From d76cd9c31510f4c51b74e00d51bebd786e539af3 Mon Sep 17 00:00:00 2001 From: Noah Swartz Date: Tue, 1 Dec 2015 15:57:02 -0800 Subject: [PATCH 01/44] remove duplicate docstring line --- letsencrypt-apache/letsencrypt_apache/parser.py | 1 - 1 file changed, 1 deletion(-) diff --git a/letsencrypt-apache/letsencrypt_apache/parser.py b/letsencrypt-apache/letsencrypt_apache/parser.py index ec5211ae4..aad990e3b 100644 --- a/letsencrypt-apache/letsencrypt_apache/parser.py +++ b/letsencrypt-apache/letsencrypt_apache/parser.py @@ -19,7 +19,6 @@ class ApacheParser(object): :ivar str root: Normalized absolute path to the server root directory. Without trailing slash. - :ivar str root: Server root :ivar set modules: All module names that are currently enabled. :ivar dict loc: Location to place directives, root - configuration origin, default - user config file, name - NameVirtualHost, From e268e718a0e16f8e3e51da2c98012d7fb1b7390a Mon Sep 17 00:00:00 2001 From: Marius Gedminas Date: Wed, 2 Dec 2015 16:04:38 +0200 Subject: [PATCH 02/44] Remove py26reqs.txt ConfigArgParse 0.10 from PyPI supports Python 2.6, so there's no more need to install a fixed version directly from a git branch. --- Dockerfile | 1 - Dockerfile-dev | 1 - MANIFEST.in | 1 - bootstrap/README | 4 ++-- bootstrap/dev/venv.sh | 1 - bootstrap/venv.sh | 2 +- letsencrypt-auto | 4 +--- py26reqs.txt | 2 -- tox.ini | 2 +- 9 files changed, 5 insertions(+), 13 deletions(-) delete mode 100644 py26reqs.txt diff --git a/Dockerfile b/Dockerfile index 02aa0f0d7..da0110604 100644 --- a/Dockerfile +++ b/Dockerfile @@ -49,7 +49,6 @@ COPY letsencrypt-apache /opt/letsencrypt/src/letsencrypt-apache/ COPY letsencrypt-nginx /opt/letsencrypt/src/letsencrypt-nginx/ -# py26reqs.txt not installed! RUN virtualenv --no-site-packages -p python2 /opt/letsencrypt/venv && \ /opt/letsencrypt/venv/bin/pip install \ -e /opt/letsencrypt/src/acme \ diff --git a/Dockerfile-dev b/Dockerfile-dev index b89411c90..3c5b53966 100644 --- a/Dockerfile-dev +++ b/Dockerfile-dev @@ -32,7 +32,6 @@ RUN /opt/letsencrypt/src/ubuntu.sh && \ # the above is not likely to change, so by putting it further up the # Dockerfile we make sure we cache as much as possible -# py26reqs.txt not installed! COPY setup.py README.rst CHANGES.rst MANIFEST.in linter_plugin.py tox.cover.sh tox.ini pep8.travis.sh .pep8 .pylintrc /opt/letsencrypt/src/ # all above files are necessary for setup.py, however, package source diff --git a/MANIFEST.in b/MANIFEST.in index a82c7dd8c..a6f9ae2b6 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -1,4 +1,3 @@ -include py26reqs.txt include README.rst include CHANGES.rst include CONTRIBUTING.md diff --git a/bootstrap/README b/bootstrap/README index 89fd8b6ba..d8d9f6939 100644 --- a/bootstrap/README +++ b/bootstrap/README @@ -2,6 +2,6 @@ This directory contains scripts that install necessary OS-specific prerequisite dependencies (see docs/using.rst). General dependencies: -- git-core: py26reqs.txt git+https://* +- git-core: git+https://* - ca-certificates: communication with demo ACMO server at - https://www.letsencrypt-demo.org, py26reqs.txt git+https://* + https://www.letsencrypt-demo.org, git+https://* diff --git a/bootstrap/dev/venv.sh b/bootstrap/dev/venv.sh index 2bd32a89b..11ab417dd 100755 --- a/bootstrap/dev/venv.sh +++ b/bootstrap/dev/venv.sh @@ -4,7 +4,6 @@ export VENV_ARGS="--python python2" ./bootstrap/dev/_venv_common.sh \ - -r py26reqs.txt \ -e acme[testing] \ -e .[dev,docs,testing] \ -e letsencrypt-apache \ diff --git a/bootstrap/venv.sh b/bootstrap/venv.sh index ff1a50c6c..5042178d9 100755 --- a/bootstrap/venv.sh +++ b/bootstrap/venv.sh @@ -20,7 +20,7 @@ fi pip install -U setuptools pip install -U pip -pip install -U -r py26reqs.txt letsencrypt letsencrypt-apache # letsencrypt-nginx +pip install -U letsencrypt letsencrypt-apache # letsencrypt-nginx echo echo "Congratulations, Let's Encrypt has been successfully installed/updated!" diff --git a/letsencrypt-auto b/letsencrypt-auto index c88028b72..e8d4adf9a 100755 --- a/letsencrypt-auto +++ b/letsencrypt-auto @@ -175,7 +175,7 @@ if [ "$VERBOSE" = 1 ] ; then echo $VENV_BIN/pip install -U setuptools $VENV_BIN/pip install -U pip - $VENV_BIN/pip install -r "$LEA_PATH"/py26reqs.txt -U letsencrypt letsencrypt-apache + $VENV_BIN/pip install -U letsencrypt letsencrypt-apache # nginx is buggy / disabled for now, but upgrade it if the user has # installed it manually if $VENV_BIN/pip freeze | grep -q letsencrypt-nginx ; then @@ -187,8 +187,6 @@ else $VENV_BIN/pip install -U pip > /dev/null printf . # nginx is buggy / disabled for now... - $VENV_BIN/pip install -r "$LEA_PATH"/py26reqs.txt > /dev/null - printf . $VENV_BIN/pip install -U letsencrypt > /dev/null printf . $VENV_BIN/pip install -U letsencrypt-apache > /dev/null diff --git a/py26reqs.txt b/py26reqs.txt deleted file mode 100644 index a94b22c0c..000000000 --- a/py26reqs.txt +++ /dev/null @@ -1,2 +0,0 @@ -# https://github.com/bw2/ConfigArgParse/issues/17 -git+https://github.com/kuba/ConfigArgParse.git@python2.6-0.9.3#egg=ConfigArgParse diff --git a/tox.ini b/tox.ini index d1fafe20f..1abe1cf39 100644 --- a/tox.ini +++ b/tox.ini @@ -17,7 +17,7 @@ envlist = py26,py27,py33,py34,py35,cover,lint commands = pip install -e acme[testing] nosetests -v acme - pip install -r py26reqs.txt -e .[testing] + pip install -e .[testing] nosetests -v letsencrypt pip install -e letsencrypt-apache nosetests -v letsencrypt_apache From afb6d2813a8e3cff7b47203a250042e715b1dc3d Mon Sep 17 00:00:00 2001 From: Marius Gedminas Date: Thu, 3 Dec 2015 09:55:21 +0200 Subject: [PATCH 03/44] git+https://* is no longer used --- bootstrap/README | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/bootstrap/README b/bootstrap/README index d8d9f6939..d91780903 100644 --- a/bootstrap/README +++ b/bootstrap/README @@ -2,6 +2,5 @@ This directory contains scripts that install necessary OS-specific prerequisite dependencies (see docs/using.rst). General dependencies: -- git-core: git+https://* - ca-certificates: communication with demo ACMO server at - https://www.letsencrypt-demo.org, git+https://* + https://www.letsencrypt-demo.org From 9fbec030a28e1a1cc92d7ea27c251ccdec0a8253 Mon Sep 17 00:00:00 2001 From: Marius Gedminas Date: Thu, 3 Dec 2015 09:58:39 +0200 Subject: [PATCH 04/44] Require ConfigArgParse >= 0.10 for Python 2.6 support --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 40c6ac16c..7c4e49311 100644 --- a/setup.py +++ b/setup.py @@ -32,7 +32,7 @@ version = meta['version'] install_requires = [ 'acme=={0}'.format(version), - 'ConfigArgParse', + 'ConfigArgParse>=0.10.0', # python2.6 support, upstream #17 'configobj', 'cryptography>=0.7', # load_pem_x509_certificate 'parsedatetime', From 51f17115c6f76d0adfa0914e8202854127760f4c Mon Sep 17 00:00:00 2001 From: Marius Gedminas Date: Thu, 3 Dec 2015 10:22:50 +0200 Subject: [PATCH 05/44] Allow older ConfigArgParse for users of modern Pythons (I think this is a bad idea because of https://github.com/pypa/pip/issues/3025, but letsencrypt maintainers insist, so *shrug*. Also the same problem exists for the versioned 'mock' dependency, so I'm not introducing a new one here.) --- setup.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/setup.py b/setup.py index 7c4e49311..36d354354 100644 --- a/setup.py +++ b/setup.py @@ -32,7 +32,6 @@ version = meta['version'] install_requires = [ 'acme=={0}'.format(version), - 'ConfigArgParse>=0.10.0', # python2.6 support, upstream #17 'configobj', 'cryptography>=0.7', # load_pem_x509_certificate 'parsedatetime', @@ -54,9 +53,13 @@ if sys.version_info < (2, 7): # only some distros recognize stdlib argparse as already satisfying 'argparse', 'mock<1.1.0', + 'ConfigArgParse>=0.10.0', # python2.6 support, upstream #17 ]) else: - install_requires.append('mock') + install_requires.extend([ + 'mock', + 'ConfigArgParse', + ]) dev_extras = [ # Pin astroid==1.3.5, pylint==1.4.2 as a workaround for #289 From 85dc829d9f3b5e2b69efd6246c1ed5f9845ebc47 Mon Sep 17 00:00:00 2001 From: Marius Gedminas Date: Thu, 3 Dec 2015 10:51:16 +0200 Subject: [PATCH 06/44] Order imports alphabetically --- setup.