from:"Debian\/GNU"

Re: [Letsencrypt-devel] 2FA on salsa?

2018-02-11 Thread Debian/GNU

On 02/09/2018 05:41 PM, Mattia Rizzolo wrote:
> On Fri, Feb 09, 2018 at 04:41:54PM +0100, IOhannes m zmölnig (Debian/GNU) 
> wrote:
>> it seems somebody enabled two-factor-authentication for this team on salsa.
> 
> Indeed it's enabled.
> I didn't do it, so that was Harlan.
> 
> Harlan: what was your reasoning about it?
> 
>> now, i don't own a smartphone & i don't own a yubikey.
>> afaik, this means that i cannot use 2FA.
> 
> That's not completely true.  You could manage your login codes manually
> with oathtool(1) or similar.  Sure, that's annoying to do :P
> 


until i set this up (if ever), can someone with the powers please remove
me from the team?
it's really annoying to not be able to do anything.

thanks you.

fgmards
IOhannes



signature.asc
Description: OpenPGP digital signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel

[Letsencrypt-devel] 2FA on salsa?

2018-02-09 Thread Debian/GNU

hi,

it seems somebody enabled two-factor-authentication for this team on salsa.
at least, when i log in, i now get an error:

> The group settings for Debian Lets Encrypt Team require you to enable
Two-Factor Authentication for your account.

and i cannot proceed unless i setup 2FA.
now, i don't own a smartphone & i don't own a yubikey.
afaik, this means that i cannot use 2FA.

if the letsencrypt team insists on 2FA, please remove me from the team
as it prevents me from using the salsa webinterface.

in this case i'll probably have to migrate my
"dehydrated-hook-ddns-tsig" to the 'debian' namespace.


otoh, i'd prefer if there had been some discussion about enabling 2FA
before the fact.

fgmdsar
IOhannes



signature.asc
Description: OpenPGP digital signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel

[Letsencrypt-devel] joining the letsencrypt team

2017-06-11 Thread Debian/GNU

hi all,

as you might have noticed, i recently filed an ITP about
dehydrated-dnspython-hook (#864408), and i think maintaining the package
under the umbrella of this team so makes sense.
unfortunately, i haven't found anything about how to *join* the team and
whether there are any policies or whatnot to know beforehand.

what do you think?

fdmsar
IOhannes



signature.asc
Description: OpenPGP digital signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel

[Letsencrypt-devel] Bug#854431: dehydrated: please chown/chmod *.pem to root:ssl-cert

2017-06-07 Thread Debian/GNU

Package: dehydrated
Version: 0.3.1-3
Followup-For: Bug #854431

+1 for this feature from my side.

I was actually going to suggest to use a separate group (e.g.
'letsencrypt-cert') but re-using the 'ssl-cert' group sounds good for me as
well.

___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel

[Letsencrypt-devel] Bug#848224: Bug#848224: dehydrated-apache2: does not handle .well-known directory hidden by mod_rewrite

2016-12-16 Thread Debian/GNU

On 12/15/2016 06:03 PM, Mattia Rizzolo wrote:
>> Unfortunately it had no effect on my system: accessing
>> /.well-known/acme-challenge/ via my webserver would just give me a 404 page.
>>
>> Now, my webserver has the following characteristics
>> - multiple VirtualHosts
>> - use of mod_rewrite to do complex routing (in virtually all VirtualHosts).
> 
> umh.
> where do you configure the virtualhosts?  If you have them on
> /etc/apache2/sites-enabled those should not conflict and the conf this
> package ships would be honored (I think?!).

the vhosts are configured via /etc/apache2/sites-enabled, and i don't
think there is a conflict per se.
but i think that the mod_rewrite somehow cancels the conf from
dehydrated-apache2.

i probably should add, that mod_rewrite is rewriting the entire page
(apache2 is the front-end to a plone CMS; for vhost support on the CMS
side, i need complex proxying/rewriting capabilities such as offerend by
mod_rewrite)

> 
> In my systems I have a lot of virtulhosts too (although I don't have
> that many rewrite rules) and everything works.
> 
>> RewriteRule ^/\.well-known/acme-challenge/ - [L]
>>
>> Of course I would prefer a solution that would fix this in a central place
>> (/etc/apache2/conf-available/dehydrated.conf).
>> However, my feeble (and short-lived) attempts did not have any effect.
> 
> Have you tried adding that line to
> /etc/apache2/conf-enabled/dehydrated.conf?
> 

that was precisely my unsatisfying and "feeble attempt" to fix it.



