Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add pebble for testing #82

Open
komuw opened this issue Mar 13, 2018 · 4 comments
Open

add pebble for testing #82

komuw opened this issue Mar 13, 2018 · 4 comments

Comments

@komuw
Copy link
Owner

komuw commented Mar 13, 2018

https://community.letsencrypt.org/t/jws-post-content-type-header-enforcement/55055

We should run it as part of ci and run integration tests against it.
@mmaney
Copy link
Collaborator

mmaney commented Apr 5, 2020

I've been working on this, using pebble-chaltestsrv to answer the challenges, and ran into a problem with pebble seemingly not honoring the -dnsserver option (to direct DNS queries to the chaltestsrv). Omens are unclear. Recording what hints I find here so I don't lose track of them again.

pebble #118 mentions docker magic workaround for a DNS issue that may or may not be related

@komuw
Copy link
Owner Author

komuw commented Apr 11, 2020

does this letsencrypt/pebble#139 help?

@komuw
Copy link
Owner Author

komuw commented Apr 11, 2020

do you have a draft PR open?
I can have a look and try to help if I get some time

@mmaney
Copy link
Collaborator

mmaney commented Apr 11, 2020

letsencrypt/pebble#139 would help if it worked. I banged my head on this for a while, evenually found, I think, that this is a fight against the go resolver that they're using, and they pulled a dirty(?) hack out which broke -dnsserver. That was months ago, and I understand they're a small, perhaps marginal part of letsencrypt's dev team, but I curse them roundly for not making it clear that the option was defunct. I think it was finding a bug where they chose NOT to remove the broken thing for some reason I cannot fathom, though it has an odor of arrogant pride to this afflicted user. :-( <flame/>

I'm nearly ready to have another go at it, by setting up a network namespace to stuff pebble into where it be given a custom resolv.conf (and another for challtestsrv, since there's no way to pass it the nonstandard port without the above-cursed thing). I don't know if this will translate directly into the CI environment, but it's a much more lightweight alternative to a full-load container for each piece... though it was a mention of someone who go the broken things working using containers that gave me hope again.

I have too many things going on, all of them less than perfectly independent. I'd like to finish the auth consolidation first (there's the catalog and removal of imports from init.py, which isn't in the PR yet, and some other changes that the bugs and old PRs I've been looking at have suggested), then re-assemble the pebble work, which is largely the "current RFC compat" work, on top of it. And once again, looking at other issues, especially the "*." one, has suggested some changes in the new auth interface. Continuous Improvement is the enemy of "done". :-/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mmaney @komuw