acme4netvs issueshttps://git.scc.kit.edu/KIT-CA/acme4netvs/-/issues2021-08-19T19:22:45+02:00https://git.scc.kit.edu/KIT-CA/acme4netvs/-/issues/1Search netdb_client.ini in predefinied places `~/.config/`2021-08-19T19:22:45+02:00ge3242heiko.reese@kit.eduSearch netdb_client.ini in predefinied places `~/.config/`For example `/etc/netdb/netdb_client.ini`?For example `/etc/netdb/netdb_client.ini`?ge3242heiko.reese@kit.eduge3242heiko.reese@kit.eduhttps://git.scc.kit.edu/KIT-CA/acme4netvs/-/issues/3Write documentation2022-09-22T01:46:04+02:00ge3242heiko.reese@kit.eduWrite documentation"stable"https://git.scc.kit.edu/KIT-CA/acme4netvs/-/issues/7Write moar tests!!!2021-09-14T20:03:29+02:00ge3242heiko.reese@kit.eduWrite moar tests!!!https://git.scc.kit.edu/KIT-CA/acme4netvs/-/issues/8Build packages for common distributions/OS2021-09-15T11:51:31+02:00ge3242heiko.reese@kit.eduBuild packages for common distributions/OS* https://wiki.debian.org/DebianRepository/SetupWithReprepro
* https://blog.setale.me/2020/08/02/using-a-gitlab-to-build-a-debian-repository/* https://wiki.debian.org/DebianRepository/SetupWithReprepro
* https://blog.setale.me/2020/08/02/using-a-gitlab-to-build-a-debian-repository/https://git.scc.kit.edu/KIT-CA/acme4netvs/-/issues/15Feature Request: sign windows executables after CI build2021-12-09T13:11:31+01:00ge3242heiko.reese@kit.eduFeature Request: sign windows executables after CI buildConfirmed to work on Linux with [osslsigncode](https://github.com/mtrojnar/osslsigncode) and GEANT TCS code signing certificate.
```
osslsigncode sign -pkcs12 cert.p12 -askpass -t http://timestamp.sectigo.com -h sha256 -in acme4netvs_bl...Confirmed to work on Linux with [osslsigncode](https://github.com/mtrojnar/osslsigncode) and GEANT TCS code signing certificate.
```
osslsigncode sign -pkcs12 cert.p12 -askpass -t http://timestamp.sectigo.com -h sha256 -in acme4netvs_blubb.exe -out acme4netvs_blubb_signed.exe
```ge3242heiko.reese@kit.eduge3242heiko.reese@kit.eduhttps://git.scc.kit.edu/KIT-CA/acme4netvs/-/issues/16Decide for build targets2021-09-14T20:03:30+02:00ha2931dominik.rimpf@kit.eduDecide for build targetsWith 83dc6ca344b35b4352fa0222217ab41b12394119
we removed the `GOOS`:
```
- freebsd
- dragonfly
- netbsd
- openbsd
- solaris
- illumos
```
and the `GOARCH`:
```
- 386
- arm
- arm64
``...With 83dc6ca344b35b4352fa0222217ab41b12394119
we removed the `GOOS`:
```
- freebsd
- dragonfly
- netbsd
- openbsd
- solaris
- illumos
```
and the `GOARCH`:
```
- 386
- arm
- arm64
```
for release we may to add some `GOOS` & `GOARCH` combinations again. (e.g. Linux arm(64) for Raspberry Pi and similar)https://git.scc.kit.edu/KIT-CA/acme4netvs/-/issues/17Check potential corner cases for certificates for CNAMEs2022-09-22T01:45:14+02:00ge3242heiko.reese@kit.eduCheck potential corner cases for certificates for CNAMEshttps://git.scc.kit.edu/KIT-CA/acme4netvs/-/issues/18Feedback aus IT-EK am 2021-09-152022-09-22T01:46:54+02:00ge3242heiko.reese@kit.eduFeedback aus IT-EK am 2021-09-15Bitte benutze Clients hier als Kommentar hinterlassen; wenn möglich gleich mit Link.Bitte benutze Clients hier als Kommentar hinterlassen; wenn möglich gleich mit Link.https://git.scc.kit.edu/KIT-CA/acme4netvs/-/issues/20Add metadata and an icon to windows binaries2022-09-13T12:47:48+02:00ge3242heiko.reese@kit.eduAdd metadata and an icon to windows binarieshttps://github.com/josephspurrier/goversioninfohttps://github.com/josephspurrier/goversioninfoge3242heiko.reese@kit.eduge3242heiko.reese@kit.eduhttps://git.scc.kit.edu/KIT-CA/acme4netvs/-/issues/21Weird ini-parser behaviour2022-09-09T03:17:30+02:00ha2931dominik.rimpf@kit.eduWeird ini-parser behaviourWhats the background on [these lines](https://git.scc.kit.edu/KIT-CA/acme4netvs/-/blob/main/parse_ini.go#L27-33)?
