-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add pebble for testing #82
Comments
I've been working on this, using pebble-chaltestsrv to answer the challenges, and ran into a problem with pebble seemingly not honoring the -dnsserver option (to direct DNS queries to the chaltestsrv). Omens are unclear. Recording what hints I find here so I don't lose track of them again. pebble #118 mentions docker magic workaround for a DNS issue that may or may not be related |
does this letsencrypt/pebble#139 help? |
do you have a draft PR open? |
letsencrypt/pebble#139 would help if it worked. I banged my head on this for a while, evenually found, I think, that this is a fight against the go resolver that they're using, and they pulled a dirty(?) hack out which broke -dnsserver. That was months ago, and I understand they're a small, perhaps marginal part of letsencrypt's dev team, but I curse them roundly for not making it clear that the option was defunct. I think it was finding a bug where they chose NOT to remove the broken thing for some reason I cannot fathom, though it has an odor of arrogant pride to this afflicted user. :-( I'm nearly ready to have another go at it, by setting up a network namespace to stuff pebble into where it be given a custom resolv.conf (and another for challtestsrv, since there's no way to pass it the nonstandard port without the above-cursed thing). I don't know if this will translate directly into the CI environment, but it's a much more lightweight alternative to a full-load container for each piece... though it was a mention of someone who go the broken things working using containers that gave me hope again. I have too many things going on, all of them less than perfectly independent. I'd like to finish the auth consolidation first (there's the catalog and removal of imports from init.py, which isn't in the PR yet, and some other changes that the bugs and old PRs I've been looking at have suggested), then re-assemble the pebble work, which is largely the "current RFC compat" work, on top of it. And once again, looking at other issues, especially the "*." one, has suggested some changes in the new auth interface. Continuous Improvement is the enemy of "done". :-/ |
https://community.letsencrypt.org/t/jws-post-content-type-header-enforcement/55055
We should run it as part of ci and run integration tests against it.
The text was updated successfully, but these errors were encountered: