bullion 0.10.3 → 0.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9a737e0d1993b367c9166a9532835ff440c1b73ee2f32ed00911de3223088bbd
-  data.tar.gz: cfc77406aa3ecd9ed8baf0a2df139cd55088640bf3d4209479af14d7116ef49a
+  metadata.gz: 95d9b8437f39397499aaa73d1b9abf932930ab46a29ac5f08d5ab2533b0c0b83
+  data.tar.gz: 78ca06dc463ffffd5e274bee516196d8cbaefe759b413fa5670fedc247c7c9a8
 SHA512:
-  metadata.gz: aa1baf722ec612144cbd7fa4d440c938590d3f9e5bb11d48cd1474c54b127994fbe7d47ca6508cd0f4d330d68093e818c5da146e942a8358edde2f218bb3cf85
-  data.tar.gz: 14b11cbeca6044a196416963ce44456ae8db92afa377c2d24b1cb3bf90f0cd97c4ccf2f53bff47142128de12d1744658925d85784507006a74f84f972ee13407
+  metadata.gz: '02358422a89125d538c4eb8b5c16d875121525658c11988209cc3bd8581c4cf8a7782d37a70ae2498a3d24e4e28015320d65e2d17285e14dce9f94ea09d69063'
+  data.tar.gz: 6d927f92fdd653b044bff00f9683f57a026e1cbd504867dd89b1061cbe92219f0da11612af700d6044c90d99accb588ba19e517875547fe039173683245517e8

data/.release-please-manifest.json

@@ -1,3 +1,3 @@
 {
-  ".": "0.10.3"
+  ".": "0.11.0"
 }

data/CHANGELOG.md

@@ -1,5 +1,16 @@
 # Changelog
 
+## [0.11.0](https://github.com/jgnagy/bullion/compare/bullion/v0.10.3...bullion/v0.11.0) (2025-08-23)
+
+
+### ⚠ BREAKING CHANGES
+
+* **db:** switch to Trilogy, update db indexes
+
+### Features
+
+* **db:** switch to Trilogy, update db indexes ([42b90b5](https://github.com/jgnagy/bullion/commit/42b90b5977cd497b46654ecf17085715fa6db080))
+
 ## [0.10.3](https://github.com/jgnagy/bullion/compare/bullion/v0.10.2...bullion/v0.10.3) (2025-08-23)
 
 

