crypt/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2025-08-08 04:02:10 +03:00
Code Activity

Release 0.14.0

Browse Source
This commit is contained in:
Brad Warren
2017-05-04 16:52:13 -07:00
parent 0db668f67b
commit 4be7efbf74
12 changed files with 298 additions and 267 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
acme/setup.py
View File

@@ -4,7 +4,7 @@ from setuptools import setup
from setuptools import find_packages from setuptools import find_packages
version = '0.14.0.dev0' version = '0.14.0'
# Please update tox.ini when modifying dependency version requirements # Please update tox.ini when modifying dependency version requirements
install_requires = [ install_requires = [

2
certbot-apache/setup.py
View File

@@ -4,7 +4,7 @@ from setuptools import setup
from setuptools import find_packages from setuptools import find_packages
version = '0.14.0.dev0' version = '0.14.0'
# Please update tox.ini when modifying dependency version requirements # Please update tox.ini when modifying dependency version requirements
install_requires = [ install_requires = [

183
certbot-auto
View File

@@ -15,6 +15,11 @@ set -e # Work even if somebody does "sh thisscript.sh".
# Note: you can set XDG_DATA_HOME or VENV_PATH before running this script, # Note: you can set XDG_DATA_HOME or VENV_PATH before running this script,
# if you want to change where the virtual environment will be installed # if you want to change where the virtual environment will be installed
# HOME might not be defined when being run through something like systemd
if [ -z "$HOME" ]; then
HOME=~root
fi
if [ -z "$XDG_DATA_HOME" ]; then if [ -z "$XDG_DATA_HOME" ]; then
XDG_DATA_HOME=~/.local/share XDG_DATA_HOME=~/.local/share
fi fi
@@ -23,7 +28,7 @@ if [ -z "$VENV_PATH" ]; then
VENV_PATH="$XDG_DATA_HOME/$VENV_NAME" VENV_PATH="$XDG_DATA_HOME/$VENV_NAME"
fi fi
VENV_BIN="$VENV_PATH/bin" VENV_BIN="$VENV_PATH/bin"
LE_AUTO_VERSION="0.13.0" LE_AUTO_VERSION="0.14.0"
BASENAME=$(basename $0) BASENAME=$(basename $0)
USAGE="Usage: $BASENAME [OPTIONS] USAGE="Usage: $BASENAME [OPTIONS]
A self-updating wrapper script for the Certbot ACME client. When run, updates A self-updating wrapper script for the Certbot ACME client. When run, updates
@@ -59,7 +64,7 @@ for arg in "$@" ; do
NO_BOOTSTRAP=1;; NO_BOOTSTRAP=1;;
--help) --help)
HELP=1;; HELP=1;;
--noninteractive|--non-interactive) --noninteractive|--non-interactive|renew)
ASSUME_YES=1;; ASSUME_YES=1;;
--quiet) --quiet)
QUIET=1;; QUIET=1;;
@@ -93,6 +98,16 @@ if [ "$QUIET" = 1 ]; then
ASSUME_YES=1 ASSUME_YES=1
fi fi
say() {
if [ "$QUIET" != 1 ]; then
echo "$@"
fi
}
error() {
echo "$@"
}
# Support for busybox and others where there is no "command", # Support for busybox and others where there is no "command",
# but "which" instead # but "which" instead
if command -v command > /dev/null 2>&1 ; then if command -v command > /dev/null 2>&1 ; then
@@ -100,7 +115,7 @@ if command -v command > /dev/null 2>&1 ; then
elif which which > /dev/null 2>&1 ; then elif which which > /dev/null 2>&1 ; then
export EXISTS="which" export EXISTS="which"
else else
echo "Cannot find command nor which... please install one!" error "Cannot find command nor which... please install one!"
exit 1 exit 1
fi fi
@@ -145,17 +160,17 @@ if [ -n "${LE_AUTO_SUDO+x}" ]; then
;; ;;
'') ;; # Nothing to do for plain root method. '') ;; # Nothing to do for plain root method.
*) *)
echo "Error: unknown root authorization mechanism '$LE_AUTO_SUDO'." error "Error: unknown root authorization mechanism '$LE_AUTO_SUDO'."
exit 1 exit 1
esac esac
echo "Using preset root authorization mechanism '$LE_AUTO_SUDO'." say "Using preset root authorization mechanism '$LE_AUTO_SUDO'."
else else
if test "`id -u`" -ne "0" ; then if test "`id -u`" -ne "0" ; then
if $EXISTS sudo 1>/dev/null 2>&1; then if $EXISTS sudo 1>/dev/null 2>&1; then
SUDO=sudo SUDO=sudo
SUDO_ENV="CERTBOT_AUTO=$0" SUDO_ENV="CERTBOT_AUTO=$0"
else else
echo \"sudo\" is not available, will use \"su\" for installation steps... say \"sudo\" is not available, will use \"su\" for installation steps...
SUDO=su_sudo SUDO=su_sudo
fi fi
else else
@@ -165,7 +180,7 @@ fi
BootstrapMessage() { BootstrapMessage() {
# Arguments: Platform name # Arguments: Platform name
echo "Bootstrapping dependencies for $1... (you can skip this with --no-bootstrap)" say "Bootstrapping dependencies for $1... (you can skip this with --no-bootstrap)"
} }
ExperimentalBootstrap() { ExperimentalBootstrap() {
@@ -176,11 +191,11 @@ ExperimentalBootstrap() {
$2 $2
fi fi
else else
echo "FATAL: $1 support is very experimental at present..." error "FATAL: $1 support is very experimental at present..."
echo "if you would like to work on improving it, please ensure you have backups" error "if you would like to work on improving it, please ensure you have backups"
echo "and then run this script again with the --debug flag!" error "and then run this script again with the --debug flag!"
echo "Alternatively, you can install OS dependencies yourself and run this script" error "Alternatively, you can install OS dependencies yourself and run this script"
echo "again with --no-bootstrap." error "again with --no-bootstrap."
exit 1 exit 1
fi fi
} }
@@ -191,15 +206,15 @@ DeterminePythonVersion() {
$EXISTS "$LE_PYTHON" > /dev/null && break $EXISTS "$LE_PYTHON" > /dev/null && break
done done
if [ "$?" != "0" ]; then if [ "$?" != "0" ]; then
echo "Cannot find any Pythons; please install one!" error "Cannot find any Pythons; please install one!"
exit 1 exit 1
fi fi
export LE_PYTHON export LE_PYTHON
PYVER=`"$LE_PYTHON" -V 2>&1 | cut -d" " -f 2 | cut -d. -f1,2 | sed 's/\.//'` PYVER=`"$LE_PYTHON" -V 2>&1 | cut -d" " -f 2 | cut -d. -f1,2 | sed 's/\.//'`
if [ "$PYVER" -lt 26 ]; then if [ "$PYVER" -lt 26 ]; then
echo "You have an ancient version of Python entombed in your operating system..." error "You have an ancient version of Python entombed in your operating system..."
echo "This isn't going to work; you'll need at least version 2.6." error "This isn't going to work; you'll need at least version 2.6."
exit 1 exit 1
fi fi
} }
@@ -227,7 +242,7 @@ BootstrapDebCommon() {
QUIET_FLAG='-qq' QUIET_FLAG='-qq'
fi fi
$SUDO apt-get $QUIET_FLAG update || echo apt-get update hit problems but continuing anyway... $SUDO apt-get $QUIET_FLAG update || error apt-get update hit problems but continuing anyway...
# virtualenv binary can be found in different packages depending on # virtualenv binary can be found in different packages depending on
# distro version (#346) # distro version (#346)
@@ -255,7 +270,7 @@ BootstrapDebCommon() {
# ARGS: # ARGS:
BACKPORT_NAME="$1" BACKPORT_NAME="$1"
BACKPORT_SOURCELINE="$2" BACKPORT_SOURCELINE="$2"
echo "To use the Apache Certbot plugin, augeas needs to be installed from $BACKPORT_NAME." say "To use the Apache Certbot plugin, augeas needs to be installed from $BACKPORT_NAME."
if ! grep -v -e ' *#' /etc/apt/sources.list | grep -q "$BACKPORT_NAME" ; then if ! grep -v -e ' *#' /etc/apt/sources.list | grep -q "$BACKPORT_NAME" ; then
# This can theoretically error if sources.list.d is empty, but in that case we don't care. # This can theoretically error if sources.list.d is empty, but in that case we don't care.
if ! grep -v -e ' *#' /etc/apt/sources.list.d/* 2>/dev/null | grep -q "$BACKPORT_NAME"; then if ! grep -v -e ' *#' /etc/apt/sources.list.d/* 2>/dev/null | grep -q "$BACKPORT_NAME"; then
