crypt/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2025-08-06 16:42:41 +03:00
Code Activity

Release 0.18.0

Browse Source
This commit is contained in:
Brad Warren
2017-09-05 16:06:43 -07:00
parent 8ad18cbe6e
commit 756c44f7af
22 changed files with 644 additions and 314 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
acme/setup.py
View File

@@ -4,7 +4,7 @@ from setuptools import setup
from setuptools import find_packages from setuptools import find_packages
version = '0.18.0.dev0' version = '0.18.0'
# Please update tox.ini when modifying dependency version requirements # Please update tox.ini when modifying dependency version requirements
install_requires = [ install_requires = [

2
certbot-apache/setup.py
View File

@@ -4,7 +4,7 @@ from setuptools import setup
from setuptools import find_packages from setuptools import find_packages
version = '0.18.0.dev0' version = '0.18.0'
# Please update tox.ini when modifying dependency version requirements # Please update tox.ini when modifying dependency version requirements
install_requires = [ install_requires = [

419
certbot-auto
View File

@@ -23,12 +23,15 @@ fi
if [ -z "$XDG_DATA_HOME" ]; then if [ -z "$XDG_DATA_HOME" ]; then
XDG_DATA_HOME=~/.local/share XDG_DATA_HOME=~/.local/share
fi fi
VENV_NAME="letsencrypt"
if [ -z "$VENV_PATH" ]; then if [ -z "$VENV_PATH" ]; then
VENV_PATH="$XDG_DATA_HOME/$VENV_NAME" # We export these values so they are preserved properly if this script is
# rerun with sudo/su where $HOME/$XDG_DATA_HOME may have a different value.
export OLD_VENV_PATH="$XDG_DATA_HOME/letsencrypt"
export VENV_PATH="/opt/eff.org/certbot/venv"
fi fi
VENV_BIN="$VENV_PATH/bin" VENV_BIN="$VENV_PATH/bin"
LE_AUTO_VERSION="0.17.0" BOOTSTRAP_VERSION_PATH="$VENV_PATH/certbot-auto-bootstrap-version.txt"
LE_AUTO_VERSION="0.18.0"
BASENAME=$(basename $0) BASENAME=$(basename $0)
USAGE="Usage: $BASENAME [OPTIONS] USAGE="Usage: $BASENAME [OPTIONS]
A self-updating wrapper script for the Certbot ACME client. When run, updates A self-updating wrapper script for the Certbot ACME client. When run, updates
@@ -49,6 +52,7 @@ Help for certbot itself cannot be provided until it is installed.
implies --non-interactive implies --non-interactive
All arguments are accepted and forwarded to the Certbot client when run." All arguments are accepted and forwarded to the Certbot client when run."
export CERTBOT_AUTO="$0"
for arg in "$@" ; do for arg in "$@" ; do
case "$arg" in case "$arg" in
@@ -77,7 +81,7 @@ for arg in "$@" ; do
h) h)
HELP=1;; HELP=1;;
n) n)
ASSUME_YES=1;; NONINTERACTIVE=1;;
q) q)
QUIET=1;; QUIET=1;;
v) v)
@@ -93,8 +97,8 @@ if [ $BASENAME = "letsencrypt-auto" ]; then
HELP=0 HELP=0
fi fi
# Set ASSUME_YES to 1 if QUIET (i.e. --quiet implies --non-interactive) # Set ASSUME_YES to 1 if QUIET or NONINTERACTIVE
if [ "$QUIET" = 1 ]; then if [ "$QUIET" = 1 -o "$NONINTERACTIVE" = 1 ]; then
ASSUME_YES=1 ASSUME_YES=1
fi fi
@@ -119,16 +123,18 @@ else
exit 1 exit 1
fi fi
# certbot-auto needs root access to bootstrap OS dependencies, and # Certbot itself needs root access for almost all modes of operation.
# certbot itself needs root access for almost all modes of operation # certbot-auto needs root access to bootstrap OS dependencies and install
# The "normal" case is that sudo is used for the steps that need root, but # Certbot at a protected path so it can be safely run as root. To accomplish
# this script *can* be run as root (not recommended), or fall back to using # this, this script will attempt to run itself as root if it doesn't have the
# `su`. Auto-detection can be overridden by explicitly setting the # necessary privileges by using `sudo` or falling back to `su` if it is not
# environment variable LE_AUTO_SUDO to 'sudo', 'sudo_su' or '' as used below. # available. The mechanism used to obtain root access can be set explicitly by
# setting the environment variable LE_AUTO_SUDO to 'sudo', 'su', 'su_sudo',
# 'SuSudo', or '' as used below.
# Because the parameters in `su -c` has to be a string, # Because the parameters in `su -c` has to be a string,
# we need to properly escape it. # we need to properly escape it.
su_sudo() { SuSudo() {
args="" args=""
# This `while` loop iterates over all parameters given to this function. # This `while` loop iterates over all parameters given to this function.
# For each parameter, all `'` will be replace by `'"'"'`, and the escaped string # For each parameter, all `'` will be replace by `'"'"'`, and the escaped string
@@ -147,34 +153,47 @@ su_sudo() {
su root -c "$args" su root -c "$args"
} }
SUDO_ENV="" # Sets the environment variable SUDO to be the name of the program or function
export CERTBOT_AUTO="$0" # to call to get root access. If this script already has root privleges, SUDO
if [ -n "${LE_AUTO_SUDO+x}" ]; then # is set to an empty string. The value in SUDO should be run with the command
case "$LE_AUTO_SUDO" in # to called with root privileges as arguments.
su_sudo|su) SetRootAuthMechanism() {
SUDO=su_sudo SUDO=""
;; if [ -n "${LE_AUTO_SUDO+x}" ]; then
sudo) case "$LE_AUTO_SUDO" in
SUDO=sudo SuSudo|su_sudo|su)
SUDO_ENV="CERTBOT_AUTO=$0" SUDO=SuSudo
;; ;;
'') ;; # Nothing to do for plain root method. sudo)
*) SUDO="sudo -E"
error "Error: unknown root authorization mechanism '$LE_AUTO_SUDO'." ;;
exit 1 '') ;; # Nothing to do for plain root method.
esac *)
say "Using preset root authorization mechanism '$LE_AUTO_SUDO'." error "Error: unknown root authorization mechanism '$LE_AUTO_SUDO'."
else exit 1
if test "`id -u`" -ne "0" ; then esac
if $EXISTS sudo 1>/dev/null 2>&1; then say "Using preset root authorization mechanism '$LE_AUTO_SUDO'."
SUDO=sudo
SUDO_ENV="CERTBOT_AUTO=$0"
else
say \"sudo\" is not available, will use \"su\" for installation steps...
SUDO=su_sudo
fi
else else
SUDO= if test "`id -u`" -ne "0" ; then
if $EXISTS sudo 1>/dev/null 2>&1; then
SUDO="sudo -E"
else
say \"sudo\" is not available, will use \"su\" for installation steps...
SUDO=SuSudo
fi
fi
fi
}
if [ "$1" = "--cb-auto-has-root" ]; then
shift 1
elif [ "$1" != "--le-auto-phase2" ]; then
# if $1 is --le-auto-phase2, we've executed this branch before
SetRootAuthMechanism
if [ -n "$SUDO" ]; then
echo "Requesting to rerun $0 with root privileges..."
$SUDO "$0" --cb-auto-has-root "$@"
exit 0
fi fi
fi fi
@@ -238,6 +257,10 @@ DeterminePythonVersion() {
fi fi
} }
# If new packages are installed by BootstrapDebCommon below, this version
# number must be increased.
BOOTSTRAP_DEB_COMMON_VERSION=1
BootstrapDebCommon() { BootstrapDebCommon() {
# Current version tested with: # Current version tested with:
# #
@@ -261,7 +284,7 @@ BootstrapDebCommon() {
QUIET_FLAG='-qq' QUIET_FLAG='-qq'
fi fi
$SUDO apt-get $QUIET_FLAG update || error apt-get update hit problems but continuing anyway... apt-get $QUIET_FLAG update || error apt-get update hit problems but continuing anyway...
# virtualenv binary can be found in different packages depending on # virtualenv binary can be found in different packages depending on
# distro version (#346) # distro version (#346)
@@ -311,13 +334,13 @@ BootstrapDebCommon() {
esac esac
fi fi
if [ "$add_backports" = 1 ]; then if [ "$add_backports" = 1 ]; then
$SUDO sh -c "echo $BACKPORT_SOURCELINE >> /etc/apt/sources.list.d/$BACKPORT_NAME.list" sh -c "echo $BACKPORT_SOURCELINE >> /etc/apt/sources.list.d/$BACKPORT_NAME.list"
$SUDO apt-get $QUIET_FLAG update apt-get $QUIET_FLAG update
fi fi
fi fi
fi fi
if [ "$add_backports" != 0 ]; then if [ "$add_backports" != 0 ]; then
$SUDO apt-get install $QUIET_FLAG $YES_FLAG --no-install-recommends -t "$BACKPORT_NAME" $augeas_pkg apt-get install $QUIET_FLAG $YES_FLAG --no-install-recommends -t "$BACKPORT_NAME" $augeas_pkg
augeas_pkg= augeas_pkg=
fi fi
} }
@@ -336,7 +359,7 @@ BootstrapDebCommon() {
# XXX add a case for ubuntu PPAs # XXX add a case for ubuntu PPAs
fi fi
$SUDO apt-get install $QUIET_FLAG $YES_FLAG --no-install-recommends \ apt-get install $QUIET_FLAG $YES_FLAG --no-install-recommends \
python \ python \
python-dev \ python-dev \
$virtualenv \ $virtualenv \
@@ -354,6 +377,10 @@ BootstrapDebCommon() {
fi fi
} }
# If new packages are installed by BootstrapRpmCommon below, this version
# number must be increased.
BOOTSTRAP_RPM_COMMON_VERSION=1
BootstrapRpmCommon() { BootstrapRpmCommon() {
# Tested with: # Tested with:
# - Fedora 20, 21, 22, 23 (x64) # - Fedora 20, 21, 22, 23 (x64)
@@ -380,9 +407,9 @@ BootstrapRpmCommon() {
QUIET_FLAG='--quiet' QUIET_FLAG='--quiet'
fi fi
if ! $SUDO $tool list *virtualenv >/dev/null 2>&1; then if ! $tool list *virtualenv >/dev/null 2>&1; then
echo "To use Certbot, packages from the EPEL repository need to be installed." echo "To use Certbot, packages from the EPEL repository need to be installed."
if ! $SUDO $tool list epel-release >/dev/null 2>&1; then if ! $tool list epel-release >/dev/null 2>&1; then
error "Enable the EPEL repository and try running Certbot again." error "Enable the EPEL repository and try running Certbot again."
exit 1 exit 1
fi fi
@@ -394,7 +421,7 @@ BootstrapRpmCommon() {
/bin/echo -e "\e[0K\rEnabling the EPEL repository in 1 seconds..." /bin/echo -e "\e[0K\rEnabling the EPEL repository in 1 seconds..."
sleep 1s sleep 1s
fi fi
if ! $SUDO $tool install $yes_flag $QUIET_FLAG epel-release; then if ! $tool install $yes_flag $QUIET_FLAG epel-release; then
error "Could not enable EPEL. Aborting bootstrap!" error "Could not enable EPEL. Aborting bootstrap!"
exit 1 exit 1
fi fi
@@ -410,9 +437,8 @@ BootstrapRpmCommon() {
ca-certificates ca-certificates
" "
# Some distros and older versions of current distros use a "python27" # Most RPM distros use the "python" or "python-" naming convention. Let's try that first.
# instead of "python" naming convention. Try both conventions. if $tool list python >/dev/null 2>&1; then
if $SUDO $tool list python >/dev/null 2>&1; then
pkgs="$pkgs pkgs="$pkgs
python python
python-devel python-devel
@@ -420,6 +446,20 @@ BootstrapRpmCommon() {
python-tools python-tools
python-pip python-pip
" "
# Fedora 26 starts to use the prefix python2 for python2 based packages.
# this elseif is theoretically for any Fedora over version 26:
elif $tool list python2 >/dev/null 2>&1; then
pkgs="$pkgs
python2
python2-libs
python2-setuptools
python2-devel
