Packages

  • Status Closed
  • Percent Complete
    100%
  • Task Type Update Request
  • Category Any
  • Assigned To
    coadde
    Emulatorman
  • Operating System All
  • Severity Critical
  • Priority Very High
  • Reported Version Any
  • Due in Version Undecided
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: Packages
Opened by Megver83 - 18/04/2018
Last edited by Emulatorman - 26/04/2018

FS#705 - [certbot] update package to support ACMEv2 and Wildcard

Since certbot v0.22.0[0] there’s support for ACMEv2 and Wildcard. This is an important update since wildcard SSL certificates can make server security and maintaince easier by supporting all subdomains of a base domain.

Debian Stretch (stable) uses certbot 0.10.2 but there’s 0.23.0 in stretch-backports repository[1]. So I’d like to request an update or a backport of certbot and its dependencies.

These are the actual packages versions from Hyperbola and Arch:

  • certbot (0.23.0-1) / Hyperbola version ⇒ (0.14.0-1) [x]
  • python-acme (0.23.0-1) / Hyperbola version ⇒ (0.14.0-1) [x]
  • python-configargparse (0.12.0-1) / Hyperbola version ⇒ (0.11.0-2) [=]
  • python-parsedatetime (2.4-1) / Hyperbola version ⇒ (2.3-1) [x]
  • python-pbr (4.0.2-1) / Hyperbola version ⇒ (3.0.0-1) [<]
  • python-pytz (2018.4-1) / Hyperbola version ⇒ (2017.2-1) [<]
  • python-zope-component (4.4.1-1) / Hyperbola version ⇒ (4.3.0-2) [=]
  • python-zope-event (4.3.0-1) / Hyperbola version ⇒ (4.2.0-2) [=]

NOTE: packages marked with an “[x]” means that the pkg has Debian Stretch backports of the proposed updated version. The “[=]” means that Debian has no backports but uses the same version of the pkg as Hyperbola. The [<] means the Debian Version lower than Hyperbola’s Version.

The packages that may get the update should be only the ones marked with an [x], if we follow the Debian Stretch devel. If certbot gets the update, then the following Arch packages need to be added for obtaining wildcard certificates throught the DNS challenge:

  • certbot-dns-cloudflare
  • certbot-dns-cloudxns
  • certbot-dns-digitalocean
  • certbot-dns-dnsimple
  • certbot-dns-dnsmadeeasy
  • certbot-dns-luadns
  • certbot-dns-nsone
  • certbot-dns-rfc2136
  • certbot-dns-route53

I ommited certbot-dns-google since it’s not compatible with the Hyperbola Packaging Guidelines.

[0] https://community.letsencrypt.org/t/certbot-0-22-0-release-with-acmev2-and-wildcard-support/55061
[1] https://packages.debian.org/search?keywords=certbot

Closed by  Emulatorman
26.04.2018 03:33
Reason for closing:  Implemented
Admin
The packages that may get the update should be only the ones marked with an [x], if we follow the Debian Stretch devel

Hyperbola follow Debian development principles and patches, however not their packages version since we have our own development policies to upgrade our packages through our packaging guidelines (see 6th and 7th amendment of our packaging guidelines), however we consider their patching and backporting (if it contains critical security issues) so important to improve our stability. For that reason, some Debian Stretch packages version are lower than our ones :)

Admin
The packages that may get the update should be only the ones marked with an [x], if we follow the Debian Stretch devel. If certbot gets the update, then the following Arch packages need to be added for obtaining wildcard certificates throught the DNS challenge:
certbot-dns-cloudflare
> certbot-dns-cloudxns
> certbot-dns-digitalocean
> certbot-dns-dnsimple
> certbot-dns-dnsmadeeasy
> certbot-dns-luadns
> certbot-dns-nsone
> certbot-dns-rfc2136
> certbot-dns-route53
I ommited certbot-dns-google since it’s not compatible with the Hyperbola Packaging Guidelines.

We will distribute only certbot-dns-luadns and certbot-dns-rfc2136 because the another packages aren't compatible with the Hyperbola Social Contract for privacy reasons like certbot-dns-google case.

Date User Effort (H:M)
watch my effort tracking timers

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing