Gentoo: letsencrypt should not automatically record packages to the world config file


#1

The client automatically tries to resolve package dependencies on Gentoo. This is a good thing, but it should not record that dependencies to the world file. The client is just a temporary download (check out git, get certificate, remove the client) and threfore should not be treated as a regular installation. especially the package management does not know about a possible remove the client and therefore some garbage remains on the system. Furthermore, it is not possible to see if the packages were contained in world before the call of letsencrypt-auto. Therefore, the manual removal is also error prone (one might remove something one actuallly needs, but have forgotten about).

proposed solution:
install the packages with the --oneshot option and ask the user if he wants to proceed (–ask --verbose) before actually starting the installation of packages.

Example of current behavior:
wgs-vm2 letsencrypt ## ./letsencrypt-auto --help
WARNING: Gentoo support is very experimental at present…
if you would like to work on improving it, please ensure you have backups
and then run this script again with the --debug flag!
wgs-vm2 letsencrypt # ./letsencrypt-auto --debug --help
Bootstrapping dependencies for Gentoo…
Calculating dependencies… done!
>>> Recording app-misc/ca-certificates in “world” favorites file…
>>> Recording dev-lang/python:2.7 in “world” favorites file…
>>> Recording dev-libs/libffi in “world” favorites file…
>>> Recording dev-libs/openssl in “world” favorites file…
>>> Recording virtual/pkgconfig in “world” favorites file…
>>> Verifying ebuild manifests
>>> Emerging (1 of 4) app-doc/NaturalDocs-1.52-r1::gentoo
>>> Emerging (2 of 4) dev-python/virtualenv-13.1.2::gentoo
>>> Emerging (3 of 4) dev-util/dialog-1.2.20150920::gentoo


#2

The heck?!

Why should the letsencrypt-auto script meddle with the dependencies anyway? *Shiver* Guess that’s the purpose of the auto script… Brrrr… :stuck_out_tongue:

I would recommend to my fellow Gentoo users to just use app-crypt/letsencrypt without the letsencrypt-auto script. From the docs:

letsencrypt-auto is the recommended method of running the Let’s Encrypt client beta releases on systems that don’t have a packaged version.

Gentoo has.

So: don’t use letsencrypt-auto, but use emerge letsencrypt and letsencrypt :smile:

Anyway, for the time being a good catch: you should make an issue @ GitHub :smile:

For some reason the explicitly added the dependencies to the world file, even if they weren’t before ánd were already installed:

https://github.com/letsencrypt/letsencrypt/blob/master/bootstrap/_gentoo_common.sh#L21

From man emerge:

  --noreplace (-n)
         Skips the packages specified on the command-line that have  already  been  installed.   Without  this
         option,  any  package  atoms  or  package  sets you specify on the command-line will cause Portage to
         remerge the package, even if it is already installed.  Note that Portage will not  remerge  dependen‐
         cies by default. This option can be used to update the world file without rebuilding the packages.

I guess they didn’t read the man page very well and misinterpreted it? I guess they don’t want to re-emerge dependencies which were already installed, but missed the fact that this switch will than add the package to the world file. Solution: add --oneshot and leave --noreplace. “Best of both worlds” :smile:

Hmm, made a PR. My first… Ever… :stuck_out_tongue: