Home Home
Sign up | Login

Author Archive

openSUSE Heroes ♥ Let’s Encrypt™ – Expect certificate exchange

April 19th, 2018 by

openSUSE loves Let's Encrypt™

Maybe some of you noticed, that our certificate *.opensuse.org on many of services will expire soon (on 2018-04-23).

As we noticed that – as well – we decided to put a bit of work into this topic and we will use Let’s Encrypt certificates for the encrypted services of the openSUSE community.

This is just a short notice / announcement for all of you, that we are working on this topic at the moment. We will announce, together with the deployment of the new certificate, the regarding hashes and maybe some further information on our way of implementing things.

Just to give you a small number of services which will be affected, maybe you use one of the following list:

(This is a mixed list of services maintained by openSUSE Heroes and/or several SUSE teams for the openSUSE community – the certificate exchange will affect those services.)

  • build.opensuse.org
  • api.opensuse.org
  • openqa.opensuse.org
  • static.opensuse.org
  • ci.opensuse.org
  • svn.opensuse.org
  • software.opensuse.org
  • $LANG.opensuse.org for the several wiki instances
  • download.opensuse.org
  • keyserver.opensuse.org
  • …and many, many more :) – thanks to everybody in the openSUSE Heroes team for maintaining the zoo of services ;)

Thanks to the FLOSS & openSUSE community, we have full support of Let’s Encrypt certificates already on board our distribution.

As there are so many options to choose, we decided for the following tool to use Let’s Encrypt certificates:

  • dehydrated – as client with ACME v2 support – https://software.opensuse.org/package/dehydrated
    • with custom hook scripts, that will provide the wildcard-certificates to our proxy-infrastructure

Thanks to everybody involved in this task for getting the migration done.

Fun fact, as you might have noticed before, news.opensuse.org is not part of the openSUSE Heroes infrastructure (yet) and already got a new certificate from DigiCert.

openSUSE Heroes offsite 2018

March 5th, 2018 by

openSUSE-Heroes LogoThe first weekend in March 2018, the openSUSE Heroes met again in-person, after one year of infrastructure work, which was mostly done from home.

After our last in-person meeting in December 2016, we saw each-other in person at openSUSE conference 2017 and maybe at some other events like release parties – but now it’s the time of the year when it’s very cold outside – so we decided to stay one weekend inside and talk about the topics for 2018 and the future of the openSUSE Heroes team. And getting some work done :).

You might imagine us now two days busy with hacking and a bunch of nerds in front of their preferred shell-window. But it’s the total opposite. Our main “tools” we used this weekend were a flip chart, our voices and a lot of coffee.

By the way, thanks a lot to SUSE for providing us with a room, a network connection, drinks, coffee and cookies. In fact we were given the new and shiny “SUSE Event Area” which was built by SUSE last year to host all kinds of internal, external and community events.

After one year of having our monthly meetings via IRC, we had a lot of topics to discuss and a lot of decisions to make about the openSUSE infrastructure in the future.

After a nice dinner on Day0, Friday 2018-03-02, where most of the Heroes arrived in Nuremberg, we started working on Saturday.

On the Day1, Saturday 2018-03-03 and Day2, Sunday 2018-03-04 we had the following topics on our list, worked through them, defined ToDos for the following months and assigned tasks.

(more…)