Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run pkilint in integration tests #7430

Closed
aarongable opened this issue Apr 15, 2024 · 0 comments · Fixed by #7441
Closed

Run pkilint in integration tests #7430

aarongable opened this issue Apr 15, 2024 · 0 comments · Fixed by #7441
Assignees
@aarongable
Milestone
Sprint 2024-04-23

Comments

@aarongable
Copy link
Contributor

pkilint is a newish linter which has a acquired a reputation of catching things that zlint doesn't. It is written in python, and very slow, so we don't want to run it during our actual pre-issuance lints if we can possibly avoid it. Instead, let's run it during our integration tests, to ensure that the certificates and CRLs produced by Boulder pass all of the pkilint checks.
@aarongable aarongable added this to the Sprint 2024-04-16 milestone Apr 16, 2024
@aarongable aarongable self-assigned this Apr 16, 2024
@aarongable aarongable mentioned this issue Apr 18, 2024
Merged
aarongable added a commit that referenced this issue Apr 30, 2024
@aarongable
Add pkilint to CI via custom zlint (#7441)
939ac1b 
Add a new "LintConfig" item to the CA's config, which can point to a
zlint configuration toml file. This allows lints to be configured, e.g.
to control the number of rounds of factorization performed by the Fermat
factorization lint.

Leverage this new config to create a new custom zlint which calls out to
a configured pkilint API endpoint. In config-next integration tests,
configure the lint to point at a new pkilint docker container.

This approach has three nice forward-looking features: we now have the
ability to configure any of our lints; it's easy to expand this
mechanism to lint CRLs when the pkilint API has support for that; and
it's easy to enable this new lint if we decide to stand up a pkilint
container in our production environment.

No production configuration changes are necessary at this time.

Fixes #7430
vbaranovskiy-plesk pushed a commit to plesk/boulder that referenced this issue May 30, 2024
@aarongable
Add pkilint to CI via custom zlint (letsencrypt#7441)
04ffdec 
Add a new "LintConfig" item to the CA's config, which can point to a
zlint configuration toml file. This allows lints to be configured, e.g.
to control the number of rounds of factorization performed by the Fermat
factorization lint.

Leverage this new config to create a new custom zlint which calls out to
a configured pkilint API endpoint. In config-next integration tests,
configure the lint to point at a new pkilint docker container.

This approach has three nice forward-looking features: we now have the
ability to configure any of our lints; it's easy to expand this
mechanism to lint CRLs when the pkilint API has support for that; and
it's easy to enable this new lint if we decide to stand up a pkilint
container in our production environment.

No production configuration changes are necessary at this time.

Fixes letsencrypt#7430
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aarongable aarongable

Labels
None yet
Projects
None yet
Milestone
Sprint 2024-04-23
Development

Successfully merging a pull request may close this issue.

Add pkilint to CI via custom zlint letsencrypt/boulder
1 participant
@aarongable