Fix provisioning boulder after changes by the LE team.

Vagrantfile

@@ -21,8 +21,8 @@ ENVS = {
 
 Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 
-    config.hostmanager.enabled = true
-    config.hostmanager.manage_host = true
+    #config.hostmanager.enabled = true
+    #config.hostmanager.manage_host = true
     config.vbguest.auto_update = true
     config.vbguest.no_remote = false
 

greenhost.patch

@@ -1,52 +0,0 @@
-diff --git a/test/config/va.json b/test/config/va.json
-index f3e64ee..1136e98 100644
---- a/test/config/va.json
-+++ b/test/config/va.json
-@@ -4,8 +4,8 @@
-     "userAgent": "boulder",
-     "debugAddr": ":8004",
-     "portConfig": {
--      "httpPort": 5002,
--      "httpsPort": 5001,
-+      "httpPort": 80,
-+      "httpsPort": 443,
-       "tlsPort": 5001
-     },
-     "lookupIPV6": true,
-diff --git a/test/rate-limit-policies.yml b/test/rate-limit-policies.yml
-index 41aadd3..28198b1 100644
---- a/test/rate-limit-policies.yml
-+++ b/test/rate-limit-policies.yml
-@@ -4,7 +4,7 @@ totalCertificates:
-   threshold: 100000
- certificatesPerName:
-   window: 2160h
--  threshold: 2
-+  threshold: 1000
-   overrides:
-     ratelimit.me: 1
-     lim.it: 0
-@@ -27,10 +27,10 @@ registrationsPerIP:
-     127.0.0.1: 1000000
- pendingAuthorizationsPerAccount:
-   window: 168h # 1 week, should match pending authorization lifetime.
--  threshold: 3
-+  threshold: 1000
- certificatesPerFQDNSet:
-   window: 24h
--  threshold: 5
-+  threshold: 1000
-   overrides:
-     le.wtf: 10000
-     le1.wtf: 10000
-diff --git a/test/test-ca.key-pkcs11.json b/test/test-ca.key-pkcs11.json
-index b7a44f5..40cc685 100644
---- a/test/test-ca.key-pkcs11.json
-+++ b/test/test-ca.key-pkcs11.json
-@@ -1,5 +1,5 @@
- {
--    "module": "/usr/local/lib/libpkcs11-proxy.so",
-+    "module": "/usr/lib/softhsm/libsofthsm.so",
-     "tokenLabel": "intermediate",
-     "pin": "5678",
-     "privateKeyLabel": "intermediate_key"

hsmpatch.py

@@ -0,0 +1,90 @@
+#!/usr/bin/env python2
+"""
+Patch the HSM config file to set correct settings for use with a Vagrant
+development setup.
+
+Note: this used to be a simple patch file but since the format changed, it
+seems better to parse the file, change the json object and dump it back to the
+file.
+"""
+import simplejson as json
+import yaml
+import sys
+import os.path
+
+MAX_RECURSION = 100
+
+PATCHES = {
+    "test/config/va.json": {
+        "va": {
+            "portConfig": {
+                "httpPort": 80,
+                "httpsPort": 443
+            }
+        }
+    },
+    "test/rate-limit-policies.yml": {
+        "certificatesPerName": {
+            "threshold": 1000
+        },
+        "certificatesPerFQDNSet": {
+            "threshold": 1000
+        }
+    },
+    "test/test-ca.key-pkcs11.json": {
+        "module": "/usr/lib/softhsm/libsofthsm.so",
+    }
+}
+
+
+def recursive_update(old_obj, new_obj, depth=0):
+    if depth > MAX_RECURSION:
+        raise RuntimeError("Maximum recursion level reached.")
+
+    if isinstance(new_obj, dict):
+        for key, value in new_obj.items():
+            old_obj[key] = recursive_update(
+                old_obj[key], new_obj[key], depth+1)
+    elif isinstance(new_obj, (list, tuple)):
+        # Merge lists/tuples.
+        old_obj = old_obj + new_obj
+    else:
+        # Set strings, integers, etc. and set() so arrays can be
+        # overridden.
+        old_obj = new_obj
+    return old_obj
+
+
+def patch_yaml(file, obj):
+    with open(file, "r") as fp:
+        yaml_obj = yaml.load(fp)
+        yaml_obj = recursive_update(yaml_obj, obj)
+    with open(file, "w") as fp:
+        yaml.dump(yaml_obj, fp, default_flow_style=False)
+
+
+def patch_json(file, obj):
+    with open(file, "r") as fp:
+        json_obj = json.load(fp)
+        json_obj = recursive_update(json_obj, obj)
+    with open(file, "w") as fp:
+        json.dump(json_obj, fp, indent=4)
+
+
+if __name__ == '__main__':
+    try:
+        for patch_file, patch_obj in PATCHES.items():
+            _, file_extension = os.path.splitext(patch_file)
+            if file_extension in (".yml", ".yaml"):
+                patch_yaml(patch_file, patch_obj)
+            elif file_extension in (".json", ".js"):
+                patch_json(patch_file, patch_obj)
+            else:
+                raise NotImplementedError(
+                    "Can't patch files with %s extension" % file_extension)
+            print("Patched {}".format(os.path.abspath(patch_file)))
+
+    except (OSError, IOError), exc:
+        print(
+            "Failed to patch the HSM for development, reason: {}".format(exc))
+        sys.exit(1)

provisioning_server.sh

@@ -89,7 +89,7 @@ go get bitbucket.org/liamstask/goose/cmd/goose
 go get -d github.com/letsencrypt/boulder/...
 
 # Enter the boulder directory
-cd /gopath/src/github.com/letsencrypt/boulder
+cd $GOPATH/src/github.com/letsencrypt/boulder
 
 # Install alle dependencies
 godep restore
@@ -107,7 +107,8 @@ fi
 
 # Change pkcs to softhsm and IP to 192.168.33.111 and set high thresholds for rate limiting
 if grep -Fq "/usr/local/lib/libpkcs11-proxy.so" test/test-ca.key-pkcs11.json; then
-    git apply /boulder/greenhost.patch
+    pip install simplejson pyyaml
+    /boulder/hsmpatch.py
 fi
 
 cat <<EOF > /etc/nginx/sites-available/wfe