From 6c89aa52275bf0c4107d9e719031c8ca83c5804f Mon Sep 17 00:00:00 2001 From: Kenichi Maehashi Date: Fri, 27 Sep 2019 05:25:48 +0900 Subject: [PATCH 01/17] Fix to run with Apache on RHEL 6 (#7401) This PR fixes a regression in #7337 (0.38.0) that certbot cannot run with Apache on RHEL 6. In RHEL 6, `distro.linux_distribution()` returns `RedHatEnterpriseServer`. In RHEL 6: ```py >>> import distro >>> distro.linux_distribution() (u'RedHatEnterpriseServer', u'6.10', u'Santiago') >>> import platform >>> platform.linux_distribution() ('Red Hat Enterprise Linux Server', '6.10', 'Santiago') ``` In RHEL 7: ```py >>> import distro >>> distro.linux_distribution() ('Red Hat Enterprise Linux Server', '7.6', 'Maipo') >>> import platform >>> platform.linux_distribution() ('Red Hat Enterprise Linux Server', '7.6', 'Maipo') ``` * fix to run with Apache on RHEL 6 * fix docs --- AUTHORS.md | 1 + CHANGELOG.md | 2 +- certbot-apache/certbot_apache/entrypoint.py | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/AUTHORS.md b/AUTHORS.md index 051c59e61..182081e94 100644 --- a/AUTHORS.md +++ b/AUTHORS.md @@ -127,6 +127,7 @@ Authors * [Joubin Jabbari](https://github.com/joubin) * [Juho Juopperi](https://github.com/jkjuopperi) * [Kane York](https://github.com/riking) +* [Kenichi Maehashi](https://github.com/kmaehashi) * [Kenneth Skovhede](https://github.com/kenkendk) * [Kevin Burke](https://github.com/kevinburke) * [Kevin London](https://github.com/kevinlondon) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5c0143d01..ea0d316ba 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,7 +14,7 @@ Certbot adheres to [Semantic Versioning](https://semver.org/). ### Fixed -* +* Fixed OS detection in the Apache plugin on RHEL 6. More details about these changes can be found on our GitHub repo. diff --git a/certbot-apache/certbot_apache/entrypoint.py b/certbot-apache/certbot_apache/entrypoint.py index 0b875add3..610191fea 100644 --- a/certbot-apache/certbot_apache/entrypoint.py +++ b/certbot-apache/certbot_apache/entrypoint.py @@ -24,6 +24,7 @@ OVERRIDE_CLASSES = { "fedora_old": override_centos.CentOSConfigurator, "fedora": override_fedora.FedoraConfigurator, "ol": override_centos.CentOSConfigurator, + "redhatenterpriseserver": override_centos.CentOSConfigurator, "red hat enterprise linux server": override_centos.CentOSConfigurator, "rhel": override_centos.CentOSConfigurator, "amazon": override_centos.CentOSConfigurator, From ca3077d0347aae12163a43bf74a0c8321284367e Mon Sep 17 00:00:00 2001 From: Joona Hoikkala Date: Fri, 27 Sep 2019 19:50:38 +0300 Subject: [PATCH 02/17] Try to use platform.linux_distribution() before distro equivalent (#7403) Try to primarily fall back to using `platform.linux_distribution()` if `/etc/os-release` isn't available. Only use `distro.linux_distribution()` on Python >= 3.8. * Try to use platform.linux_distribution() before distro equivalent * Fix tests for py38 * Added changelog entry --- CHANGELOG.md | 1 + certbot/tests/util_test.py | 15 +++++++++------ certbot/util.py | 10 +++++++++- 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ea0d316ba..6f454e95c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ Certbot adheres to [Semantic Versioning](https://semver.org/). ### Changed * Don't send OCSP requests for expired certificates +* Return to using platform.linux_distribution instead of distro.linux_distribution in OS fingerprinting for Python < 3.8 ### Fixed diff --git a/certbot/tests/util_test.py b/certbot/tests/util_test.py index 0ed6511f3..61b356779 100644 --- a/certbot/tests/util_test.py +++ b/certbot/tests/util_test.py @@ -520,13 +520,16 @@ class OsInfoTest(unittest.TestCase): with mock.patch('platform.system_alias', return_value=('linux', '', '')): - with mock.patch('distro.linux_distribution', - return_value=('', '', '')): - self.assertEqual(get_python_os_info(), ("linux", "")) + with mock.patch('platform.linux_distribution', + side_effect=AttributeError, + create=True): + with mock.patch('distro.linux_distribution', + return_value=('', '', '')): + self.assertEqual(get_python_os_info(), ("linux", "")) - with mock.patch('distro.linux_distribution', - return_value=('testdist', '42', '')): - self.assertEqual(get_python_os_info(), ("testdist", "42")) + with mock.patch('distro.linux_distribution', + return_value=('testdist', '42', '')): + self.assertEqual(get_python_os_info(), ("testdist", "42")) with mock.patch('platform.system_alias', return_value=('freebsd', '9.3-RC3-p1', '')): diff --git a/certbot/util.py b/certbot/util.py index 7d82eca8c..ec357573d 100644 --- a/certbot/util.py +++ b/certbot/util.py @@ -392,7 +392,7 @@ def get_python_os_info(): os_type, os_ver, _ = info os_type = os_type.lower() if os_type.startswith('linux'): - info = distro.linux_distribution() + info = _get_linux_distribution() # On arch, distro.linux_distribution() is reportedly ('','',''), # so handle it defensively if info[0]: @@ -424,6 +424,14 @@ def get_python_os_info(): os_ver = '' return os_type, os_ver +def _get_linux_distribution(): + """Gets the linux distribution name from the underlying OS""" + + try: + return platform.linux_distribution() + except AttributeError: + return distro.linux_distribution() + # Just make sure we don't get pwned... Make sure that it also doesn't # start with a period or have two consecutive periods <- this needs to # be done in addition to the regex From 8a4c2f505f9db7b2aee31748062f3f7752467816 Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Fri, 27 Sep 2019 12:46:56 -0700 Subject: [PATCH 03/17] Remove listing for broken heroku plugin (#7409) The README for the [3rd party heroku plugin](https://github.com/gboudreau/certbot-heroku) says it has been deprecated. Because of this, let's remove it from the list of third party plugins. --- docs/using.rst | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/using.rst b/docs/using.rst index 700fcf92a..f1e70285d 100644 --- a/docs/using.rst +++ b/docs/using.rst @@ -279,7 +279,6 @@ external_ Y N A plugin for convenient scripting (See also ticket icecast_ N Y Deploy certificates to Icecast 2 streaming media servers pritunl_ N Y Install certificates in pritunl distributed OpenVPN servers proxmox_ N Y Install certificates in Proxmox Virtualization servers -heroku_ Y Y Integration with Heroku SSL dns-standalone_ Y N Obtain certificates via an integrated DNS server dns-ispconfig_ Y N DNS Authentication using ISPConfig as DNS server ================== ==== ==== =============================================================== @@ -293,7 +292,6 @@ dns-ispconfig_ Y N DNS Authentication using ISPConfig as DNS server .. _pritunl: https://github.com/kharkevich/letsencrypt-pritunl .. _proxmox: https://github.com/kharkevich/letsencrypt-proxmox .. _external: https://github.com/marcan/letsencrypt-external -.. _heroku: https://github.com/gboudreau/certbot-heroku .. _dns-standalone: https://github.com/siilike/certbot-dns-standalone .. _dns-ispconfig: https://github.com/m42e/certbot-dns-ispconfig From 6ac8633363961e7c1826609e9f40b1ac3f0ea527 Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Fri, 27 Sep 2019 12:47:12 -0700 Subject: [PATCH 04/17] Remove listing for broken icecast plugin. (#7408) The repo description for the [3rd party Icecast plugin](https://github.com/e00E/lets-encrypt-icecast) says that the plugin isn't currently working and the repository hasn't been updated since 2017. Since it seems broken and unmaintained, let's remove it from the list of third party plugins. I would happily add it again to the list of third party plugins if people fix and maintain it. --- docs/using.rst | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/using.rst b/docs/using.rst index f1e70285d..458ab9a01 100644 --- a/docs/using.rst +++ b/docs/using.rst @@ -276,7 +276,6 @@ s3front_ Y Y Integration with Amazon CloudFront distribution of gandi_ Y N Obtain certificates via the Gandi LiveDNS API varnish_ Y N Obtain certificates via a Varnish server external_ Y N A plugin for convenient scripting (See also ticket 2782_) -icecast_ N Y Deploy certificates to Icecast 2 streaming media servers pritunl_ N Y Install certificates in pritunl distributed OpenVPN servers proxmox_ N Y Install certificates in Proxmox Virtualization servers dns-standalone_ Y N Obtain certificates via an integrated DNS server @@ -286,7 +285,6 @@ dns-ispconfig_ Y N DNS Authentication using ISPConfig as DNS server .. _haproxy: https://github.com/greenhost/certbot-haproxy .. _s3front: https://github.com/dlapiduz/letsencrypt-s3front .. _gandi: https://github.com/obynio/certbot-plugin-gandi -.. _icecast: https://github.com/e00E/lets-encrypt-icecast .. _varnish: http://git.sesse.net/?p=letsencrypt-varnish-plugin .. _2782: https://github.com/certbot/certbot/issues/2782 .. _pritunl: https://github.com/kharkevich/letsencrypt-pritunl From c2480b29f7e289a0d3db3d8e7639b909b9069ace Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Mon, 30 Sep 2019 09:19:05 -0700 Subject: [PATCH 05/17] Add CentOS 8 support to certbot-auto. (#7406) Fixes #7396. --- CHANGELOG.md | 1 + letsencrypt-auto-source/letsencrypt-auto | 2 ++ letsencrypt-auto-source/letsencrypt-auto.template | 2 ++ 3 files changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6f454e95c..7155fa0d7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ Certbot adheres to [Semantic Versioning](https://semver.org/). ### Added * Support for Python 3.8 was added to Certbot and all of its components. +* Support for CentOS 8 was added to certbot-auto. ### Changed diff --git a/letsencrypt-auto-source/letsencrypt-auto b/letsencrypt-auto-source/letsencrypt-auto index ae7dc1d16..457701743 100755 --- a/letsencrypt-auto-source/letsencrypt-auto +++ b/letsencrypt-auto-source/letsencrypt-auto @@ -775,6 +775,8 @@ elif [ -f /etc/redhat-release ]; then RPM_USE_PYTHON_3=1 elif [ "$RPM_DIST_NAME" = "rhel" -a "$RPM_DIST_VERSION" -ge 8 ]; then RPM_USE_PYTHON_3=1 + elif [ "$RPM_DIST_NAME" = "centos" -a "$RPM_DIST_VERSION" -ge 8 ]; then + RPM_USE_PYTHON_3=1 else RPM_USE_PYTHON_3=0 fi diff --git a/letsencrypt-auto-source/letsencrypt-auto.template b/letsencrypt-auto-source/letsencrypt-auto.template index b38aa7017..31c5bb134 100755 --- a/letsencrypt-auto-source/letsencrypt-auto.template +++ b/letsencrypt-auto-source/letsencrypt-auto.template @@ -350,6 +350,8 @@ elif [ -f /etc/redhat-release ]; then RPM_USE_PYTHON_3=1 elif [ "$RPM_DIST_NAME" = "rhel" -a "$RPM_DIST_VERSION" -ge 8 ]; then RPM_USE_PYTHON_3=1 + elif [ "$RPM_DIST_NAME" = "centos" -a "$RPM_DIST_VERSION" -ge 8 ]; then + RPM_USE_PYTHON_3=1 else RPM_USE_PYTHON_3=0 