DialTimeout"
269 "TestTLSConfigLoad"
270 "TestTimeouts"
271 "TestUpdateCRLShard"
272 "TestUpdateChallengeFinalizedAuthz"
273 "TestUpdateChallengeRAError"
274 "TestUpdateChallengesDeleteUnused"
275 "TestUpdateMissingAuthorization"
276 "TestUpdateNowWithAllFailingSRV"
277 "TestUpdateNowWithOneFailingSRV"
278 "TestUpdateRegistrationSame"
279 "TestUpdateRevokedCertificate"
280 "TestValidJWSForKey"
281 "TestValidNonce"
282 "TestValidNonce_NoMatchingBackendFound"
283 "TestValidPOSTAsGETForAccount"
284 "TestValidPOSTForAccount"
285 "TestValidPOSTForAccountSwappedKey"
286 "TestValidPOSTRequest"
287 "TestValidPOSTURL"
288 "TestValidSelfAuthenticatedPOST"
289 "TestValidSelfAuthenticatedPOSTGoodKeyErrors"
290 "TestValidateContacts"
291 "TestWrappedMap"
292 "Test_sendError"
293 ];
295 checkFlags = [
296 "-skip ${lib.strings.concatStringsSep "|" disabledTests}"
297 ];
299 postInstall = ''
300 for i in $($out/bin/boulder --list); do
301 ln -s $out/bin/boulder $out/bin/$i
302 done
303 '';
305 passthru.tests.version = testers.testVersion {
306 package = boulder;
307 inherit version;
308 };
310 meta = with lib; {
311 homepage = "https://github.com/letsencrypt/boulder";
312 description = "ACME-based certificate authority, written in Go";
313 longDescription = ''
314 This is an implementation of an ACME-based CA. The ACME protocol allows
315 the CA to automatically verify that an applicant for a certificate
316 actually controls an identifier, and allows domain holders to issue and
317 revoke certificates for their domains. Boulder is the software that runs
318 Let's Encrypt.
319 '';
320 license = licenses.mpl20;
321 mainProgram = "boulder";
322 maintainers = with maintainers; [ azahi ];
323 };
324 }