Re: [Letsencrypt-devel] Bug#812174: ITP: letsencrypt-sh -- ACME client implemented in Bash
Control: retitle -1 ITP: letsencrypt.sh -- ACME client implemented in Bash On Sun, Mar 27, 2016 at 01:01:18PM +0200, Daniel Beyer wrote: > On Sat, 2016-03-26 at 21:07 +0000, Mattia Rizzolo wrote: > > On Thu, Jan 21, 2016 at 08:10:13AM +0100, Daniel Beyer wrote: > > > * Package name: letsencrypt-sh > > > > Is there a good reason not to call this package 'letsencrypt.sh', with a > > dot, as the official name? > > No, there is no good reason for it. I wrongly thought a dot in a package > name is not permitted. Let's name it letsencrypt.sh. Cool, let's change it ;) (I retitled the ITP here) > > Anyway, this email was to ask how it's going with this. > > Since I needed it, I made some initial packaging [1] on GitHub, which > fit my needs right know. It of course need some more work to get it > ready for Debian (e.g. it needs to be rebased against upstream's v0.1.0 > and the repo should be moved to anonscm.d.o). I'd be very happy to do some work and have you review it and see if it fits your needs and likings. Two things I'd do include using an apache2 configuration snippet (to go in /etc/apache2/conf.available) instead of a fake virtual host in /etc/apache2/sites.available. Another is to install the full config snippet provided by upstream in /usr/share/letsencrypt.sh/examples and install our version in /etc/ from a static copy kept in debian/ instead of patching upstream's config.sh. > > It should be a > > fairly simple package, and I'm quite interested in it (can also sponsor > > it or help to comaintain it, as you like, if you need it!). > > I might have overcomplicated things a bit with the current packaging > approach (e.g. providing apache configuration). You might want to take a > look yourself and share your thoughts. I like that you're providing a easy snippet of conf to easily set up apache to do > If you're up for it, I gratefully would like to accept your offer to > co-maintain this package. Additionally it might be worth to ask having > it under the umbrella of Debian Let's Encrypt [2]. Yes, that's a great idea. I'm CCing letsencrypt-devel. I asked hlieberman via IRC if this would be ok for him, but he hasn't replied yet. If this is Ok for the letsencrypt team, would you be ok to add myself (user: mattia) and Daniel Beyer (that I guess is dabe-guest on alioth) to the team? > Let me know if you think we can base our work on what I've done so far, > or if we instead should make a fresh start. If think your work is great :) If you are ok, I'd start working on a clone of this and see what you think of it; it really won't need much! -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: http://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] Bug#819760: Bug#819760: acme-tiny: Please install README
On Fri, Apr 01, 2016 at 08:55:49PM -0300, Jeremías Casteglione wrote:
> Can someone from the team upload the -4 version please? I've not
> such rights. Thanks!
Uploaded :)
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: http://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#822493: Bug#822493: letsencrypt.sh: config file refers to nonexisting documentation
control: severity -1 minor
On Mon, Apr 25, 2016 at 02:20:21AM +0200, Roland Hieber wrote:
> the default config file in /etc/letsencrypt.sh/config.sh refers in its header
> to /usr/share/doc/letsencrypt-sh/README.Debian. However, that file is
> nonexistent. I guess it contains important(-ish) documentation on what to do
> with /etc/letsencrypt.sh/conf.d/ ...? ;-)
umh, the person who added that header was me, and I really don't recall
what I was thinking while writing it...
Daniel: do we have something interesting to put in README.Debian?
Otherwise I guess removing the reference for now is a good solution as
any.
I don't particularly like modifying files installed in /etc/ as those
are conffile handled by dpkg that requires a manual action during
upgrades if the local sysadm modified it, and even if this is still only
in sid but I'd still avoid it.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#822493: letsencrypt.sh: config file refers to nonexisting documentation
On Tue, Apr 26, 2016 at 01:54:51PM +0200, Daniel Beyer wrote:
> We could (and should) explain the Debian specific thinks, like where the
> certificates can be found on the system and that one should use conf.d
> rather than modifying the shipped config. I can write an initial
> README.Debian during this week.
that would be great!
> I would prefer to ship a README.Debian. I'll let you know as soon an
> initial version is in git, so you can review it and add possibly missing
> parts.
Cool, I'll let you write the first draft. That also great since I'll
have exams the next week, and I prefer to focus there :)
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#822493: letsencrypt.sh: config file refers to nonexisting documentation
On Fri, May 13, 2016 at 09:44:31PM +0200, Daniel Beyer wrote: > On Fri, 2016-05-13 at 20:16 +0200, Cord Beermann wrote: > > PS: It would also be nice if you add a cronjob to the package for refreshing > > the configured certificates. > > Of course, we have this in mind, too. But it will take some time to get > this in place. Feel free to open a separate bug for this in BTS. Also, consider how hard can be to provide a cronjob that works for all kind of setup. I run my letsencrypt.sh under a 'letsencrypt' user, but clearly that's not everybody's setup. IMHO before providing such cronjob we should also provide a full setup, including a system user that runs letsencrypt.sh. So, feel free to open a new bug for it, but also to provide some thoughts on the matter. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] Bug#817865: RFS: acmetool/0.0.49 [ITP] -- automatic certificate acquisition tool for Let's Encrypt
55056 [DEBUG] acme.redirector: redirector running --- PASS: TestRedirector (0.10s) PASS ok github.com/hlandau/acme/redirector 0.105s ? github.com/hlandau/acme/responder [no test files] ? github.com/hlandau/acme/solver [no test files] === RUN TestKeyID --- PASS: TestKeyID (0.46s) PASS ok github.com/hlandau/acme/storage 0.463s ? github.com/hlandau/acme/storageops [no test files] cd /build/acmetool-0.0.49 dh_auto_test: go test -v github.com/hlandau/acme/acmeapi github.com/hlandau/acme/acmeapi/acmeendpoints github.com/hlandau/acme/acmeapi/acmeutils github.com/hlandau/acme/cmd/acmetool github.com/hlandau/acme/fdb github.com/hlandau/acme/hooks github.com/hlandau/acme/interaction github.com/hlandau/acme/redirector github.com/hlandau/acme/responder github.com/hlandau/acme/solver github.com/hlandau/acme/storage github.com/hlandau/acme/storageops returned exit code 1 debian/rules:11: recipe for target 'build' failed make: *** [build] Error 1 dpkg-buildpackage: error: debian/rules build gave error exit status 2 In the meantime I did 3 more trivial commits, that I pushed. (hope you don't mind the extra commits, but imho that's the main advantage of keeping packages in a team, have the team mates being able to do such sillyness! ;)) -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] Bug#817865: Bug#817865: RFS: acmetool/0.0.49 [ITP] -- automatic certificate acquisition tool for Let's Encrypt
On Sun, May 15, 2016 at 01:14:54PM -0400, Peter Colberg wrote: > Thanks for catching this. I built the package in an sbuild chroot, > which by default does not block network connections. The test is > trying to contact the Let’s Encrypt staging server. As you probably know that's not allowed :) Also, FYI, whilst most of Debian's buildd allows network connection, ubuntu's don't, so your package would have FTBFS there. > The easiest solution is to disable the test for now, but in the yes please. > long term it would be good to package boulder for Debian and use > it for offline testing. > > How are you currently testing the other Let’s Encrypt clients? > > Would you be interested in packaging boulder together? I only maintain letsencrypt.sh that doesn't have tests, so I'm not really testing it. I don't know about the other clients. > > In the meantime I did 3 more trivial commits, that I pushed. > > > > (hope you don't mind the extra commits, but imho that's the main > > advantage of keeping packages in a team, have the team mates being able > > to do such sillyness! ;)) > > Yes, your commits are very welcome. > > Which repository did you push to? master is still at 771996d: > > https://anonscm.debian.org/cgit/letsencrypt/acmetool.git Turns out I wrote something I didn't do, pushed now. Please ping once you disabled those tests -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] Bug#817865: RFS: acmetool/0.0.49 [ITP] -- automatic certificate acquisition tool for Let's Encrypt
On Sun, May 15, 2016 at 01:30:39PM -0400, Peter Colberg wrote:
> Please try building acmetool commit fb8b2a5, which disables the
> OCSP test to avoid network access in the build chroot.
yeah, that one does build.
Given that you seem to be here, maybe you can double check these lintian
tags?
W: acmetool: spelling-error-in-readme-debian acme acme (duplicate word) acme
I: acmetool: spelling-error-in-binary usr/bin/acmetool unkown unknown
There is also this one, but my guess is that is'a false positive?
I: acmetool: spelling-error-in-binary usr/bin/acmetool writeN written
Also, I don't know golang, but does the same hardening stuff that you do
on C/C++ applies here too? In that case:
I: acmetool: hardening-no-pie usr/bin/acmetool
I: acmetool: hardening-no-bindnow usr/bin/acmetool
If you prefer otherwise, I can upload with those, though.
PS: I had already pulled and worked too. I *think* that since some
debhelper versions where the -O was internally refactored it's not
strictly needed anymore to carry on the -O in all the overrides.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] Bug#817865: Bug#817865: RFS: acmetool/0.0.49 [ITP] -- automatic certificate acquisition tool for Let's Encrypt
On Sun, May 15, 2016 at 07:37:53PM +0200, Ondrej Novy wrote:
> but there are tests:
> https://github.com/lukas2511/letsencrypt.sh/blob/master/test.sh :)
Ok, I admit it: I spend most of my time half-drunk and din't notice it.
Kidding, but seriosly I never noticed that file, and we don't run it at
build time... meh.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] Bug#817865: RFS: acmetool/0.0.49 [ITP] -- automatic certificate acquisition tool for Let's Encrypt
On Sun, May 15, 2016 at 01:58:28PM -0400, Peter Colberg wrote: > On Sun, May 15, 2016 at 05:39:31PM +0000, Mattia Rizzolo wrote: > > On Sun, May 15, 2016 at 01:30:39PM -0400, Peter Colberg wrote: > > > Please try building acmetool commit fb8b2a5, which disables the > > > OCSP test to avoid network access in the build chroot. > > > > yeah, that one does build. > > Please do a "git fetch" and "git reset --hard origin/master" to fix > a search&replace accident. I promise to never overwrite HEAD again :-( don't worry, I can deal with it ;) (and already did that, as i received your second email when writing mine and checked). BTW, yeah, that's a really bad thing to do in a context like, after you explicitly asked somebody else to pull... That should have been the place for a follow up fixup commit :) > > W: acmetool: spelling-error-in-readme-debian acme acme (duplicate word) acme > > That is a false positive: I wouldn't mind a override. > > I: acmetool: spelling-error-in-binary usr/bin/acmetool unkown unknown > > I searched for this spelling error before in all of the Golang > packages but could not find it, so it must be in the Go standard > library. I will file an upstream issue with golang/go. I see. > > There is also this one, but my guess is that is'a false positive? > > I: acmetool: spelling-error-in-binary usr/bin/acmetool writeN written > > Yes, the trailing capital letter is characteristic of a false positive > that I have seen in other packages before. I wonder if that's another good place for an override and/or a lintian bug. > > PS: I had already pulled and worked too. I *think* that since some > > debhelper versions where the -O was internally refactored it's not > > strictly needed anymore to carry on the -O in all the overrides. > > I will ask the Debian Go maintainers whether -O--buildsystem=golang > can be dropped safely. ok > In any case, it’s fixed in commit 4244a83, > which is ready for upload. Then, uploaded :) I also tagged the release in git ^^ -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] acme-tiny 20160326-1: new release, bug fixes
On Thu, May 19, 2016 at 11:28:47AM -0300, Jeremías Casteglione wrote:
> I just pushed to master branch a new version of the package (commit 8543dcd),
> which includes a new upstream release and some reported bug fixes.
>
> https://anonscm.debian.org/cgit/letsencrypt/acme-tiny.git
added a couple of commits on top of that.
> Could someone from the team upload this new version please?
uploaded :)
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#824903: letsencrypt.sh: Letsencrypt.sh broken due to "pretty" json used in Let's Encrypt API
control: found -1 0.1.0-2 control: notfound -1 0.1.0-2~bpo8+1 control: forwarded -1 https://github.com/lukas2511/letsencrypt.sh/pull/202 On Sat, May 21, 2016 at 06:34:41AM +0200, David Kuehling wrote: > Version: 0.1.0-2~bpo8+1 > I'm testing this using the backports package, but I guess the problem > applies to sid as well (same version). Yeah, but, well, don't report bugs using the backport version. The Debian BTS does a version tracker, and it is not aware of the backports, and fun things happens. > Recently letsencrypt.org changed to return pretty json with lots of > newlines (as tested via > https://acme-staging.api.letsencrypt.org/directory). I wonder when this happened and how. Exactly yesterday I renewed some certs of mine and the things just worked. > This breaks > various sed-based json parsing code in the distributed version of > letsencrypt.sh . Also I wonder if it would be better if letsencrypt.sh used jq(1) instead of sed, but well.. > https://github.com/lukas2511/letsencrypt.sh/pull/202 > > The "official" fix is here: > > > https://github.com/lukas2511/letsencrypt.sh/commit/561f0626b855ec4ee94856884e2f1eff9ade2d88 > > cheers, yeah, great, guess we can just cherry-pick it :) -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#824928: letsencrypt.sh: move the default position of the domains file to /etc/letsencrypt.sh/
Package: letsencrypt.sh
Version: 0.1.0-2
Severity: wishlist
As I wrote in #822493#45:
> +Providing a list of domains to letsencrypt.sh
> +=
> +If the parameter --domains is not given to letsencrypt.sh, it tries to
> get
> +a list of domains from the file /var/lib/letsencrypt.sh/domains.txt.
