[gentoo-dev] [RFC] News Item: Certbot rework and transition

[gentoo-dev] [RFC] News Item: Certbot rework and transition

[Thibaud CANALE]

[-- Attachment #1: Type: text/plain, Size: 2681 bytes --]

First iteration of news item about Certbot rework.

======== 2025-03-04-certbot-rework.en.txt BEGIN ========

Title: Certbot rework and transition
Author: Thibaud CANALE <thican@thican.net>
Content-Type: text/plain
Posted: 2025-03-04
Revision: 1
News-Item-Format: 2.0
Display-If-Installed: app-crypt/acme, app-crypt/certbot, app-crypt/certbot-apache, app-crypt/certbot-dns-cloudflare, app-crypt/certbot-dns-desec, app-crypt/certbot-dns-dnsimple, app-crypt/certbot-dns-nsone, app-crypt/certbot-dns-rfc2136, app-crypt/certbot-nginx

For ease of maintenance and faster and more reliable delivery for
Gentoo’s users, Certbot and its modules have been reworked into a single
package.

Starting from app-crypt/certbot-3.2.0-r100, only this package is
necessary to install Certbot and its modules thanks to the help of USE
flags. Some block statements are enforced for modules packages to avoid
collisions.
However this creates issues for users and requires them to take action
to update their Portage configuration and world set. Hence why this news
item and the introduction of transition packages.

Currently supported Certbot modules will have transition packages which
are simply meta-package with their corresponding USE flag to the main
package, but it still requires users to update their package.use, as
describe below.

As a reminder, there is a Wiki page for Certbot:
https://wiki.gentoo.org/wiki/Let%27s_Encrypt

So this news item introduces step-by-step actions to ensure proper
update:

1. Add an entry under package.use with the modules of your choice based
on the list provided by this new package. Example:

    app-crypt/certbot	certbot-apache certbot-dns-rfc2136

2. If you decide to go ahead of time by accepting "non stable" version
from Gentoo’s main Portage tree, continue with the following steps, or
simply stop here, your work is done for now. Step 3 will be done later.

3. You can decide to clean now your world set, or other sets, of
Certbot’s module packages:

    emerge --ask --deselect app-crypt/acme app-crypt/certbot-apache \
        app-crypt/certbot-dns-cloudflare app-crypt/certbot-dns-desec \
        app-crypt/certbot-dns-dnsimple app-crypt/certbot-dns-nsone \
        app-crypt/certbot-dns-rfc2136 app-crypt/certbot-nginx

4. Emerge or update app-crypt/certbot if necessary. This should remove
previous packages:

    emerge --verbose --ask --changed-use --noreplace app-crypt/certbot

======== 2025-03-04-certbot-rework.en.txt END ========


-- 
Thibaud CANALE
thican [at] thican [dot] net
https://thican.net/
GPG: rsa4096 2013-10-14 485EF628CB85CDD4CB7CFF0D52F5127650733A18

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

[gentoo-dev] Re: [RFC] News Item: Certbot rework and transition

[Duncan]

Thibaud CANALE posted on Tue, 4 Mar 2025 19:37:46 +0100 as excerpted:

> First iteration of news item about Certbot rework.

> For ease of maintenance and faster and more reliable delivery for
> Gentoo’s users, Certbot and its modules have been reworked into a single
> package.

I'd suggest putting (the more important) "what" first, then why:

Certbot and it modules are being reworked into a single package.  This 
should ease maintenance and make delivery faster and more reliable.

> Starting from app-crypt/certbot-3.2.0-r100, only this package is
> necessary to install Certbot and its modules thanks to the help of USE
> flags. Some block statements are enforced for modules packages to avoid
> collisions.

Good as-is...

> However this creates issues for users and requires them to take action
> to update their Portage configuration and world set. Hence why this news
> item and the introduction of transition packages.

(Concisify, omitting a bit as implied, and explicitly name the config 
changes:)

Action required: @world set and package.use changes.

> 
> Currently supported Certbot modules will have transition packages which
> are simply meta-package with their corresponding USE flag to the main
> package, but it still requires users to update their package.use, as
> describe below.

Temporary transition metapackages activate the appropriate USE flags to 
keep things working for now, but users must update package.use and their 
@world set to complete the transition before <date>, after which these 
temporary transition packages will be removed.

(Decide on and substitute the removal date as appropriate.)

> As a reminder, there is a Wiki page for Certbot:
> https://wiki.gentoo.org/wiki/Let%27s_Encrypt

:^)

> So this news item introduces step-by-step actions to ensure proper
> update:

Step by step:

> 1. Add an entry under package.use with the modules of your choice based
> on the list provided by this new package. Example:

1. In package.use:

(Should that be the full path, /etc/portage/package.use?)

