From bc530e457eb8e997c42c46660cf3edad26fac41e Mon Sep 17 00:00:00 2001 From: Harlan Lieberman-Berg Date: Sat, 22 Aug 2015 02:51:24 +0200 Subject: [PATCH 01/10] Fix minor misspelling error. --- acme/acme/jose/jws.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acme/acme/jose/jws.py b/acme/acme/jose/jws.py index 7ecc87bf2..392a2f074 100644 --- a/acme/acme/jose/jws.py +++ b/acme/acme/jose/jws.py @@ -54,7 +54,7 @@ class Header(json_util.JSONObjectWithFields): the "crit" (Critical) Header Parameter (4.1.11) and as a conforming implementation, :meth:`from_json` treats its occurence as an error. Please subclass if you seek for - a diferent behaviour. + a different behaviour. :ivar x5tS256: "x5t#S256" :ivar str typ: MIME Media Type, inc. :const:`MediaType.PREFIX`. From 60aa1b2ecbe9d3d777b607f0bf2655fdea610688 Mon Sep 17 00:00:00 2001 From: Jakub Warmuz Date: Sat, 22 Aug 2015 12:36:52 +0000 Subject: [PATCH 02/10] Log HTTP request params (including contents). --- acme/acme/client.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/acme/acme/client.py b/acme/acme/client.py index 8e2426b96..690630876 100644 --- a/acme/acme/client.py +++ b/acme/acme/client.py @@ -534,7 +534,8 @@ class ClientNetwork(object): """ - logging.debug('Sending %s request to %s', method, url) + logging.debug('Sending %s request to %s. args: %r, kwargs: %r', + method, url, args, kwargs) kwargs['verify'] = self.verify_ssl response = requests.request(method, url, *args, **kwargs) logging.debug('Received %s. Headers: %s. Content: %r', From 4b128c69a23c6d0a5271afc601f3871467e7aef9 Mon Sep 17 00:00:00 2001 From: Jakub Warmuz Date: Sat, 22 Aug 2015 14:30:30 +0000 Subject: [PATCH 03/10] Fix docs include (SEVERE) --- docs/contributing.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/contributing.rst b/docs/contributing.rst index 5aa6e3e76..a663c942a 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -82,7 +82,7 @@ If you would like to test `letsencrypt_nginx` plugin (highly encouraged) make sure to install prerequisites as listed in ``tests/integration/nginx.sh``: -.. include:: ../tests/integration/nginx.sh +.. include:: ../letsencrypt-nginx/tests/boulder-integration.sh :start-line: 1 :end-line: 2 :code: shell From e9c79edb19fb17568bda434f5c641038b66880bc Mon Sep 17 00:00:00 2001 From: Jakub Warmuz Date: Sat, 22 Aug 2015 14:30:59 +0000 Subject: [PATCH 04/10] Fix various Sphinx build problems --- acme/acme/challenges.py | 6 ++--- .../letsencrypt_apache/configurator.py | 8 +++--- letsencrypt-apache/letsencrypt_apache/obj.py | 25 +++++++++++-------- letsencrypt/crypto_util.py | 2 +- 4 files changed, 24 insertions(+), 17 deletions(-) diff --git a/acme/acme/challenges.py b/acme/acme/challenges.py index cfd6f8533..3f0c203ed 100644 --- a/acme/acme/challenges.py +++ b/acme/acme/challenges.py @@ -149,7 +149,7 @@ class SimpleHTTPResponse(ChallengeResponse): `~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey` or `~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey` - wrapped in `.ComparableKey + wrapped in `.ComparableKey` :rtype: bool @@ -184,7 +184,7 @@ class SimpleHTTPResponse(ChallengeResponse): `~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey` or `~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey` - wrapped in `.ComparableKey + wrapped in `.ComparableKey` :param int port: Port used in the validation. :returns: ``True`` iff validation is successful, ``False`` @@ -370,7 +370,7 @@ class DVSNIResponse(ChallengeResponse): `~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey` or `~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey` - wrapped in `.ComparableKey + wrapped in `.ComparableKey` :param OpenSSL.crypto.X509 cert: Optional certificate. If not provided (``None``) certificate will be retrieved using `probe_cert`. diff --git a/letsencrypt-apache/letsencrypt_apache/configurator.py b/letsencrypt-apache/letsencrypt_apache/configurator.py index 01c9d4f30..8403b974c 100644 --- a/letsencrypt-apache/letsencrypt_apache/configurator.py +++ b/letsencrypt-apache/letsencrypt_apache/configurator.py @@ -953,9 +953,10 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): """Enables an available site, Apache restart required. .. note:: Does not make sure that the site correctly works or that all - modules are enabled appropriately. + modules are enabled appropriately. .. todo:: This function should number subdomains before the domain vhost + .. todo:: Make sure link is not broken... :param vhost: vhost to enable @@ -1034,8 +1035,9 