fi From e3dbd9ce4a6336afd58c1917939172d7adc1d8bb Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Tue, 1 Oct 2019 10:34:11 -0700 Subject: [PATCH 06/17] Keep compatibility with IE11 in the Nginx plugin (#7414) As discussed at https://github.com/mozilla/server-side-tls/issues/263, Mozilla's current intermediate recommendations drop support for some non-EOL'd versions of IE. [Their TLS recommendations were updated to suggest a couple possible workarounds for people who need this support](https://github.com/mozilla/server-side-tls/pull/264) and [April suggested that we make this change in Certbot](https://github.com/mozilla/server-side-tls/issues/263#issuecomment-537085728). We know `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA` translates to `ECDHE-RSA-AES128-SHA` because [nginx uses the same cipher format as OpenSSL](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers) and the translation is shown in the table at https://github.com/mozilla/server-side-tls/blob/gh-pages/Cipher_Suites.mediawiki. The risk of regressions making this change is low as we always had this ciphersuite enabled just a few releases ago: https://github.com/certbot/certbot/tree/v0.36.0/certbot-nginx/certbot_nginx * Keep compatibility with IE11 * update changelog --- CHANGELOG.md | 1 + certbot-nginx/certbot_nginx/constants.py | 4 ++++ .../certbot_nginx/tls_configs/options-ssl-nginx-old.conf | 2 +- .../tls_configs/options-ssl-nginx-tls12-only.conf | 2 +- .../tls_configs/options-ssl-nginx-tls13-session-tix-on.conf | 2 +- .../certbot_nginx/tls_configs/options-ssl-nginx.conf | 2 +- 6 files changed, 9 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7155fa0d7..fe806de29 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ Certbot adheres to [Semantic Versioning](https://semver.org/). * Don't send OCSP requests for expired certificates * Return to using platform.linux_distribution instead of distro.linux_distribution in OS fingerprinting for Python < 3.8 +* Updated the Nginx plugin's TLS configuration to keep support for some versions of IE11. ### Fixed diff --git a/certbot-nginx/certbot_nginx/constants.py b/certbot-nginx/certbot_nginx/constants.py index 92dc9e79d..fbf6ed424 100644 --- a/certbot-nginx/certbot_nginx/constants.py +++ b/certbot-nginx/certbot_nginx/constants.py @@ -37,6 +37,10 @@ ALL_SSL_OPTIONS_HASHES = [ '02329eb19930af73c54b3632b3165d84571383b8c8c73361df940cb3894dd426', '108c4555058a087496a3893aea5d9e1cee0f20a3085d44a52dc1a66522299ac3', 'd5e021706ecdccc7090111b0ae9a29ef61523e927f020e410caf0a1fd7063981', + 'ef11e3fb17213e74d3e1816cde0ec37b8b95b4167cf21e7b8ff1eaa9c6f918ee', + 'af85f6193808a44789a1d293e6cffa249cad9a21135940800958b8e3c72dbc69', + 'a2a612fd21b02abaa32d9d11ac63d987d6e3054dbfa356de5800eea0d7ce17f3', + '2d9648302e3588a172c318e46bff88ade46fc7a16d6afc85322776a04800d473', ] """SHA256 hashes of the contents of all versions of MOD_SSL_CONF_SRC""" diff --git a/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx-old.conf b/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx-old.conf index a678b0507..731e38919 100644 --- a/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx-old.conf +++ b/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx-old.conf @@ -10,4 +10,4 @@ ssl_session_timeout 1440m; ssl_protocols TLSv1.2; ssl_prefer_server_ciphers off; -ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; +ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA"; diff --git a/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx-tls12-only.conf b/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx-tls12-only.conf index 1933cbc4f..33771a189 100644 --- a/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx-tls12-only.conf +++ b/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx-tls12-only.conf @@ -11,4 +11,4 @@ ssl_session_tickets off; ssl_protocols TLSv1.2; ssl_prefer_server_ciphers off; -ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; +ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA"; diff --git a/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx-tls13-session-tix-on.conf b/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx-tls13-session-tix-on.conf index 52fdfde24..91197d2c8 100644 --- a/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx-tls13-session-tix-on.conf +++ b/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx-tls13-session-tix-on.conf @@ -10,4 +10,4 @@ ssl_session_timeout 1440m; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers off; -ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; +ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA"; diff --git a/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx.conf b/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx.conf index 978e6e8ab..98b1c4ab9 100644 --- a/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx.conf +++ b/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx.conf @@ -11,4 +11,4 @@ ssl_session_tickets off; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers off; -ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; +ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA"; From 9c18de993d00d367d614afd975dcadfc91e6335d Mon Sep 17 00:00:00 2001 From: Erica Portnoy Date: Tue, 1 Oct 2019 12:48:40 -0700 Subject: [PATCH 07/17] Update changelog for 0.39.0 release --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fe806de29..d2a3ea867 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ Certbot adheres to [Semantic Versioning](https://semver.org/). -## 0.39.0 - master +## 0.39.0 - 2019-10-01 ### Added From 0b605333d90b93b82a5529f5c524264582669fea Mon Sep 17 00:00:00 2001 From: Erica Portnoy Date: Tue, 1 Oct 2019 13:04:08 -0700 Subject: [PATCH 08/17] Release 0.39.0 --- acme/setup.py | 2 +- certbot-apache/local-oldest-requirements.txt | 2 +- certbot-apache/setup.py | 4 +-- certbot-auto | 28 ++++++++++-------- certbot-compatibility-test/setup.py | 2 +- .../local-oldest-requirements.txt | 2 +- certbot-dns-cloudflare/setup.py | 4 +-- .../local-oldest-requirements.txt | 2 +- certbot-dns-cloudxns/setup.py | 4 +-- .../local-oldest-requirements.txt | 2 +- certbot-dns-digitalocean/setup.py | 4 +-- .../local-oldest-requirements.txt | 2 +- certbot-dns-dnsimple/setup.py | 4 +-- .../local-oldest-requirements.txt | 2 +- certbot-dns-dnsmadeeasy/setup.py | 4 +-- .../local-oldest-requirements.txt | 2 +- certbot-dns-gehirn/setup.py | 4 +-- .../local-oldest-requirements.txt | 2 +- certbot-dns-google/setup.py | 4 +-- .../local-oldest-requirements.txt | 2 +- certbot-dns-linode/setup.py | 4 +-- .../local-oldest-requirements.txt | 2 +- certbot-dns-luadns/setup.py | 4 +-- .../local-oldest-requirements.txt | 2 +- certbot-dns-nsone/setup.py | 4 +-- certbot-dns-ovh/local-oldest-requirements.txt | 2 +- certbot-dns-ovh/setup.py | 4 +-- .../local-oldest-requirements.txt | 2 +- certbot-dns-rfc2136/setup.py | 4 +-- .../local-oldest-requirements.txt | 2 +- certbot-dns-route53/setup.py | 4 +-- .../local-oldest-requirements.txt | 2 +- certbot-dns-sakuracloud/setup.py | 4 +-- certbot-nginx/setup.py | 2 +- certbot/__init__.py | 2 +- docs/cli-help.txt | 2 +- letsencrypt-auto | 28 ++++++++++-------- letsencrypt-auto-source/certbot-auto.asc | 16 +++++----- letsencrypt-auto-source/letsencrypt-auto | 26 ++++++++-------- letsencrypt-auto-source/letsencrypt-auto.sig | Bin 256 -> 256 bytes .../pieces/certbot-requirements.txt | 24 +++++++-------- 41 files changed, 113 insertions(+), 109 deletions(-) diff --git a/acme/setup.py b/acme/setup.py index 517aef118..2c90264bd 100644 --- a/acme/setup.py +++ b/acme/setup.py @@ -3,7 +3,7 @@ from setuptools import find_packages from setuptools.command.test import test as TestCommand import sys -version = '0.39.0.dev0' +version = '0.39.0' # Please update tox.ini when modifying dependency version requirements install_requires = [ diff --git a/certbot-apache/local-oldest-requirements.txt b/certbot-apache/local-oldest-requirements.txt index da509406e..1ee716cd6 100644 --- a/certbot-apache/local-oldest-requirements.txt +++ b/certbot-apache/local-oldest-requirements.txt @@ -1,3 +1,3 @@ # Remember to update setup.py to match the package versions below. acme[dev]==0.29.0 --e .[dev] +certbot[dev]==0.39.0 diff --git a/certbot-apache/setup.py b/certbot-apache/setup.py index 784c1124f..0e14a8dfa 100644 --- a/certbot-apache/setup.py +++ b/certbot-apache/setup.py @@ -4,13 +4,13 @@ from setuptools.command.test import test as TestCommand import sys -version = '0.39.0.dev0' +version = '0.39.0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. install_requires = [ 'acme>=0.29.0', - 'certbot>=0.39.0.dev0', + 'certbot>=0.39.0', 'mock', 'python-augeas', 'setuptools', diff --git a/certbot-auto b/certbot-auto index 122654d35..68ced3260 100755 --- a/certbot-auto +++ b/certbot-auto @@ -31,7 +31,7 @@ if [ -z "$VENV_PATH" ]; then fi VENV_BIN="$VENV_PATH/bin" BOOTSTRAP_VERSION_PATH="$VENV_PATH/certbot-auto-bootstrap-version.txt" -LE_AUTO_VERSION="0.38.0" +LE_AUTO_VERSION="0.39.0" BASENAME=$(basename $0) USAGE="Usage: $BASENAME [OPTIONS] A self-updating wrapper script for the Certbot ACME client. When run, updates @@ -775,6 +775,8 @@ elif [ -f /etc/redhat-release ]; then RPM_USE_PYTHON_3=1 elif [ "$RPM_DIST_NAME" = "rhel" -a "$RPM_DIST_VERSION" -ge 8 ]; then RPM_USE_PYTHON_3=1 + elif [ "$RPM_DIST_NAME" = "centos" -a "$RPM_DIST_VERSION" -ge 8 ]; then + RPM_USE_PYTHON_3=1 else RPM_USE_PYTHON_3=0 fi @@ -1336,18 +1338,18 @@ letsencrypt==0.7.0 \ --hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \ --hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9 -certbot==0.38.0 \ - --hash=sha256:618abf3ae17c2fc3cb99baa4bf000dd5e2d7875b7811f5ef1edf6ebd7a33945f \ - --hash=sha256:c27712101794e3adf54f3a3067c63be5caa507a930a79865bc654b6864121c6b -acme==0.38.0 \ - --hash=sha256:6231571b4a94d6d621b28bef6f6d4846b3c2ebca840f9718d3212036c3bd2af8 \ - --hash=sha256:1c1e9c0826a8f72d670b0ca28b7e6392ce4781eb33222f35133705b6551885d8 -certbot-apache==0.38.0 \ - --hash=sha256:0b5a2c2bcc430470b5131941ebdfde0a13e28dec38918c1a4ebea5dd35ad38bc \ - --hash=sha256:2d335543e0ae9292303238736907ce6b321ac49eb49fe4e0b775abdc0ba57c62 -certbot-nginx==0.38.0 \ - --hash=sha256:af82944e171d2e93c81438b185f8051e742c6f47f7382cb1a647b1c7ca2b53f2 \ - --hash=sha256:cecd1fa3de6e19980fdb9c3b3269b15b7da71b5748ee7ae5caddcc18dbb208ac +certbot==0.39.0 \ + --hash=sha256:f1a70651a6c5137a448f4a8db17b09af619f80a077326caae6b74278bf1db488 \ + --hash=sha256:885cee1c4d05888af86b626cbbfc29d3c6c842ef4fe8f4a486994cef9daddfe0 +acme==0.39.0 \ + --hash=sha256:4f8be913df289b981852042719469cc367a7e436256f232c799d0bd1521db710 \ + --hash=sha256:a2fcb75d16de6804f4b4d773a457ee2f6434ebaf8fd1aa60862a91d4e8f73608 +certbot-apache==0.39.0 \ + --hash=sha256:c7a8630a85b753a52ca0b8c19e24b8f85ac4ba028292a95745e250c2e72faab9 \ + --hash=sha256:4651a0212c9ebc3087281dad92ad3cb355bb2730f432d0180a8d23325d11825a +certbot-nginx==0.39.0 \ + --hash=sha256:76e5862ad5cc0fbc099df3502987c101c60dee1c188a579eac990edee7a910df \ + --hash=sha256:ceac88df52d3b27d14c3052b9e90ada327d7e14ecd6e4af7519918182d6138b4 UNLIKELY_EOF # ------------------------------------------------------------------------- diff --git a/certbot-compatibility-test/setup.py b/certbot-compatibility-test/setup.py index ae0f36938..a720c65a9 100644 --- a/certbot-compatibility-test/setup.py +++ b/certbot-compatibility-test/setup.py @@ -4,7 +4,7 @@ from setuptools import setup from setuptools import find_packages -version = '0.39.0.dev0' +version = '0.39.0' install_requires = [ 'certbot', diff --git a/certbot-dns-cloudflare/local-oldest-requirements.txt b/certbot-dns-cloudflare/local-oldest-requirements.txt index da509406e..1ee716cd6 100644 --- a/certbot-dns-cloudflare/local-oldest-requirements.txt +++ b/certbot-dns-cloudflare/local-oldest-requirements.txt @@ -1,3 +1,3 @@ # Remember to update setup.py to match the package versions below. acme[dev]==0.29.0 --e .