python2-virtualenv
python2-tools
python2-pip
"
# Some distros and older versions of current distros use a "python27"
# instead of the "python" or "python-" naming convention.
else else
pkgs="$pkgs pkgs="$pkgs
python27 python27
@@ -430,18 +470,22 @@ BootstrapRpmCommon() {
" "
fi fi
if $SUDO $tool list installed "httpd" >/dev/null 2>&1; then if $tool list installed "httpd" >/dev/null 2>&1; then
pkgs="$pkgs pkgs="$pkgs
mod_ssl mod_ssl
" "
fi fi
if ! $SUDO $tool install $yes_flag $QUIET_FLAG $pkgs; then if ! $tool install $yes_flag $QUIET_FLAG $pkgs; then
error "Could not install OS dependencies. Aborting bootstrap!" error "Could not install OS dependencies. Aborting bootstrap!"
exit 1 exit 1
fi fi
} }
# If new packages are installed by BootstrapSuseCommon below, this version
# number must be increased.
BOOTSTRAP_SUSE_COMMON_VERSION=1
BootstrapSuseCommon() { BootstrapSuseCommon() {
# SLE12 don't have python-virtualenv # SLE12 don't have python-virtualenv
@@ -454,7 +498,7 @@ BootstrapSuseCommon() {
QUIET_FLAG='-qq' QUIET_FLAG='-qq'
fi fi
$SUDO zypper $QUIET_FLAG $zypper_flags in $install_flags \ zypper $QUIET_FLAG $zypper_flags in $install_flags \
python \ python \
python-devel \ python-devel \
python-virtualenv \ python-virtualenv \
@@ -465,6 +509,10 @@ BootstrapSuseCommon() {
ca-certificates ca-certificates
} }
# If new packages are installed by BootstrapArchCommon below, this version
# number must be increased.
BOOTSTRAP_ARCH_COMMON_VERSION=1
BootstrapArchCommon() { BootstrapArchCommon() {
# Tested with: # Tested with:
# - ArchLinux (x86_64) # - ArchLinux (x86_64)
@@ -485,21 +533,25 @@ BootstrapArchCommon() {
" "
# pacman -T exits with 127 if there are missing dependencies # pacman -T exits with 127 if there are missing dependencies
missing=$($SUDO pacman -T $deps) || true missing=$(pacman -T $deps) || true
if [ "$ASSUME_YES" = 1 ]; then if [ "$ASSUME_YES" = 1 ]; then
noconfirm="--noconfirm" noconfirm="--noconfirm"
fi fi
if [ "$missing" ]; then if [ "$missing" ]; then
if [ "$QUIET" = 1]; then if [ "$QUIET" = 1 ]; then
$SUDO pacman -S --needed $missing $noconfirm > /dev/null pacman -S --needed $missing $noconfirm > /dev/null
else else
$SUDO pacman -S --needed $missing $noconfirm pacman -S --needed $missing $noconfirm
fi fi
fi fi
} }
# If new packages are installed by BootstrapGentooCommon below, this version
# number must be increased.
BOOTSTRAP_GENTOO_COMMON_VERSION=1
BootstrapGentooCommon() { BootstrapGentooCommon() {
PACKAGES=" PACKAGES="
dev-lang/python:2.7 dev-lang/python:2.7
@@ -517,29 +569,37 @@ BootstrapGentooCommon() {
case "$PACKAGE_MANAGER" in case "$PACKAGE_MANAGER" in
(paludis) (paludis)
$SUDO cave resolve --preserve-world --keep-targets if-possible $PACKAGES -x cave resolve --preserve-world --keep-targets if-possible $PACKAGES -x
;; ;;
(pkgcore) (pkgcore)
$SUDO pmerge --noreplace --oneshot $ASK_OPTION $PACKAGES pmerge --noreplace --oneshot $ASK_OPTION $PACKAGES
;; ;;
(portage|*) (portage|*)
$SUDO emerge --noreplace --oneshot $ASK_OPTION $PACKAGES emerge --noreplace --oneshot $ASK_OPTION $PACKAGES
;; ;;
esac esac
} }
# If new packages are installed by BootstrapFreeBsd below, this version number
# must be increased.
BOOTSTRAP_FREEBSD_VERSION=1
BootstrapFreeBsd() { BootstrapFreeBsd() {
if [ "$QUIET" = 1 ]; then if [ "$QUIET" = 1 ]; then
QUIET_FLAG="--quiet" QUIET_FLAG="--quiet"
fi fi
$SUDO pkg install -Ay $QUIET_FLAG \ pkg install -Ay $QUIET_FLAG \
python \ python \
py27-virtualenv \ py27-virtualenv \
augeas \ augeas \
libffi libffi
} }
# If new packages are installed by BootstrapMac below, this version number must
# be increased.
BOOTSTRAP_MAC_VERSION=1
BootstrapMac() { BootstrapMac() {
if hash brew 2>/dev/null; then if hash brew 2>/dev/null; then
say "Using Homebrew to install dependencies..." say "Using Homebrew to install dependencies..."
@@ -548,7 +608,7 @@ BootstrapMac() {
elif hash port 2>/dev/null; then elif hash port 2>/dev/null; then
say "Using MacPorts to install dependencies..." say "Using MacPorts to install dependencies..."
pkgman=port pkgman=port
pkgcmd="$SUDO port install" pkgcmd="port install"
else else
say "No Homebrew/MacPorts; installing Homebrew..." say "No Homebrew/MacPorts; installing Homebrew..."
ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
@@ -568,8 +628,8 @@ BootstrapMac() {
# Workaround for _dlopen not finding augeas on macOS # Workaround for _dlopen not finding augeas on macOS
if [ "$pkgman" = "port" ] && ! [ -e "/usr/local/lib/libaugeas.dylib" ] && [ -e "/opt/local/lib/libaugeas.dylib" ]; then if [ "$pkgman" = "port" ] && ! [ -e "/usr/local/lib/libaugeas.dylib" ] && [ -e "/opt/local/lib/libaugeas.dylib" ]; then
say "Applying augeas workaround" say "Applying augeas workaround"
$SUDO mkdir -p /usr/local/lib/ mkdir -p /usr/local/lib/
$SUDO ln -s /opt/local/lib/libaugeas.dylib /usr/local/lib/ ln -s /opt/local/lib/libaugeas.dylib /usr/local/lib/
fi fi
if ! hash pip 2>/dev/null; then if ! hash pip 2>/dev/null; then
@@ -585,17 +645,25 @@ BootstrapMac() {
fi fi
} }
# If new packages are installed by BootstrapSmartOS below, this version number
# must be increased.
BOOTSTRAP_SMARTOS_VERSION=1
BootstrapSmartOS() { BootstrapSmartOS() {
pkgin update pkgin update
pkgin -y install 'gcc49' 'py27-augeas' 'py27-virtualenv' pkgin -y install 'gcc49' 'py27-augeas' 'py27-virtualenv'
} }
# If new packages are installed by BootstrapMageiaCommon below, this version
# number must be increased.
BOOTSTRAP_MAGEIA_COMMON_VERSION=1
BootstrapMageiaCommon() { BootstrapMageiaCommon() {
if [ "$QUIET" = 1 ]; then if [ "$QUIET" = 1 ]; then
QUIET_FLAG='--quiet' QUIET_FLAG='--quiet'
fi fi
if ! $SUDO urpmi --force $QUIET_FLAG \ if ! urpmi --force $QUIET_FLAG \
python \ python \
libpython-devel \ libpython-devel \
python-virtualenv python-virtualenv
@@ -604,7 +672,7 @@ BootstrapMageiaCommon() {
exit 1 exit 1
fi fi
if ! $SUDO urpmi --force $QUIET_FLAG \ if ! urpmi --force $QUIET_FLAG \
git \ git \
gcc \ gcc \
python-augeas \ python-augeas \
@@ -618,23 +686,41 @@ BootstrapMageiaCommon() {
} }
# Install required OS packages: # Set Bootstrap to the function that installs OS dependencies on this system
Bootstrap() { # and BOOTSTRAP_VERSION to the unique identifier for the current version of
if [ "$NO_BOOTSTRAP" = 1 ]; then # that function. If Bootstrap is set to a function that doesn't install any
return # packages (either because --no-bootstrap was included on the command line or
elif [ -f /etc/debian_version ]; then # we don't know how to bootstrap on this system), BOOTSTRAP_VERSION is not set.
if [ "$NO_BOOTSTRAP" = 1 ]; then
Bootstrap() {
:
}
elif [ -f /etc/debian_version ]; then
Bootstrap() {
BootstrapMessage "Debian-based OSes" BootstrapMessage "Debian-based OSes"
BootstrapDebCommon BootstrapDebCommon
elif [ -f /etc/mageia-release ]; then }
# Mageia has both /etc/mageia-release and /etc/redhat-release BOOTSTRAP_VERSION="BootstrapDebCommon $BOOTSTRAP_DEB_COMMON_VERSION"
elif [ -f /etc/mageia-release ]; then
# Mageia has both /etc/mageia-release and /etc/redhat-release
Bootstrap() {
ExperimentalBootstrap "Mageia" BootstrapMageiaCommon ExperimentalBootstrap "Mageia" BootstrapMageiaCommon
elif [ -f /etc/redhat-release ]; then }
BOOTSTRAP_VERSION="BootstrapMageiaCommon $BOOTSTRAP_MAGEIA_COMMON_VERSION"
elif [ -f /etc/redhat-release ]; then
Bootstrap() {
BootstrapMessage "RedHat-based OSes" BootstrapMessage "RedHat-based OSes"
BootstrapRpmCommon BootstrapRpmCommon
elif [ -f /etc/os-release ] && `grep -q openSUSE /etc/os-release` ; then }
BOOTSTRAP_VERSION="BootstrapRpmCommon $BOOTSTRAP_RPM_COMMON_VERSION"
elif [ -f /etc/os-release ] && `grep -q openSUSE /etc/os-release` ; then
Bootstrap() {
BootstrapMessage "openSUSE-based OSes" BootstrapMessage "openSUSE-based OSes"
BootstrapSuseCommon BootstrapSuseCommon
elif [ -f /etc/arch-release ]; then }
BOOTSTRAP_VERSION="BootstrapSuseCommon $BOOTSTRAP_SUSE_COMMON_VERSION"
elif [ -f /etc/arch-release ]; then
Bootstrap() {
if [ "$DEBUG" = 1 ]; then if [ "$DEBUG" = 1 ]; then
BootstrapMessage "Archlinux" BootstrapMessage "Archlinux"
BootstrapArchCommon BootstrapArchCommon
@@ -646,25 +732,76 @@ Bootstrap() {
error "--debug flag." error "--debug flag."
exit 1 exit 1
fi fi
elif [ -f /etc/manjaro-release ]; then }
BOOTSTRAP_VERSION="BootstrapArchCommon $BOOTSTRAP_ARCH_COMMON_VERSION"
elif [ -f /etc/manjaro-release ]; then
Bootstrap() {
ExperimentalBootstrap "Manjaro Linux" BootstrapArchCommon ExperimentalBootstrap "Manjaro Linux" BootstrapArchCommon
elif [ -f /etc/gentoo-release ]; then }
BOOTSTRAP_VERSION="BootstrapArchCommon $BOOTSTRAP_ARCH_COMMON_VERSION"
elif [ -f /etc/gentoo-release ]; then
Bootstrap() {
DeprecationBootstrap "Gentoo" BootstrapGentooCommon DeprecationBootstrap "Gentoo" BootstrapGentooCommon
elif uname | grep -iq FreeBSD ; then }
BOOTSTRAP_VERSION="BootstrapGentooCommon $BOOTSTRAP_GENTOO_COMMON_VERSION"
elif uname | grep -iq FreeBSD ; then
Bootstrap() {
DeprecationBootstrap "FreeBSD" BootstrapFreeBsd DeprecationBootstrap "FreeBSD" BootstrapFreeBsd
elif uname | grep -iq Darwin ; then }
BOOTSTRAP_VERSION="BootstrapFreeBsd $BOOTSTRAP_FREEBSD_VERSION"
elif uname | grep -iq Darwin ; then
Bootstrap() {
DeprecationBootstrap "macOS" BootstrapMac DeprecationBootstrap "macOS" BootstrapMac
elif [ -f /etc/issue ] && grep -iq "Amazon Linux" /etc/issue ; then }
BOOTSTRAP_VERSION="BootstrapMac $BOOTSTRAP_MAC_VERSION"
elif [ -f /etc/issue ] && grep -iq "Amazon Linux" /etc/issue ; then
Bootstrap() {
ExperimentalBootstrap "Amazon Linux" BootstrapRpmCommon ExperimentalBootstrap "Amazon Linux" BootstrapRpmCommon
elif [ -f /etc/product ] && grep -q "Joyent Instance" /etc/product ; then }
BOOTSTRAP_VERSION="BootstrapRpmCommon $BOOTSTRAP_RPM_COMMON_VERSION"
elif [ -f /etc/product ] && grep -q "Joyent Instance" /etc/product ; then
Bootstrap() {
ExperimentalBootstrap "Joyent SmartOS Zone" BootstrapSmartOS ExperimentalBootstrap "Joyent SmartOS Zone" BootstrapSmartOS
else }
BOOTSTRAP_VERSION="BootstrapSmartOS $BOOTSTRAP_SMARTOS_VERSION"
else
Bootstrap() {
error "Sorry, I don't know how to bootstrap Certbot on your operating system!" error "Sorry, I don't know how to bootstrap Certbot on your operating system!"
error error
error "You will need to install OS dependencies, configure virtualenv, and run pip install manually." error "You will need to install OS dependencies, configure virtualenv, and run pip install manually."
error "Please see https://letsencrypt.readthedocs.org/en/latest/contributing.html#prerequisites" error "Please see https://letsencrypt.readthedocs.org/en/latest/contributing.html#prerequisites"
error "for more info." error "for more info."
exit 1 exit 1
}
fi
# Sets PREV_BOOTSTRAP_VERSION to the identifier for the bootstrap script used
# to install OS dependencies on this system. PREV_BOOTSTRAP_VERSION isn't set
# if it is unknown how OS dependencies were installed on this system.
SetPrevBootstrapVersion() {
if [ -f $BOOTSTRAP_VERSION_PATH ]; then
PREV_BOOTSTRAP_VERSION=$(cat "$BOOTSTRAP_VERSION_PATH")
# The list below only contains bootstrap version strings that existed before
# we started writing them to disk.
#
# DO NOT MODIFY THIS LIST UNLESS YOU KNOW WHAT YOU'RE DOING!
elif grep -Fqx "$BOOTSTRAP_VERSION" << "UNLIKELY_EOF"
BootstrapDebCommon 1
BootstrapMageiaCommon 1
BootstrapRpmCommon 1
BootstrapSuseCommon 1
BootstrapArchCommon 1
BootstrapGentooCommon 1
BootstrapFreeBsd 1
BootstrapMac 1
BootstrapSmartOS 1
UNLIKELY_EOF
then
# If there's no bootstrap version saved to disk, but the currently selected
# bootstrap script is from before we started saving the version number,
# return the currently selected version to prevent us from rebootstrapping
# unnecessarily.
PREV_BOOTSTRAP_VERSION="$BOOTSTRAP_VERSION"
fi fi
} }
@@ -678,18 +815,39 @@ if [ "$1" = "--le-auto-phase2" ]; then
# Phase 2: Create venv, install LE, and run. # Phase 2: Create venv, install LE, and run.
shift 1 # the --le-auto-phase2 arg shift 1 # the --le-auto-phase2 arg
if [ -f "$VENV_BIN/letsencrypt" ]; then SetPrevBootstrapVersion
# --version output ran through grep due to python-cryptography DeprecationWarnings
# grep for both certbot and letsencrypt until certbot and shim packages have been released INSTALLED_VERSION="none"
INSTALLED_VERSION=$("$VENV_BIN/letsencrypt" --version 2>&1 | grep "^certbot\|^letsencrypt" | cut -d " " -f 2) if [ -d "$VENV_PATH" ]; then
if [ -z "$INSTALLED_VERSION" ]; then # If the selected Bootstrap function isn't a noop and it differs from the
error "Error: couldn't get currently installed version for $VENV_BIN/letsencrypt: " 1>&2 # previously used version
"$VENV_BIN/letsencrypt" --version if [ -n "$BOOTSTRAP_VERSION" -a "$BOOTSTRAP_VERSION" != "$PREV_BOOTSTRAP_VERSION" ]; then
exit 1 # if non-interactive mode or stdin and stdout are connected to a terminal
if [ \( "$NONINTERACTIVE" = 1 \) -o \( \( -t 0 \) -a \( -t 1 \) \) ]; then
rm -rf "$VENV_PATH"
"$0" "$@"
exit 0
else
error "Skipping upgrade because new OS dependencies may need to be installed."
error
error "To upgrade to a newer version, please run this script again manually so you can"
error "approve changes or with --non-interactive on the command line to automatically"
error "install any required packages."
# Set INSTALLED_VERSION to be the same so we don't update the venv
INSTALLED_VERSION="$LE_AUTO_VERSION"
fi
elif [ -f "$VENV_BIN/letsencrypt" ]; then
# --version output ran through grep due to python-cryptography DeprecationWarnings
# grep for both certbot and letsencrypt until certbot and shim packages have been released
INSTALLED_VERSION=$("$VENV_BIN/letsencrypt" --version 2>&1 | grep "^certbot\|^letsencrypt" | cut -d " " -f 2)
if [ -z "$INSTALLED_VERSION" ]; then
error "Error: couldn't get currently installed version for $VENV_BIN/letsencrypt: " 1>&2
"$VENV_BIN/letsencrypt" --version
exit 1
fi
fi fi
else
INSTALLED_VERSION="none"
fi fi
if [ "$LE_AUTO_VERSION" != "$INSTALLED_VERSION" ]; then if [ "$LE_AUTO_VERSION" != "$INSTALLED_VERSION" ]; then
say "Creating virtual environment..." say "Creating virtual environment..."
DeterminePythonVersion DeterminePythonVersion
@@ -700,6 +858,12 @@ if [ "$1" = "--le-auto-phase2" ]; then
virtualenv --no-site-packages --python "$LE_PYTHON" "$VENV_PATH" > /dev/null virtualenv --no-site-packages --python "$LE_PYTHON" "$VENV_PATH" > /dev/null
fi fi
if [ -n "$BOOTSTRAP_VERSION" ]; then
echo "$BOOTSTRAP_VERSION" > "$BOOTSTRAP_VERSION_PATH"
elif [ -n "$PREV_BOOTSTRAP_VERSION" ]; then
echo "$PREV_BOOTSTRAP_VERSION" > "$BOOTSTRAP_VERSION_PATH"
fi
say "Installing Python packages..." say "Installing Python packages..."
TEMP_DIR=$(TempDir) TEMP_DIR=$(TempDir)
trap 'rm -rf "$TEMP_DIR"' EXIT trap 'rm -rf "$TEMP_DIR"' EXIT
@@ -766,8 +930,8 @@ cffi==1.10.0 \
--hash=sha256:285ab352552f52f1398c912556d4d36d4ea9b8450e5c65d03809bf9886755533 \ --hash=sha256:285ab352552f52f1398c912556d4d36d4ea9b8450e5c65d03809bf9886755533 \
--hash=sha256:5576644b859197da7bbd8f8c7c2fb5dcc6cd505cadb42992d5f104c013f8a214 \ --hash=sha256:5576644b859197da7bbd8f8c7c2fb5dcc6cd505cadb42992d5f104c013f8a214 \
--hash=sha256:b3b02911eb1f6ada203b0763ba924234629b51586f72a21faacc638269f4ced5 --hash=sha256:b3b02911eb1f6ada203b0763ba924234629b51586f72a21faacc638269f4ced5
ConfigArgParse==0.10.0 \ ConfigArgParse==0.12.0 \
--hash=sha256:3b50a83dd58149dfcee98cb6565265d10b53e9c0a2bca7eeef7fb5f5524890a7 --hash=sha256:28cd7d67669651f2a4518367838c49539457504584a139709b2b8f6c208ef339
configobj==5.0.6 \ configobj==5.0.6 \
--hash=sha256:a2f5650770e1c87fb335af19a9b7eb73fc05ccf22144eb68db7d00cd2bcb0902 --hash=sha256:a2f5650770e1c87fb335af19a9b7eb73fc05ccf22144eb68db7d00cd2bcb0902
cryptography==2.0.2 \ cryptography==2.0.2 \
@@ -907,18 +1071,18 @@ letsencrypt==0.7.0 \
--hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \ --hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \
--hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9 --hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9
certbot==0.17.0 \ certbot==0.18.0 \
--hash=sha256:64c25c7123357feffded6408660bc6f5c7d493dd635ae172081d21473075a86a \ --hash=sha256:941925f045aaae2a7e5b1d322b68ea3e042a1c2d6a3b3de76c5b8a5122e515a7 \
--hash=sha256:43f5b26c3f314d14babf79a3bdf3522e4fc9eef867a0681c426f113c650a669c --hash=sha256:f70bdfd7a455f0c1f72610b48bf4a462e4aecd8e66baa9d2278f7bc4a4f4195f
acme==0.17.0 \ acme==0.18.0 \
--hash=sha256:501710171633af13fc52aa61d0277a6fe335f7477db5810e72239aaf4f3a09e7 \ --hash=sha256:e35b2dbc27a40ca35d9120cb417abde667e9c59436662a10f260f3eaa2eb8fe0 \
--hash=sha256:3ccbe4aaeb98c77b98ee4093b4e4adb76a1a24cbdfec0130c489c206f1d9b66e --hash=sha256:301b0c9108f80d1182add10e8fd0fa962a143731b8208615631a711b8cd98938
certbot-apache==0.17.0 \ certbot-apache==0.18.0 \
--hash=sha256:17a7e8d7526d838610e68b96cf052af17c4055655b76b06d1cbc74857d90a216 \ --hash=sha256:e08504b1e13e0698dffd4b6437cdf24480f6666b60455c83e9a55cad56ab8c2d \
--hash=sha256:29b9e7bc5eaaff6dc4bce8398e35eeacdf346126aad68cac3d41bb87df20a6b9 --hash=sha256:44b65d61f4d284da188c578ad0dc700d4743d03ae5382be86716ff26a82def94
certbot-nginx==0.17.0 \ certbot-nginx==0.18.0 \
--hash=sha256:980c9a33a79ab839a089a0085ff0c5414f01f47b6db26ed342df25916658cec9 \ --hash=sha256:da58201350b0d02cd4b43ea53abd34a4a56cbb7d5564004c25607bdcbec5e890 \
--hash=sha256:e573f8b4283172755c07b9cca8a8da7ef2d31b4df763881394b5339b2d42994a --hash=sha256:528db0f8e5d5ac6956e4df15ab4809f313114ff2817c4b2f04c43913d750ca28
UNLIKELY_EOF UNLIKELY_EOF
# ------------------------------------------------------------------------- # -------------------------------------------------------------------------
@@ -1131,20 +1295,15 @@ UNLIKELY_EOF
rm -rf "$VENV_PATH" rm -rf "$VENV_PATH"
exit 1 exit 1
fi fi
if [ -d "$OLD_VENV_PATH" -a ! -L "$OLD_VENV_PATH" ]; then
rm -rf "$OLD_VENV_PATH"
ln -s "$VENV_PATH" "$OLD_VENV_PATH"
fi
say "Installation succeeded." say "Installation succeeded."
fi fi
if [ -n "$SUDO" ]; then "$VENV_BIN/letsencrypt" "$@"
# SUDO is su wrapper or sudo
say "Requesting root privileges to run certbot..."
say " $VENV_BIN/letsencrypt" "$@"
fi
if [ -z "$SUDO_ENV" ] ; then
# SUDO is su wrapper / noop
$SUDO "$VENV_BIN/letsencrypt" "$@"
else
# sudo
$SUDO "$SUDO_ENV" "$VENV_BIN/letsencrypt" "$@"
fi
else else
# Phase 1: Upgrade certbot-auto if necessary, then self-invoke. # Phase 1: Upgrade certbot-auto if necessary, then self-invoke.
@@ -1155,12 +1314,14 @@ else
# package). Phase 2 checks the version of the locally installed certbot. # package). Phase 2 checks the version of the locally installed certbot.
if [ ! -f "$VENV_BIN/letsencrypt" ]; then if [ ! -f "$VENV_BIN/letsencrypt" ]; then
if [ "$HELP" = 1 ]; then if [ -z "$OLD_VENV_PATH" -o ! -f "$OLD_VENV_PATH/bin/letsencrypt" ]; then
echo "$USAGE" if [ "$HELP" = 1 ]; then
exit 0 echo "$USAGE"
exit 0
fi
# If it looks like we've never bootstrapped before, bootstrap:
Bootstrap
fi fi
# If it looks like we've never bootstrapped before, bootstrap:
Bootstrap
fi fi
if [ "$OS_PACKAGES_ONLY" = 1 ]; then if [ "$OS_PACKAGES_ONLY" = 1 ]; then
say "OS packages installed." say "OS packages installed."
@@ -1320,13 +1481,13 @@ UNLIKELY_EOF
say "Replacing certbot-auto..." say "Replacing certbot-auto..."
# Clone permissions with cp. chmod and chown don't have a --reference # Clone permissions with cp. chmod and chown don't have a --reference
# option on macOS or BSD, and stat -c on Linux is stat -f on macOS and BSD: # option on macOS or BSD, and stat -c on Linux is stat -f on macOS and BSD:
$SUDO cp -p "$0" "$TEMP_DIR/letsencrypt-auto.permission-clone" cp -p "$0" "$TEMP_DIR/letsencrypt-auto.permission-clone"
$SUDO cp "$TEMP_DIR/letsencrypt-auto" "$TEMP_DIR/letsencrypt-auto.permission-clone" cp "$TEMP_DIR/letsencrypt-auto" "$TEMP_DIR/letsencrypt-auto.permission-clone"
# Using mv rather than cp leaves the old file descriptor pointing to the # Using mv rather than cp leaves the old file descriptor pointing to the
# original copy so the shell can continue to read it unmolested. mv across # original copy so the shell can continue to read it unmolested. mv across
# filesystems is non-atomic, doing `rm dest, cp src dest, rm src`, but the # filesystems is non-atomic, doing `rm dest, cp src dest, rm src`, but the
# cp is unlikely to fail (esp. under sudo) if the rm doesn't. # cp is unlikely to fail if the rm doesn't.
$SUDO mv -f "$TEMP_DIR/letsencrypt-auto.permission-clone" "$0" mv -f "$TEMP_DIR/letsencrypt-auto.permission-clone" "$0"
fi # A newer version is available. fi # A newer version is available.
fi # Self-upgrading is allowed. fi # Self-upgrading is allowed.

