This PR:
* Deletes the 2.0 pre-release pipeline
* Causes 1.x releases to be released to Docker Hub without updating the latest tag, PyPI, and the candidate and stable channels of the snap store
* Causes 2.x releases to be released to Docker Hub, PyPI, the beta channel of the snap store, and our Windows installer
We could potentially look into how to continue to do 1.x Windows installer releases through GitHub releases and tech ops tooling, but I personally don't think it's worth it right now.
This PR DOES NOT do anything about progressive snap releases. I think we can revisit this when/if we decide (how) to do them.
* main: set more permissive umask when creating work_dir
This'll guarantee our working dir has the appropriate permissions,
even when a user has a strict umask
* update changelog
Co-authored-by: Brad Warren <bmw@users.noreply.github.com>
* certbot-apache: use httpd for newer RHEL derived distros
A change in RHEL 9 is causing apachectl to error out when used
with additional arguments, resulting in certbot errors. The CentOS
configurator now uses httpd instead for RHEL 9 (and later) derived
distros.
* Single CentOS class which uses the apache_bin option
* soothe mypy
* Always call super()._override_cmds()
Fixes#7206.
I think it's about time we did this:
- `dnssec-keygen` on new distros doesn't support the HMAC algorithms anymore, so our instructions don't work.
- The oldest distros we support are Debian Buster (`9.11.5.P4+dfsg-5.1+deb10u7`) and CentOS 7 (`9.11.4-26.P2.el7_9.9`), which ship `tsig-keygen` and support `HMAC-SHA512`.
* Use the TSIG keyring for the initial SOA request
Helps allow the use of keys in BIND ACLs to help certbot update the correct zone. Previously TSIG was only used for zone updates, rather than for both the authoritative SOA request and zone update.
* Update CHANGELOG.md
* Update AUTHORS.md
* Workaround for mypy failure due to dnspython stubs
As per https://github.com/certbot/certbot/pull/9408#issuecomment-1257868864
Co-authored-by: Alex Zorin <alex@zorin.id.au>
* dont superfluously ask whether to renew, when changing key type
* reorder conditions
this prevents "Certificate not yet due for renewal" being printed
* and replace superfluous mock
* mock renewal.should_renew
* Remove external mock dependency
This also removes the "external-mock" test environment
* remove superfluous ignores
* remove mock warning ignore from pytest.ini
* drop deps on mock in oldest, drop dep on types-mock
Co-authored-by: Alex Zorin <alex@zorin.id.au>