data/Gemfile.lock

@@ -1,25 +1,25 @@
 PATH
   remote: .
   specs:
-    bullion (0.10.3)
+    bullion (0.11.0)
       benchmark (~> 0.4)
       dry-configurable (~> 1.1)
       httparty (~> 0.21)
       itsi (~> 0.2)
       json (~> 2.6)
       jwt (~> 2.7)
-      mysql2 (~> 0.5)
       openssl (~> 3.0)
       prometheus-client (~> 4.2)
       sinatra (~> 3.1)
       sinatra-activerecord (~> 2.0)
       sinatra-contrib (~> 3.1)
       sqlite3 (~> 2.7)
+      trilogy (~> 2.9)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    acme-client (2.0.22)
+    acme-client (2.0.25)
       base64 (~> 0.2)
       faraday (>= 1.0, < 3.0.0)
       faraday-retry (>= 1.0, < 3.0.0)
@@ -61,7 +61,7 @@ GEM
       concurrent-ruby (~> 1.0)
       logger
       zeitwerk (~> 2.6)
-    faraday (2.13.2)
+    faraday (2.13.4)
       faraday-net_http (>= 2.0, < 3.5)
       json
       logger
@@ -75,18 +75,18 @@ GEM
       multi_xml (>= 0.5.2)
     i18n (1.14.7)
       concurrent-ruby (~> 1.0)
-    itsi (0.2.18)
-      itsi-scheduler (~> 0.2.18)
-      itsi-server (~> 0.2.18)
-    itsi-scheduler (0.2.18)
+    itsi (0.2.19)
+      itsi-scheduler (~> 0.2.19)
+      itsi-server (~> 0.2.19)
+    itsi-scheduler (0.2.19)
       rb_sys (~> 0.9.91)
-    itsi-server (0.2.18)
+    itsi-server (0.2.19)
       json (~> 2)
       prism (~> 1.4)
       rack (>= 1.6)
       rb_sys (~> 0.9.91)
     jaro_winkler (1.6.1)
-    json (2.12.2)
+    json (2.13.2)
     jwt (2.10.2)
       base64
     kramdown (2.5.1)
@@ -98,39 +98,38 @@ GEM
     logger (1.7.0)
     mini_mime (1.1.5)
     minitest (5.25.5)
-    multi_json (1.15.0)
+    multi_json (1.17.0)
     multi_xml (0.7.2)
       bigdecimal (~> 3.1)
-    mustermann (3.0.3)
+    mustermann (3.0.4)
       ruby2_keywords (~> 0.0.1)
-    mysql2 (0.5.6)
     net-http (0.6.0)
       uri
-    nokogiri (1.18.8-aarch64-linux-gnu)
+    nokogiri (1.18.9-aarch64-linux-gnu)
       racc (~> 1.4)
-    nokogiri (1.18.8-aarch64-linux-musl)
+    nokogiri (1.18.9-aarch64-linux-musl)
       racc (~> 1.4)
-    nokogiri (1.18.8-arm-linux-gnu)
+    nokogiri (1.18.9-arm-linux-gnu)
       racc (~> 1.4)
-    nokogiri (1.18.8-arm-linux-musl)
+    nokogiri (1.18.9-arm-linux-musl)
       racc (~> 1.4)
-    nokogiri (1.18.8-arm64-darwin)
+    nokogiri (1.18.9-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.18.8-x86_64-darwin)
+    nokogiri (1.18.9-x86_64-darwin)
       racc (~> 1.4)
-    nokogiri (1.18.8-x86_64-linux-gnu)
+    nokogiri (1.18.9-x86_64-linux-gnu)
       racc (~> 1.4)
-    nokogiri (1.18.8-x86_64-linux-musl)
+    nokogiri (1.18.9-x86_64-linux-musl)
       racc (~> 1.4)
     observer (0.1.2)
     openssl (3.3.0)
-    ostruct (0.6.2)
+    ostruct (0.6.3)
     parallel (1.27.0)
-    parser (3.3.8.0)
+    parser (3.3.9.0)
       ast (~> 2.4.1)
       racc
     prism (1.4.0)
-    prometheus-client (4.2.4)
+    prometheus-client (4.2.5)
       base64
     racc (1.8.1)
     rack (2.2.17)
@@ -142,11 +141,11 @@ GEM
     rainbow (3.1.1)
     rake (13.3.0)
     rake-compiler-dock (1.9.1)
-    rb_sys (0.9.116)
+    rb_sys (0.9.117)
       rake-compiler-dock (= 1.9.1)
     rbs (3.9.4)
       logger
-    regexp_parser (2.10.0)
+    regexp_parser (2.11.2)
     reverse_markdown (3.0.0)
       nokogiri
     rexml (3.4.1)
@@ -162,8 +161,8 @@ GEM
     rspec-mocks (3.13.5)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-support (3.13.4)
-    rubocop (1.77.0)
+    rspec-support (3.13.5)
+    rubocop (1.80.0)
       json (~> 2.3)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.1.0)
@@ -171,10 +170,10 @@ GEM
       parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 2.9.3, < 3.0)
-      rubocop-ast (>= 1.45.1, < 2.0)
+      rubocop-ast (>= 1.46.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 4.0)
-    rubocop-ast (1.45.1)
+    rubocop-ast (1.46.0)
       parser (>= 3.3.7.2)
       prism (~> 1.4)
     rubocop-rake (0.7.1)
@@ -193,7 +192,7 @@ GEM
     simplecov-cobertura (2.1.0)
       rexml
       simplecov (~> 0.19)
-    simplecov-html (0.13.1)
+    simplecov-html (0.13.2)
     simplecov_json_formatter (0.1.4)
     sinatra (3.2.0)
       mustermann (~> 3.0)
@@ -229,20 +228,21 @@ GEM
       tilt (~> 2.0)
       yard (~> 0.9, >= 0.9.24)
       yard-solargraph (~> 0.1)
-    sqlite3 (2.7.1-aarch64-linux-gnu)
-    sqlite3 (2.7.1-aarch64-linux-musl)
-    sqlite3 (2.7.1-arm-linux-gnu)
-    sqlite3 (2.7.1-arm-linux-musl)
-    sqlite3 (2.7.1-arm64-darwin)
-    sqlite3 (2.7.1-x86_64-darwin)
-    sqlite3 (2.7.1-x86_64-linux-gnu)
-    sqlite3 (2.7.1-x86_64-linux-musl)
-    thor (1.3.2)
-    tilt (2.6.0)
+    sqlite3 (2.7.3-aarch64-linux-gnu)
+    sqlite3 (2.7.3-aarch64-linux-musl)
+    sqlite3 (2.7.3-arm-linux-gnu)
+    sqlite3 (2.7.3-arm-linux-musl)
+    sqlite3 (2.7.3-arm64-darwin)
+    sqlite3 (2.7.3-x86_64-darwin)
+    sqlite3 (2.7.3-x86_64-linux-gnu)
+    sqlite3 (2.7.3-x86_64-linux-musl)
+    thor (1.4.0)
+    tilt (2.6.1)
     timeout (0.4.3)
+    trilogy (2.9.0)
     tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    unicode-display_width (3.1.4)
+    unicode-display_width (3.1.5)
       unicode-emoji (~> 4.0, >= 4.0.4)
     unicode-emoji (4.0.4)
     uri (1.0.3)