2
certbot-compatibility-test/setup.py
View File

@@ -4,7 +4,7 @@ from setuptools import setup
from setuptools import find_packages from setuptools import find_packages
version = '0.18.0.dev0' version = '0.18.0'
install_requires = [ install_requires = [
'certbot', 'certbot',

2
certbot-dns-cloudflare/setup.py
View File

@@ -4,7 +4,7 @@ from setuptools import setup
from setuptools import find_packages from setuptools import find_packages
version = '0.18.0.dev0' version = '0.18.0'
# Please update tox.ini when modifying dependency version requirements # Please update tox.ini when modifying dependency version requirements
install_requires = [ install_requires = [

2
certbot-dns-cloudxns/setup.py
View File

@@ -4,7 +4,7 @@ from setuptools import setup
from setuptools import find_packages from setuptools import find_packages
version = '0.18.0.dev0' version = '0.18.0'
# Please update tox.ini when modifying dependency version requirements # Please update tox.ini when modifying dependency version requirements
install_requires = [ install_requires = [

2
certbot-dns-digitalocean/setup.py
View File

@@ -4,7 +4,7 @@ from setuptools import setup
from setuptools import find_packages from setuptools import find_packages
version = '0.18.0.dev0' version = '0.18.0'
# Please update tox.ini when modifying dependency version requirements # Please update tox.ini when modifying dependency version requirements
install_requires = [ install_requires = [

2
certbot-dns-dnsimple/setup.py
View File

@@ -4,7 +4,7 @@ from setuptools import setup
from setuptools import find_packages from setuptools import find_packages
version = '0.18.0.dev0' version = '0.18.0'
# Please update tox.ini when modifying dependency version requirements # Please update tox.ini when modifying dependency version requirements
install_requires = [ install_requires = [

2
certbot-dns-dnsmadeeasy/setup.py
View File

@@ -4,7 +4,7 @@ from setuptools import setup
from setuptools import find_packages from setuptools import find_packages
version = '0.18.0.dev0' version = '0.18.0'
# Please update tox.ini when modifying dependency version requirements # Please update tox.ini when modifying dependency version requirements
install_requires = [ install_requires = [

2
certbot-dns-google/setup.py
View File

@@ -4,7 +4,7 @@ from setuptools import setup
from setuptools import find_packages from setuptools import find_packages
version = '0.18.0.dev0' version = '0.18.0'
# Please update tox.ini when modifying dependency version requirements # Please update tox.ini when modifying dependency version requirements
install_requires = [ install_requires = [

2
certbot-dns-luadns/setup.py
View File

@@ -4,7 +4,7 @@ from setuptools import setup
from setuptools import find_packages from setuptools import find_packages
version = '0.18.0.dev0' version = '0.18.0'
# Please update tox.ini when modifying dependency version requirements # Please update tox.ini when modifying dependency version requirements
install_requires = [ install_requires = [

2
certbot-dns-nsone/setup.py
View File

@@ -4,7 +4,7 @@ from setuptools import setup
from setuptools import find_packages from setuptools import find_packages
version = '0.18.0.dev0' version = '0.18.0'
# Please update tox.ini when modifying dependency version requirements # Please update tox.ini when modifying dependency version requirements
install_requires = [ install_requires = [

2
certbot-dns-rfc2136/setup.py
View File

@@ -4,7 +4,7 @@ from setuptools import setup
from setuptools import find_packages from setuptools import find_packages
version = '0.18.0.dev0' version = '0.18.0'
# Please update tox.ini when modifying dependency version requirements # Please update tox.ini when modifying dependency version requirements
install_requires = [ install_requires = [

2
certbot-dns-route53/setup.py
View File

@@ -3,7 +3,7 @@ import sys
from distutils.core import setup from distutils.core import setup
from setuptools import find_packages from setuptools import find_packages
version = '0.18.0.dev0' version = '0.18.0'
install_requires = [ install_requires = [
'acme=={0}'.format(version), 'acme=={0}'.format(version),

2
certbot-nginx/setup.py
View File

@@ -4,7 +4,7 @@ from setuptools import setup
from setuptools import find_packages from setuptools import find_packages
version = '0.18.0.dev0' version = '0.18.0'
# Please update tox.ini when modifying dependency version requirements # Please update tox.ini when modifying dependency version requirements
install_requires = [ install_requires = [

2
certbot/__init__.py
View File

@@ -1,4 +1,4 @@
"""Certbot client.""" """Certbot client."""
# version number like 1.2.3a0, must have at least 2 parts, like 1.2 # version number like 1.2.3a0, must have at least 2 parts, like 1.2
__version__ = '0.18.0.dev0' __version__ = '0.18.0'

26
docs/cli-help.txt
View File

@@ -56,12 +56,19 @@ optional arguments:
-d DOMAIN, --domains DOMAIN, --domain DOMAIN -d DOMAIN, --domains DOMAIN, --domain DOMAIN
Domain names to apply. For multiple domains you can Domain names to apply. For multiple domains you can
use multiple -d flags or enter a comma separated list use multiple -d flags or enter a comma separated list
of domains as a parameter. (default: Ask) of domains as a parameter. The first provided domain
--cert-name CERTNAME Certificate name to apply. Only one certificate name will be used in some software user interfaces and file
can be used per Certbot run. To see certificate names, paths for the certificate and related material unless
run 'certbot certificates'. When creating a new otherwise specified or you already have a certificate
certificate, specifies the new certificate's name. for the same domains. (default: Ask)
(default: None) --cert-name CERTNAME Certificate name to apply. This name is used by
Certbot for housekeeping and in file paths; it doesn't
affect the content of the certificate itself. To see
certificate names, run 'certbot certificates'. When
creating a new certificate, specifies the new
certificate's name. (default: the first provided
domain or the name of an existing certificate on your
system for the same domains)
--dry-run Perform a test run of the client, obtaining test --dry-run Perform a test run of the client, obtaining test
(invalid) certificates but not saving them to disk. (invalid) certificates but not saving them to disk.
This can currently only be used with the 'certonly' This can currently only be used with the 'certonly'
@@ -95,7 +102,7 @@ optional arguments:
case, and to know when to deprecate support for past case, and to know when to deprecate support for past
Python versions and flags. If you wish to hide this Python versions and flags. If you wish to hide this
information from the Let's Encrypt server, set this to information from the Let's Encrypt server, set this to
"". (default: CertbotACMEClient/0.17.0 (certbot; "". (default: CertbotACMEClient/0.18.0 (certbot;
Ubuntu 16.04.3 LTS) Authenticator/XXX Installer/YYY Ubuntu 16.04.3 LTS) Authenticator/XXX Installer/YYY
(SUBCOMMAND; flags: FLAGS) Py/2.7.12). The flags (SUBCOMMAND; flags: FLAGS) Py/2.7.12). The flags
encoded in the user agent are: --duplicate, --force- encoded in the user agent are: --duplicate, --force-
@@ -315,8 +322,9 @@ delete:
revoke: revoke:
Options for revocation of certificates Options for revocation of certificates
--reason {keycompromise,affiliationchanged,superseded,unspecified,cessationofoperation} --reason {unspecified,keycompromise,affiliationchanged,superseded,cessationofoperation}
Specify reason for revoking certificate. (default: 0) Specify reason for revoking certificate. (default:
unspecified)
register: register:
Options for account registration & modification Options for account registration & modification

