Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Thoughts on RPM builds? #15

Closed
willnewby opened this issue Nov 19, 2014 · 48 comments

Comments

Projects
None yet
@willnewby
Copy link
Contributor

commented Nov 19, 2014

Are there already plans for packaging this as an RPM for easy installation?

If so, great! How can I help?

If not, I'd like to volunteer to build them.

Either way, I'd like to help out in any way that I can.

@jdkasten

This comment has been minimized.

Copy link
Contributor

commented Nov 19, 2014

We definitely need help on the packaging front. Right now, we don't have any packaging. @paravoid did write up some debian packaging of a previous version of the repository, but we haven't investigated RPM yet. If you would like to help us in this regard, that would be amazing! There will need to be lots of testing done and I am sure tons of changes to the codebase as most of the testing thus far has occured on various LTS versions of Ubuntu. We would like to make this Let's Encrypt client accessible to as many users as possible.

@willnewby

This comment has been minimized.

Copy link
Contributor Author

commented Nov 19, 2014

Sweet! I'll start digging into that and see what I can get sorted. Figure
the goal is RPMs for Fedora 19,20/ RHEL+CentOS 5,6,7.

Is there an IRC channel for Let's Encrypt? I haven't seen references
anywhere, but I might've just missed it.


Will Newby
Freelance SysAdmin/Coder/Brain
Phone: 612.208.3806
Email: willnewby@gmail.com

On Wed, Nov 19, 2014 at 11:17 AM, James Kasten notifications@github.com
wrote:

We definitely need help on the packaging front. Right now, we don't have
any packaging. @paravoid https://github.com/paravoid did write up some
debian packaging of a previous version of the repository, but we haven't
investigated RPM yet. If you would like to help us in this regard, that
would be amazing! There will need to be lots of testing done and I am sure
tons of changes to the codebase as most of the testing thus far has occured
on various LTS versions of Ubuntu. We would like to make this Let's Encrypt
client accessible to as many users as possible.


Reply to this email directly or view it on GitHub
#15 (comment)
.

@lhaig

This comment has been minimized.

Copy link

commented Nov 19, 2014

@willnewby Can you try to make it work for Suse as well please

@willnewby

This comment has been minimized.

Copy link
Contributor Author

commented Nov 19, 2014

I can certainly try, however I'm not well versed in Suse. I plan to start
with Cent6 and expand out from there.


Will Newby
Freelance SysAdmin/Coder/Brain
Phone: 612.208.3806
Email: willnewby@gmail.com

On Wed, Nov 19, 2014 at 11:31 AM, Lance Haig notifications@github.com
wrote:

Can you try to make it work for Suse as well please


Reply to this email directly or view it on GitHub
#15 (comment)
.

@jdkasten

This comment has been minimized.

Copy link
Contributor

commented Nov 20, 2014

@willnewby There aren't any IRC channels yet. I will let you know as we get more communication infrastructure in place.

@Altwiztd

This comment has been minimized.

Copy link

commented Nov 20, 2014

Well well we or I no nothing

@jdkasten

This comment has been minimized.

Copy link
Contributor

commented Nov 20, 2014

@Altwiztd ???

@ghost

This comment has been minimized.

Copy link

commented Nov 20, 2014

Never mind, he already started encrypting...

@kuba

This comment has been minimized.

Copy link
Contributor

commented Nov 20, 2014

Hahahah, that commend made my day, @Rippler :D

@joepie91

This comment has been minimized.

Copy link

commented Nov 21, 2014

I'd recommend having a look at the openSUSE Build Service (possibly running a self-hosted instance of the build service, if security requirements cannot be met by the public instance). It's effectively a cross-distro, cross-package-format, cross-architecture buildfarm.

@willnewby

This comment has been minimized.

Copy link
Contributor Author

commented Nov 21, 2014

Oh. Awesome. I'll take a look.

I was going to look into Fedora's copr: https://copr.fedoraproject.org/ but
either one could work.

Thanks for the heads up!


Will Newby
Freelance SysAdmin/Coder/Brain
Phone: 612.208.3806
Email: willnewby@gmail.com

On Thu, Nov 20, 2014 at 7:07 PM, Sven Slootweg notifications@github.com
wrote:

I'd recommend having a look at the openSUSE Build Service
https://build.opensuse.org/ (possibly running a self-hosted instance of
the build service, if security requirements cannot be met by the public
instance). It's effectively a cross-distro, cross-package-format,
cross-architecture buildfarm.


Reply to this email directly or view it on GitHub
#15 (comment)
.

@jdkasten

This comment has been minimized.

