1. Forum
  2. Usenet
  3. LINUX.GENTOO.DEV

  • [RFC] News Item: Certbot rework and transition

    From Thibaud CANALE@21:1/5 to All on Tue Mar 4 19:40:01 2025
    First iteration of news item about Certbot rework.

    ======== 2025-03-04-certbot-rework.en.txt BEGIN ========

    Title: Certbot rework and transition
    Author: Thibaud CANALE <thican@thican.net>
    Content-Type: text/plain
    Posted: 2025-03-04
    Revision: 1
    News-Item-Format: 2.0
    Display-If-Installed: app-crypt/acme, app-crypt/certbot, app-crypt/certbot-apache, app-crypt/certbot-dns-cloudflare, app-crypt/certbot-dns-desec, app-crypt/certbot-dns-dnsimple, app-crypt/certbot-dns-nsone, app-crypt/certbot-dns-rfc2136, app-crypt/
    certbot-nginx

    For ease of maintenance and faster and more reliable delivery for
    Gentoo’s users, Certbot and its modules have been reworked into a single package.

    Starting from app-crypt/certbot-3.2.0-r100, only this package is
    necessary to install Certbot and its modules thanks to the help of USE
    flags. Some block statements are enforced for modules packages to avoid collisions.
    However this creates issues for users and requires them to take action
    to update their Portage configuration and world set. Hence why this news
    item and the introduction of transition packages.

    Currently supported Certbot modules will have transition packages which
    are simply meta-package with their corresponding USE flag to the main
    package, but it still requires users to update their package.use, as
    describe below.

    As a reminder, there is a Wiki page for Certbot: https://wiki.gentoo.org/wiki/Let%27s_Encrypt

    So this news item introduces step-by-step actions to ensure proper
    update:

    1. Add an entry under package.use with the modules of your choice based
    on the list provided by this new package. Example:

    app-crypt/certbot certbot-apache certbot-dns-rfc2136

    2. If you decide to go ahead of time by accepting "non stable" version
    from Gentoo’s main Portage tree, continue with the following steps, or
    simply stop here, your work is done for now. Step 3 will be done later.

    3. You can decide to clean now your world set, or other sets, of
    Certbot’s module packages:

    emerge --ask --deselect app-crypt/acme app-crypt/certbot-apache \
    app-crypt/certbot-dns-cloudflare app-crypt/certbot-dns-desec \
    app-crypt/certbot-dns-dnsimple app-crypt/certbot-dns-nsone \
    app-crypt/certbot-dns-rfc2136 app-crypt/certbot-nginx

    4. Emerge or update app-crypt/certbot if necessary. This should remove
    previous packages:

    emerge --verbose --ask --changed-use --noreplace app-crypt/certbot

    ======== 2025-03-04-certbot-rework.en.txt END ========


    --
    Thibaud CANALE
    thican [at] thican [dot] net
    https://thican.net/
    GPG: rsa4096 2013-10-14 485EF628CB85CDD4CB7CFF0D52F5127650733A18

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCAAdFiEESF72KMuFzdTLfP8NUvUSdlBzOhgFAmfHSHYACgkQUvUSdlBz OhhafA/7B3M7YgTn0lz5pFdDbek7W8u7ZUEBBV9RIPbLJa3V0BE5d9snx9rI1Uiv bWX1p/qK1KcbOZb5rYmx1/wLuEKForZB2JkXAzms1qqt+NoMPFTcKajja4CpyHi8 qpvVItp15VwBYLFWUDBpzr4mzh5P+AKCybi5ypQByKulNQGWhw7DPzamM5DwhIqI spllmfiDVOo1V21SQA6S65SbOt2FkirHRoIA6c8h30xIojMXpbrtK6qkJD9kjETA xt3JdmI6IA1vhn7zAxHrpePkh+xBfqmWbkaGkKwTelhqBhexyo74CWCafjuaCNzW yiehHoQi3+c4mjOLvmA2yUIQZeV0BVcb+NT9AaqrKTo6PN1cuGmpXZCybpU1OOEh oP9i6jP1m6hshxS+6yM3RtBmQoapuISvcj4z/UbY/pCrKmhg5w/7lSxTOP7x0cty Htj1JyXJZWT8lF2teRa8Qs09SE0uiGIw8MjcWEhE+umzZmjvGRUcH/AN9sgDo9uG YScJkRQkWtxN/yyN1WfHkWU3ovp3Hq8De6liu8t+MbNPkO5ARiKbn79+jiCwNsFb hzCYuctNax8BjjRpr/Dvwz8S6kuReI9GwgUCRacoRHmub86+lu6dp9Dxt1/YlnCT Amx9RdhS/SCm+vQDKjq/doB+zIq2y8NHSrMyNX9tXZmKvWt9n7k=
    =1iD5
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Orig
  • From Duncan@21:1/5 to All on Fri Mar 7 14:40:01 2025
    Thibaud CANALE posted on Tue, 4 Mar 2025 19:37:46 +0100 as excerpted:

    First iteration of news item about Certbot rework.