@@ -315,7 +330,7 @@ BootstrapDebCommon() {
if ! $EXISTS virtualenv > /dev/null ; then if ! $EXISTS virtualenv > /dev/null ; then
echo Failed to install a working \"virtualenv\" command, exiting error Failed to install a working \"virtualenv\" command, exiting
exit 1 exit 1
fi fi
} }
@@ -335,7 +350,7 @@ BootstrapRpmCommon() {
tool=yum tool=yum
else else
echo "Neither yum nor dnf found. Aborting bootstrap!" error "Neither yum nor dnf found. Aborting bootstrap!"
exit 1 exit 1
fi fi
@@ -349,7 +364,7 @@ BootstrapRpmCommon() {
if ! $SUDO $tool list *virtualenv >/dev/null 2>&1; then if ! $SUDO $tool list *virtualenv >/dev/null 2>&1; then
echo "To use Certbot, packages from the EPEL repository need to be installed." echo "To use Certbot, packages from the EPEL repository need to be installed."
if ! $SUDO $tool list epel-release >/dev/null 2>&1; then if ! $SUDO $tool list epel-release >/dev/null 2>&1; then
echo "Please enable this repository and try running Certbot again." error "Enable the EPEL repository and try running Certbot again."
exit 1 exit 1
fi fi
if [ "$ASSUME_YES" = 1 ]; then if [ "$ASSUME_YES" = 1 ]; then
@@ -361,7 +376,7 @@ BootstrapRpmCommon() {
sleep 1s sleep 1s
fi fi
if ! $SUDO $tool install $yes_flag $QUIET_FLAG epel-release; then if ! $SUDO $tool install $yes_flag $QUIET_FLAG epel-release; then
echo "Could not enable EPEL. Aborting bootstrap!" error "Could not enable EPEL. Aborting bootstrap!"
exit 1 exit 1
fi fi
fi fi
@@ -403,7 +418,7 @@ BootstrapRpmCommon() {
fi fi
if ! $SUDO $tool install $yes_flag $QUIET_FLAG $pkgs; then if ! $SUDO $tool install $yes_flag $QUIET_FLAG $pkgs; then
echo "Could not install OS dependencies. Aborting bootstrap!" error "Could not install OS dependencies. Aborting bootstrap!"
exit 1 exit 1
fi fi
} }
@@ -508,15 +523,15 @@ BootstrapFreeBsd() {
BootstrapMac() { BootstrapMac() {
if hash brew 2>/dev/null; then if hash brew 2>/dev/null; then
echo "Using Homebrew to install dependencies..." say "Using Homebrew to install dependencies..."
pkgman=brew pkgman=brew
pkgcmd="brew install" pkgcmd="brew install"
elif hash port 2>/dev/null; then elif hash port 2>/dev/null; then
echo "Using MacPorts to install dependencies..." say "Using MacPorts to install dependencies..."
pkgman=port pkgman=port
pkgcmd="$SUDO port install" pkgcmd="$SUDO port install"
else else
echo "No Homebrew/MacPorts; installing Homebrew..." say "No Homebrew/MacPorts; installing Homebrew..."
ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
pkgman=brew pkgman=brew
pkgcmd="brew install" pkgcmd="brew install"
@@ -527,26 +542,26 @@ BootstrapMac() {
-o "$(which python)" = "/usr/bin/python" ]; then -o "$(which python)" = "/usr/bin/python" ]; then
# We want to avoid using the system Python because it requires root to use pip. # We want to avoid using the system Python because it requires root to use pip.
# python.org, MacPorts or HomeBrew Python installations should all be OK. # python.org, MacPorts or HomeBrew Python installations should all be OK.
echo "Installing python..." say "Installing python..."
$pkgcmd python $pkgcmd python
fi fi
# Workaround for _dlopen not finding augeas on macOS # Workaround for _dlopen not finding augeas on macOS
if [ "$pkgman" = "port" ] && ! [ -e "/usr/local/lib/libaugeas.dylib" ] && [ -e "/opt/local/lib/libaugeas.dylib" ]; then if [ "$pkgman" = "port" ] && ! [ -e "/usr/local/lib/libaugeas.dylib" ] && [ -e "/opt/local/lib/libaugeas.dylib" ]; then
echo "Applying augeas workaround" say "Applying augeas workaround"
$SUDO mkdir -p /usr/local/lib/ $SUDO mkdir -p /usr/local/lib/
$SUDO ln -s /opt/local/lib/libaugeas.dylib /usr/local/lib/ $SUDO ln -s /opt/local/lib/libaugeas.dylib /usr/local/lib/
fi fi
if ! hash pip 2>/dev/null; then if ! hash pip 2>/dev/null; then
echo "pip not installed" say "pip not installed"
echo "Installing pip..." say "Installing pip..."
curl --silent --show-error --retry 5 https://bootstrap.pypa.io/get-pip.py | python curl --silent --show-error --retry 5 https://bootstrap.pypa.io/get-pip.py | python
fi fi
if ! hash virtualenv 2>/dev/null; then if ! hash virtualenv 2>/dev/null; then
echo "virtualenv not installed." say "virtualenv not installed."
echo "Installing with pip..." say "Installing with pip..."
pip install virtualenv pip install virtualenv
fi fi
} }
@@ -566,7 +581,7 @@ BootstrapMageiaCommon() {
libpython-devel \ libpython-devel \
python-virtualenv python-virtualenv
then then
echo "Could not install Python dependencies. Aborting bootstrap!" error "Could not install Python dependencies. Aborting bootstrap!"
exit 1 exit 1
fi fi
@@ -578,7 +593,7 @@ BootstrapMageiaCommon() {
libffi-devel \ libffi-devel \
rootcerts rootcerts
then then
echo "Could not install additional dependencies. Aborting bootstrap!" error "Could not install additional dependencies. Aborting bootstrap!"
exit 1 exit 1
fi fi
} }
@@ -605,11 +620,11 @@ Bootstrap() {
BootstrapMessage "Archlinux" BootstrapMessage "Archlinux"
BootstrapArchCommon BootstrapArchCommon
else else
echo "Please use pacman to install letsencrypt packages:" error "Please use pacman to install letsencrypt packages:"
echo "# pacman -S certbot certbot-apache" error "# pacman -S certbot certbot-apache"
echo error
echo "If you would like to use the virtualenv way, please run the script again with the" error "If you would like to use the virtualenv way, please run the script again with the"
echo "--debug flag." error "--debug flag."
exit 1 exit 1
fi fi
elif [ -f /etc/manjaro-release ]; then elif [ -f /etc/manjaro-release ]; then
@@ -625,11 +640,11 @@ Bootstrap() {
elif [ -f /etc/product ] && grep -q "Joyent Instance" /etc/product ; then elif [ -f /etc/product ] && grep -q "Joyent Instance" /etc/product ; then
ExperimentalBootstrap "Joyent SmartOS Zone" BootstrapSmartOS ExperimentalBootstrap "Joyent SmartOS Zone" BootstrapSmartOS
else else
echo "Sorry, I don't know how to bootstrap Certbot on your operating system!" error "Sorry, I don't know how to bootstrap Certbot on your operating system!"
echo error
echo "You will need to install OS dependencies, configure virtualenv, and run pip install manually." error "You will need to install OS dependencies, configure virtualenv, and run pip install manually."
echo "Please see https://letsencrypt.readthedocs.org/en/latest/contributing.html#prerequisites" error "Please see https://letsencrypt.readthedocs.org/en/latest/contributing.html#prerequisites"
echo "for more info." error "for more info."
exit 1 exit 1
fi fi
} }
@@ -649,7 +664,7 @@ if [ "$1" = "--le-auto-phase2" ]; then
# grep for both certbot and letsencrypt until certbot and shim packages have been released # grep for both certbot and letsencrypt until certbot and shim packages have been released
INSTALLED_VERSION=$("$VENV_BIN/letsencrypt" --version 2>&1 | grep "^certbot\|^letsencrypt" | cut -d " " -f 2) INSTALLED_VERSION=$("$VENV_BIN/letsencrypt" --version 2>&1 | grep "^certbot\|^letsencrypt" | cut -d " " -f 2)
if [ -z "$INSTALLED_VERSION" ]; then if [ -z "$INSTALLED_VERSION" ]; then
echo "Error: couldn't get currently installed version for $VENV_BIN/letsencrypt: " 1>&2 error "Error: couldn't get currently installed version for $VENV_BIN/letsencrypt: " 1>&2
"$VENV_BIN/letsencrypt" --version "$VENV_BIN/letsencrypt" --version
exit 1 exit 1
fi fi
@@ -657,7 +672,7 @@ if [ "$1" = "--le-auto-phase2" ]; then
INSTALLED_VERSION="none" INSTALLED_VERSION="none"
fi fi
if [ "$LE_AUTO_VERSION" != "$INSTALLED_VERSION" ]; then if [ "$LE_AUTO_VERSION" != "$INSTALLED_VERSION" ]; then
echo "Creating virtual environment..." say "Creating virtual environment..."
DeterminePythonVersion DeterminePythonVersion
rm -rf "$VENV_PATH" rm -rf "$VENV_PATH"
if [ "$VERBOSE" = 1 ]; then if [ "$VERBOSE" = 1 ]; then
@@ -666,7 +681,7 @@ if [ "$1" = "--le-auto-phase2" ]; then
virtualenv --no-site-packages --python "$LE_PYTHON" "$VENV_PATH" > /dev/null virtualenv --no-site-packages --python "$LE_PYTHON" "$VENV_PATH" > /dev/null
fi fi
echo "Installing Python packages..." say "Installing Python packages..."
TEMP_DIR=$(TempDir) TEMP_DIR=$(TempDir)
trap 'rm -rf "$TEMP_DIR"' EXIT trap 'rm -rf "$TEMP_DIR"' EXIT
# There is no $ interpolation due to quotes on starting heredoc delimiter. # There is no $ interpolation due to quotes on starting heredoc delimiter.
@@ -845,18 +860,18 @@ letsencrypt==0.7.0 \
# THE LINES BELOW ARE EDITED BY THE RELEASE SCRIPT; ADD ALL DEPENDENCIES ABOVE. # THE LINES BELOW ARE EDITED BY THE RELEASE SCRIPT; ADD ALL DEPENDENCIES ABOVE.
acme==0.13.0 \ acme==0.14.0 \
--hash=sha256:103ce8bed43aad1a9655ed815df09bbeab86ee16cc82137b44d9dac68faa394f \ --hash=sha256:fca8766a2596833e8886f7ef72cf82d1f6c6cffa895781a5676861c251b24b70 \
--hash=sha256:7489b3e20d02da0a389aedb82408ffb6b76294e41d833db85591b9f779539815 --hash=sha256:ce7d2bca31e85adac1030c944e0a9d96e8b0f85cdc616b78d40eb09c91803543
certbot==0.13.0 \ certbot==0.14.0 \
--hash=sha256:65d0d9d158972aff7746d4ef80a20465a14c54ae8bcb879216970c2a1b34503c \ --hash=sha256:071790b1ec4e5b94aa1688f8a62a10905c28438cd55d990cdb8c9f733d3a4a41 \
--hash=sha256:f63ad7747edaca2fb7d60c28882e44d2f48ff1cca9b9c7c251ad47e2189c00f3 --hash=sha256:98add3721e1edaedb404879a9d39bd49020e94fc8eedbc46032a00ada51d7741
certbot-apache==0.13.0 \ certbot-apache==0.14.0 \
--hash=sha256:22f7c1dc93439384c0874960081d66957910c6dc737a9facbd9fcbc46c545874 \ --hash=sha256:ab837efce7aa4c4e47a724a60dcbeacadb9dfe64bd1d32a4e854678c4fcd82a3 \
--hash=sha256:b43b04b53005e7218a09a0ba4d97581fab369e929472fa49fb55d29d0ab54589 --hash=sha256:bbcd21d9f3fd8cdc4453ef94d0cb6033c3a19f879dcd314231501ebb7180168f
certbot-nginx==0.13.0 \ certbot-nginx==0.14.0 \
--hash=sha256:9d0ab4eeb98b0ebad70ba116b32268342ad343d82d64990a652ff8072959b044 \ --hash=sha256:608b2f6f2b04ce93c503a95ffba4f0e0ca2e0cb9ea587a8376368fa621b388e4 \
--hash=sha256:f026a8faee8397a22c5d4a7623a6ef7c7e780ed63a3bdf9940f43f7823aa2a72 --hash=sha256:86e964b2a7818cc165d913e27e504f2ef2f60750ab0db6d39bfb3465d54c30db
UNLIKELY_EOF UNLIKELY_EOF
# ------------------------------------------------------------------------- # -------------------------------------------------------------------------
@@ -1022,42 +1037,40 @@ UNLIKELY_EOF
set -e set -e
if [ "$PIP_STATUS" != 0 ]; then if [ "$PIP_STATUS" != 0 ]; then
# Report error. (Otherwise, be quiet.) # Report error. (Otherwise, be quiet.)
echo "Had a problem while installing Python packages." error "Had a problem while installing Python packages."
if [ "$VERBOSE" != 1 ]; then if [ "$VERBOSE" != 1 ]; then
echo error
echo "pip prints the following errors: " error "pip prints the following errors: "
echo "=====================================================" error "====================================================="
echo "$PIP_OUT" error "$PIP_OUT"
echo "=====================================================" error "====================================================="
echo error
echo "Certbot has problem setting up the virtual environment." error "Certbot has problem setting up the virtual environment."
if `echo $PIP_OUT | grep -q Killed` || `echo $PIP_OUT | grep -q "allocate memory"` ; then if `echo $PIP_OUT | grep -q Killed` || `echo $PIP_OUT | grep -q "allocate memory"` ; then
echo error
echo "Based on your pip output, the problem can likely be fixed by " error "Based on your pip output, the problem can likely be fixed by "
echo "increasing the available memory." error "increasing the available memory."
else else
echo error
echo "We were not be able to guess the right solution from your pip " error "We were not be able to guess the right solution from your pip "
echo "output." error "output."
fi fi
echo error
echo "Consult https://certbot.eff.org/docs/install.html#problems-with-python-virtual-environment" error "Consult https://certbot.eff.org/docs/install.html#problems-with-python-virtual-environment"
echo "for possible solutions." error "for possible solutions."
echo "You may also find some support resources at https://certbot.eff.org/support/ ." error "You may also find some support resources at https://certbot.eff.org/support/ ."
fi fi
rm -rf "$VENV_PATH" rm -rf "$VENV_PATH"
exit 1 exit 1
fi fi
echo "Installation succeeded." say "Installation succeeded."
fi fi
if [ -n "$SUDO" ]; then if [ -n "$SUDO" ]; then
# SUDO is su wrapper or sudo # SUDO is su wrapper or sudo
if [ "$QUIET" != 1 ]; then say "Requesting root privileges to run certbot..."
echo "Requesting root privileges to run certbot..." say " $VENV_BIN/letsencrypt" "$@"
echo " $VENV_BIN/letsencrypt" "$@"
fi
fi fi
if [ -z "$SUDO_ENV" ] ; then if [ -z "$SUDO_ENV" ] ; then
# SUDO is su wrapper / noop # SUDO is su wrapper / noop
@@ -1084,7 +1097,7 @@ else
Bootstrap Bootstrap
fi fi
if [ "$OS_PACKAGES_ONLY" = 1 ]; then if [ "$OS_PACKAGES_ONLY" = 1 ]; then
echo "OS packages installed." say "OS packages installed."
exit 0 exit 0
fi fi
@@ -1227,9 +1240,9 @@ UNLIKELY_EOF
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
DeterminePythonVersion DeterminePythonVersion
if ! REMOTE_VERSION=`"$LE_PYTHON" "$TEMP_DIR/fetch.py" --latest-version` ; then if ! REMOTE_VERSION=`"$LE_PYTHON" "$TEMP_DIR/fetch.py" --latest-version` ; then
echo "WARNING: unable to check for updates." error "WARNING: unable to check for updates."
elif [ "$LE_AUTO_VERSION" != "$REMOTE_VERSION" ]; then elif [ "$LE_AUTO_VERSION" != "$REMOTE_VERSION" ]; then
echo "Upgrading certbot-auto $LE_AUTO_VERSION to $REMOTE_VERSION..." say "Upgrading certbot-auto $LE_AUTO_VERSION to $REMOTE_VERSION..."
# Now we drop into Python so we don't have to install even more # Now we drop into Python so we don't have to install even more
# dependencies (curl, etc.), for better flow control, and for the option of # dependencies (curl, etc.), for better flow control, and for the option of
@@ -1238,7 +1251,7 @@ UNLIKELY_EOF
# Install new copy of certbot-auto. # Install new copy of certbot-auto.
# TODO: Deal with quotes in pathnames. # TODO: Deal with quotes in pathnames.
echo "Replacing certbot-auto..." say "Replacing certbot-auto..."
# Clone permissions with cp. chmod and chown don't have a --reference # Clone permissions with cp. chmod and chown don't have a --reference
# option on macOS or BSD, and stat -c on Linux is stat -f on macOS and BSD: # option on macOS or BSD, and stat -c on Linux is stat -f on macOS and BSD:
$SUDO cp -p "$0" "$TEMP_DIR/letsencrypt-auto.permission-clone" $SUDO cp -p "$0" "$TEMP_DIR/letsencrypt-auto.permission-clone"

2
certbot-compatibility-test/setup.py
View File

@@ -4,7 +4,7 @@ from setuptools import setup
from setuptools import find_packages from setuptools import find_packages
version = '0.14.0.dev0' version = '0.14.0'
install_requires = [ install_requires = [
'certbot', 'certbot',

2
certbot-nginx/setup.py
View File

@@ -4,7 +4,7 @@ from setuptools import setup
from setuptools import find_packages from setuptools import find_packages
version = '0.14.0.dev0' version = '0.14.0'
# Please update tox.ini when modifying dependency version requirements # Please update tox.ini when modifying dependency version requirements
install_requires = [ install_requires = [

2
certbot/__init__.py
View File

@@ -1,4 +1,4 @@
"""Certbot client.""" """Certbot client."""
# version number like 1.2.3a0, must have at least 2 parts, like 1.2 # version number like 1.2.3a0, must have at least 2 parts, like 1.2
__version__ = '0.14.0.dev0' __version__ = '0.14.0'

125
docs/cli-help.txt
View File

@@ -85,11 +85,16 @@ optional arguments:
--user-agent USER_AGENT --user-agent USER_AGENT
Set a custom user agent string for the client. User Set a custom user agent string for the client. User
agent strings allow the CA to collect high level agent strings allow the CA to collect high level
statistics about success rates by OS and plugin. If statistics about success rates by OS, plugin and use
you wish to hide your server OS version from the Let's case, and to know when to deprecate support for past
Encrypt server, set this to "". (default: Python versions and flags. If you wish to hide this
CertbotACMEClient/0.13.0 (Ubuntu 16.04.2 LTS) information from the Let's Encrypt server, set this to
Authenticator/XXX Installer/YYY) "". (default: CertbotACMEClient/0.14.0 (certbot;
Ubuntu 16.04.2 LTS) Authenticator/XXX Installer/YYY
(SUBCOMMAND; flags: FLAGS) Py/2.7.12). The flags
encoded in the user agent are: --duplicate, --force-
renew, --allow-subset-of-names, -n, and whether any
hooks are set.
automation: automation:
Arguments for automating execution & other tweaks Arguments for automating execution & other tweaks
@@ -269,8 +274,8 @@ renew:
"/etc/letsencrypt/live/example.com") containing the "/etc/letsencrypt/live/example.com") containing the
new certs and keys; the shell variable new certs and keys; the shell variable
$RENEWED_DOMAINS will contain a space-delimited list $RENEWED_DOMAINS will contain a space-delimited list
of renewed cert domains (for example, of renewed cert domains (for example, "example.com
"example.com www.example.com") (default: None) www.example.com" (default: None)
--disable-hook-validation --disable-hook-validation
Ordinarily the commands specified for --pre-hook Ordinarily the commands specified for --pre-hook
/--post-hook/--renew-hook will be checked for /--post-hook/--renew-hook will be checked for
@@ -375,59 +380,6 @@ plugins:
--webroot Obtain certs by placing files in a webroot directory. --webroot Obtain certs by placing files in a webroot directory.
(default: False) (default: False)
nginx:
Nginx Web Server plugin - Alpha
--nginx-server-root NGINX_SERVER_ROOT
Nginx server root directory. (default: /etc/nginx)
--nginx-ctl NGINX_CTL
Path to the 'nginx' binary, used for 'configtest' and
retrieving nginx version number. (default: nginx)
standalone:
Spin up a temporary webserver
manual:
Authenticate through manual configuration or custom shell scripts. When
using shell scripts, an authenticator script must be provided. The
environment variables available to this script are $CERTBOT_DOMAIN which
contains the domain being authenticated, $CERTBOT_VALIDATION which is the
validation string, and $CERTBOT_TOKEN which is the filename of the
resource requested when performing an HTTP-01 challenge. An additional
cleanup script can also be provided and can use the additional variable
$CERTBOT_AUTH_OUTPUT which contains the stdout output from the auth
script.
--manual-auth-hook MANUAL_AUTH_HOOK
Path or command to execute for the authentication
script (default: None)
--manual-cleanup-hook MANUAL_CLEANUP_HOOK
Path or command to execute for the cleanup script
(default: None)
--manual-public-ip-logging-ok
Automatically allows public IP logging (default: Ask)
webroot:
Place files in webroot directory
--webroot-path WEBROOT_PATH, -w WEBROOT_PATH
public_html / webroot path. This can be specified
multiple times to handle different domains; each
domain will have the webroot path that preceded it.
For instance: `-w /var/www/example -d example.com -d
www.example.com -w /var/www/thing -d thing.net -d
m.thing.net` (default: Ask)
--webroot-map WEBROOT_MAP
JSON dictionary mapping domains to webroot paths; this
implies -d for each entry. You may need to escape this
from your shell. E.g.: --webroot-map
'{"eg1.is,m.eg1.is":"/www/eg1/", "eg2.is":"/www/eg2"}'
This option is merged with, but takes precedence over,
-w / -d entries. At present, if you put webroot-map in
a config file, it needs to be on a single line, like:
webroot-map = {"example.com":"/var/www"}. (default:
{})
apache: apache:
Apache Web Server plugin - Beta Apache Web Server plugin - Beta
@@ -458,5 +410,58 @@ apache:
Let installer handle enabling sites for you.(Only Let installer handle enabling sites for you.(Only
Ubuntu/Debian currently) (default: True) Ubuntu/Debian currently) (default: True)
manual:
Authenticate through manual configuration or custom shell scripts. When
using shell scripts, an authenticator script must be provided. The
environment variables available to this script are $CERTBOT_DOMAIN which
contains the domain being authenticated, $CERTBOT_VALIDATION which is the
validation string, and $CERTBOT_TOKEN which is the filename of the
resource requested when performing an HTTP-01 challenge. An additional
cleanup script can also be provided and can use the additional variable
$CERTBOT_AUTH_OUTPUT which contains the stdout output from the auth
script.
--manual-auth-hook MANUAL_AUTH_HOOK
Path or command to execute for the authentication
script (default: None)
--manual-cleanup-hook MANUAL_CLEANUP_HOOK
Path or command to execute for the cleanup script
(default: None)
--manual-public-ip-logging-ok
Automatically allows public IP logging (default: Ask)
nginx:
Nginx Web Server plugin - Alpha
--nginx-server-root NGINX_SERVER_ROOT
Nginx server root directory. (default: /etc/nginx)
--nginx-ctl NGINX_CTL
Path to the 'nginx' binary, used for 'configtest' and
retrieving nginx version number. (default: nginx)
null: null:
Null Installer Null Installer
standalone:
Spin up a temporary webserver
webroot:
Place files in webroot directory
--webroot-path WEBROOT_PATH, -w WEBROOT_PATH
public_html / webroot path. This can be specified
multiple times to handle different domains; each
domain will have the webroot path that preceded it.
For instance: `-w /var/www/example -d example.com -d
www.example.com -w /var/www/thing -d thing.net -d
m.thing.net` (default: Ask)
--webroot-map WEBROOT_MAP
JSON dictionary mapping domains to webroot paths; this
implies -d for each entry. You may need to escape this
from your shell. E.g.: --webroot-map
'{"eg1.is,m.eg1.is":"/www/eg1/", "eg2.is":"/www/eg2"}'
This option is merged with, but takes precedence over,
-w / -d entries. At present, if you put webroot-map in
a config file, it needs to be on a single line, like:
webroot-map = {"example.com":"/var/www"}. (default:
{})

183
letsencrypt-auto
View File

@@ -15,6 +15,11 @@ set -e # Work even if somebody does "sh thisscript.sh".
# Note: you can set XDG_DATA_HOME or VENV_PATH before running this script, # Note: you can set XDG_DATA_HOME or VENV_PATH before running this script,
# if you want to change where the virtual environment will be installed # if you want to change where the virtual environment will be installed
# HOME might not be defined when being run through something like systemd
if [ -z "$HOME" ]; then
HOME=~root
fi
if [ -z "$XDG_DATA_HOME" ]; then if [ -z "$XDG_DATA_HOME" ]; then
XDG_DATA_HOME=~/.local/share XDG_DATA_HOME=~/.local/share
fi fi
@@ -23,7 +28,7 @@ if [ -z "$VENV_PATH" ]; then
VENV_PATH="$XDG_DATA_HOME/$VENV_NAME" VENV_PATH="$XDG_DATA_HOME/$VENV_NAME"
fi fi
VENV_BIN="$VENV_PATH/bin" VENV_BIN="$VENV_PATH/bin"
LE_AUTO_VERSION="0.13.0" LE_AUTO_VERSION="0.14.0"
BASENAME=$(basename $0) BASENAME=$(basename $0)
USAGE="Usage: $BASENAME [OPTIONS] USAGE="Usage: $BASENAME [OPTIONS]
A self-updating wrapper script for the Certbot ACME client. When run, updates A self-updating wrapper script for the Certbot ACME client. When run, updates
@@ -59,7 +64,7 @@ for arg in "$@" ; do
NO_BOOTSTRAP=1;; NO_BOOTSTRAP=1;;
--help) --help)
HELP=1;; HELP=1;;
--noninteractive|--non-interactive) --noninteractive|--non-interactive|renew)
ASSUME_YES=1;; ASSUME_YES=1;;
--quiet) --quiet)
QUIET=1;; QUIET=1;;
@@ -93,6 +98,16 @@ if [ "$QUIET" = 1 ]; then
ASSUME_YES=1 ASSUME_YES=1
fi fi
say() {
if [ "$QUIET" != 1 ]; then
echo "$@"
fi
}
error() {
echo "$@"
}
# Support for busybox and others where there is no "command", # Support for busybox and others where there is no "command",
# but "which" instead # but "which" instead
if command -v command > /dev/null 2>&1 ; then if command -v command > /dev/null 2>&1 ; then
@@ -100,7 +115,7 @@ if command -v command > /dev/null 2>&1 ; then
elif which which > /dev/null 2>&1 ; then elif which which > /dev/null 2>&1 ; then
export EXISTS="which" export EXISTS="which"
else else
echo "Cannot find command nor which... please install one!" error "Cannot find command nor which... please install one!"
exit 1 exit 1
fi fi
@@ -145,17 +160,17 @@ if [ -n "${LE_AUTO_SUDO+x}" ]; then
;; ;;
'') ;; # Nothing to do for plain root method. '') ;; # Nothing to do for plain root method.
*) *)
echo "Error: unknown root authorization mechanism '$LE_AUTO_SUDO'." error "Error: unknown root authorization mechanism '$LE_AUTO_SUDO'."
exit 1 exit 1
esac esac
echo "Using preset root authorization mechanism '$LE_AUTO_SUDO'." say "Using preset root authorization mechanism '$LE_AUTO_SUDO'."
else else
if test "`id -u`" -ne "0" ; then if test "`id -u`" -ne "0" ; then
if $EXISTS sudo 1>/dev/null 2>&1; then if $EXISTS sudo 1>/dev/null 2>&1; then
SUDO=sudo SUDO=sudo
SUDO_ENV="CERTBOT_AUTO=$0" SUDO_ENV="CERTBOT_AUTO=$0"
else else
echo \"sudo\" is not available, will use \"su\" for installation steps... say \"sudo\" is not available, will use \"su\" for installation steps...
SUDO=su_sudo SUDO=su_sudo
fi fi
else else
@@ -165,7 +180,7 @@ fi
BootstrapMessage() { BootstrapMessage() {
# Arguments: Platform name # Arguments: Platform name
echo "Bootstrapping dependencies for $1... (you can skip this with --no-bootstrap)" say "Bootstrapping dependencies for $1... (you can skip this with --no-bootstrap)"
} }
ExperimentalBootstrap() { ExperimentalBootstrap() {
@@ -176,11 +191,11 @@ ExperimentalBootstrap() {
$2 $2
fi fi
else else
echo "FATAL: $1 support is very experimental at present..." error "FATAL: $1 support is very experimental at present..."
echo "if you would like to work on improving it, please ensure you have backups" error "if you would like to work on improving it, please ensure you have backups"
echo "and then run this script again with the --debug flag!" error "and then run this script again with the --debug flag!"
echo "Alternatively, you can install OS dependencies yourself and run this script" error "Alternatively, you can install OS dependencies yourself and run this script"
echo "again with --no-bootstrap." error "again with --no-bootstrap."
exit 1 exit 1
fi fi
} }
@@ -191,15 +206,15 @@ DeterminePythonVersion() {
$EXISTS "$LE_PYTHON" > /dev/null && break $EXISTS "$LE_PYTHON" > /dev/null && break
done done
if [ "$?" != "0" ]; then if [ "$?" != "0" ]; then
echo "Cannot find any Pythons; please install one!" error "Cannot find any Pythons; please install one!"
exit 1 exit 1
fi fi
export LE_PYTHON export LE_PYTHON
PYVER=`"$LE_PYTHON" -V 2>&1 | cut -d" " -f 2 | cut -d. -f1,2 | sed 's/\.//'` PYVER=`"$LE_PYTHON" -V 2>&1 | cut -d" " -f 2 | cut -d. -f1,2 | sed 's/\.//'`
if [ "$PYVER" -lt 26 ]; then if [ "$PYVER" -lt 26 ]; then
echo "You have an ancient version of Python entombed in your operating system..." error "You have an ancient version of Python entombed in your operating system..."
echo "This isn't going to work; you'll need at least version 2.6." error "This isn't going to work; you'll need at least version 2.6."
exit 1 exit 1
fi fi
} }
@@ -227,7 +242,7 @@ BootstrapDebCommon() {
QUIET_FLAG='-qq' QUIET_FLAG='-qq'
fi fi
$SUDO apt-get $QUIET_FLAG update || echo apt-get update hit problems but continuing anyway... $SUDO apt-get $QUIET_FLAG update || error apt-get update hit problems but continuing anyway...
# virtualenv binary can be found in different packages depending on # virtualenv binary can be found in different packages depending on
# distro version (#346) # distro version (#346)
@@ -255,7 +270,7 @@ BootstrapDebCommon() {
# ARGS: # ARGS:
BACKPORT_NAME="$1" BACKPORT_NAME="$1"
BACKPORT_SOURCELINE="$2" BACKPORT_SOURCELINE="$2"
echo "To use the Apache Certbot plugin, augeas needs to be installed from $BACKPORT_NAME." say "To use the Apache Certbot plugin, augeas needs to be installed from $BACKPORT_NAME."
if ! grep -v -e ' *#' /etc/apt/sources.list | grep -q "$BACKPORT_NAME" ; then if ! grep -v -e ' *#' /etc/apt/sources.list | grep -q "$BACKPORT_NAME" ; then
# This can theoretically error if sources.list.d is empty, but in that case we don't care. # This can theoretically error if sources.list.d is empty, but in that case we don't care.
if ! grep -v -e ' *#' /etc/apt/sources.list.d/* 2>/dev/null | grep -q "$BACKPORT_NAME"; then if ! grep -v -e ' *#' /etc/apt/sources.list.d/* 2>/dev/null | grep -q "$BACKPORT_NAME"; then
@@ -315,7 +330,7 @@ BootstrapDebCommon() {
if ! $EXISTS virtualenv > /dev/null ; then if ! $EXISTS virtualenv > /dev/null ; then
echo Failed to install a working \"virtualenv\" command, exiting error Failed to install a working \"virtualenv\" command, exiting
exit 1 exit 1
fi fi
} }
@@ -335,7 +350,7 @@ BootstrapRpmCommon() {
tool=yum tool=yum
else else
echo "Neither yum nor dnf found. Aborting bootstrap!" error "Neither yum nor dnf found. Aborting bootstrap!"
exit 1 exit 1
fi fi
@@ -349,7 +364,7 @@ BootstrapRpmCommon() {
