[Letsencrypt-devel] Bug#824928: letsencrypt.sh: move the default position of the domains file to /etc/letsencrypt.sh/

Mattia Rizzolo mattia at debian.org
Sat May 21 18:07:36 UTC 2016 

On Sat, May 21, 2016 at 07:14:05PM +0200, Daniel Beyer wrote:
> Hi Mattia,
> 
> On Sat, 2016-05-21 at 15:58 +0200, Daniel Beyer wrote:
> > (...)
> >
> > It looks like ${DOMAINS_TXT} can not be set or overridden in config.sh.
> > But it should be rather easy to add this feature to letsencrypt.sh. I'll
> > work on a patch and propose it upstream. In past upstream was very nice
> > with accepting improvements to letsencrypt.sh. I'll let you know about
> > the progress of this.
> 
> I opened a PR for upstream [1], based on the initial work you gave me.
> It might take a bit till upstream reacts to it, but I think chances are
> good it will be accepted.
> [1] https://github.com/lukas2511/letsencrypt.sh/pull/204

Great thanks!

> I started working on updating our packaging in a new branch
> wip/dabe/domains.txt-in-etc. But I have the feeling, that mentioning the
> change in d/NEWS is not enough.

I'd also keep in mind that this package is very young while considering
this.

> So i came up with the following idea (not implemented, yet):
> During upgrade we check if a /var/lib/letsencrypt.sh/domains.txt exists
> and if so add an extra config file in /etc/letsencrypt.sh/conf.d/ to
> automatically reconfigure letsencrypt.sh back to the old location. With
> this we would not break things for our existing users.
> Do you have an other idea or opinion how to deal with this?

That's a nice idea, even if I usually try to avoid having to deal with
maintainer scripts.
Anyway doing this also requires:
* checking that /etc/letsencrypt.sh/config.sh actually has DOMAINS_TXT
  set to the new location (if the user modified it, dpkg won't overwrite
  it with our new copy with our new conf)
* also adding a prerm to remove that file in case of purge


Also, I'd like to not keep that thing forever, e.g. drop this
transitional measure before stretch: I'm usually happier if my packages
don't have maintainer scripts.

> An other question is whether or not we should start shipping
> a /etc/letsencrypt.sh/domains.txt. I would prefer to do that, with a
> small header (lines containing '#' are ignored) outlining the purpose
> and the format of this domains.txt file. What do you think?

Yes :)
Also notice the relative file in the new docs/ directory in the upstream
repo (I'd like to ship all that documentation when a new release will
happen).


In the meantime, I'm going to build from your branch, change some things
in my infra, and test it out.

-- 
regards,
                        Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18  4D18 4B04 3FCD B944 4540      .''`.
more about me:  https://mapreri.org                             : :'  :
Launchpad user: https://launchpad.net/~mapreri                  `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia  `-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/letsencrypt-devel/attachments/20160521/70e6032d/attachment.sig>

More information about the Letsencrypt-devel mailing list