419
letsencrypt-auto
View File

@@ -23,12 +23,15 @@ fi
if [ -z "$XDG_DATA_HOME" ]; then if [ -z "$XDG_DATA_HOME" ]; then
XDG_DATA_HOME=~/.local/share XDG_DATA_HOME=~/.local/share
fi fi
VENV_NAME="letsencrypt"
if [ -z "$VENV_PATH" ]; then if [ -z "$VENV_PATH" ]; then
VENV_PATH="$XDG_DATA_HOME/$VENV_NAME" # We export these values so they are preserved properly if this script is
# rerun with sudo/su where $HOME/$XDG_DATA_HOME may have a different value.
export OLD_VENV_PATH="$XDG_DATA_HOME/letsencrypt"
export VENV_PATH="/opt/eff.org/certbot/venv"
fi fi
VENV_BIN="$VENV_PATH/bin" VENV_BIN="$VENV_PATH/bin"
LE_AUTO_VERSION="0.17.0" BOOTSTRAP_VERSION_PATH="$VENV_PATH/certbot-auto-bootstrap-version.txt"
LE_AUTO_VERSION="0.18.0"
BASENAME=$(basename $0) BASENAME=$(basename $0)
USAGE="Usage: $BASENAME [OPTIONS] USAGE="Usage: $BASENAME [OPTIONS]
A self-updating wrapper script for the Certbot ACME client. When run, updates A self-updating wrapper script for the Certbot ACME client. When run, updates
@@ -49,6 +52,7 @@ Help for certbot itself cannot be provided until it is installed.
implies --non-interactive implies --non-interactive
All arguments are accepted and forwarded to the Certbot client when run." All arguments are accepted and forwarded to the Certbot client when run."
export CERTBOT_AUTO="$0"
for arg in "$@" ; do for arg in "$@" ; do
case "$arg" in case "$arg" in
@@ -77,7 +81,7 @@ for arg in "$@" ; do
h) h)
HELP=1;; HELP=1;;
n) n)
ASSUME_YES=1;; NONINTERACTIVE=1;;
q) q)
QUIET=1;; QUIET=1;;
v) v)
@@ -93,8 +97,8 @@ if [ $BASENAME = "letsencrypt-auto" ]; then
HELP=0 HELP=0
fi fi
# Set ASSUME_YES to 1 if QUIET (i.e. --quiet implies --non-interactive) # Set ASSUME_YES to 1 if QUIET or NONINTERACTIVE
if [ "$QUIET" = 1 ]; then if [ "$QUIET" = 1 -o "$NONINTERACTIVE" = 1 ]; then
ASSUME_YES=1 ASSUME_YES=1
fi fi
@@ -119,16 +123,18 @@ else
exit 1 exit 1
fi fi
# certbot-auto needs root access to bootstrap OS dependencies, and # Certbot itself needs root access for almost all modes of operation.
# certbot itself needs root access for almost all modes of operation # certbot-auto needs root access to bootstrap OS dependencies and install
# The "normal" case is that sudo is used for the steps that need root, but # Certbot at a protected path so it can be safely run as root. To accomplish
# this script *can* be run as root (not recommended), or fall back to using # this, this script will attempt to run itself as root if it doesn't have the
# `su`. Auto-detection can be overridden by explicitly setting the # necessary privileges by using `sudo` or falling back to `su` if it is not
# environment variable LE_AUTO_SUDO to 'sudo', 'sudo_su' or '' as used below. # available. The mechanism used to obtain root access can be set explicitly by
# setting the environment variable LE_AUTO_SUDO to 'sudo', 'su', 'su_sudo',
# 'SuSudo', or '' as used below.
# Because the parameters in `su -c` has to be a string, # Because the parameters in `su -c` has to be a string,
# we need to properly escape it. # we need to properly escape it.
su_sudo() { SuSudo() {
args="" args=""
# This `while` loop iterates over all parameters given to this function. # This `while` loop iterates over all parameters given to this function.
# For each parameter, all `'` will be replace by `'"'"'`, and the escaped string # For each parameter, all `'` will be replace by `'"'"'`, and the escaped string
@@ -147,34 +153,47 @@ su_sudo() {
su root -c "$args" su root -c "$args"
} }
SUDO_ENV="" # Sets the environment variable SUDO to be the name of the program or function
export CERTBOT_AUTO="$0" # to call to get root access. If this script already has root privleges, SUDO
if [ -n "${LE_AUTO_SUDO+x}" ]; then # is set to an empty string. The value in SUDO should be run with the command
case "$LE_AUTO_SUDO" in # to called with root privileges as arguments.
su_sudo|su) SetRootAuthMechanism() {
SUDO=su_sudo SUDO=""
;; if [ -n "${LE_AUTO_SUDO+x}" ]; then
sudo) case "$LE_AUTO_SUDO" in
SUDO=sudo SuSudo|su_sudo|su)
SUDO_ENV="CERTBOT_AUTO=$0" SUDO=SuSudo
;; ;;
'') ;; # Nothing to do for plain root method. sudo)
*) SUDO="sudo -E"
error "Error: unknown root authorization mechanism '$LE_AUTO_SUDO'." ;;
exit 1 '') ;; # Nothing to do for plain root method.
esac *)
say "Using preset root authorization mechanism '$LE_AUTO_SUDO'." error "Error: unknown root authorization mechanism '$LE_AUTO_SUDO'."
else exit 1
if test "`id -u`" -ne "0" ; then esac
if $EXISTS sudo 1>/dev/null 2>&1; then say "Using preset root authorization mechanism '$LE_AUTO_SUDO'."
SUDO=sudo
SUDO_ENV="CERTBOT_AUTO=$0"
else
say \"sudo\" is not available, will use \"su\" for installation steps...
SUDO=su_sudo
fi
else else
SUDO= if test "`id -u`" -ne "0" ; then
if $EXISTS sudo 1>/dev/null 2>&1; then
SUDO="sudo -E"
else
say \"sudo\" is not available, will use \"su\" for installation steps...
SUDO=SuSudo
fi
fi
fi
}
if [ "$1" = "--cb-auto-has-root" ]; then
shift 1
elif [ "$1" != "--le-auto-phase2" ]; then
# if $1 is --le-auto-phase2, we've executed this branch before
SetRootAuthMechanism
if [ -n "$SUDO" ]; then
echo "Requesting to rerun $0 with root privileges..."
$SUDO "$0" --cb-auto-has-root "$@"
exit 0
fi fi
fi fi
@@ -238,6 +257,10 @@ DeterminePythonVersion() {
fi fi
} }
# If new packages are installed by BootstrapDebCommon below, this version
# number must be increased.
BOOTSTRAP_DEB_COMMON_VERSION=1
BootstrapDebCommon() { BootstrapDebCommon() {
# Current version tested with: # Current version tested with:
# #
@@ -261,7 +284,7 @@ BootstrapDebCommon() {
QUIET_FLAG='-qq' QUIET_FLAG='-qq'
fi fi
$SUDO apt-get $QUIET_FLAG update || error apt-get update hit problems but continuing anyway... apt-get $QUIET_FLAG update || error apt-get update hit problems but continuing anyway...
# virtualenv binary can be found in different packages depending on # virtualenv binary can be found in different packages depending on
# distro version (#346) # distro version (#346)
@@ -311,13 +334,13 @@ BootstrapDebCommon() {
esac esac
fi fi
if [ "$add_backports" = 1 ]; then if [ "$add_backports" = 1 ]; then
$SUDO sh -c "echo $BACKPORT_SOURCELINE >> /etc/apt/sources.list.d/$BACKPORT_NAME.list" sh -c "echo $BACKPORT_SOURCELINE >> /etc/apt/sources.list.d/$BACKPORT_NAME.list"
$SUDO apt-get $QUIET_FLAG update apt-get $QUIET_FLAG update
fi fi
fi fi
fi fi
if [ "$add_backports" != 0 ]; then if [ "$add_backports" != 0 ]; then
$SUDO apt-get install $QUIET_FLAG $YES_FLAG --no-install-recommends -t "$BACKPORT_NAME" $augeas_pkg apt-get install $QUIET_FLAG $YES_FLAG --no-install-recommends -t "$BACKPORT_NAME" $augeas_pkg
augeas_pkg= augeas_pkg=
fi fi
} }
@@ -336,7 +359,7 @@ BootstrapDebCommon() {
# XXX add a case for ubuntu PPAs # XXX add a case for ubuntu PPAs
fi fi
$SUDO apt-get install $QUIET_FLAG $YES_FLAG --no-install-recommends \ apt-get install $QUIET_FLAG $YES_FLAG --no-install-recommends \
python \ python \
python-dev \ python-dev \
$virtualenv \ $virtualenv \
@@ -354,6 +377,10 @@ BootstrapDebCommon() {
fi fi
} }
# If new packages are installed by BootstrapRpmCommon below, this version
# number must be increased.
BOOTSTRAP_RPM_COMMON_VERSION=1
BootstrapRpmCommon() { BootstrapRpmCommon() {
# Tested with: # Tested with:
# - Fedora 20, 21, 22, 23 (x64) # - Fedora 20, 21, 22, 23 (x64)
@@ -380,9 +407,9 @@ BootstrapRpmCommon() {
QUIET_FLAG='--quiet' QUIET_FLAG='--quiet'
fi fi
if ! $SUDO $tool list *virtualenv >/dev/null 2>&1; then if ! $tool list *virtualenv >/dev/null 2>&1; then
echo "To use Certbot, packages from the EPEL repository need to be installed." echo "To use Certbot, packages from the EPEL repository need to be installed."
if ! $SUDO $tool list epel-release >/dev/null 2>&1; then if ! $tool list epel-release >/dev/null 2>&1; then
error "Enable the EPEL repository and try running Certbot again." error "Enable the EPEL repository and try running Certbot again."
exit 1 exit 1
fi fi
@@ -394,7 +421,7 @@ BootstrapRpmCommon() {
/bin/echo -e "\e[0K\rEnabling the EPEL repository in 1 seconds..." /bin/echo -e "\e[0K\rEnabling the EPEL repository in 1 seconds..."
sleep 1s sleep 1s
fi fi
if ! $SUDO $tool install $yes_flag $QUIET_FLAG epel-release; then if ! $tool install $yes_flag $QUIET_FLAG epel-release; then
error "Could not enable EPEL. Aborting bootstrap!" error "Could not enable EPEL. Aborting bootstrap!"
exit 1 exit 1
fi fi
@@ -410,9 +437,8 @@ BootstrapRpmCommon() {
ca-certificates ca-certificates
" "
# Some distros and older versions of current distros use a "python27" # Most RPM distros use the "python" or "python-" naming convention. Let's try that first.
# instead of "python" naming convention. Try both conventions. if $tool list python >/dev/null 2>&1; then
if $SUDO $tool list python >/dev/null 2>&1; then
pkgs="$pkgs pkgs="$pkgs
python python
python-devel python-devel
@@ -420,6 +446,20 @@ BootstrapRpmCommon() {
python-tools python-tools
python-pip python-pip
" "
# Fedora 26 starts to use the prefix python2 for python2 based packages.
# this elseif is theoretically for any Fedora over version 26:
elif $tool list python2 >/dev/null 2>&1; then
pkgs="$pkgs
python2
python2-libs
python2-setuptools
python2-devel
python2-virtualenv
python2-tools
python2-pip
"
# Some distros and older versions of current distros use a "python27"
# instead of the "python" or "python-" naming convention.
else else
pkgs="$pkgs pkgs="$pkgs
python27 python27
@@ -430,18 +470,22 @@ BootstrapRpmCommon() {
" "
fi fi
if $SUDO $tool list installed "httpd" >/dev/null 2>&1; then if $tool list installed "httpd" >/dev/null 2>&1; then
pkgs="$pkgs pkgs="$pkgs
mod_ssl mod_ssl
" "
fi fi
if ! $SUDO $tool install $yes_flag $QUIET_FLAG $pkgs; then if ! $tool install $yes_flag $QUIET_FLAG $pkgs; then
error "Could not install OS dependencies. Aborting bootstrap!" error "Could not install OS dependencies. Aborting bootstrap!"
exit 1 exit 1
fi fi
} }