if ! $SUDO $tool list *virtualenv >/dev/null 2>&1; then if ! $SUDO $tool list *virtualenv >/dev/null 2>&1; then
echo "To use Certbot, packages from the EPEL repository need to be installed." echo "To use Certbot, packages from the EPEL repository need to be installed."
if ! $SUDO $tool list epel-release >/dev/null 2>&1; then if ! $SUDO $tool list epel-release >/dev/null 2>&1; then
echo "Please enable this repository and try running Certbot again." error "Enable the EPEL repository and try running Certbot again."
exit 1 exit 1
fi fi
if [ "$ASSUME_YES" = 1 ]; then if [ "$ASSUME_YES" = 1 ]; then
@@ -361,7 +376,7 @@ BootstrapRpmCommon() {
sleep 1s sleep 1s
fi fi
if ! $SUDO $tool install $yes_flag $QUIET_FLAG epel-release; then if ! $SUDO $tool install $yes_flag $QUIET_FLAG epel-release; then
echo "Could not enable EPEL. Aborting bootstrap!" error "Could not enable EPEL. Aborting bootstrap!"
exit 1 exit 1
fi fi
fi fi
@@ -403,7 +418,7 @@ BootstrapRpmCommon() {
fi fi
if ! $SUDO $tool install $yes_flag $QUIET_FLAG $pkgs; then if ! $SUDO $tool install $yes_flag $QUIET_FLAG $pkgs; then
echo "Could not install OS dependencies. Aborting bootstrap!" error "Could not install OS dependencies. Aborting bootstrap!"
exit 1 exit 1
fi fi
} }
@@ -508,15 +523,15 @@ BootstrapFreeBsd() {
BootstrapMac() { BootstrapMac() {
if hash brew 2>/dev/null; then if hash brew 2>/dev/null; then
echo "Using Homebrew to install dependencies..." say "Using Homebrew to install dependencies..."
pkgman=brew pkgman=brew
pkgcmd="brew install" pkgcmd="brew install"
elif hash port 2>/dev/null; then elif hash port 2>/dev/null; then
echo "Using MacPorts to install dependencies..." say "Using MacPorts to install dependencies..."
pkgman=port pkgman=port
pkgcmd="$SUDO port install" pkgcmd="$SUDO port install"
else else
echo "No Homebrew/MacPorts; installing Homebrew..." say "No Homebrew/MacPorts; installing Homebrew..."
ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
pkgman=brew pkgman=brew
pkgcmd="brew install" pkgcmd="brew install"
@@ -527,26 +542,26 @@ BootstrapMac() {
-o "$(which python)" = "/usr/bin/python" ]; then -o "$(which python)" = "/usr/bin/python" ]; then
# We want to avoid using the system Python because it requires root to use pip. # We want to avoid using the system Python because it requires root to use pip.
# python.org, MacPorts or HomeBrew Python installations should all be OK. # python.org, MacPorts or HomeBrew Python installations should all be OK.
echo "Installing python..." say "Installing python..."
$pkgcmd python $pkgcmd python
fi fi
# Workaround for _dlopen not finding augeas on macOS # Workaround for _dlopen not finding augeas on macOS
if [ "$pkgman" = "port" ] && ! [ -e "/usr/local/lib/libaugeas.dylib" ] && [ -e "/opt/local/lib/libaugeas.dylib" ]; then if [ "$pkgman" = "port" ] && ! [ -e "/usr/local/lib/libaugeas.dylib" ] && [ -e "/opt/local/lib/libaugeas.dylib" ]; then
echo "Applying augeas workaround" say "Applying augeas workaround"
$SUDO mkdir -p /usr/local/lib/ $SUDO mkdir -p /usr/local/lib/
$SUDO ln -s /opt/local/lib/libaugeas.dylib /usr/local/lib/ $SUDO ln -s /opt/local/lib/libaugeas.dylib /usr/local/lib/
fi fi
if ! hash pip 2>/dev/null; then if ! hash pip 2>/dev/null; then
echo "pip not installed" say "pip not installed"
echo "Installing pip..." say "Installing pip..."
curl --silent --show-error --retry 5 https://bootstrap.pypa.io/get-pip.py | python curl --silent --show-error --retry 5 https://bootstrap.pypa.io/get-pip.py | python
fi fi
if ! hash virtualenv 2>/dev/null; then if ! hash virtualenv 2>/dev/null; then
echo "virtualenv not installed." say "virtualenv not installed."
echo "Installing with pip..." say "Installing with pip..."
pip install virtualenv pip install virtualenv
fi fi
} }
@@ -566,7 +581,7 @@ BootstrapMageiaCommon() {
libpython-devel \ libpython-devel \
python-virtualenv python-virtualenv
then then
echo "Could not install Python dependencies. Aborting bootstrap!" error "Could not install Python dependencies. Aborting bootstrap!"
exit 1 exit 1
fi fi
@@ -578,7 +593,7 @@ BootstrapMageiaCommon() {
libffi-devel \ libffi-devel \
rootcerts rootcerts
then then
echo "Could not install additional dependencies. Aborting bootstrap!" error "Could not install additional dependencies. Aborting bootstrap!"
exit 1 exit 1
fi fi
} }
@@ -605,11 +620,11 @@ Bootstrap() {
BootstrapMessage "Archlinux" BootstrapMessage "Archlinux"
BootstrapArchCommon BootstrapArchCommon
else else
echo "Please use pacman to install letsencrypt packages:" error "Please use pacman to install letsencrypt packages:"
echo "# pacman -S certbot certbot-apache" error "# pacman -S certbot certbot-apache"
echo error
echo "If you would like to use the virtualenv way, please run the script again with the" error "If you would like to use the virtualenv way, please run the script again with the"
echo "--debug flag." error "--debug flag."
exit 1 exit 1
fi fi
elif [ -f /etc/manjaro-release ]; then elif [ -f /etc/manjaro-release ]; then
@@ -625,11 +640,11 @@ Bootstrap() {
elif [ -f /etc/product ] && grep -q "Joyent Instance" /etc/product ; then elif [ -f /etc/product ] && grep -q "Joyent Instance" /etc/product ; then
ExperimentalBootstrap "Joyent SmartOS Zone" BootstrapSmartOS ExperimentalBootstrap "Joyent SmartOS Zone" BootstrapSmartOS
else else
echo "Sorry, I don't know how to bootstrap Certbot on your operating system!" error "Sorry, I don't know how to bootstrap Certbot on your operating system!"
echo error
echo "You will need to install OS dependencies, configure virtualenv, and run pip install manually." error "You will need to install OS dependencies, configure virtualenv, and run pip install manually."
echo "Please see https://letsencrypt.readthedocs.org/en/latest/contributing.html#prerequisites" error "Please see https://letsencrypt.readthedocs.org/en/latest/contributing.html#prerequisites"
echo "for more info." error "for more info."
exit 1 exit 1
fi fi
} }
@@ -649,7 +664,7 @@ if [ "$1" = "--le-auto-phase2" ]; then
# grep for both certbot and letsencrypt until certbot and shim packages have been released # grep for both certbot and letsencrypt until certbot and shim packages have been released
INSTALLED_VERSION=$("$VENV_BIN/letsencrypt" --version 2>&1 | grep "^certbot\|^letsencrypt" | cut -d " " -f 2) INSTALLED_VERSION=$("$VENV_BIN/letsencrypt" --version 2>&1 | grep "^certbot\|^letsencrypt" | cut -d " " -f 2)
if [ -z "$INSTALLED_VERSION" ]; then if [ -z "$INSTALLED_VERSION" ]; then
echo "Error: couldn't get currently installed version for $VENV_BIN/letsencrypt: " 1>&2 error "Error: couldn't get currently installed version for $VENV_BIN/letsencrypt: " 1>&2
"$VENV_BIN/letsencrypt" --version "$VENV_BIN/letsencrypt" --version
exit 1 exit 1
fi fi
@@ -657,7 +672,7 @@ if [ "$1" = "--le-auto-phase2" ]; then
INSTALLED_VERSION="none" INSTALLED_VERSION="none"
fi fi
if [ "$LE_AUTO_VERSION" != "$INSTALLED_VERSION" ]; then if [ "$LE_AUTO_VERSION" != "$INSTALLED_VERSION" ]; then