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup.py b/setup.py index 36d354354..40749bf2a 100644 --- a/setup.py +++ b/setup.py @@ -52,13 +52,13 @@ if sys.version_info < (2, 7): install_requires.extend([ # only some distros recognize stdlib argparse as already satisfying 'argparse', - 'mock<1.1.0', 'ConfigArgParse>=0.10.0', # python2.6 support, upstream #17 + 'mock<1.1.0', ]) else: install_requires.extend([ - 'mock', 'ConfigArgParse', + 'mock', ]) dev_extras = [ From ce2ce697bdbe249e55001f48fe6c0e8e45e5e036 Mon Sep 17 00:00:00 2001 From: Noah Swartz Date: Thu, 3 Dec 2015 12:12:38 -0800 Subject: [PATCH 07/44] check for missed define statements at the end of parsing --- letsencrypt-apache/letsencrypt_apache/parser.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/letsencrypt-apache/letsencrypt_apache/parser.py b/letsencrypt-apache/letsencrypt_apache/parser.py index aad990e3b..4ed83e652 100644 --- a/letsencrypt-apache/letsencrypt_apache/parser.py +++ b/letsencrypt-apache/letsencrypt_apache/parser.py @@ -35,6 +35,7 @@ class ApacheParser(object): # https://httpd.apache.org/docs/2.4/mod/core.html#ifdefine # This only handles invocation parameters and Define directives! self.variables = {} + self.unparsable = False self.update_runtime_variables(ctl) self.aug = aug @@ -58,6 +59,10 @@ class ApacheParser(object): # Must also attempt to parse sites-available or equivalent # Sites-available is not included naturally in configuration self._parse_file(os.path.join(self.root, "sites-available") + "/*") + #TODO check to see if there were unparsed define statements + if self.unparsable: + if self.find_dir("Define", exclude=False): + raise errors.PluginError("Error parsing runtime variables") def init_modules(self): """Iterates on the configuration until no new modules are loaded. @@ -100,7 +105,9 @@ class ApacheParser(object): try: matches.remove("DUMP_RUN_CFG") except ValueError: - raise errors.PluginError("Unable to parse runtime variables") + self.unparsable = True + return + #raise errors.PluginError("Unable to parse runtime variables") for match in matches: if match.count("=") > 1: From 1bf9fbcc727b42c7a633d8ab935e1b103d960fc6 Mon Sep 17 00:00:00 2001 From: Noah Swartz Date: Thu, 3 Dec 2015 14:25:49 -0800 Subject: [PATCH 08/44] don't enable socache on apache 2.2 --- letsencrypt-apache/letsencrypt_apache/configurator.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/letsencrypt-apache/letsencrypt_apache/configurator.py b/letsencrypt-apache/letsencrypt_apache/configurator.py index a0b58c5ff..fda02c7ff 100644 --- a/letsencrypt-apache/letsencrypt_apache/configurator.py +++ b/letsencrypt-apache/letsencrypt_apache/configurator.py @@ -546,7 +546,8 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): """ if "ssl_module" not in self.parser.modules: self.enable_mod("ssl", temp=temp) - + if self.version >= (2, 4) and "socache_shmcb_module" not in self.parser.modules: + self.enable_mod("socache_shmcb", temp=temp) # Check for Listen # Note: This could be made to also look for ip:443 combo if not self.parser.find_dir("Listen", port): @@ -1320,7 +1321,7 @@ def _get_mod_deps(mod_name): """ deps = { - "ssl": ["setenvif", "mime", "socache_shmcb"] + "ssl": ["setenvif", "mime"] } return deps.get(mod_name, []) From 0a1b9c2bf0d4f9018bf87b08361b102325b06d3e Mon Sep 17 00:00:00 2001 From: Noah Swartz Date: Wed, 9 Dec 2015 17:05:38 -0800 Subject: [PATCH 09/44] fixed failing tests for changes that allow apache22 --- letsencrypt-apache/letsencrypt_apache/parser.py | 1 - .../letsencrypt_apache/tests/configurator_test.py | 13 ++++++++++++- .../letsencrypt_apache/tests/parser_test.py | 6 +++--- .../letsencrypt_apache/tests/tls_sni_01_test.py | 3 ++- 4 files changed, 17 insertions(+), 6 deletions(-) diff --git a/letsencrypt-apache/letsencrypt_apache/parser.py b/letsencrypt-apache/letsencrypt_apache/parser.py index 4ed83e652..8f15ab10c 100644 --- a/letsencrypt-apache/letsencrypt_apache/parser.py +++ b/letsencrypt-apache/letsencrypt_apache/parser.py @@ -107,7 +107,6 @@ class ApacheParser(object): except ValueError: self.unparsable = True return - #raise errors.PluginError("Unable to parse runtime variables") for match in matches: if match.count("=") > 1: diff --git a/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py b/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py index 0b6170e1d..4e166dfc8 100644 --- a/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py +++ b/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py @@ -28,10 +28,18 @@ class TwoVhost80Test(util.ApacheTest): self.config = util.get_apache_configurator( self.config_path, self.config_dir, self.work_dir) - + self.config = self.mock_deploy_cert(self.config) self.vh_truth = util.get_vh_truth( self.temp_dir, "debian_apache_2_4/two_vhost_80") + def mock_deploy_cert(self, config): + self.config.real_deploy_cert = self.config.deploy_cert + def mocked_deploy_cert(*args, **kwargs): + with mock.patch("letsencrypt_apache.configurator.ApacheConfigurator.enable_mod") as mock_enable: + config.real_deploy_cert(*args, **kwargs) + self.config.deploy_cert = mocked_deploy_cert + return self.config + def tearDown(self): shutil.rmtree(self.temp_dir) shutil.rmtree(self.config_dir) @@ -245,6 +253,7 @@ class TwoVhost80Test(util.ApacheTest): # Get the default 443 vhost self.config.assoc["random.demo"] = self.vh_truth[1] + self.config = self.mock_deploy_cert(self.config) self.config.deploy_cert( "random.demo", "example/cert.pem", "example/key.pem", "example/cert_chain.pem", "example/fullchain.pem") @@ -271,6 +280,7 @@ class TwoVhost80Test(util.ApacheTest): def test_deploy_cert_newssl_no_fullchain(self): self.config = util.get_apache_configurator( self.config_path, self.config_dir, self.work_dir, version=(2, 4, 16)) + self.config = self.mock_deploy_cert(self.config) self.config.parser.modules.add("ssl_module") self.config.parser.modules.add("mod_ssl.c") @@ -284,6 +294,7 @@ class TwoVhost80Test(util.ApacheTest): def test_deploy_cert_old_apache_no_chain(self): self.config = util.get_apache_configurator( self.config_path, self.config_dir, self.work_dir, version=(2, 4, 7)) + self.config = self.mock_deploy_cert(self.config) self.config.parser.modules.add("ssl_module") self.config.parser.modules.add("mod_ssl.c") diff --git a/letsencrypt-apache/letsencrypt_apache/tests/parser_test.py b/letsencrypt-apache/letsencrypt_apache/tests/parser_test.py index bc1f316f9..121c2ceb2 100644 --- a/letsencrypt-apache/letsencrypt_apache/tests/parser_test.py +++ b/letsencrypt-apache/letsencrypt_apache/tests/parser_test.py @@ -150,9 +150,9 @@ class BasicParserTest(util.ParserTest): @mock.patch("letsencrypt_apache.parser.ApacheParser._get_runtime_cfg") def test_update_runtime_vars_bad_output(self, mock_cfg): - mock_cfg.return_value = "Define: TLS=443=24" - self.assertRaises( - errors.PluginError, self.parser.update_runtime_variables, "ctl") + #mock_cfg.return_value = "Define: TLS=443=24" + #self.assertRaises( + # errors.PluginError, self.parser.update_runtime_variables, "ctl") mock_cfg.return_value = "Define: DUMP_RUN_CFG\nDefine: TLS=443=24" self.assertRaises( diff --git a/letsencrypt-apache/letsencrypt_apache/tests/tls_sni_01_test.py b/letsencrypt-apache/letsencrypt_apache/tests/tls_sni_01_test.py index f4dff7734..6f10555f8 100644 --- a/letsencrypt-apache/letsencrypt_apache/tests/tls_sni_01_test.py +++ b/letsencrypt-apache/letsencrypt_apache/tests/tls_sni_01_test.py @@ -78,7 +78,8 @@ class TlsSniPerformTest(util.ApacheTest): # pylint: disable=protected-access self.sni._setup_challenge_cert = mock_setup_cert - sni_responses = self.sni.perform() + with mock.patch("letsencrypt_apache.configurator.ApacheConfigurator.enable_mod") as mock_enable: + sni_responses = self.sni.perform() self.assertEqual(mock_setup_cert.call_count, 2) From d761df90d4313a3a161ab0868a63fcc1152d8020 Mon Sep 17 00:00:00 2001 From: Noah Swartz Date: Wed, 9 Dec 2015 18:51:16 -0800 Subject: [PATCH 10/44] added coverage tests --- .../letsencrypt_apache/parser.py | 3 ++- .../letsencrypt_apache/tests/parser_test.py | 19 ++++++++++++++++--- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/letsencrypt-apache/letsencrypt_apache/parser.py b/letsencrypt-apache/letsencrypt_apache/parser.py index 8f15ab10c..418e0ec39 100644 --- a/letsencrypt-apache/letsencrypt_apache/parser.py +++ b/letsencrypt-apache/letsencrypt_apache/parser.py @@ -59,7 +59,8 @@ class ApacheParser(object): # Must also attempt to parse sites-available or equivalent # Sites-available is not included naturally in configuration self._parse_file(os.path.join(self.root, "sites-available") + "/*") - #TODO check to see if there were unparsed define statements + + #check to see if there were unparsed define statements if self.unparsable: if self.find_dir("Define", exclude=False): raise errors.PluginError("Error parsing runtime variables") diff --git a/letsencrypt-apache/letsencrypt_apache/tests/parser_test.py b/letsencrypt-apache/letsencrypt_apache/tests/parser_test.py index 121c2ceb2..57a75bcec 100644 --- a/letsencrypt-apache/letsencrypt_apache/tests/parser_test.py +++ b/letsencrypt-apache/letsencrypt_apache/tests/parser_test.py @@ -150,9 +150,9 @@ class BasicParserTest(util.ParserTest): @mock.patch("letsencrypt_apache.parser.ApacheParser._get_runtime_cfg") def test_update_runtime_vars_bad_output(self, mock_cfg): - #mock_cfg.return_value = "Define: TLS=443=24" - #self.assertRaises( - # errors.PluginError, self.parser.update_runtime_variables, "ctl") + mock_cfg.return_value = "Define: TLS=443=24" + self.parser.update_runtime_variables("ctl") + self.assertTrue( self.parser.unparsable) mock_cfg.return_value = "Define: DUMP_RUN_CFG\nDefine: TLS=443=24" self.assertRaises( @@ -185,6 +185,19 @@ class ParserInitTest(util.ApacheTest): shutil.rmtree(self.config_dir) shutil.rmtree(self.work_dir) + @mock.patch("letsencrypt_apache.parser.ApacheParser._get_runtime_cfg") + def test_unparsable(self, mock_cfg): + from letsencrypt_apache.parser import ApacheParser + def unparsable_true(self, arg): + self.unparsable = True + with mock.patch.object(ApacheParser, 'update_runtime_variables', autospec=True) as urv: + urv.side_effect = unparsable_true + mock_cfg.return_value = ('Define: TEST') + self.assertRaises( + errors.PluginError, + ApacheParser, self.aug, os.path.relpath(self.config_path), "ctl") + self.assertEquals(1,1) + def test_root_normalized(self): from letsencrypt_apache.parser import ApacheParser From 9ea3dc313697f52889a6bf3d89edefb9132a618c Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Mon, 30 Nov 2015 22:12:02 -0800 Subject: [PATCH 11/44] Hackishly add wheezy backports libaugeas0 where required --- bootstrap/_deb_common.sh | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/bootstrap/_deb_common.sh b/bootstrap/_deb_common.sh index 4c6b91a33..cd9036581 100755 --- a/bootstrap/_deb_common.sh +++ b/bootstrap/_deb_common.sh @@ -32,6 +32,26 @@ if apt-cache show python-virtualenv > /dev/null ; then virtualenv="$virtualenv python-virtualenv" fi +augeas_pkg=libaugeas0 +AUGVERSION=`apt-cache show --no-all-versions libaugeas0 | grep ^Version: | cut -d" " -f2` + +if dpkg --compare-version 1.0 gt "$AUGVERSION" ; then + if lsb_release -a | grep -q wheezy ; then + if ! grep -v -e ' *#' /etc/apt/sources.list | grep -q wheezy-backports ; then + # XXX ask for permission before doing this? + echo Installing augeas from wheezy-backports... + echo deb http://http.debian.net/debian wheezy-backports main >> /etc/apt/sources.list + apt-get update + apt-get install -y --no-install-recommends -t wheezy-backports libaugeas0 + fi + augeas_pkg= + else + echo "No libaugeas0 version is available that's new enough to run the" + echo "Let's Encrypt apache plugin..." + fi + # XXX add a case for ubuntu PPAs +fi + apt-get install -y --no-install-recommends \ git \ python \ @@ -39,11 +59,13 @@ apt-get install -y --no-install-recommends \ $virtualenv \ gcc \ dialog \ - libaugeas0 \ + $augeas_pkg \ libssl-dev \ libffi-dev \ ca-certificates \ + + if ! command -v virtualenv > /dev/null ; then echo Failed to install a working \"virtualenv\" command, exiting exit 1 From 38821f244b3ce434c1c02a18ba6b8ac7a17af245 Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Tue, 15 Dec 2015 17:06:58 -0800 Subject: [PATCH 12/44] Remove git as dependency --- bootstrap/_arch_common.sh | 1 - bootstrap/_deb_common.sh | 1 - bootstrap/_gentoo_common.sh | 3 +-- bootstrap/_rpm_common.sh | 2 -- bootstrap/_suse_common.sh | 3 +-- bootstrap/freebsd.sh | 1 - 6 files changed, 2 insertions(+), 9 deletions(-) diff --git a/bootstrap/_arch_common.sh b/bootstrap/_arch_common.sh index f66067ffb..2b512792f 100755 --- a/bootstrap/_arch_common.sh +++ b/bootstrap/_arch_common.sh @@ -8,7 +8,6 @@ # ./bootstrap/dev/_common_venv.sh deps=" - git python2 python-virtualenv gcc diff --git a/bootstrap/_deb_common.sh b/bootstrap/_deb_common.sh index 4c6b91a33..d8b03075c 100755 --- a/bootstrap/_deb_common.sh +++ b/bootstrap/_deb_common.sh @@ -33,7 +33,6 @@ if apt-cache show python-virtualenv > /dev/null ; then fi apt-get install -y --no-install-recommends \ - git \ python \ python-dev \ $virtualenv \ diff --git a/bootstrap/_gentoo_common.sh b/bootstrap/_gentoo_common.sh index a718db7ff..a9bc6acd7 100755 --- a/bootstrap/_gentoo_common.sh +++ b/bootstrap/_gentoo_common.sh @@ -1,7 +1,6 @@ #!/bin/sh -PACKAGES="dev-vcs/git - dev-lang/python:2.7 +PACKAGES="dev-lang/python:2.7 dev-python/virtualenv dev-util/dialog app-admin/augeas diff --git a/bootstrap/_rpm_common.sh b/bootstrap/_rpm_common.sh index b975da444..6edea8eb1 100755 --- a/bootstrap/_rpm_common.sh +++ b/bootstrap/_rpm_common.sh @@ -33,9 +33,7 @@ then fi fi -# "git-core" seems to be an alias for "git" in CentOS 7 (yum search fails) if ! $tool install -y \ - git-core \ gcc \ dialog \ augeas-libs \ diff --git a/bootstrap/_suse_common.sh b/bootstrap/_suse_common.sh index 46f9d693b..701849e4b 100755 --- a/bootstrap/_suse_common.sh +++ b/bootstrap/_suse_common.sh @@ -2,8 +2,7 @@ # SLE12 don't have python-virtualenv -zypper -nq in -l git-core \ - python \ +zypper -nq in -l python \ python-devel \ python-virtualenv \ gcc \ diff --git a/bootstrap/freebsd.sh b/bootstrap/freebsd.sh index 180ee21b4..4482c35cd 100755 --- a/bootstrap/freebsd.sh +++ b/bootstrap/freebsd.sh @@ -1,7 +1,6 @@ #!/bin/sh -xe pkg install -Ay \ - git \ python \ py27-virtualenv \ augeas \ From 69ea4662c3d167efcc9cf1da93ef46b5092e5c93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9my=20HUBSCHER?= Date: Wed, 16 Dec 2015 15:25:31 +0100 Subject: [PATCH 13/44] Guarantee a true SSLContext object with Python 2 --- setup.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/setup.py b/setup.py index 40c6ac16c..e94891802 100644 --- a/setup.py +++ b/setup.py @@ -55,6 +55,10 @@ if sys.version_info < (2, 7): 'argparse', 'mock<1.1.0', ]) +elif sys.version_info < (2, 8): + # For secure SSL connexion with Python 2.7 (InsecurePlatformWarning) + install_requires.append('ndg-httpsclient') + install_requires.append('pyasn1') else: install_requires.append('mock') From eca5e7ae27928a8f2232ca9efb99e095120ab01b Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Wed, 16 Dec 2015 12:45:15 -0800 Subject: [PATCH 14/44] Put every package on its own line --- bootstrap/_gentoo_common.sh | 3 ++- bootstrap/_suse_common.sh | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/bootstrap/_gentoo_common.sh b/bootstrap/_gentoo_common.sh index a9bc6acd7..f49dc00f0 100755 --- a/bootstrap/_gentoo_common.sh +++ b/bootstrap/_gentoo_common.sh @@ -1,6 +1,7 @@ #!/bin/sh -PACKAGES="dev-lang/python:2.7 +PACKAGES=" + dev-lang/python:2.7 dev-python/virtualenv dev-util/dialog app-admin/augeas diff --git a/bootstrap/_suse_common.sh b/bootstrap/_suse_common.sh index 701849e4b..efeebe4f8 100755 --- a/bootstrap/_suse_common.sh +++ b/bootstrap/_suse_common.sh @@ -2,7 +2,8 @@ # SLE12 don't have python-virtualenv -zypper -nq in -l python \ +zypper -nq in -l \ + python \ python-devel \ python-virtualenv \ gcc \ From dfd666fd3d8bf56aacc5d6909cc1d0f7f2b008e2 Mon Sep 17 00:00:00 2001 From: Philippe Langlois Date: Thu, 17 Dec 2015 07:40:36 +0100 Subject: [PATCH 15/44] Root prompt explanation + minor typos --- letsencrypt-auto | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/letsencrypt-auto b/letsencrypt-auto index 44c71883c..aec1e81de 100755 --- a/letsencrypt-auto +++ b/letsencrypt-auto @@ -47,13 +47,13 @@ if test "`id -u`" -ne "0" ; then args="" # This `while` loop iterates over all parameters given to this function. # For each parameter, all `'` will be replace by `'"'"'`, and the escaped string - # will be wrap in a pair of `'`, then append to `$args` string + # will be wrapped in a pair of `'`, then appended to `$args` string # For example, `echo "It's only 1\$\!"` will be escaped to: # 'echo' 'It'"'"'s only 1$!' # │ │└┼┘│ # │ │ │ └── `'s only 1$!'