# If new packages are installed by BootstrapSuseCommon below, this version
# number must be increased.
BOOTSTRAP_SUSE_COMMON_VERSION=1
BootstrapSuseCommon() { BootstrapSuseCommon() {
# SLE12 don't have python-virtualenv # SLE12 don't have python-virtualenv
@@ -454,7 +498,7 @@ BootstrapSuseCommon() {
QUIET_FLAG='-qq' QUIET_FLAG='-qq'
fi fi
$SUDO zypper $QUIET_FLAG $zypper_flags in $install_flags \ zypper $QUIET_FLAG $zypper_flags in $install_flags \
python \ python \
python-devel \ python-devel \
python-virtualenv \ python-virtualenv \
@@ -465,6 +509,10 @@ BootstrapSuseCommon() {
ca-certificates ca-certificates
} }
# If new packages are installed by BootstrapArchCommon below, this version
# number must be increased.
BOOTSTRAP_ARCH_COMMON_VERSION=1
BootstrapArchCommon() { BootstrapArchCommon() {
# Tested with: # Tested with:
# - ArchLinux (x86_64) # - ArchLinux (x86_64)
@@ -485,21 +533,25 @@ BootstrapArchCommon() {
" "
# pacman -T exits with 127 if there are missing dependencies # pacman -T exits with 127 if there are missing dependencies
missing=$($SUDO pacman -T $deps) || true missing=$(pacman -T $deps) || true
if [ "$ASSUME_YES" = 1 ]; then if [ "$ASSUME_YES" = 1 ]; then
noconfirm="--noconfirm" noconfirm="--noconfirm"
fi fi
if [ "$missing" ]; then if [ "$missing" ]; then
if [ "$QUIET" = 1]; then if [ "$QUIET" = 1 ]; then
$SUDO pacman -S --needed $missing $noconfirm > /dev/null pacman -S --needed $missing $noconfirm > /dev/null
else else
$SUDO pacman -S --needed $missing $noconfirm pacman -S --needed $missing $noconfirm
fi fi
fi fi
} }
# If new packages are installed by BootstrapGentooCommon below, this version
# number must be increased.
BOOTSTRAP_GENTOO_COMMON_VERSION=1
BootstrapGentooCommon() { BootstrapGentooCommon() {
PACKAGES=" PACKAGES="
dev-lang/python:2.7 dev-lang/python:2.7
@@ -517,29 +569,37 @@ BootstrapGentooCommon() {
case "$PACKAGE_MANAGER" in case "$PACKAGE_MANAGER" in
(paludis) (paludis)
$SUDO cave resolve --preserve-world --keep-targets if-possible $PACKAGES -x cave resolve --preserve-world --keep-targets if-possible $PACKAGES -x
;; ;;
(pkgcore) (pkgcore)
$SUDO pmerge --noreplace --oneshot $ASK_OPTION $PACKAGES pmerge --noreplace --oneshot $ASK_OPTION $PACKAGES
;; ;;
(portage|*) (portage|*)
$SUDO emerge --noreplace --oneshot $ASK_OPTION $PACKAGES emerge --noreplace --oneshot $ASK_OPTION $PACKAGES
;; ;;
esac esac
} }
# If new packages are installed by BootstrapFreeBsd below, this version number
# must be increased.
BOOTSTRAP_FREEBSD_VERSION=1
BootstrapFreeBsd() { BootstrapFreeBsd() {
if [ "$QUIET" = 1 ]; then if [ "$QUIET" = 1 ]; then
QUIET_FLAG="--quiet" QUIET_FLAG="--quiet"
fi fi
$SUDO pkg install -Ay $QUIET_FLAG \ pkg install -Ay $QUIET_FLAG \
python \ python \
py27-virtualenv \ py27-virtualenv \
augeas \ augeas \
libffi libffi
} }
# If new packages are installed by BootstrapMac below, this version number must
# be increased.
BOOTSTRAP_MAC_VERSION=1
BootstrapMac() { BootstrapMac() {
if hash brew 2>/dev/null; then if hash brew 2>/dev/null; then
say "Using Homebrew to install dependencies..." say "Using Homebrew to install dependencies..."
@@ -548,7 +608,7 @@ BootstrapMac() {
elif hash port 2>/dev/null; then elif hash port 2>/dev/null; then
say "Using MacPorts to install dependencies..." say "Using MacPorts to install dependencies..."
pkgman=port pkgman=port
pkgcmd="$SUDO port install" pkgcmd="port install"
else else
say "No Homebrew/MacPorts; installing Homebrew..." say "No Homebrew/MacPorts; installing Homebrew..."
ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
@@ -568,8 +628,8 @@ BootstrapMac() {
# Workaround for _dlopen not finding augeas on macOS # Workaround for _dlopen not finding augeas on macOS
if [ "$pkgman" = "port" ] && ! [ -e "/usr/local/lib/libaugeas.dylib" ] && [ -e "/opt/local/lib/libaugeas.dylib" ]; then if [ "$pkgman" = "port" ] && ! [ -e "/usr/local/lib/libaugeas.dylib" ] && [ -e "/opt/local/lib/libaugeas.dylib" ]; then
say "Applying augeas workaround" say "Applying augeas workaround"
$SUDO mkdir -p /usr/local/lib/ mkdir -p /usr/local/lib/
$SUDO ln -s /opt/local/lib/libaugeas.dylib /usr/local/lib/ ln -s /opt/local/lib/libaugeas.dylib /usr/local/lib/
fi fi
if ! hash pip 2>/dev/null; then if ! hash pip 2>/dev/null; then
@@ -585,17 +645,25 @@ BootstrapMac() {
fi fi
} }
# If new packages are installed by BootstrapSmartOS below, this version number
# must be increased.
BOOTSTRAP_SMARTOS_VERSION=1
BootstrapSmartOS() { BootstrapSmartOS() {
pkgin update pkgin update
pkgin -y install 'gcc49' 'py27-augeas' 'py27-virtualenv' pkgin -y install 'gcc49' 'py27-augeas' 'py27-virtualenv'
} }
# If new packages are installed by BootstrapMageiaCommon below, this version
# number must be increased.
BOOTSTRAP_MAGEIA_COMMON_VERSION=1
BootstrapMageiaCommon() { BootstrapMageiaCommon() {
if [ "$QUIET" = 1 ]; then if [ "$QUIET" = 1 ]; then
QUIET_FLAG='--quiet' QUIET_FLAG='--quiet'
fi fi
if ! $SUDO urpmi --force $QUIET_FLAG \ if ! urpmi --force $QUIET_FLAG \
python \ python \
libpython-devel \ libpython-devel \
python-virtualenv python-virtualenv
@@ -604,7 +672,7 @@ BootstrapMageiaCommon() {
exit 1 exit 1
fi fi
if ! $SUDO urpmi --force $QUIET_FLAG \ if ! urpmi --force $QUIET_FLAG \
git \ git \
gcc \ gcc \
python-augeas \ python-augeas \
@@ -618,23 +686,41 @@ BootstrapMageiaCommon() {
} }
# Install required OS packages: # Set Bootstrap to the function that installs OS dependencies on this system
Bootstrap() { # and BOOTSTRAP_VERSION to the unique identifier for the current version of
if [ "$NO_BOOTSTRAP" = 1 ]; then # that function. If Bootstrap is set to a function that doesn't install any
return # packages (either because --no-bootstrap was included on the command line or
elif [ -f /etc/debian_version ]; then # we don't know how to bootstrap on this system), BOOTSTRAP_VERSION is not set.
if [ "$NO_BOOTSTRAP" = 1 ]; then
Bootstrap() {
:
}
elif [ -f /etc/debian_version ]; then
Bootstrap() {
BootstrapMessage "Debian-based OSes" BootstrapMessage "Debian-based OSes"
BootstrapDebCommon BootstrapDebCommon
elif [ -f /etc/mageia-release ]; then }
# Mageia has both /etc/mageia-release and /etc/redhat-release BOOTSTRAP_VERSION="BootstrapDebCommon $BOOTSTRAP_DEB_COMMON_VERSION"
elif [ -f /etc/mageia-release ]; then
# Mageia has both /etc/mageia-release and /etc/redhat-release
Bootstrap() {
ExperimentalBootstrap "Mageia" BootstrapMageiaCommon ExperimentalBootstrap "Mageia" BootstrapMageiaCommon
elif [ -f /etc/redhat-release ]; then }
BOOTSTRAP_VERSION="BootstrapMageiaCommon $BOOTSTRAP_MAGEIA_COMMON_VERSION"
elif [ -f /etc/redhat-release ]; then
Bootstrap() {
BootstrapMessage "RedHat-based OSes" BootstrapMessage "RedHat-based OSes"
BootstrapRpmCommon BootstrapRpmCommon
elif [ -f /etc/os-release ] && `grep -q openSUSE /etc/os-release` ; then }
BOOTSTRAP_VERSION="BootstrapRpmCommon $BOOTSTRAP_RPM_COMMON_VERSION"
elif [ -f /etc/os-release ] && `grep -q openSUSE /etc/os-release` ; then
Bootstrap() {
BootstrapMessage "openSUSE-based OSes" BootstrapMessage "openSUSE-based OSes"
BootstrapSuseCommon BootstrapSuseCommon
elif [ -f /etc/arch-release ]; then }
BOOTSTRAP_VERSION="BootstrapSuseCommon $BOOTSTRAP_SUSE_COMMON_VERSION"
elif [ -f /etc/arch-release ]; then
Bootstrap() {
if [ "$DEBUG" = 1 ]; then if [ "$DEBUG" = 1 ]; then
BootstrapMessage "Archlinux" BootstrapMessage "Archlinux"
BootstrapArchCommon BootstrapArchCommon
@@ -646,25 +732,76 @@ Bootstrap() {
error "--debug flag." error "--debug flag."
exit 1 exit 1
fi fi
elif [ -f /etc/manjaro-release ]; then }
BOOTSTRAP_VERSION="BootstrapArchCommon $BOOTSTRAP_ARCH_COMMON_VERSION"
elif [ -f /etc/manjaro-release ]; then
Bootstrap() {
ExperimentalBootstrap "Manjaro Linux" BootstrapArchCommon ExperimentalBootstrap "Manjaro Linux" BootstrapArchCommon
elif [ -f /etc/gentoo-release ]; then }
BOOTSTRAP_VERSION="BootstrapArchCommon $BOOTSTRAP_ARCH_COMMON_VERSION"
elif [ -f /etc/gentoo-release ]; then
Bootstrap() {
DeprecationBootstrap "Gentoo" BootstrapGentooCommon DeprecationBootstrap "Gentoo" BootstrapGentooCommon
elif uname | grep -iq FreeBSD ; then }
BOOTSTRAP_VERSION="BootstrapGentooCommon $BOOTSTRAP_GENTOO_COMMON_VERSION"
elif uname | grep -iq FreeBSD ; then
Bootstrap() {
DeprecationBootstrap "FreeBSD" BootstrapFreeBsd DeprecationBootstrap "FreeBSD" BootstrapFreeBsd
elif uname | grep -iq Darwin ; then }
BOOTSTRAP_VERSION="BootstrapFreeBsd $BOOTSTRAP_FREEBSD_VERSION"
elif uname | grep -iq Darwin ; then
Bootstrap() {
DeprecationBootstrap "macOS" BootstrapMac DeprecationBootstrap "macOS" BootstrapMac
elif [ -f /etc/issue ] && grep -iq "Amazon Linux" /etc/issue ; then }
BOOTSTRAP_VERSION="BootstrapMac $BOOTSTRAP_MAC_VERSION"
elif [ -f /etc/issue ] && grep -iq "Amazon Linux" /etc/issue ; then
Bootstrap() {
ExperimentalBootstrap "Amazon Linux" BootstrapRpmCommon ExperimentalBootstrap "Amazon Linux" BootstrapRpmCommon
elif [ -f /etc/product ] && grep -q "Joyent Instance" /etc/product ; then }
BOOTSTRAP_VERSION="BootstrapRpmCommon $BOOTSTRAP_RPM_COMMON_VERSION"
elif [ -f /etc/product ] && grep -q "Joyent Instance" /etc/product ; then
Bootstrap() {
ExperimentalBootstrap "Joyent SmartOS Zone" BootstrapSmartOS ExperimentalBootstrap "Joyent SmartOS Zone" BootstrapSmartOS
else }
BOOTSTRAP_VERSION="BootstrapSmartOS $BOOTSTRAP_SMARTOS_VERSION"
else
Bootstrap() {
error "Sorry, I don't know how to bootstrap Certbot on your operating system!" error "Sorry, I don't know how to bootstrap Certbot on your operating system!"
error error
error "You will need to install OS dependencies, configure virtualenv, and run pip install manually." error "You will need to install OS dependencies, configure virtualenv, and run pip install manually."
error "Please see https://letsencrypt.readthedocs.org/en/latest/contributing.html#prerequisites" error "Please see https://letsencrypt.readthedocs.org/en/latest/contributing.html#prerequisites"
error "for more info." error "for more info."