echo "Creating virtual environment..." say "Creating virtual environment..."
DeterminePythonVersion DeterminePythonVersion
rm -rf "$VENV_PATH" rm -rf "$VENV_PATH"
if [ "$VERBOSE" = 1 ]; then if [ "$VERBOSE" = 1 ]; then
@@ -666,7 +681,7 @@ if [ "$1" = "--le-auto-phase2" ]; then
virtualenv --no-site-packages --python "$LE_PYTHON" "$VENV_PATH" > /dev/null virtualenv --no-site-packages --python "$LE_PYTHON" "$VENV_PATH" > /dev/null
fi fi
echo "Installing Python packages..." say "Installing Python packages..."
TEMP_DIR=$(TempDir) TEMP_DIR=$(TempDir)
trap 'rm -rf "$TEMP_DIR"' EXIT trap 'rm -rf "$TEMP_DIR"' EXIT
# There is no $ interpolation due to quotes on starting heredoc delimiter. # There is no $ interpolation due to quotes on starting heredoc delimiter.
@@ -845,18 +860,18 @@ letsencrypt==0.7.0 \
# THE LINES BELOW ARE EDITED BY THE RELEASE SCRIPT; ADD ALL DEPENDENCIES ABOVE. # THE LINES BELOW ARE EDITED BY THE RELEASE SCRIPT; ADD ALL DEPENDENCIES ABOVE.
acme==0.13.0 \ acme==0.14.0 \
--hash=sha256:103ce8bed43aad1a9655ed815df09bbeab86ee16cc82137b44d9dac68faa394f \ --hash=sha256:fca8766a2596833e8886f7ef72cf82d1f6c6cffa895781a5676861c251b24b70 \
--hash=sha256:7489b3e20d02da0a389aedb82408ffb6b76294e41d833db85591b9f779539815 --hash=sha256:ce7d2bca31e85adac1030c944e0a9d96e8b0f85cdc616b78d40eb09c91803543
certbot==0.13.0 \ certbot==0.14.0 \
--hash=sha256:65d0d9d158972aff7746d4ef80a20465a14c54ae8bcb879216970c2a1b34503c \ --hash=sha256:071790b1ec4e5b94aa1688f8a62a10905c28438cd55d990cdb8c9f733d3a4a41 \
--hash=sha256:f63ad7747edaca2fb7d60c28882e44d2f48ff1cca9b9c7c251ad47e2189c00f3 --hash=sha256:98add3721e1edaedb404879a9d39bd49020e94fc8eedbc46032a00ada51d7741
certbot-apache==0.13.0 \ certbot-apache==0.14.0 \
--hash=sha256:22f7c1dc93439384c0874960081d66957910c6dc737a9facbd9fcbc46c545874 \ --hash=sha256:ab837efce7aa4c4e47a724a60dcbeacadb9dfe64bd1d32a4e854678c4fcd82a3 \
--hash=sha256:b43b04b53005e7218a09a0ba4d97581fab369e929472fa49fb55d29d0ab54589 --hash=sha256:bbcd21d9f3fd8cdc4453ef94d0cb6033c3a19f879dcd314231501ebb7180168f
certbot-nginx==0.13.0 \ certbot-nginx==0.14.0 \
--hash=sha256:9d0ab4eeb98b0ebad70ba116b32268342ad343d82d64990a652ff8072959b044 \ --hash=sha256:608b2f6f2b04ce93c503a95ffba4f0e0ca2e0cb9ea587a8376368fa621b388e4 \
--hash=sha256:f026a8faee8397a22c5d4a7623a6ef7c7e780ed63a3bdf9940f43f7823aa2a72 --hash=sha256:86e964b2a7818cc165d913e27e504f2ef2f60750ab0db6d39bfb3465d54c30db
UNLIKELY_EOF UNLIKELY_EOF
# ------------------------------------------------------------------------- # -------------------------------------------------------------------------
@@ -1022,42 +1037,40 @@ UNLIKELY_EOF
set -e set -e
if [ "$PIP_STATUS" != 0 ]; then if [ "$PIP_STATUS" != 0 ]; then
# Report error. (Otherwise, be quiet.) # Report error. (Otherwise, be quiet.)
echo "Had a problem while installing Python packages." error "Had a problem while installing Python packages."
if [ "$VERBOSE" != 1 ]; then if [ "$VERBOSE" != 1 ]; then
echo error
echo "pip prints the following errors: " error "pip prints the following errors: "
echo "=====================================================" error "====================================================="
echo "$PIP_OUT" error "$PIP_OUT"
echo "=====================================================" error "====================================================="
echo error
echo "Certbot has problem setting up the virtual environment." error "Certbot has problem setting up the virtual environment."
if `echo $PIP_OUT | grep -q Killed` || `echo $PIP_OUT | grep -q "allocate memory"` ; then if `echo $PIP_OUT | grep -q Killed` || `echo $PIP_OUT | grep -q "allocate memory"` ; then
echo error
echo "Based on your pip output, the problem can likely be fixed by " error "Based on your pip output, the problem can likely be fixed by "
echo "increasing the available memory." error "increasing the available memory."
else else
echo error
echo "We were not be able to guess the right solution from your pip " error "We were not be able to guess the right solution from your pip "
echo "output." error "output."
fi fi
echo error
echo "Consult https://certbot.eff.org/docs/install.html#problems-with-python-virtual-environment" error "Consult https://certbot.eff.org/docs/install.html#problems-with-python-virtual-environment"
echo "for possible solutions." error "for possible solutions."
echo "You may also find some support resources at https://certbot.eff.org/support/ ." error "You may also find some support resources at https://certbot.eff.org/support/ ."
fi fi
rm -rf "$VENV_PATH" rm -rf "$VENV_PATH"
exit 1 exit 1
fi fi
echo "Installation succeeded." say "Installation succeeded."
fi fi
if [ -n "$SUDO" ]; then if [ -n "$SUDO" ]; then
# SUDO is su wrapper or sudo # SUDO is su wrapper or sudo
if [ "$QUIET" != 1 ]; then say "Requesting root privileges to run certbot..."
echo "Requesting root privileges to run certbot..." say " $VENV_BIN/letsencrypt" "$@"
echo " $VENV_BIN/letsencrypt" "$@"
fi
fi fi
if [ -z "$SUDO_ENV" ] ; then if [ -z "$SUDO_ENV" ] ; then
# SUDO is su wrapper / noop # SUDO is su wrapper / noop
@@ -1084,7 +1097,7 @@ else
Bootstrap Bootstrap
fi fi
if [ "$OS_PACKAGES_ONLY" = 1 ]; then if [ "$OS_PACKAGES_ONLY" = 1 ]; then
echo "OS packages installed." say "OS packages installed."
exit 0 exit 0
fi fi
@@ -1227,9 +1240,9 @@ UNLIKELY_EOF
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
DeterminePythonVersion DeterminePythonVersion
if ! REMOTE_VERSION=`"$LE_PYTHON" "$TEMP_DIR/fetch.py" --latest-version` ; then if ! REMOTE_VERSION=`"$LE_PYTHON" "$TEMP_DIR/fetch.py" --latest-version` ; then
echo "WARNING: unable to check for updates." error "WARNING: unable to check for updates."
elif [ "$LE_AUTO_VERSION" != "$REMOTE_VERSION" ]; then elif [ "$LE_AUTO_VERSION" != "$REMOTE_VERSION" ]; then
echo "Upgrading certbot-auto $LE_AUTO_VERSION to $REMOTE_VERSION..." say "Upgrading certbot-auto $LE_AUTO_VERSION to $REMOTE_VERSION..."
# Now we drop into Python so we don't have to install even more # Now we drop into Python so we don't have to install even more
# dependencies (curl, etc.), for better flow control, and for the option of # dependencies (curl, etc.), for better flow control, and for the option of
@@ -1238,7 +1251,7 @@ UNLIKELY_EOF
# Install new copy of certbot-auto. # Install new copy of certbot-auto.
# TODO: Deal with quotes in pathnames. # TODO: Deal with quotes in pathnames.
echo "Replacing certbot-auto..." say "Replacing certbot-auto..."
# Clone permissions with cp. chmod and chown don't have a --reference # Clone permissions with cp. chmod and chown don't have a --reference
# option on macOS or BSD, and stat -c on Linux is stat -f on macOS and BSD: # option on macOS or BSD, and stat -c on Linux is stat -f on macOS and BSD:
$SUDO cp -p "$0" "$TEMP_DIR/letsencrypt-auto.permission-clone" $SUDO cp -p "$0" "$TEMP_DIR/letsencrypt-auto.permission-clone"

