From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Thompson, David" Subject: Re: [PATCH 00/23] WIP: Add the Let's Encrypt client Date: Fri, 4 Dec 2015 09:44:37 -0500 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:47965) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a4rbD-0007na-TX for guix-devel@gnu.org; Fri, 04 Dec 2015 09:44:40 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1a4rbC-0002X2-GJ for guix-devel@gnu.org; Fri, 04 Dec 2015 09:44:39 -0500 Received: from mail-yk0-x22f.google.com ([2607:f8b0:4002:c07::22f]:34180) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a4rbC-0002Wp-Aa for guix-devel@gnu.org; Fri, 04 Dec 2015 09:44:38 -0500 Received: by ykfs79 with SMTP id s79so126721180ykf.1 for ; Fri, 04 Dec 2015 06:44:37 -0800 (PST) In-Reply-To: List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Leo Famulari Cc: guix-devel Hi Leo, On Tue, Nov 24, 2015 at 4:02 PM, Leo Famulari wrote: > These WIP patches provide the most recent developer preview of the Let's > Encrypt [1] client and its dependencies. > > I am grateful to Dave Thompson for getting this patchset started. He > packaged most of the python-3 Zope dependencies and cut the Gordian knot > of circular dependency between zope.security and zope.component. > > The Let's Encrypt client will communicate with the Let's Encrypt servers > and, if you are in their private beta progam, obtain valid SSL/TLS > certificates that you can install on your server. If you are not in > their private beta program, you can still test it and obtain certs > issued by "happy hacker fake CA". > > On 2015-12-03, Let's Encrypt will open their beta program to the public > [2]. > > These patches probably need some work. The patch for > python-configargparse is WIP due to a bug filed upstream. I have also > committed the lets-encrypt patch as WIP as a warning. I have cleaned up all of the commits in a local branch of mine that I'm looking to push to master soon. > I am specifically requesting review on the following subjects: > > 1) Are all the inputs categorized properly? That is, are they properly > named as inputs, native-inputs, and propagated-inputs? Pretty good overall. I just cleaned up a few errors. Currently dealing with python-dialog so that we don't need to wrap the letsencrypt binary. > 2) Lint complains about the patch applied to the source of > python-configobj because it doesn't include the name of > python2-configobj. The patch applies to both language versions of > python-configobj so I'm not sure how to handle this. Don't worry about it. The linter ought to be changed to account for this python/python2 convention. > 3) Please test the webserver integration. The client is supposed to be > able to automatically configure Apache and Nginx with some plugins. I > did not try this; I just let the client put the certs in > /etc/letsencrypt (this is the default) and manually configured my > webserver [3] The package as it stands currently is not build with Apache support. I'll look into adding the correct inputs for it. > 4) I've included python-3 and python-2 versions of dependencies that > support both versions, but I have packaged lets-encrypt itself as > python-2. Many dependencies require extra inputs for python-2. You will > see that I did not create separate packages for the python-2 versions, > so the python-3 versions have some unecessary inputs. If requested, I > can separate the python-2 packages out... or you can help with this. :) Things overall look okay. I've tweaked a couple of them. Thanks for all the hard work! We're almost there! - Dave