exit 1 exit 1
}
fi
# Sets PREV_BOOTSTRAP_VERSION to the identifier for the bootstrap script used
# to install OS dependencies on this system. PREV_BOOTSTRAP_VERSION isn't set
# if it is unknown how OS dependencies were installed on this system.
SetPrevBootstrapVersion() {
if [ -f $BOOTSTRAP_VERSION_PATH ]; then
PREV_BOOTSTRAP_VERSION=$(cat "$BOOTSTRAP_VERSION_PATH")
# The list below only contains bootstrap version strings that existed before
# we started writing them to disk.
#
# DO NOT MODIFY THIS LIST UNLESS YOU KNOW WHAT YOU'RE DOING!
elif grep -Fqx "$BOOTSTRAP_VERSION" << "UNLIKELY_EOF"
BootstrapDebCommon 1
BootstrapMageiaCommon 1
BootstrapRpmCommon 1
BootstrapSuseCommon 1
BootstrapArchCommon 1
BootstrapGentooCommon 1
BootstrapFreeBsd 1
BootstrapMac 1
BootstrapSmartOS 1
UNLIKELY_EOF
then
# If there's no bootstrap version saved to disk, but the currently selected
# bootstrap script is from before we started saving the version number,
# return the currently selected version to prevent us from rebootstrapping
# unnecessarily.
PREV_BOOTSTRAP_VERSION="$BOOTSTRAP_VERSION"
fi fi
} }
@@ -678,18 +815,39 @@ if [ "$1" = "--le-auto-phase2" ]; then
# Phase 2: Create venv, install LE, and run. # Phase 2: Create venv, install LE, and run.
shift 1 # the --le-auto-phase2 arg shift 1 # the --le-auto-phase2 arg
if [ -f "$VENV_BIN/letsencrypt" ]; then SetPrevBootstrapVersion
# --version output ran through grep due to python-cryptography DeprecationWarnings
# grep for both certbot and letsencrypt until certbot and shim packages have been released INSTALLED_VERSION="none"
INSTALLED_VERSION=$("$VENV_BIN/letsencrypt" --version 2>&1 | grep "^certbot\|^letsencrypt" | cut -d " " -f 2) if [ -d "$VENV_PATH" ]; then
if [ -z "$INSTALLED_VERSION" ]; then # If the selected Bootstrap function isn't a noop and it differs from the
error "Error: couldn't get currently installed version for $VENV_BIN/letsencrypt: " 1>&2 # previously used version
"$VENV_BIN/letsencrypt" --version if [ -n "$BOOTSTRAP_VERSION" -a "$BOOTSTRAP_VERSION" != "$PREV_BOOTSTRAP_VERSION" ]; then
exit 1 # if non-interactive mode or stdin and stdout are connected to a terminal
if [ \( "$NONINTERACTIVE" = 1 \) -o \( \( -t 0 \) -a \( -t 1 \) \) ]; then
rm -rf "$VENV_PATH"
"$0" "$@"
exit 0
else
error "Skipping upgrade because new OS dependencies may need to be installed."
error
error "To upgrade to a newer version, please run this script again manually so you can"
error "approve changes or with --non-interactive on the command line to automatically"
error "install any required packages."
# Set INSTALLED_VERSION to be the same so we don't update the venv
INSTALLED_VERSION="$LE_AUTO_VERSION"
fi
elif [ -f "$VENV_BIN/letsencrypt" ]; then
# --version output ran through grep due to python-cryptography DeprecationWarnings
# grep for both certbot and letsencrypt until certbot and shim packages have been released
INSTALLED_VERSION=$("$VENV_BIN/letsencrypt" --version 2>&1 | grep "^certbot\|^letsencrypt" | cut -d " " -f 2)
if [ -z "$INSTALLED_VERSION" ]; then
error "Error: couldn't get currently installed version for $VENV_BIN/letsencrypt: " 1>&2
"$VENV_BIN/letsencrypt" --version
exit 1
fi
fi fi
else
INSTALLED_VERSION="none"
fi fi
if [ "$LE_AUTO_VERSION" != "$INSTALLED_VERSION" ]; then if [ "$LE_AUTO_VERSION" != "$INSTALLED_VERSION" ]; then
say "Creating virtual environment..." say "Creating virtual environment..."
DeterminePythonVersion DeterminePythonVersion
@@ -700,6 +858,12 @@ if [ "$1" = "--le-auto-phase2" ]; then
virtualenv --no-site-packages --python "$LE_PYTHON" "$VENV_PATH" > /dev/null virtualenv --no-site-packages --python "$LE_PYTHON" "$VENV_PATH" > /dev/null
fi fi
if [ -n "$BOOTSTRAP_VERSION" ]; then
echo "$BOOTSTRAP_VERSION" > "$BOOTSTRAP_VERSION_PATH"
elif [ -n "$PREV_BOOTSTRAP_VERSION" ]; then
echo "$PREV_BOOTSTRAP_VERSION" > "$BOOTSTRAP_VERSION_PATH"
fi
say "Installing Python packages..." say "Installing Python packages..."
TEMP_DIR=$(TempDir) TEMP_DIR=$(TempDir)
trap 'rm -rf "$TEMP_DIR"' EXIT trap 'rm -rf "$TEMP_DIR"' EXIT
@@ -766,8 +930,8 @@ cffi==1.10.0 \
--hash=sha256:285ab352552f52f1398c912556d4d36d4ea9b8450e5c65d03809bf9886755533 \ --hash=sha256:285ab352552f52f1398c912556d4d36d4ea9b8450e5c65d03809bf9886755533 \
--hash=sha256:5576644b859197da7bbd8f8c7c2fb5dcc6cd505cadb42992d5f104c013f8a214 \ --hash=sha256:5576644b859197da7bbd8f8c7c2fb5dcc6cd505cadb42992d5f104c013f8a214 \
--hash=sha256:b3b02911eb1f6ada203b0763ba924234629b51586f72a21faacc638269f4ced5 --hash=sha256:b3b02911eb1f6ada203b0763ba924234629b51586f72a21faacc638269f4ced5
ConfigArgParse==0.10.0 \ ConfigArgParse==0.12.0 \
--hash=sha256:3b50a83dd58149dfcee98cb6565265d10b53e9c0a2bca7eeef7fb5f5524890a7 --hash=sha256:28cd7d67669651f2a4518367838c49539457504584a139709b2b8f6c208ef339
configobj==5.0.6 \ configobj==5.0.6 \
--hash=sha256:a2f5650770e1c87fb335af19a9b7eb73fc05ccf22144eb68db7d00cd2bcb0902 --hash=sha256:a2f5650770e1c87fb335af19a9b7eb73fc05ccf22144eb68db7d00cd2bcb0902
cryptography==2.0.2 \ cryptography==2.0.2 \
@@ -907,18 +1071,18 @@ letsencrypt==0.7.0 \
--hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \ --hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \
--hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9 --hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9
certbot==0.17.0 \ certbot==0.18.0 \
--hash=sha256:64c25c7123357feffded6408660bc6f5c7d493dd635ae172081d21473075a86a \ --hash=sha256:941925f045aaae2a7e5b1d322b68ea3e042a1c2d6a3b3de76c5b8a5122e515a7 \
--hash=sha256:43f5b26c3f314d14babf79a3bdf3522e4fc9eef867a0681c426f113c650a669c --hash=sha256:f70bdfd7a455f0c1f72610b48bf4a462e4aecd8e66baa9d2278f7bc4a4f4195f
acme==0.17.0 \ acme==0.18.0 \
--hash=sha256:501710171633af13fc52aa61d0277a6fe335f7477db5810e72239aaf4f3a09e7 \ --hash=sha256:e35b2dbc27a40ca35d9120cb417abde667e9c59436662a10f260f3eaa2eb8fe0 \
--hash=sha256:3ccbe4aaeb98c77b98ee4093b4e4adb76a1a24cbdfec0130c489c206f1d9b66e --hash=sha256:301b0c9108f80d1182add10e8fd0fa962a143731b8208615631a711b8cd98938
certbot-apache==0.17.0 \ certbot-apache==0.18.0 \
--hash=sha256:17a7e8d7526d838610e68b96cf052af17c4055655b76b06d1cbc74857d90a216 \ --hash=sha256:e08504b1e13e0698dffd4b6437cdf24480f6666b60455c83e9a55cad56ab8c2d \
--hash=sha256:29b9e7bc5eaaff6dc4bce8398e35eeacdf346126aad68cac3d41bb87df20a6b9 --hash=sha256:44b65d61f4d284da188c578ad0dc700d4743d03ae5382be86716ff26a82def94
certbot-nginx==0.17.0 \ certbot-nginx==0.18.0 \
--hash=sha256:980c9a33a79ab839a089a0085ff0c5414f01f47b6db26ed342df25916658cec9 \ --hash=sha256:da58201350b0d02cd4b43ea53abd34a4a56cbb7d5564004c25607bdcbec5e890 \
--hash=sha256:e573f8b4283172755c07b9cca8a8da7ef2d31b4df763881394b5339b2d42994a --hash=sha256:528db0f8e5d5ac6956e4df15ab4809f313114ff2817c4b2f04c43913d750ca28
UNLIKELY_EOF UNLIKELY_EOF
# ------------------------------------------------------------------------- # -------------------------------------------------------------------------
@@ -1131,20 +1295,15 @@ UNLIKELY_EOF
rm -rf "$VENV_PATH" rm -rf "$VENV_PATH"
exit 1 exit 1
fi fi
if [ -d "$OLD_VENV_PATH" -a ! -L "$OLD_VENV_PATH" ]; then
rm -rf "$OLD_VENV_PATH"
ln -s "$VENV_PATH" "$OLD_VENV_PATH"
fi
say "Installation succeeded." say "Installation succeeded."
fi fi
if [ -n "$SUDO" ]; then "$VENV_BIN/letsencrypt" "$@"
# SUDO is su wrapper or sudo
say "Requesting root privileges to run certbot..."
say " $VENV_BIN/letsencrypt" "$@"
fi
if [ -z "$SUDO_ENV" ] ; then
# SUDO is su wrapper / noop
$SUDO "$VENV_BIN/letsencrypt" "$@"
else
# sudo
$SUDO "$SUDO_ENV" "$VENV_BIN/letsencrypt" "$@"
fi
else else
# Phase 1: Upgrade certbot-auto if necessary, then self-invoke. # Phase 1: Upgrade certbot-auto if necessary, then self-invoke.
@@ -1155,12 +1314,14 @@ else
# package). Phase 2 checks the version of the locally installed certbot. # package). Phase 2 checks the version of the locally installed certbot.
if [ ! -f "$VENV_BIN/letsencrypt" ]; then if [ ! -f "$VENV_BIN/letsencrypt" ]; then
if [ "$HELP" = 1 ]; then if [ -z "$OLD_VENV_PATH" -o ! -f "$OLD_VENV_PATH/bin/letsencrypt" ]; then
echo "$USAGE" if [ "$HELP" = 1 ]; then
exit 0 echo "$USAGE"
exit 0
fi
# If it looks like we've never bootstrapped before, bootstrap:
Bootstrap
fi fi
# If it looks like we've never bootstrapped before, bootstrap:
Bootstrap
fi fi
if [ "$OS_PACKAGES_ONLY" = 1 ]; then if [ "$OS_PACKAGES_ONLY" = 1 ]; then
say "OS packages installed." say "OS packages installed."
@@ -1320,13 +1481,13 @@ UNLIKELY_EOF
say "Replacing certbot-auto..." say "Replacing certbot-auto..."
# Clone permissions with cp. chmod and chown don't have a --reference # Clone permissions with cp. chmod and chown don't have a --reference
# option on macOS or BSD, and stat -c on Linux is stat -f on macOS and BSD: # option on macOS or BSD, and stat -c on Linux is stat -f on macOS and BSD:
$SUDO cp -p "$0" "$TEMP_DIR/letsencrypt-auto.permission-clone" cp -p "$0" "$TEMP_DIR/letsencrypt-auto.permission-clone"
$SUDO cp "$TEMP_DIR/letsencrypt-auto" "$TEMP_DIR/letsencrypt-auto.permission-clone" cp "$TEMP_DIR/letsencrypt-auto" "$TEMP_DIR/letsencrypt-auto.permission-clone"
# Using mv rather than cp leaves the old file descriptor pointing to the # Using mv rather than cp leaves the old file descriptor pointing to the
# original copy so the shell can continue to read it unmolested. mv across # original copy so the shell can continue to read it unmolested. mv across
# filesystems is non-atomic, doing `rm dest, cp src dest, rm src`, but the # filesystems is non-atomic, doing `rm dest, cp src dest, rm src`, but the
# cp is unlikely to fail (esp. under sudo) if the rm doesn't. # cp is unlikely to fail if the rm doesn't.
$SUDO mv -f "$TEMP_DIR/letsencrypt-auto.permission-clone" "$0" mv -f "$TEMP_DIR/letsencrypt-auto.permission-clone" "$0"
fi # A newer version is available. fi # A newer version is available.
fi # Self-upgrading is allowed. fi # Self-upgrading is allowed.

