crypt/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2025-08-06 16:42:41 +03:00
Code Activity

Release 0.7.0

Browse Source
This commit is contained in:
Brad Warren
2016-05-27 13:30:46 -07:00
parent e01878a813
commit 46d8f6e18c
15 changed files with 176 additions and 146 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
acme/setup.py
View File

@@ -4,7 +4,7 @@ from setuptools import setup
from setuptools import find_packages from setuptools import find_packages
version = '0.7.0.dev0' version = '0.7.0'
# Please update tox.ini when modifying dependency version requirements # Please update tox.ini when modifying dependency version requirements
install_requires = [ install_requires = [

2
certbot-apache/setup.py
View File

@@ -4,7 +4,7 @@ from setuptools import setup
from setuptools import find_packages from setuptools import find_packages
version = '0.7.0.dev0' version = '0.7.0'
# Please update tox.ini when modifying dependency version requirements # Please update tox.ini when modifying dependency version requirements
install_requires = [ install_requires = [

99
certbot-auto
View File

@@ -19,7 +19,7 @@ XDG_DATA_HOME=${XDG_DATA_HOME:-~/.local/share}
VENV_NAME="letsencrypt" VENV_NAME="letsencrypt"
VENV_PATH=${VENV_PATH:-"$XDG_DATA_HOME/$VENV_NAME"} VENV_PATH=${VENV_PATH:-"$XDG_DATA_HOME/$VENV_NAME"}
VENV_BIN="$VENV_PATH/bin" VENV_BIN="$VENV_PATH/bin"
LE_AUTO_VERSION="0.6.0" LE_AUTO_VERSION="0.7.0"
BASENAME=$(basename $0) BASENAME=$(basename $0)
USAGE="Usage: $BASENAME [OPTIONS] USAGE="Usage: $BASENAME [OPTIONS]
A self-updating wrapper script for the Certbot ACME client. When run, updates A self-updating wrapper script for the Certbot ACME client. When run, updates
@@ -38,17 +38,6 @@ Help for certbot itself cannot be provided until it is installed.
All arguments are accepted and forwarded to the Certbot client when run." All arguments are accepted and forwarded to the Certbot client when run."
while getopts ":hnv" arg; do
case $arg in
h)
HELP=1;;
n)
ASSUME_YES=1;;
v)
VERBOSE=1;;
esac
done
for arg in "$@" ; do for arg in "$@" ; do
case "$arg" in case "$arg" in
--debug) --debug)
@@ -65,9 +54,26 @@ for arg in "$@" ; do
ASSUME_YES=1;; ASSUME_YES=1;;
--verbose) --verbose)
VERBOSE=1;; VERBOSE=1;;
-[!-]*)
while getopts ":hnv" short_arg $arg; do
case "$short_arg" in
h)
HELP=1;;
n)
ASSUME_YES=1;;
v)
VERBOSE=1;;
esac
done;;
esac esac
done done
if [ $BASENAME = "letsencrypt-auto" ]; then
# letsencrypt-auto does not respect --help or --yes for backwards compatibility
ASSUME_YES=1
HELP=0
fi
# certbot-auto needs root access to bootstrap OS dependencies, and # certbot-auto needs root access to bootstrap OS dependencies, and
# certbot itself needs root access for almost all modes of operation # certbot itself needs root access for almost all modes of operation
# The "normal" case is that sudo is used for the steps that need root, but # The "normal" case is that sudo is used for the steps that need root, but
@@ -107,12 +113,6 @@ else
SUDO= SUDO=
fi fi
if [ $BASENAME = "letsencrypt-auto" ]; then
# letsencrypt-auto does not respect --help or --yes for backwards compatibility
ASSUME_YES=1
HELP=0
fi
ExperimentalBootstrap() { ExperimentalBootstrap() {
# Arguments: Platform name, bootstrap function name # Arguments: Platform name, bootstrap function name
if [ "$DEBUG" = 1 ]; then if [ "$DEBUG" = 1 ]; then
@@ -425,7 +425,8 @@ BootstrapMac() {
$pkgcmd augeas $pkgcmd augeas
$pkgcmd dialog $pkgcmd dialog
if [ "$(which python)" = "/System/Library/Frameworks/Python.framework/Versions/2.7/bin/python" ]; then if [ "$(which python)" = "/System/Library/Frameworks/Python.framework/Versions/2.7/bin/python" \
-o "$(which python)" = "/usr/bin/python" ]; then
# We want to avoid using the system Python because it requires root to use pip. # We want to avoid using the system Python because it requires root to use pip.
# python.org, MacPorts or HomeBrew Python installations should all be OK. # python.org, MacPorts or HomeBrew Python installations should all be OK.
echo "Installing python..." echo "Installing python..."
@@ -435,7 +436,8 @@ BootstrapMac() {
