From c59775c3c069ce7106eca63e8f16294d99fbb021 Mon Sep 17 00:00:00 2001
From: Adrien Ferrand <adferrand@users.noreply.github.com>
Date: Thu, 11 Feb 2021 00:17:51 +0100
Subject: [PATCH] Disable certbot-auto upgrade on RHEL-like systems (#8653)

Fixes #8637

* Disable upgrade for RHEL-like systems

* Remove letstest on Amazon Linux

* Update changelog
---
 certbot/CHANGELOG.md                              | 1 +
 letsencrypt-auto-source/letsencrypt-auto          | 1 +
 letsencrypt-auto-source/letsencrypt-auto.template | 1 +
 tests/letstest/auto_targets.yaml                  | 7 -------
 tests/letstest/scripts/test_leauto_upgrades.sh    | 2 +-
 5 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/certbot/CHANGELOG.md b/certbot/CHANGELOG.md
index 370282f38..eac783bdb 100644
--- a/certbot/CHANGELOG.md
+++ b/certbot/CHANGELOG.md
@@ -18,6 +18,7 @@ Certbot adheres to [Semantic Versioning](https://semver.org/).
   which was needed to support SNI in TLS requests when using old versions of
   Python 2.
 * Certbot and all of its components no longer depend on the library `six`.
+* The update of certbot-auto itself is now disabled on all RHEL-like systems.
 
 ### Fixed
 
diff --git a/letsencrypt-auto-source/letsencrypt-auto b/letsencrypt-auto-source/letsencrypt-auto
index 14e71c615..224abaf01 100755
--- a/letsencrypt-auto-source/letsencrypt-auto
+++ b/letsencrypt-auto-source/letsencrypt-auto
@@ -806,6 +806,7 @@ elif [ -f /etc/mageia-release ]; then
   NO_SELF_UPGRADE=1
 elif [ -f /etc/redhat-release ]; then
   DEPRECATED_OS=1
+  NO_SELF_UPGRADE=1
   # Run DeterminePythonVersion to decide on the basis of available Python versions
   # whether to use 2.x or 3.x on RedHat-like systems.
   # Then, revert LE_PYTHON to its previous state.
diff --git a/letsencrypt-auto-source/letsencrypt-auto.template b/letsencrypt-auto-source/letsencrypt-auto.template
index 783268571..70b75176e 100755
--- a/letsencrypt-auto-source/letsencrypt-auto.template
+++ b/letsencrypt-auto-source/letsencrypt-auto.template
@@ -328,6 +328,7 @@ elif [ -f /etc/mageia-release ]; then
   NO_SELF_UPGRADE=1
 elif [ -f /etc/redhat-release ]; then
   DEPRECATED_OS=1
+  NO_SELF_UPGRADE=1
   # Run DeterminePythonVersion to decide on the basis of available Python versions
   # whether to use 2.x or 3.x on RedHat-like systems.
   # Then, revert LE_PYTHON to its previous state.
diff --git a/tests/letstest/auto_targets.yaml b/tests/letstest/auto_targets.yaml
index 164580e86..01d410227 100644
--- a/tests/letstest/auto_targets.yaml
+++ b/tests/letstest/auto_targets.yaml
@@ -57,10 +57,3 @@ targets:
     type: centos
     virt: hvm
     user: centos
-  #-----------------------------------------------------------------------------
-  # Amazon Linux
-  - ami: ami-0ff8a91507f77f867
-    name: amazon
-    type: centos
-    virt: hvm
-    user: ec2-user
diff --git a/tests/letstest/scripts/test_leauto_upgrades.sh b/tests/letstest/scripts/test_leauto_upgrades.sh
index d0b941736..407a865f2 100755
--- a/tests/letstest/scripts/test_leauto_upgrades.sh
+++ b/tests/letstest/scripts/test_leauto_upgrades.sh
@@ -156,7 +156,7 @@ fi
 # Finally, we check if our local server received more requests. Over time,
 # we'll move more and more OSes into this case until it this is the expected
 # behavior on all systems.
-if [ -f /etc/issue ] && grep -iq "Amazon Linux" /etc/issue; then
+if [ -f /etc/redhat-release ]; then
     if ! diff "$LOG_FILE" "$PREVIOUS_LOG_FILE" ; then
         echo our local server received unexpected requests
         exit 1