[dev] +certbot[dev]==0.39.0 diff --git a/certbot-dns-cloudflare/setup.py b/certbot-dns-cloudflare/setup.py index 98e0af806..51b930285 100644 --- a/certbot-dns-cloudflare/setup.py +++ b/certbot-dns-cloudflare/setup.py @@ -2,13 +2,13 @@ from setuptools import setup from setuptools import find_packages -version = '0.39.0.dev0' +version = '0.39.0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. install_requires = [ 'acme>=0.29.0', - 'certbot>=0.39.0.dev0', + 'certbot>=0.39.0', 'cloudflare>=1.5.1', 'mock', 'setuptools', diff --git a/certbot-dns-cloudxns/local-oldest-requirements.txt b/certbot-dns-cloudxns/local-oldest-requirements.txt index 2b3ba9f32..aefe03f90 100644 --- a/certbot-dns-cloudxns/local-oldest-requirements.txt +++ b/certbot-dns-cloudxns/local-oldest-requirements.txt @@ -1,3 +1,3 @@ # Remember to update setup.py to match the package versions below. acme[dev]==0.31.0 --e .[dev] +certbot[dev]==0.39.0 diff --git a/certbot-dns-cloudxns/setup.py b/certbot-dns-cloudxns/setup.py index 05dae99d4..01f4111eb 100644 --- a/certbot-dns-cloudxns/setup.py +++ b/certbot-dns-cloudxns/setup.py @@ -2,13 +2,13 @@ from setuptools import setup from setuptools import find_packages -version = '0.39.0.dev0' +version = '0.39.0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. install_requires = [ 'acme>=0.31.0', - 'certbot>=0.39.0.dev0', + 'certbot>=0.39.0', 'dns-lexicon>=2.2.1', # Support for >1 TXT record per name 'mock', 'setuptools', diff --git a/certbot-dns-digitalocean/local-oldest-requirements.txt b/certbot-dns-digitalocean/local-oldest-requirements.txt index da509406e..1ee716cd6 100644 --- a/certbot-dns-digitalocean/local-oldest-requirements.txt +++ b/certbot-dns-digitalocean/local-oldest-requirements.txt @@ -1,3 +1,3 @@ # Remember to update setup.py to match the package versions below. acme[dev]==0.29.0 --e .[dev] +certbot[dev]==0.39.0 diff --git a/certbot-dns-digitalocean/setup.py b/certbot-dns-digitalocean/setup.py index 5c34157cd..53cc62101 100644 --- a/certbot-dns-digitalocean/setup.py +++ b/certbot-dns-digitalocean/setup.py @@ -2,13 +2,13 @@ from setuptools import setup from setuptools import find_packages -version = '0.39.0.dev0' +version = '0.39.0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. install_requires = [ 'acme>=0.29.0', - 'certbot>=0.39.0.dev0', + 'certbot>=0.39.0', 'mock', 'python-digitalocean>=1.11', 'setuptools', diff --git a/certbot-dns-dnsimple/local-oldest-requirements.txt b/certbot-dns-dnsimple/local-oldest-requirements.txt index 2b3ba9f32..aefe03f90 100644 --- a/certbot-dns-dnsimple/local-oldest-requirements.txt +++ b/certbot-dns-dnsimple/local-oldest-requirements.txt @@ -1,3 +1,3 @@ # Remember to update setup.py to match the package versions below. acme[dev]==0.31.0 --e .[dev] +certbot[dev]==0.39.0 diff --git a/certbot-dns-dnsimple/setup.py b/certbot-dns-dnsimple/setup.py index 45dfc2272..15cf5d17e 100644 --- a/certbot-dns-dnsimple/setup.py +++ b/certbot-dns-dnsimple/setup.py @@ -3,13 +3,13 @@ from setuptools import setup from setuptools import find_packages -version = '0.39.0.dev0' +version = '0.39.0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. install_requires = [ 'acme>=0.31.0', - 'certbot>=0.39.0.dev0', + 'certbot>=0.39.0', 'mock', 'setuptools', 'zope.interface', diff --git a/certbot-dns-dnsmadeeasy/local-oldest-requirements.txt b/certbot-dns-dnsmadeeasy/local-oldest-requirements.txt index 2b3ba9f32..aefe03f90 100644 --- a/certbot-dns-dnsmadeeasy/local-oldest-requirements.txt +++ b/certbot-dns-dnsmadeeasy/local-oldest-requirements.txt @@ -1,3 +1,3 @@ # Remember to update setup.py to match the package versions below. acme[dev]==0.31.0 --e .[dev] +certbot[dev]==0.39.0 diff --git a/certbot-dns-dnsmadeeasy/setup.py b/certbot-dns-dnsmadeeasy/setup.py index a42206a81..8c4f8025d 100644 --- a/certbot-dns-dnsmadeeasy/setup.py +++ b/certbot-dns-dnsmadeeasy/setup.py @@ -2,13 +2,13 @@ from setuptools import setup from setuptools import find_packages -version = '0.39.0.dev0' +version = '0.39.0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. install_requires = [ 'acme>=0.31.0', - 'certbot>=0.39.0.dev0', + 'certbot>=0.39.0', 'dns-lexicon>=2.2.1', # Support for >1 TXT record per name 'mock', 'setuptools', diff --git a/certbot-dns-gehirn/local-oldest-requirements.txt b/certbot-dns-gehirn/local-oldest-requirements.txt index 2b3ba9f32..aefe03f90 100644 --- a/certbot-dns-gehirn/local-oldest-requirements.txt +++ b/certbot-dns-gehirn/local-oldest-requirements.txt @@ -1,3 +1,3 @@ # Remember to update setup.py to match the package versions below. acme[dev]==0.31.0 --e .[dev] +certbot[dev]==0.39.0 diff --git a/certbot-dns-gehirn/setup.py b/certbot-dns-gehirn/setup.py index 53f1db41f..4b9552b1b 100644 --- a/certbot-dns-gehirn/setup.py +++ b/certbot-dns-gehirn/setup.py @@ -2,12 +2,12 @@ from setuptools import setup from setuptools import find_packages -version = '0.39.0.dev0' +version = '0.39.0' # Please update tox.ini when modifying dependency version requirements install_requires = [ 'acme>=0.31.0', - 'certbot>=0.39.0.dev0', + 'certbot>=0.39.0', 'dns-lexicon>=2.1.22', 'mock', 'setuptools', diff --git a/certbot-dns-google/local-oldest-requirements.txt b/certbot-dns-google/local-oldest-requirements.txt index da509406e..1ee716cd6 100644 --- a/certbot-dns-google/local-oldest-requirements.txt +++ b/certbot-dns-google/local-oldest-requirements.txt @@ -1,3 +1,3 @@ # Remember to update setup.py to match the package versions below. acme[dev]==0.29.0 --e .[dev] +certbot[dev]==0.39.0 diff --git a/certbot-dns-google/setup.py b/certbot-dns-google/setup.py index 833f04be0..43e63a609 100644 --- a/certbot-dns-google/setup.py +++ b/certbot-dns-google/setup.py @@ -2,13 +2,13 @@ from setuptools import setup from setuptools import find_packages -version = '0.39.0.dev0' +version = '0.39.0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. install_requires = [ 'acme>=0.29.0', - 'certbot>=0.39.0.dev0', + 'certbot>=0.39.0', # 1.5 is the first version that supports oauth2client>=2.0 'google-api-python-client>=1.5', 'mock', diff --git a/certbot-dns-linode/local-oldest-requirements.txt b/certbot-dns-linode/local-oldest-requirements.txt index d48a789bb..838e70c69 100644 --- a/certbot-dns-linode/local-oldest-requirements.txt +++ b/certbot-dns-linode/local-oldest-requirements.txt @@ -1,4 +1,4 @@ # Remember to update setup.py to match the package versions below. acme[dev]==0.31.0 --e .[dev] +certbot[dev]==0.39.0 dns-lexicon==2.2.3 diff --git a/certbot-dns-linode/setup.py b/certbot-dns-linode/setup.py index 143fec10c..67994526d 100644 --- a/certbot-dns-linode/setup.py +++ b/certbot-dns-linode/setup.py @@ -1,12 +1,12 @@ from setuptools import setup from setuptools import find_packages -version = '0.39.0.dev0' +version = '0.39.0' # Please update tox.ini when modifying dependency version requirements install_requires = [ 'acme>=0.31.0', - 'certbot>=0.39.0.dev0', + 'certbot>=0.39.0', 'dns-lexicon>=2.2.3', 'mock', 'setuptools', diff --git a/certbot-dns-luadns/local-oldest-requirements.txt b/certbot-dns-luadns/local-oldest-requirements.txt index 2b3ba9f32..aefe03f90 100644 --- a/certbot-dns-luadns/local-oldest-requirements.txt +++ b/certbot-dns-luadns/local-oldest-requirements.txt @@ -1,3 +1,3 @@ # Remember to update setup.py to match the package versions below. acme[dev]==0.31.0 --e .[dev] +certbot[dev]==0.39.0 diff --git a/certbot-dns-luadns/setup.py b/certbot-dns-luadns/setup.py index b2f2c7730..d95ea8908 100644 --- a/certbot-dns-luadns/setup.py +++ b/certbot-dns-luadns/setup.py @@ -2,13 +2,13 @@ from setuptools import setup from setuptools import find_packages -version = '0.39.0.dev0' +version = '0.39.0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. install_requires = [ 'acme>=0.31.0', - 'certbot>=0.39.0.dev0', + 'certbot>=0.39.0', 'dns-lexicon>=2.2.1', # Support for >1 TXT record per name 'mock', 'setuptools', diff --git a/certbot-dns-nsone/local-oldest-requirements.txt b/certbot-dns-nsone/local-oldest-requirements.txt index 2b3ba9f32..aefe03f90 100644 --- a/certbot-dns-nsone/local-oldest-requirements.txt +++ b/certbot-dns-nsone/local-oldest-requirements.txt @@ -1,3 +1,3 @@ # Remember to update setup.py to match the package versions below. acme[dev]==0.31.0 --e .[dev] +certbot[dev]==0.39.0 diff --git a/certbot-dns-nsone/setup.py b/certbot-dns-nsone/setup.py index 88183707d..e85c0ec86 100644 --- a/certbot-dns-nsone/setup.py +++ b/certbot-dns-nsone/setup.py @@ -2,13 +2,13 @@ from setuptools import setup from setuptools import find_packages -version = '0.39.0.dev0' +version = '0.39.0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. install_requires = [ 'acme>=0.31.0', - 'certbot>=0.39.0.dev0', + 'certbot>=0.39.0', 'dns-lexicon>=2.2.1', # Support for >1 TXT record per name 'mock', 'setuptools', diff --git a/certbot-dns-ovh/local-oldest-requirements.txt b/certbot-dns-ovh/local-oldest-requirements.txt index ed5aa6c87..1116b6dfc 100644 --- a/certbot-dns-ovh/local-oldest-requirements.txt +++ b/certbot-dns-ovh/local-oldest-requirements.txt @@ -1,4 +1,4 @@ # Remember to update setup.py to match the package versions below. acme[dev]==0.31.0 --e .