# Workaround for _dlopen not finding augeas on OS X # Workaround for _dlopen not finding augeas on OS X
if [ "$pkgman" = "port" ] && ! [ -e "/usr/local/lib/libaugeas.dylib" ] && [ -e "/opt/local/lib/libaugeas.dylib" ]; then if [ "$pkgman" = "port" ] && ! [ -e "/usr/local/lib/libaugeas.dylib" ] && [ -e "/opt/local/lib/libaugeas.dylib" ]; then
echo "Applying augeas workaround" echo "Applying augeas workaround"
$SUDO ln -s /opt/local/lib/libaugeas.dylib /usr/local/lib $SUDO mkdir -p /usr/local/lib/
$SUDO ln -s /opt/local/lib/libaugeas.dylib /usr/local/lib/
fi fi
if ! hash pip 2>/dev/null; then if ! hash pip 2>/dev/null; then
@@ -451,6 +453,11 @@ BootstrapMac() {
fi fi
} }
BootstrapSmartOS() {
pkgin update
pkgin -y install 'gcc49' 'py27-augeas' 'py27-virtualenv'
}
# Install required OS packages: # Install required OS packages:
Bootstrap() { Bootstrap() {
@@ -483,8 +490,10 @@ Bootstrap() {
ExperimentalBootstrap "FreeBSD" BootstrapFreeBsd ExperimentalBootstrap "FreeBSD" BootstrapFreeBsd
elif uname | grep -iq Darwin ; then elif uname | grep -iq Darwin ; then
ExperimentalBootstrap "Mac OS X" BootstrapMac ExperimentalBootstrap "Mac OS X" BootstrapMac
elif grep -iq "Amazon Linux" /etc/issue ; then elif [ -f /etc/issue ] && grep -iq "Amazon Linux" /etc/issue ; then
ExperimentalBootstrap "Amazon Linux" BootstrapRpmCommon ExperimentalBootstrap "Amazon Linux" BootstrapRpmCommon
elif [ -f /etc/product ] && grep -q "Joyent Instance" /etc/product ; then
ExperimentalBootstrap "Joyent SmartOS Zone" BootstrapSmartOS
else else
echo "Sorry, I don't know how to bootstrap Certbot on your operating system!" echo "Sorry, I don't know how to bootstrap Certbot on your operating system!"
echo echo
@@ -523,6 +532,7 @@ if [ "$1" = "--le-auto-phase2" ]; then
echo "Installing Python packages..." echo "Installing Python packages..."
TEMP_DIR=$(TempDir) TEMP_DIR=$(TempDir)
trap 'rm -rf "$TEMP_DIR"' EXIT
# There is no $ interpolation due to quotes on starting heredoc delimiter. # There is no $ interpolation due to quotes on starting heredoc delimiter.
# ------------------------------------------------------------------------- # -------------------------------------------------------------------------
cat << "UNLIKELY_EOF" > "$TEMP_DIR/letsencrypt-auto-requirements.txt" cat << "UNLIKELY_EOF" > "$TEMP_DIR/letsencrypt-auto-requirements.txt"
@@ -706,21 +716,21 @@ mock==1.0.1 \
# THE LINES BELOW ARE EDITED BY THE RELEASE SCRIPT; ADD ALL DEPENDENCIES ABOVE. # THE LINES BELOW ARE EDITED BY THE RELEASE SCRIPT; ADD ALL DEPENDENCIES ABOVE.
acme==0.6.0 \ acme==0.7.0 \
--hash=sha256:cbe4e7a340a19725a8740ed86e30abdbe18fc22c4c6022b7a8e56642d502bcc3 \ --hash=sha256:6e61dba343806ad4cb27af84628152abc9e83a0fa24be6065587d2b46f340d7a \
--hash=sha256:ec4e6009dfbd629b58473eb06bbebfd9fb2a79fc8831c149e9205bc38a98ecc6 --hash=sha256:9f75a1947978402026b741bdee8a18fc5a1cfd539b78e523b7e5f279bf18eeb9
certbot==0.6.0 \ certbot==0.7.0 \
--hash=sha256:a893632d228864b0a751db9f3fdd93439ed34b988ea21b64fb0f0fa2ceded6a2 \ --hash=sha256:55604e43d231ac226edefed8dc110d792052095c3d75ad0e4a228ae0989fe5fd \
--hash=sha256:80b0b7dc5afeec2816ef638a61e7c628d73cd72666eebf4984be426d1c2b492d --hash=sha256:ad5083d75e16d1ab806802d3a32f34973b6d7adaf083aee87e07a6c1359efe88
certbot-apache==0.6.0 \ certbot-apache==0.7.0 \
--hash=sha256:0ab077f0913b81ed5c1b141c3a7c4c0228ef3738d8d61a93db794d9a80718d43 \ --hash=sha256:5ab5ed9b2af6c7db9495ce1491122798e9d0764e3df8f0843d11d89690bf7f88 \
--hash=sha256:1cfbe751209079a803758f472200816fac559f2a36fdd582d25e3ba5601423a1 --hash=sha256:1ddbfaf01bcb0b05c0dcc8b2ebd37637f080cf798151e8140c20c9f5fe7bae75
letsencrypt==0.6.0 \ letsencrypt==0.7.0 \
--hash=sha256:93196c7dcd57272a753e525d145c5a9987c8968c22ec954bcf83dcc9d2499a76 \ --hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \
--hash=sha256:a16d6c395f1bf5fd61a28ef83dc78f42dbecbad9d00be6236f2ad8915645c154 --hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9
letsencrypt-apache==0.6.0 \ letsencrypt-apache==0.7.0 \
--hash=sha256:02fadc52a0796e53978c508beec9c53e1fc047660240832b9bde5d53ab3a1379 \ --hash=sha256:10445980a6afc810325ea22a56e269229999120848f6c0b323b00275696b5c80 \
--hash=sha256:1c5522d94d7750bdb9bfa6201d2c263e914f662c9d0079e673167233cf4364f1 --hash=sha256:3f4656088a18e4efea7cd7eb4965e14e8d901f3b64f4691e79cafd0bb91890f0