data/README.md

@@ -36,7 +36,7 @@ Whether run locally or via Docker, the following environment variables configure
 | `CA_CERT_PATH` | `$CA_DIR/tls.crt` | Public cert for Bullion. If Bullion is an intermediate CA, you'll want to include the root CA's public cert in this file as well the signed cert for Bullion. |
 | `CA_DOMAINS` | `example.com` | A comma-delimited list of domains for which Bullion will sign certificate requests. Subdomains are automatically allowed. Certificates containing other domains will be rejected. |
 | `CERT_VALIDITY_DURATION` | `7776000` | How long should issued certs be valid (in seconds)? Default is 90 days. |
-| `DATABASE_URL` | _None_ | **(Required)** A shorthand for telling Bullion how to connect to a database. Acceptable URLs will either begin with `sqlite3:` or [`mysql2://`](https://github.com/brianmario/mysql2#using-active-records-database_url). |
+| `DATABASE_URL` | _None_ | **(Required)** A shorthand for telling Bullion how to connect to a database. Acceptable URLs will either begin with `sqlite3:` or [`trilogy://`](https://github.com/trilogy-libraries/trilogy/tree/main/contrib/ruby). |
 | `DNS01_NAMESERVERS` | _None_ | A comma-delimited list of nameservers to use for resolving [DNS-01](https://letsencrypt.org/docs/challenge-types/#dns-01-challenge) challenges. Usually you'll want this to be set to your _internal_ nameservers so internal names resolve correctly. When not set, it'll use the host's DNS. |
 | `LOG_LEVEL` | `warn` | Log level for Bullion. Supported levels (starting with the noisiest) are debug, info, warn, error, and fatal. |
 | `BULLION_PORT` | `9292` | TCP port Bullion will listen on. |

data/Rakefile

@@ -62,6 +62,7 @@ end
 
 require "openssl"
 require "sqlite3"
+require "trilogy"
 require "sinatra/activerecord/rake"
 
 namespace :db do

data/bullion.gemspec

@@ -32,13 +32,13 @@ Gem::Specification.new do |spec|
   spec.add_dependency "itsi",                 "~> 0.2"
   spec.add_dependency "json",                 "~> 2.6"
   spec.add_dependency "jwt",                  "~> 2.7"
-  spec.add_dependency "mysql2",               "~> 0.5"
   spec.add_dependency "openssl",              "~> 3.0"
   spec.add_dependency "prometheus-client",    "~> 4.2"
   spec.add_dependency "sinatra",              "~> 3.1"
   spec.add_dependency "sinatra-activerecord", "~> 2.0"
   spec.add_dependency "sinatra-contrib",      "~> 3.1"
   spec.add_dependency "sqlite3",              "~> 2.7"
+  spec.add_dependency "trilogy",              "~> 2.9"
 
   spec.add_development_dependency "acme-client",         "~> 2.0"
   spec.add_development_dependency "bundler",             "~> 2.4"

data/db/migrate/20210104000000_create_accounts.rb

@@ -5,7 +5,7 @@ class CreateAccounts < ActiveRecord::Migration[6.1]
   def change
     create_table :accounts do |t|
       t.boolean :tos_agreed, null: false, default: true, index: true
-      t.text :public_key, null: false, index: { unique: true }
+      t.text :public_key, null: false
       t.text :contacts, null: false
 
       t.timestamps

data/db/migrate/20250823073342_add_public_key_hash_to_accounts.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require "bullion/models/account"
+
+# Adds a public_key_hash column to the accounts table, ensuring uniqueness
+class AddPublicKeyHashToAccounts < ActiveRecord::Migration[8.0]
+  def change
+    add_column :accounts, :public_key_hash, :string, null: false, limit: 44
+    add_index :accounts, :public_key_hash, unique: true
+
+    reversible do |dir|
+      dir.up do
+        say_with_time "Generating public_key_hash for existing accounts" do
+          require "digest"
+
+          Bullion::Models::Account.reset_column_information
+          Bullion::Models::Account.find_each do |account|
+            digest = Digest::SHA256.base64digest(account.public_key.to_json)
+            account.update_column(:public_key_hash, digest)
+          end
+        end
+      end
+    end
+  end
+end