[dev] +certbot[dev]==0.39.0 dns-lexicon==2.7.14 diff --git a/certbot-dns-ovh/setup.py b/certbot-dns-ovh/setup.py index d6e74350d..fb5df9363 100644 --- a/certbot-dns-ovh/setup.py +++ b/certbot-dns-ovh/setup.py @@ -2,13 +2,13 @@ from setuptools import setup from setuptools import find_packages -version = '0.39.0.dev0' +version = '0.39.0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. install_requires = [ 'acme>=0.31.0', - 'certbot>=0.39.0.dev0', + 'certbot>=0.39.0', 'dns-lexicon>=2.7.14', # Correct proxy use on OVH provider 'mock', 'setuptools', diff --git a/certbot-dns-rfc2136/local-oldest-requirements.txt b/certbot-dns-rfc2136/local-oldest-requirements.txt index da509406e..1ee716cd6 100644 --- a/certbot-dns-rfc2136/local-oldest-requirements.txt +++ b/certbot-dns-rfc2136/local-oldest-requirements.txt @@ -1,3 +1,3 @@ # Remember to update setup.py to match the package versions below. acme[dev]==0.29.0 --e .[dev] +certbot[dev]==0.39.0 diff --git a/certbot-dns-rfc2136/setup.py b/certbot-dns-rfc2136/setup.py index 7bdd97c1e..32abe8272 100644 --- a/certbot-dns-rfc2136/setup.py +++ b/certbot-dns-rfc2136/setup.py @@ -2,13 +2,13 @@ from setuptools import setup from setuptools import find_packages -version = '0.39.0.dev0' +version = '0.39.0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. install_requires = [ 'acme>=0.29.0', - 'certbot>=0.39.0.dev0', + 'certbot>=0.39.0', 'dnspython', 'mock', 'setuptools', diff --git a/certbot-dns-route53/local-oldest-requirements.txt b/certbot-dns-route53/local-oldest-requirements.txt index da509406e..1ee716cd6 100644 --- a/certbot-dns-route53/local-oldest-requirements.txt +++ b/certbot-dns-route53/local-oldest-requirements.txt @@ -1,3 +1,3 @@ # Remember to update setup.py to match the package versions below. acme[dev]==0.29.0 --e .[dev] +certbot[dev]==0.39.0 diff --git a/certbot-dns-route53/setup.py b/certbot-dns-route53/setup.py index 8c63ac1ff..ba54de99d 100644 --- a/certbot-dns-route53/setup.py +++ b/certbot-dns-route53/setup.py @@ -1,13 +1,13 @@ from setuptools import setup from setuptools import find_packages -version = '0.39.0.dev0' +version = '0.39.0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. install_requires = [ 'acme>=0.29.0', - 'certbot>=0.39.0.dev0', + 'certbot>=0.39.0', 'boto3', 'mock', 'setuptools', diff --git a/certbot-dns-sakuracloud/local-oldest-requirements.txt b/certbot-dns-sakuracloud/local-oldest-requirements.txt index 2b3ba9f32..aefe03f90 100644 --- a/certbot-dns-sakuracloud/local-oldest-requirements.txt +++ b/certbot-dns-sakuracloud/local-oldest-requirements.txt @@ -1,3 +1,3 @@ # Remember to update setup.py to match the package versions below. acme[dev]==0.31.0 --e .[dev] +certbot[dev]==0.39.0 diff --git a/certbot-dns-sakuracloud/setup.py b/certbot-dns-sakuracloud/setup.py index 675805c2c..18915f5d6 100644 --- a/certbot-dns-sakuracloud/setup.py +++ b/certbot-dns-sakuracloud/setup.py @@ -2,12 +2,12 @@ from setuptools import setup from setuptools import find_packages -version = '0.39.0.dev0' +version = '0.39.0' # Please update tox.ini when modifying dependency version requirements install_requires = [ 'acme>=0.31.0', - 'certbot>=0.39.0.dev0', + 'certbot>=0.39.0', 'dns-lexicon>=2.1.23', 'mock', 'setuptools', diff --git a/certbot-nginx/setup.py b/certbot-nginx/setup.py index 3a28a6c50..9c69a53e4 100644 --- a/certbot-nginx/setup.py +++ b/certbot-nginx/setup.py @@ -4,7 +4,7 @@ from setuptools.command.test import test as TestCommand import sys -version = '0.39.0.dev0' +version = '0.39.0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. diff --git a/certbot/__init__.py b/certbot/__init__.py index 2021c56cc..a46a61a31 100644 --- a/certbot/__init__.py +++ b/certbot/__init__.py @@ -1,4 +1,4 @@ """Certbot client.""" # version number like 1.2.3a0, must have at least 2 parts, like 1.2 -__version__ = '0.39.0.dev0' +__version__ = '0.39.0' diff --git a/docs/cli-help.txt b/docs/cli-help.txt index 1ec584e6b..134a6879a 100644 --- a/docs/cli-help.txt +++ b/docs/cli-help.txt @@ -113,7 +113,7 @@ optional arguments: case, and to know when to deprecate support for past Python versions and flags. If you wish to hide this information from the Let's Encrypt server, set this to - "". (default: CertbotACMEClient/0.38.0 + "". (default: CertbotACMEClient/0.39.0 (certbot(-auto); OS_NAME OS_VERSION) Authenticator/XXX Installer/YYY (SUBCOMMAND; flags: FLAGS) Py/major.minor.patchlevel). The flags encoded in the diff --git a/letsencrypt-auto b/letsencrypt-auto index 122654d35..68ced3260 100755 --- a/letsencrypt-auto +++ b/letsencrypt-auto @@ -31,7 +31,7 @@ if [ -z "$VENV_PATH" ]; then fi VENV_BIN="$VENV_PATH/bin" BOOTSTRAP_VERSION_PATH="$VENV_PATH/certbot-auto-bootstrap-version.txt" -LE_AUTO_VERSION="0.38.0" +LE_AUTO_VERSION="0.39.0" BASENAME=$(basename $0) USAGE="Usage: $BASENAME [OPTIONS] A self-updating wrapper script for the Certbot ACME client. When run, updates @@ -775,6 +775,8 @@ elif [ -f /etc/redhat-release ]; then RPM_USE_PYTHON_3=1 elif [ "$RPM_DIST_NAME" = "rhel" -a "$RPM_DIST_VERSION" -ge 8 ]; then RPM_USE_PYTHON_3=1 + elif [ "$RPM_DIST_NAME" = "centos" -a "$RPM_DIST_VERSION" -ge 8 ]; then + RPM_USE_PYTHON_3=1 else RPM_USE_PYTHON_3=0 fi @@ -1336,18 +1338,18 @@ letsencrypt==0.7.0 \ --hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \ --hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9 -certbot==0.38.0 \ - --hash=sha256:618abf3ae17c2fc3cb99baa4bf000dd5e2d7875b7811f5ef1edf6ebd7a33945f \ - --hash=sha256:c27712101794e3adf54f3a3067c63be5caa507a930a79865bc654b6864121c6b -acme==0.38.0 \ - --hash=sha256:6231571b4a94d6d621b28bef6f6d4846b3c2ebca840f9718d3212036c3bd2af8 \ - --hash=sha256:1c1e9c0826a8f72d670b0ca28b7e6392ce4781eb33222f35133705b6551885d8 -certbot-apache==0.38.0 \ - --hash=sha256:0b5a2c2bcc430470b5131941ebdfde0a13e28dec38918c1a4ebea5dd35ad38bc \ - --hash=sha256:2d335543e0ae9292303238736907ce6b321ac49eb49fe4e0b775abdc0ba57c62 -certbot-nginx==0.38.0 \ - --hash=sha256:af82944e171d2e93c81438b185f8051e742c6f47f7382cb1a647b1c7ca2b53f2 \ - --hash=sha256:cecd1fa3de6e19980fdb9c3b3269b15b7da71b5748ee7ae5caddcc18dbb208ac +certbot==0.39.0 \ + --hash=sha256:f1a70651a6c5137a448f4a8db17b09af619f80a077326caae6b74278bf1db488 \ + --hash=sha256:885cee1c4d05888af86b626cbbfc29d3c6c842ef4fe8f4a486994cef9daddfe0 +acme==0.39.0 \ + --hash=sha256:4f8be913df289b981852042719469cc367a7e436256f232c799d0bd1521db710 \ + --hash=sha256:a2fcb75d16de6804f4b4d773a457ee2f6434ebaf8fd1aa60862a91d4e8f73608 +certbot-apache==0.39.0 \ + --hash=sha256:c7a8630a85b753a52ca0b8c19e24b8f85ac4ba028292a95745e250c2e72faab9 \ + --hash=sha256:4651a0212c9ebc3087281dad92ad3cb355bb2730f432d0180a8d23325d11825a +certbot-nginx==0.39.0 \ + --hash=sha256:76e5862ad5cc0fbc099df3502987c101c60dee1c188a579eac990edee7a910df \ + --hash=sha256:ceac88df52d3b27d14c3052b9e90ada327d7e14ecd6e4af7519918182d6138b4 UNLIKELY_EOF # ------------------------------------------------------------------------- diff --git a/letsencrypt-auto-source/certbot-auto.asc b/letsencrypt-auto-source/certbot-auto.asc index 181452990..f25f27cdf 100644 --- a/letsencrypt-auto-source/certbot-auto.asc +++ b/letsencrypt-auto-source/certbot-auto.asc @@ -1,11 +1,11 @@ -----BEGIN PGP SIGNATURE----- -iQEzBAABCAAdFiEEos+1H6J1pyhiNOeyTRfJlc2XdfIFAl1uw5wACgkQTRfJlc2X -dfLRQggAium36If8RkfNxvNnKCpBteWx+wbPHhldn5gadRofFTyKXPaYpgtQ5e0P -2BIOZTwpXLBR3uAS3Rxfw4ZdoMYyuhD0Cz6SjBFHYA8ChjtCBKdeToA4e2QEV9Vi -42hBcacL7k3HhWQh+LZfu4D6pfr0ZZbZmkPWBjliEyN+g5Alfms3vzZ2aywcqoSv -iXWVwBfTk3NzVktsJVDIq2uZ1CItmYr3SyF/KRDNXTt/TL7689UF7xD7vm0RmlCZ -e6A5Si1q7RdS+OvPjyD4oKnJgJowWpFqIajOpgLVS4Z2pY3dEhe7eY7KVK5tDKhq -fTC7Elp3OKjzTXv98cEMhG6Oo67jKw== -=bbfh +iQEzBAABCAAdFiEEos+1H6J1pyhiNOeyTRfJlc2XdfIFAl2TsPMACgkQTRfJlc2X +dfJHUAf+NcnvHzowhLr1rkR11CSKMCMgwUee7Nm0QHnVPf09+Dd9mvuaRptuua1D +Qvtcb3F4OQ6/3khy3fzGXIcEe9kuI2+boe+ZA0dfmmzo4ELzpWUadXkuonYybZFE +JAaICgLLHOkiRL8J8ZTmXZI4tbFSsxTLMNOwoMZ6oGgp2plj2rm85L4Z+vUlfaTf +wcs/glbBtbYfW3WWapMsMWwgrE62Q/OOhBjbkPCywFRQDwwaXz6QPrvi+k6gLCqs +Okvg5bY2hP70tU1i9wxp2DAfF/P/5i2hVSWktRdMolUTTTeczLW81allmmDRJcAi +4xrj6wYhN7olMZrTpakXb7zRR9/MGQ== +=Ag2y -----END PGP SIGNATURE----- diff --git a/letsencrypt-auto-source/letsencrypt-auto b/letsencrypt-auto-source/letsencrypt-auto index 457701743..68ced3260 100755 --- a/letsencrypt-auto-source/letsencrypt-auto +++ b/letsencrypt-auto-source/letsencrypt-auto @@ -31,7 +31,7 @@ if [ -z "$VENV_PATH" ]; then fi VENV_BIN="$VENV_PATH/bin" BOOTSTRAP_VERSION_PATH="$VENV_PATH/certbot-auto-bootstrap-version.txt" -LE_AUTO_VERSION="0.39.0.dev0" +LE_AUTO_VERSION="0.39.0" BASENAME=$(basename $0) USAGE="Usage: $BASENAME [OPTIONS] A self-updating wrapper script for the Certbot ACME client. When run, updates @@ -1338,18 +1338,18 @@ letsencrypt==0.7.0 \ --hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \ --hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9 -certbot==0.38.0 \ - --hash=sha256:618abf3ae17c2fc3cb99baa4bf000dd5e2d7875b7811f5ef1edf6ebd7a33945f \ - --hash=sha256:c27712101794e3adf54f3a3067c63be5caa507a930a79865bc654b6864121c6b -acme==0.38.0 \ - --hash=sha256:6231571b4a94d6d621b28bef6f6d4846b3c2ebca840f9718d3212036c3bd2af8 \ - --hash=sha256:1c1e9c0826a8f72d670b0ca28b7e6392ce4781eb33222f35133705b6551885d8 -certbot-apache==0.38.0 \ - --hash=sha256:0b5a2c2bcc430470b5131941ebdfde0a13e28dec38918c1a4ebea5dd35ad38bc \ - --hash=sha256:2d335543e0ae9292303238736907ce6b321ac49eb49fe4e0b775abdc0ba57c62 -certbot-nginx==0.38.0 \ - --hash=sha256:af82944e171d2e93c81438b185f8051e742c6f47f7382cb1a647b1c7ca2b53f2 \ - --hash=sha256:cecd1fa3de6e19980fdb9c3b3269b15b7da71b5748ee7ae5caddcc18dbb208ac +certbot==0.39.0 \ + --hash=sha256:f1a70651a6c5137a448f4a8db17b09af619f80a077326caae6b74278bf1db488 \ + --hash=sha256:885cee1c4d05888af86b626cbbfc29d3c6c842ef4fe8f4a486994cef9daddfe0 +acme==0.39.0 \ + --hash=sha256:4f8be913df289b981852042719469cc367a7e436256f232c799d0bd1521db710 \ + --hash=sha256:a2fcb75d16de6804f4b4d773a457ee2f6434ebaf8fd1aa60862a91d4e8f73608 +certbot-apache==0.39.0 \ + --hash=sha256:c7a8630a85b753a52ca0b8c19e24b8f85ac4ba028292a95745e250c2e72faab9 \ + --hash=sha256:4651a0212c9ebc3087281dad92ad3cb355bb2730f432d0180a8d23325d11825a +certbot-nginx==0.39.0 \ + --hash=sha256:76e5862ad5cc0fbc099df3502987c101c60dee1c188a579eac990edee7a910df \ + --hash=sha256:ceac88df52d3b27d14c3052b9e90ada327d7e14ecd6e4af7519918182d6138b4 UNLIKELY_EOF # ------------------------------------------------------------------------- diff --git a/letsencrypt-auto-source/letsencrypt-auto.sig b/letsencrypt-auto-source/letsencrypt-auto.sig index 7ea17447500ca5f76387da955717a6eac95011a9..d9147680bda829bf3bfe5df7819203223fc29a2f 100644 GIT binary patch literal 256 zcmV+b0ssDbvke2Hv_4p7Rv*<7hD)DGDcz)EpVK#jss+g5W=jbk+8*nmv6zrUlGxnc zELwvGDG8vlCx0YD6Mm7;0P5dTZcqit@@DoZQ7r=;z;jpmB?