UNLIKELY_EOF UNLIKELY_EOF
# ------------------------------------------------------------------------- # -------------------------------------------------------------------------
@@ -880,7 +890,6 @@ UNLIKELY_EOF
PIP_OUT=`"$VENV_BIN/pip" install --no-cache-dir --require-hashes -r "$TEMP_DIR/letsencrypt-auto-requirements.txt" 2>&1` PIP_OUT=`"$VENV_BIN/pip" install --no-cache-dir --require-hashes -r "$TEMP_DIR/letsencrypt-auto-requirements.txt" 2>&1`
PIP_STATUS=$? PIP_STATUS=$?
set -e set -e
rm -rf "$TEMP_DIR"
if [ "$PIP_STATUS" != 0 ]; then if [ "$PIP_STATUS" != 0 ]; then
# Report error. (Otherwise, be quiet.) # Report error. (Otherwise, be quiet.)
echo "Had a problem while installing Python packages:" echo "Had a problem while installing Python packages:"
@@ -890,14 +899,16 @@ UNLIKELY_EOF
fi fi
echo "Installation succeeded." echo "Installation succeeded."
fi fi
echo "Requesting root privileges to run certbot..." if [ -n "$SUDO" ]; then
# SUDO is su wrapper or sudo
echo "Requesting root privileges to run certbot..."
echo " $VENV_BIN/letsencrypt" "$@"
fi
if [ -z "$SUDO_ENV" ] ; then if [ -z "$SUDO_ENV" ] ; then
# SUDO is su wrapper / noop # SUDO is su wrapper / noop
echo " " $SUDO "$VENV_BIN/letsencrypt" "$@"
$SUDO "$VENV_BIN/letsencrypt" "$@" $SUDO "$VENV_BIN/letsencrypt" "$@"
else else
# sudo # sudo
echo " " $SUDO "$SUDO_ENV" "$VENV_BIN/letsencrypt" "$@"
$SUDO "$SUDO_ENV" "$VENV_BIN/letsencrypt" "$@" $SUDO "$SUDO_ENV" "$VENV_BIN/letsencrypt" "$@"
fi fi
@@ -923,8 +934,8 @@ else
fi fi
if [ "$NO_SELF_UPGRADE" != 1 ]; then if [ "$NO_SELF_UPGRADE" != 1 ]; then
echo "Checking for new version..."
TEMP_DIR=$(TempDir) TEMP_DIR=$(TempDir)
trap 'rm -rf "$TEMP_DIR"' EXIT
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
cat << "UNLIKELY_EOF" > "$TEMP_DIR/fetch.py" cat << "UNLIKELY_EOF" > "$TEMP_DIR/fetch.py"
"""Do downloading and JSON parsing without additional dependencies. :: """Do downloading and JSON parsing without additional dependencies. ::
@@ -997,7 +1008,7 @@ def latest_stable_version(get):
"""Return the latest stable release of letsencrypt.""" """Return the latest stable release of letsencrypt."""
metadata = loads(get( metadata = loads(get(
environ.get('LE_AUTO_JSON_URL', environ.get('LE_AUTO_JSON_URL',
'https://pypi.python.org/pypi/letsencrypt/json'))) 'https://pypi.python.org/pypi/certbot/json')))
# metadata['info']['version'] actually returns the latest of any kind of # metadata['info']['version'] actually returns the latest of any kind of
# release release, contrary to https://wiki.python.org/moin/PyPIJSON. # release release, contrary to https://wiki.python.org/moin/PyPIJSON.
# The regex is a sufficient regex for picking out prereleases for most # The regex is a sufficient regex for picking out prereleases for most
@@ -1016,7 +1027,7 @@ def verified_new_le_auto(get, tag, temp_dir):
""" """
le_auto_dir = environ.get( le_auto_dir = environ.get(
'LE_AUTO_DIR_TEMPLATE', 'LE_AUTO_DIR_TEMPLATE',
'https://raw.githubusercontent.com/letsencrypt/letsencrypt/%s/' 'https://raw.githubusercontent.com/certbot/certbot/%s/'
'letsencrypt-auto-source/') % tag 'letsencrypt-auto-source/') % tag
write(get(le_auto_dir + 'letsencrypt-auto'), temp_dir, 'letsencrypt-auto') write(get(le_auto_dir + 'letsencrypt-auto'), temp_dir, 'letsencrypt-auto')
write(get(le_auto_dir + 'letsencrypt-auto.sig'), temp_dir, 'letsencrypt-auto.sig') write(get(le_auto_dir + 'letsencrypt-auto.sig'), temp_dir, 'letsencrypt-auto.sig')
@@ -1079,8 +1090,6 @@ UNLIKELY_EOF
# filesystems is non-atomic, doing `rm dest, cp src dest, rm src`, but the # filesystems is non-atomic, doing `rm dest, cp src dest, rm src`, but the
# cp is unlikely to fail (esp. under sudo) if the rm doesn't. # cp is unlikely to fail (esp. under sudo) if the rm doesn't.
$SUDO mv -f "$TEMP_DIR/letsencrypt-auto.permission-clone" "$0" $SUDO mv -f "$TEMP_DIR/letsencrypt-auto.permission-clone" "$0"
# TODO: Clean up temp dir safely, even if it has quotes in its path.
rm -rf "$TEMP_DIR"
fi # A newer version is available. fi # A newer version is available.
fi # Self-upgrading is allowed. fi # Self-upgrading is allowed.