>
> I've never noticed this (as I use -d in my own script), but imho we
> should put that file by default in /etc/letsencrypt.sh/domains.txt.
> Really /var should not be the place for things like this, whilst is
> totally fine for files like certs.
> What do you think?
>
> IMHO the best way to accomplish this is to introduce a new conf entry
> pointing just to the domains file, and defaulting to
> "${BASEDIR}/domains.txt. Just looking at the code and without trying
> seems like ${DOMAINS_TXT} does that; if that's the case it just need
> documenting in the example file. This should be done upstream, of
> course, and I couldn't figure why he wouldn't like it.
Daniel: what are your thoughts on this?
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#822493: letsencrypt.sh: config file refers to nonexisting documentation
control: tag -1 pending
On Sat, May 14, 2016 at 07:20:57PM +0200, Cord Beermann wrote:
> As i'm aware that automation/integration with other packages as
> suggested by me won't be easy to establish, the README should
> also point those things out:
Thanks, included.
Daniel: do you want to do improve it any more? otherwise I'd say to
upload this thing, given #824903.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#824928: letsencrypt.sh: move the default position of the domains file to /etc/letsencrypt.sh/
On Sat, May 21, 2016 at 07:14:05PM +0200, Daniel Beyer wrote:
> Hi Mattia,
>
> On Sat, 2016-05-21 at 15:58 +0200, Daniel Beyer wrote:
> > (...)
> >
> > It looks like ${DOMAINS_TXT} can not be set or overridden in config.sh.
> > But it should be rather easy to add this feature to letsencrypt.sh. I'll
> > work on a patch and propose it upstream. In past upstream was very nice
> > with accepting improvements to letsencrypt.sh. I'll let you know about
> > the progress of this.
>
> I opened a PR for upstream [1], based on the initial work you gave me.
> It might take a bit till upstream reacts to it, but I think chances are
> good it will be accepted.
> [1] https://github.com/lukas2511/letsencrypt.sh/pull/204
Great thanks!
> I started working on updating our packaging in a new branch
> wip/dabe/domains.txt-in-etc. But I have the feeling, that mentioning the
> change in d/NEWS is not enough.
I'd also keep in mind that this package is very young while considering
this.
> So i came up with the following idea (not implemented, yet):
> During upgrade we check if a /var/lib/letsencrypt.sh/domains.txt exists
> and if so add an extra config file in /etc/letsencrypt.sh/conf.d/ to
> automatically reconfigure letsencrypt.sh back to the old location. With
> this we would not break things for our existing users.
> Do you have an other idea or opinion how to deal with this?
That's a nice idea, even if I usually try to avoid having to deal with
maintainer scripts.
Anyway doing this also requires:
* checking that /etc/letsencrypt.sh/config.sh actually has DOMAINS_TXT
set to the new location (if the user modified it, dpkg won't overwrite
it with our new copy with our new conf)
* also adding a prerm to remove that file in case of purge
Also, I'd like to not keep that thing forever, e.g. drop this
transitional measure before stretch: I'm usually happier if my packages
don't have maintainer scripts.
> An other question is whether or not we should start shipping
> a /etc/letsencrypt.sh/domains.txt. I would prefer to do that, with a
> small header (lines containing '#' are ignored) outlining the purpose
> and the format of this domains.txt file. What do you think?
Yes :)
Also notice the relative file in the new docs/ directory in the upstream
repo (I'd like to ship all that documentation when a new release will
happen).
In the meantime, I'm going to build from your branch, change some things
in my infra, and test it out.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#824928: letsencrypt.sh: move the default position of the domains file to /etc/letsencrypt.sh/
On Sat, May 21, 2016 at 06:07:34PM +, Mattia Rizzolo wrote:
> On Sat, May 21, 2016 at 07:14:05PM +0200, Daniel Beyer wrote:
> > I opened a PR for upstream [1], based on the initial work you gave me.
> > It might take a bit till upstream reacts to it, but I think chances are
> > good it will be accepted.
> > [1] https://github.com/lukas2511/letsencrypt.sh/pull/204
>
> Great thanks!
>
> > I started working on updating our packaging in a new branch
> > wip/dabe/domains.txt-in-etc.
In the meantime a new release happened, and our patch has been merged
the commit right after the release one, useful.
Anyway, I imported the new upstream release, and pulled your changes in
debian/master.
> > But I have the feeling, that mentioning the
> > change in d/NEWS is not enough.
>
> I'd also keep in mind that this package is very young while considering
> this.
>
> > So i came up with the following idea (not implemented, yet):
> > During upgrade we check if a /var/lib/letsencrypt.sh/domains.txt exists
> > and if so add an extra config file in /etc/letsencrypt.sh/conf.d/ to
> > automatically reconfigure letsencrypt.sh back to the old location. With
> > this we would not break things for our existing users.
> > Do you have an other idea or opinion how to deal with this?
>
> That's a nice idea, even if I usually try to avoid having to deal with
> maintainer scripts.
> Anyway doing this also requires:
> * checking that /etc/letsencrypt.sh/config.sh actually has DOMAINS_TXT
> set to the new location (if the user modified it, dpkg won't overwrite
> it with our new copy with our new conf)
> * also adding a prerm to remove that file in case of purge
>
>
> Also, I'd like to not keep that thing forever, e.g. drop this
> transitional measure before stretch: I'm usually happier if my packages
> don't have maintainer scripts.
Are you willing to do this?
I'm now running current debian/master, after having moved files around.
With 0.2.0 there is also another incompatible change: the PRIVATE_KEY =>
ACCOUNT_KEY rename which actually bit me even if I was aware of it; do
we want to provide a backward compatible thing and carry on some kind of
deprecation procedure (like: using something like
ACCOUNT_KEY=${ACCOUNT_KEY:-${PRIVATE_KEY}} somewhere and keeping it for
a while)
> > An other question is whether or not we should start shipping
> > a /etc/letsencrypt.sh/domains.txt. I would prefer to do that, with a
> > small header (lines containing '#' are ignored) outlining the purpose
> > and the format of this domains.txt file. What do you think?
>
> Yes :)
> Also notice the relative file in the new docs/ directory in the upstream
> repo (I'd like to ship all that documentation when a new release will
> happen).
In the new package there is a
/usr/share/doc/letsencrypt.sh/docs/domains_txt.md which imho contains
everything needed.
And if we provide an empty domains.txt, we should also first patch the
script to return a useful message instead of saying nothing and just
exit 0.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#826147: new upstream version available (0.7.0)
control: notfound -1 0.6.0
control: found -1 0.6.0-2
On Thu, Jun 02, 2016 at 12:50:17PM -0400, Antoine Beaupré wrote:
> Package: certbot
> Version: 0.6.0
Well, I'm sure as a DD you are very much aware that this version is
wrong.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#826145: letsencrypt.sh: Ship lighttpd module?
On Thu, Jun 02, 2016 at 06:25:48PM +0200, Elrond wrote:
> could you consider to provide the attached file as
> /etc/lighttpd/conf-available/10-letsencrypt.sh-challenge.conf
Yes! we were waiting for somebody to provide such file :)
> You might leave activating it to the admin. But having the
> file already in place might make the admin's live easier.
[..]
> I don't think, it's needed to put this in its own package
> like the -apache2 one.
the apache2 one activates itself when installing, and I find that a
feature.
> It's just a file you ship, that wont
> hurt anyone.
and I find shipping unused/useless files in /etc sad. /etc is already
bloated enouhg.
Is there some thing like dh-apache2 to enable/deal with that conf, etc?
> alias.url += (
> "/.well-known/acme-challenge" =>
> "/var/lib/letsencrypt.sh/acme-challenges"
> )
I'm not a lighttpd guy, is this apache2 conf snippet needed/wanted here
too?
Options FollowSymlinks
Options -Indexes
AllowOverride None
Require all granted
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#826145: letsencrypt.sh: Ship lighttpd module?
On Fri, Jun 10, 2016 at 01:31:29PM +0200, Elrond wrote: > On Thu, Jun 02, 2016 at 19:57:23 +0000, Mattia Rizzolo wrote: > > On Thu, Jun 02, 2016 at 06:25:48PM +0200, Elrond wrote: > For nginx (I *might* provide the snippet in an upcoming > wishlist bug) the case is ever harder: The admin needs to > add a "include ..." by hand. I don't even know what you're talking about here :) I always only limited myself to apache2 ^^ > > Is there some thing like dh-apache2 to enable/deal with that conf, etc? > > Sadly, there is not. > > BUT: > > javascript-common:postinst,prerm,postrm have snippets for > lighttpd to do what you want! Yeah, why not ^^ Even if I quite hate having manually placed mainter scripts... > I *think* most of those should be the default. > I will check that and let you know. thanks. > That said, I wonder, whether FollowSymlinks is needed at > all? /var/lib/letsencrypt.sh/acme-challenges should be a > normal directory and the created files in there are files, > not symlinks? you can never know. The sysadmin my had removed /var/lib/letsencrypt.sh and placed it as a symlink towards something, I want to support such a setup. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#827371: letsencrypt.sh: Use hook.d folder?
On Wed, Jun 15, 2016 at 02:21:34PM +0200, Elrond wrote:
> I am starting to test hook scripts to deploy the
> certificates into appropiate places. One idea I got while
> doing that: Have a hook.d folder with scripts that get all
> executed.
mmh
> What do you think?
I don't know, this looks so weird to me.
Considering how hooks are handled¹, I wouldn't know how this could be
any useful.
What's your use case for doing such a thing?
¹ pretty much like debian's maintainer scripts, where dpkg calls the
script with an action (upgrade/purge/remove/install/...) and some
paremeters
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] DM application of Peter Colberg
On Mon, Jun 20, 2016 at 05:38:55PM -0400, Peter Colberg wrote: > Hi Dmitry, > > My key 183BD5ED35278611 has been added to the DM keyring [1]. > > Would you be willing to sponsor upload rights [2] for these packages? > > acmetool I granted you DM on acmetool. I sponsored it twice, including the first upload, and so I think you can maintain it. Furthermore, I feel more accomodating than usual right now... > golang-github-alecthomas-units > golang-github-erikdubbelboer-gspt > golang-github-fatih-color > golang-github-hlandau-degoutils > golang-github-hlandau-xlog > golang-github-jmhodges-clock > golang-github-mitchellh-go-wordwrap > golang-github-ogier-pflag > golang-github-peterhellberg-link > golang-github-satori-go.uuid > golang-gopkg-alecthomas-kingpin.v2 > golang-gopkg-cheggaaa-pb.v1 > golang-gopkg-hlandau-configurable.v1 > golang-gopkg-hlandau-easyconfig.v1 > golang-gopkg-hlandau-service.v2 > golang-gopkg-hlandau-svcutils.v1 > golang-gopkg-square-go-jose.v1 > golang-gopkg-tylerb-graceful.v1 I sponsored you some of these, just once (or maybe twice), but I'd like to see more uploads before granting DM on them. Of course, if Dimiti (whom sponsored all of them…) wants to go ahead he is more than welcome :) Also, go packaging is so easy and straighforward that I can't really evaluate abilities with them... > Performing the uploads myself would be good for practice on my way to > becoming a DD. For non-trivial changes I would ping pkg-go-maintainers > or letsencrypt-devel for review before uploading. Thanks. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] DM application of Peter Colberg
On Mon, Jun 20, 2016 at 06:07:59PM -0400, Peter Colberg wrote:
> That said, I can think of quite a few metrics to evaluate maintainer
> ability based on golang packaging:
[ reflowing the text… ]
> to which extent has the maintainer collaborated with upstream,
> e.g., to motivate them to tag releases, to file pull requests
> for forked packages so that the original packages can be used in Debian,
> to fix their test suite, to ask for license clarification, etc.
these are all social abilities more than anything.
> how carefully has debian/copyright been composed;
These are not really something that would give me an idea of the
techinical knowledge somebody has. Licenses foo is surely something
important, but how do I know that you're able to fix bugs in your
package to a certain extent _correctly_. Part of what a sponsor
(usually) does is reviewing the changes, and see if they makes sense,
and avoid to upload clearly buggy things.
Mind you: I don't want to discurage you, just that I feel much more
confident with people who open themselves to other parts of debian work.