```
if endpoint == "" {
if c.Endpoint == "" {
endpoint = BASEURIPROD
} else {
endpoint = c.Endpoint
}
}
```
...Whats the background on [these lines](https://git.scc.kit.edu/KIT-CA/acme4netvs/-/blob/main/parse_ini.go#L27-33)?
```
if endpoint == "" {
if c.Endpoint == "" {
endpoint = BASEURIPROD
} else {
endpoint = c.Endpoint
}
}
```
I find it a bit weird to just default to the production api if the user has a (from my view) malformed config file. It also differs from the behaviour of the python-api library from SCC-NET.ge3242heiko.reese@kit.eduge3242heiko.reese@kit.eduhttps://git.scc.kit.edu/KIT-CA/acme4netvs/-/issues/26Implement cert-manager webhook for k8s2023-04-04T15:28:46+02:00ts9019peter.oettig@kit.eduImplement cert-manager webhook for k8sSuggested by @ttuellmann
https://cert-manager.io/docs/contributing/dns-providers/
https://github.com/aellwein/cert-manager-webhook-netcup/blob/master/main.go
Probably depends on a libdns implementation for NETVS-API to not go insaneSuggested by @ttuellmann
https://cert-manager.io/docs/contributing/dns-providers/
https://github.com/aellwein/cert-manager-webhook-netcup/blob/master/main.go
Probably depends on a libdns implementation for NETVS-API to not go insanehttps://git.scc.kit.edu/KIT-CA/acme4netvs/-/issues/27Hardcode API-Version2022-09-22T01:43:15+02:00ha2931dominik.rimpf@kit.eduHardcode API-VersionWe should hardcode the API-version as we do not truly support multiple versions.We should hardcode the API-version as we do not truly support multiple versions."stable"https://git.scc.kit.edu/KIT-CA/acme4netvs/-/issues/29Enforce 0o600 permissions on netdb_client.ini2022-10-11T16:07:24+02:00ts9019peter.oettig@kit.eduEnforce 0o600 permissions on netdb_client.iniBasically like SSH does for authorized_keysBasically like SSH does for authorized_keyshttps://git.scc.kit.edu/KIT-CA/acme4netvs/-/issues/31Decide what to do if a DNS-Server is not reachable2022-10-14T14:30:12+02:00ts9019peter.oettig@kit.eduDecide what to do if a DNS-Server is not reachableCurrently, this is interpreted as "challenge not available"
However, some servers might not be able to reach e.g. belwue for various reasons.
We should definitely log "connection timeout/fail" differently from "does not yet have challen...Currently, this is interpreted as "challenge not available"
However, some servers might not be able to reach e.g. belwue for various reasons.
We should definitely log "connection timeout/fail" differently from "does not yet have challenge".
Possible solutions:
* Assume challenge deploy success on connection fail to a DNS-Server
* Assume that all DNS-Servers must be reachable and keep it that wayhttps://git.scc.kit.edu/KIT-CA/acme4netvs/-/issues/37Homebrew Tap2022-11-22T15:00:33+01:00ha2931dominik.rimpf@kit.eduHomebrew TapBei der Fragestunde wurde ein Homebrew Tap gewünscht. Wir können das "einfach" via `goreleaser` machen.Bei der Fragestunde wurde ein Homebrew Tap gewünscht. Wir können das "einfach" via `goreleaser` machen.ha2931dominik.rimpf@kit.eduha2931dominik.rimpf@kit.eduhttps://git.scc.kit.edu/KIT-CA/acme4netvs/-/issues/40Provide RPM packages2023-03-15T16:54:56+01:00ge3242heiko.reese@kit.eduProvide RPM packagesBuild and distribute rpm packages. Possibly via rpm repository.
People to notify when done: reiner.linnenkohl@kit.edu, michael.buchwald@kit.edu (SCC#64100705).Build and distribute rpm packages. Possibly via rpm repository.
People to notify when done: reiner.linnenkohl@kit.edu, michael.buchwald@kit.edu (SCC#64100705).https://git.scc.kit.edu/KIT-CA/acme4netvs/-/issues/41Use new api endpoints2023-07-07T12:03:59+02:00px8408konstantin.zangerle@kit.eduUse new api endpointsIn `netvs_client.go`
old:
* https://www-net.scc.kit.edu/api
* https://www-net-test.scc.kit.edu/api
* https://www-net-devel.scc.kit.edu/api
new:
* https://api.netdb.scc.kit.edu
* https://api.netdb-test.scc.kit.edu
* https://api.netdb-d...In `netvs_client.go`
old:
* https://www-net.scc.kit.edu/api
* https://www-net-test.scc.kit.edu/api
* https://www-net-devel.scc.kit.edu/api
new:
* https://api.netdb.scc.kit.edu
* https://api.netdb-test.scc.kit.edu
* https://api.netdb-devel.scc.kit.edu