diff --git a/.azure-pipelines/templates/jobs/extended-tests-jobs.yml b/.azure-pipelines/templates/jobs/extended-tests-jobs.yml index 67fa34880..c22f1003f 100644 --- a/.azure-pipelines/templates/jobs/extended-tests-jobs.yml +++ b/.azure-pipelines/templates/jobs/extended-tests-jobs.yml @@ -64,8 +64,6 @@ jobs: ACME_SERVER: boulder-v2 nginx-compat: TOXENV: nginx_compat - le-auto-centos6: - TOXENV: le_auto_centos6 le-auto-oraclelinux6: TOXENV: le_auto_oraclelinux6 docker-dev: diff --git a/.azure-pipelines/templates/jobs/standard-tests-jobs.yml b/.azure-pipelines/templates/jobs/standard-tests-jobs.yml index d5b3a0a16..69e8b279b 100644 --- a/.azure-pipelines/templates/jobs/standard-tests-jobs.yml +++ b/.azure-pipelines/templates/jobs/standard-tests-jobs.yml @@ -58,9 +58,9 @@ jobs: apache-compat: IMAGE_NAME: ubuntu-18.04 TOXENV: apache_compat - le-auto-xenial: + le-auto-centos6: IMAGE_NAME: ubuntu-18.04 - TOXENV: le_auto_xenial + TOXENV: le_auto_centos6 apacheconftest: IMAGE_NAME: ubuntu-18.04 PYTHON_VERSION: 2.7 diff --git a/certbot/CHANGELOG.md b/certbot/CHANGELOG.md index 0624a2084..aff3a7cef 100644 --- a/certbot/CHANGELOG.md +++ b/certbot/CHANGELOG.md @@ -12,7 +12,7 @@ Certbot adheres to [Semantic Versioning](https://semver.org/). ### Changed -* +* certbot-auto was deprecated on Debian based systems. ### Fixed diff --git a/letsencrypt-auto-source/Dockerfile.xenial b/letsencrypt-auto-source/Dockerfile.xenial deleted file mode 100644 index 931f1c6d3..000000000 --- a/letsencrypt-auto-source/Dockerfile.xenial +++ /dev/null @@ -1,36 +0,0 @@ -# For running tests, build a docker image with a passwordless sudo and a trust -# store we can manipulate. - -FROM ubuntu:xenial - -# Add an unprivileged user: -RUN useradd --create-home --home-dir /home/lea --shell /bin/bash --groups sudo --uid 1000 lea - -# Install pip, sudo, and openssl: -RUN apt-get update && \ - apt-get -q -y install python-pip sudo openssl && \ - apt-get clean - -# Use pipstrap to update to a stable and tested version of pip -COPY ./pieces/pipstrap.py /opt -RUN /opt/pipstrap.py -# Pin pytest version for increased stability -RUN pip install pytest==3.2.5 six==1.10.0 - -# Let that user sudo: -RUN sed -i.bkp -e \ - 's/%sudo\s\+ALL=(ALL\(:ALL\)\?)\s\+ALL/%sudo ALL=NOPASSWD:ALL/g' \ - /etc/sudoers - -RUN mkdir -p /home/lea/certbot - -# Install fake testing CA: -COPY ./tests/certs/ca/my-root-ca.crt.pem /usr/local/share/ca-certificates/ - -# Copy code: -COPY . /home/lea/certbot/letsencrypt-auto-source - -USER lea -WORKDIR /home/lea - -CMD ["pytest", "-v", "-s", "certbot/letsencrypt-auto-source/tests"] diff --git a/letsencrypt-auto-source/letsencrypt-auto b/letsencrypt-auto-source/letsencrypt-auto index 65eaff36a..83a1041ba 100755 --- a/letsencrypt-auto-source/letsencrypt-auto +++ b/letsencrypt-auto-source/letsencrypt-auto @@ -799,11 +799,7 @@ BootstrapMageiaCommon() { # that function. If Bootstrap is set to a function that doesn't install any # packages BOOTSTRAP_VERSION is not set. if [ -f /etc/debian_version ]; then - Bootstrap() { - BootstrapMessage "Debian-based OSes" - BootstrapDebCommon - } - BOOTSTRAP_VERSION="BootstrapDebCommon $BOOTSTRAP_DEB_COMMON_VERSION" + DEPRECATED_OS=1 elif [ -f /etc/mageia-release ]; then # Mageia has both /etc/mageia-release and /etc/redhat-release DEPRECATED_OS=1 diff --git a/letsencrypt-auto-source/letsencrypt-auto.template b/letsencrypt-auto-source/letsencrypt-auto.template index cd440fb59..5eb82b705 100755 --- a/letsencrypt-auto-source/letsencrypt-auto.template +++ b/letsencrypt-auto-source/letsencrypt-auto.template @@ -321,11 +321,7 @@ DeterminePythonVersion() { # that function. If Bootstrap is set to a function that doesn't install any # packages BOOTSTRAP_VERSION is not set. if [ -f /etc/debian_version ]; then - Bootstrap() { - BootstrapMessage "Debian-based OSes" - BootstrapDebCommon - } - BOOTSTRAP_VERSION="BootstrapDebCommon $BOOTSTRAP_DEB_COMMON_VERSION" + DEPRECATED_OS=1 elif [ -f /etc/mageia-release ]; then # Mageia has both /etc/mageia-release and /etc/redhat-release DEPRECATED_OS=1 diff --git a/tests/letstest/scripts/test_leauto_upgrades.sh b/tests/letstest/scripts/test_leauto_upgrades.sh index 40b70c342..51ff640c5 100755 --- a/tests/letstest/scripts/test_leauto_upgrades.sh +++ b/tests/letstest/scripts/test_leauto_upgrades.sh @@ -105,9 +105,18 @@ if ./letsencrypt-auto -v --debug --version | grep "WARNING: couldn't find Python exit 1 fi -EXPECTED_VERSION=$(grep -m1 LE_AUTO_VERSION certbot-auto | cut -d\" -f2) +# On systems like Debian where certbot-auto is deprecated, we expect it to +# leave existing Certbot installations unmodified so we check for the same +# version that was initially installed below. Once certbot-auto is deprecated +# on RHEL systems, we can unconditionally check for INITIAL_VERSION. +if [ -f /etc/debian_version ]; then + EXPECTED_VERSION="$INITIAL_VERSION" +else + EXPECTED_VERSION=$(grep -m1 LE_AUTO_VERSION certbot-auto | cut -d\" -f2) +fi + if ! /opt/eff.org/certbot/venv/bin/letsencrypt --version 2>&1 | tail -n1 | grep "^certbot $EXPECTED_VERSION$" ; then - echo upgrade appeared to fail + echo unexpected certbot version found exit 1 fi diff --git a/tests/letstest/scripts/test_letsencrypt_auto_certonly_standalone.sh b/tests/letstest/scripts/test_letsencrypt_auto_certonly_standalone.sh index c028031c7..15cf9ee1b 100755 --- a/tests/letstest/scripts/test_letsencrypt_auto_certonly_standalone.sh +++ b/tests/letstest/scripts/test_letsencrypt_auto_certonly_standalone.sh @@ -16,6 +16,24 @@ sudo chown root "$LE_AUTO_PATH" sudo chmod 0755 "$LE_AUTO_PATH" export PATH="$LE_AUTO_DIR:$PATH" +# On systems like Debian where certbot-auto is deprecated, we expect +# certbot-auto to error and refuse to install Certbot. Once certbot-auto is +# deprecated on RHEL systems, we can unconditionally run this code. +if [ -f /etc/debian_version ]; then + set +o pipefail + if ! letsencrypt-auto --debug --version | grep "Certbot cannot be installed."; then + echo "letsencrypt-auto didn't report being uninstallable." + exit 1 + fi + if [ ${PIPESTATUS[0]} != 1 ]; then + echo "letsencrypt-auto didn't exit with status 1 as expected" + exit 1 + fi + # letsencrypt-auto is deprecated and cannot be installed on this system so + # we cannot run the rest of this test. + exit 0 +fi + letsencrypt-auto --os-packages-only --debug --version # This script sets the environment variables PYTHON_NAME, VENV_PATH, and diff --git a/tox.ini b/tox.ini index ce0db4905..9412a2349 100644 --- a/tox.ini +++ b/tox.ini @@ -188,11 +188,12 @@ whitelist_externals = passenv = DOCKER_* -[testenv:le_auto_xenial] -# At the moment, this tests under Python 2.7 only. +[testenv:le_auto_centos6] +# At the moment, this tests under Python 2.6 only, as only that version is +# readily available on the CentOS 6 Docker image. commands = python {toxinidir}/tests/modification-check.py - docker build -f letsencrypt-auto-source/Dockerfile.xenial -t lea letsencrypt-auto-source + docker build -f letsencrypt-auto-source/Dockerfile.redhat6 --build-arg REDHAT_DIST_FLAVOR=centos -t lea letsencrypt-auto-source docker run --rm -t lea whitelist_externals = docker @@ -200,16 +201,6 @@ passenv = DOCKER_* TARGET_BRANCH -[testenv:le_auto_centos6] -# At the moment, this tests under Python 2.6 only, as only that version is -# readily available on the CentOS 6 Docker image. -commands = - docker build -f letsencrypt-auto-source/Dockerfile.redhat6 --build-arg REDHAT_DIST_FLAVOR=centos -t lea letsencrypt-auto-source - docker run --rm -t lea -whitelist_externals = - docker -passenv = DOCKER_* - [testenv:le_auto_oraclelinux6] # At the moment, this tests under Python 2.6 only, as only that version is # readily available on the Oracle Linux 6 Docker image.