Copy link
Contributor

commented Nov 21, 2014

@willnewby I know you had asked about an IRC channel before, which we don't have yet... (I will work on it tomorrow), but we do have a client development mailing list now which is included in the README.

@willnewby

This comment has been minimized.

Copy link
Contributor Author

commented Nov 21, 2014

Sweet deal. I'll go sign up. :)


Will Newby
Freelance SysAdmin/Coder/Brain
Phone: 612.208.3806
Email: willnewby@gmail.com

On Thu, Nov 20, 2014 at 9:09 PM, James Kasten notifications@github.com
wrote:

@willnewby https://github.com/willnewby I know you had asked about an
IRC channel before, which we don't have yet... (I will work on it
tomorrow), but we do have a client development mailing list now which is
included in the README.


Reply to this email directly or view it on GitHub
#15 (comment)
.

@fkooman

This comment has been minimized.

Copy link

commented Nov 22, 2014

See https://fedoraproject.org/wiki/Category:Package_Maintainers for packging guidelines and how to get the package officially in Fedora and EPEL (the add-on repository for Red Hat Enterprise and CentOS). Once it is in Fedora/EPEL it will be easier for Red Hat to include in Red Hat Enterprise and CentOS.

openSUSE may have different packging guidelines... so it may not be possible to target both Fedora/Red Hat Enterprise/CentOS and openSUSE with the same RPM spec file...

@joepie91

This comment has been minimized.

Copy link

commented Nov 25, 2014

@fkooman The usual approach for multi-distro packaging on the OBS is to have conditionals in the RPM .spec. Given that .spec files support multiple packages from a single .spec (if I recall correctly, that is), that shouldn't be a problem - simply specifying some Fedora-specific configuration should suffice.

@dnozay

This comment has been minimized.

Copy link
Contributor

commented Nov 27, 2014

@willnewby

This comment has been minimized.

Copy link
Contributor Author

commented Nov 27, 2014

While that's definitely a good idea, I know (as a sysadmin) that if I can
install something and ensure its version as an RPM I'm far more likely to
use and recommend that software.

It simplifies installation and distribution greatly, and I know I've
personally had some fairly major issues with PyPi. (Occasional Stability
Issues, Taking down older versions (but supported!) versions of software
that I care about and don't desire to upgrade unnecessarily).


Will Newby
Freelance SysAdmin/Coder/Brain
Phone: 612.208.3806
Email: willnewby@gmail.com

On Wed, Nov 26, 2014 at 11:43 PM, Damien Nozay notifications@github.com
wrote:

if it's python, then distribute it on PyPI.

https://python-packaging-user-guide.readthedocs.org/en/latest/distributing.html


Reply to this email directly or view it on GitHub
#15 (comment)
.

@dnozay

This comment has been minimized.

Copy link
Contributor

commented Nov 27, 2014

well yes. sometimes the package owner removes the package or clobbers it which is very unfortunate.
but since this project is hosted on github, you would still be able to get it there; for each tagged version.
https://github.com/letsencrypt/lets-encrypt-preview/releases

don't get me wrong, rpm is fine; I just claim we could do both.

@willnewby

This comment has been minimized.

Copy link
Contributor Author

commented Nov 27, 2014

Oh, definitely. I figure this is one of those "get it into people's hands
no matter what they use" kinds of projects.


Will Newby
Freelance SysAdmin/Coder/Brain
Phone: 612.208.3806
Email: willnewby@gmail.com

On Thu, Nov 27, 2014 at 12:57 AM, Damien Nozay notifications@github.com
wrote:

well yes. sometimes the package owner removes the package or clobbers it
which is very unfortunate.
but since this project is hosted on github, you would still be able to get
it there; for each tagged version.
https://github.com/letsencrypt/lets-encrypt-preview/releases

don't get me wrong, rpm is fine; I just claim we could do both.


Reply to this email directly or view it on GitHub
#15 (comment)
.

@joepie91

This comment has been minimized.

Copy link

commented Nov 27, 2014

That reminds me, this is another potential option: fpm

@lhaig

This comment has been minimized.

Copy link

commented Dec 1, 2014

+1 for the Suse OBS you could build for more than one OS in One place.
IF I knew more about packaging I would help.
When I used to package for the Bongo Project I just used to ask anyone that would answer :-)

@fkooman

This comment has been minimized.

Copy link

commented Dec 1, 2014

If the goal is to get it in Fedora, CentOS and Red Hat Enterprise (EPEL) proper there is no use making it build on OBS. As soon as there is support for Fedora/CentOS/Red Hat for managing the httpd configuration I'll have a look at packaging it for Fedora and opening a review request in RH bugzilla.