2
certbot-compatibility-test/setup.py
View File

@@ -4,7 +4,7 @@ from setuptools import setup
from setuptools import find_packages from setuptools import find_packages
version = '0.7.0.dev0' version = '0.7.0'
install_requires = [ install_requires = [
'certbot=={0}'.format(version), 'certbot=={0}'.format(version),

2
certbot-nginx/setup.py
View File

@@ -4,7 +4,7 @@ from setuptools import setup
from setuptools import find_packages from setuptools import find_packages
version = '0.7.0.dev0' version = '0.7.0'
# Please update tox.ini when modifying dependency version requirements # Please update tox.ini when modifying dependency version requirements
install_requires = [ install_requires = [

2
certbot/__init__.py
View File

@@ -1,4 +1,4 @@
"""Certbot client.""" """Certbot client."""
# version number like 1.2.3a0, must have at least 2 parts, like 1.2 # version number like 1.2.3a0, must have at least 2 parts, like 1.2
__version__ = '0.7.0.dev0' __version__ = '0.7.0'

32
docs/cli-help.txt
View File

@@ -28,6 +28,7 @@ optional arguments:
require additional command line flags; the client will require additional command line flags; the client will
try to explain which ones are required if it finds one try to explain which ones are required if it finds one
missing (default: False) missing (default: False)
--dialog Run using dialog (default: False)
--dry-run Perform a test run of the client, obtaining test --dry-run Perform a test run of the client, obtaining test
(invalid) certs but not saving them to disk. This can (invalid) certs but not saving them to disk. This can
currently only be used with the 'certonly' and 'renew' currently only be used with the 'certonly' and 'renew'
@@ -130,6 +131,10 @@ security:
Security parameters & server settings Security parameters & server settings
--rsa-key-size N Size of the RSA key. (default: 2048) --rsa-key-size N Size of the RSA key. (default: 2048)
--must-staple Adds the OCSP Must Staple extension to the
certificate. Autoconfigures OCSP Stapling for
supported setups (Apache version >= 2.3.3 ). (default:
False)
--redirect Automatically redirect all HTTP traffic to HTTPS for --redirect Automatically redirect all HTTP traffic to HTTPS for
the newly authenticated vhost. (default: None) the newly authenticated vhost. (default: None)
--no-redirect Do not automatically redirect all HTTP traffic to --no-redirect Do not automatically redirect all HTTP traffic to
@@ -148,6 +153,11 @@ security:
--no-uir Do not automatically set the "Content-Security-Policy: --no-uir Do not automatically set the "Content-Security-Policy:
upgrade-insecure-requests" header to every HTTP upgrade-insecure-requests" header to every HTTP
response. (default: None) response. (default: None)
--staple-ocsp Enables OCSP Stapling. A valid OCSP response is
stapled to the certificate that the server offers
during TLS. (default: None)
--no-staple-ocsp Do not automatically enable OCSP Stapling. (default:
None)
--strict-permissions Require that all configuration files are owned by the --strict-permissions Require that all configuration files are owned by the
current user; only needed if your config is somewhere current user; only needed if your config is somewhere
unsafe like /tmp/ (default: False) unsafe like /tmp/ (default: False)
@@ -173,7 +183,9 @@ renew:
Command to be run in a shell after attempting to Command to be run in a shell after attempting to
obtain/renew certificates. Can be used to deploy obtain/renew certificates. Can be used to deploy
renewed certificates, or to restart any servers that renewed certificates, or to restart any servers that
were stopped by --pre-hook. (default: None) were stopped by --pre-hook. This is only run if an
attempt was made to obtain/renew a certificate.
(default: None)
--renew-hook RENEW_HOOK --renew-hook RENEW_HOOK
Command to be run in a shell once for each Command to be run in a shell once for each
successfully renewed certificate.For this command, the successfully renewed certificate.For this command, the
@@ -263,15 +275,6 @@ plugins:
--webroot Obtain certs by placing files in a webroot directory. --webroot Obtain certs by placing files in a webroot directory.
(default: False) (default: False)
nginx:
Nginx Web Server - currently doesn't work
--nginx-server-root NGINX_SERVER_ROOT
Nginx server root directory. (default: /etc/nginx)
--nginx-ctl NGINX_CTL
Path to the 'nginx' binary, used for 'configtest' and
retrieving nginx version number. (default: nginx)
standalone: standalone:
Automatically use a temporary webserver Automatically use a temporary webserver
@@ -288,6 +291,15 @@ manual:
Automatically allows public IP logging. (default: Automatically allows public IP logging. (default:
False) False)
nginx:
Nginx Web Server - currently doesn't work
--nginx-server-root NGINX_SERVER_ROOT
Nginx server root directory. (default: /etc/nginx)
--nginx-ctl NGINX_CTL
Path to the 'nginx' binary, used for 'configtest' and
retrieving nginx version number. (default: nginx)
webroot: webroot:
Place files in webroot directory Place files in webroot directory

2
letsencrypt-apache/setup.py
View File

@@ -16,7 +16,7 @@ here = os.path.abspath(os.path.dirname(__file__))
readme = read_file(os.path.join(here, 'README.rst')) readme = read_file(os.path.join(here, 'README.rst'))
version = '0.7.0.dev0' version = '0.7.0'
# This package is a simple shim around certbot-apache # This package is a simple shim around certbot-apache

