tjh.dev
nixpkgs mirror (for testing)
github.com/NixOS/nixpkgs
nix
1{
2 lib,
3 fetchFromGitHub,
4 buildGoModule,
5 testers,
6 boulder,
7 nix-update-script,
8}:
9
10buildGoModule rec {
11 pname = "boulder";
12 version = "2025-04-17";
13
14 src = fetchFromGitHub {
15 owner = "letsencrypt";
16 repo = "boulder";
17 tag = "release-${version}";
18 leaveDotGit = true;
19 postFetch = ''
20 pushd $out
21 git rev-parse --short=8 HEAD 2>/dev/null >$out/COMMIT
22 find $out -name .git -print0 | xargs -0 rm -rf
23 popd
24 '';
25 hash = "sha256-FXk+JZJ1azpgN6IQ9aYmpUEO1CGs9/3sog1NjrfB4d8=";
26 };
27
28 vendorHash = null;
29
30 subPackages = [ "cmd/boulder" ];
31
32 ldflags = [
33 "-s"
34 "-w"
35 "-X github.com/letsencrypt/boulder/core.BuildHost=nixbld@localhost"
36 ];
37
38 preBuild = ''
39 ldflags+=" -X \"github.com/letsencrypt/boulder/core.BuildID=${version} +$(cat COMMIT)\""
40 ldflags+=" -X \"github.com/letsencrypt/boulder/core.BuildTime=$(date -u -d @0)\""
41 '';
42
43 preCheck = ''
44 # Test all targets.
45 unset subPackages
46 '';
47
48 # Tests that fail or require additional services.
49 disabledTests = [
50 "TestARI"
51 "TestAccount"
52 "TestAddBlockedKeyUnknownSource"
53 "TestAddCertificate"
54 "TestAddCertificateDuplicate"
55 "TestAddCertificateRenewalBit"
56 "TestAddPreCertificateDuplicate"
57 "TestAddPrecertificate"
58 "TestAddPrecertificateIncomplete"
59 "TestAddPrecertificateKeyHash"
60 "TestAddPrecertificateNoOCSP"
61 "TestAddRegistration"
62 "TestAddReplacementOrder"
63 "TestAddSerial"
64 "TestAdministrativelyRevokeCertificate"
65 "TestAuthorization500"
66 "TestAuthorizationChallengeNamespace"
67 "TestAuthzFailedRateLimitingNewOrder"
68 "TestAutoIncrementSchema"
69 "TestBadNonce"
70 "TestBlockedKey"
71 "TestBlockedKeyRevokedBy"
72 "TestBuildID"
73 "TestCTPolicyMeasurements"
74 "TestCertIsRenewed"
75 "TestCertificateAbsent"
76 "TestCertificateKeyNotEqualAccountKey"
77 "TestCertificatesTableContainsDuplicateSerials"
78 "TestCertsPerNameRateLimitTable"
79 "TestChallenge"
80 "TestCheckCert"
81 "TestCheckCert"
82 "TestCheckCertReturnsDNSNames"
83 "TestCheckCertReturnsDNSNames"
84 "TestCheckExactCertificateLimit"
85 "TestCheckFQDNSetRateLimitOverride"
86 "TestCheckIdentifiersPaused"
87 "TestCheckWildcardCert"
88 "TestCheckWildcardCert"
89 "TestClientTransportCredentials"
90 "TestContactAuditor"
91 "TestCountCertificatesByNamesParallel"
92 "TestCountCertificatesByNamesTimeRange"
93 "TestCountCertificatesRenewalBit"
94 "TestCountInvalidAuthorizations2"
95 "TestCountNewOrderWithReplaces"
96 "TestCountOrders"
97 "TestCountPendingAuthorizations2"
98 "TestCountRegistrationsByIP"
99 "TestCountRegistrationsByIPRange"
100 "TestDbSettings"
101 "TestDeactivateAccount"
102 "TestDeactivateAuthorization"
103 "TestDeactivateRegistration"
104 "TestDedupOnRegistration"
105 "TestDialerTimeout"
106 "TestDirectory"
107 "TestDontFindRevokedCert"
108 "TestEarlyOrderRateLimiting"
109 "TestEmptyAccount"
110 "TestEnforceJWSAuthType"
111 "TestExactPublicSuffixCertLimit"
112 "TestExtractJWK"
113 "TestFQDNSetExists"
114 "TestFQDNSetTimestampsForWindow"
115 "TestFQDNSets"
116 "TestFQDNSetsExists"
117 "TestFQDNSetsExists"
118 "TestFailExit"
119 "TestFasterGetOrderForNames"
120 "TestFinalizeAuthorization2"
121 "TestFinalizeOrder"
122 "TestFinalizeOrderWildcard"
123 "TestFinalizeOrderWithMixedSANAndCN"
124 "TestFinalizeSCTError"
125 "TestFinalizeWithMustStaple"