See https://fedoraproject.org/wiki/Packaging:Python for Python specific packaging guidelines by the way.

@joepie91

This comment has been minimized.

Copy link

commented Dec 2, 2014

If the goal is to get it in Fedora, CentOS and Red Hat Enterprise (EPEL) proper there is no use making it build on OBS.

How so? I'm not familiar with their package submission process - does it require for the packages to be built on a distro-specific buildfarm?

@lhaig

This comment has been minimized.

Copy link

commented Dec 2, 2014

I was just about to ask this same question. Is the plan to only support RH based distros?

OBS allows you to build for almost all distros including debian based ones.

@fkooman

This comment has been minimized.

Copy link

commented Dec 2, 2014

@joepie91 yes. Fedora/EPEL has https://koji.fedoraproject.org for building packages. All packages included in Fedora/EPEL have to be built there...

@lhaig no, I think there is some confusion: you can have the same spec file (template for generating an RPM) for both SUSE and Fedora/CentOS, but it needs to be built at the Fedora infrastructure (see link above to koji) for inclusion in Fedora/EPEL. Also it needs to go through a review process and find a sponsor before being accepted for inclusion. Once it is in Fedora getting it in EPEL will be relatively easy and will make it easier as well for Red Hat to pick it up for inclusion in one of the next Red Hat Enterprise point releases.

Also having a deb file from OBS will not help getting it in Debian.... Debian has their own build platform as well. As far as I know OBS is useful for upstream projects to make software available as a package to many users, but is in no way a replacement for getting it included in distros. Building it in OBS will require users to add an additional repository... I for one would never add an OBS repository on a production server... and also the goal of letsencrypt is to make it available without requiring the user to add additional repositories. That said: for simple testing deb or rpms through OBS is fine.

@AaronNGray

This comment has been minimized.

Copy link

commented Feb 25, 2015

Looks like it builds properly on Fedora. I built it last night on my main server and noticed the word "error" flashing by but they were not errors, so erroniously thought there were errors despite the "success !" message. Theres quite a few warning though, but they look safe.

Documented here :-

https://github.com/AaronNGray/lets-encrypt-preview/blob/fedora/debug/out
@lhaig

This comment has been minimized.

Copy link

commented Feb 25, 2015

On 25/02/2015 17:24, AaronNGray wrote:

Looks like it builds properly on Fedora. I built it last night on my
main server and noticed the word "error" flashing by but they were not
errors, so erroniously thought there were errors despite the "success
!" message. Theres quite a few warning though, but they look safe.

Documented here :-

|https://github.com/AaronNGray/lets-encrypt-preview/blob/fedora/debug/out
|


Reply to this email directly or view it on GitHub
#15 (comment).

Hi,

do you have a spec file to share yet?

Regards

Lance

@AaronNGray

This comment has been minimized.

Copy link

commented Feb 25, 2015

No. I have only compiled from source using :-

http://www.aarongray.org/letsencrypt/letsencrypt.html

Also I have not tested it yet though as am preparing to juggle servers.

On 25 February 2015 at 18:00, Lance Haig notifications@github.com wrote:

On 25/02/2015 17:24, AaronNGray wrote:

Looks like it builds properly on Fedora. I built it last night on my
main server and noticed the word "error" flashing by but they were not
errors, so erroniously thought there were errors despite the "success
!" message. Theres quite a few warning though, but they look safe.

Documented here :-

|
|
|


Reply to this email directly or view it on GitHub
<
#15 (comment)
.

Hi,

do you have a spec file to share yet?

Regards

Lance


Reply to this email directly or view it on GitHub
#15 (comment)
.

@lhaig

This comment has been minimized.

Copy link

commented Feb 28, 2015

Hi All,

I have quickly this morning created these packages

https://build.opensuse.org/package/show/home:lhaig/letsencrypt-preview

Can you guys test please and tell me if anything is not working

Thanks

Lance

@lhaig

This comment has been minimized.

Copy link

commented Mar 1, 2015

Hi have just finished the Debian based builds as well. They all need testing.
https://build.opensuse.org/package/show/home:lhaig/letsencrypt-preview

@danimo

This comment has been minimized.

Copy link

commented Apr 11, 2015

@lhaig what happened to your OBS package?

@lhaig

This comment has been minimized.

Copy link

commented Apr 19, 2015

I removed the packages as it seemed that they were not necessary as I found out in the IRC channel

@danimo

This comment has been minimized.

Copy link

commented Apr 19, 2015

@lhaig can you elaborate why that is? what are the alternatives?