99
letsencrypt-auto
View File

@@ -19,7 +19,7 @@ XDG_DATA_HOME=${XDG_DATA_HOME:-~/.local/share}
VENV_NAME="letsencrypt" VENV_NAME="letsencrypt"
VENV_PATH=${VENV_PATH:-"$XDG_DATA_HOME/$VENV_NAME"} VENV_PATH=${VENV_PATH:-"$XDG_DATA_HOME/$VENV_NAME"}
VENV_BIN="$VENV_PATH/bin" VENV_BIN="$VENV_PATH/bin"
LE_AUTO_VERSION="0.6.0" LE_AUTO_VERSION="0.7.0"
BASENAME=$(basename $0) BASENAME=$(basename $0)
USAGE="Usage: $BASENAME [OPTIONS] USAGE="Usage: $BASENAME [OPTIONS]
A self-updating wrapper script for the Certbot ACME client. When run, updates A self-updating wrapper script for the Certbot ACME client. When run, updates
@@ -38,17 +38,6 @@ Help for certbot itself cannot be provided until it is installed.
All arguments are accepted and forwarded to the Certbot client when run." All arguments are accepted and forwarded to the Certbot client when run."
while getopts ":hnv" arg; do
case $arg in
h)
HELP=1;;
n)
ASSUME_YES=1;;
v)
VERBOSE=1;;
esac
done
for arg in "$@" ; do for arg in "$@" ; do
case "$arg" in case "$arg" in
--debug) --debug)
@@ -65,9 +54,26 @@ for arg in "$@" ; do
ASSUME_YES=1;; ASSUME_YES=1;;
--verbose) --verbose)
VERBOSE=1;; VERBOSE=1;;
-[!-]*)
while getopts ":hnv" short_arg $arg; do
case "$short_arg" in
h)
HELP=1;;
n)
ASSUME_YES=1;;
v)
VERBOSE=1;;
esac
done;;
esac esac
done done
if [ $BASENAME = "letsencrypt-auto" ]; then
# letsencrypt-auto does not respect --help or --yes for backwards compatibility
ASSUME_YES=1
HELP=0
fi
# certbot-auto needs root access to bootstrap OS dependencies, and # certbot-auto needs root access to bootstrap OS dependencies, and
# certbot itself needs root access for almost all modes of operation # certbot itself needs root access for almost all modes of operation
# The "normal" case is that sudo is used for the steps that need root, but # The "normal" case is that sudo is used for the steps that need root, but
@@ -107,12 +113,6 @@ else
SUDO= SUDO=
fi fi
if [ $BASENAME = "letsencrypt-auto" ]; then
# letsencrypt-auto does not respect --help or --yes for backwards compatibility
ASSUME_YES=1
HELP=0
fi
ExperimentalBootstrap() { ExperimentalBootstrap() {
# Arguments: Platform name, bootstrap function name # Arguments: Platform name, bootstrap function name
if [ "$DEBUG" = 1 ]; then if [ "$DEBUG" = 1 ]; then
@@ -425,7 +425,8 @@ BootstrapMac() {
$pkgcmd augeas $pkgcmd augeas
$pkgcmd dialog $pkgcmd dialog
if [ "$(which python)" = "/System/Library/Frameworks/Python.framework/Versions/2.7/bin/python" ]; then if [ "$(which python)" = "/System/Library/Frameworks/Python.framework/Versions/2.7/bin/python" \
-o "$(which python)" = "/usr/bin/python" ]; then
# We want to avoid using the system Python because it requires root to use pip. # We want to avoid using the system Python because it requires root to use pip.
# python.org, MacPorts or HomeBrew Python installations should all be OK. # python.org, MacPorts or HomeBrew Python installations should all be OK.
echo "Installing python..." echo "Installing python..."
@@ -435,7 +436,8 @@ BootstrapMac() {
# Workaround for _dlopen not finding augeas on OS X # Workaround for _dlopen not finding augeas on OS X
if [ "$pkgman" = "port" ] && ! [ -e "/usr/local/lib/libaugeas.dylib" ] && [ -e "/opt/local/lib/libaugeas.dylib" ]; then if [ "$pkgman" = "port" ] && ! [ -e "/usr/local/lib/libaugeas.dylib" ] && [ -e "/opt/local/lib/libaugeas.dylib" ]; then
echo "Applying augeas workaround" echo "Applying augeas workaround"
$SUDO ln -s /opt/local/lib/libaugeas.dylib /usr/local/lib $SUDO mkdir -p /usr/local/lib/
$SUDO ln -s /opt/local/lib/libaugeas.dylib /usr/local/lib/
fi fi
if ! hash pip 2>/dev/null; then if ! hash pip 2>/dev/null; then
@@ -451,6 +453,11 @@ BootstrapMac() {
fi fi
} }
BootstrapSmartOS() {
pkgin update
pkgin -y install 'gcc49' 'py27-augeas' 'py27-virtualenv'
}
# Install required OS packages: # Install required OS packages:
Bootstrap() { Bootstrap() {
@@ -483,8 +490,10 @@ Bootstrap() {
ExperimentalBootstrap "FreeBSD" BootstrapFreeBsd ExperimentalBootstrap "FreeBSD" BootstrapFreeBsd
elif uname | grep -iq Darwin ; then elif uname | grep -iq Darwin ; then
ExperimentalBootstrap "Mac OS X" BootstrapMac ExperimentalBootstrap "Mac OS X" BootstrapMac
elif grep -iq "Amazon Linux" /etc/issue ; then elif [ -f /etc/issue ] && grep -iq "Amazon Linux" /etc/issue ; then
ExperimentalBootstrap "Amazon Linux" BootstrapRpmCommon ExperimentalBootstrap "Amazon Linux" BootstrapRpmCommon
elif [ -f /etc/product ] && grep -q "Joyent Instance" /etc/product ; then
ExperimentalBootstrap "Joyent SmartOS Zone" BootstrapSmartOS
else else
echo "Sorry, I don't know how to bootstrap Certbot on your operating system!" echo "Sorry, I don't know how to bootstrap Certbot on your operating system!"
echo echo
@@ -523,6 +532,7 @@ if [ "$1" = "--le-auto-phase2" ]; then
echo "Installing Python packages..." echo "Installing Python packages..."
TEMP_DIR=$(TempDir) TEMP_DIR=$(TempDir)
trap 'rm -rf "$TEMP_DIR"' EXIT
# There is no $ interpolation due to quotes on starting heredoc delimiter. # There is no $ interpolation due to quotes on starting heredoc delimiter.
# ------------------------------------------------------------------------- # -------------------------------------------------------------------------
cat << "UNLIKELY_EOF" > "$TEMP_DIR/letsencrypt-auto-requirements.txt" cat << "UNLIKELY_EOF" > "$TEMP_DIR/letsencrypt-auto-requirements.txt"
@@ -706,21 +716,21 @@ mock==1.0.1 \
# THE LINES BELOW ARE EDITED BY THE RELEASE SCRIPT; ADD ALL DEPENDENCIES ABOVE. # THE LINES BELOW ARE EDITED BY THE RELEASE SCRIPT; ADD ALL DEPENDENCIES ABOVE.
acme==0.6.0 \ acme==0.7.0 \
--hash=sha256:cbe4e7a340a19725a8740ed86e30abdbe18fc22c4c6022b7a8e56642d502bcc3 \ --hash=sha256:6e61dba343806ad4cb27af84628152abc9e83a0fa24be6065587d2b46f340d7a \