{QemR5hM|3NFu>$~+* zp)cV8X<}Pq5DqG=<)fpF$gGqI%C4?e5!^E9h zRdGm4p4LS-G!FIFTPH9yh%}5?AnQjYcT6&`@ZxKN0O6+~afiED!K3Cb0+;N-)%_TA zry10_DB?r-M7{kT9f8KUv>S^e9CDs;s6jUuI8Gn?#1+z1^!+l>D?++uX8j}8?C5y_ GjV|?5gLWm~C`jG6);NN6jdhtK>W((ofP0#BQ$bw4m z%Ad_NQr(^bKv^^TJAHKmctg}cn_g}omZ(-ivU diff --git a/letsencrypt-auto-source/pieces/certbot-requirements.txt b/letsencrypt-auto-source/pieces/certbot-requirements.txt index 791a8bd86..7d1c09069 100644 --- a/letsencrypt-auto-source/pieces/certbot-requirements.txt +++ b/letsencrypt-auto-source/pieces/certbot-requirements.txt @@ -1,12 +1,12 @@ -certbot==0.38.0 \ - --hash=sha256:618abf3ae17c2fc3cb99baa4bf000dd5e2d7875b7811f5ef1edf6ebd7a33945f \ - --hash=sha256:c27712101794e3adf54f3a3067c63be5caa507a930a79865bc654b6864121c6b -acme==0.38.0 \ - --hash=sha256:6231571b4a94d6d621b28bef6f6d4846b3c2ebca840f9718d3212036c3bd2af8 \ - --hash=sha256:1c1e9c0826a8f72d670b0ca28b7e6392ce4781eb33222f35133705b6551885d8 -certbot-apache==0.38.0 \ - --hash=sha256:0b5a2c2bcc430470b5131941ebdfde0a13e28dec38918c1a4ebea5dd35ad38bc \ - --hash=sha256:2d335543e0ae9292303238736907ce6b321ac49eb49fe4e0b775abdc0ba57c62 -certbot-nginx==0.38.0 \ - --hash=sha256:af82944e171d2e93c81438b185f8051e742c6f47f7382cb1a647b1c7ca2b53f2 \ - --hash=sha256:cecd1fa3de6e19980fdb9c3b3269b15b7da71b5748ee7ae5caddcc18dbb208ac +certbot==0.39.0 \ + --hash=sha256:f1a70651a6c5137a448f4a8db17b09af619f80a077326caae6b74278bf1db488 \ + --hash=sha256:885cee1c4d05888af86b626cbbfc29d3c6c842ef4fe8f4a486994cef9daddfe0 +acme==0.39.0 \ + --hash=sha256:4f8be913df289b981852042719469cc367a7e436256f232c799d0bd1521db710 \ + --hash=sha256:a2fcb75d16de6804f4b4d773a457ee2f6434ebaf8fd1aa60862a91d4e8f73608 +certbot-apache==0.39.0 \ + --hash=sha256:c7a8630a85b753a52ca0b8c19e24b8f85ac4ba028292a95745e250c2e72faab9 \ + --hash=sha256:4651a0212c9ebc3087281dad92ad3cb355bb2730f432d0180a8d23325d11825a +certbot-nginx==0.39.0 \ + --hash=sha256:76e5862ad5cc0fbc099df3502987c101c60dee1c188a579eac990edee7a910df \ + --hash=sha256:ceac88df52d3b27d14c3052b9e90ada327d7e14ecd6e4af7519918182d6138b4 From 4599aff07f184d2932de5926291be0a46770c41e Mon Sep 17 00:00:00 2001 From: Erica Portnoy Date: Tue, 1 Oct 2019 13:04:10 -0700 Subject: [PATCH 09/17] Add contents to CHANGELOG.md for next version --- CHANGELOG.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d2a3ea867..de44cc583 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,22 @@ Certbot adheres to [Semantic Versioning](https://semver.org/). +## 0.40.0 - master + +### Added + +* + +### Changed + +* + +### Fixed + +* + +More details about these changes can be found on our GitHub repo. + ## 0.39.0 - 2019-10-01 ### Added From 6e38ad9cce810fd2371b871a18aa40bcf17ddbc8 Mon Sep 17 00:00:00 2001 From: Erica Portnoy Date: Tue, 1 Oct 2019 13:04:10 -0700 Subject: [PATCH 10/17] Bump version to 0.40.0 --- acme/setup.py | 2 +- certbot-apache/setup.py | 2 +- certbot-compatibility-test/setup.py | 2 +- certbot-dns-cloudflare/setup.py | 2 +- certbot-dns-cloudxns/setup.py | 2 +- certbot-dns-digitalocean/setup.py | 2 +- certbot-dns-dnsimple/setup.py | 2 +- certbot-dns-dnsmadeeasy/setup.py | 2 +- certbot-dns-gehirn/setup.py | 2 +- certbot-dns-google/setup.py | 2 +- certbot-dns-linode/setup.py | 2 +- certbot-dns-luadns/setup.py | 2 +- certbot-dns-nsone/setup.py | 2 +- certbot-dns-ovh/setup.py | 2 +- certbot-dns-rfc2136/setup.py | 2 +- certbot-dns-route53/setup.py | 2 +- certbot-dns-sakuracloud/setup.py | 2 +- certbot-nginx/setup.py | 2 +- certbot/__init__.py | 2 +- letsencrypt-auto-source/letsencrypt-auto | 2 +- 20 files changed, 20 insertions(+), 20 deletions(-) diff --git a/acme/setup.py b/acme/setup.py index 2c90264bd..f9306e350 100644 --- a/acme/setup.py +++ b/acme/setup.py @@ -3,7 +3,7 @@ from setuptools import find_packages from setuptools.command.test import test as TestCommand import sys -version = '0.39.0' +version = '0.40.0.dev0' # Please update tox.ini when modifying dependency version requirements install_requires = [ diff --git a/certbot-apache/setup.py b/certbot-apache/setup.py index 0e14a8dfa..ad7b99862 100644 --- a/certbot-apache/setup.py +++ b/certbot-apache/setup.py @@ -4,7 +4,7 @@ from setuptools.command.test import test as TestCommand import sys -version = '0.39.0' +version = '0.40.0.dev0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. diff --git a/certbot-compatibility-test/setup.py b/certbot-compatibility-test/setup.py index a720c65a9..1d648db17 100644 --- a/certbot-compatibility-test/setup.py +++ b/certbot-compatibility-test/setup.py @@ -4,7 +4,7 @@ from setuptools import setup from setuptools import find_packages -version = '0.39.0' +version = '0.40.0.dev0' install_requires = [ 'certbot', diff --git a/certbot-dns-cloudflare/setup.py b/certbot-dns-cloudflare/setup.py index 51b930285..5ad8f1568 100644 --- a/certbot-dns-cloudflare/setup.py +++ b/certbot-dns-cloudflare/setup.py @@ -2,7 +2,7 @@ from setuptools import setup from setuptools import find_packages -version = '0.39.0' +version = '0.40.0.dev0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. diff --git a/certbot-dns-cloudxns/setup.py b/certbot-dns-cloudxns/setup.py index 01f4111eb..0dd5bc397 100644 --- a/certbot-dns-cloudxns/setup.py +++ b/certbot-dns-cloudxns/setup.py @@ -2,7 +2,7 @@ from setuptools import setup from setuptools import find_packages -version = '0.39.0' +version = '0.40.0.dev0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. diff --git a/certbot-dns-digitalocean/setup.py b/certbot-dns-digitalocean/setup.py index 53cc62101..2d3139a2f 100644 --- a/certbot-dns-digitalocean/setup.py +++ b/certbot-dns-digitalocean/setup.py @@ -2,7 +2,7 @@ from setuptools import setup from setuptools import find_packages -version = '0.39.0' +version = '0.40.0.dev0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. diff --git a/certbot-dns-dnsimple/setup.py b/certbot-dns-dnsimple/setup.py index 15cf5d17e..6925946ec 100644 --- a/certbot-dns-dnsimple/setup.py +++ b/certbot-dns-dnsimple/setup.py @@ -3,7 +3,7 @@ from setuptools import setup from setuptools import find_packages -version = '0.39.0' +version = '0.40.0.dev0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. diff --git a/certbot-dns-dnsmadeeasy/setup.py b/certbot-dns-dnsmadeeasy/setup.py index 8c4f8025d..d31e52686 100644 --- a/certbot-dns-dnsmadeeasy/setup.py +++ b/certbot-dns-dnsmadeeasy/setup.py @@ -2,7 +2,7 @@ from setuptools import setup from setuptools import find_packages -version = '0.39.0' +version = '0.40.0.dev0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. diff --git a/certbot-dns-gehirn/setup.py b/certbot-dns-gehirn/setup.py index 4b9552b1b..f6b944625 100644 --- a/certbot-dns-gehirn/setup.py +++ b/certbot-dns-gehirn/setup.py @@ -2,7 +2,7 @@ from setuptools import setup from setuptools import find_packages -version = '0.39.0' +version = '0.40.0.dev0' # Please update tox.ini when modifying dependency version requirements install_requires = [ diff --git a/certbot-dns-google/setup.py b/certbot-dns-google/setup.py index 43e63a609..9fd159c41 100644 --- a/certbot-dns-google/setup.py +++ b/certbot-dns-google/setup.py @@ -2,7 +2,7 @@ from setuptools import setup from setuptools import find_packages -version = '0.39.0' +version = '0.40.0.dev0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. diff --git a/certbot-dns-linode/setup.py b/certbot-dns-linode/setup.py index 67994526d..ce4647514 100644 --- a/certbot-dns-linode/setup.py +++ b/certbot-dns-linode/setup.py @@ -1,7 +1,7 @@ from setuptools import setup from setuptools import find_packages -version = '0.39.0' +version = '0.40.0.dev0' # Please update tox.ini when modifying dependency version requirements install_requires = [ diff --git a/certbot-dns-luadns/setup.py b/certbot-dns-luadns/setup.py index d95ea8908..f260c68db 100644 --- a/certbot-dns-luadns/setup.py +++ b/certbot-dns-luadns/setup.py @@ -2,7 +2,7 @@ from setuptools import setup from setuptools import find_packages -version = '0.39.0' +version = '0.40.0.dev0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. diff --git a/certbot-dns-nsone/setup.py b/certbot-dns-nsone/setup.py index e85c0ec86..c6a5ca443 100644 --- a/certbot-dns-nsone/setup.py +++ b/certbot-dns-nsone/setup.py @@ -2,7 +2,7 @@ from setuptools import setup from setuptools import find_packages -version = '0.39.0' +version = '0.40.0.dev0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. diff --git a/certbot-dns-ovh/setup.py b/certbot-dns-ovh/setup.py index fb5df9363..48b8cee4e 100644 --- a/certbot-dns-ovh/setup.py +++ b/certbot-dns-ovh/setup.py @@ -2,7 +2,7 @@ from setuptools import setup from setuptools import find_packages -version = '0.39.0' +version = '0.40.0.dev0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. diff --git a/certbot-dns-rfc2136/setup.py b/certbot-dns-rfc2136/setup.py index 32abe8272..6fc69ebc0 100644 --- a/certbot-dns-rfc2136/setup.py +++ b/certbot-dns-rfc2136/setup.py @@ -2,7 +2,7 @@ from setuptools import setup from setuptools import find_packages -version = '0.39.0' +version = '0.40.0.dev0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. diff --git a/certbot-dns-route53/setup.py b/certbot-dns-route53/setup.py index ba54de99d..857e07965 100644 --- a/certbot-dns-route53/setup.py +++ b/certbot-dns-route53/setup.py @@ -1,7 +1,7 @@ from setuptools import setup from setuptools import find_packages -version = '0.39.0' +version = '0.40.0.dev0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. diff --git a/certbot-dns-sakuracloud/setup.py b/certbot-dns-sakuracloud/setup.py index 18915f5d6..c153c681f 100644 --- a/certbot-dns-sakuracloud/setup.py +++ b/certbot-dns-sakuracloud/setup.py @@ -2,7 +2,7 @@ from setuptools import setup from setuptools import find_packages -version = '0.39.0' +version = '0.40.0.dev0' # Please update tox.ini when modifying dependency version requirements install_requires = [ diff --git a/certbot-nginx/setup.py b/certbot-nginx/setup.py index 9c69a53e4..8fe300193 100644 --- a/certbot-nginx/setup.py +++ b/certbot-nginx/setup.py @@ -4,7 +4,7 @@ from setuptools.command.test import test as TestCommand import sys -version = '0.39.0' +version = '0.40.0.dev0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. diff --git a/certbot/__init__.py b/certbot/__init__.py index a46a61a31..27b8684e1 100644 --- a/certbot/__init__.py +++ b/certbot/__init__.py @@ -1,4 +1,4 @@ """Certbot client.""" # version number like 1.2.3a0, must have at least 2 parts, like 1.2 -__version__ = '0.39.0' +__version__ = '0.40.0.dev0' diff --git a/letsencrypt-auto-source/letsencrypt-auto b/letsencrypt-auto-source/letsencrypt-auto index 68ced3260..ff1fbe8c3 100755 --- a/letsencrypt-auto-source/letsencrypt-auto +++ b/letsencrypt-auto-source/letsencrypt-auto @@ -31,7 +31,7 @@ if [ -z "$VENV_PATH" ]; then fi VENV_BIN="$VENV_PATH/bin" BOOTSTRAP_VERSION_PATH="$VENV_PATH/certbot-auto-bootstrap-version.txt" -LE_AUTO_VERSION="0.39.0" +LE_AUTO_VERSION="0.40.0.dev0" BASENAME=$(basename $0) USAGE="Usage: $BASENAME [OPTIONS] A self-updating wrapper script for the Certbot ACME client. When run, updates From 3608abb01a535c35740d82ce37b9ebdef3076886 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Wed, 2 Oct 2019 14:44:25 -0700 Subject: [PATCH 11/17] Remove unnecessary account ID match check. (#7416) * Remove unnecessary account ID match check. Right now the Account object calculates an ID using md5. This is unnecessary and causes problems on FIPS systems that forbid md5. It's just as good to pick a random series of bytes for the ID, since the ID gets read out of renewal/foo.conf. However, if we switched the algorithm right now, we could wind up breaking forward compatibility / downgradeability, since older versions would run into this check. Removing this check now lays the ground to change the ID-calculation algorithm in the future. Related to #1948 and https://github.com/certbot/certbot/pull/1013#issuecomment-149983479. * Remove test. * Remove unused import. --- certbot/account.py | 7 +------ certbot/tests/account_test.py | 8 -------- 2 files changed, 1 insertion(+), 14 deletions(-) diff --git a/certbot/account.py b/certbot/account.py index 7a1e2de7a..992d63d38 100644 --- a/certbot/account.py +++ b/certbot/account.py @@ -231,12 +231,7 @@ class AccountFileStorage(interfaces.AccountStorage): except IOError as error: raise errors.AccountStorageError(error) - acc = Account(regr, key, meta) - if acc.id != account_id: - raise errors.AccountStorageError( - "Account ids mismatch (expected: {0}, found: {1}".format( - account_id, acc.id)) - return acc + return Account(regr, key, meta) def load(self, account_id): return self._load_for_server_path(account_id, self.config.server_path) diff --git a/certbot/tests/account_test.py b/certbot/tests/account_test.py index c14500798..cad103052 100644 --- a/certbot/tests/account_test.py +++ b/certbot/tests/account_test.py @@ -1,7 +1,6 @@ """Tests for certbot.account.""" import datetime import json -import shutil import unittest import josepy as jose @@ -170,13 +169,6 @@ class AccountFileStorageTest(test_util.ConfigTestCase): def test_load_non_existent_raises_error(self): self.assertRaises(errors.AccountNotFound, self.storage.load, "missing") - def test_load_id_mismatch_raises_error(self): - self.storage.save(self.acc, self.mock_client) - shutil.move(os.path.join(self.config.accounts_dir, self.acc.id), - os.path.join(self.config.accounts_dir, "x" + self.acc.id)) - self.assertRaises(errors.AccountStorageError, self.storage.load, - "x" + self.acc.id) - def _set_server(self, server): self.config.server = server from certbot.account import AccountFileStorage From 0cfedbc5f5443e94c6e802d1f8fb46cbc44b776c Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Thu, 3 Oct 2019 15:08:24 -0700 Subject: [PATCH 12/17] Add test farm tests for Debian 10 (#7421) Fixes #7225. I got the AMI ID from https://wiki.debian.org/Cloud/AmazonEC2Image/Buster. You can see all test farm tests including test_tests.sh passing with these changes at https://travis-ci.com/certbot/certbot/builds/130318446. --- tests/letstest/apache2_targets.yaml | 5 +++++ tests/letstest/targets.yaml | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/tests/letstest/apache2_targets.yaml b/tests/letstest/apache2_targets.yaml index 490f0eca9..1450a8578 100644 --- a/tests/letstest/apache2_targets.yaml +++ b/tests/letstest/apache2_targets.yaml @@ -18,6 +18,11 @@ targets: user: ubuntu #----------------------------------------------------------------------------- # Debian + - ami: ami-01db78123b2b99496 + name: debian10 + type: ubuntu + virt: hvm + user: admin - ami: ami-003f19e0e687de1cd name: debian9 type: ubuntu diff --git a/tests/letstest/targets.yaml b/tests/letstest/targets.yaml index 8821cbf3b..188be8e24 100644 --- a/tests/letstest/targets.yaml +++ b/tests/letstest/targets.yaml @@ -18,6 +18,11 @@ targets: user: ubuntu #----------------------------------------------------------------------------- # Debian + - ami: ami-01db78123b2b99496 + name: debian10 + type: ubuntu + virt: hvm + user: admin - ami: ami-003f19e0e687de1cd name: debian9 type: ubuntu From 9da07590bd189fa29fa817f48cdeb2216cf08f52 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andrzej=20G=C3=B3rski?= Date: Tue, 8 Oct 2019 21:24:55 +0200 Subject: [PATCH 13/17] Remove --fast from the test farm tests (#7427) --- AUTHORS.md | 1 + CHANGELOG.md | 2 +- tests/letstest/multitester.py | 7 ++----- tox.ini | 8 ++++---- 4 files changed, 8 insertions(+), 10 deletions(-) diff --git a/AUTHORS.md b/AUTHORS.md index 182081e94..8468cbc56 100644 --- a/AUTHORS.md +++ b/AUTHORS.md @@ -18,6 +18,7 @@ Authors * [Alex Zorin](https://github.com/alexzorin) * [Amjad Mashaal](https://github.com/TheNavigat) * [Andrew Murray](https://github.com/radarhere) +* [Andrzej Górski](https://github.com/andrzej3393) * [Anselm Levskaya](https://github.com/levskaya) * [Antoine Jacoutot](https://github.com/ajacoutot) * [asaph](https://github.com/asaph) diff --git a/CHANGELOG.md b/CHANGELOG.md index de44cc583..102eaf4bb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,7 +10,7 @@ Certbot adheres to [Semantic Versioning](https://semver.org/). ### Changed -* +* Removed `--fast` flag from the test farm tests ### Fixed diff --git a/tests/letstest/multitester.py b/tests/letstest/multitester.py index d63b7ab5a..cfa53df7e 100644 --- a/tests/letstest/multitester.py +++ b/tests/letstest/multitester.py @@ -84,9 +84,6 @@ parser.add_argument('--killboulder', parser.add_argument('--boulderonly', action='store_true', help="only make a boulder server") -parser.add_argument('--fast', - action='store_true', - help="use larger instance types to run faster (saves about a minute, probably not worth it)") cl_args = parser.parse_args() # Credential Variables @@ -310,10 +307,10 @@ def create_client_instance(ec2_client, target, security_group_id, subnet_id): if 'machine_type' in target: machine_type = target['machine_type'] elif target['virt'] == 'hvm': - machine_type = 't2.medium' if cl_args.fast else 't2.micro' + machine_type = 't2.medium' else: # 32 bit systems - machine_type = 'c1.medium' if cl_args.fast else 't1.micro' + machine_type = 'c1.medium' if 'userdata' in target.keys(): userdata = target['userdata'] else: diff --git a/tox.ini b/tox.ini index 763f786fa..04715cc2f 100644 --- a/tox.ini +++ b/tox.ini @@ -274,7 +274,7 @@ setenv = AWS_DEFAULT_REGION=us-east-1 changedir = {[testenv:travis-test-farm-tests-base]changedir} commands = {[testenv:travis-test-farm-tests-base]commands} - python multitester.py apache2_targets.yaml travis-test-farm.pem SET_BY_ENV scripts/test_apache2.sh --repo {env:TRAVIS_BUILD_DIR} --branch {env:TRAVIS_BRANCH} --fast + python multitester.py apache2_targets.yaml travis-test-farm.pem SET_BY_ENV scripts/test_apache2.sh --repo {env:TRAVIS_BUILD_DIR} --branch {env:TRAVIS_BRANCH} deps = {[testenv:travis-test-farm-tests-base]deps} passenv = {[testenv:travis-test-farm-tests-base]passenv} setenv = {[testenv:travis-test-farm-tests-base]setenv} @@ -283,7 +283,7 @@ setenv = {[testenv:travis-test-farm-tests-base]setenv} changedir = {[testenv:travis-test-farm-tests-base]changedir} commands = {[testenv:travis-test-farm-tests-base]commands} - python multitester.py targets.yaml travis-test-farm.pem SET_BY_ENV scripts/test_leauto_upgrades.sh --repo {env:TRAVIS_BUILD_DIR} --branch {env:TRAVIS_BRANCH} --fast + python multitester.py targets.yaml travis-test-farm.pem SET_BY_ENV scripts/test_leauto_upgrades.sh --repo {env:TRAVIS_BUILD_DIR} --branch {env:TRAVIS_BRANCH} deps = {[testenv:travis-test-farm-tests-base]deps} passenv = {[testenv:travis-test-farm-tests-base]passenv} setenv = {[testenv:travis-test-farm-tests-base]setenv} @@ -292,7 +292,7 @@ setenv = {[testenv:travis-test-farm-tests-base]setenv} changedir = {[testenv:travis-test-farm-tests-base]changedir} commands = {[testenv:travis-test-farm-tests-base]commands} - python multitester.py targets.yaml travis-test-farm.pem SET_BY_ENV scripts/test_letsencrypt_auto_certonly_standalone.sh --repo {env:TRAVIS_BUILD_DIR} --branch {env:TRAVIS_BRANCH} --fast + python multitester.py targets.yaml travis-test-farm.pem SET_BY_ENV scripts/test_letsencrypt_auto_certonly_standalone.sh --repo {env:TRAVIS_BUILD_DIR} --branch {env:TRAVIS_BRANCH} deps = {[testenv:travis-test-farm-tests-base]deps} passenv = {[testenv:travis-test-farm-tests-base]passenv} setenv = {[testenv:travis-test-farm-tests-base]setenv} @@ -301,7 +301,7 @@ setenv = {[testenv:travis-test-farm-tests-base]setenv} changedir = {[testenv:travis-test-farm-tests-base]changedir} commands = {[testenv:travis-test-farm-tests-base]commands} - python multitester.py targets.yaml travis-test-farm.pem SET_BY_ENV scripts/test_sdists.sh --repo {env:TRAVIS_BUILD_DIR} --branch {env:TRAVIS_BRANCH} --fast + python multitester.py targets.yaml travis-test-farm.pem SET_BY_ENV scripts/test_sdists.sh --repo {env:TRAVIS_BUILD_DIR} --branch {env:TRAVIS_BRANCH} deps = {[testenv:travis-test-farm-tests-base]deps} passenv = {[testenv:travis-test-farm-tests-base]passenv} setenv = {[testenv:travis-test-farm-tests-base]setenv} From fcc398831b0e88106505a7879cac72afc47d1a93 Mon Sep 17 00:00:00 2001 From: Adrien Ferrand Date: Tue, 8 Oct 2019 23:40:17 +0200 Subject: [PATCH 14/17] Create a new CI for Certbot on Windows using Azure Pipelines (#7377) This PR defines pipelines that can be run on Azure Pipelines. Currently there are two: * `.azure-pipelines/main.yml` is the main one, executed on PRs for master, and pushes to master, * `.azure-pipelines/advanced.yml` add installer testing on top of the main pipeline, and is executed for `test-*` branches, release branches, and nightly run for master. These two pipelines covers all existing stuff done by AppVeyor currently, and so AppVeyor can be decommissioned once Azure Pipelines is operational. You can see working pipeline in my fork: * a PR for `master` (so using main pipeline): https://github.com/adferrand/certbot/pull/65 * a PR for `test-something` (so using advanced pipeline): https://github.com/adferrand/certbot/pull/66 * uploaded coverage from Azure