14
letsencrypt-auto-source/certbot-auto.asc
View File

@@ -1,11 +1,11 @@
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v2 Version: GnuPG v2
iQEcBAABCAAGBQJY5WxEAAoJEE0XyZXNl3XyoDYH/joyJ/7cS4+SoTEiPpVcDnK+ iQEcBAABCAAGBQJZC76WAAoJEE0XyZXNl3XyXhcIAJ1+gPoWZmXjFcC4by2tDBoM
YJVhxP6pir6GaRvl+ebWlo7ichS4c0Kye8e5BPVj5RtZbDT88iplMZ2EyUmeA579 Lkxf5BNxq8aq7qSohU8SqSo6ShDkWh9ci390n+jbOX1R503uQL1egGbEAJbziFYq
8Z96p9qoEANeGWiPe+KCDXRHJfCAsphcHSLTeS8lXgG8SP13p7hsML6hn3gosRdu vym6j0AmqM+2/YcWmcj3J7RYtDOV1sUPKD2pgUxWtvQrd9iZ1235WMzBF/uBprzm
OG4/SnFBDLLwu4YwUVom4U+Z+dYS1jQstge4sexr85jCX/Lds7M5WM/lFiYMBsJ8 qAtFwF04V2H3kkC4e7+jAEkFzs1TJ8fYumqqqw0NgSwM6bikfurpRyf8qR2RVYWt
uZd/IGKwb7jvsc4u58Ruj9xiTcchaxn15NMJR7R967Mt5ortSvZ3C6Cv3NyubJmB e3GOTxyBVbjhp2UPy/O8Xx7iBD3m+t9mJgsCJ9l8s7xKot6LF7+WrJkn0A3cfKcR
hmGQVU+eNBTeEwPSIN8xAf3fcwh2wlRMaTZOy5nJ3IoDdSQuwO9IGxxdkNDSegE= LSTataKedsP3u1jOgP3y2ujumBlDlDRuXn6vK/YKNYNnHte5B9mstSzoDGgRvHE=
=8KUq =3Jgs
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----

26
letsencrypt-auto-source/letsencrypt-auto
View File

@@ -28,7 +28,7 @@ if [ -z "$VENV_PATH" ]; then
VENV_PATH="$XDG_DATA_HOME/$VENV_NAME" VENV_PATH="$XDG_DATA_HOME/$VENV_NAME"
fi fi
VENV_BIN="$VENV_PATH/bin" VENV_BIN="$VENV_PATH/bin"
LE_AUTO_VERSION="0.14.0.dev0" LE_AUTO_VERSION="0.14.0"
BASENAME=$(basename $0) BASENAME=$(basename $0)
USAGE="Usage: $BASENAME [OPTIONS] USAGE="Usage: $BASENAME [OPTIONS]
A self-updating wrapper script for the Certbot ACME client. When run, updates A self-updating wrapper script for the Certbot ACME client. When run, updates
@@ -860,18 +860,18 @@ letsencrypt==0.7.0 \
# THE LINES BELOW ARE EDITED BY THE RELEASE SCRIPT; ADD ALL DEPENDENCIES ABOVE. # THE LINES BELOW ARE EDITED BY THE RELEASE SCRIPT; ADD ALL DEPENDENCIES ABOVE.
acme==0.13.0 \ acme==0.14.0 \
--hash=sha256:103ce8bed43aad1a9655ed815df09bbeab86ee16cc82137b44d9dac68faa394f \ --hash=sha256:fca8766a2596833e8886f7ef72cf82d1f6c6cffa895781a5676861c251b24b70 \
--hash=sha256:7489b3e20d02da0a389aedb82408ffb6b76294e41d833db85591b9f779539815 --hash=sha256:ce7d2bca31e85adac1030c944e0a9d96e8b0f85cdc616b78d40eb09c91803543
certbot==0.13.0 \ certbot==0.14.0 \
--hash=sha256:65d0d9d158972aff7746d4ef80a20465a14c54ae8bcb879216970c2a1b34503c \ --hash=sha256:071790b1ec4e5b94aa1688f8a62a10905c28438cd55d990cdb8c9f733d3a4a41 \
--hash=sha256:f63ad7747edaca2fb7d60c28882e44d2f48ff1cca9b9c7c251ad47e2189c00f3 --hash=sha256:98add3721e1edaedb404879a9d39bd49020e94fc8eedbc46032a00ada51d7741
certbot-apache==0.13.0 \ certbot-apache==0.14.0 \
--hash=sha256:22f7c1dc93439384c0874960081d66957910c6dc737a9facbd9fcbc46c545874 \ --hash=sha256:ab837efce7aa4c4e47a724a60dcbeacadb9dfe64bd1d32a4e854678c4fcd82a3 \
--hash=sha256:b43b04b53005e7218a09a0ba4d97581fab369e929472fa49fb55d29d0ab54589 --hash=sha256:bbcd21d9f3fd8cdc4453ef94d0cb6033c3a19f879dcd314231501ebb7180168f
certbot-nginx==0.13.0 \ certbot-nginx==0.14.0 \
--hash=sha256:9d0ab4eeb98b0ebad70ba116b32268342ad343d82d64990a652ff8072959b044 \ --hash=sha256:608b2f6f2b04ce93c503a95ffba4f0e0ca2e0cb9ea587a8376368fa621b388e4 \
--hash=sha256:f026a8faee8397a22c5d4a7623a6ef7c7e780ed63a3bdf9940f43f7823aa2a72 --hash=sha256:86e964b2a7818cc165d913e27e504f2ef2f60750ab0db6d39bfb3465d54c30db
UNLIKELY_EOF UNLIKELY_EOF
# ------------------------------------------------------------------------- # -------------------------------------------------------------------------

BIN
letsencrypt-auto-source/letsencrypt-auto.sig
View File

Binary file not shown.

24
letsencrypt-auto-source/pieces/letsencrypt-auto-requirements.txt
View File

@@ -171,15 +171,15 @@ letsencrypt==0.7.0 \
# THE LINES BELOW ARE EDITED BY THE RELEASE SCRIPT; ADD ALL DEPENDENCIES ABOVE. # THE LINES BELOW ARE EDITED BY THE RELEASE SCRIPT; ADD ALL DEPENDENCIES ABOVE.
acme==0.13.0 \ acme==0.14.0 \
--hash=sha256:103ce8bed43aad1a9655ed815df09bbeab86ee16cc82137b44d9dac68faa394f \ --hash=sha256:fca8766a2596833e8886f7ef72cf82d1f6c6cffa895781a5676861c251b24b70 \
--hash=sha256:7489b3e20d02da0a389aedb82408ffb6b76294e41d833db85591b9f779539815 --hash=sha256:ce7d2bca31e85adac1030c944e0a9d96e8b0f85cdc616b78d40eb09c91803543
certbot==0.13.0 \ certbot==0.14.0 \
--hash=sha256:65d0d9d158972aff7746d4ef80a20465a14c54ae8bcb879216970c2a1b34503c \ --hash=sha256:071790b1ec4e5b94aa1688f8a62a10905c28438cd55d990cdb8c9f733d3a4a41 \
--hash=sha256:f63ad7747edaca2fb7d60c28882e44d2f48ff1cca9b9c7c251ad47e2189c00f3 --hash=sha256:98add3721e1edaedb404879a9d39bd49020e94fc8eedbc46032a00ada51d7741
certbot-apache==0.13.0 \ certbot-apache==0.14.0 \
--hash=sha256:22f7c1dc93439384c0874960081d66957910c6dc737a9facbd9fcbc46c545874 \ --hash=sha256:ab837efce7aa4c4e47a724a60dcbeacadb9dfe64bd1d32a4e854678c4fcd82a3 \
--hash=sha256:b43b04b53005e7218a09a0ba4d97581fab369e929472fa49fb55d29d0ab54589 --hash=sha256:bbcd21d9f3fd8cdc4453ef94d0cb6033c3a19f879dcd314231501ebb7180168f
certbot-nginx==0.13.0 \ certbot-nginx==0.14.0 \
--hash=sha256:9d0ab4eeb98b0ebad70ba116b32268342ad343d82d64990a652ff8072959b044 \ --hash=sha256:608b2f6f2b04ce93c503a95ffba4f0e0ca2e0cb9ea587a8376368fa621b388e4 \
--hash=sha256:f026a8faee8397a22c5d4a7623a6ef7c7e780ed63a3bdf9940f43f7823aa2a72 --hash=sha256:86e964b2a7818cc165d913e27e504f2ef2f60750ab0db6d39bfb3465d54c30db