But then, a the DM status is thought for people who are only interested
in the restricted circle of their packages, and are not interested in
the bigger world; that's cool, but *I* still need more proof :)
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#833336: Bug#833336: needs update for new agreement URL (fixed upstream)
On Wed, Aug 03, 2016 at 10:41:51AM +0200, Daniel Baumann wrote: > Package: letsencrypt.sh > Version: 0.2.0-1 > Severity: serious > > Hi, > > the LE agreement URL changed, letsencrypt.sh needs to be updated > accordingly, please cherry-pick: > > https://github.com/lukas2511/letsencrypt.sh/commit/afabfff06e2dece1772ed788ac41ca0d297ab49b > > otherwise new LE installations don't work and error out with: > > + Generating account key... > + Registering account key with letsencrypt... > + ERROR: An error occurred while sending post-request to > https://acme-v01.api.letsencrypt.org/acme/new-reg (Status 400) FTR, I disagree on the severity and all the "OMG new things don't work" stuff. It's a configuration item, just change it... anyway, about to upload the fix. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] Bug#833647: acme-tiny: Agreement URL does not match the current one
On Thu, Aug 11, 2016 at 12:24:50AM -0300, Jeremías Casteglione wrote:
> Could someone from the team upload it please?
uploaded! :)
> I didn't create a git tag of the new version, just in case...
and tagged too! :)
(it's part of my sponsoring workflow, anyway)
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#826145: letsencrypt.sh: Ship lighttpd module?
Hi, getting back to this getting-old bug... On Tue, Jun 14, 2016 at 05:01:59PM +0200, Elrond wrote: > The current configuration scheme of nginx is mostly manual. > That is: The admin has to edit (or replace) config files, > always. > > What we can do: Provide a config snippet (for > letsencrypt.sh) that the admin can reference in his/her > manually edited config file. > > There currently is no way to auto-activate that snippet. > > I have filed a debian bug to create a directory for > snippets that are auto-activated in the default virtual > host. #822792 I find this behaviour disturbing, and also far from what I come to expect from a debian package (istr this is also written in some policy somewhere...) I subscribed to that bug (and also replied…), but let's get to this. > > > > Is there some thing like dh-apache2 to enable/deal with that conf, etc? > > > > > > Sadly, there is not. > > > > > > BUT: > > > > > > javascript-common:postinst,prerm,postrm have snippets for > > > lighttpd to do what you want! > > > > Yeah, why not ^^ > > Even if I quite hate having manually placed mainter scripts... I stand by my words: there are already maintainer scripts to deal with conf migrations where upstream doesn't provide a path, that's already sad enough… > dir-listings are disabled by default. > symlinks are enabled by default. > That said, it's probably better to enforce things, just in > case. yep, cool. > I have attached a new version of the config snippet. > Note: I have renamed it from 10-* to 50-*, so that it gets > loaded much later and has a good chance of overriding most > things. So, you can see here a wip: https://anonscm.debian.org/git/letsencrypt/letsencrypt.sh.git/commit/?h=debian/wip/lighttpd&id=dad41045dea17c7fe0814c3f678e93b0c5587656 do you really think that's going to be useful to somebody? Should a README be also provided (or the comment there expanded) saying what shall be done to have that enabled, or are lighttpd admins clever enough to figure it out themselves? On a related note, adding two more files in debian/* is not going to hurt us, but that directory is getting quite crowded in such a small package u.U :D -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#837308: letsencrypt.sh: version 0.3.0
source: letsencrypt.sh
version: 0.2.0-4
severity: wishlist
Upstream added in v0.3.0 multi-account support.
Though in doing so it dropped support for ACCOUNT_KEY and
ACCOUNT_KEY_JSON variables, in favour of some mess.
See upstream commit 034ec30c7d3f098007ffee704b00cf2d3c9b78e9
https://anonscm.debian.org/git/letsencrypt/letsencrypt.sh.git/commit/?h=upstream/master&id=034ec30c7d3f098007ffee704b00cf2d3c9b78e9
I've yet to try it myself, but as I see it if users wants to keep their
account keys that are not set to the place where upstream would dream of
(${BASE_DIR}/private_key.pem), they need to move them themselves to the
final place.
Also doesn't help that:
* the path is kinda unobvious: (in bash format)
${ACCOUNTDIR:${BASEDIR}/accounts}/$(echo ${CA} | urlbase64}/
really, hashing $CA ?? Why I wonder… Besides, `urlbase64` doesn't
seem to be a thing in Debian (‽)
* the filenames changed too:
private_key.pem => account_key.pem
private_key.json => registration_info.json
and they are not configurable anymore
I know that the DSA (Debian System Administrators) use the ACCOUNT_KEY
setting for their letsencrypt.sh deployment¹, and where annoyed because
their usage was not covered in our upgrade path in the last "migration".
So, I'd love to see even a more nifty thing this time :)
¹
https://anonscm.debian.org/git/mirror/letsencrypt-domains.git/tree/config/letsencrypt-config
though atm it still uses the old PRIVATE_KEY there. I asked why,
considering that at update time I received rants over IRC for that…
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] Bug#840641: ITP: python-lecm -- letsencrypt certificates manager
On Thu, Oct 13, 2016 at 04:08:59PM +0200, Sebastien Badia wrote: > * Package name: python-lecm > Version : 0.0.4 > Upstream Author : Yanis Guenane > * URL : https://github.com/Spredzy/lecm > * License : Apache-2.0 > Programming Lang: Python > Description : letsencrypt certificates manager > > Let's Encrypt Certificates Manager (lecm) is an utility that allows one to > manage (generate and renew) Let's Encrypt SSL certificates. > > I planned to maintain lecm in collab-maint. you can also maintain the package in the letsencrypt team, which is collecting all software related to letsencrypt. Within the team, I'm also very available for sponsoring, if you need it. (your choice, anyway) -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] Bug#840641: ITP: python-lecm -- letsencrypt certificates manager
On Fri, Oct 14, 2016 at 07:01:54PM +0200, Sebastien Badia wrote:
> Sure, good idea, I just requested to join the letsencrypt team on alioth.d.o
> Thanks! And thanks for the sponsoring!
I saw that somebody added you, great :)
I suggest you also subscribe
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel and
send sponsorship requests there (instead of mailing me privately).
There is not so much traffic in there, don't worry ;)
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] RFS: python-lecm/0.0.4-1: Let's Encrypt Manager (ITP: #840641)
On Mon, Oct 17, 2016 at 07:27:05PM +0200, Sebastien Badia wrote: > Hello! > > I'm new in the team, I just joined according a Mattia proposal on the ITP > #840641. Hi! I'm on the ML, so no need to Cc me here; also I assume you are, so I won't Cc you either! > python-lecm package is now pushed inside letsencrypt team, and should be ready > for a review/upload. > > https://anonscm.debian.org/cgit/letsencrypt/python-lecm.git > > https://mentors.debian.net/debian/pool/main/p/python-lecm/python-lecm_0.0.4-1.dsc be aware that I totally ignore tarballs (as distributed by mentors.d.n in this case) if possible, and just stick to the git repo. * d/control: + mind using /git/ also in Vcs-Browser? I like it more to have both Vcs-* being the same. (this is just me…) + you are packaging only a binary named python3-* something; I'd just leave out the "this is a py3 version" stuff from the description, and instead try to make the long description more useful * you are also shipping a binary in /usr/bin; that imho shouldn't be in a package named python3-* which usually denotes a library, or anyway an application which implementation language matters. I do not know lecm, but I'd probably name everything 'lecm', or perhaps only the python library in a binary python3-lecm. but I'm not sure if what I'm saying makes sense for this case. (note that also lintian notices this, with library-package-name-for-application) * do you think you can put that manpage somewhere upstream? also I see you're shipping the .md which seems to be the source of the groff file, could you generate it at build time? * why not debhelper compat level 10? -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] RFS: python-lecm/0.0.4-1: Let's Encrypt Manager (ITP: #840641)
On Fri, Oct 21, 2016 at 01:41:25AM +0200, Sebastien Badia wrote: > On Wed, Oct 19, 2016 at 01:46:06AM (+0200), Sebastien Badia wrote: > > On Mon, Oct 17, 2016 at 05:40:03PM (+), Mattia Rizzolo wrote: > > > * you are also shipping a binary in /usr/bin; that imho shouldn't be in > > > a package named python3-* which usually denotes a library, or anyway > > > an application which implementation language matters. > > > I do not know lecm, but I'd probably name everything 'lecm', or > > > perhaps only the python library in a binary python3-lecm. > > > but I'm not sure if what I'm saying makes sense for this case. > > > (note that also lintian notices this, with > > > library-package-name-for-application) > > > > Yeah! I asked myself the question, and indeed, it's only a binary, so you're > > right. Should rename also the source package? > > Any comment about this point? imho, yes too. It's an application (=> users shouldn't need to care too much about the implementation language), and upstream's name doesn't contain 'python', imho there is no reason to specify in the name that it's in python. > Anyway, I just imported a new release, and addressed all points mentioned > here, > (thanks for the review!) > > If you want to take a look :) oh, now I also noticed that the clean target doesn't clean appropriately. If you try to rebuild twice the package you get dpkg-source: info: local changes detected, the modified files are: python-lecm-0.0.5/lecm.egg-info/PKG-INFO python-lecm-0.0.5/lecm.egg-info/SOURCES.txt python-lecm-0.0.5/lecm.egg-info/dependency_links.txt python-lecm-0.0.5/lecm.egg-info/entry_points.txt python-lecm-0.0.5/lecm.egg-info/requires.txt python-lecm-0.0.5/lecm.egg-info/top_level.txt dpkg-source: error: aborting due to unexpected upstream changes, see /tmp/python-lecm_0.0.5-1.diff.2w_sk2 Also you don't delete debian/lecm.1 You can just add lecm.egg-info and debian/lemc.1 to debian/clean. You can test this by using pbuilder with the option --twice (though it's not a comprehensive test, as that just thest that you can build twice (and you currently can't, that's an RC), but not that you actually restore the source package to initial situation). -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] RFS: python-lecm/0.0.4-1: Let's Encrypt Manager (ITP: #840641)
On Fri, Oct 21, 2016 at 07:51:56PM +0200, Sebastien Badia wrote:
> Just renamed also the source package, and the git repo.
>
> https://anonscm.debian.org/cgit/letsencrypt/lecm.git
oh, wow, you redid the git repo from scratch u.U
I kinda assumed you would just mv(1) it…
> Let me know if I missed something,
nothing, cool by me, uploaded!
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] RFS: python-lecm/0.0.4-1: Let's Encrypt Manager (ITP: #840641)
On Sun, Oct 23, 2016 at 09:01:32AM +, Mattia Rizzolo wrote: > > Let me know if I missed something, > > nothing, cool by me, uploaded! trying to push the git tag: Counting objects: 1, done. Writing objects: 100% (1/1), 790 bytes | 0 bytes/s, done. Total 1 (delta 0), reused 0 (delta 0) remote: error: insufficient permission for adding an object to repository database ./objects remote: fatal: failed to write object 8e6f45a29fb3013b866d908ab1fba179c140870c error: unpack failed: unpack-objects abnormal exit To git+ssh://git.debian.org/git/letsencrypt/lecm.git ! [remote rejected] debian/0.0.5-1 -> debian/0.0.5-1 (unpacker error) error: failed to push some refs to 'git+ssh://git.debian.org/git/letsencrypt/lecm.git' This usually means the repository doesn't have core.sharedrepository=true and/or the objects directories aren't g+w or the groups is not scm_letsencrypt. I don't know how you created the repository, but please fix it (I notice now this team doesn't have a "setup-repository" script like most do, but anyway setting up the basics shouldn't be hard by hand either). Can you please fix the permissions? :) -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#841919: Bug#841919: acme-tiny: Please provide a backport for jessie
Hi! :) On Tue, Nov 01, 2016 at 06:39:42PM -0300, Jeremías Casteglione wrote: > > It would be nice to have a backported package of acme-tiny for Jessie. > > I just pushed to package's repo the debian/stable branch, with the > backported version 20160801-1~bpo8+1. [..] > This is my very first backport so it might be not so well done yet... I'll > be uploading it to backports.d.o soon I hope. I guess you need a sponsor for this too, right? :) What I noticed: * I discurage using "debian/stable" as a branch name in git: + such naming should be reserved to stable uploads, which this isn't (being a backport) + "stable" changes over the history, if anything this should say "jessie" + summing up: please call that branch either "debian/jessie-backports" (this would follow DEP-11) or "jessie-backports" * Uploads to backports don't close bugs, so even if you put a Closes: there you'd need to close this bug manually nonetheless (on a related note, I also noticed only now that there is no upstream/* tags metching the upstream releases; could you please add them too?) (btw: no need to Cc the ML, it gets all the bug reports messagges anyway, being the maintainer) -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#841919: Bug#841919: Bug#841919: Bug#841919: acme-tiny: Please provide a backport for jessie
On Tue, Nov 01, 2016 at 07:51:30PM -0300, Jeremías Casteglione wrote: > Great, thanks! I just pushed the debian/jessie-backports branch. > > I guess it's OK to delete debian/stable branch in alioth's repo then? To > avoid confusions and such? I deleted it ^^ > > * Uploads to backports don't close bugs, so even if you put a Closes: > > there you'd need to close this bug manually nonetheless > > OK, thanks... No problem with that, but I still need to upload it to > backports right? Even if you are going to sponsoring it? Yeah, that's fine. It just means you'll have to manually mail -done to close this bug once the backport is accepted. > > (on a related note, I also noticed only now that there is no upstream/* > > tags metching the upstream releases; could you please add them too?) > > I'm not sure about that... All the commits in the upstream branch were auto > done by git-dpm... And upstream didn't make any release either, really. > That's why we use the timestamp of last commit for the package version and > such. > > So not sure about any tags, sorry, but I'm OK to adding whatever is missing > =) > > There are actually 3 commits in the upstream branch, one for each "release". > I guess you mean to tag those commits? Ouch, I didn't realized you were using git-dpm u.U Hence my surprise, because with gbp the upstream tags are created at upstream import time, whilst with git-dpm that's all part of the `git-dpm tag` command run while uploading. I pushed a commit configuring git-dpm's tags to be sane, and run it while building the backport, and now there is also a upstream/ tag. *shrug* nvm for the older ones. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] Bug#843458: RFS: acmetool/0.0.58-1~bpo8+1
On Sun, Nov 06, 2016 at 01:49:38PM -0500, Peter Colberg wrote:
> I am looking for a sponsor for the initial upload of the package
> "acmetool" to jessie-backports.
