I wanted to do this because we were notified that https://ubuntu.com/security/notices/USN-5638-3/ affects our snaps. This probably doesn't affect us, but rebuilding to be safe seems worth it to me personally.
I started to just trigger a new v1.32.0 release build, but I don't want to overwrite our 2.0 Docker images under the `latest` tag.
Changelog changes here are similar to what has been done for past point releases like https://github.com/certbot/certbot/pull/8501.
I also cherry picked #9474 to this branch to help the release process pass.
* add changelog
* Use a longer timeout for releases (#9474)
This is in response to the thread starting at https://github.com/certbot/certbot/pull/9330#issuecomment-1320416069.
In addition to this, I plan to add the following text to the step of the release instructions that tells you to wait until Azure Pipelines for the release has finished running:
> Some jobs such as building our snaps can take a long time to complete, however, if the process seems hung, you can cancel the build and then rerun the failed jobs. To do this, click on the build for the release in the link above, make sure you're logged into Azure Pipelines, and then use the cancel/rerun buttons in the top right of the web page.
(cherry picked from commit 30b4fd59a5)
This PR:
* Deletes the 2.0 pre-release pipeline
* Causes 1.x releases to be released to Docker Hub without updating the latest tag, PyPI, and the candidate and stable channels of the snap store
* Causes 2.x releases to be released to Docker Hub, PyPI, the beta channel of the snap store, and our Windows installer
We could potentially look into how to continue to do 1.x Windows installer releases through GitHub releases and tech ops tooling, but I personally don't think it's worth it right now.
This PR DOES NOT do anything about progressive snap releases. I think we can revisit this when/if we decide (how) to do them.
(cherry picked from commit 09af133af3)
* certbot-apache: use httpd for newer RHEL derived distros
A change in RHEL 9 is causing apachectl to error out when used
with additional arguments, resulting in certbot errors. The CentOS
configurator now uses httpd instead for RHEL 9 (and later) derived
distros.
* Single CentOS class which uses the apache_bin option
* soothe mypy
* Always call super()._override_cmds()
Fixes#7206.
I think it's about time we did this:
- `dnssec-keygen` on new distros doesn't support the HMAC algorithms anymore, so our instructions don't work.
- The oldest distros we support are Debian Buster (`9.11.5.P4+dfsg-5.1+deb10u7`) and CentOS 7 (`9.11.4-26.P2.el7_9.9`), which ship `tsig-keygen` and support `HMAC-SHA512`.
* Use the TSIG keyring for the initial SOA request
Helps allow the use of keys in BIND ACLs to help certbot update the correct zone. Previously TSIG was only used for zone updates, rather than for both the authoritative SOA request and zone update.
* Update CHANGELOG.md
* Update AUTHORS.md
* Workaround for mypy failure due to dnspython stubs
As per https://github.com/certbot/certbot/pull/9408#issuecomment-1257868864
Co-authored-by: Alex Zorin <alex@zorin.id.au>
There is no need for two interconneced (pipe) processes.
The regular expression in the grep part is not strict enough in some cases (presence of long_description.
sed does not seem to support perl regular expressions ("\s").
Some Python developers prefer single quotes to double qoutes. Some even go so far as to adapt generated templates (setup.py).
This update will (hopefully) fix this all.
This was tested on Ubuntu 20.04.5 LTS (Focal Fossa) and macOS 12.5.1 (Monterey).
* deprecate more attributes in acme
* Deprecate .Authorization.combinations by renaming the field and
deprecating in getters/setters
* Silence deprecation warnings from our own imports of acme.mixins
Co-authored-by: Brad Warren <bmw@users.noreply.github.com>
