certbot/docs/packaging.rst
We release packages and upload them to PyPI (wheels and source tarballs).
The following scripts are used in the process:
We use git tags to identify releases, using Semantic Versioning_. For
example: v0.11.1.
.. _Semantic Versioning: https://semver.org/
Since version 1.21.0, our packages are cryptographically signed by one of four PGP keys:
BF6BCFC89E90747B9A680FD7B6029E8500F7DB1686379B4F0AF371B50CD9E5FF3402831161D1D28020F201346BF8F3F455A73F9A780CC99432A28621These keys can be found on major key servers.
Releases before 1.21.0 were signed by the PGP key
A2CFB51FA275A7286234E7B24D17C995CD9775F2 which can still be found on major
key servers.
Please use our tagged releases, not main!
Do not package certbot-compatibility-test as it's only used internally.
To run tests on our packages, you should use pytest by running the command python -m pytest. Running pytest directly may not work because PYTHONPATH is not handled the same way and local modules may not be found by the test runner.
If you'd like to include automated renewal in your package:
certbot renew -q should be added to crontab or systemd timer.--preconfigured-renewal should be included on the CLI or in cli.ini for all invocations of Certbot, so that it can adjust its interactive output regarding automated renewal (Certbot >= 1.9.0).jws is an internal script for acme module and it doesn't have to be packaged - it's mostly for debugging: you can use it as echo foo | jws sign | jws verify.
Do get in touch with us. We are happy to make any changes that will make packaging easier. If you need to apply some patches don't do it downstream - make a PR here.