@lhaig

This comment has been minimized.

Copy link

commented Apr 19, 2015

In a discussion with someone on the IRC channel I was told only debian was supported and the OBS packages were not needed. So I did not waste any more time on them. I will upload what I have now into my OBS account and if anyone is interested they can find the files there

@lhaig

This comment has been minimized.

Copy link

commented Apr 19, 2015

I will leave the Debian based builds out of the account

@tdfischer

This comment has been minimized.

Copy link

commented Aug 2, 2015

Hi, all.

I've created this packaging bug against Fedora for tracking EPEL/Fedora packaging:

https://bugzilla.redhat.com/show_bug.cgi?id=1215478

A sample package for Fedora 22 is available here:

https://copr.fedoraproject.org/coprs/tdfischer/lets-encrypt/

And here's a mailing list thread for some other information:

https://groups.google.com/a/letsencrypt.org/forum/#!topic/client-dev/ZQ_hnSxxQYE

@NoodlesNZ

This comment has been minimized.

Copy link
Collaborator

commented Oct 20, 2015

@tdfischer Any luck getting the package picked up by fedora? I don't mind looking after EPEL 6/7, but can't see it in package db (I'm not familiar with COPR).

@kuba kuba added the area: pkging label Oct 23, 2015

@FelixSchwarz

This comment has been minimized.

Copy link
Contributor

commented Oct 27, 2015

@NoodlesNZ the package is not in Fedora yet because the packaging is not (yet) up to Fedora's standards (check the Red Hat bugzilla link for details) and it seems that reviewers are waiting for a response from @tdfischer for some time now. All packages in Fedora must pass the review to minimize the amount of errors (i.e. "you should be able to run the application after installing the rpm"). As far as I can see the spotted problems are pretty simple but need to be fixed before acceptance.

One danger I see here is that if @tdfischer lost interest/time other potential packagers might not take the package because they might get the impression that "someone else" is already doing it.

PS: As far as I can see the copr repo provides the same code as presented in rhbz.

@sparksis

This comment has been minimized.

Copy link

commented Nov 11, 2015

@tdfischer Are you able to setup copr for an epel (7) release? I've seen quite a few RPMs on copr with both Fedora and EPEL releases and it would be beneficial to have it available for centos.

@NoodlesNZ

This comment has been minimized.

Copy link
Collaborator

commented Nov 11, 2015

It looks to be in review (https://bugzilla.redhat.com/show_bug.cgi?id=1215478). Once the package is in Fedora then we can create EPEL packages, but at the moment it looks like we're short a couple of python dependencies (at least when I build from the src package in copr).

@tscherf

This comment has been minimized.

Copy link

commented Dec 30, 2015

The letsencrypt package is now available in Fedora:

http://koji.fedoraproject.org/koji/packageinfo?packageID=21509

@Deathnerd

This comment has been minimized.

Copy link

commented Jan 28, 2016

@tscherf a bit of a fedora/CentOS noob here. Can I use those packages on CentOS as well?

@NoodlesNZ

This comment has been minimized.

Copy link
Collaborator

commented Jan 28, 2016

@Deathnerd no, you generally can't use fedora packages on CentOS. If you're using CentOS 7 Let's Encrypt is available from EPEL (https://fedoraproject.org/wiki/EPEL), the package name is letsencrypt

@Deathnerd

This comment has been minimized.

Copy link

commented Jan 29, 2016

@NoodlesNZ thanks for the info!

@kyanha

This comment has been minimized.

Copy link

commented Feb 4, 2016

Any love for CentOS 6?

@NoodlesNZ

This comment has been minimized.

Copy link
Collaborator

commented Feb 4, 2016

A few dependencies that need to be addressed before it's released. Hopefully we'll get there but a bit harder than CentOS 7

@rbu

This comment has been minimized.

Copy link
Contributor

commented Feb 11, 2016

If you want to follow/help with the addition to EPEL for RHEL/CentOS 6, there's two detailed bug reports at https://bugzilla.redhat.com/show_bug.cgi?id=1288999 and https://bugzilla.redhat.com/show_bug.cgi?id=1288744

We'd need to update and add several components, and for two of those it's not yet clear if they actually support Python 2.6 (namely idna, see kjd/idna#20 and parsedatetime).

@pde

This comment has been minimized.

Copy link
Member

commented Jul 14, 2016

I gather that Certbot EPEL 6 packages have been deemed a "wontfix" due to dependency issues, so we're going to continue to support and improve certbot-auto for CentOS 6 users. Other than that, we're well packaged on more modern RPM distros, and I think we can close this!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.