` the literal string # │ │ └── `\"'\"` is a single quote (as a string) - # │ └── `'It'`, to be concatenated with the strings followed it + # │ └── `'It'`, to be concatenated with the strings following it # └── `echo` wrapped in a pair of `'`, it's totally fine for the shell command itself while [ $# -ne 0 ]; do args="$args'$(printf "%s" "$1" | sed -e "s/'/'\"'\"'/g")' " @@ -201,5 +201,5 @@ fi # Explain what's about to happen, for the benefit of those getting sudo # password prompts... -echo "Running with virtualenv:" $SUDO $VENV_BIN/letsencrypt "$@" +echo "Requesting root privileges to run with virtualenv:" $SUDO $VENV_BIN/letsencrypt "$@" $SUDO $VENV_BIN/letsencrypt "$@" From 6958710030909f73b367d28a2031b19986740da0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9my=20HUBSCHER?= Date: Thu, 17 Dec 2015 10:13:09 +0100 Subject: [PATCH 16/44] @pde review. --- acme/setup.py | 6 ++++-- setup.py | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/acme/setup.py b/acme/setup.py index e35b40d6e..e75d77efd 100644 --- a/acme/setup.py +++ b/acme/setup.py @@ -10,8 +10,6 @@ install_requires = [ # load_pem_private/public_key (>=0.6) # rsa_recover_prime_factors (>=0.8) 'cryptography>=0.8', - 'ndg-httpsclient', # urllib3 InsecurePlatformWarning (#304) - 'pyasn1', # urllib3 InsecurePlatformWarning (#304) # Connection.set_tlsext_host_name (>=0.13), X509Req.get_extensions (>=0.15) 'PyOpenSSL>=0.15', 'pyrfc3339', @@ -29,6 +27,10 @@ if sys.version_info < (2, 7): 'argparse', 'mock<1.1.0', ]) +elif sys.version_info < (2, 7, 9): + # For secure SSL connexion with Python 2.7 (InsecurePlatformWarning) + install_requires.append('ndg-httpsclient') + install_requires.append('pyasn1') else: install_requires.append('mock') diff --git a/setup.py b/setup.py index e94891802..0341e400b 100644 --- a/setup.py +++ b/setup.py @@ -55,7 +55,7 @@ if sys.version_info < (2, 7): 'argparse', 'mock<1.1.0', ]) -elif sys.version_info < (2, 8): +elif sys.version_info < (2, 7, 9): # For secure SSL connexion with Python 2.7 (InsecurePlatformWarning) install_requires.append('ndg-httpsclient') install_requires.append('pyasn1') From 2ce7d5cbd636b5976f5e1aa00464982d73daf6dc Mon Sep 17 00:00:00 2001 From: Noah Swartz Date: Thu, 17 Dec 2015 12:22:09 -0800 Subject: [PATCH 17/44] add support for verbose count setting logger level --- letsencrypt/storage.py | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/letsencrypt/storage.py b/letsencrypt/storage.py index 3b2b548b0..9614f091a 100644 --- a/letsencrypt/storage.py +++ b/letsencrypt/storage.py @@ -116,6 +116,8 @@ class RenewableCert(object): # pylint: disable=too-many-instance-attributes # read further defaults from the systemwide renewal configuration # file at this stage? self.configuration = config_with_defaults(self.configfile) + logger_level = self.configuration['renewalparams']['verbose_count'] + set_logger_level(logger_level) if not all(x in self.configuration for x in ALL_FOUR): raise errors.CertStorageError( @@ -129,6 +131,21 @@ class RenewableCert(object): # pylint: disable=too-many-instance-attributes self._fix_symlinks() + def set_logger_level(logger_level): + levels_dict = {"0" : 0, + "-1" : 10, + "-2" : 20, + "-3" : 30, + "-4" : 40, + "-5" : 50} + if logger_level in levels_dict: + new_level = levels_dict[logger_level] + else: + new_level = 30 + root_logger = logger.parent + root_logger.setLevel(new_level) + return + def _consistent(self): """Are the files associated with this lineage self-consistent? From 44a9d3d2907a3dc87c2536e2620947d9711ad879 Mon Sep 17 00:00:00 2001 From: Noah Swartz Date: Thu, 17 Dec 2015 12:29:28 -0800 Subject: [PATCH 18/44] fixed self issue --- letsencrypt/storage.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/letsencrypt/storage.py b/letsencrypt/storage.py index 9614f091a..c79903039 100644 --- a/letsencrypt/storage.py +++ b/letsencrypt/storage.py @@ -117,7 +117,7 @@ class RenewableCert(object): # pylint: disable=too-many-instance-attributes # file at this stage? self.configuration = config_with_defaults(self.configfile) logger_level = self.configuration['renewalparams']['verbose_count'] - set_logger_level(logger_level) + self.set_logger_level(logger_level) if not all(x in self.configuration for x in ALL_FOUR): raise errors.CertStorageError( @@ -131,7 +131,7 @@ class RenewableCert(object): # pylint: disable=too-many-instance-attributes self._fix_symlinks() - def set_logger_level(logger_level): + def set_logger_level(self, logger_level): levels_dict = {"0" : 0, "-1" : 10, "-2" : 20, From 253cc3dc8f0b30a2aaa1d5b2ae29ea635ccf4b59 Mon Sep 17 00:00:00 2001 From: Noah Swartz Date: Thu, 17 Dec 2015 14:36:53 -0800 Subject: [PATCH 19/44] have the handler actually set the level of the logger --- letsencrypt/renewer.py | 1 + 1 file changed, 1 insertion(+) diff --git a/letsencrypt/renewer.py b/letsencrypt/renewer.py index 8cb5d1c3d..2f36e7e91 100644 --- a/letsencrypt/renewer.py +++ b/letsencrypt/renewer.py @@ -116,6 +116,7 @@ def renew(cert, old_version): def _cli_log_handler(args, level, fmt): # pylint: disable=unused-argument handler = colored_logging.StreamHandler() handler.setFormatter(logging.Formatter(fmt)) + handler.setLevel(level) return handler From 79432fddc3cc97d2ca7ca7f525eac9ec76441b30 Mon Sep 17 00:00:00 2001 From: Noah Swartz Date: Thu, 17 Dec 2015 16:40:56 -0800 Subject: [PATCH 20/44] undo previous logger changes --- letsencrypt/storage.py | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/letsencrypt/storage.py b/letsencrypt/storage.py index b9587b909..c2992bb47 100644 --- a/letsencrypt/storage.py +++ b/letsencrypt/storage.py @@ -116,8 +116,6 @@ class RenewableCert(object): # pylint: disable=too-many-instance-attributes # read further defaults from the systemwide renewal configuration # file at this stage? self.configuration = config_with_defaults(self.configfile) - logger_level = self.configuration['renewalparams']['verbose_count'] - self.set_logger_level(logger_level) if not all(x in self.configuration for x in ALL_FOUR): raise errors.CertStorageError( @@ -131,21 +129,6 @@ class RenewableCert(object): # pylint: disable=too-many-instance-attributes self._fix_symlinks() - def set_logger_level(self, logger_level): - levels_dict = {"0" : 0, - "-1" : 10, - "-2" : 20, - "-3" : 30, - "-4" : 40, - "-5" : 50} - if logger_level in levels_dict: - new_level = levels_dict[logger_level] - else: - new_level = 30 - root_logger = logger.parent - root_logger.setLevel(new_level) - return - def _consistent(self): """Are the files associated with this lineage self-consistent? From 483ab16f574df34c339d457bfa39cd7c62191bae Mon Sep 17 00:00:00 2001 From: Ward Vandewege Date: Fri, 18 Dec 2015 20:34:35 -0500 Subject: [PATCH 21/44] fix typo in using.rst --- docs/using.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/using.rst b/docs/using.rst index 115688c93..5da13f02c 100644 --- a/docs/using.rst +++ b/docs/using.rst @@ -371,7 +371,7 @@ If you run Debian Stretch or Debian Sid, you can install letsencrypt packages. sudo apt-get update sudo apt-get install letsencrypt python-letsencrypt-apache -If you don't want to use the Apache plugin, you can ommit the +If you don't want to use the Apache plugin, you can omit the ``python-letsencrypt-apache`` package. Packages for Debian Jessie are coming in the next few weeks. From 55d1f68c77cfa1cd1e7cb9843d6cab8541d86bf7 Mon Sep 17 00:00:00 2001 From: Ward Vandewege Date: Fri, 18 Dec 2015 21:17:05 -0500 Subject: [PATCH 22/44] Suppress spurious output Suppress spurious output while testing for the presence of the virtualenv or python-virtualenv package. --- bootstrap/_deb_common.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bootstrap/_deb_common.sh b/bootstrap/_deb_common.sh index 4c6b91a33..e82fa7271 100755 --- a/bootstrap/_deb_common.sh +++ b/bootstrap/_deb_common.sh @@ -24,11 +24,11 @@ apt-get update # distro version (#346) virtualenv= -if apt-cache show virtualenv > /dev/null ; then +if apt-cache show virtualenv > /dev/null 2>&1; then virtualenv="virtualenv" fi -if apt-cache show python-virtualenv > /dev/null ; then +if apt-cache show python-virtualenv > /dev/null 2>&1; then virtualenv="$virtualenv python-virtualenv" fi From cd7051323f008d5dc1a687f402fddc725d8049f5 Mon Sep 17 00:00:00 2001 From: Ward Vandewege Date: Fri, 18 Dec 2015 21:27:24 -0500 Subject: [PATCH 23/44] Fix typo in comment --- letsencrypt/cli.