README/docs refresh #3876
README/docs refresh #3876
Conversation
This is primarily based on Roland's `readme-updates` branch and the closed PR[0]. The README is restructured to be user-driven. Information that is strictly contributor focused (e.g. dep upgrades) is moved to CONTRIBUTING.md. The README now links to the production deployment guide in the wiki and describes our general position on using Boulder. The CONTRIBUTING.md guide links to the various docs/ pages and was updated. The docs/acme-divergences page is updated for draft-15. The DESIGN.md document is moved from the root of the repo into docs/. It has been updated to cover ACMEv2 and precertificates/SCT embedding. [0] - #3195
| request into the body of the commit message. | ||
|
|
||
| If the Travis tests are failing on your branch, you should look at the logs to figure out why. Sometimes they fail spuriously, in which case you can post a comment requesting that a project owner kick the build. | ||
| If the Travis tests are failing on your branch, you should look at the logs to figure out why. Sometimes (though rarely) they fail spuriously, in which case you can post a comment requesting that a project owner kick the build. |
There was a problem hiding this comment.
Note: I removed the mention of the merger copying the URL of the PR into the body of the commit message. In practice I don't think we ever do that and it doesn't seem worthwhile.
There was a problem hiding this comment.
Yep; The default title for squash commits puts the PR number in the summary line, which is all we need.
CONTRIBUTING.md
Outdated
| @@ -28,16 +26,14 @@ Thanks for helping us build Boulder! This page contains requirements and guideli | |||
| ``` | |||
| // TODO(<email-address>): Hoverboard + Time-machine unsupported until upstream patch. | |||
| // TODO(Issue #<num>): Pending hoverboard/time-machine interface. | |||
There was a problem hiding this comment.
I think in reality we generally only ever use TODO(#<num>), not sure there are any instances of TODO(Issue #<num>).
CONTRIBUTING.md
Outdated
| git commit | ||
| ``` | ||
|
|
||
| NOTE: If you get "godep: no packages can be updated," there's a good chance you're trying to update a single package that belongs to a repo with other packages. For instance, `godep update golang.org/x/crypto/ocsp` will produce this error, because it's part of the `golang.org/x/crypto` repo, from which we also other packages. Godep requires that all packages from the same repo be on the same version, so it can't update just one. See https://github.com/tools/godep/issues/164 for the issue dedicated to fixing it. |
There was a problem hiding this comment.
s/from which we also other/from which we also vendor other/
|
|
||
| This component model lets us separate the function of the CA by security context. The Web Front End, Validation Authority, and Publisher need access to the Internet, which puts them at greater risk of compromise. The Registration Authority can live without Internet connectivity, but still needs to talk to the Web Front End and Validation Authority. The Certificate Authority need only receive instructions from the Registration Authority. All components talk to the SA for storage, so lines indicating SA RPCs are not shown here. | ||
|
|
||
| ``` |
There was a problem hiding this comment.
OCSP Updater -> Publisher communication is deprecated.
|
This generally LGTM, I'm supportive of merging and fixing anything else that pops up later. |
| request into the body of the commit message. | ||
|
|
||
| If the Travis tests are failing on your branch, you should look at the logs to figure out why. Sometimes they fail spuriously, in which case you can post a comment requesting that a project owner kick the build. | ||
| If the Travis tests are failing on your branch, you should look at the logs to figure out why. Sometimes (though rarely) they fail spuriously, in which case you can post a comment requesting that a project owner kick the build. |
There was a problem hiding this comment.
Yep; The default title for squash commits puts the PR number in the summary line, which is all we need.
README.md
Outdated
| 7. OCSP Updater | ||
| 8. OCSP Responder | ||
|
|
||
| This component model lets us separate the function of the CA by security context. The Web Front End, Validation Authority, and Publisher need access to the Internet, which puts them at greater risk of compromise. The Registration Authority can live without Internet connectivity, but still needs to talk to the Web Front End and Validation Authority. The Certificate Authority need only receive instructions from the Registration Authority. All components talk to the SA for storage, so lines indicating SA RPCs are not shown here. |
There was a problem hiding this comment.
*"most lines indicating SA RPCs are not shown" -- since the RA->SA line is in fact shown.
README.md
Outdated
|
|
||
| ifconfig docker0 | grep "inet addr:" | cut -d: -f2 | awk '{ print $1}' | ||
|
|
||
| And edit docker-compose.yml to change the FAKE_DNS environment variable to | ||
| match. | ||
| And edit docker-compose.yml to change the FAKE_DNS environment variable to match. This will cause Boulder to use the local system resolver available on your host if one is available. |
There was a problem hiding this comment.
The second sentence is inaccurate. Instead I would say "This will cause Boulder's stubbed-out DNS resolver (sd-test-srv) to respond to all A queries to the address in FAKE_DNS". This is a common source of confusion for just about everyone, myself included. :-D It might be nice to do this in a more intuitive way in the future.
README.md
Outdated
| Your local Boulder instance uses a fake DNS server that returns 127.0.0.1 for | ||
| any query, so you can use any value for the -d flag. You can also override that | ||
| value by setting the environment variable FAKE_DNS=1.2.3.4 | ||
| Your local Boulder instance uses a fake DNS resolver that returns 127.0.0.1 for any query, so you can use any value for the -d flag. If you want to use another DNS resolver you can by setting the environment variable FAKE_DNS=1.2.3.4. |
There was a problem hiding this comment.
The "If you want to use another..." sentence is also inaccurate for the reason described above.
README.md
Outdated
|
|
||
| ``` | ||
| Your local Boulder instance uses a fake DNS resolver that returns 127.0.0.1 for any query, allowing you to issue certificates for any domain as if it resolved to your localhost. If you want to use another DNS resolver you can by setting the environment variable FAKE_DNS=1.2.3.4. |
There was a problem hiding this comment.
Same comment as above: FAKE_DNS doesn't change which DNS resolver you use, just the answers you get.
README.md
Outdated
| a production setting we prioritize support and development work that favors | ||
| Let's Encrypt's mission. This means we may not be able to provide timely support | ||
| or accept pull-requests that deviate significantly from our first line goals. We | ||
| will try our best to engage with folks who have done their homework and need |
There was a problem hiding this comment.
Instead of "folks who have done their homework," how about "if you've thoroughly evaluated the alternatives and Boulder is definitely the best fit, we're happy to answer questions to the best of our ability."
docs/DESIGN.md
Outdated
| @@ -0,0 +1,423 @@ | |||
| # Boulder flow diagrams | |||
|
|
|||
| Boulder is built in a decentralized way in order to enable parts to be deployed | |||
There was a problem hiding this comment.
How about "Boulder is built out of multiple components that can be deployed in different security contexts?" I think "decentralized" here might lead to some minor confusion.
|
@rolandshoemaker @jsha Thanks for the feedback. This branch should be ready for another 🔍 now. |
This is primarily based on @rolandshoemaker's
readme-updatesbranch and the closed PR: #3195The README is restructured to be user-driven. Information that is strictly contributor focused (e.g. dep upgrades) is moved to CONTRIBUTING.md. The review feedback from #3195 from @jsha was all about text that we removed entirely in 29cdd78
The README now links to the production deployment guide in the wiki and describes our general position on using Boulder.
The CONTRIBUTING.md guide links to the various docs/ pages and was updated.
The docs/acme-divergences page is updated for draft-15.
The DESIGN.md document is moved from the root of the repo into docs/. It has been updated to cover ACMEv2 and precertificates/SCT embedding.
Resolves #3850