Pipelines: https://codecov.io/gh/adferrand/certbot/commit/499aa2cbf25e1e0ab4c93ab64057db92dfec0fba/build Once this PR is merged, we need to enable Azure Pipelines for Certbot. Instructions are written in `azure-pipelines/INSTALL.md`. This document also references all access rights required to Azure Pipelines onto GitHub to make the CI process work. Future work for future PRs: * create a CD pipeline for the releases that will push the installer to GitHub releases * implement a solution to generate notification on IRC or Mattermost when a nightly build fails * Define pipelines * Update locations * Update nightly * Use x86 * Update nightly.yml for Azure Pipelines * Run script * Use script * Update install * Use local installation * Register warnings * Fix pywin32 loading * Clean context * Enable coverage publication * Consume codecov token * Document installation * Update tool to upload coverage * Prepare pipeline artifacts * Update artifact ignore * Protect against codecov failures * Add a comment about codecov * Add a comment on RW access asked by Azure * Add instructions * Rename pipeline file * Update instructions * Update .azure-pipelines/templates/tests-suite.yml Co-Authored-By: Brad Warren * Update .azure-pipelines/INSTALL.md Co-Authored-By: Brad Warren * Modified scheduled pipeline * Add comment * Remove dynamic version-based installer name --- .azure-pipelines/INSTALL.md | 117 ++++++++++++++++++ .azure-pipelines/advanced.yml | 18 +++ .azure-pipelines/main.yml | 11 ++ .../templates/installer-tests.yml | 31 +++++ .azure-pipelines/templates/tests-suite.yml | 36 ++++++ windows-installer/construct.py | 35 +++++- 6 files changed, 244 insertions(+), 4 deletions(-) create mode 100644 .azure-pipelines/INSTALL.md create mode 100644 .azure-pipelines/advanced.yml create mode 100644 .azure-pipelines/main.yml create mode 100644 .azure-pipelines/templates/installer-tests.yml create mode 100644 .azure-pipelines/templates/tests-suite.yml diff --git a/.azure-pipelines/INSTALL.md b/.azure-pipelines/INSTALL.md new file mode 100644 index 000000000..b5f79e525 --- /dev/null +++ b/.azure-pipelines/INSTALL.md @@ -0,0 +1,117 @@ +# Configuring Azure Pipelines with Certbot + +Let's begin. All pipelines are defined in `.azure-pipelines`. Currently there are two: +* `.azure-pipelines/main.yml` is the main one, executed on PRs for master, and pushes to master, +* `.azure-pipelines/advanced.yml` add installer testing on top of the main pipeline, and is executed for `test-*` branches, release branches, and nightly run for master. + +Several templates are defined in `.azure-pipelines/templates`. These YAML files aggregate common jobs configuration that can be reused in several pipelines. + +Unlike Travis, where CodeCov is working without any action required, CodeCov supports Azure Pipelines +using the coverage-bash utility (not python-coverage for now) only if you provide the Codecov repo token +using the `CODECOV_TOKEN` environment variable. So `CODECOV_TOKEN` needs to be set as a secured +environment variable to allow the main pipeline to publish coverage reports to CodeCov. + +This INSTALL.md file explains how to configure Azure Pipelines with Certbot in order to execute the CI/CD logic defined in `.azure-pipelines` folder with it. +During this installation step, warnings describing user access and legal comitments will be displayed like this: +``` +!!! ACCESS REQUIRED !!! +``` + +This document suppose that the Azure DevOps organization is named _certbot_, and the Azure DevOps project is also _certbot_. + +## Useful links + +* https://docs.microsoft.com/en-us/azure/devops/pipelines/yaml-schema?view=azure-devops&tabs=schema +* https://www.azuredevopslabs.com/labs/azuredevops/github-integration/ +* https://docs.microsoft.com/en-us/azure/devops/pipelines/ecosystems/python?view=azure-devops + +## Prerequisites + +### Having a GitHub account + +Use your GitHub user for a normal GitHub account, or a user that has administrative rights to the GitHub organization if relevant. + +### Having an Azure DevOps account +- Go to https://dev.azure.com/, click "Start free with GitHub" +- Login to GitHub + +``` +!!! ACCESS REQUIRED !!! +Personal user data (email + profile info, in read-only) +``` + +- Microsoft will create a Live account using the email referenced for the GitHub account. This account is also linked to GitHub account (meaning you can log it using GitHub authentication) +- Proceed with account registration (birth date, country), add details about name and email contact + +``` +!!! ACCESS REQUIRED !!! +Microsoft proposes to send commercial links to this mail +Azure DevOps terms of service need to be accepted +``` + +_Logged to Azure DevOps, account is ready._ + +### Installing Azure Pipelines to GitHub + +- On GitHub, go to Marketplace +- Select Azure Pipeline, and "Set up a plan" +- Select Free, then "Install it for free" +- Click "Complete order and begin installation" + +``` +!!! ACCESS !!! +Azure Pipeline needs RW on code, RO on metadata, RW on checks, commit statuses, deployments, issues, pull requests. +RW access here is required to allow update of the pipelines YAML files from Azure DevOps interface, and to +update the status of builds and PRs on GitHub side when Azure Pipelines are triggered. +Note however that no admin access is defined here: this means that Azure Pipelines cannot do anything with +protected branches, like master, and cannot modify the security context around this on GitHub. +Access can be defined for all or only selected repositories, which is nice. +``` + +- Redirected to Azure DevOps, select the account created in _Having an Azure DevOps account_ section. +- Select the organization, and click "Create a new project" (let's name it the same than the targetted github repo) +- The Visibility is public, to profit from 10 parallel jobs + +``` +!!! ACCESS !!! +Azure Pipelines needs access to the GitHub account (in term of beeing able to check it is valid), and the Resources shared between the GitHub account and Azure Pipelines. +``` + +_Done. We can move to pipelines configuration._ + +## Import an existing pipelines from `.azure-pipelines` folder + +- On Azure DevOps, go to your organization (eg. _certbot_) then your project (eg. _certbot_) +- Click "Pipelines" tab +- Click "New pipeline" +- Where is your code?: select "__Use the classic editor__" + +__Warning: Do not choose the GitHub option in Where is your code? section. Indeed, this option will trigger an OAuth +grant permissions from Azure Pipelines to GitHub in order to setup a GitHub OAuth Application. The permissions asked +then are way too large (admin level on almost everything), while the classic approach does not add any more +permissions, and works perfectly well.__ + +- Select GitHub in "Select your repository section", choose certbot/certbot in Repository, master in default branch. +- Click on YAML option for "Select a template" +- Choose a name for the pipeline (eg. test-pipeline), and browse to the actual pipeline YAML definition in the + "YAML file path" input (eg. `.azure-pipelines/test-pipeline.yml`) +- Click "Save & queue", choose the master branch to build the first pipeline, and click "Save and run" button. + +_Done. Pipeline is operational. Repeat to add more pipelines from existing YAML files in `.azure-pipelines`._ + +## Add a secret variable to a pipeline (like `CODECOV_TOKEN`) + +__NB: Following steps suppose that you already setup the YAML pipeline file to +consume the secret variable that these steps will create as an environment variable. +For a variable named `CODECOV_TOKEN` consuming the variable `codecov_token`, +in the YAML file this setup would take the form of the following: +``` +steps: + - script: ./do_something_that_consumes_CODECOV_TOKEN # Eg. `codecov -F windows` + env: + CODECOV_TOKEN: $(codecov_token) +``` + +- On Azure DevOps, go to you organization, project, pipeline tab +- Select the pipeline, click "Edit" button, then click "Variables" button +- Set name (eg `codecov_token`), value, tick "Keep this value secret" diff --git a/.azure-pipelines/advanced.yml b/.azure-pipelines/advanced.yml new file mode 100644 index 000000000..69dbc5a30 --- /dev/null +++ b/.azure-pipelines/advanced.yml @@ -0,0 +1,18 @@ +# Advanced pipeline for isolated checks and release purpose +trigger: + - test-* + - '*.x' +pr: + - test-* + - '*.x' +# This pipeline is also nightly run on master +schedules: + - cron: "4 0 * * *" + displayName: Nightly build + branches: + include: + - master + +jobs: + - template: templates/tests-suite.yml + - template: templates/installer-tests.yml \ No newline at end of file diff --git a/.azure-pipelines/main.yml b/.azure-pipelines/main.yml new file mode 100644 index 000000000..899a373be --- /dev/null +++ b/.azure-pipelines/main.yml @@ -0,0 +1,11 @@ +trigger: + # apache-parser-v2 is a temporary branch for doing work related to + # rewriting the parser in the Apache plugin. + - apache-parser-v2 + - master +pr: + - apache-parser-v2 + - master + +jobs: + - template: templates/tests-suite.yml \ No newline at end of file diff --git a/.azure-pipelines/templates/installer-tests.yml b/.azure-pipelines/templates/installer-tests.yml new file mode 100644 index 000000000..853fda6fe --- /dev/null +++ b/.azure-pipelines/templates/installer-tests.yml @@ -0,0 +1,31 @@ +jobs: + - job: installer + pool: + vmImage: vs2017-win2016 + steps: + - task: UsePythonVersion@0 + inputs: + versionSpec: 3.7 + architecture: x86 + addToPath: true + - script: python windows-installer/construct.py + displayName: Build Certbot installer + - task: CopyFiles@2 + inputs: + sourceFolder: $(System.DefaultWorkingDirectory)/windows-installer/build/nsis + contents: '*.exe' + targetFolder: $(Build.ArtifactStagingDirectory) + - task: PublishPipelineArtifact@1 + inputs: + path: $(Build.ArtifactStagingDirectory) + artifact: WindowsInstaller + - script: $(Build.ArtifactStagingDirectory)\certbot-installer-win32.exe /S + displayName: Install Certbot + - script: | + python -m venv venv + venv\Scripts\python tools\pip_install.py -e certbot-ci + displayName: Prepare Certbot-CI + - script: | + set PATH=%ProgramFiles(x86)%\Certbot\bin;%PATH% + venv\Scripts\python -m pytest certbot-ci\certbot_integration_tests\certbot_tests -n 4 + displayName: Run integration tests \ No newline at end of file diff --git a/.azure-pipelines/templates/tests-suite.yml b/.azure-pipelines/templates/tests-suite.yml new file mode 100644 index 000000000..3fe0abf74 --- /dev/null +++ b/.azure-pipelines/templates/tests-suite.yml @@ -0,0 +1,36 @@ +jobs: + - job: test + pool: + vmImage: vs2017-win2016 + strategy: + matrix: + py35: + PYTHON_VERSION: 3.5 + TOXENV: py35 + py37-cover: + PYTHON_VERSION: 3.7 + TOXENV: py37-cover + integration-certbot: + PYTHON_VERSION: 3.7 + TOXENV: integration-certbot + PYTEST_ADDOPTS: --numprocesses 4 + steps: + - task: UsePythonVersion@0 + inputs: + versionSpec: $(PYTHON_VERSION) + addToPath: true + - script: python tools/pip_install.py -U tox coverage + displayName: Install dependencies + - script: python -m tox + displayName: Run tox + # We do not require codecov report upload to succeed. So to avoid to break the pipeline if + # something goes wrong, each command is suffixed with a command that hides any non zero exit + # codes and echoes an informative message instead. + - bash: | + curl -s https://codecov.io/bash -o codecov-bash || echo "Failed to download codecov-bash" + chmod +x codecov-bash || echo "Failed to apply execute permissions on codecov-bash" + ./codecov-bash -F windows || echo "Codecov did not collect coverage reports" + condition: eq(variables['TOXENV'], 'py37-cover') + env: + CODECOV_TOKEN: $(codecov_token) + displayName: Publish coverage diff --git a/windows-installer/construct.py b/windows-installer/construct.py index 2427c0128..8de9da87c 100644 --- a/windows-installer/construct.py +++ b/windows-installer/construct.py @@ -70,13 +70,39 @@ def _copy_assets(build_path, repo_path): def _generate_pynsist_config(repo_path, build_path): print('Generate pynsist configuration') + pywin32_paths_file = os.path.join(build_path, 'pywin32_paths.py') + + # Pywin32 uses non-standard folders to hold its packages. We need to instruct pynsist bootstrap + # explicitly to add them into sys.path. This is done with a custom "pywin32_paths.py" that is + # referred in the pynsist configuration as an "extra_preamble". + # Reference example: https://github.com/takluyver/pynsist/tree/master/examples/pywebview + with open(pywin32_paths_file, 'w') as file_h: + file_h.write('''\ +pkgdir = os.path.join(os.path.dirname(installdir), 'pkgs') + +sys.path.extend([ + os.path.join(pkgdir, 'win32'), + os.path.join(pkgdir, 'win32', 'lib'), +]) + +# Preload pywintypes and pythoncom +pwt = os.path.join(pkgdir, 'pywin32_system32', 'pywintypes{0}{1}.dll') +pcom = os.path.join(pkgdir, 'pywin32_system32', 'pythoncom{0}{1}.dll') +import warnings +with warnings.catch_warnings(): + warnings.simplefilter("ignore") + import imp +imp.load_dynamic('pywintypes', pwt) +imp.load_dynamic('pythoncom', pcom) +'''.format(PYTHON_VERSION[0], PYTHON_VERSION[1])) + installer_cfg_path = os.path.join(build_path, 'installer.cfg') certbot_version = subprocess.check_output([sys.executable, '-c', 'import certbot; print(certbot.__version__)'], universal_newlines=True, cwd=repo_path).strip() - with open(os.path.join(installer_cfg_path), 'w') as file_h: - file_h.write("""\ + with open(installer_cfg_path, 'w') as file_h: + file_h.write('''\ [Application] name=Certbot version={certbot_version} @@ -87,7 +113,7 @@ target=$INSTDIR\\run.bat [Build] directory=nsis nsi_template=template.nsi -installer_name=certbot-{certbot_version}-installer-{installer_suffix}.exe +installer_name=certbot-installer-{installer_suffix}.exe [Python] version={python_version} @@ -101,7 +127,8 @@ files=run.bat [Command certbot] entry_point=certbot.main:main -""".format(certbot_version=certbot_version, +extra_preamble=pywin32_paths.py +'''.format(certbot_version=certbot_version, installer_suffix='win_amd64' if PYTHON_BITNESS == 64 else 'win32', python_bitness=PYTHON_BITNESS, python_version='.'.join([str(item) for item in PYTHON_VERSION]))) From c1f4b86d34c8637dc2a179aea0300f33a17b4602 Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Tue, 8 Oct 2019 16:12:02 -0700 Subject: [PATCH 15/17] Use shared variable group (#7431) When setting up Azure Pipelines, I didn't like having to define codecov_token for each pipeline. This works around it by using a shared variable group. You can see this working successfully at https://dev.azure.com/certbot/certbot/_build/results?buildId=3. * Use certbot-common. * update instructions --- .azure-pipelines/INSTALL.md | 8 +++++--- .azure-pipelines/templates/tests-suite.yml | 2 ++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.azure-pipelines/INSTALL.md b/.azure-pipelines/INSTALL.md index b5f79e525..9c1e4bff7 100644 --- a/.azure-pipelines/INSTALL.md +++ b/.azure-pipelines/INSTALL.md @@ -112,6 +112,8 @@ steps: CODECOV_TOKEN: $(codecov_token) ``` -- On Azure DevOps, go to you organization, project, pipeline tab -- Select the pipeline, click "Edit" button, then click "Variables" button -- Set name (eg `codecov_token`), value, tick "Keep this value secret" +To set up a variable that is shared between pipelines, follow the instructions +at +https://docs.microsoft.com/en-us/azure/devops/pipelines/library/variable-groups. +When adding variables to a group, don't forget to tick "Keep this value secret" +if it shouldn't be shared publcily. diff --git a/.azure-pipelines/templates/tests-suite.yml b/.azure-pipelines/templates/tests-suite.yml index 3fe0abf74..bb54c8eee 100644 --- a/.azure-pipelines/templates/tests-suite.yml +++ b/.azure-pipelines/templates/tests-suite.yml @@ -14,6 +14,8 @@ jobs: PYTHON_VERSION: 3.7 TOXENV: integration-certbot PYTEST_ADDOPTS: --numprocesses 4 + variables: + - group: certbot-common steps: - task: UsePythonVersion@0 inputs: From f755cfef4885e2175c9c2003c981919bd285c73f Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Tue, 8 Oct 2019 16:16:04 -0700 Subject: [PATCH 16/17] Add final newlines to files. (#7432) More conventional and makes it nicer when doing things like running cat to quickly look at the file like I was doing when I noticed this. --- .azure-pipelines/advanced.yml | 2 +- .azure-pipelines/main.yml | 2 +- .azure-pipelines/templates/installer-tests.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.azure-pipelines/advanced.yml b/.azure-pipelines/advanced.yml index 69dbc5a30..a072a8a85 100644 --- a/.azure-pipelines/advanced.yml +++ b/.azure-pipelines/advanced.yml @@ -15,4 +15,4 @@ schedules: jobs: - template: templates/tests-suite.yml - - template: templates/installer-tests.yml \ No newline at end of file + - template: templates/installer-tests.yml diff --git a/.azure-pipelines/main.yml b/.azure-pipelines/main.yml index 899a373be..be9eaf0b0 100644 --- a/.azure-pipelines/main.yml +++ b/.azure-pipelines/main.yml @@ -8,4 +8,4 @@ pr: - master jobs: - - template: templates/tests-suite.yml \ No newline at end of file + - template: templates/tests-suite.yml diff --git a/.azure-pipelines/templates/installer-tests.yml b/.azure-pipelines/templates/installer-tests.yml index 853fda6fe..f0e151439 100644 --- a/.azure-pipelines/templates/installer-tests.yml +++ b/.azure-pipelines/templates/installer-tests.yml @@ -28,4 +28,4 @@ jobs: - script: | set PATH=%ProgramFiles(x86)%\Certbot\bin;%PATH% venv\Scripts\python -m pytest certbot-ci\certbot_integration_tests\certbot_tests -n 4 - displayName: Run integration tests \ No newline at end of file + displayName: Run integration tests From ec3ec9068c59dcf94ceca3302ad6d08299cf9aba Mon Sep 17 00:00:00 2001 From: Adrien Ferrand Date: Wed, 9 Oct 2019 01:17:08 +0200 Subject: [PATCH 17/17] Upgrade to pywin32>=225 and fix unit tests (#7429) Fixes #7426 --- certbot/compat/filesystem.py | 8 +------- certbot/tests/compat/filesystem_test.py | 10 ++++------ setup.py | 2 +- tools/dev_constraints.txt | 2 +- 4 files changed, 7 insertions(+), 15 deletions(-) diff --git a/certbot/compat/filesystem.py b/certbot/compat/filesystem.py index 6bcc9a693..69a3a63c5 100644 --- a/certbot/compat/filesystem.py +++ b/certbot/compat/filesystem.py @@ -546,13 +546,7 @@ def _generate_windows_flags(rights_desc): if rights_desc['write']: flag = flag | (ntsecuritycon.FILE_ALL_ACCESS ^ ntsecuritycon.FILE_GENERIC_READ - ^ ntsecuritycon.FILE_GENERIC_EXECUTE - # Despite bit `512` being present in ntsecuritycon.FILE_ALL_ACCESS, it is - # not effectively applied to the file or the directory. - # As _generate_windows_flags is also used to compare two dacls, we remove - # it right now to have flags that contain only the bits effectively applied - # by Windows. - ^ 512) + ^ ntsecuritycon.FILE_GENERIC_EXECUTE) if rights_desc['execute']: flag = flag | ntsecuritycon.FILE_GENERIC_EXECUTE diff --git a/certbot/tests/compat/filesystem_test.py b/certbot/tests/compat/filesystem_test.py index ccb93efa8..364993018 100644 --- a/certbot/tests/compat/filesystem_test.py +++ b/certbot/tests/compat/filesystem_test.py @@ -89,8 +89,8 @@ class WindowsChmodTests(TempDirTestCase): self.assertEqual(len(system_aces), 1) self.assertEqual(len(admin_aces), 1) - self.assertEqual(system_aces[0][1], ntsecuritycon.FILE_ALL_ACCESS ^ 512) - self.assertEqual(admin_aces[0][1], ntsecuritycon.FILE_ALL_ACCESS ^ 512) + self.assertEqual(system_aces[0][1], ntsecuritycon.FILE_ALL_ACCESS) + self.assertEqual(admin_aces[0][1], ntsecuritycon.FILE_ALL_ACCESS) def test_read_flag(self): self._test_flag(4, ntsecuritycon.FILE_GENERIC_READ) @@ -101,12 +101,10 @@ class WindowsChmodTests(TempDirTestCase): def test_write_flag(self): self._test_flag(2, (ntsecuritycon.FILE_ALL_ACCESS ^ ntsecuritycon.FILE_GENERIC_READ - ^ ntsecuritycon.FILE_GENERIC_EXECUTE - ^ 512)) + ^ ntsecuritycon.FILE_GENERIC_EXECUTE)) def test_full_flag(self): - self._test_flag(7, (ntsecuritycon.FILE_ALL_ACCESS - ^ 512)) + self._test_flag(7, ntsecuritycon.FILE_ALL_ACCESS) def _test_flag(self, everyone_mode, windows_flag): # Note that flag is tested against `everyone`, not `user`, because practically these unit diff --git a/setup.py b/setup.py index 1f4838c90..d5469bb26 100644 --- a/setup.py +++ b/setup.py @@ -59,7 +59,7 @@ install_requires = [ # However environment markers are supported only with setuptools >= 36.2. # So this dependency is not added for old Linux distributions with old setuptools, # in order to allow these systems to build certbot from sources. -pywin32_req = 'pywin32>=224' +pywin32_req = 'pywin32>=225' if StrictVersion(setuptools_version) >= StrictVersion('36.2'): install_requires.append(pywin32_req + " ; sys_platform == 'win32'") elif 'bdist_wheel' in sys.argv[1:]: diff --git a/tools/dev_constraints.txt b/tools/dev_constraints.txt index c23cf9cce..419b65d6c 100644 --- a/tools/dev_constraints.txt +++ b/tools/dev_constraints.txt @@ -64,7 +64,7 @@ pytest-sugar==0.9.2 pytest-rerunfailures==4.2 python-dateutil==2.6.1 python-digitalocean==1.11 -pywin32==224 +pywin32==225 PyYAML==3.13 repoze.sphinx.autointerface==0.8 requests-file==1.4.2