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/letsencrypt/cli.py b/letsencrypt/cli.py index 29519d430..aba9116f9 100644 --- a/letsencrypt/cli.py +++ b/letsencrypt/cli.py @@ -1189,7 +1189,7 @@ def _plugins_parsing(helpful, plugins): # These would normally be a flag within the webroot plugin, but because # they are parsed in conjunction with --domains, they live here for - # legibiility. helpful.add_plugin_ags must be called first to add the + # legibility. helpful.add_plugin_ags must be called first to add the # "webroot" topic helpful.add("webroot", "-w", "--webroot-path", action=WebrootPathProcessor, help="public_html / webroot path. This can be specified multiple times to " From 0822906c297856b6d745fd020ca55233e80393c4 Mon Sep 17 00:00:00 2001 From: Daniel Convissor Date: Sat, 19 Dec 2015 09:41:37 -0500 Subject: [PATCH 24/44] Keep storage.names() from passing None to open() Fixes exiting abnormally with: TypeError: coercing to Unicode: need string or buffer, NoneType found --- letsencrypt/storage.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/letsencrypt/storage.py b/letsencrypt/storage.py index c2992bb47..ac71bd9fe 100644 --- a/letsencrypt/storage.py +++ b/letsencrypt/storage.py @@ -450,12 +450,15 @@ class RenewableCert(object): # pylint: disable=too-many-instance-attributes :param int version: the desired version number :returns: the subject names :rtype: `list` of `str` + :raises .CertStorageError: if could not find cert file. """ if version is None: target = self.current_target("cert") else: target = self.version("cert", version) + if target is None: + raise errors.CertStorageError("could not find cert file") with open(target) as f: return crypto_util.get_sans_from_cert(f.read()) From 212f04fd922f2976d86fa8cf96a2b22e113e8b23 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9my=20HUBSCHER?= Date: Sun, 20 Dec 2015 16:02:32 +0100 Subject: [PATCH 25/44] @kuba review --- acme/setup.py | 7 ++++--- setup.py | 7 ++++--- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/acme/setup.py b/acme/setup.py index e75d77efd..ba2c88394 100644 --- a/acme/setup.py +++ b/acme/setup.py @@ -27,12 +27,13 @@ if sys.version_info < (2, 7): 'argparse', 'mock<1.1.0', ]) -elif sys.version_info < (2, 7, 9): +else: + install_requires.append('mock') + +if sys.version_info < (2, 7, 9): # For secure SSL connexion with Python 2.7 (InsecurePlatformWarning) install_requires.append('ndg-httpsclient') install_requires.append('pyasn1') -else: - install_requires.append('mock') docs_extras = [ 'Sphinx>=1.0', # autodoc_member_order = 'bysource', autodoc_default_flags diff --git a/setup.py b/setup.py index 0341e400b..3d1acae39 100644 --- a/setup.py +++ b/setup.py @@ -55,12 +55,13 @@ if sys.version_info < (2, 7): 'argparse', 'mock<1.1.0', ]) -elif sys.version_info < (2, 7, 9): +else: + install_requires.append('mock') + +if sys.version_info < (2, 7, 9): # For secure SSL connexion with Python 2.7 (InsecurePlatformWarning) install_requires.append('ndg-httpsclient') install_requires.append('pyasn1') -else: - install_requires.append('mock') dev_extras = [ # Pin astroid==1.3.5, pylint==1.4.2 as a workaround for #289 From ca39b0d12597621d840555f5b29a1b03e37f7ad0 Mon Sep 17 00:00:00 2001 From: Noah Swartz Date: Mon, 21 Dec 2015 14:39:14 -0800 Subject: [PATCH 26/44] fixed linting problems --- .../letsencrypt_apache/tests/configurator_test.py | 5 ++++- letsencrypt-apache/letsencrypt_apache/tests/parser_test.py | 6 ++++-- .../letsencrypt_apache/tests/tls_sni_01_test.py | 3 ++- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py b/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py index 2d57de668..d7bc04f20 100644 --- a/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py +++ b/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py @@ -33,9 +33,12 @@ class TwoVhost80Test(util.ApacheTest): self.temp_dir, "debian_apache_2_4/two_vhost_80") def mock_deploy_cert(self, config): + """A test for a mock deploy cert""" self.config.real_deploy_cert = self.config.deploy_cert def mocked_deploy_cert(*args, **kwargs): - with mock.patch("letsencrypt_apache.configurator.ApacheConfigurator.enable_mod") as mock_enable: + """a helper to mock a deployed cert""" + with mock.patch( + "letsencrypt_apache.configurator.ApacheConfigurator.enable_mod"): config.real_deploy_cert(*args, **kwargs) self.config.deploy_cert = mocked_deploy_cert return self.config diff --git a/letsencrypt-apache/letsencrypt_apache/tests/parser_test.py b/letsencrypt-apache/letsencrypt_apache/tests/parser_test.py index 57a75bcec..352c2fcf4 100644 --- a/letsencrypt-apache/letsencrypt_apache/tests/parser_test.py +++ b/letsencrypt-apache/letsencrypt_apache/tests/parser_test.py @@ -152,7 +152,7 @@ class BasicParserTest(util.ParserTest): def test_update_runtime_vars_bad_output(self, mock_cfg): mock_cfg.return_value = "Define: TLS=443=24" self.parser.update_runtime_variables("ctl") - self.assertTrue( self.parser.unparsable) + self.assertTrue(self.parser.unparsable) mock_cfg.return_value = "Define: DUMP_RUN_CFG\nDefine: TLS=443=24" self.assertRaises( @@ -189,6 +189,8 @@ class ParserInitTest(util.ApacheTest): def test_unparsable(self, mock_cfg): from letsencrypt_apache.parser import ApacheParser def unparsable_true(self, arg): + """a helper to set the self unparsabale to true""" + print "side effect has passed in arg: %s", arg self.unparsable = True with mock.patch.object(ApacheParser, 'update_runtime_variables', autospec=True) as urv: urv.side_effect = unparsable_true @@ -196,7 +198,7 @@ class ParserInitTest(util.ApacheTest): self.assertRaises( errors.PluginError, ApacheParser, self.aug, os.path.relpath(self.config_path), "ctl") - self.assertEquals(1,1) + self.assertEquals(1, 1) def test_root_normalized(self): from letsencrypt_apache.parser import ApacheParser diff --git a/letsencrypt-apache/letsencrypt_apache/tests/tls_sni_01_test.py b/letsencrypt-apache/letsencrypt_apache/tests/tls_sni_01_test.py index 6f10555f8..7db4eee6f 100644 --- a/letsencrypt-apache/letsencrypt_apache/tests/tls_sni_01_test.py +++ b/letsencrypt-apache/letsencrypt_apache/tests/tls_sni_01_test.py @@ -78,7 +78,8 @@ class TlsSniPerformTest(util.ApacheTest): # pylint: disable=protected-access self.sni._setup_challenge_cert = mock_setup_cert - with mock.patch("letsencrypt_apache.configurator.ApacheConfigurator.enable_mod") as mock_enable: + with mock.patch( + "letsencrypt_apache.configurator.ApacheConfigurator.enable_mod"): sni_responses = self.sni.perform() self.assertEqual(mock_setup_cert.call_count, 2) From 42333536517329dcb6584bf9da9c52389ff1be27 Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Mon, 21 Dec 2015 16:41:57 -0800 Subject: [PATCH 27/44] release.sh stage version changes to letsencrypt/ ! Fixes: #1966 --- tools/release.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/release.sh b/tools/release.sh index eeabfd4a3..172f6fea1 100755 --- a/tools/release.sh +++ b/tools/release.sh @@ -86,7 +86,7 @@ SetVersion() { done sed -i "s/^__version.