8.10.3 release missing on GitHub
mbanck opened this issue · comments
I kinda understand that you prefer to keep your development in a private gitlab, but it would be nice to have at least the releases on GitHub quickly. It seems 8.10.3 got released in June?
Even more so as I get certificate errors on my Linux notebook when trying to download from abinit.org, so it is not possible to automate checking for new versions and/or downloading them from scripts:
$ wget https://www.abinit.org/sites/default/files/packages/abinit-8.10.3.tar.gz
--2019-11-03 21:24:31-- https://www.abinit.org/sites/default/files/packages/abinit-8.10.3.tar.gz
Resolving www.abinit.org (www.abinit.org)... 130.104.22.56
Connecting to www.abinit.org (www.abinit.org)|130.104.22.56|:443... connected.
ERROR: The certificate of 'www.abinit.org' is not trusted.
ERROR: The certificate of 'www.abinit.org' hasn't got a known issuer.
Hi
It seems that with
wget https://www.abinit.org/sites/default/files/packages/abinit-8.10.3.tar.gz --no-check-certificate
it works.
Cheers
Jordan
Yes, but that's (i) extremely bad security practise and (ii) cannot be integrated with the automatic debian/watch
system which allows to automatically or semi-automatically check for new upstream versions and/or download a new upstream version.
What OS do you use ?
FF has no trouble with this certificate and validates it. Maybe the OS is to old to know the validation organization unit ?
What package debian package do you talk about ?
I use Debian stable. I know that Firefox accepts the cert, but https://www.ssllabs.com/ssltest/analyze.html?d=www.abinit.org shows "This server's certificate chain is incomplete. Grade capped to B." so there seems to be something wrong.
In any case it seems that you can reproduce the issue with wget
/curl
without --no-check-certificate
? Downloading tarballs from the command-line / in a script is a pretty common thing, so basically disabling https is not great.
I am talking about the Debian abinit package, https://packages.debian.org/buster/abinit and the Debian framework to automatically check for new upstream versions, see e.g. https://qa.debian.org/cgi-bin/watch?pkg=abinit - I had to move to github becuase abinit.org doesn't work and that one only has 8.10.2
The SSL certificate ( Sectigo PositiveSSL Wildcard ) for the domain *.abinit.org was signed by "Sectigo Certification Authority" ( in previous years, it was Comodo )
You need to add "Sectigo Chain Hierarchy and Intermediate Roots" ( see here )
For example, for wget, I put in the ~/.wgetrc
check_certificate = on
ca_certificate = /root/ssl/SectigoRSADomainValidationSecureServerCA.crt
Concerning the 8.10.3 release, it's an oversight :-(
I'm going to push the latest version...
However, it is a very minor update
Any news on releasing 8.10.3 here?
We are working on the next release of Abinit. I guess the next one will be pushed on github instead of 8.10.3
The certificat problem is resolved \o/
8.10.3 release will not be published...
9.0.3 pre-release is published !