14
letsencrypt-auto-source/certbot-auto.asc
View File

@@ -1,11 +1,11 @@
-----BEGIN PGP SIGNATURE----- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v2 Version: GnuPG v2
iQEcBAABCAAGBQJZgRYdAAoJEE0XyZXNl3XyNskIAMh/M3tV8PTieSrMr3uzLua8 iQEcBAABCAAGBQJZry3aAAoJEE0XyZXNl3Xy2foH/0ehCksUM0JQWdHNjmEexo0l
R+tQJV31WlraoKGQAkZ9Ak+nEhJy0bOi3QAeOmEnS15sBM6ruD+UCfwUDrZxolfW XBvtZz59BkQpERZRd7tuwiXzFCJ9VwxlCUo4DhmdT7IYrM3/qb5HoVWPMrw70ySX
5Fnue2ocym+MhfDNKoerQNAmaaHY8sutoR+RNTegFyfyr92zMDZVzPm/DFAAHbK+ CgKB/SKKYiHFXLT0w/sT6RJDp1y/dt1+8+BWCCztI+1yaQiAsJBK3rzVjpcQRb15
eJltSx2Jleaig4V/RcKpkCwHErjQxn6Tn4jHlafAdNL28tEIGXcExpRj4raw3X1L yoQs9tNQIBBKdocZISjOTX1pYcwkA7fBGbnep9ndsM1PSuGXk3CBDF2YRfVnxnwF
SoTq/yJiWe+M7t+1iBRVEMZHY1b47PbTo1ipKF/ZZ3Hrz5JKRhAKcA8diHlWp+1I Y6R1Psjjk6vsUK9KY8uPtNtH4w3W30tRVbQmBf2qOsPrr532W/Zjvo1UERhqpM/w
ujAfU4uu0hR+C3wcpeJ1i2YdS4S9y6uMGyIWU5toJfYdolTSGRZ2lPB+x5Um9pw= fxjgo8XyJdMvilL/U3lZEsdzq2WTbS8nXto1mB0/QgVLENICsWoE8SVSql10iYo=
=/7P7 =wcEX
-----END PGP SIGNATURE----- -----END PGP SIGNATURE-----

26
letsencrypt-auto-source/letsencrypt-auto
View File

@@ -31,7 +31,7 @@ if [ -z "$VENV_PATH" ]; then
fi fi
VENV_BIN="$VENV_PATH/bin" VENV_BIN="$VENV_PATH/bin"
BOOTSTRAP_VERSION_PATH="$VENV_PATH/certbot-auto-bootstrap-version.txt" BOOTSTRAP_VERSION_PATH="$VENV_PATH/certbot-auto-bootstrap-version.txt"
LE_AUTO_VERSION="0.18.0.dev0" LE_AUTO_VERSION="0.18.0"
BASENAME=$(basename $0) BASENAME=$(basename $0)
USAGE="Usage: $BASENAME [OPTIONS] USAGE="Usage: $BASENAME [OPTIONS]
A self-updating wrapper script for the Certbot ACME client. When run, updates A self-updating wrapper script for the Certbot ACME client. When run, updates
@@ -1071,18 +1071,18 @@ letsencrypt==0.7.0 \
--hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \ --hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \
--hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9 --hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9
certbot==0.17.0 \ certbot==0.18.0 \
--hash=sha256:64c25c7123357feffded6408660bc6f5c7d493dd635ae172081d21473075a86a \ --hash=sha256:941925f045aaae2a7e5b1d322b68ea3e042a1c2d6a3b3de76c5b8a5122e515a7 \
--hash=sha256:43f5b26c3f314d14babf79a3bdf3522e4fc9eef867a0681c426f113c650a669c --hash=sha256:f70bdfd7a455f0c1f72610b48bf4a462e4aecd8e66baa9d2278f7bc4a4f4195f
acme==0.17.0 \ acme==0.18.0 \
--hash=sha256:501710171633af13fc52aa61d0277a6fe335f7477db5810e72239aaf4f3a09e7 \ --hash=sha256:e35b2dbc27a40ca35d9120cb417abde667e9c59436662a10f260f3eaa2eb8fe0 \
--hash=sha256:3ccbe4aaeb98c77b98ee4093b4e4adb76a1a24cbdfec0130c489c206f1d9b66e --hash=sha256:301b0c9108f80d1182add10e8fd0fa962a143731b8208615631a711b8cd98938
certbot-apache==0.17.0 \ certbot-apache==0.18.0 \
--hash=sha256:17a7e8d7526d838610e68b96cf052af17c4055655b76b06d1cbc74857d90a216 \ --hash=sha256:e08504b1e13e0698dffd4b6437cdf24480f6666b60455c83e9a55cad56ab8c2d \
--hash=sha256:29b9e7bc5eaaff6dc4bce8398e35eeacdf346126aad68cac3d41bb87df20a6b9 --hash=sha256:44b65d61f4d284da188c578ad0dc700d4743d03ae5382be86716ff26a82def94
certbot-nginx==0.17.0 \ certbot-nginx==0.18.0 \
--hash=sha256:980c9a33a79ab839a089a0085ff0c5414f01f47b6db26ed342df25916658cec9 \ --hash=sha256:da58201350b0d02cd4b43ea53abd34a4a56cbb7d5564004c25607bdcbec5e890 \
--hash=sha256:e573f8b4283172755c07b9cca8a8da7ef2d31b4df763881394b5339b2d42994a --hash=sha256:528db0f8e5d5ac6956e4df15ab4809f313114ff2817c4b2f04c43913d750ca28
UNLIKELY_EOF UNLIKELY_EOF
# ------------------------------------------------------------------------- # -------------------------------------------------------------------------

BIN
letsencrypt-auto-source/letsencrypt-auto.sig
View File

Binary file not shown.

24
letsencrypt-auto-source/pieces/certbot-requirements.txt
View File

@@ -1,12 +1,12 @@
certbot==0.17.0 \ certbot==0.18.0 \
--hash=sha256:64c25c7123357feffded6408660bc6f5c7d493dd635ae172081d21473075a86a \ --hash=sha256:941925f045aaae2a7e5b1d322b68ea3e042a1c2d6a3b3de76c5b8a5122e515a7 \
--hash=sha256:43f5b26c3f314d14babf79a3bdf3522e4fc9eef867a0681c426f113c650a669c --hash=sha256:f70bdfd7a455f0c1f72610b48bf4a462e4aecd8e66baa9d2278f7bc4a4f4195f
acme==0.17.0 \ acme==0.18.0 \
--hash=sha256:501710171633af13fc52aa61d0277a6fe335f7477db5810e72239aaf4f3a09e7 \ --hash=sha256:e35b2dbc27a40ca35d9120cb417abde667e9c59436662a10f260f3eaa2eb8fe0 \
--hash=sha256:3ccbe4aaeb98c77b98ee4093b4e4adb76a1a24cbdfec0130c489c206f1d9b66e --hash=sha256:301b0c9108f80d1182add10e8fd0fa962a143731b8208615631a711b8cd98938
certbot-apache==0.17.0 \ certbot-apache==0.18.0 \
--hash=sha256:17a7e8d7526d838610e68b96cf052af17c4055655b76b06d1cbc74857d90a216 \ --hash=sha256:e08504b1e13e0698dffd4b6437cdf24480f6666b60455c83e9a55cad56ab8c2d \
--hash=sha256:29b9e7bc5eaaff6dc4bce8398e35eeacdf346126aad68cac3d41bb87df20a6b9 --hash=sha256:44b65d61f4d284da188c578ad0dc700d4743d03ae5382be86716ff26a82def94
certbot-nginx==0.17.0 \ certbot-nginx==0.18.0 \
--hash=sha256:980c9a33a79ab839a089a0085ff0c5414f01f47b6db26ed342df25916658cec9 \ --hash=sha256:da58201350b0d02cd4b43ea53abd34a4a56cbb7d5564004c25607bdcbec5e890 \
--hash=sha256:e573f8b4283172755c07b9cca8a8da7ef2d31b4df763881394b5339b2d42994a --hash=sha256:528db0f8e5d5ac6956e4df15ab4809f313114ff2817c4b2f04c43913d750ca28