*/__version__ = '$ver'/" letsencrypt/__init__.py - git add -p $SUBPKGS # interactive user input + git add -p letsencrypt $SUBPKGS # interactive user input } SetVersion "$version" git commit --gpg-sign="$RELEASE_GPG_KEY" -m "Release $version" From 61816a4029717860e2940d00d7c48e51e80d6bf7 Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Mon, 21 Dec 2015 18:28:05 -0800 Subject: [PATCH 28/44] Give the user some warning before enabling backports --- bootstrap/_deb_common.sh | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/bootstrap/_deb_common.sh b/bootstrap/_deb_common.sh index cd9036581..1fc9babcc 100755 --- a/bootstrap/_deb_common.sh +++ b/bootstrap/_deb_common.sh @@ -38,11 +38,20 @@ AUGVERSION=`apt-cache show --no-all-versions libaugeas0 | grep ^Version: | cut - if dpkg --compare-version 1.0 gt "$AUGVERSION" ; then if lsb_release -a | grep -q wheezy ; then if ! grep -v -e ' *#' /etc/apt/sources.list | grep -q wheezy-backports ; then - # XXX ask for permission before doing this? - echo Installing augeas from wheezy-backports... - echo deb http://http.debian.net/debian wheezy-backports main >> /etc/apt/sources.list - apt-get update - apt-get install -y --no-install-recommends -t wheezy-backports libaugeas0 + # This can theoretically error if sources.list.d is empty, but in that case we don't care. + if ! grep -v -e ' *#' /etc/apt/sources.list.d/* | grep -q wheezy-backports 2>/dev/null ; then + echo -n "Installing libaugeas0 from wheezy-backports in 3 seconds..." + sleep 1s + echo -e "\e[0K\rInstalling libaugeas0 from wheezy-backports in 2 seconds..." + sleep 1s + echo -e "\e[0K\rInstalling libaugeas0 from wheezy-backports in 1 second ..." + sleep 1s + echo '(Backports are only installed if explicitly requested via "apt-get install -t wheezy-backports")' + + echo deb http://http.debian.net/debian wheezy-backports main >> /etc/apt/sources.list.d/wheezy-backports.list + apt-get update + apt-get install -y --no-install-recommends -t wheezy-backports libaugeas0 + fi fi augeas_pkg= else From 527eb82e6e436662bcfed10145e7c6cfde682d39 Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Mon, 21 Dec 2015 18:28:36 -0800 Subject: [PATCH 29/44] Install backports, even if they were already present --- bootstrap/_deb_common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bootstrap/_deb_common.sh b/bootstrap/_deb_common.sh index 1fc9babcc..aadacba0a 100755 --- a/bootstrap/_deb_common.sh +++ b/bootstrap/_deb_common.sh @@ -50,9 +50,9 @@ if dpkg --compare-version 1.0 gt "$AUGVERSION" ; then echo deb http://http.debian.net/debian wheezy-backports main >> /etc/apt/sources.list.d/wheezy-backports.list apt-get update - apt-get install -y --no-install-recommends -t wheezy-backports libaugeas0 fi fi + apt-get install -y --no-install-recommends -t wheezy-backports libaugeas0 augeas_pkg= else echo "No libaugeas0 version is available that's new enough to run the" From aa6bf73d4ad828bb87b7f02a0b17e9f98360bb1b Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Mon, 21 Dec 2015 19:57:12 -0800 Subject: [PATCH 30/44] Only test permission failures if we're not root or, more generally, if we're on a system where permissions are being enforced Closes: #1979 --- letsencrypt/plugins/webroot_test.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/letsencrypt/plugins/webroot_test.py b/letsencrypt/plugins/webroot_test.py index 9f5b6bba8..07e41e0d0 100644 --- a/letsencrypt/plugins/webroot_test.py +++ b/letsencrypt/plugins/webroot_test.py @@ -66,8 +66,17 @@ class AuthenticatorTest(unittest.TestCase): def test_prepare_reraises_other_errors(self): self.auth.full_path = os.path.join(self.path, "null") + permission_canary = os.path.join(self.path, "rnd") + f = open(permission_canary, "w") + f.write("thingimy") + f.close() os.chmod(self.path, 0o000) - self.assertRaises(errors.PluginError, self.auth.prepare) + try: + open(permission_canary, "r") + print("Warning, running tests as root skips permissions tests...") + except IOError: + # ok, permissions work, test away... + self.assertRaises(errors.PluginError, self.auth.prepare) os.chmod(self.path, 0o700) @mock.patch("letsencrypt.plugins.webroot.os.chown") From e41339cda8e8d091f0bc7babbdd9098c7d17a1f7 Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Mon, 21 Dec 2015 20:01:28 -0800 Subject: [PATCH 31/44] Keep lint happy (But what about py3?) --- letsencrypt/plugins/webroot_test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/letsencrypt/plugins/webroot_test.py b/letsencrypt/plugins/webroot_test.py index 07e41e0d0..137a2673e 100644 --- a/letsencrypt/plugins/webroot_test.py +++ b/letsencrypt/plugins/webroot_test.py @@ -73,7 +73,7 @@ class AuthenticatorTest(unittest.TestCase): os.chmod(self.path, 0o000) try: open(permission_canary, "r") - print("Warning, running tests as root skips permissions tests...") + print "Warning, running tests as root skips permissions tests..." except IOError: # ok, permissions work, test away... self.assertRaises(errors.PluginError, self.auth.prepare) From 67c0c454b4d7381f42bff3677b819818151094ac Mon Sep 17 00:00:00 2001 From: Joona Hoikkala Date: Tue, 22 Dec 2015 13:12:11 +0200 Subject: [PATCH 32/44] Fixed bug in bootstrapping script --- bootstrap/_deb_common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bootstrap/_deb_common.sh b/bootstrap/_deb_common.sh index aadacba0a..227a2a9e3 100755 --- a/bootstrap/_deb_common.sh +++ b/bootstrap/_deb_common.sh @@ -35,7 +35,7 @@ fi augeas_pkg=libaugeas0 AUGVERSION=`apt-cache show --no-all-versions libaugeas0 | grep ^Version: | cut -d" " -f2` -if dpkg --compare-version 1.0 gt "$AUGVERSION" ; then +if dpkg --compare-versions 1.0 gt "$AUGVERSION" ; then if lsb_release -a | grep -q wheezy ; then if ! grep -v -e ' *#' /etc/apt/sources.list | grep -q wheezy-backports ; then # This can theoretically error if sources.list.d is empty, but in that case we don't care. From 092b906dee9d51f9762d16a4497a3beaf279b057 Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Tue, 22 Dec 2015 11:20:42 -0800 Subject: [PATCH 33/44] Fix the prettyprinted note --- bootstrap/_deb_common.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/bootstrap/_deb_common.sh b/bootstrap/_deb_common.sh index 227a2a9e3..d6487381e 100755 --- a/bootstrap/_deb_common.sh +++ b/bootstrap/_deb_common.sh @@ -40,13 +40,13 @@ if dpkg --compare-versions 1.0 gt "$AUGVERSION" ; then if ! grep -v -e ' *#' /etc/apt/sources.list | grep -q wheezy-backports ; then # This can theoretically error if sources.list.d is empty, but in that case we don't care. if ! grep -v -e ' *#' /etc/apt/sources.list.d/* | grep -q wheezy-backports 2>/dev/null ; then - echo -n "Installing libaugeas0 from wheezy-backports in 3 seconds..." + /bin/echo -n "Installing augeas from wheezy-backports in 3 seconds..." sleep 1s - echo -e "\e[0K\rInstalling libaugeas0 from wheezy-backports in 2 seconds..." + /bin/echo -ne "\e[0K\rInstalling augeas from wheezy-backports in 2 seconds..." sleep 1s - echo -e "\e[0K\rInstalling libaugeas0 from wheezy-backports in 1 second ..." + /bin/echo -ne "\e[0K\rInstalling augeas from wheezy-backports in 1 second ..." sleep 1s - echo '(Backports are only installed if explicitly requested via "apt-get install -t wheezy-backports")' + /bin/echo '(Backports are only installed if explicitly requested via "apt-get install -t wheezy-backports")' echo deb http://http.debian.net/debian wheezy-backports main >> /etc/apt/sources.list.d/wheezy-backports.list apt-get update From eaa6a51f0fa8e031fb6894059a877fe06884ae37 Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Tue, 22 Dec 2015 11:23:36 -0800 Subject: [PATCH 34/44] A different kind of silence --- bootstrap/_deb_common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bootstrap/_deb_common.sh b/bootstrap/_deb_common.sh index d6487381e..3c33e9beb 100755 --- a/bootstrap/_deb_common.sh +++ b/bootstrap/_deb_common.sh @@ -39,7 +39,7 @@ if dpkg --compare-versions 1.0 gt "$AUGVERSION" ; then if lsb_release -a | grep -q wheezy ; then if ! grep -v -e ' *#' /etc/apt/sources.list | grep -q wheezy-backports ; then # This can theoretically error if sources.list.d is empty, but in that case we don't care. - if ! grep -v -e ' *#' /etc/apt/sources.list.d/* | grep -q wheezy-backports 2>/dev/null ; then + if ! grep -v -e ' *#' /etc/apt/sources.list.d/* | grep -q wheezy-backports >/dev/null ; then /bin/echo -n "Installing augeas from wheezy-backports in 3 seconds..." sleep 1s /bin/echo -ne "\e[0K\rInstalling augeas from wheezy-backports in 2 seconds..." From 28fef227ebb25c8a08baee32ae2d18b96a935a60 Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Tue, 22 Dec 2015 11:26:36 -0800 Subject: [PATCH 35/44] Final tweaks And a third kind of silence --- bootstrap/_deb_common.