[pkg-go] Bug#968964: lego: disables DNS providers without warning

Phil Pennock debian-bts at phil.spodhuis.org
Mon Aug 24 17:42:12 BST 2020

Package: lego
Severity: important

Dear Maintainer,

The lego packaging for Debian disables various DNS providers, but does
not call out in the changelog when providers are disabled and does not
update the dnshelp sub-command so that the tool continues to falsely
claim support for DNS providers which have been disabled.  This led to
much debugging until fresh eyes on a Monday quickly identified that all
our problems came from using the distribution packaging of lego, so
we've now switched to upstream release binaries.

In the
git repo with the packaging, commit f2a108f0 on 2019-12-21 disabled
support for MS Azure DNS handling.  This was not mentioned in the
changelog file or the git commit message.

The way that DNS providers are disabled is that in the debian/rules
file, the upstream `providers/dns/dns_providers.go` is patched with
Perl.  If Debian is going to continue doing this, as a policy decision,
then the file `cmd/zz_gen_cmd_dnshelp.go` also needs to be updated, so
that running `lego dnshelp` does not falsely claim support where none

I believe that silently breaking working support and leaving now-false
claims in the code warrants "important" severity.

-- System Information:
Debian Release: bullseye/sid
  APT prefers focal-updates
  APT policy: (500, 'focal-updates'), (500, 'focal-security'), (500, 'focal'), (100, 'focal-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.5.7-050507-generic (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

More information about the Pkg-go-maintainers mailing list