Add an entry for the modules of your choice based on the USE flags of the 
new unified package.  Example:

>     app-crypt/certbot	certbot-apache certbot-dns-rfc2136

:^)

> 2. If you decide to go ahead of time by accepting "non stable" version
> from Gentoo’s main Portage tree, continue with the following steps, or
> simply stop here, your work is done for now. Step 3 will be done later.

If you wish to stick with stable you may stop here.  The below steps 
(skipping step 2) will be completed later once the unified package 
stabilizes.  Should you wish to complete the transition now:

(Note that the step number was removed.  New step 2, 
(path?)package.accept_keywords step.)

2. In package.accept_keywords (skip this step and continue with step 3 if 
completing after the unified package stabilizes):

Add a keyword entry for the new unified package.  Example:

     ~app-crypt/certbot-3.2.0     ~amd64

> 3. You can decide to clean now your world set, or other sets, of
> Certbot’s module packages:

3. Clean the old module packages out of your @world or other sets:

>     emerge --ask --deselect app-crypt/acme app-crypt/certbot-apache \
>         app-crypt/certbot-dns-cloudflare app-crypt/certbot-dns-desec \
>         app-crypt/certbot-dns-dnsimple app-crypt/certbot-dns-nsone \
>         app-crypt/certbot-dns-rfc2136 app-crypt/certbot-nginx
> 
> 4. Emerge or update app-crypt/certbot if necessary. This should remove
> previous packages:
> 
>     emerge --verbose --ask --changed-use --noreplace app-crypt/certbot

:^)

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman

[gentoo-dev] [RFC][V2] News Item: Certbot rework and transition

[Thibaud CANALE]

[-- Attachment #1: Type: text/plain, Size: 3015 bytes --]

Second iteration of news item about Certbot rework.
Thanks Duncan for the feedbacks.
And I arbitrary decided for a date about the removal of transition
metapackages, unless it is not satisfying.

Note: I am not sure if I had to update the "Posted" field, did it
anyway.

======== 2025-03-04-certbot-rework.en.txt BEGIN ========

Title: Certbot rework and transition
Author: Thibaud CANALE <thican@thican.net>
Content-Type: text/plain
Posted: 2025-03-07
Revision: 2
News-Item-Format: 2.0
Display-If-Installed: app-crypt/acme, app-crypt/certbot, app-crypt/certbot-apache, app-crypt/certbot-dns-cloudflare, app-crypt/certbot-dns-desec, app-crypt/certbot-dns-dnsimple, app-crypt/certbot-dns-nsone, app-crypt/certbot-dns-rfc2136, app-crypt/certbot-nginx

Certbot and its modules have been reworked into a single package; this
should ease maintenance and make delivery faster and more reliable.

Starting from app-crypt/certbot-3.2.0-r100, only this package is
necessary to install Certbot and its modules thanks to the help of USE
flags. Some block statements are enforced for modules packages to avoid
collisions.
However actions from users are required: @world set and package.use
changes.

Temporary transition metapackages call for the appropriate USE flags,
but users still have to change their package.use and later they must
update their @world set to complete the transition before 2025-06-10
(around three months from publication), after which these temporary
transition packages will be removed.

As a reminder, there is a Wiki page for Certbot:
https://wiki.gentoo.org/wiki/Let%27s_Encrypt

Step by step:

1. In /etc/portage/package.use:

Add an entry for the modules of your choice based on the USE flags of
the new unified package.  Example:

    app-crypt/certbot	certbot-apache certbot-dns-rfc2136

If you wish to stick with stable you may stop here.  The below steps
(skipping step 2) will be completed later once the unified package
stabilizes.  Should you wish to complete the transition now:

2. In /etc/portage/package.accept_keywords: (skip this step and continue
with step 3 if completing after the unified package stabilizes):

Add a keyword entry for the new unified package.  Example:

     ~app-crypt/certbot-3.2.0	~amd64

3. Clean the old module packages out of your @world or other sets:

    emerge --ask --deselect app-crypt/acme app-crypt/certbot-apache \
        app-crypt/certbot-dns-cloudflare app-crypt/certbot-dns-desec \
        app-crypt/certbot-dns-dnsimple app-crypt/certbot-dns-nsone \
        app-crypt/certbot-dns-rfc2136 app-crypt/certbot-nginx

4. Emerge or update app-crypt/certbot if necessary. This should remove
previous packages:

    emerge --verbose --ask --changed-use --noreplace app-crypt/certbot

======== 2025-03-04-certbot-rework.en.txt END ========


-- 
Thibaud CANALE
thican [at] thican [dot] net
https://thican.net/
GPG: rsa4096 2013-10-14 485EF628CB85CDD4CB7CFF0D52F5127650733A18

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]