o/
> gbp clone --debian-branch=debian/jessie-backports
> https://anonscm.debian.org/git/letsencrypt/acmetool.git
.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#839851: Bug#839851: [letsencrypt.sh] New upstream available
On Wed, Oct 05, 2016 at 08:13:53PM +0200, Jan Wagner wrote: > thanks for working hard on the letsencrypt.sh packages and doing such a > great job. It would be a lot easier and more stimulating if upstream cared more about backward compatibility. Every single update has some breakage, which we don't want to have, so we end up creating some upgrade plan on our own. Apparently recently Lukas started to care a tad bit more, but really it's not enough :S For 0.3.0 to be sane I did: * revert config.sh rename, which had no upgrade plan whatsoever upstream * add another safety net for ACCOUNT_KEY removal (did I got it right? tbh I've just committed it after I wrote, without running it once) I'm sure I missed something somewhere else > There is an new version available (0.3.1). Also the project name > changes, but I'll create another bug report about this. I've now imported 0.3.0. I'll now need to test it a bit myself, but if you want feel free to steal it from git and help test it out. I'll probably package dehydrated soon after this, but I don't think I'll be able to create a decent upgrade plan from letsencrypt.sh to dehydrated in time to for the stretch freeze. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#839853: Bug#839853: Upstream change project name
On Thu, Oct 06, 2016 at 07:10:32AM +0200, Daniel Beyer wrote: > Thanks for your report. We are aware of the changed name and I'm already > working on a renaming. It's a bit delayed right now, but I hope there > will be some significant progress over the weekend. I'm not sure of anything you did, but given that the freeze is approaching very quickly I took some actions: 1) I released just now 0.3.0 - I tested it and seems to work; as you can see I even revert that config.sh→config change upstream did to try to minimize disruptions in it. 2) I imported 0.3.1 and did an initial rename of everything, this isn't tested at all. https://anonscm.debian.org/git/letsencrypt/dehydrated.git/ Given the freeze, and not wanting to shout our faces on this, I planned to work on it some more, terminating the rename, do some basic testing and upload to unstable. I'd like to have it into testing asap (consider that there is going to be a NEW delay and now that we're approaching the freeze the testing migration delay is of 10 days, and new packages will stop enter testing on 5th of Jannuary), and *then* work on an upgrade plan from letsencrypt.sh. At any rate, I'd rather not have both letsencrypt.sh and dehydrated in stretch, so if we don't manage to get a good enough upgrade migration from le.sh I'm more tempted to ask to remove dehydrated from stretch and keep dehydrated for buster and stretch-backports. What do you think? Sorry for taking so long myself, had quite some work to do elsewhere :S -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] Proposed patches for dehydrated
On Thu, Dec 15, 2016 at 12:44:05AM +0100, Jan Wagner wrote: > Dear dehydrated maintainers, Hi! o/ > I've prepared 2 patches: > > * Add apache2 compatibility [1] nice, will apply shortly, thanks :) (though I'll rename it to "apache < 2.4 compatibility") > * Add letsencrypt.sh transition packages [2] I don't actually want it like that, because that wouldn't give any update path. I want to have a letsencrypt.sh binary that also provides the compat scripts, and also does other things that are not covered there (for this to actually be nice we should update to a git checkout of dehydrated or tell upstream to produce a new release, or something). I wanted to do this soon (and actually try the migration myself...), but this week I'm busy at the Reproducible Builds event¹, so I can get to it only next week, hopefully before Christmas, > Maybe you might consider to integrate them. > > Cheers, Jan. Thank you for the patches! ¹ https://reproducible-builds.org/events/berlin2016/ -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] Proposed patches for dehydrated
On Thu, Dec 15, 2016 at 08:40:08AM +0100, Jan Wagner wrote:
> Maybe it helps, I roughly used the following to update from
> letsencrypt.sh 0.3.0-1~ to dehydrated (Ignore line 4, that's my own
> daily cronjob for renewing certs):
>
> https://gist.github.com/waja/8df78afb09691e4f383d818685f48885#file-migrate2dehydrated-sh
I'll look at this deeply when I'll try the migration myself, but this is
exactly what I wanted to spare to the users of the package...
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#848224: Bug#848224: dehydrated-apache2: does not handle .well-known directory hidden by mod_rewrite
On Thu, Dec 15, 2016 at 11:51:40AM +0100, noc wrote: > dehydrated-apache2 comes with a conf-file that is supposed to make the > /.well-known/acme-challenge/ directory available in the webserver. > > Unfortunately it had no effect on my system: accessing > /.well-known/acme-challenge/ via my webserver would just give me a 404 page. > > Now, my webserver has the following characteristics > - multiple VirtualHosts > - use of mod_rewrite to do complex routing (in virtually all VirtualHosts). umh. where do you configure the virtualhosts? If you have them on /etc/apache2/sites-enabled those should not conflict and the conf this package ships would be honored (I think?!). In my systems I have a lot of virtulhosts too (although I don't have that many rewrite rules) and everything works. > RewriteRule ^/\.well-known/acme-challenge/ - [L] > > Of course I would prefer a solution that would fix this in a central place > (/etc/apache2/conf-available/dehydrated.conf). > However, my feeble (and short-lived) attempts did not have any effect. Have you tried adding that line to /etc/apache2/conf-enabled/dehydrated.conf? > Also, the documentation for such issues is sub-optimal. > Even though dehydrated-apache2 is supposed to work without any configuration > (though - as this bug report shows, sometimes it is not), it should come with > some documentation (even if it is just saying that normally no configuration > is > needed, and that one should look at /usr/share/doc/dehydrated/docs for general > documentation and specifically at wellknown.md) Possibly. > Ah yes: as you may have noticed, the target machine is running on jessie (for > which not even a backport of this package exists). I haven't verified the > problem on a sid system. > I assume that problems might be similar, and that Yeah, that's fine. > dehydrated-apache2 will > eventually hit jessie-backports (and the backports package will not be much > different from the current package) It will once I can provide a working and tested upgrade path from letsencrypt.sh to dehydrated. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#852291: RM: letsencrypt.sh -- RoM; superseded by src:dehydrated
package: ftp.debian.org
X-Debbugs-Cc: letsencrypt...@packages.debian.org
Dear ftp-masters,
all the binaries previously built by src:letsencrypt.sh has been took
over by src:dehydrated, so now src:letsencrypt is only a obsoleted
source package and can be removed.
Please take extra care of removing only the old binaries from
src:letencrypt.sh (version 0.3.0-2) and not the one coming from
src:dehydrated (version 0.3.1-2), just to avoid annoyances during the
freeze :)
% dak rm -Rn letsencrypt.sh
Will remove the following packages from unstable:
letsencrypt.sh |0.3.0-2 | source, all
letsencrypt.sh-apache2 |0.3.0-2 | all
Maintainer: Debian Let's Encrypt
--- Reason ---
--
Checking reverse dependencies...
No dependency problem found.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] Request to Join Project letsencrypt from Christopher Halse Rogers (raof-guest)
On Fri, Jan 27, 2017 at 06:40:24AM +, nore...@alioth.debian.org wrote:
> Christopher Halse Rogers (raof-guest) has requested to join your project.
> You can approve this request here:
> https://alioth.debian.org/project/admin/users.php?group_id=100963
Hi!
> Comments by the user:
> To help with the Ubuntu SRU processes.
Happy to receive help, so I approved you, but… SRU of what package to
what distribution to fix what? And access to the team is needed for
what? (I push to git a "xenial" branch, or ubuntu tags?)
(FTR, I am a MOTU)
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] Request to Join Project letsencrypt from Christopher Halse Rogers (raof-guest)
Mind that my email was CCed to the ML, since I don't know whether you subscribed it, and I want the team mates to be aware of this. I bounced your previous email. On Sat, Jan 28, 2017 at 08:39:21AM +1100, ch...@cooperteam.net wrote: > I'm part of the process to SRU certbot into Xenial. There are enough > packages and we've gone through enough revisions that Xenial (and > Yakkety) branches make sense, and would assist in reviewing. Ah, right. I discovered that today, while interacting on IRC with the Ubuntu release team. Personally I'm not happy, as it's way too large of a change (and changed behaviour!) to appear in a SRU, but I'm nearly giving up on that... BTW, you might want to contact (well, wait for an answer, he reads this ML) the certbot maintainer, hlieberman. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#853068: Bug#853068: Please verify upstream release signature
Control: tag -1 pending On Sun, Jan 29, 2017 at 03:44:34PM +0100, Georg Faerber wrote: > I've asked upstream to sign the releases. [1] Thank you!! > I'm attaching a patch which applies against the debian/master branch as > of today, 2017/01/29: It adds the upstream signing key and changes > debian/watch to verify the signature. > > Would be great if this patch could be pulled in! Yeah, applied to git, will be in the next upload. I'd have loved if the URLs were more consistent, but I guess we'll have to live with that (And I hope Lukas won't change the filename in the next release…). -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#853944: dehydrated-apache2: Validation fails when redirects point to subdirectories.
On Thu, Feb 02, 2017 at 12:34:27PM +0100, Rens Houben wrote: > Dear Maintainer, Hi! > One of our webhosting customers that I'm using Let's Encrypt certificates > for has migrated to a Joomla site that uses a lot of subdomain redirects > of the general type "subdomain.example.com" -> > "https://example.com/subdomain/"; Right, I've never done that thing, but indeed it won't work with the current rules. > After some digging into the logs I discovered that the problem was that > the certificate challenge followed the redirect chain, so the challenge > for http://subdomain.example.com/.well-known/acme-challenge/etcetera was > redirected to https://example.com/subdomain/well-known/acme-challenge/etc, > and the Alias directive in /etc/apache2/conf-available/dehydrated.conf > didn't cover it. > > Changing the rule to > > AliasMatch /.well-known/acme-challenge/(.*)$ > /var/lib/dehydrated/acme-challenges/$1 Well, I don't particularly like matching '/.well-known/acme-challenge/.*$' anywhere in the url, tbh; I'd rather anchor it at the start by ^, but that won't fix your problem above, even worsen it if possible. Anyhow, do you do those redirects by means of mod_rewrite? If so, could you try adding this bit? If not, how do you redirect? --- a/debian/dehydrated.conf +++ b/debian/dehydrated.conf @@ -8,6 +8,11 @@ # Do not proxy ACME challenge responses ProxyPass /.well-known/acme-challenge/ ! + +# Do not rewrite/redirect ACME challenge responses +RewriteEngine on +RewriteRule ^/\.well-known/acme-challenge/ - [L] + # Load the alias module, if not loaded already Include /etc/apache2/mods-available/alias.load -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#854328: dehydrated: wrong path to example config
Control: tag -1 pending
On Mon, Feb 06, 2017 at 02:24:39AM +, Adam Borowski wrote:
> /etc/dehydrated/config says:
> # This is the default configuration for the Debian package. #
> # To see a more comprehensive example, see #
> # /usr/share/doc/dehydrated/examples/config.example #
>
> but "dpkg -L dehydrated":
> /usr/share/doc/dehydrated/examples/config
>
> Please s/\.example$//
https://anonscm.debian.org/git/letsencrypt/dehydrated.git/commit/?id=b541d613fee6457d0b18c2a1c20c93aa7cd71794
Thanks for reporting.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#855962: Bug#855962: acme-tiny: fail to parse openssl 1.1 CSR output
On Sat, Mar 11, 2017 at 09:49:30PM -0300, Jeremías Casteglione wrote:
> Could someone from the letsencrypt team review/upload it please?
uploaded!
(after fixing your email…)
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] acme-tiny backport
@Jeremías:
I noticed that the acme-tiny backport is not up to date with what's in
stretch.
Could you please take care of updating it (as backports policy
theoretically require, this page should completely be green
https://backports.debian.org/jessie-backports/overview/).
