Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backporting ACME v2 fix (#71291) to 19.09 #71953

Merged
merged 4 commits into from
Oct 25, 2019
Merged

Backporting ACME v2 fix (#71291) to 19.09 #71953

merged 4 commits into from
Oct 25, 2019
+399 −606

Conversation

picnoir
Copy link
Member

@picnoir picnoir commented Oct 24, 2019

Backport #71291 to 19.09 to fix let's encrypt certificate issuing.

Part of #70966.

CC @disassembler @aszlig @fpletz @flokli @c0bw3b @arianvp

@picnoir
simp_le: 0.9.0 -> 0.16.0
71ef17b 
(cherry picked from commit 071d181)
@picnoir
pebble: init at 2.2.2
305030f 
(cherry picked from commit 6ac0e34)
@picnoir
certbot: 0.31.0 -> 0.39.0
353333e 
Updating:

- nixos module to use the new `account_reg.json` file.
- use nixpkgs pebble for integration tests.

Co-authored-by: Florian Klink <flokli@flokli.de>

Replace certbot-embedded pebble

(cherry picked from commit 38e8415)
@picnoir
nixos/tests/letsencrypt: use Pebble instead of Boulder
f4b14ce 
Let's encrypt bumped ACME to V2. We need to update our nixos test to
be compatible with this new protocol version.

We decided to drop the Boulder ACME server in favor of the more
integration test friendly Pebble.

- overriding cacert not necessary
- this avoids rebuilding lots of packages needlessly
- nixos/tests/acme: use pebble's ca for client tests
- pebble always generates its own ca which has to be fetched

(cherry picked from commit 0c0af28)
@ofborg ofborg bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 8.has: package (new) This PR adds a new package 10.rebuild-darwin: 1-10 10.rebuild-linux: 1-10 labels Oct 24, 2019
@flokli
Copy link
Contributor

flokli commented Oct 25, 2019

@GrahamcOfBorg test acme

@flokli flokli merged commit 6aab37b into NixOS:release-19.09 Oct 25, 2019
@nixos-discourse
Copy link

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/please-update-to-latest-19-09-if-using-letsencrypt/4595/1

@FRidh
Copy link
Member

FRidh commented Oct 30, 2019

Maybe have a release note?

@picnoir
Copy link
Member Author

picnoir commented Oct 30, 2019 via email

@flokli
Copy link
Contributor

flokli commented Oct 30, 2019

I don't really see a reason too add a release notes - the backport PR was about keeping the current feature set (and functionality).

@picnoir picnoir deleted the nin-backport-acme branch December 11, 2019 11:45
@arianvp arianvp mentioned this pull request Jan 16, 2020
Merged
10 tasks
@flokli flokli mentioned this pull request Jan 19, 2020
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 8.has: package (new) This PR adds a new package 10.rebuild-darwin: 1-10 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@picnoir @flokli @nixos-discourse @FRidh