--hash=sha256:ec4e6009dfbd629b58473eb06bbebfd9fb2a79fc8831c149e9205bc38a98ecc6 --hash=sha256:9f75a1947978402026b741bdee8a18fc5a1cfd539b78e523b7e5f279bf18eeb9
certbot==0.6.0 \ certbot==0.7.0 \
--hash=sha256:a893632d228864b0a751db9f3fdd93439ed34b988ea21b64fb0f0fa2ceded6a2 \ --hash=sha256:55604e43d231ac226edefed8dc110d792052095c3d75ad0e4a228ae0989fe5fd \
--hash=sha256:80b0b7dc5afeec2816ef638a61e7c628d73cd72666eebf4984be426d1c2b492d --hash=sha256:ad5083d75e16d1ab806802d3a32f34973b6d7adaf083aee87e07a6c1359efe88
certbot-apache==0.6.0 \ certbot-apache==0.7.0 \
--hash=sha256:0ab077f0913b81ed5c1b141c3a7c4c0228ef3738d8d61a93db794d9a80718d43 \ --hash=sha256:5ab5ed9b2af6c7db9495ce1491122798e9d0764e3df8f0843d11d89690bf7f88 \
--hash=sha256:1cfbe751209079a803758f472200816fac559f2a36fdd582d25e3ba5601423a1 --hash=sha256:1ddbfaf01bcb0b05c0dcc8b2ebd37637f080cf798151e8140c20c9f5fe7bae75
letsencrypt==0.6.0 \ letsencrypt==0.7.0 \
--hash=sha256:93196c7dcd57272a753e525d145c5a9987c8968c22ec954bcf83dcc9d2499a76 \ --hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \
--hash=sha256:a16d6c395f1bf5fd61a28ef83dc78f42dbecbad9d00be6236f2ad8915645c154 --hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9
letsencrypt-apache==0.6.0 \ letsencrypt-apache==0.7.0 \
--hash=sha256:02fadc52a0796e53978c508beec9c53e1fc047660240832b9bde5d53ab3a1379 \ --hash=sha256:10445980a6afc810325ea22a56e269229999120848f6c0b323b00275696b5c80 \
--hash=sha256:1c5522d94d7750bdb9bfa6201d2c263e914f662c9d0079e673167233cf4364f1 --hash=sha256:3f4656088a18e4efea7cd7eb4965e14e8d901f3b64f4691e79cafd0bb91890f0
UNLIKELY_EOF UNLIKELY_EOF
# ------------------------------------------------------------------------- # -------------------------------------------------------------------------
@@ -880,7 +890,6 @@ UNLIKELY_EOF
PIP_OUT=`"$VENV_BIN/pip" install --no-cache-dir --require-hashes -r "$TEMP_DIR/letsencrypt-auto-requirements.txt" 2>&1` PIP_OUT=`"$VENV_BIN/pip" install --no-cache-dir --require-hashes -r "$TEMP_DIR/letsencrypt-auto-requirements.txt" 2>&1`
PIP_STATUS=$? PIP_STATUS=$?
set -e set -e
rm -rf "$TEMP_DIR"
if [ "$PIP_STATUS" != 0 ]; then if [ "$PIP_STATUS" != 0 ]; then
# Report error. (Otherwise, be quiet.) # Report error. (Otherwise, be quiet.)
echo "Had a problem while installing Python packages:" echo "Had a problem while installing Python packages:"
@@ -890,14 +899,16 @@ UNLIKELY_EOF
fi fi
echo "Installation succeeded." echo "Installation succeeded."
fi fi
echo "Requesting root privileges to run certbot..." if [ -n "$SUDO" ]; then
# SUDO is su wrapper or sudo
echo "Requesting root privileges to run certbot..."
echo " $VENV_BIN/letsencrypt" "$@"
fi
if [ -z "$SUDO_ENV" ] ; then if [ -z "$SUDO_ENV" ] ; then
# SUDO is su wrapper / noop # SUDO is su wrapper / noop
echo " " $SUDO "$VENV_BIN/letsencrypt" "$@"
$SUDO "$VENV_BIN/letsencrypt" "$@" $SUDO "$VENV_BIN/letsencrypt" "$@"
else else
# sudo # sudo
echo " " $SUDO "$SUDO_ENV" "$VENV_BIN/letsencrypt" "$@"
$SUDO "$SUDO_ENV" "$VENV_BIN/letsencrypt" "$@" $SUDO "$SUDO_ENV" "$VENV_BIN/letsencrypt" "$@"
fi fi
@@ -923,8 +934,8 @@ else
fi fi
if [ "$NO_SELF_UPGRADE" != 1 ]; then if [ "$NO_SELF_UPGRADE" != 1 ]; then
echo "Checking for new version..."
TEMP_DIR=$(TempDir) TEMP_DIR=$(TempDir)
trap 'rm -rf "$TEMP_DIR"' EXIT
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
cat << "UNLIKELY_EOF" > "$TEMP_DIR/fetch.py" cat << "UNLIKELY_EOF" > "$TEMP_DIR/fetch.py"
"""Do downloading and JSON parsing without additional dependencies. :: """Do downloading and JSON parsing without additional dependencies. ::
@@ -997,7 +1008,7 @@ def latest_stable_version(get):
"""Return the latest stable release of letsencrypt.""" """Return the latest stable release of letsencrypt."""
metadata = loads(get( metadata = loads(get(
environ.get('LE_AUTO_JSON_URL', environ.get('LE_AUTO_JSON_URL',
'https://pypi.python.org/pypi/letsencrypt/json'))) 'https://pypi.python.org/pypi/certbot/json')))
# metadata['info']['version'] actually returns the latest of any kind of # metadata['info']['version'] actually returns the latest of any kind of
# release release, contrary to https://wiki.python.org/moin/PyPIJSON. # release release, contrary to https://wiki.python.org/moin/PyPIJSON.
# The regex is a sufficient regex for picking out prereleases for most # The regex is a sufficient regex for picking out prereleases for most
@@ -1016,7 +1027,7 @@ def verified_new_le_auto(get, tag, temp_dir):
""" """
le_auto_dir = environ.get( le_auto_dir = environ.get(
'LE_AUTO_DIR_TEMPLATE', 'LE_AUTO_DIR_TEMPLATE',
'https://raw.githubusercontent.com/letsencrypt/letsencrypt/%s/' 'https://raw.githubusercontent.com/certbot/certbot/%s/'
'letsencrypt-auto-source/') % tag 'letsencrypt-auto-source/') % tag
write(get(le_auto_dir + 'letsencrypt-auto'), temp_dir, 'letsencrypt-auto') write(get(le_auto_dir + 'letsencrypt-auto'), temp_dir, 'letsencrypt-auto')
write(get(le_auto_dir + 'letsencrypt-auto.sig'), temp_dir, 'letsencrypt-auto.sig') write(get(le_auto_dir + 'letsencrypt-auto.sig'), temp_dir, 'letsencrypt-auto.sig')
@@ -1079,8 +1090,6 @@ UNLIKELY_EOF
# filesystems is non-atomic, doing `rm dest, cp src dest, rm src`, but the # filesystems is non-atomic, doing `rm dest, cp src dest, rm src`, but the
# cp is unlikely to fail (esp. under sudo) if the rm doesn't. # cp is unlikely to fail (esp. under sudo) if the rm doesn't.
$SUDO mv -f "$TEMP_DIR/letsencrypt-auto.permission-clone" "$0" $SUDO mv -f "$TEMP_DIR/letsencrypt-auto.permission-clone" "$0"
# TODO: Clean up temp dir safely, even if it has quotes in its path.
rm -rf "$TEMP_DIR"
fi # A newer version is available. fi # A newer version is available.
fi # Self-upgrading is allowed. fi # Self-upgrading is allowed.