    For ease of maintenance and faster and more reliable delivery for
    Gentoo’s users, Certbot and its modules have been reworked into a single package.

    I'd suggest putting (the more important) "what" first, then why:

    Certbot and it modules are being reworked into a single package. This
    should ease maintenance and make delivery faster and more reliable.

    Starting from app-crypt/certbot-3.2.0-r100, only this package is
    necessary to install Certbot and its modules thanks to the help of USE
    flags. Some block statements are enforced for modules packages to avoid collisions.

    Good as-is...

    However this creates issues for users and requires them to take action
    to update their Portage configuration and world set. Hence why this news
    item and the introduction of transition packages.

    (Concisify, omitting a bit as implied, and explicitly name the config
    changes:)

    Action required: @world set and package.use changes.


    Currently supported Certbot modules will have transition packages which
    are simply meta-package with their corresponding USE flag to the main package, but it still requires users to update their package.use, as
    describe below.

    Temporary transition metapackages activate the appropriate USE flags to
    keep things working for now, but users must update package.use and their
    @world set to complete the transition before <date>, after which these temporary transition packages will be removed.

    (Decide on and substitute the removal date as appropriate.)

    As a reminder, there is a Wiki page for Certbot: https://wiki.gentoo.org/wiki/Let%27s_Encrypt

    :^)

    So this news item introduces step-by-step actions to ensure proper
    update:

    Step by step:

    1. Add an entry under package.use with the modules of your choice based
    on the list provided by this new package. Example:

    1. In package.use:

    (Should that be the full path, /etc/portage/package.use?)

    Add an entry for the modules of your choice based on the USE flags of the
    new unified package. Example:

    app-crypt/certbot certbot-apache certbot-dns-rfc2136

    :^)

    2. If you decide to go ahead of time by accepting "non stable" version
    from Gentoo’s main Portage tree, continue with the following steps, or simply stop here, your work is done for now. Step 3 will be done later.

    If you wish to stick with stable you may stop here. The below steps
    (skipping step 2) will be completed later once the unified package
    stabilizes. Should you wish to complete the transition now:

    (Note that the step number was removed. New step 2, (path?)package.accept_keywords step.)

    2. In package.accept_keywords (skip this step and continue with step 3 if completing after the unified package stabilizes):

    Add a keyword entry for the new unified package. Example:

    ~app-crypt/certbot-3.2.0 ~amd64

    3. You can decide to clean now your world set, or other sets, of
    Certbot’s module packages:

    3. Clean the old module packages out of your @world or other sets:

    emerge --ask --deselect app-crypt/acme app-crypt/certbot-apache \
    app-crypt/certbot-dns-cloudflare app-crypt/certbot-dns-desec \
    app-crypt/certbot-dns-dnsimple app-crypt/certbot-dns-nsone \
    app-crypt/certbot-dns-rfc2136 app-crypt/certbot-nginx

    4. Emerge or update app-crypt/certbot if necessary. This should remove previous packages:

    emerge --verbose --ask --changed-use --noreplace app-crypt/certbot

    :^)

    --
    Duncan - List replies preferred. No HTML msgs.
    "Every nonfree program has a lord, a master --
    and if you use the program, he is your master." Richard Stallman

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Thibaud CANALE@21:1/5 to All on Fri Mar 7 22:20:01 2025
    Second iteration of news item about Certbot rework.
    Thanks Duncan for the feedbacks.
    And I arbitrary decided for a date about the removal of transition metapackages, unless it is not satisfying.

    Note: I am not sure if I had to update the "Posted" field, did it
    anyway.