TIA.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] jessie-backports branch
On Sun, Apr 23, 2017 at 11:04:20PM -0400, Harlan Lieberman-Berg wrote: > So, I royally screwed up the jessie-backports branch when I accidentally > committed and uploaded the 0.11 stuff instead of the 0.10 branch (which I > just uploaded now.) WOW. > I looked into this, and I can't really see a safe way to back out those > branch changes except for a hard reset back into the past and a force > push. (Undoing the merge will cause git to ignore the changes if merged in > at a later date, and we could end up accidentally missing code modified by > upstream.) There is no simple way out, yes. The simpler would probably be to have RT approve 0.11.1-1 into testing (you wouldn't have uploaded it to unstable during the freeze if you didn't deem it ok for testing, right?…), then backport it, at which point you'd have the jessie-backports branch ready. > After the 0.10.2-1~bpo8+1 packages have been accepted out of > jessie-backports-policy, I will force push the jessie-backports branch back > to represent what is currently uploaded into the archives. To help with > security, I will GPG sign the tags of that version. In addition, I will > reply to this thread with the commit ids at the tip of the branch in each > of the four repos. 1) IMHO you should be already GPG signing all the tags... 2) I severely hate rebase in public (and non-wip) branches I would like to instead suggest a more sober revert. git is quite good at reverting merges, you only need to provide a proper -m option. The only drawback here is that another subsequent merge of the same branch would not do anything, you'd need to revert this revert (but ISTR that if you're going to merge the branch once it contains more commits it's going to just work fine again. Anyhow, my suggestion is that you try playing with `git revert`, you should be able to get a tree to the state you'd like it to be. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] acme-tiny backport
On Mon, Apr 24, 2017 at 07:42:19PM -0300, Jeremías Casteglione wrote:
> I just pushed commit ae36d0d to debian/jessie-backports branch, if you
> can take a look.
Uploaded.
There was no need for reverting the Standards-Version back to 3.9.6,
btw.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] Backport lecm for jessie
On Sat, May 20, 2017 at 04:26:31PM +0200, Jonathan Dupart wrote:
> Hi,
Hi!
> diff -Nru lecm-0.0.7/debian/changelog lecm-0.0.7/debian/changelog
> --- lecm-0.0.7/debian/changelog 2016-11-20 22:53:43.0 +0100
> +++ lecm-0.0.7/debian/changelog 2017-05-20 16:10:23.0 +0200
> @@ -1,3 +1,10 @@
> +lecm (0.0.7-1~bpo8+1) jessie-backports; urgency=medium
> +
> + * Rebuild for jessie-backports.
> + * Lower debhelper compat and dependency to 9.
Why??
debhelper 10 is long available in jessie-backports.
This could very well be a no-change backport.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#863042: Bug#863042: dehydrated: insecure file permissions by default
Control: tag -1 unreproducible moreinfo On Sat, May 20, 2017 at 07:25:03PM +0300, Alexander GQ Gerasiov wrote: > dehydrated package by default create private files with word-readable > permissions. That's not what it doe around here, nor I could find anybody who had your experience. One of the first thing dehydrated does is to set an umask of 077, and then mktemp creates file with 600 by default anyway, indeed all my files (public and private keys) are 600. > How I got this: > I installed dehydrated 0.3.1-3~bpo8+1 > Put my domain with subdomains to /etc/dehydrated/domains.txt and run > # dehydrated -c > as root user > (I dont know does it matter or not, but first runs failed because I did > not setup challenge dir for all subdomain.) > > After cerificates and keys was generated I found that files are > readable by anyone in the system: > dnsmasq@master:~$ ls -la /var/lib/dehydrated/certs/gerasiov.net/privkey* In fact you shouldn't even be able to do this, the certs directories should be 700... Are you running with a weird umask (which shouldn't matter anyway), or a mangled mktemp, or do you have (more likely) any hook misbehaving? -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] Backport lecm for jessie
On Mon, May 22, 2017 at 09:11:05PM +0200, Jonathan Dupart wrote:
> My mistake (and it looks like the aptitude dependencies solver is needed
> to properly fetch the right version of debhelper when doing a proper
> backports build).
Yes, not all dependency solvers are able to deal with partial suites
like backports or experimental
> I re-uploaded the package on mentors with the attached debdiff.
I uploaded it, and also committed to git:
https://anonscm.debian.org/cgit/letsencrypt/lecm.git/commit/?h=debian/0.0.7-1_bpo8%2b1&id=bd00960e4797ca63277f08b3aea9828da889c08b
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] joining the letsencrypt team
On Sun, Jun 11, 2017 at 08:24:54PM +0200, IOhannes m zmölnig (Debian/GNU) wrote: > as you might have noticed, i recently filed an ITP about > dehydrated-dnspython-hook (#864408), and i think maintaining the package > under the umbrella of this team so makes sense. Yes, I've seen it :) > unfortunately, i haven't found anything about how to *join* the team and > whether there are any policies or whatnot to know beforehand. > > what do you think? That you should do exactly what you just did (introduce yourself to the ML) and hit the "join the team" button in alioth's ui, pretty much how you would do with any team :) We don't have any written policy, so just be considerate and everything will be fine :) -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#869255: Bug#869255: DNS: wait a bit longer when NXDOMAIN returned in response to challenges
Control: forwarded -1 https://github.com/lukas2511/dehydrated/issues/415
On Sat, Jul 22, 2017 at 02:09:38PM +1000, Paul Wise wrote:
> It would be nice if the NXDOMAIN could trigger a retry
> after a certain amount of time, maybe 5 minutes.
Forwarded the proposal upstream.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#869255: Bug#869255: Bug#869255: DNS: wait a bit longer when NXDOMAIN returned in response to challenges
On Sun, Jul 23, 2017 at 08:49:26AM +1000, Paul Wise wrote:
> Upstream suggests it is a bug in our hook script,
> so I guess this bug can be closed.
ACK.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#869255: Bug#869255: Bug#869255: DNS: wait a bit longer when NXDOMAIN returned in response to challenges
On Sat, Jul 29, 2017 at 10:56:15PM +0200, zeb...@umlaeute.mur.at wrote:
> ouch, are you suggesting to fix a race condition by adding longer timeouts?
No.
Upstream suggested to modify the hook to wait until the update actually
happened, as for example done in
https://github.com/bennettp123/dehydrated-email-notify-hook/blob/master/hook.sh
> anyhow, i've a hook-script for dehydrated in the NEW queue since about 1.5
> months [1] that seems to fix this issue, by polling all DNS servers that are
> authoritative for the given NS entry *until* the relevant records show up.
yes, something like that.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] Reproducibility Notifications
On Mon, Aug 07, 2017 at 12:49:11PM -0400, Harlan Lieberman-Berg wrote: > Hello pkg-letsencrypt! o/ > Because the packages we work with are so security critical, I'd like > us to be keeping up with the best practices out there. As part of > this, I think we should aim for 100% reproducibility. \o/ Thanks for those words! > I would like to enable notifications on reproducibility failures for > all pkg-letsencrypt maintained packages. If there aren't any > objections in the next couple of days, I'll reach out to the > reproducible build teams to do so. Being a member of the reproducible team + being a jenkins maintainer I have all the powers needed to Just Do It, and will happily do so for all packages with Maintainer:letsencrypt-devel@lists.alioth.debian.org (i.e. all of the 11 packages of https://qa.debian.org/developer.php?login=letsencrypt-devel@lists.alioth.debian.org). I'll wait some more to hear further comments! -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] Reproducibility Notifications
On Mon, Aug 07, 2017 at 09:09:36PM +0200, Mattia Rizzolo wrote:
> I'll wait some more to hear further comments!
Very well :)
mattia@jenkins ~ % sudo -u jenkins
/srv/jenkins/bin/reproducible_setup_notify.py -m
letsencrypt-devel@lists.alioth.debian.org
[2017-08-09 12:26:39] INFO: Starting at 2017-08-09 12:26:39.547592
[2017-08-09 12:26:41] INFO: finding out which usertagged bugs have been closed
or at least have patches
[2017-08-09 12:26:44] INFO: Packages maintained by
letsencrypt-devel@lists.alioth.debian.org:
[2017-08-09 12:26:44] INFO: acme-tiny, acmetool, dehydrated, lecm,
pyrfc3339, python-acme, python-certbot, python-certbot-apache,
python-certbot-nginx, python-configargparse, python2-pythondialog
[2017-08-09 12:26:44] INFO: Activating notification for package acme-tiny
[2017-08-09 12:26:44] INFO: Activating notification for package acmetool
[2017-08-09 12:26:44] INFO: Activating notification for package dehydrated
[2017-08-09 12:26:44] INFO: Activating notification for package lecm
[2017-08-09 12:26:44] INFO: Activating notification for package pyrfc3339
[2017-08-09 12:26:44] INFO: Activating notification for package python-acme
[2017-08-09 12:26:44] INFO: Activating notification for package python-certbot
[2017-08-09 12:26:44] INFO: Activating notification for package
python-certbot-apache
[2017-08-09 12:26:44] INFO: Activating notification for package
python-certbot-nginx
[2017-08-09 12:26:44] INFO: Activating notification for package
python-configargparse
[2017-08-09 12:26:44] INFO: Activating notification for package
python2-pythondialog
[2017-08-09 12:26:53] INFO: "Packages with notification enabled" now available
at https://tests.reproducible-builds.org/debian/index_notify.html
[2017-08-09 12:26:53] INFO: Notifications enabled for 11 package(s)
[2017-08-09 12:26:53] INFO: Finished at 2017-08-09 12:26:53.923260, took:
0:00:14.375685
sudo -u jenkins /srv/jenkins/bin/reproducible_setup_notify.py -m 4.72s user
0.62s system 35% cpu 15.154 total
mattia@jenkins ~ %
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] Request to Join Project letsencrypt from Ondřej Surý (ondrej)
On Tue, Sep 05, 2017 at 06:03:39AM +, nore...@alioth.debian.org wrote:
> Ondřej Surý (ondrej) has requested to join your project.
> You can approve this request here:
> https://alioth.debian.org/project/admin/users.php?group_id=100963
>
> Comments by the user:
> Hey, it's me again... :)
Hi!
I approved your memebership. In return, I expect you to subscribe to
our ML if you haven't already ;)
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#881974: Bug#881974: [dehydrated] Old LICENSE specification prevents letsencrypt account creation
Control: severity -1 important Control: fixed -1 0.4.0-1 On Fri, Nov 17, 2017 at 09:24:45AM +0100, Jan Wagner wrote: > Am 17.11.17 um 04:10 schrieb Lars Kruse: > > I was able to work around this by adding the following line to > > /etc/dehydrated/config: > > > > > > LICENSE="https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"; > > > > I guess, that it would be sufficient (and proper) to update the default > > value for LICENCE in /usr/bin/dehydrated. > > a fix for this was implemented with > https://gist.github.com/waja/8df78afb09691e4f383d818685f48885/revisions#diff-e259eb2e20fc5f6c60769b3f2919953a > and is included in version 0.4.0 Not sure how anything in that gist is related to this issue, tbh. > Indeed, I would welcome to get backported this to stable, as is some > kind of regression. I'll see about getting https://anonscm.debian.org/git/letsencrypt/dehydrated.git/commit/?h=debian/stretch&id=5ae0ba0674a4913bcd27e16d02bacf486e570c83 in the next point release. AFAIK 0.4.0 is not affected because it downloads the last agreements at registration time, and therefore doesn't hardcode this URL. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#881974: [dehydrated] Old LICENSE specification prevents letsencrypt account creation
On Sat, Nov 18, 2017 at 04:25:38PM +0100, Jan Wagner wrote: > > I'll see about getting > > https://anonscm.debian.org/git/letsencrypt/dehydrated.git/commit/?h=debian/stretch&id=5ae0ba0674a4913bcd27e16d02bacf486e570c83 > > in the next point release. > > I think this is NOT the best idea, cause this will just only help until > the next LICENSE is published and this has to be fixed again. That's right. But I fear for stretch (and jessie-backports) we will have to live with having to update the agreements URL whenever LE decides to update them (till now it seemed to be ~yearly, so it's not really a problem). > > AFAIK 0.4.0 is not affected because it downloads the last agreements at > > registration time, and therefore doesn't hardcode this URL. > > No, it's fixed there. How is this different from what I wrote? > The issue for this is > https://github.com/lukas2511/dehydrated/issues/346 and it was fixed in > https://github.com/lukas2511/dehydrated/commit/6a32f20e004b9d835cd02de9d78300be02784cf1. Yes, but it's something too big for my testes, and it also includes a behavioural change which is not acceptable for a stable update. stretch-backports contains 0.4.0 which of course contains the commit you linked. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] Salsa Migration
On Sat, Jan 20, 2018 at 03:21:30PM -0500, Harlan Lieberman-Berg wrote:
> Alternately, we can leave everything at the group level.
> What are people's thoughts?
Keep everything else at the parent group level sounds a good idea to me.
Thanks for doing the migration!
May I just recommend you take care of enabling forwarding of commit
emails to dispatch@tracker.d.o?