14
letsencrypt-auto-source/certbot-auto.asc
View File

@@ -1,11 +1,11 @@
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1 Version: GnuPG v1
iQEcBAABAgAGBQJXM9ZDAAoJEE0XyZXNl3XyzGkH/2KeR0jYxXKlvwfCkxU6hSC0 iQEcBAABAgAGBQJXSK5DAAoJEE0XyZXNl3Xyyb4H/Ahy9/8ADDaN5V/O/6kl6gE5
eXcxZVQk59hCSvkNGE6Mj6rwQcyjSqmRp14MaJpq7NZADN6F+HWb6VB/Wq6moMQs amQfm8T10EUD8APnNWYrYKBYruDBVvH0KiEcuAEs7q4xE5BaQatlobSnsHfv4AWW
PJtthqwhF767Qg+Py9Hp6XmlKscjXB6AKCVxq5TBwEIOTtj0rhQRLF9/+GW6jFuf TwInk2lRxYZ++MwwQf3DrqMK5QKfcoVnViZsRpZ8gHMLzsJllRm7R5eaTewO2ViM
kT6aUcDWNjOyWWUtp9vOVprDtegrltp0/2DNitlvPu263pKC+7I3GyLTq4fKP4EE KM+yDB3UsquLUvE4d3/hgBl2mXAUwsxLeFreZayvpoTcX2ARnzbtKqMaIBYDYWcx
auZSAhFry9SNR3Usf2wD3kzhvLSrT3h9Yh5oA04oaX9H6e86EHwt6RJJRHpg8s6b DewWtDsPrhKFpb2DY06S6JLmEttysUgv+hbKlaVO0yZ8cCUehkzBIGYoeS4chOLq
e0CBIIuaRJEmdiMUWlV/gAfH6M2PbG1wtJdxc0ThNEoWAjTsopr61BoHJ3cpCy4= fonNCzB8u3RtnLEFiPIy0N+A592jbLsqqUkxjammaJq3lH7nitduMLnpvGKt4yc=
=+e7/ =ex1J
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----

32
letsencrypt-auto-source/letsencrypt-auto
View File

@@ -19,7 +19,7 @@ XDG_DATA_HOME=${XDG_DATA_HOME:-~/.local/share}
VENV_NAME="letsencrypt" VENV_NAME="letsencrypt"
VENV_PATH=${VENV_PATH:-"$XDG_DATA_HOME/$VENV_NAME"} VENV_PATH=${VENV_PATH:-"$XDG_DATA_HOME/$VENV_NAME"}
VENV_BIN="$VENV_PATH/bin" VENV_BIN="$VENV_PATH/bin"
LE_AUTO_VERSION="0.7.0.dev0" LE_AUTO_VERSION="0.7.0"
BASENAME=$(basename $0) BASENAME=$(basename $0)
USAGE="Usage: $BASENAME [OPTIONS] USAGE="Usage: $BASENAME [OPTIONS]
A self-updating wrapper script for the Certbot ACME client. When run, updates A self-updating wrapper script for the Certbot ACME client. When run, updates
@@ -716,21 +716,21 @@ mock==1.0.1 \
# THE LINES BELOW ARE EDITED BY THE RELEASE SCRIPT; ADD ALL DEPENDENCIES ABOVE. # THE LINES BELOW ARE EDITED BY THE RELEASE SCRIPT; ADD ALL DEPENDENCIES ABOVE.
acme==0.6.0 \ acme==0.7.0 \
--hash=sha256:cbe4e7a340a19725a8740ed86e30abdbe18fc22c4c6022b7a8e56642d502bcc3 \ --hash=sha256:6e61dba343806ad4cb27af84628152abc9e83a0fa24be6065587d2b46f340d7a \
--hash=sha256:ec4e6009dfbd629b58473eb06bbebfd9fb2a79fc8831c149e9205bc38a98ecc6 --hash=sha256:9f75a1947978402026b741bdee8a18fc5a1cfd539b78e523b7e5f279bf18eeb9
certbot==0.6.0 \ certbot==0.7.0 \
--hash=sha256:a893632d228864b0a751db9f3fdd93439ed34b988ea21b64fb0f0fa2ceded6a2 \ --hash=sha256:55604e43d231ac226edefed8dc110d792052095c3d75ad0e4a228ae0989fe5fd \
--hash=sha256:80b0b7dc5afeec2816ef638a61e7c628d73cd72666eebf4984be426d1c2b492d --hash=sha256:ad5083d75e16d1ab806802d3a32f34973b6d7adaf083aee87e07a6c1359efe88
certbot-apache==0.6.0 \ certbot-apache==0.7.0 \
--hash=sha256:0ab077f0913b81ed5c1b141c3a7c4c0228ef3738d8d61a93db794d9a80718d43 \ --hash=sha256:5ab5ed9b2af6c7db9495ce1491122798e9d0764e3df8f0843d11d89690bf7f88 \
--hash=sha256:1cfbe751209079a803758f472200816fac559f2a36fdd582d25e3ba5601423a1 --hash=sha256:1ddbfaf01bcb0b05c0dcc8b2ebd37637f080cf798151e8140c20c9f5fe7bae75
letsencrypt==0.6.0 \ letsencrypt==0.7.0 \
--hash=sha256:93196c7dcd57272a753e525d145c5a9987c8968c22ec954bcf83dcc9d2499a76 \ --hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \
--hash=sha256:a16d6c395f1bf5fd61a28ef83dc78f42dbecbad9d00be6236f2ad8915645c154 --hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9
letsencrypt-apache==0.6.0 \ letsencrypt-apache==0.7.0 \
--hash=sha256:02fadc52a0796e53978c508beec9c53e1fc047660240832b9bde5d53ab3a1379 \ --hash=sha256:10445980a6afc810325ea22a56e269229999120848f6c0b323b00275696b5c80 \
--hash=sha256:1c5522d94d7750bdb9bfa6201d2c263e914f662c9d0079e673167233cf4364f1 --hash=sha256:3f4656088a18e4efea7cd7eb4965e14e8d901f3b64f4691e79cafd0bb91890f0
UNLIKELY_EOF UNLIKELY_EOF
# ------------------------------------------------------------------------- # -------------------------------------------------------------------------