    ======== 2025-03-04-certbot-rework.en.txt BEGIN ========

    Title: Certbot rework and transition
    Author: Thibaud CANALE <thican@thican.net>
    Content-Type: text/plain
    Posted: 2025-03-07
    Revision: 2
    News-Item-Format: 2.0
    Display-If-Installed: app-crypt/acme, app-crypt/certbot, app-crypt/certbot-apache, app-crypt/certbot-dns-cloudflare, app-crypt/certbot-dns-desec, app-crypt/certbot-dns-dnsimple, app-crypt/certbot-dns-nsone, app-crypt/certbot-dns-rfc2136, app-crypt/
    certbot-nginx

    Certbot and its modules have been reworked into a single package; this
    should ease maintenance and make delivery faster and more reliable.

    Starting from app-crypt/certbot-3.2.0-r100, only this package is
    necessary to install Certbot and its modules thanks to the help of USE
    flags. Some block statements are enforced for modules packages to avoid collisions.
    However actions from users are required: @world set and package.use
    changes.

    Temporary transition metapackages call for the appropriate USE flags,
    but users still have to change their package.use and later they must
    update their @world set to complete the transition before 2025-06-10
    (around three months from publication), after which these temporary
    transition packages will be removed.

    As a reminder, there is a Wiki page for Certbot: https://wiki.gentoo.org/wiki/Let%27s_Encrypt

    Step by step:

    1. In /etc/portage/package.use:

    Add an entry for the modules of your choice based on the USE flags of
    the new unified package. Example:

    app-crypt/certbot certbot-apache certbot-dns-rfc2136

    If you wish to stick with stable you may stop here. The below steps
    (skipping step 2) will be completed later once the unified package
    stabilizes. Should you wish to complete the transition now:

    2. In /etc/portage/package.accept_keywords: (skip this step and continue
    with step 3 if completing after the unified package stabilizes):

    Add a keyword entry for the new unified package. Example:

    ~app-crypt/certbot-3.2.0 ~amd64

    3. Clean the old module packages out of your @world or other sets:

    emerge --ask --deselect app-crypt/acme app-crypt/certbot-apache \
    app-crypt/certbot-dns-cloudflare app-crypt/certbot-dns-desec \
    app-crypt/certbot-dns-dnsimple app-crypt/certbot-dns-nsone \
    app-crypt/certbot-dns-rfc2136 app-crypt/certbot-nginx

    4. Emerge or update app-crypt/certbot if necessary. This should remove
    previous packages:

    emerge --verbose --ask --changed-use --noreplace app-crypt/certbot

    ======== 2025-03-04-certbot-rework.en.txt END ========


    --
    Thibaud CANALE
    thican [at] thican [dot] net
    https://thican.net/
    GPG: rsa4096 2013-10-14 485EF628CB85CDD4CB7CFF0D52F5127650733A18

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCAAdFiEESF72KMuFzdTLfP8NUvUSdlBzOhgFAmfLYJwACgkQUvUSdlBz OhjM+g//c5FOw6Iksw5JE0MutoOY7reHzdfc6YmnFmElynjZW/B0FdowzHxeoEUr HNr5cYTmDtjPPhcbTWzinOy/aPqDLseahj+gfStkwApHVolBSfgqUUDXPpBOGHF5 k9ckPxCbW0eTJYvVA35QvrT+NDuGppS2UBLo4nkh2uPJZRDRaM5jUJoJxUpx97ah teH6AXcjeWu85ywu+ygcOhZ979y3RfoAMwIgkBjqmisR+0WII1RZR6SOnXBfc33F MdMSqZ1Fr5/zmFL5ec+x8jRZ7hK99c0l7v2epGEbuJA+8ToohpCgTkNEDPeC7IvS 1aQ/kQEdWqPFoICkHsc+cBNdj/UMx+/KUNKT6Cbvo/BxftZ4pUoFO5h+sbRyRceP Fg3y44kxNYcyqa4+ZoeCvqfM04vOvsIAvzsus0Dyc3MzFwkZJkedBR4tCYr2em83 2Xce2N4dMphGyGBgp6jtJh2CsqCiiKyfpxeILtGBesCGCT6Y03SNAckrw86bv7zx MIRKOntV6MNJycYByQ5W1ukzQmLKsImas1DvY7AjpmC6Q3eiBbjQEgfkFZXV47GT mIImqku1a2p0gemproI8PgPZLa/CXCborgPzKlN+Jl16JfbRYzxQhLjtzi/IvYoY Rac40l9D0URi4qJbhOgxV/GQFOGqyA6abTF2c3HC4cu7uxeY6Y4=
    =5obx
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Orig