diff --git a/.codecov.yml b/.codecov.yml index 3a7be503d..4c0cf93f1 100644 --- a/.codecov.yml +++ b/.codecov.yml @@ -6,7 +6,7 @@ coverage: flags: linux # Fixed target instead of auto set by #7173, can # be removed when flags in Codecov are added back. - target: 97.8 + target: 97.7 threshold: 0.1 base: auto windows: diff --git a/certbot-apache/certbot_apache/http_01.py b/certbot-apache/certbot_apache/http_01.py index a6c271aa5..538806de0 100644 --- a/certbot-apache/certbot_apache/http_01.py +++ b/certbot-apache/certbot_apache/http_01.py @@ -169,8 +169,7 @@ class ApacheHttp01(common.TLSSNI01): def _set_up_challenges(self): if not os.path.isdir(self.challenge_dir): - os.makedirs(self.challenge_dir) - filesystem.chmod(self.challenge_dir, 0o755) + filesystem.makedirs(self.challenge_dir, 0o755) responses = [] for achall in self.achalls: diff --git a/certbot-nginx/local-oldest-requirements.txt b/certbot-nginx/local-oldest-requirements.txt index 0bc9ee027..da509406e 100644 --- a/certbot-nginx/local-oldest-requirements.txt +++ b/certbot-nginx/local-oldest-requirements.txt @@ -1,3 +1,3 @@ # Remember to update setup.py to match the package versions below. acme[dev]==0.29.0 -certbot[dev]==0.34.0 +-e .[dev] diff --git a/certbot-nginx/setup.py b/certbot-nginx/setup.py index 09a1ab8d5..64f343730 100644 --- a/certbot-nginx/setup.py +++ b/certbot-nginx/setup.py @@ -10,7 +10,7 @@ version = '0.36.0.dev0' # acme/certbot version. install_requires = [ 'acme>=0.29.0', - 'certbot>=0.34.0', + 'certbot>=0.35.0.dev0', 'mock', 'PyOpenSSL', 'pyparsing>=1.5.5', # Python3 support; perhaps unnecessary? diff --git a/certbot/compat/filesystem.py b/certbot/compat/filesystem.py index 8cdff17d3..657f2376c 100644 --- a/certbot/compat/filesystem.py +++ b/certbot/compat/filesystem.py @@ -106,6 +106,58 @@ def open(file_path, flags, mode=0o777): # pylint: disable=redefined-builtin return handle +def makedirs(file_path, mode=0o777): + # type: (str, int) -> None + """ + Rewrite of original os.makedirs function, that will ensure on Windows that given mode + is correctly applied. + :param str file_path: The file path to open + :param int mode: POSIX mode to apply on leaf directory when created, Python defaults + will be applied if ``None`` + """ + if POSIX_MODE: + return os.makedirs(file_path, mode) + + orig_mkdir_fn = os.mkdir + try: + # As we know that os.mkdir is called internally by os.makedirs, we will swap the function in + # os module for the time of makedirs execution on Windows. + os.mkdir = mkdir # type: ignore + return os.makedirs(file_path, mode) + finally: + os.mkdir = orig_mkdir_fn + + +def mkdir(file_path, mode=0o777): + # type: (str, int) -> None + """ + Rewrite of original os.mkdir function, that will ensure on Windows that given mode + is correctly applied. + :param str file_path: The file path to open + :param int mode: POSIX mode to apply on directory when created, Python defaults + will be applied if ``None`` + """ + if POSIX_MODE: + return os.mkdir(file_path, mode) + + attributes = win32security.SECURITY_ATTRIBUTES() + security = attributes.SECURITY_DESCRIPTOR + user = _get_current_user() + dacl = _generate_dacl(user, mode) + security.SetSecurityDescriptorDacl(1, dacl, 0) + + try: + win32file.CreateDirectory(file_path, attributes) + except pywintypes.error as err: + # Handle native windows error into python error to be consistent with the API + # of os.mkdir in the situation of a directory already existing. + if err.winerror == winerror.ERROR_ALREADY_EXISTS: + raise OSError(errno.EEXIST, err.strerror, file_path, err.winerror) + raise err + + return None + + def replace(src, dst): # type: (str, str) -> None """ diff --git a/certbot/compat/os.py b/certbot/compat/os.py index a7de464fa..0c5582ca1 100644 --- a/certbot/compat/os.py +++ b/certbot/compat/os.py @@ -62,6 +62,25 @@ def open(*unused_args, **unused_kwargs): 'Use certbot.compat.filesystem.open() instead.') +# Very similarly to os.open, os.mkdir has the same effects on Windows and creates an unsecured +# folder. So a similar mitigation to security.chmod is provided on this platform. +def mkdir(*unused_args, **unused_kwargs): + """Method os.mkdir() is forbidden""" + raise RuntimeError('Usage of os.mkdir() is forbidden. ' + 'Use certbot.compat.filesystem.mkdir() instead.') + + +# As said above, os.makedirs would call the original os.mkdir function recursively on Windows, +# creating the same flaws for every actual folder created. This method is modified to ensure +# that our modified os.mkdir is called on Windows, by monkey patching temporarily the mkdir method +# on the original os module, executing the modified logic to correctly protect newly created +# folders, then restoring original mkdir method in the os module. +def makedirs(*unused_args, **unused_kwargs): + """Method os.makedirs() is forbidden""" + raise RuntimeError('Usage of os.makedirs() is forbidden. ' + 'Use certbot.compat.filesystem.makedirs() instead.') + + # Because of the blocking strategy on file handlers on Windows, rename does not behave as expected # with POSIX systems: an exception will be raised if dst already exists. def rename(*unused_args, **unused_kwargs): diff --git a/certbot/plugins/common_test.py b/certbot/plugins/common_test.py index ce60046af..1684fb998 100644 --- a/certbot/plugins/common_test.py +++ b/certbot/plugins/common_test.py @@ -15,6 +15,7 @@ from certbot import achallenges from certbot import crypto_util from certbot import errors from certbot.compat import os +from certbot.compat import filesystem from certbot.tests import acme_util from certbot.tests import util as test_util @@ -95,7 +96,7 @@ class InstallerTest(test_util.ConfigTestCase): def setUp(self): super(InstallerTest, self).setUp() - os.mkdir(self.config.config_dir) + filesystem.mkdir(self.config.config_dir) from certbot.plugins.common import Installer self.installer = Installer(config=self.config, diff --git a/certbot/plugins/manual_test.py b/certbot/plugins/manual_test.py index 10dbe73c9..16d240316 100644 --- a/certbot/plugins/manual_test.py +++ b/certbot/plugins/manual_test.py @@ -9,6 +9,7 @@ from acme import challenges from certbot import errors from certbot.compat import os +from certbot.compat import filesystem from certbot.tests import acme_util from certbot.tests import util as test_util @@ -23,7 +24,7 @@ class AuthenticatorTest(test_util.TempDirTestCase): self.dns_achall_2 = acme_util.DNS01_A_2 self.achalls = [self.http_achall, self.dns_achall, self.dns_achall_2] for d in ["config_dir", "work_dir", "in_progress"]: - os.mkdir(os.path.join(self.tempdir, d)) + filesystem.mkdir(os.path.join(self.tempdir, d)) # "backup_dir" and "temp_checkpoint_dir" get created in # certbot.util.make_or_verify_dir() during the Reverter # initialization. diff --git a/certbot/plugins/storage_test.py b/certbot/plugins/storage_test.py index 3251e6b29..f72e69d4b 100644 --- a/certbot/plugins/storage_test.py +++ b/certbot/plugins/storage_test.py @@ -6,6 +6,7 @@ import mock from certbot import errors from certbot.compat import os +from certbot.compat import filesystem from certbot.plugins import common from certbot.tests import util as test_util @@ -16,7 +17,7 @@ class PluginStorageTest(test_util.ConfigTestCase): def setUp(self): super(PluginStorageTest, self).setUp() self.plugin_cls = common.Installer - os.mkdir(self.config.config_dir) + filesystem.mkdir(self.config.config_dir) with mock.patch("certbot.reverter.util"): self.plugin = self.plugin_cls(config=self.config, name="mockplugin") diff --git a/certbot/plugins/webroot.py b/certbot/plugins/webroot.py index 1c94b34d3..2a42bd5ed 100644 --- a/certbot/plugins/webroot.py +++ b/certbot/plugins/webroot.py @@ -19,6 +19,7 @@ from certbot import cli from certbot import errors from certbot import interfaces from certbot.compat import os +from certbot.compat import filesystem from certbot.display import ops from certbot.display import util as display_util from certbot.plugins import common @@ -173,10 +174,10 @@ to serve all files under specified web root ({0}).""" # as it does not correspond to a folder path ('/' or 'C:') for prefix in sorted(util.get_prefixes(self.full_roots[name])[:-1], key=len): try: - # This is coupled with the "umask" call above because - # os.mkdir's "mode" parameter may not always work: + # This is coupled with the "umask" call above because os.mkdir's + # "mode" parameter may not always work under Linux: # https://docs.python.org/3/library/os.html#os.mkdir - os.mkdir(prefix, 0o0755) + filesystem.mkdir(prefix, 0o0755) self._created_dirs.append(prefix) # Set owner as parent directory if possible try: diff --git a/certbot/plugins/webroot_test.py b/certbot/plugins/webroot_test.py index 2d15c46fb..5039aae9e 100644 --- a/certbot/plugins/webroot_test.py +++ b/certbot/plugins/webroot_test.py @@ -203,7 +203,7 @@ class AuthenticatorTest(unittest.TestCase): self.assertFalse(os.path.exists(self.partial_root_challenge_path)) def test_perform_cleanup_existing_dirs(self): - os.mkdir(self.partial_root_challenge_path) + filesystem.mkdir(self.partial_root_challenge_path) self.auth.prepare() self.auth.perform([self.achall]) self.auth.cleanup([self.achall]) @@ -219,7 +219,7 @@ class AuthenticatorTest(unittest.TestCase): domain="thing.com", account_key=KEY) bingo_validation_path = "YmluZ28" - os.mkdir(self.partial_root_challenge_path) + filesystem.mkdir(self.partial_root_challenge_path) self.auth.prepare() self.auth.perform([bingo_achall, self.achall]) @@ -235,7 +235,7 @@ class AuthenticatorTest(unittest.TestCase): self.auth.perform([self.achall]) leftover_path = os.path.join(self.root_challenge_path, 'leftover') - os.mkdir(leftover_path) + filesystem.mkdir(leftover_path) self.auth.cleanup([self.achall]) self.assertFalse(os.path.exists(self.validation_path)) diff --git a/certbot/storage.py b/certbot/storage.py index bfec72c40..3ab37afe5 100644 --- a/certbot/storage.py +++ b/certbot/storage.py @@ -984,7 +984,7 @@ class RenewableCert(object): for i in (cli_config.renewal_configs_dir, cli_config.default_archive_dir, cli_config.live_dir): if not os.path.exists(i): - os.makedirs(i, 0o700) + filesystem.makedirs(i, 0o700) logger.debug("Creating directory %s.", i) config_file, config_filename = util.unique_lineage_name( cli_config.renewal_configs_dir, lineagename) @@ -1006,8 +1006,8 @@ class RenewableCert(object): config_file.close() raise errors.CertStorageError( "live directory exists for " + lineagename) - os.mkdir(archive) - os.mkdir(live_dir) + filesystem.mkdir(archive) + filesystem.mkdir(live_dir) logger.debug("Archive directory %s and live " "directory %s created.", archive, live_dir) diff --git a/certbot/tests/cert_manager_test.py b/certbot/tests/cert_manager_test.py index 08d7282a7..30ca6f099 100644 --- a/certbot/tests/cert_manager_test.py +++ b/certbot/tests/cert_manager_test.py @@ -12,6 +12,7 @@ import mock from certbot import configuration from certbot import errors from certbot.compat import os +from certbot.compat import filesystem from certbot.display import util as display_util from certbot.storage import ALL_FOUR from certbot.tests import storage_test @@ -25,7 +26,7 @@ class BaseCertManagerTest(test_util.ConfigTestCase): super(BaseCertManagerTest, self).setUp() self.config.quiet = False - os.makedirs(self.config.renewal_configs_dir) + filesystem.makedirs(self.config.renewal_configs_dir) self.domains = { "example.org": None, @@ -43,14 +44,14 @@ class BaseCertManagerTest(test_util.ConfigTestCase): def _set_up_config(self, domain, custom_archive): # TODO: maybe provide NamespaceConfig.make_dirs? # TODO: main() should create those dirs, c.f. #902 - os.makedirs(os.path.join(self.config.live_dir, domain)) + filesystem.makedirs(os.path.join(self.config.live_dir, domain)) config_file = configobj.ConfigObj() if custom_archive is not None: - os.makedirs(custom_archive) + filesystem.makedirs(custom_archive) config_file["archive_dir"] = custom_archive else: - os.makedirs(os.path.join(self.config.default_archive_dir, domain)) + filesystem.makedirs(os.path.join(self.config.default_archive_dir, domain)) for kind in ALL_FOUR: config_file[kind] = os.path.join(self.config.live_dir, domain, @@ -194,7 +195,7 @@ class CertificatesTest(BaseCertManagerTest): quiet=False )) - os.makedirs(empty_config.renewal_configs_dir) + filesystem.makedirs(empty_config.renewal_configs_dir) self._certificates(empty_config) self.assertFalse(mock_logger.warning.called) #pylint: disable=no-member self.assertTrue(mock_utility.called) diff --git a/certbot/tests/cli_test.py b/certbot/tests/cli_test.py index 8259d4040..9dd16db2d 100644 --- a/certbot/tests/cli_test.py +++ b/certbot/tests/cli_test.py @@ -16,6 +16,7 @@ from certbot import cli from certbot import constants from certbot import errors from certbot.compat import os +from certbot.compat import filesystem from certbot.plugins import disco from certbot.tests.util import TempDirTestCase @@ -318,8 +319,8 @@ class ParseTest(unittest.TestCase): # pylint: disable=too-many-public-methods self.parse(short_args + ['renew']), False) account_dir = os.path.join(config_dir, constants.ACCOUNTS_DIR) - os.mkdir(account_dir) - os.mkdir(os.path.join(account_dir, 'fake_account_dir')) + filesystem.mkdir(account_dir) + filesystem.mkdir(os.path.join(account_dir, 'fake_account_dir')) self._assert_dry_run_flag_worked(self.parse(short_args + ['auth']), True) self._assert_dry_run_flag_worked(self.parse(short_args + ['renew']), True) diff --git a/certbot/tests/compat/filesystem_test.py b/certbot/tests/compat/filesystem_test.py index fc2b3f80f..b0edb31ba 100644 --- a/certbot/tests/compat/filesystem_test.py +++ b/certbot/tests/compat/filesystem_test.py @@ -229,6 +229,47 @@ class WindowsOpenTest(TempDirTestCase): raise err +@unittest.skipIf(POSIX_MODE, reason='Test specific to Windows security') +class WindowsMkdirTests(test_util.TempDirTestCase): + """Unit tests for Windows mkdir + makedirs functions in filesystem module""" + def test_mkdir_correct_permissions(self): + path = os.path.join(self.tempdir, 'dir') + + filesystem.mkdir(path, 0o700) + + everybody = win32security.ConvertStringSidToSid(EVERYBODY_SID) + + dacl = _get_security_dacl(path).GetSecurityDescriptorDacl() + self.assertFalse([dacl.GetAce(index) for index in range(0, dacl.GetAceCount()) + if dacl.GetAce(index)[2] == everybody]) + + def test_makedirs_correct_permissions(self): + path = os.path.join(self.tempdir, 'dir') + subpath = os.path.join(path, 'subpath') + + filesystem.makedirs(subpath, 0o700) + + everybody = win32security.ConvertStringSidToSid(EVERYBODY_SID) + + dacl = _get_security_dacl(subpath).GetSecurityDescriptorDacl() + self.assertFalse([dacl.GetAce(index) for index in range(0, dacl.GetAceCount()) + if dacl.GetAce(index)[2] == everybody]) + + def test_makedirs_switch_os_mkdir(self): + path = os.path.join(self.tempdir, 'dir') + import os as std_os # pylint: disable=os-module-forbidden + original_mkdir = std_os.mkdir + + filesystem.makedirs(path) + self.assertEqual(original_mkdir, std_os.mkdir) + + try: + filesystem.makedirs(path) # Will fail because path already exists + except OSError: + pass + self.assertEqual(original_mkdir, std_os.mkdir) + + class OsReplaceTest(test_util.TempDirTestCase): """Test to ensure consistent behavior of rename method""" diff --git a/certbot/tests/compat/os_test.py b/certbot/tests/compat/os_test.py index 41b99d06e..a2b40a7f8 100644 --- a/certbot/tests/compat/os_test.py +++ b/certbot/tests/compat/os_test.py @@ -7,7 +7,7 @@ from certbot.compat import os class OsTest(unittest.TestCase): """Unit tests for os module.""" def test_forbidden_methods(self): - for method in ['chmod', 'open', 'rename', 'replace']: + for method in ['chmod', 'open', 'mkdir', 'makedirs', 'rename', 'replace']: self.assertRaises(RuntimeError, getattr(os, method)) diff --git a/certbot/tests/display/completer_test.py b/certbot/tests/display/completer_test.py index bbbc50c49..73d17946e 100644 --- a/certbot/tests/display/completer_test.py +++ b/certbot/tests/display/completer_test.py @@ -13,6 +13,7 @@ from six.moves import reload_module # pylint: disable=import-error from acme.magic_typing import List # pylint: disable=unused-import,no-name-in-module from certbot.compat import os # pylint: disable=ungrouped-imports +from certbot.compat import filesystem # pylint: disable=ungrouped-imports import certbot.tests.util as test_util # pylint: disable=ungrouped-imports @@ -33,7 +34,7 @@ class CompleterTest(test_util.TempDirTestCase): path = os.path.join(self.tempdir, c) self.paths.append(path) if ord(c) % 2: - os.mkdir(path) + filesystem.mkdir(path) else: with open(path, 'w'): pass diff --git a/certbot/tests/display/ops_test.py b/certbot/tests/display/ops_test.py index 95334a9d3..0a80836c0 100644 --- a/certbot/tests/display/ops_test.py +++ b/certbot/tests/display/ops_test.py @@ -13,6 +13,7 @@ import certbot.tests.util as test_util from certbot import account from certbot import errors from certbot.compat import os +from certbot.compat import filesystem from certbot.display import ops from certbot.display import util as display_util @@ -93,7 +94,7 @@ class ChooseAccountTest(test_util.TempDirTestCase): False)) self.account_keys_dir = os.path.join(self.tempdir, "keys") - os.makedirs(self.account_keys_dir, 0o700) + filesystem.makedirs(self.account_keys_dir, 0o700) self.config = mock.MagicMock( accounts_dir=self.tempdir, diff --git a/certbot/tests/hook_test.py b/certbot/tests/hook_test.py index fd2320494..079bc7f4c 100644 --- a/certbot/tests/hook_test.py +++ b/certbot/tests/hook_test.py @@ -96,7 +96,7 @@ class PreHookTest(HookTest): super(PreHookTest, self).setUp() self.config.pre_hook = "foo" - os.makedirs(self.config.renewal_pre_hooks_dir) + filesystem.makedirs(self.config.renewal_pre_hooks_dir) self.dir_hook = os.path.join(self.config.renewal_pre_hooks_dir, "bar") create_hook(self.dir_hook) @@ -174,7 +174,7 @@ class PostHookTest(HookTest): super(PostHookTest, self).setUp() self.config.post_hook = "bar" - os.makedirs(self.config.renewal_post_hooks_dir) + filesystem.makedirs(self.config.renewal_post_hooks_dir) self.dir_hook = os.path.join(self.config.renewal_post_hooks_dir, "foo") create_hook(self.dir_hook) @@ -376,7 +376,7 @@ class RenewHookTest(RenewalHookTest): super(RenewHookTest, self).setUp() self.config.renew_hook = "foo" - os.makedirs(self.config.renewal_deploy_hooks_dir) + filesystem.makedirs(self.config.renewal_deploy_hooks_dir) self.dir_hook = os.path.join(self.config.renewal_deploy_hooks_dir, "bar") create_hook(self.dir_hook) diff --git a/certbot/tests/main_test.py b/certbot/tests/main_test.py index 2cc42cc88..ebd9a28e1 100644 --- a/certbot/tests/main_test.py +++ b/certbot/tests/main_test.py @@ -33,6 +33,7 @@ from certbot import updater from certbot import util from certbot.compat import misc from certbot.compat import os +from certbot.compat import filesystem from certbot.plugins import disco from certbot.plugins import enhancements from certbot.plugins import manual @@ -513,7 +514,7 @@ class MainTest(test_util.ConfigTestCase): # pylint: disable=too-many-public-met def setUp(self): super(MainTest, self).setUp() - os.mkdir(self.config.logs_dir) + filesystem.mkdir(self.config.logs_dir) self.standard_args = ['--config-dir', self.config.config_dir, '--work-dir', self.config.work_dir, '--logs-dir', self.config.logs_dir, '--text'] @@ -1161,7 +1162,7 @@ class MainTest(test_util.ConfigTestCase): # pylint: disable=too-many-public-met def test_renew_verb_empty_config(self): rd = os.path.join(self.config.config_dir, 'renewal') if not os.path.exists(rd): - os.makedirs(rd) + filesystem.makedirs(rd) with open(os.path.join(rd, 'empty.conf'), 'w'): pass # leave the file empty args = ["renew", "--dry-run", "-tvv"] @@ -1179,7 +1180,7 @@ class MainTest(test_util.ConfigTestCase): # pylint: disable=too-many-public-met def _make_dummy_renewal_config(self): renewer_configs_dir = os.path.join(self.config.config_dir, 'renewal') - os.makedirs(renewer_configs_dir) + filesystem.makedirs(renewer_configs_dir) with open(os.path.join(renewer_configs_dir, 'test.conf'), 'w') as f: f.write("My contents don't matter") diff --git a/certbot/tests/reverter_test.py b/certbot/tests/reverter_test.py index 9e35ad636..31b0ea754 100644 --- a/certbot/tests/reverter_test.py +++ b/certbot/tests/reverter_test.py @@ -10,6 +10,7 @@ import six from certbot import errors from certbot.compat import os +from certbot.compat import filesystem from certbot.tests import util as test_util @@ -395,7 +396,7 @@ class TestFullCheckpointsReverter(test_util.ConfigTestCase): def test_view_config_changes_bad_backups_dir(self): # There shouldn't be any "in progress directories when this is called # It must just be clean checkpoints - os.makedirs(os.path.join(self.config.backup_dir, "in_progress")) + filesystem.makedirs(os.path.join(self.config.backup_dir, "in_progress")) self.assertRaises( errors.ReverterError, self.reverter.view_config_changes) diff --git a/certbot/tests/storage_test.py b/certbot/tests/storage_test.py index 307c053d8..017807a6d 100644 --- a/certbot/tests/storage_test.py +++ b/certbot/tests/storage_test.py @@ -92,10 +92,10 @@ class BaseRenewableCertTest(test_util.ConfigTestCase): # TODO: maybe provide NamespaceConfig.make_dirs? # TODO: main() should create those dirs, c.f. #902 - os.makedirs(os.path.join(self.config.config_dir, "live", "example.org")) + filesystem.makedirs(os.path.join(self.config.config_dir, "live", "example.org")) archive_path = os.path.join(self.config.config_dir, "archive", "example.org") - os.makedirs(archive_path) - os.makedirs(os.path.join(self.config.config_dir, "renewal")) + filesystem.makedirs(archive_path) + filesystem.makedirs(os.path.join(self.config.config_dir, "renewal")) config_file = configobj.ConfigObj() for kind in ALL_FOUR: @@ -634,12 +634,12 @@ class RenewableCertTests(BaseRenewableCertTest): self.assertTrue(os.path.exists(os.path.join( self.config.live_dir, "the-lineage.com-0001", "README"))) # Now trigger the detection of already existing files - os.mkdir(os.path.join( + filesystem.mkdir(os.path.join( self.config.live_dir, "the-lineage.com-0002")) self.assertRaises(errors.CertStorageError, storage.RenewableCert.new_lineage, "the-lineage.com", b"cert3", b"privkey3", b"chain3", self.config) - os.mkdir(os.path.join(self.config.default_archive_dir, "other-example.com")) + filesystem.mkdir(os.path.join(self.config.default_archive_dir, "other-example.com")) self.assertRaises(errors.CertStorageError, storage.RenewableCert.new_lineage, "other-example.com", b"cert4", diff --git a/certbot/tests/util.py b/certbot/tests/util.py index 1c5f1d8b0..56fbd5458 100644 --- a/certbot/tests/util.py +++ b/certbot/tests/util.py @@ -139,7 +139,7 @@ def make_lineage(config_dir, testfile): for directory in (archive_dir, conf_dir, live_dir,): if not os.path.exists(directory): - os.makedirs(directory) + filesystem.makedirs(directory) sample_archive = vector_path('sample-archive') for kind in os.listdir(sample_archive): diff --git a/certbot/tests/util_test.py b/certbot/tests/util_test.py index 38bf370e5..41b5cf71d 100644 --- a/certbot/tests/util_test.py +++ b/certbot/tests/util_test.py @@ -92,7 +92,7 @@ class LockDirUntilExit(test_util.TempDirTestCase): @mock.patch('certbot.util.atexit_register') def test_it(self, mock_register, mock_logger): subdir = os.path.join(self.tempdir, 'subdir') - os.mkdir(subdir) + filesystem.mkdir(subdir) self._call(self.tempdir) self._call(subdir) self._call(subdir) @@ -143,7 +143,7 @@ class MakeOrVerifyDirTest(test_util.TempDirTestCase): super(MakeOrVerifyDirTest, self).setUp() self.path = os.path.join(self.tempdir, "foo") - os.mkdir(self.path, 0o600) + filesystem.mkdir(self.path, 0o600) self.uid = misc.os_geteuid() @@ -166,7 +166,7 @@ class MakeOrVerifyDirTest(test_util.TempDirTestCase): self.assertRaises(errors.Error, self._call, self.path, 0o400) def test_reraises_os_error(self): - with mock.patch.object(os, "makedirs") as makedirs: + with mock.patch.object(filesystem, "makedirs") as makedirs: makedirs.side_effect = OSError() self.assertRaises(OSError, self._call, "bar", 12312312) diff --git a/certbot/util.py b/certbot/util.py index 097edd05d..dfdc87346 100644 --- a/certbot/util.py +++ b/certbot/util.py @@ -181,7 +181,7 @@ def make_or_verify_dir(directory, mode=0o755, uid=0, strict=False): """ try: - os.makedirs(directory, mode) + filesystem.makedirs(directory, mode) except OSError as exception: if exception.errno == errno.EEXIST: if strict and not check_permissions(directory, mode, uid): diff --git a/tests/lock_test.py b/tests/lock_test.py index aaa8ce2d9..b65442c30 100644 --- a/tests/lock_test.py +++ b/tests/lock_test.py @@ -21,6 +21,7 @@ from cryptography.hazmat.primitives.asymmetric import rsa from certbot import lock from certbot import util +from certbot.compat import filesystem from certbot.tests import util as test_util @@ -92,7 +93,7 @@ def set_up_dirs(): nginx_dir = os.path.join(temp_dir, 'nginx') for directory in (config_dir, logs_dir, work_dir, nginx_dir,): - os.mkdir(directory) + filesystem.mkdir(directory) test_util.make_lineage(config_dir, 'sample-renewal.conf') set_up_nginx_dir(nginx_dir)