data/db/schema.rb

@@ -10,22 +10,23 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[8.0].define(version: 2021_01_06_060335) do
+ActiveRecord::Schema[8.0].define(version: 2025_08_23_073342) do
   create_table "accounts", force: :cascade do |t|
     t.boolean "tos_agreed", default: true, null: false
     t.text "public_key", null: false
     t.text "contacts", null: false
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
-    t.index ["public_key"], name: "index_accounts_on_public_key", unique: true
+    t.string "public_key_hash", limit: 44, null: false
+    t.index ["public_key_hash"], name: "index_accounts_on_public_key_hash", unique: true
     t.index ["tos_agreed"], name: "index_accounts_on_tos_agreed"
   end
 
   create_table "authorizations", force: :cascade do |t|
     t.string "status", default: "pending", null: false
-    t.datetime "expires", precision: nil, null: false
+    t.datetime "expires", null: false
     t.text "identifier", null: false
-    t.integer "order_id"
+    t.bigint "order_id"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
     t.index ["expires"], name: "index_authorizations_on_expires"
@@ -52,10 +53,10 @@ ActiveRecord::Schema[8.0].define(version: 2021_01_06_060335) do
   create_table "challenges", force: :cascade do |t|
     t.string "acme_type", null: false
     t.string "status", default: "pending", null: false
-    t.datetime "expires", precision: nil, null: false
+    t.datetime "expires", null: false
     t.string "token", null: false
-    t.datetime "validated", precision: nil
-    t.integer "authorization_id"
+    t.datetime "validated"
+    t.bigint "authorization_id"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
     t.index ["acme_type"], name: "index_challenges_on_acme_type"
@@ -73,12 +74,12 @@ ActiveRecord::Schema[8.0].define(version: 2021_01_06_060335) do
 
   create_table "orders", force: :cascade do |t|
     t.string "status", default: "pending", null: false
-    t.datetime "expires", precision: nil, null: false
+    t.datetime "expires", null: false
     t.text "identifiers", null: false
-    t.datetime "not_before", precision: nil, null: false
-    t.datetime "not_after", precision: nil, null: false
-    t.integer "certificate_id"
-    t.integer "account_id"
+    t.datetime "not_before", null: false
+    t.datetime "not_after", null: false
+    t.bigint "certificate_id"
+    t.bigint "account_id"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
     t.index ["account_id"], name: "index_orders_on_account_id"

data/lib/bullion/models/account.rb

@@ -7,10 +7,17 @@ module Bullion
       serialize :contacts, coder: JSON
       serialize :public_key, coder: JSON
 
-      validates_uniqueness_of :public_key
+      validates_uniqueness_of :public_key_hash
 
       has_many :orders
 
+      before_save :generate_public_key_hash
+
+      def generate_public_key_hash
+        digest = Digest::SHA256.base64digest(public_key.to_json)
+        self.public_key_hash = digest
+      end
+
       def kid
         id
       end

data/lib/bullion/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Bullion
-  VERSION = "0.10.3"
+  VERSION = "0.11.0"
 end

data/lib/bullion.rb

@@ -14,7 +14,7 @@ require "dry-configurable"
 require "sinatra/base"
 require "sinatra/contrib"
 require "sinatra/custom_logger"
-require "mysql2"
+require "trilogy"
 require "sinatra/activerecord"
 require "jwt"
 require "prometheus/client"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: bullion
 version: !ruby/object:Gem::Version
-  version: 0.10.3
+  version: 0.11.0
 platform: ruby
 authors:
 - Jonathan Gnagy
@@ -93,20 +93,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.7'
-- !ruby/object:Gem::Dependency
-  name: mysql2
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.5'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.5'
 - !ruby/object:Gem::Dependency
   name: openssl
   requirement: !ruby/object:Gem::Requirement
@@ -191,6 +177,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.7'
+- !ruby/object:Gem::Dependency
+  name: trilogy
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.9'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.9'
 - !ruby/object:Gem::Dependency
   name: acme-client
   requirement: !ruby/object:Gem::Requirement
@@ -406,6 +406,7 @@ files:
 - db/migrate/20210106052306_create_authorizations.rb
 - db/migrate/20210106055421_create_challenges.rb
 - db/migrate/20210106060335_create_nonces.rb
+- db/migrate/20250823073342_add_public_key_hash_to_accounts.rb
 - db/schema.rb
 - lib/bullion.rb
 - lib/bullion/acme/error.rb