From mboxrd@z Thu Jan  1 00:00:00 1970
From: Leo Famulari <leo@famulari.name>
Subject: [PATCH 00/23] WIP: Add the Let's Encrypt client
Date: Tue, 24 Nov 2015 16:02:00 -0500
Message-ID: <cover.1448398884.git.leo@famulari.name>
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:43449)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1a1KhP-0002CK-6U
	for guix-devel@gnu.org; Tue, 24 Nov 2015 16:00:28 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1a1KhL-0003ZO-RE
	for guix-devel@gnu.org; Tue, 24 Nov 2015 16:00:27 -0500
Received: from out2-smtp.messagingengine.com ([66.111.4.26]:46729)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1a1KhL-0003Z3-Ct
	for guix-devel@gnu.org; Tue, 24 Nov 2015 16:00:23 -0500
Received: from jasmine.lan (c-69-249-5-231.hsd1.pa.comcast.net [69.249.5.231])
	by mail.messagingengine.com (Postfix) with ESMTPA id 5B31A68009F
	for <guix-devel@gnu.org>; Tue, 24 Nov 2015 16:00:22 -0500 (EST)
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: guix-devel@gnu.org

These WIP patches provide the most recent developer preview of the Let's
Encrypt [1] client and its dependencies.

I am grateful to Dave Thompson for getting this patchset started. He
packaged most of the python-3 Zope dependencies and cut the Gordian knot
of circular dependency between zope.security and zope.component.

The Let's Encrypt client will communicate with the Let's Encrypt servers
and, if you are in their private beta progam, obtain valid SSL/TLS
certificates that you can install on your server. If you are not in
their private beta program, you can still test it and obtain certs
issued by "happy hacker fake CA".

On 2015-12-03, Let's Encrypt will open their beta program to the public
[2].

These patches probably need some work. The patch for
python-configargparse is WIP due to a bug filed upstream. I have also
committed the lets-encrypt patch as WIP as a warning.

I am specifically requesting review on the following subjects:

1) Are all the inputs categorized properly? That is, are they properly
named as inputs, native-inputs, and propagated-inputs?

2) Lint complains about the patch applied to the source of
python-configobj because it doesn't include the name of
python2-configobj. The patch applies to both language versions of
python-configobj so I'm not sure how to handle this.

3) Please test the webserver integration. The client is supposed to be
able to automatically configure Apache and Nginx with some plugins. I
did not try this; I just let the client put the certs in
/etc/letsencrypt (this is the default) and manually configured my
webserver [3]

4) I've included python-3 and python-2 versions of dependencies that
support both versions, but I have packaged lets-encrypt itself as
python-2. Many dependencies require extra inputs for python-2. You will
see that I did not create separate packages for the python-2 versions,
so the python-3 versions have some unecessary inputs. If requested, I
can separate the python-2 packages out... or you can help with this. :)

5) Anything else... your attention is appreciated!

[1]
https://letsencrypt.org/

[2]
https://letsencrypt.org/2015/11/12/public-beta-timing.html

[3] For the curious, here is how I did that. The --server argument will
only work if you are registered in their beta program. Otherwise, omit
the parameter to get some test certificates.
# letsencrypt --server https://acme-v01.api.letsencrypt.org/directory \
-d my-example.com -d www.my-example.com auth --rsa-key-size 4096

Leo Famulari (23):
  gnu: Add python-zope-event.
  gnu: Add python-zope-interface.
  gnu: Add python-zope-exceptions.
  gnu: Add python-zope-testing.
  gnu: Add python-zope-testrunner.
  gnu: Add python-zope-i18nmessageid.
  gnu: Add python-zope-schema.
  gnu: Add python-zope-configuration.
  gnu: Add python-zope-proxy.
  gnu: Add python-zope-location.
  gnu: Add python-zope-security.
  gnu: Add python-zope-component.
  gnu: Add python-pyrfc3339.
  gnu: Add python-werkzeug.
  gnu: Add python-configobj.
  gnu: Add dialog.
  gnu: Add python2-pythondialog.
  WIP: Add python-configargparse.
  gnu: Add python-ndg-httpsclient.
  gnu: python-parsedatetime: Update to 1.5.
  gnu: Add python2-parsedatetime.
  gnu: Add acme.
  WIP: Add lets-encrypt.

 gnu/packages/ncurses.scm                           |  23 +
 .../patches/python-configobj-setuptools.patch      |  30 ++
 gnu/packages/python.scm                            | 504 ++++++++++++++++++++-
 gnu/packages/tls.scm                               |  91 ++++
 4 files changed, 645 insertions(+), 3 deletions(-)
 create mode 100644 gnu/packages/patches/python-configobj-setuptools.patch

-- 
2.6.2