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bootstrap/_deb_common.sh b/bootstrap/_deb_common.sh index 3c33e9beb..6f9d41c5d 100755 --- a/bootstrap/_deb_common.sh +++ b/bootstrap/_deb_common.sh @@ -39,12 +39,12 @@ if dpkg --compare-versions 1.0 gt "$AUGVERSION" ; then if lsb_release -a | grep -q wheezy ; then if ! grep -v -e ' *#' /etc/apt/sources.list | grep -q wheezy-backports ; then # This can theoretically error if sources.list.d is empty, but in that case we don't care. - if ! grep -v -e ' *#' /etc/apt/sources.list.d/* | grep -q wheezy-backports >/dev/null ; then + if ! grep -v -e ' *#' /etc/apt/sources.list.d/* 2>/dev/null | grep -q wheezy-backports ; then /bin/echo -n "Installing augeas from wheezy-backports in 3 seconds..." sleep 1s /bin/echo -ne "\e[0K\rInstalling augeas from wheezy-backports in 2 seconds..." sleep 1s - /bin/echo -ne "\e[0K\rInstalling augeas from wheezy-backports in 1 second ..." + /bin/echo -e "\e[0K\rInstalling augeas from wheezy-backports in 1 second ..." sleep 1s /bin/echo '(Backports are only installed if explicitly requested via "apt-get install -t wheezy-backports")' From bccff905db5b29bbe346d1669b376e750770001f Mon Sep 17 00:00:00 2001 From: Dominic Cleal Date: Tue, 22 Dec 2015 22:14:53 +0000 Subject: [PATCH 36/44] Add passing test for quote inside RewriteRule Already fixed recently by commit a72e498. Closes: #1960 --- tests/apache-conf-files/passing/rewrite-quote-1960.conf | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 tests/apache-conf-files/passing/rewrite-quote-1960.conf diff --git a/tests/apache-conf-files/passing/rewrite-quote-1960.conf b/tests/apache-conf-files/passing/rewrite-quote-1960.conf new file mode 100644 index 000000000..26214e7b0 --- /dev/null +++ b/tests/apache-conf-files/passing/rewrite-quote-1960.conf @@ -0,0 +1,7 @@ + + RewriteEngine On + RewriteCond %{REQUEST_URI} ^.*(,|;|:|<|>|">|"<|/|\\\.\.\\).* [NC,OR] + RewriteCond %{REQUEST_URI} ^.*(\=|\@|\[|\]|\^|\`|\{|\}|\~).* [NC,OR] + RewriteCond %{REQUEST_URI} ^.*(\'|%0A|%0D|%27|%3C|%3E|%00).* [NC] + RewriteRule ^(.*)$ - [F,L] + From f5cf58f42ef0704a9b4ddf122310527764d727ba Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Tue, 22 Dec 2015 15:42:53 -0800 Subject: [PATCH 37/44] with .. open .. as # definitely nicer --- letsencrypt/plugins/webroot_test.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/letsencrypt/plugins/webroot_test.py b/letsencrypt/plugins/webroot_test.py index 137a2673e..defe9396b 100644 --- a/letsencrypt/plugins/webroot_test.py +++ b/letsencrypt/plugins/webroot_test.py @@ -67,9 +67,8 @@ class AuthenticatorTest(unittest.TestCase): def test_prepare_reraises_other_errors(self): self.auth.full_path = os.path.join(self.path, "null") permission_canary = os.path.join(self.path, "rnd") - f = open(permission_canary, "w") - f.write("thingimy") - f.close() + with open(permission_canary, "w") as f: + f.write("thingimy") os.chmod(self.path, 0o000) try: open(permission_canary, "r") From ebfe1254ea11112689fa606cd6c29100a26e058d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9my=20HUBSCHER?= Date: Sun, 20 Dec 2015 16:23:19 +0100 Subject: [PATCH 38/44] Update the ACME github repository URL. --- acme/acme/__init__.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/acme/acme/__init__.py b/acme/acme/__init__.py index c38cea414..0f5f0e4bd 100644 --- a/acme/acme/__init__.py +++ b/acme/acme/__init__.py @@ -1,12 +1,12 @@ """ACME protocol implementation. This module is an implementation of the `ACME protocol`_. Latest -supported version: `v02`_. +supported version: `draft-ietf-acme-01`_. -.. _`ACME protocol`: https://github.com/letsencrypt/acme-spec +.. _`ACME protocol`: https://github.com/ietf-wg-acme/acme/ -.. _`v02`: - https://github.com/letsencrypt/acme-spec/commit/d328fea2d507deb9822793c512830d827a4150c4 +.. _`draft-ietf-acme-01`: + https://github.com/ietf-wg-acme/acme/tree/draft-ietf-acme-acme-01 """ From 4156d1ceccc3ccad2375ea1f6f9b017bfa705986 Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Wed, 23 Dec 2015 12:28:57 -0500 Subject: [PATCH 39/44] Ignore log directories and key files --- .gitignore | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.gitignore b/.gitignore index ba843d9cc..1becea3b4 100644 --- a/.gitignore +++ b/.gitignore @@ -22,3 +22,7 @@ letsencrypt.log # auth --cert-path --chain-path /*.pem + +# letstest +tests/letstest/letest-*/ +tests/letstest/*.pem From c9b9b0edda27c3be3173fdcda0e98bcbd4995b3c Mon Sep 17 00:00:00 2001 From: Noah Swartz Date: Wed, 23 Dec 2015 10:31:31 -0800 Subject: [PATCH 40/44] add debug statement --- letsencrypt-apache/letsencrypt_apache/configurator.py | 1 + 1 file changed, 1 insertion(+) diff --git a/letsencrypt-apache/letsencrypt_apache/configurator.py b/letsencrypt-apache/letsencrypt_apache/configurator.py index f72492ac2..1d86da066 100644 --- a/letsencrypt-apache/letsencrypt_apache/configurator.py +++ b/letsencrypt-apache/letsencrypt_apache/configurator.py @@ -1271,6 +1271,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): """ self.config_test() + logger.debug(self.aug.view_config_changes(self)) self._reload() def _reload(self): From 8b50274d8821becfab40b53bb379a7f350ea757b Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Wed, 23 Dec 2015 11:33:39 -0800 Subject: [PATCH 41/44] --hsts should not use includeSubDomains Fixes #1728 --- letsencrypt-apache/letsencrypt_apache/constants.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/letsencrypt-apache/letsencrypt_apache/constants.py b/letsencrypt-apache/letsencrypt_apache/constants.py index eb004b975..4944ded1f 100644 --- a/letsencrypt-apache/letsencrypt_apache/constants.py +++ b/letsencrypt-apache/letsencrypt_apache/constants.py @@ -33,7 +33,7 @@ REWRITE_HTTPS_ARGS_WITH_END = [ https vhost""" HSTS_ARGS = ["always", "set", "Strict-Transport-Security", - "\"max-age=31536000; includeSubDomains\""] + "\"max-age=31536000\""] """Apache header arguments for HSTS""" UIR_ARGS = ["always", "set", "Content-Security-Policy", From 49f36f8071b7804b235e7b80be3bd7b8a9d2754f Mon Sep 17 00:00:00 2001 From: Noah Swartz Date: Wed, 23 Dec 2015 14:57:14 -0800 Subject: [PATCH 42/44] also debug the written conf file --- letsencrypt-apache/letsencrypt_apache/tls_sni_01.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/letsencrypt-apache/letsencrypt_apache/tls_sni_01.py b/letsencrypt-apache/letsencrypt_apache/tls_sni_01.py index 4284e240c..def3b18a6 100644 --- a/letsencrypt-apache/letsencrypt_apache/tls_sni_01.py +++ b/letsencrypt-apache/letsencrypt_apache/tls_sni_01.py @@ -104,8 +104,9 @@ class ApacheTlsSni01(common.TLSSNI01): self.configurator.reverter.register_file_creation( True, self.challenge_conf) - with open(self.challenge_conf, "w") as new_conf: + with open(self.challenge_conf, "rw") as new_conf: new_conf.write(config_text) + logger.debug(new_conf.read()) return addrs From 6a026597f4e7961bbe8557f17c823a39cd718d00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9my=20HUBSCHER?= Date: Thu, 24 Dec 2015 00:30:51 +0100 Subject: [PATCH 43/44] =?UTF-8?q?Move=20validator=20to=20compatibility-tes?= =?UTF-8?q?t=20=E2=80=94=20Refs=20#1997?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../test_driver.py | 3 +- .../validator.py | 0 .../validator_test.py | 35 ++++++++++--------- letsencrypt-compatibility-test/setup.py | 6 ++++ setup.py | 6 ---- 5 files changed, 27 insertions(+), 23 deletions(-) rename {letsencrypt => letsencrypt-compatibility-test/letsencrypt_compatibility_test}/validator.py (100%) rename {letsencrypt/tests => letsencrypt-compatibility-test/letsencrypt_compatibility_test}/validator_test.py (77%) diff --git a/letsencrypt-compatibility-test/letsencrypt_compatibility_test/test_driver.py b/letsencrypt-compatibility-test/letsencrypt_compatibility_test/test_driver.py index 5765003b9..ee679bdb7 100644 --- a/letsencrypt-compatibility-test/letsencrypt_compatibility_test/test_driver.py +++ b/letsencrypt-compatibility-test/letsencrypt_compatibility_test/test_driver.py @@ -15,11 +15,12 @@ from acme import crypto_util from acme import messages from letsencrypt import achallenges from letsencrypt import errors as le_errors -from letsencrypt import validator from letsencrypt.tests import acme_util from letsencrypt_compatibility_test import errors from letsencrypt_compatibility_test import util +from letsencrypt_compatibility_test import validator + from letsencrypt_compatibility_test.configurators.apache import apache24 diff --git a/letsencrypt/validator.py b/letsencrypt-compatibility-test/letsencrypt_compatibility_test/validator.py similarity index 100% rename from letsencrypt/validator.py rename to letsencrypt-compatibility-test/letsencrypt_compatibility_test/validator.py diff --git a/letsencrypt/tests/validator_test.py b/letsencrypt-compatibility-test/letsencrypt_compatibility_test/validator_test.py similarity index 77% rename from letsencrypt/tests/validator_test.py rename to letsencrypt-compatibility-test/letsencrypt_compatibility_test/validator_test.py index c7416dc46..3a3bbc4b2 100644 --- a/letsencrypt/tests/validator_test.py +++ b/letsencrypt-compatibility-test/letsencrypt_compatibility_test/validator_test.py @@ -1,4 +1,4 @@ -"""Tests for letsencrypt.validator.""" +"""Tests for letsencrypt_compatibility_test.validator.""" import requests import unittest @@ -6,28 +6,31 @@ import mock import OpenSSL from acme import errors as acme_errors -from letsencrypt import validator +from letsencrypt_compatibility_test import validator class ValidatorTest(unittest.TestCase): def setUp(self): self.validator = validator.Validator() - @mock.patch("letsencrypt.validator.crypto_util.probe_sni") + @mock.patch( + "letsencrypt_compatibility_test.validator.crypto_util.probe_sni") def test_certificate_success(self, mock_probe_sni): cert = OpenSSL.crypto.X509() mock_probe_sni.return_value = cert self.assertTrue(self.validator.certificate( cert, "test.com", "127.0.0.1")) - @mock.patch("letsencrypt.validator.crypto_util.probe_sni") + @mock.patch( + "letsencrypt_compatibility_test.validator.crypto_util.probe_sni") def test_certificate_error(self, mock_probe_sni): cert = OpenSSL.crypto.X509() mock_probe_sni.side_effect = [acme_errors.Error] self.assertFalse(self.validator.certificate( cert, "test.com", "127.0.0.1")) - @mock.patch("letsencrypt.validator.crypto_util.probe_sni") + @mock.patch( + "letsencrypt_compatibility_test.validator.crypto_util.probe_sni") def test_certificate_failure(self, mock_probe_sni): cert = OpenSSL.crypto.X509() cert.set_serial_number(1337) @@ -35,67 +38,67 @@ class ValidatorTest(unittest.TestCase): self.assertFalse(self.validator.certificate( cert, "test.com", "127.0.0.1")) - @mock.patch("letsencrypt.validator.requests.get") + @mock.patch("letsencrypt_compatibility_test.validator.requests.get") def test_succesful_redirect(self, mock_get_request): mock_get_request.return_value = create_response( 301, {"location": "https://test.com"}) self.assertTrue(self.validator.redirect("test.com")) - @mock.patch("letsencrypt.validator.requests.get") + @mock.patch("letsencrypt_compatibility_test.validator.requests.get") def test_redirect_with_headers(self, mock_get_request): mock_get_request.return_value = create_response( 301, {"location": "https://test.com"}) self.assertTrue(self.validator.redirect( "test.com", headers={"Host": "test.com"})) - @mock.patch("letsencrypt.validator.requests.get") + @mock.patch("letsencrypt_compatibility_test.validator.requests.get") def test_redirect_missing_location(self, mock_get_request): mock_get_request.return_value = create_response(301) self.assertFalse(self.validator.redirect("test.com")) - @mock.patch("letsencrypt.validator.requests.get") + @mock.patch("letsencrypt_compatibility_test.validator.requests.get") def test_redirect_wrong_status_code(self, mock_get_request): mock_get_request.return_value = create_response( 201, {"location": "https://test.com"}) self.assertFalse(self.validator.redirect("test.com")) - @mock.patch("letsencrypt.validator.requests.get") + @mock.patch("letsencrypt_compatibility_test.validator.requests.get") def test_redirect_wrong_redirect_code(self, mock_get_request): mock_get_request.return_value = create_response( 303, {"location": "https://test.com"}) self.assertFalse(self.validator.redirect("test.com")) - @mock.patch("letsencrypt.validator.requests.get") + @mock.patch("letsencrypt_compatibility_test.validator.requests.get") def test_hsts_empty(self, mock_get_request): mock_get_request.return_value = create_response( headers={"strict-transport-security": ""}) self.assertFalse(self.validator.hsts("test.com")) - @mock.patch("letsencrypt.validator.requests.get") + @mock.patch("letsencrypt_compatibility_test.validator.requests.get") def test_hsts_malformed(self, mock_get_request): mock_get_request.return_value = create_response( headers={"strict-transport-security": "sdfal"}) self.assertFalse(self.validator.hsts("test.com")) - @mock.patch("letsencrypt.validator.requests.get") + @mock.patch("letsencrypt_compatibility_test.validator.requests.get") def test_hsts_bad_max_age(self, mock_get_request): mock_get_request.return_value = create_response( headers={"strict-transport-security": "max-age=not-an-int"}) self.assertFalse(self.validator.hsts("test.com")) - @mock.patch("letsencrypt.validator.requests.get") + @mock.patch("letsencrypt_compatibility_test.validator.requests.get") def test_hsts_expire(self, mock_get_request): mock_get_request.return_value = create_response( headers={"strict-transport-security": "max-age=3600"}) self.assertFalse(self.validator.hsts("test.com")) - @mock.patch("letsencrypt.validator.requests.get") + @mock.patch("letsencrypt_compatibility_test.validator.requests.get") def test_hsts(self, mock_get_request): mock_get_request.return_value = create_response( headers={"strict-transport-security": "max-age=31536000"}) self.assertTrue(self.validator.hsts("test.com")) - @mock.patch("letsencrypt.validator.requests.get") + @mock.patch("letsencrypt_compatibility_test.validator.requests.get") def test_hsts_include_subdomains(self, mock_get_request): mock_get_request.return_value = create_response( headers={"strict-transport-security": diff --git a/letsencrypt-compatibility-test/setup.py b/letsencrypt-compatibility-test/setup.py index eb7e23036..1ff9e7649 100644 --- a/letsencrypt-compatibility-test/setup.py +++ b/letsencrypt-compatibility-test/setup.py @@ -10,6 +10,7 @@ install_requires = [ 'letsencrypt=={0}'.format(version), 'letsencrypt-apache=={0}'.format(version), 'docker-py', + 'requests', 'zope.interface', ] @@ -18,6 +19,11 @@ if sys.version_info < (2, 7): else: install_requires.append('mock') +if sys.version_info < (2, 7, 9): + # For secure SSL connexion with Python 2.7 (InsecurePlatformWarning) + install_requires.append('ndg-httpsclient') + install_requires.append('pyasn1') + docs_extras = [ 'repoze.sphinx.autointerface', 'Sphinx>=1.0', # autodoc_member_order = 'bysource', autodoc_default_flags diff --git a/setup.py b/setup.py index ae36777ef..f95f672ff 100644 --- a/setup.py +++ b/setup.py @@ -40,7 +40,6 @@ install_requires = [ 'pyrfc3339', 'python2-pythondialog>=3.2.2rc1', # Debian squeeze support, cf. #280 'pytz', - 'requests', 'setuptools', # pkg_resources 'six', 'zope.component', @@ -61,11 +60,6 @@ else: 'mock', ]) -if sys.version_info < (2, 7, 9): - # For secure SSL connexion with Python 2.7 (InsecurePlatformWarning) - install_requires.append('ndg-httpsclient') - install_requires.append('pyasn1') - dev_extras = [ # Pin astroid==1.3.5, pylint==1.4.2 as a workaround for #289 'astroid==1.3.5', From ea2c86b9265bc05a750fcbfe999ed2f9ea918878 Mon Sep 17 00:00:00 2001 From: Noah Swartz Date: Wed, 23 Dec 2015 16:08:33 -0800 Subject: [PATCH 44/44] fixed linting and added logger --- letsencrypt-apache/letsencrypt_apache/configurator.py | 2 +- letsencrypt-apache/letsencrypt_apache/tls_sni_01.py | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/letsencrypt-apache/letsencrypt_apache/configurator.py b/letsencrypt-apache/letsencrypt_apache/configurator.py index 1d86da066..1baa06128 100644 --- a/letsencrypt-apache/letsencrypt_apache/configurator.py +++ b/letsencrypt-apache/letsencrypt_apache/configurator.py @@ -1271,7 +1271,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): """ self.config_test() - logger.debug(self.aug.view_config_changes(self)) + logger.debug(self.reverter.view_config_changes()) self._reload() def _reload(self): diff --git a/letsencrypt-apache/letsencrypt_apache/tls_sni_01.py b/letsencrypt-apache/letsencrypt_apache/tls_sni_01.py index def3b18a6..a770804d1 100644 --- a/letsencrypt-apache/letsencrypt_apache/tls_sni_01.py +++ b/letsencrypt-apache/letsencrypt_apache/tls_sni_01.py @@ -1,12 +1,14 @@ """A class that performs TLS-SNI-01 challenges for Apache""" import os +import logging from letsencrypt.plugins import common from letsencrypt_apache import obj from letsencrypt_apache import parser +logger = logging.getLogger(__name__) class ApacheTlsSni01(common.TLSSNI01): """Class that performs TLS-SNI-01 challenges within the Apache configurator @@ -104,9 +106,9 @@ class ApacheTlsSni01(common.TLSSNI01): self.configurator.reverter.register_file_creation( True, self.challenge_conf) - with open(self.challenge_conf, "rw") as new_conf: + logger.debug("writing a config file with text: %s", config_text) + with open(self.challenge_conf, "w") as new_conf: new_conf.write(config_text) - logger.debug(new_conf.read()) return addrs