126 "TestFindCertsAtCapacity"
127 "TestFindExpiringCertificates"
128 "TestFindIDs"
129 "TestFindIDsForHostnames"
130 "TestFindIDsWithExampleHostnames"
131 "TestFindUnrevoked"
132 "TestFindUnrevokedNoRows"
133 "TestGETAPIAuthz"
134 "TestGETAPIChallenge"
135 "TestGenerateOCSP"
136 "TestGenerateOCSPLongExpiredSerial"
137 "TestGenerateOCSPUnknownSerial"
138 "TestGetAndProcessCerts"
139 "TestGetAndProcessCerts"
140 "TestGetAuthorization"
141 "TestGetAuthorization2NoRows"
142 "TestGetAuthorizations2"
143 "TestGetCertificate"
144 "TestGetCertificateHEADHasCorrectBodyLength"
145 "TestGetCertificateNew"
146 "TestGetCertificateServerError"
147 "TestGetCertsEmptyResults"
148 "TestGetCertsEmptyResults"
149 "TestGetChallenge"
150 "TestGetChallengeUpRel"
151 "TestGetMaxExpiration"
152 "TestGetOrder"
153 "TestGetOrderExpired"
154 "TestGetOrderForNames"
155 "TestGetPausedIdentifiers"
156 "TestGetPausedIdentifiersOnlyUnpausesOneAccount"
157 "TestGetPendingAuthorization2"
158 "TestGetRevokedCerts"
159 "TestGetSerialMetadata"
160 "TestGetSerialsByAccount"
161 "TestGetSerialsByKey"
162 "TestGetStartingID"
163 "TestGetValidAuthorizations2"
164 "TestGetValidOrderAuthorizations2"
165 "TestHTTPDialTimeout"
166 "TestHTTPMethods"
167 "TestHandleFunc"
168 "TestHeaderBoulderRequester"
169 "TestIgnoredLint"
170 "TestIgnoredLint"
171 "TestIncidentARI"
172 "TestIncidentSerialModel"
173 "TestIncidentsForSerial"
174 "TestIndex"
175 "TestIndexGet404"
176 "TestInvoke"
177 "TestInvokeRevokerHasNoExtantCerts"
178 "TestIssueCertificateAuditLog"
179 "TestIssueCertificateCAACheckLog"
180 "TestIssueCertificateInnerErrs"
181 "TestIssueCertificateInnerWithProfile"
182 "TestIssueCertificateOuter"
183 "TestKeyRollover"
184 "TestKeyRolloverMismatchedJWSURLs"
185 "TestLeaseOldestCRLShard"
186 "TestLeaseSpecificCRLShard"
187 "TestLifetimeOfACert"
188 "TestLimiter_CheckWithLimitOverrides"
189 "TestLimiter_DefaultLimits"
190 "TestLimiter_InitializationViaCheckAndSpend"
191 "TestLimiter_RefundAndReset"
192 "TestLoadFromDB"
193 "TestLookupJWK"
194 "TestMatchJWSURLs"
195 "TestNewAccount"
196 "TestNewAccountNoID"
197 "TestNewAccountWhenAccountHasBeenDeactivated"
198 "TestNewAccountWhenGetRegByKeyFails"
199 "TestNewAccountWhenGetRegByKeyNotFound"
200 "TestNewECDSAAccount"
201 "TestNewLookup"
202 "TestNewLookupWithAllFailingSRV"
203 "TestNewLookupWithOneFailingSRV"
204 "TestNewOrder"
205 "TestNewOrderAuthzReuseSafety"
206 "TestNewOrderCheckFailedAuthorizationsFirst"
207 "TestNewOrderExpiry"
208 "TestNewOrderFailedAuthzRateLimitingExempt"
209 "TestNewOrderMaxNames"
210 "TestNewOrderRateLimiting"
211 "TestNewOrderRateLimitingExempt"
212 "TestNewOrderReplacesSerialCarriesThroughToSA"
213 "TestNewOrderReuse"
214 "TestNewOrderReuseInvalidAuthz"
215 "TestNewOrderWildcard"
216 "TestNewRegistration"
217 "TestNewRegistrationBadKey"
218 "TestNewRegistrationContactsPresent"
219 "TestNewRegistrationNoFieldOverwrite"
220 "TestNewRegistrationRateLimit"
221 "TestNewRegistrationSAFailure"
222 "TestNoContactCertIsNotRenewed"
223 "TestNoContactCertIsRenewed"
224 "TestNoSuchRegistrationErrors"
225 "TestNonceEndpoint"
226 "TestOldTLSInbound"
227 "TestOrderMatchesReplacement"
228 "TestOrderToOrderJSONV2Authorizations"
229 "TestOrderWithOrderModelv1"
230 "TestPOST404"
231 "TestPanicStackTrace"
232 "TestParseJWSRequest"
233 "TestPauseIdentifiers"
234 "TestPendingAuthorizationsUnlimited"