I will take care of migrating my own pet lestencrypt pacakge, as I'm
working on it these days and have a pending upload already.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] Salsa Migration
On Sat, Jan 20, 2018 at 04:06:10PM -0500, Harlan Lieberman-Berg wrote: > On Sat, Jan 20, 2018 at 4:00 PM, Mattia Rizzolo wrote: > > May I just recommend you take care of enabling forwarding of commit > > emails to dispatch@tracker.d.o? > > I think that needs to be done on a project-by-project basis. At > least, I couldn't find the option in the group page to set it globally > for the projects under that group. Yes, it was just a remind for a thing to do while migrating the repos. > Unless anyone has any objections, I'm also going to port this mailing > list over to lists.debian.org in prep for the alioth shutdown. TBH, I don't find it useful. After all, next to no real discussions happened on this list, and it's mostly used as a rely for bugs and stuff. I'd rather wait some more and see what happens with tracker teams and that side of things. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] Salsa Migration
On Sat, Jan 20, 2018 at 10:00:50PM +0100, Mattia Rizzolo wrote:
> I will take care of migrating my own pet lestencrypt pacakge, as I'm
> working on it these days and have a pending upload already.
I've now moved dehydrated.
https://salsa.debian.org/letsencrypt-team/dehydrated
I took care of enabling commit mails to dispatch@t.d.o, and removed the
repository on alioth (because I do not believe in "locking down").
I created a MR to add the HTTP redirect at
https://salsa.debian.org/salsa/AliothRewriter/merge_requests/65 please
append any other team package to that file as well while migrating the
packages.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] Salsa Migration
On Mon, Jan 22, 2018 at 10:55:47PM +0100, Daniel Beyer wrote:
> Thanks for moving over to salsa.d.o. I especially appreciate to have
> dehydrated on a GitLab instance.
Yes, I love GitLab myself :)
> Big sorry I was that silent in 2017, but things are looking very good I
> again can at a minimum contribute to the packages I mentioned as
> uploader for. Thus I gently would like to be added to the team or at
> least to the dehydrated project.
Worry not!
Today I uploaded 0.5.0, but there would be so many things to do, the bug
tracker is still full ^^
I approved you in the salsa group!
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] 2FA on salsa?
On Fri, Feb 09, 2018 at 04:41:54PM +0100, IOhannes m zmölnig (Debian/GNU) wrote: > it seems somebody enabled two-factor-authentication for this team on salsa. Indeed it's enabled. I didn't do it, so that was Harlan. Harlan: what was your reasoning about it? > now, i don't own a smartphone & i don't own a yubikey. > afaik, this means that i cannot use 2FA. That's not completely true. You could manage your login codes manually with oathtool(1) or similar. Sure, that's annoying to do :P > otoh, i'd prefer if there had been some discussion about enabling 2FA > before the fact. Or at least some kind of announcement. -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] 2FA on salsa?
On Sun, Feb 11, 2018 at 11:05:16AM +0100, IOhannes m zmölnig (Debian/GNU) wrote:
> until i set this up (if ever), can someone with the powers please remove
> me from the team?
> it's really annoying to not be able to do anything.
I disabled the 2FA requirement instead.
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
___
Letsencrypt-devel mailing list
Letsencrypt-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Accepted dehydrated 0.5.0-2 (source) into unstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 11 Mar 2018 19:25:13 +0100 Source: dehydrated Binary: dehydrated dehydrated-apache2 Architecture: source Version: 0.5.0-2 Distribution: unstable Urgency: medium Maintainer: Debian Let's Encrypt Changed-By: Mattia Rizzolo Description: dehydrated - ACME client implemented in Bash dehydrated-apache2 - dehydrated challenge response support for Apache2 Changes: dehydrated (0.5.0-2) unstable; urgency=medium . * Add patch from upstream to follow redirects on HTTP GET. This fixes an error when creating the fullchain.pem after the LE API introduced a new redirect. Checksums-Sha1: f83e09880db30232377dba2d811bc8638ff50b67 2309 dehydrated_0.5.0-2.dsc ed0bad51e93750707667af6a535ca37af1164c07 11772 dehydrated_0.5.0-2.debian.tar.xz 2f5303806a12784521c6627016b7277bdbf8ed91 6335 dehydrated_0.5.0-2_amd64.buildinfo Checksums-Sha256: 1c69267258b57a1d98e0c9b90d275cc46df34c047b267d1babebc93aa1342a5d 2309 dehydrated_0.5.0-2.dsc fbf8cf716652de6b9cb24c0155bf2e6b0a9842d6f3a297a392193e2c3a6ecef3 11772 dehydrated_0.5.0-2.debian.tar.xz e4308e27be45ac547f238d84b86afd0a348d4cc2d49a4777373e81b369f57b3f 6335 dehydrated_0.5.0-2_amd64.buildinfo Files: f05c7f850d7b29abce0f902004b8b5b3 2309 misc optional dehydrated_0.5.0-2.dsc 3263e23031399242b172d7b014a46f66 11772 misc optional dehydrated_0.5.0-2.debian.tar.xz 31075b8efe8b421821c8caee0b267fcd 6335 misc optional dehydrated_0.5.0-2_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAlqleJ4ACgkQCBa54Yx2 K61RuBAAhTcHaWwe1VJs4/6IywHcdfUy2Lghcj6RWNUoT2kI5BEnjo48A53VwBYz Na0zcWLkxHculpJelSbbJshs3j5tPspQ3vtResA7uJS7khhO61RXx1+bat8oMDBO R1Eyanbxbun/+CsWzemA1zrGlbQdaQg+hwZCgE0kexjNlhDOe3uAClbzIjYlOASO fdDR2HsgIKk5sGpwnGd1Y3nIBCEp42qssC7jleeLxuqnC2SU6n+K3pZS/pWAHNM7 JaF0UQN5Cnv2U4nt5dWDDSLy+JzffskEezEplEp5YP5p0RnA8W402BAb21IVtXPw +0jqlaj1DUK9GWRBp42xdCHpf9tXjhrhTb3W2CQ124wEYK8cSymY71FOirVcO0bp s6/RLblAgkfX72bZrtfXXiaNalUeCRwhEFs/pYKdcmHS9/eh5jwdmUiECYblfVw+ TTSx+mvNpsMSJAbjCynTg12Ot/389REHfbI5kzlubydkJjSlW/o7qSjHr1n+Qlvc AY3Ah+r1b+W+zk0fhh3aeV9fGd0ZB7+c0LAf4ekiEFrxLoXsyxKKC6lYRwZKrFcA 87eyEwPzvJr1Qi2NVmeIx51UUncC2moHZ5wnSndrrPKCFDhgUyNZoSCt408DRzBZ sIDfaN16D0LGhI8ivq9QUMLAxfqYaQXWf6sUaIKRL9mQVKDrYak= =L+ok -END PGP SIGNATURE- ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#892723: dehydrated: Dehydrated broken in stable due to unhandled redirect
Control: fixed -1 0.5.0-2 Control: severity -1 important On Mon, Mar 12, 2018 at 10:17:20AM +0100, Arne Nordmark wrote: > Package: dehydrated > Version: 0.3.1-3+deb9u1 > Severity: normal > > Since recently, updating a cert no longer works. The challenge works, and the > new cert is created, but creating the cert chain fails: > > ... > + Creating fullchain.pem... >+ ERROR: An error occurred while sending get-request to > http://cert.int-x3.letsencrypt.org/ (Status 301) > ... > > The new cert is consequently not "actived" by symlinks, and the deploy > scripts are not run. > The reason is a new redirect at Let's Encrypt, and curl does not follow > redirects unless the "-L" switch is given. > > This was fixed upstrem by > <https://github.com/lukas2511/dehydrated/commit/7a0e71c6c2ccc6e98abca5ea1c7de28053e90c02> I've already picked that commit in unstable (and will land in stable-backports in the next days. I'll see about making a stable update, but there was a stable point release only last week, and I wasn't aware of this issue until yesterday :\ I'll try to arrange a stable-updates update if possible… -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Bug#892723: dehydrated: Dehydrated broken in stable due to unhandled redirect
On Mon, Mar 12, 2018 at 11:41:01AM +0100, Mattia Rizzolo wrote:
> I'll see about making a stable update
Attached what I plan on uploading to stable if I get an ACK from the
Stable Release Managers.
(also for you if you need a fixed package - and to help give it wider
testing)
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
dehydrated_0.3.1-3+deb9u2_all.deb
Description: application/vnd.debian.binary-package
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.0
Source: dehydrated
Binary: dehydrated dehydrated-apache2 letsencrypt.sh letsencrypt.sh-apache2
Architecture: all source
Version: 0.3.1-3+deb9u2
Checksums-Md5:
166d7c4b41ee2c169e654e69c7e75ce7 2495 dehydrated_0.3.1-3+deb9u2.dsc
06144cac5fb7273fde67a1befd11f7cb 5910 dehydrated-apache2_0.3.1-3+deb9u2_all.deb
e11e4973866e70b79a7fc67bbd356404 71744 dehydrated_0.3.1-3+deb9u2_all.deb
3ab6f406576a80593abb34d43ac3606f 6470
letsencrypt.sh-apache2_0.3.1-3+deb9u2_all.deb
6615d0994c66fb949c8c8ebeaef81bba 9392 letsencrypt.sh_0.3.1-3+deb9u2_all.deb
Checksums-Sha1:
ef3537da0c0f7c524b7825c7927d204bf51db195 2495 dehydrated_0.3.1-3+deb9u2.dsc
c7dea97423219874864c9c7a7804b606ec72d072 5910
dehydrated-apache2_0.3.1-3+deb9u2_all.deb
cb8b492ab18f8c755684b0209268a6d70c9d8ea5 71744
dehydrated_0.3.1-3+deb9u2_all.deb
12717a1853432993bf4ed964185fa3bd86993cc9 6470
letsencrypt.sh-apache2_0.3.1-3+deb9u2_all.deb
7b06c8a3d47089c4ff6381e4448b99ce5ebec2e7 9392
letsencrypt.sh_0.3.1-3+deb9u2_all.deb
Checksums-Sha256:
f4cbe4fb741438eea8d3deca2a1b92efd3e14d53102ee65d411d38e433aa6b68 2495
dehydrated_0.3.1-3+deb9u2.dsc
3d57dfaf28b62af7d4cc84b5ed053a80057b100ed7b089a7399fcbd748d9f280 5910
dehydrated-apache2_0.3.1-3+deb9u2_all.deb
ba6db0965aa89b3a9b230a8dbe817b212ff7e7fc54c611dc1dec67fc6cd52643 71744
dehydrated_0.3.1-3+deb9u2_all.deb
604454c6977ec055f6af97d4e309f6d69005983633f60f4c70ae6c1df1f0ca77 6470
letsencrypt.sh-apache2_0.3.1-3+deb9u2_all.deb
97829122076ced27f31c70b754150cef5a414a0d0b5e58f92404f3f11f691a2c 9392
letsencrypt.sh_0.3.1-3+deb9u2_all.deb
Build-Origin: Debian
Build-Architecture: amd64
Build-Date: Mon, 12 Mar 2018 10:57:26 +
Build-Path: /build/dehydrated-0.3.1
Installed-Build-Depends:
apache2-dev (= 2.4.25-3+deb9u3),
autoconf (= 2.69-10),
automake (= 1:1.15-6),
autopoint (= 0.19.8.1-2),
autotools-dev (= 20161112.1),
base-files (= 9.9+deb9u4),
base-passwd (= 3.5.43),
bash (= 4.4-5),
binutils (= 2.28-5),
bsdmainutils (= 9.0.12+nmu1),
bsdutils (= 1:2.29.2-1+deb9u1),
build-essential (= 12.3),
bzip2 (= 1.0.6-8.1),
coreutils (= 8.26-3),
cpp (= 4:6.3.0-4),
cpp-6 (= 6.3.0-18+deb9u1),
dash (= 0.5.8-2.4),
debconf (= 1.5.61),
debhelper (= 10.2.5),
debianutils (= 4.8.1.1),
dh-autoreconf (= 14),
dh-exec (= 0.23+b1),
dh-strip-nondeterminism (= 0.034-1),
diffutils (= 1:3.5-3),
dpkg (= 1.18.24),
dpkg-dev (= 1.18.24),
e2fslibs (= 1.43.4-2),
e2fsprogs (= 1.43.4-2),
file (= 1:5.30-1+deb9u1),
findutils (= 4.6.0+git+20161106-2),
g++ (= 4:6.3.0-4),
g++-6 (= 6.3.0-18+deb9u1),
gcc (= 4:6.3.0-4),
gcc-6 (= 6.3.0-18+deb9u1),
gcc-6-base (= 6.3.0-18+deb9u1),
gettext (= 0.19.8.1-2),
gettext-base (= 0.19.8.1-2),
grep (= 2.27-2),
groff-base (= 1.22.3-9),
gzip (= 1.6-5+b1),
hostname (= 3.18+b1),
init-system-helpers (= 1.48),
intltool-debian (= 0.35.0+20060710.4),
libacl1 (= 2.2.52-3+b1),
libapr1 (= 1.5.2-5),
libapr1-dev (= 1.5.2-5),
libaprutil1 (= 1.5.4-3),
libaprutil1-dev (= 1.5.4-3),
libarchive-zip-perl (= 1.59-1),
libasan3 (= 6.3.0-18+deb9u1),
libatomic1 (= 6.3.0-18+deb9u1),
libattr1 (= 1:2.4.47-2+b2),
libaudit-common (= 1:2.6.7-2),
libaudit1 (= 1:2.6.7-2),
libblkid1 (= 2.29.2-1+deb9u1),
libbsd0 (= 0.8.3-1),
libbz2-1.0 (= 1.0.6-8.1),
libc-bin (= 2.24-11+deb9u3),
libc-dev-bin (= 2.24-11+deb9u3),
libc6 (= 2.24-11+deb9u3),
libc6-dev (= 2.24-11+deb9u3),
libcap-ng0 (= 0.7.7-3+b1),
libcc1-0 (= 6.3.0-18+deb9u1),
libcilkrts5 (= 6.3.0-18+deb9u1),
libcomerr2 (= 1.43.4-2),
libcroco3 (= 0.6.11-3),
libdb5.3 (= 5.3.28-12+deb9u1),
libdebconfclient0 (= 0.227),
libdpkg-perl (= 1.18.24),
libexpat1 (= 2.2.0-2+deb9u1),
libexpat1-dev (= 2.2.0-2+deb9u1),
libfdisk1 (= 2.29.2-1+deb9u1),
libffi6 (= 3.2.1-6),
libfile-stripnondeterminism-perl (= 0.034-1),
libgcc-6-dev (= 6.3.0-18+deb9u1),
libgcc1 (= 1:6.3.0-18+deb9u1),
libgcrypt20 (= 1.7.6-2+deb9u2),
libgdbm3 (= 1.8.3-14),
libglib2.0-0 (= 2.50.3-2),
libgmp10 (= 2:6.1.2+dfsg-1),
libgnutls30 (= 3.5.8-5+deb9u3),
libgomp1 (= 6.3.0-18+deb9u1),
libgpg-error0 (= 1.26-2),
libhogweed4 (= 3.3-1+b2),
libicu57 (= 57.1-6+deb9u1),
libidn11 (= 1.33-1),
libisl15 (= 0.18-1),
libitm1 (= 6.3.0-18+deb9u1),
libldap-2.4-2 (= 2.4.44+dfsg-5+deb9u1),
libldap-common (= 2.4.