BIN
letsencrypt-auto-source/letsencrypt-auto.sig
View File

Binary file not shown.

30
letsencrypt-auto-source/pieces/letsencrypt-auto-requirements.txt
View File

@@ -178,18 +178,18 @@ mock==1.0.1 \
# THE LINES BELOW ARE EDITED BY THE RELEASE SCRIPT; ADD ALL DEPENDENCIES ABOVE. # THE LINES BELOW ARE EDITED BY THE RELEASE SCRIPT; ADD ALL DEPENDENCIES ABOVE.
acme==0.6.0 \ acme==0.7.0 \
--hash=sha256:cbe4e7a340a19725a8740ed86e30abdbe18fc22c4c6022b7a8e56642d502bcc3 \ --hash=sha256:6e61dba343806ad4cb27af84628152abc9e83a0fa24be6065587d2b46f340d7a \
--hash=sha256:ec4e6009dfbd629b58473eb06bbebfd9fb2a79fc8831c149e9205bc38a98ecc6 --hash=sha256:9f75a1947978402026b741bdee8a18fc5a1cfd539b78e523b7e5f279bf18eeb9
certbot==0.6.0 \ certbot==0.7.0 \
--hash=sha256:a893632d228864b0a751db9f3fdd93439ed34b988ea21b64fb0f0fa2ceded6a2 \ --hash=sha256:55604e43d231ac226edefed8dc110d792052095c3d75ad0e4a228ae0989fe5fd \
--hash=sha256:80b0b7dc5afeec2816ef638a61e7c628d73cd72666eebf4984be426d1c2b492d --hash=sha256:ad5083d75e16d1ab806802d3a32f34973b6d7adaf083aee87e07a6c1359efe88
certbot-apache==0.6.0 \ certbot-apache==0.7.0 \
--hash=sha256:0ab077f0913b81ed5c1b141c3a7c4c0228ef3738d8d61a93db794d9a80718d43 \ --hash=sha256:5ab5ed9b2af6c7db9495ce1491122798e9d0764e3df8f0843d11d89690bf7f88 \
--hash=sha256:1cfbe751209079a803758f472200816fac559f2a36fdd582d25e3ba5601423a1 --hash=sha256:1ddbfaf01bcb0b05c0dcc8b2ebd37637f080cf798151e8140c20c9f5fe7bae75
letsencrypt==0.6.0 \ letsencrypt==0.7.0 \
--hash=sha256:93196c7dcd57272a753e525d145c5a9987c8968c22ec954bcf83dcc9d2499a76 \ --hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \
--hash=sha256:a16d6c395f1bf5fd61a28ef83dc78f42dbecbad9d00be6236f2ad8915645c154 --hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9
letsencrypt-apache==0.6.0 \ letsencrypt-apache==0.7.0 \
--hash=sha256:02fadc52a0796e53978c508beec9c53e1fc047660240832b9bde5d53ab3a1379 \ --hash=sha256:10445980a6afc810325ea22a56e269229999120848f6c0b323b00275696b5c80 \
--hash=sha256:1c5522d94d7750bdb9bfa6201d2c263e914f662c9d0079e673167233cf4364f1 --hash=sha256:3f4656088a18e4efea7cd7eb4965e14e8d901f3b64f4691e79cafd0bb91890f0

2
letsencrypt-nginx/setup.py
View File

@@ -16,7 +16,7 @@ here = os.path.abspath(os.path.dirname(__file__))
readme = read_file(os.path.join(here, 'README.rst')) readme = read_file(os.path.join(here, 'README.rst'))
version = '0.7.0.dev0' version = '0.7.0'
# This package is a simple shim around certbot-nginx # This package is a simple shim around certbot-nginx

2
letsencrypt/setup.py
View File

@@ -20,7 +20,7 @@ readme = read_file(os.path.join(here, 'README.rst'))
install_requires = ['certbot'] install_requires = ['certbot']
version = '0.7.0.dev0' version = '0.7.0'
setup( setup(