235 "TestPerformValidationAlreadyValid"
236 "TestPerformValidationBadChallengeType"
237 "TestPerformValidationExpired"
238 "TestPerformValidationSuccess"
239 "TestPerformValidationVAError"
240 "TestPerformValidation_FailedThenSuccessfulValidationResetsPauseIdentifiersRatelimit"
241 "TestPerformValidation_FailedValidationsTriggerPauseIdentifiersRatelimit"
242 "TestPrepAuthzForDisplay"
243 "TestPreresolvedDialerTimeout"
244 "TestProcessCerts"
245 "TestProcessCertsConnectError"
246 "TestProcessCertsParallel"
247 "TestRecheckCAADates"
248 "TestRecheckCAAEmpty"
249 "TestRecheckCAAFail"
250 "TestRecheckCAAInternalServerError"
251 "TestRecheckCAASuccess"
252 "TestRedisSource_BatchSetAndGet"
253 "TestRedisSource_Ping"
254 "TestRegistrationsPerIPOverrideUsage"
255 "TestRehydrateHostPort"
256 "TestRelativeDirectory"
257 "TestReplacementOrderExists"
258 "TestReplicationLagRetries"
259 "TestResolveContacts"
260 "TestRevokeCertByApplicant_Controller"
261 "TestRevokeCertByApplicant_Subscriber"
262 "TestRevokeCertByKey"
263 "TestRevokeCertificate"
264 "TestRevokeCerts"
265 "TestRollback"
266 "TestSPKIHashFromPrivateKey"
267 "TestSPKIHashesFromFile"
268 "TestSelectRegistration"
269 "TestSelectUncheckedRows"
270 "TestSendEarliestCertInfo"
271 "TestSerialsForIncident"
272 "TestSerialsFromFile"
273 "TestSerialsFromPrivateKey"
274 "TestSetAndGet"
275 "TestSetOrderProcessing"
276 "TestSetReplacementOrderFinalized"
277 "TestSingleton"
278 "TestStart"
279 "TestStatusForOrder"
280 "TestStoreResponse"
281 "TestStrictness"
282 "TestTLSALPN01DialTimeout"
283 "TestTLSConfigLoad"
284 "TestTimeouts"
285 "TestUnpauseAccount"
286 "TestUpdateCRLShard"
287 "TestUpdateChallengeFinalizedAuthz"
288 "TestUpdateChallengeRAError"
289 "TestUpdateChallengesDeleteUnused"
290 "TestUpdateMissingAuthorization"
291 "TestUpdateNowWithAllFailingSRV"
292 "TestUpdateNowWithOneFailingSRV"
293 "TestUpdateRegistrationContact"
294 "TestUpdateRegistrationKey"
295 "TestUpdateRegistrationSame"
296 "TestUpdateRevokedCertificate"
297 "TestValidJWSForKey"
298 "TestValidNonce"
299 "TestValidNonce_NoMatchingBackendFound"
300 "TestValidPOSTAsGETForAccount"
301 "TestValidPOSTForAccount"
302 "TestValidPOSTForAccountSwappedKey"
303 "TestValidPOSTRequest"
304 "TestValidPOSTURL"
305 "TestValidSelfAuthenticatedPOST"
306 "TestValidSelfAuthenticatedPOSTGoodKeyErrors"
307 "TestValidateContacts"
308 "TestWrappedMap"
309 "Test_sendError"
310 ];
311
312 checkFlags = [
313 "-skip ${lib.strings.concatStringsSep "|" disabledTests}"
314 ];
315
316 postInstall = ''
317 for i in $($out/bin/boulder --list); do
318 ln -s $out/bin/boulder $out/bin/$i
319 done
320 '';
321
322 passthru = {
323 tests.version = testers.testVersion {
324 package = boulder;
325 inherit version;
326 };
327 updateScript = nix-update-script { };
328 };
329
330 meta = {
331 homepage = "https://github.com/letsencrypt/boulder";
332 description = "ACME-based certificate authority, written in Go";
333 longDescription = ''
334 This is an implementation of an ACME-based CA. The ACME protocol allows
335 the CA to automatically verify that an applicant for a certificate
336 actually controls an identifier, and allows domain holders to issue and
337 revoke certificates for their domains. Boulder is the software that runs
338 Let's Encrypt.
339 '';
340 license = lib.licenses.mpl20;
341 mainProgram = "boulder";
342 maintainers = [ ];
343 };
344}