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): .. todo:: This function will be converted to using reload - :raises .errors.MisconfigurationError: If unable to restart due to a - configuration problem, or if the restart subprocess cannot be run. + :raises .errors.MisconfigurationError: If unable to restart due + to a configuration problem, or if the restart subprocess + cannot be run. """ return apache_restart(self.conf("init-script")) diff --git a/letsencrypt-apache/letsencrypt_apache/obj.py b/letsencrypt-apache/letsencrypt_apache/obj.py index c0dcc6c43..8cd2378a4 100644 --- a/letsencrypt-apache/letsencrypt_apache/obj.py +++ b/letsencrypt-apache/letsencrypt_apache/obj.py @@ -41,21 +41,24 @@ class Addr(common.Addr): return 2 def conflicts(self, addr): - """Returns if address could conflict with correct function of self. + r"""Returns if address could conflict with correct function of self. Could addr take away service provided by self within Apache? .. note::IP Address is more important than wildcard. Connection from 127.0.0.1:80 with choices of *:80 and 127.0.0.1:* - chooses 127.0.0.1:* + chooses 127.0.0.1:\* .. todo:: Handle domain name addrs... Examples: - 127.0.0.1:*.conflicts(127.0.0.1:443) - True - 127.0.0.1:443.conflicts(127.0.0.1:*) - False - *:443.conflicts(*:80) - False - _default_:443.conflicts(*:443) - True + + ========================================= ===== + ``127.0.0.1:\*.conflicts(127.0.0.1:443)`` True + ``127.0.0.1:443.conflicts(127.0.0.1:\*)`` False + ``\*:443.conflicts(\*:80)`` False + ``_default_:443.conflicts(\*:443)`` True + ========================================= ===== """ if self._addr_less_specific(addr): @@ -72,9 +75,10 @@ class Addr(common.Addr): def get_sni_addr(self, port): """Returns the least specific address that resolves on the port. - Example: - 1.2.3.4:443 -> 1.2.3.4: - 1.2.3.4:* -> 1.2.3.4:* + Examples: + + - ``1.2.3.4:443`` -> ``1.2.3.4:`` + - ``1.2.3.4:*`` -> ``1.2.3.4:*`` :param str port: Desired port @@ -100,8 +104,9 @@ class VirtualHost(object): # pylint: disable=too-few-public-methods :ivar bool enabled: Virtual host is enabled https://httpd.apache.org/docs/2.4/vhosts/details.html + .. todo:: Any vhost that includes the magic _default_ wildcard is given the - same ServerName as the main server. + same ServerName as the main server. """ # ?: is used for not returning enclosed characters diff --git a/letsencrypt/crypto_util.py b/letsencrypt/crypto_util.py index b7d9987fc..279330f0c 100644 --- a/letsencrypt/crypto_util.py +++ b/letsencrypt/crypto_util.py @@ -267,5 +267,5 @@ def asn1_generalizedtime_to_dt(timestamp): def pyopenssl_x509_name_as_text(x509name): - """Convert `OpenSSL.crypto.X509Name to text.""" + """Convert `OpenSSL.crypto.X509Name` to text.""" return "/".join("{0}={1}" for key, value in x509name.get_components()) From 089528ed2a2890e3dd6ab79099de206a976bbf64 Mon Sep 17 00:00:00 2001 From: Jakub Warmuz Date: Sat, 22 Aug 2015 14:37:32 +0000 Subject: [PATCH 05/10] Fix ambiguous cross-references in docs --- acme/acme/challenges.py | 10 +++++----- acme/acme/messages.py | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/acme/acme/challenges.py b/acme/acme/challenges.py index 3f0c203ed..a2235b61e 100644 --- a/acme/acme/challenges.py +++ b/acme/acme/challenges.py @@ -116,7 +116,7 @@ class SimpleHTTPResponse(ChallengeResponse): def gen_resource(self, chall): """Generate provisioned resource. - :param .SimpleHTTP chall: + :param challenges.SimpleHTTP chall: :rtype: SimpleHTTPProvisionedResource """ @@ -125,7 +125,7 @@ class SimpleHTTPResponse(ChallengeResponse): def gen_validation(self, chall, account_key, alg=jose.RS256, **kwargs): """Generate validation. - :param .SimpleHTTP chall: + :param challenges.SimpleHTTP chall: :param .JWK account_key: Private account key. :param .JWA alg: @@ -142,7 +142,7 @@ class SimpleHTTPResponse(ChallengeResponse): """Check validation. :param .JWS validation: - :param .SimpleHTTP chall: + :param challenges.SimpleHTTP chall: :type account_public_key: `~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey` or @@ -173,7 +173,7 @@ class SimpleHTTPResponse(ChallengeResponse): ignore the certificate provided by the HTTPS server", so ``requests.get`` is called with ``verify=False``. - :param .SimpleHTTP chall: Corresponding challenge. + :param challenges.SimpleHTTP chall: Corresponding challenge. :param unicode domain: Domain name being verified. :param account_public_key: Public key for the key pair being authorized. If ``None`` key verification is not @@ -306,7 +306,7 @@ class DVSNIResponse(ChallengeResponse): def chall(self): """Get challenge encoded in the `validation` payload. - :rtype: DVSNI + :rtype: challenges.DVSNI """ # pylint: disable=no-member diff --git a/acme/acme/messages.py b/acme/acme/messages.py index 33157899e..0855ae008 100644 --- a/acme/acme/messages.py +++ b/acme/acme/messages.py @@ -231,7 +231,7 @@ class ChallengeBody(ResourceBody): call ``challb.x`` to get ``challb.chall.x`` contents. :ivar acme.messages.Status status: :ivar datetime.datetime validated: - :ivar Error error: + :ivar messages.Error error: """ __slots__ = ('chall',) From 7073f947bdffb33724f974aae8815712b4dac653 Mon Sep 17 00:00:00 2001 From: Stacey Sheldon Date: Sun, 16 Aug 2015 12:38:19 -0400 Subject: [PATCH 06/10] examples: fix typos in generate-csr.sh script comments --- examples/generate-csr.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/generate-csr.sh b/examples/generate-csr.sh index fa9327095..c4a3af016 100755 --- a/examples/generate-csr.sh +++ b/examples/generate-csr.sh @@ -1,7 +1,7 @@ #!/bin/sh # This script generates a simple SAN CSR to be used with Let's Encrypt -# CA. Mostly intedened for "auth --csr" testing, but, since its easily -# auditable, feel free to adjust it and use on you production web +# CA. Mostly intended for "auth --csr" testing, but, since it's easily +# auditable, feel free to adjust it and use it on your production web # server. if [ "$#" -lt 1 ] From b2b042837f808a256e1e57a3747bbfb11e04dc31 Mon Sep 17 00:00:00 2001 From: Jakub Warmuz Date: Sat, 22 Aug 2015 10:19:51 +0000 Subject: [PATCH 07/10] Use Go 1.5. The following PRs broke our unittests: - https://github.com/letsencrypt/boulder/pull/642 - https://github.com/letsencrypt/boulder/pull/635 --- .travis.yml | 3 +++ docs/contributing.rst | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index c4bef391b..ad9655808 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,5 +1,8 @@ language: python +# This have to be kept in sync with .travis.yml from Boulder +go: 1.5 + services: - rabbitmq - mysql diff --git a/docs/contributing.rst b/docs/contributing.rst index 5aa6e3e76..af7945d60 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -67,7 +67,7 @@ The following tools are there to help you: Integration ~~~~~~~~~~~ -First, install `Go`_ 1.4 and start Boulder_, an ACME CA server:: +First, install `Go`_ 1.5 and start Boulder_, an ACME CA server:: ./tests/boulder-start.sh From 529df611b2439f80853b093f81dde3885c7e3903 Mon Sep 17 00:00:00 2001 From: Jakub Warmuz Date: Mon, 24 Aug 2015 20:09:19 +0000 Subject: [PATCH 08/10] Travis: different syntax for Go 1.5 version --- .travis.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index ad9655808..fb659e484 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,7 +1,8 @@ language: python # This have to be kept in sync with .travis.yml from Boulder -go: 1.5 +go: + - 1.5 services: - rabbitmq From 165082b37be079acaab741e3e7afa8463d0a6476 Mon Sep 17 00:00:00 2001 From: Jakub Warmuz Date: Mon, 24 Aug 2015 20:26:04 +0000 Subject: [PATCH 09/10] Travis: use gimme for Go 1.5 --- .travis.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index fb659e484..42996ceaa 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,6 +1,5 @@ language: python -# This have to be kept in sync with .travis.yml from Boulder go: - 1.5 @@ -9,9 +8,11 @@ services: - mysql # http://docs.travis-ci.com/user/ci-environment/#CI-environment-OS +# gimme has to be kept in sync with Boulder's Go version setting in .travis.yml before_install: - travis_retry sudo ./bootstrap/ubuntu.sh - travis_retry sudo apt-get install --no-install-recommends nginx-light openssl + - 'eval "$(gimme 1.5)"' # using separate envs with different TOXENVs creates 4x1 Travis build # matrix, which allows us to clearly distinguish which component under From 504ade8af556eeb54abf4a234c50ce343ee2a59c Mon Sep 17 00:00:00 2001 From: Jakub Warmuz Date: Mon, 24 Aug 2015 20:29:25 +0000 Subject: [PATCH 10/10] Travis: gimme 1.5 only for integration tests --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 42996ceaa..b4a9d3220 100644 --- a/.travis.yml +++ b/.travis.yml @@ -12,7 +12,7 @@ services: before_install: - travis_retry sudo ./bootstrap/ubuntu.sh - travis_retry sudo apt-get install --no-install-recommends nginx-light openssl - - 'eval "$(gimme 1.5)"' + - '[ "xxx$BOULDER_INTEGRATION" = "xxx" ] || eval "$(gimme 1.5)"' # using separate envs with different TOXENVs creates 4x1 Travis build # matrix, which allows us to clearly distinguish which component under