fgmrs
IOhannes



signature.asc
Description: OpenPGP digital signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel

[Letsencrypt-devel] Bug#810216: letsencrypt: fails to run as unprivileged user

2016-01-07 Thread Debian/GNU

Package: letsencrypt
Version: 0.1.1-3
Severity: normal

Dear Maintainer,

letsencrypt gives me a hard time when being run as unprivileged user.
i understand that quite a number of operations require supercow powers, but the
error messages are rather cryptic (being generic python exceptions):

$ letsencrypt
An unexpected error occurred:
OSError: [Errno 13] Permission denied: '/etc/letsencrypt'
Please see the logfile 'letsencrypt.log' for more details.
$ cat letsencrypt.log
Traceback (most recent call last):
  File "/usr/bin/letsencrypt", line 9, in 
load_entry_point('letsencrypt==0.1.1', 'console_scripts', 
'letsencrypt')()
  File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 1359, in 
main
"--strict-permissions" in cli_args)
  File "/usr/lib/python2.7/dist-packages/letsencrypt/le_util.py", line 103, 
in make_or_verify_dir
os.makedirs(directory, mode)
  File "/usr/lib/python2.7/os.py", line 157, in makedirs
mkdir(name, mode)
OSError: [Errno 13] Permission denied: '/etc/letsencrypt'
$ sudo letsencrypt
No installers seem to be present and working on your system; fix that or try
running letsencrypt with the "certonly" command
$ letsencrypt
Traceback (most recent call last):
  File "/usr/bin/letsencrypt", line 9, in 
load_entry_point('letsencrypt==0.1.1', 'console_scripts', 
'letsencrypt')()
  File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 1364, in 
main
setup_logging(args, _cli_log_handler, logfile='letsencrypt.log')
  File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 1277, in 
setup_logging
args, logfile=logfile, fmt=fmt)
  File "/usr/lib/python2.7/dist-packages/letsencrypt/cli.py", line 1248, in 
setup_log_file_handler
log_file_path, maxBytes=2 ** 20, backupCount=10)
  File "/usr/lib/python2.7/logging/handlers.py", line 117, in __init__
BaseRotatingHandler.__init__(self, filename, mode, encoding, delay)
  File "/usr/lib/python2.7/logging/handlers.py", line 64, in __init__
logging.FileHandler.__init__(self, filename, mode, encoding, delay)
  File "/usr/lib/python2.7/logging/__init__.py", line 905, in __init__
StreamHandler.__init__(self, self._open())
  File "/usr/lib/python2.7/logging/__init__.py", line 935, in _open
stream = open(self.baseFilename, self.mode)
IOError: [Errno 13] Permission denied: 
'/var/log/letsencrypt/letsencrypt.log'
$

if the letsencrypt binary is only meant to be run as superuser, please move it
from /usr/bin/ to /usr/sbin/ and/or add additional checks whether the user has
the required privileges and provide them with a meaningful error message.

otoh, i guess that some functionality of letsencrypt does not require root
priviliges at all, at least it should not require such privilges (e.g. i don't
see why `letsencrypt plugins` must be run as root).




*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: stretch/sid
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'stable-updates'), (500, 
'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.3.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_AT.utf8, LC_CTYPE=de_AT.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages letsencrypt depends on:
ii  dialog  1.2-20150920-1
ii  python-letsencrypt  0.1.1-3
pn  python:any  

letsencrypt recommends no packages.

Versions of packages letsencrypt suggests:
pn  python-letsencrypt-apache  
ii  python-letsencrypt-doc 0.1.1-3

-- no debconf information

___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel

Re: [Letsencrypt-devel] 2FA on salsa?

[Letsencrypt-devel] 2FA on salsa?

[Letsencrypt-devel] joining the letsencrypt team

[Letsencrypt-devel] Bug#854431: dehydrated: please chown/chmod *.pem to root:ssl-cert

[Letsencrypt-devel] Bug#848224: Bug#848224: dehydrated-apache2: does not handle .well-known directory hidden by mod_rewrite

[Letsencrypt-devel] Bug#810216: letsencrypt: fails to run as unprivileged user

6 matches

Site Navigation

Mail list logo

Footer information