[Letsencrypt-devel] Accepted dehydrated 0.5.0-2~bpo9+1 (source) into stretch-backports
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 11 Mar 2018 20:24:07 +0100 Source: dehydrated Binary: dehydrated dehydrated-apache2 Architecture: source Version: 0.5.0-2~bpo9+1 Distribution: stretch-backports Urgency: medium Maintainer: Debian Let's Encrypt Changed-By: Mattia Rizzolo Description: dehydrated - ACME client implemented in Bash dehydrated-apache2 - dehydrated challenge response support for Apache2 Changes: dehydrated (0.5.0-2~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . dehydrated (0.5.0-2) unstable; urgency=medium . * Add patch from upstream to follow redirects on HTTP GET. This fixes an error when creating the fullchain.pem after the LE API introduced a new redirect. Checksums-Sha1: 42450a86c03d1e833e4cdf4f30458d20ddee9f0e 2337 dehydrated_0.5.0-2~bpo9+1.dsc 486ebb812decb68b9a27f3f9a731ad6bde6308c4 11800 dehydrated_0.5.0-2~bpo9+1.debian.tar.xz 5a027f29d06c8d68cf6627823b717133ef228d1a 6915 dehydrated_0.5.0-2~bpo9+1_amd64.buildinfo Checksums-Sha256: a31341cad8d632777a070075b26853b15e61f5429eaf14ae247103ea30cc3fab 2337 dehydrated_0.5.0-2~bpo9+1.dsc ffeb73f2055902a1311d93d308aabd3c61d268d87a669be42125c1830432294b 11800 dehydrated_0.5.0-2~bpo9+1.debian.tar.xz 04f205164d4e48934613b6e4c5d9ce4c6efb6054e896f6bae0c961bbf9e83172 6915 dehydrated_0.5.0-2~bpo9+1_amd64.buildinfo Files: 41caa2f38146d9b5202eb15e8a0efeb8 2337 misc optional dehydrated_0.5.0-2~bpo9+1.dsc ac5a2c7acce615b1da594565a0d4720b 11800 misc optional dehydrated_0.5.0-2~bpo9+1.debian.tar.xz 7000b7682f89040c1043d28ba45937e0 6915 misc optional dehydrated_0.5.0-2~bpo9+1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAlqlgqwACgkQCBa54Yx2 K62u/xAAukRcpxLQtN2WQRWsdksHpxVkOwMr6nNfl4pUZcSsLLxZpdKgxbzCDDlP 9FJMBUI3BENhXjAxBL99EwOaRPK2anm0/B6LgsM4AFbGDcNiMANwiiwWHYYCfzkh tUOjUbDpb9YjdqkEgVEE1WwmcjonaDFjxXdaYNC+7oaIMEPdACggWiumXsXnY7JK DlcozHg/dGJPp+3CNZcZIWKXV9sXXxeyjY0ejgLhRXLyTDprs/rWH7U7Fat+oAd+ J6BZFUhu6mnmSo89xHlxP+znyDy8UdlpIYjOQj+GNbUT1YQnlifQEJNpQrOA17lv g8LbGH7ultoDLMeHHBVTe8me5H1/cv1SH46yjoard5TU0cRa+DY9YRlht0rdBQ2c PVd0XJ1i9mfYmBCizkM1pMILMLaH/HDb6UPXF3E2ZELAlT2PC3bf5ydHI4LWEQnx 2biW5xF5UmuKWzP6MlC+N9cNAgIh7JIt0e9Rr5P4sRCzF72N+QGmbBgm7//eX55z LddorPQtoUIFDOn8V8GFxVFX2lTIaHxkwSkkBGjRVJ0AfPDr6IxikKCQQCmb2T8P X3PFW9VmOhoX9HgyrBMLtyrek6yxsL3sR+sxTIQLZYE7L1FtAupScCXLZ+yKkD/3 ZfFnoqy829IMJ2iqFEFrtw07JHxhjkPQlvplHrgVDrHWcXtpyOI= =GJTd -END PGP SIGNATURE- ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Accepted dehydrated 0.6.1-1 (source) into unstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 14 Mar 2018 03:11:53 +0100 Source: dehydrated Binary: dehydrated dehydrated-apache2 Architecture: source Version: 0.6.1-1 Distribution: unstable Urgency: low Maintainer: Debian Let's Encrypt Changed-By: Mattia Rizzolo Description: dehydrated - ACME client implemented in Bash dehydrated-apache2 - dehydrated challenge response support for Apache2 Changes: dehydrated (0.6.1-1) unstable; urgency=low . * New upstream release 0.6.1. Note: this release changes the default CA to use the ACMEv2 endpoint of Let's Encrypt (previously it used the ACMEv1 endpoint). Notable news of this realease is the support for wildcard certificates. * d/patches: - Remove patch present in the new upstream release. - Add patch from upstream to have the example config reflect reality. * d/copyright: Update. * d/dehydrated.manapges: Update the path. * Add a closes: to the previous changelog entry. Checksums-Sha1: 214e5e35dbd31a76dcf26fd0604fd465b95efa30 2309 dehydrated_0.6.1-1.dsc 528fd04d4af4a433b38c308ac0d41b6f4dc3218b 76693 dehydrated_0.6.1.orig.tar.gz f2995ae8c60d4f67f0c6c394f43596e44746cab5 488 dehydrated_0.6.1.orig.tar.gz.asc 2ac9219bba8c9754ace5d595944efc46f7b177db 11992 dehydrated_0.6.1-1.debian.tar.xz 19690c243bea9c55ca77ad763ebf6e521676b0fe 6376 dehydrated_0.6.1-1_amd64.buildinfo Checksums-Sha256: d16240f8a0259aee18d77067ce6d033f6c703a8646dc1fbaff2200206599a498 2309 dehydrated_0.6.1-1.dsc 441d89af4592e3eb5744eb177124b4d16ca78b416f634371e839db384012844a 76693 dehydrated_0.6.1.orig.tar.gz 6af83d21f13b055e650585c87291758255c8ad7421eaf1c703a99af6f90ecdac 488 dehydrated_0.6.1.orig.tar.gz.asc 3a6cf832102444348087b98f21ebdd5d212379cd27afc3dd0a36387fc58874e4 11992 dehydrated_0.6.1-1.debian.tar.xz 6e1c789babb3e1174d6e41af5abacf66b932d1e542ae572ac7d3db228d8005ea 6376 dehydrated_0.6.1-1_amd64.buildinfo Files: a2bfe58ace74571e7d4156a24daab8c1 2309 misc optional dehydrated_0.6.1-1.dsc 97425cf8aaa1a9a1a86036a1b7611a8c 76693 misc optional dehydrated_0.6.1.orig.tar.gz f9031754b0a3ca8e81abfbd0d4579058 488 misc optional dehydrated_0.6.1.orig.tar.gz.asc 6ccda670a2dbfe3ea33b4e6a02c5df5c 11992 misc optional dehydrated_0.6.1-1.debian.tar.xz dcde5d75c1781888a5f095b95f299590 6376 misc optional dehydrated_0.6.1-1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAlqoh9gACgkQCBa54Yx2 K63Djw//etSuqd5yztRCAqB9DY2hV4QgCWzraugUQVsEHXx0tdDTdHSLM4sSFxbI VZZigy4f+y5eSHSufhNqZB0n8YmoowsspDDr/shPWMCTRqeibNgBnf3BmbgxhDqO 7E1VV85DHNsCPc5KyRGed/oFT/+4tGkb1bDpDtRYMbwmZ7JoGOjCZTlaYno/zBru Nsmri+qqLC7lLEIf/z8iozrSPKwTrM83o4VNm2jJhQNdy2o7uM5yaj4hP1+JIJ4L 91104Hf4APEx81vV4AM+CFLY823fsE1juWkLCLl4zfB9zsS6hTh0Zn1aCu5TJ4zJ KKrw0Qe4AsURiASIuVv0UcNWutLQXOgzv0ubm9N8/hXHCNfAczhyOKPTfYuTGHed 0P+EvyK8lQA4RtrqnXw7elze+z0k79fyBPH3/B1udBJ5QaHMdzZ1fkDvTFRzBMVF K4wFjqoXustkdliTt/ACaDeY7C2x55sc+j3zW/6++Cm8ta9Ddn8mln9qcsw1Hn6J CqXua2N8uTpsb/6ocUmbzsfph23df/mIj8VaKE+cUhWlE+njVHO0OkkiqnUnF4sf vnA01Xwdx5el2Gx4TfuNrCN7z41aNLDBC4Op7MmzXCY9+UeRRD6fAQr7T1qGZrVM XJxLz0DSw7A8zGYLD5TpcvKdgTJKRuDgZ/Ehbe2n7QrsXqbRyXA= =OUJ+ -END PGP SIGNATURE- ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Accepted dehydrated 0.3.1-3+deb9u2 (source) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 12 Mar 2018 11:48:10 +0100 Source: dehydrated Binary: dehydrated dehydrated-apache2 letsencrypt.sh letsencrypt.sh-apache2 Architecture: source Version: 0.3.1-3+deb9u2 Distribution: stretch Urgency: medium Maintainer: Debian Let's Encrypt Changed-By: Mattia Rizzolo Description: dehydrated - ACME client implemented in Bash dehydrated-apache2 - dehydrated challenge response support for Apache2 letsencrypt.sh - ACME client - transitional dummy package to dehydrated letsencrypt.sh-apache2 - letsencrypt.sh support for Apache2 - transitional dummy package Closes: 892723 Changes: dehydrated (0.3.1-3+deb9u2) stretch; urgency=medium . * Add patch from upstream to follow redirects on HTTP GET. This fixes an error when creating the fullchain.pem after the LE API introduced a new redirect. Closes: #892723 Checksums-Sha1: d5082e750002453857637a9c1c971b5c59c74c91 2495 dehydrated_0.3.1-3+deb9u2.dsc 3f1ac4ef433daabe6867acfb08e2f3318d08bae5 17264 dehydrated_0.3.1-3+deb9u2.debian.tar.xz Checksums-Sha256: b37a4c775e48876e72de7823a16a38efd4b233c96e33faf2eaa567b8bf4dba4d 2495 dehydrated_0.3.1-3+deb9u2.dsc 152fe28fba8c80c74fbd76547300886faaf2c02f868d17515766ae315e908af3 17264 dehydrated_0.3.1-3+deb9u2.debian.tar.xz Files: 28a3ad777ffc090bc892cc6318f80caf 2495 misc optional dehydrated_0.3.1-3+deb9u2.dsc c35947c8ad5764fb68843df962a10dff 17264 misc optional dehydrated_0.3.1-3+deb9u2.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAlqoBoIACgkQCBa54Yx2 K61VFg//cjKs0RrJCXVgMohkjRBT9pyk68i5VoZuqt736TUr8YWpWkxokEkYosK1 SLd4j5Nu0pz416kThGHnDPtRu1KpffmIIwCW6a0M2n7+0F68pWlyr6adEvh/H+aA apm1w88/Ai1BRKmoemCYccGTAI0Z1mX9gTwv5SAnPXdR/NppPMgCgKlwLm15YJrf ccOpJSaXzWIROFcD8/dtU49TUbuZfA3KO8woxgeJMFTnw6MupPnx8zyKpkGSqHhe PId5DNxp5VgyJyQ0m8sT8O/0F/32OytdmuGr9ytNT0PJ40nnvOw7geAE+VMt8tKY gjIpgJhpDWfp0RhIdGA92J25yIe3CaOFmnnFGImxr50GYPMFtWGWvPvxrImFFF42 JDoD8NJ/Z1eN63fk4QD/Jg5FB55RV3I5T4yMVQP/HwNvMQjecXF3aGSCD/7dp4CY oD052jFdsHt88K2TJEFPszIFCWFw5T2dRXsCyvb4OFaZKcisM8zf3z89kyYdp02Q Rg6UqkK/lpSgTC2vS4B6doj5LcrmxQG52xMgy0QqPcCfD/4VstN6JoZtXcn5tp4x iwOIeZaBh5LvJ35ydVIq+U3gvFqgO2oFQODUMKzSzheNpJ8yShWorwalxqTnjkxT lRufuqiZQEXrd97dtByXI6I98ciBlwfBMD/8KLoolF2mzcubNZo= =guMF -END PGP SIGNATURE- ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Accepted dehydrated 0.3.1-3+deb9u2~bpo8+1 (source all) into jessie-backports->backports-policy, jessie-backports
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 15 Mar 2018 01:08:08 +0100 Source: dehydrated Binary: dehydrated dehydrated-apache2 letsencrypt.sh letsencrypt.sh-apache2 Architecture: source all Version: 0.3.1-3+deb9u2~bpo8+1 Distribution: jessie-backports Urgency: medium Maintainer: Debian Let's Encrypt Changed-By: Mattia Rizzolo Description: dehydrated - ACME client implemented in Bash dehydrated-apache2 - dehydrated challenge response support for Apache2 letsencrypt.sh - ACME client - transitional dummy package to dehydrated letsencrypt.sh-apache2 - letsencrypt.sh support for Apache2 - transitional dummy package Closes: 892723 Changes: dehydrated (0.3.1-3+deb9u2~bpo8+1) jessie-backports; urgency=medium . * Rebuild for jessie-backports. . dehydrated (0.3.1-3+deb9u2) stretch; urgency=medium . * Add patch from upstream to follow redirects on HTTP GET. This fixes an error when creating the fullchain.pem after the LE API introduced a new redirect. Closes: #892723 Checksums-Sha1: 9ef411acc4a72a28500c9f48a45894bf61924473 2270 dehydrated_0.3.1-3+deb9u2~bpo8+1.dsc 67ecae2405dbedcbdd4e29386704580cb3b8e848 17312 dehydrated_0.3.1-3+deb9u2~bpo8+1.debian.tar.xz 7aff1046ca57892641571c6534e47051c874a5c3 71874 dehydrated_0.3.1-3+deb9u2~bpo8+1_all.deb 4b7f3248310aaa517b3e9d54b869679b71b4df78 6040 dehydrated-apache2_0.3.1-3+deb9u2~bpo8+1_all.deb 1ca82fb46bd7109cd9dead25eb6de2ca2e41bebf 9534 letsencrypt.sh_0.3.1-3+deb9u2~bpo8+1_all.deb b8e0a54faec1464554f442b9396d9d9c588cc495 6616 letsencrypt.sh-apache2_0.3.1-3+deb9u2~bpo8+1_all.deb Checksums-Sha256: bcce70368fa2e5cac493de0dcf328c19b28aab56788eb9cb541570c58d826a5d 2270 dehydrated_0.3.1-3+deb9u2~bpo8+1.dsc a4648d016c842980860267f05ba023936b40262a71f23e25be8a98d7fced758b 17312 dehydrated_0.3.1-3+deb9u2~bpo8+1.debian.tar.xz 9d7e2774310e2780161e01752c96d1bf16e6b4b2a18893bd8834e2f9a564c4bd 71874 dehydrated_0.3.1-3+deb9u2~bpo8+1_all.deb d515bc38dd17341ac4730658178d724216cc412fb5ed89c78d67fd3420f0148f 6040 dehydrated-apache2_0.3.1-3+deb9u2~bpo8+1_all.deb 5d9327f7649c5b106f3081ecb466fe511641113529e0a99a4d8b5b46385490a0 9534 letsencrypt.sh_0.3.1-3+deb9u2~bpo8+1_all.deb ba4e996eb2c2d9685b0c58f72211bde03536fe726a7d375a8b12f75b705d382f 6616 letsencrypt.sh-apache2_0.3.1-3+deb9u2~bpo8+1_all.deb Files: 989cfdad92657ae909c1633de635b4c4 2270 misc optional dehydrated_0.3.1-3+deb9u2~bpo8+1.dsc 6ff51c60a1f4052aeb5e7afe2042bef0 17312 misc optional dehydrated_0.3.1-3+deb9u2~bpo8+1.debian.tar.xz bebcb3b03fc2b780b49b1cf67cc2fd98 71874 misc optional dehydrated_0.3.1-3+deb9u2~bpo8+1_all.deb 9677dc79e9fb91961ab40619738e7180 6040 misc optional dehydrated-apache2_0.3.1-3+deb9u2~bpo8+1_all.deb c0219335d6b9e01f76ef68205ec577d6 9534 oldlibs extra letsencrypt.sh_0.3.1-3+deb9u2~bpo8+1_all.deb 2f7543bce6680197d5ab341f4a93a002 6616 oldlibs extra letsencrypt.sh-apache2_0.3.1-3+deb9u2~bpo8+1_all.deb -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAlqpuzEACgkQCBa54Yx2 K60A6Q/9GbMq9zef78K/9pf3gy0h1i5WCAid0AOoCRfSKk3Q3pmKdaG6M1iqZyag jbDNxFhe1ExOcxSYyY8JVlt1k3Fk201PkYEUDEaSYIR86wFQLWIqdJPmZTenVgI8 /Coo4RVpsiEPtPA7kOs/A5xH10V3gP+/FQPs0675ZQ57KP0Az4HxqfBA9B8rT1Km 8cR4qv79ZTj1jxCBmidxBgXuJZzLD8Gi9TxQWccps7wOPoS854KcWHV7qTORac/z 6BSTtkmAvzFAUqrc+gxnEYDMtoch2f1GRlMMnh9aYkZzW23FmnO8Rk/+PtLAL8d5 zAazxR1ugCFpZLV/Aq01ivus2Gdv+B4NbYyq/Jsd1U24CTjf+KMIwIkPtTc42MUw j6TGCWUvdULFxcoGVZ5Al6iyKCLTsLfQOg5Nz43vZvBkKsKHjvlOWbEDi3RsqwbS mVc9/u7yB7c5pgW+5H82Wnny6cjwrP/DJ61DGiM4YIE/u0KVJJvJs+dXJYKgtTxn fjQDsi6qHBNV3SBq1Vz7P1oa8pa5QTKyvtBqBKvI+TvW1AMwkWN4OvKOTGzW6leG mkJ3OQztDkovnNGd2cbmXoCyLMw3aM3xu1BampgYccNMfw1pCwGUT1o1oUW/oICT CHUiqWqBEU7Dy/++FwB7aoRfvaq4VNIp5JLeqCDBexztZa2Kqhg= =EWn5 -END PGP SIGNATURE- ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
[Letsencrypt-devel] Accepted dehydrated 0.6.1-1~bpo9+1 (source) into stretch-backports
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 26 Mar 2018 04:09:44 +0200 Source: dehydrated Binary: dehydrated dehydrated-apache2 Architecture: source Version: 0.6.1-1~bpo9+1 Distribution: stretch-backports Urgency: medium Maintainer: Debian Let's Encrypt Changed-By: Mattia Rizzolo Description: dehydrated - ACME client implemented in Bash dehydrated-apache2 - dehydrated challenge response support for Apache2 Changes: dehydrated (0.6.1-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . dehydrated (0.6.1-1) unstable; urgency=low . * New upstream release 0.6.1. Note: this release changes the default CA to use the ACMEv2 endpoint of Let's Encrypt (previously it used the ACMEv1 endpoint). Notable news of this realease is the support for wildcard certificates. * d/patches: - Remove patch present in the new upstream release. - Add patch from upstream to have the example config reflect reality. * d/copyright: Update. * d/dehydrated.manapges: Update the path. * Add a closes: to the previous changelog entry. Checksums-Sha1: b75035c632b8a19b62ba94236ef50fa9d95fdcdc 2338 dehydrated_0.6.1-1~bpo9+1.dsc caa088cec51421833e4fffb728120e76d7a3d2b0 12048 dehydrated_0.6.1-1~bpo9+1.debian.tar.xz fdbd3ea8a6917cab2477484feedf84ac774fcaac 6918 dehydrated_0.6.1-1~bpo9+1_amd64.buildinfo Checksums-Sha256: 42efafd55278bf6a875f69d9f419b3cd2562af8eae649004908fc72cf2218b5c 2338 dehydrated_0.6.1-1~bpo9+1.dsc 6d8a8b3c0cdbb8f02aa12aad8fcb1ea2effee2d955822e83d63450d21e76a31b 12048 dehydrated_0.6.1-1~bpo9+1.debian.tar.xz fbd8ebb1c94c46d142a239541cdbcdec15085f1722440435b6b5d8e406d98e9d 6918 dehydrated_0.6.1-1~bpo9+1_amd64.buildinfo Files: 0c13e9f03ad905e8e54c3363726eafe0 2338 misc optional dehydrated_0.6.1-1~bpo9+1.dsc 4d6ddcbd1dcca67d2bc16ed68c8de025 12048 misc optional dehydrated_0.6.1-1~bpo9+1.debian.tar.xz b444164356d487c5c0ea827f4abc21c2 6918 misc optional dehydrated_0.6.1-1~bpo9+1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAlq4V68ACgkQCBa54Yx2 K60A7Q//ZW8CXtOZxXeR0/j7xoGcV9LRmIkAp0cW2j4DlLzgdIdPhVekAHsUB/tr gZ0QwvgL55v5BS4Ula/G3G0nAZLGNu+qfSDFMaVt5fodEWmb1aDTDh/7Sx819dEa 5X6OFJE/Bi5Yx8MNqU1OHCWvY1bFR+U4HRNYhD3LmN75H/8onjlnpd4iHomhbqFR 7zpK7AnV/9GjDtyifQsWarI5NZwcMk2ON+Bm8KqQJ0t1/A7NhTfxEnmsaHeOYypN KajLXBiZq5PIPmD7/xR4GX1WEaaaT/a0UkjRVLTJ/sAbhm/+XJ7L+38K8HBSEFOm a+nqcSeO/64RciF5IhGS2EC5zF5W6b859wj6G+AlAWxvl/Il5FdHeIrwho3Rz21A JtggVBk8xSxyQ3b/JdJJWBOtuwc0spqzsPoSconEbK37Bvhk0feiF1vgmCeI30U4 J1Urk7V71C6N78is6EIs2ok8BAObWtbQqRkSfNbrCI+KzFgSQLA+fkbsFbR8KAgm xgCB8g7adCy4sWEq9RowD4KSzGwHoPXNEhAmqOACsNAhigoqUqN5riSSYJjb7wMM 97hNRY40nRVNgbBfokkniuH+eZz4uibEzc/AurOEtTotRvecaNYY+jKcIXxwtIbr OxgEtKTsXSEqdlAEG8NM/6kj3Oys+0GHF3yQjhID3Nrh85kL6Ag= =KN+m -END PGP SIGNATURE- ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] Notice of mailing list closure: letsencrypt-devel
On Sun, Apr 08, 2018 at 11:51:11PM +0200, Sebastien Badia wrote: > We should maybe keep this list no ? tbh, I'd not. It's not like we are actually using it, and whenever we need a bit of coordination we are so few people that a couple of CCs are enough. Not to mention that most of us are in #debian-devel. > (It's still the default contact for our team packages > https://qa.debian.org/developer.php?login=letsencrypt-devel@lists.alioth.debian.org > ) I'd rather move to a tracker team: https://tracker.debian.org/teams/debian-letsencrypt-team/ However I'd ask the owner of that team why he chosed such a long name, and kindly change it to 'letsencrypt' before we start using it. (the email address now would be team+debian-letsencrypt-t...@tracker.debian.org, which is a moughtful… no need to specify 'team' when the word 'team' is already everywhere, much less 'debian' when we're talking about tracker.debian.org...). -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
Re: [Letsencrypt-devel] Notice of mailing list closure: letsencrypt-devel
On Mon, Apr 09, 2018 at 10:58:50AM +0200, Sebastien Badia wrote: > According https://tracker.debian.org/teams/letsencrypt/+manage/ you are > member/admin of this team. Alas tracker.d.o doesn't have the concept of "admin", there is only one owner, the one who created the team, and can't be changed: #889163 > Anyway I just updated the slug to 'letsencrypt' > and the email to 'team+letsencr...@tracker.debian.org' Thanks, I'll switch dehydrated soon :) (I don't believe people are going to open RC bugs for these right away… so whenever the next upload will be should be fine). -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. more about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `- signature.asc Description: PGP signature ___ Letsencrypt-devel mailing list Letsencrypt-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/letsencrypt-devel
