diff --git a/.travis.yml b/.travis.yml index 94eaf693e..ee3d99104 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,6 +8,8 @@ before_script: - 'if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then ulimit -n 1024 ; fi' # On Travis, the fastest parallelization for integration tests has proved to be 4. - 'if [[ "$TOXENV" == *"integration"* ]]; then export PYTEST_ADDOPTS="--numprocesses 4"; fi' + # Use Travis retry feature for farm tests since they are flaky + - 'if [[ "$TOXENV" == "travis-test-farm"* ]]; then export TRAVIS_RETRY=travis_retry; fi' - export TOX_TESTENV_PASSENV=TRAVIS # Only build pushes to the master branch, PRs, and branches beginning with @@ -37,8 +39,6 @@ matrix: # Main test suite - python: "2.7" env: ACME_SERVER=pebble TOXENV=integration - sudo: required - services: docker <<: *not-on-master # This job is always executed, including on master @@ -60,19 +60,13 @@ matrix: # OpenSSL in Xenial or newer. dist: trusty env: TOXENV='py27-{acme,apache,certbot,dns,nginx}-oldest' - sudo: required - services: docker <<: *not-on-master - python: "3.4" env: TOXENV=py34 - sudo: required - services: docker <<: *not-on-master - python: "3.7" dist: xenial env: TOXENV=py37 - sudo: required - services: docker <<: *not-on-master - sudo: required env: TOXENV=apache_compat @@ -86,8 +80,6 @@ matrix: <<: *not-on-master - python: "2.7" env: TOXENV=apacheconftest-with-pebble - sudo: required - services: docker <<: *not-on-master - python: "2.7" env: TOXENV=nginxroundtrip @@ -123,7 +115,6 @@ matrix: - secure: "f+j/Lj9s1lcuKo5sEFrlRd1kIAMnIJI4z0MTI7QF8jl9Fkmbx7KECGzw31TNgzrOSzxSapHbcueFYvNCLKST+kE/8ogMZBbwqXfEDuKpyF6BY3uYoJn+wPVE5pIb8Hhe08xPte8TTDSMIyHI3EyTfcAKrIreauoArePvh/cRvSw=" <<: *extended-test-suite - python: "3.7" - dist: xenial env: TOXENV=py37 CERTBOT_NO_PIN=1 <<: *extended-test-suite - python: "2.7" @@ -273,8 +264,12 @@ addons: # virtualenv is listed here explicitly to make sure it is upgraded when # CERTBOT_NO_PIN is set to work around failures we've seen when using an older # version of virtualenv. -install: "tools/pip_install.py -U codecov tox virtualenv" -script: tox +install: 'tools/pip_install.py -U codecov tox virtualenv' +# Most of the time TRAVIS_RETRY is an empty string, and has no effect on the +# script command. It is set only to `travis_retry` during farm tests, in +# order to trigger the Travis retry feature, and compensate the inherent +# flakiness of these specific tests. +script: '$TRAVIS_RETRY tox' after_success: '[ "$TOXENV" == "py27-cover" ] && codecov -F linux' diff --git a/CHANGELOG.md b/CHANGELOG.md index fe0a579f7..cb051a22d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,18 +10,18 @@ Certbot adheres to [Semantic Versioning](https://semver.org/). ### Changed -* +* If Certbot fails to rollback your server configuration, the error message + links to the Let's Encrypt forum. Change the link to the Help category now + that the Server category has been closed. ### Fixed -* +* Fixed OS detection in the Apache plugin on Scientific Linux. More details about these changes can be found on our GitHub repo. ## 0.37.2 - 2019-08-21 -### Fixed - * Stop disabling TLS session tickets in Nginx as it caused TLS failures on some systems. diff --git a/certbot-apache/certbot_apache/entrypoint.py b/certbot-apache/certbot_apache/entrypoint.py index df7297d3e..0b875add3 100644 --- a/certbot-apache/certbot_apache/entrypoint.py +++ b/certbot-apache/certbot_apache/entrypoint.py @@ -31,6 +31,8 @@ OVERRIDE_CLASSES = { "gentoo base system": override_gentoo.GentooConfigurator, "opensuse": override_suse.OpenSUSEConfigurator, "suse": override_suse.OpenSUSEConfigurator, + "scientific": override_centos.CentOSConfigurator, + "scientific linux": override_centos.CentOSConfigurator, } diff --git a/certbot-nginx/certbot_nginx/tests/util.py b/certbot-nginx/certbot_nginx/tests/util.py index 5476333e0..c46ddabc9 100644 --- a/certbot-nginx/certbot_nginx/tests/util.py +++ b/certbot-nginx/certbot_nginx/tests/util.py @@ -3,7 +3,6 @@ import copy import shutil import tempfile import unittest -import warnings import josepy as jose import mock @@ -11,6 +10,7 @@ import pkg_resources import zope.component from certbot import configuration +from certbot import util from certbot.compat import os from certbot.plugins import common from certbot.tests import util as test_util @@ -34,20 +34,16 @@ class NginxTest(unittest.TestCase): # pylint: disable=too-few-public-methods "rsa512_key.pem")) def tearDown(self): - # On Windows we have various files which are not correctly closed at the time of tearDown. - # For know, we log them until a proper file close handling is written. - # Useful for development only, so no warning when we are on a CI process. - def onerror_handler(_, path, excinfo): - """On error handler""" - if not os.environ.get('APPVEYOR'): # pragma: no cover - message = ('Following error occurred when deleting path {0}' - 'during tearDown process: {1}'.format(path, str(excinfo))) - warnings.warn(message) + # Cleanup opened resources after a test. This is usually done through atexit handlers in + # Certbot, but during tests, atexit will not run registered functions before tearDown is + # called and instead will run them right before the entire test process exits. + # It is a problem on Windows, that does not accept to clean resources before closing them. + util._release_locks() # pylint: disable=protected-access - shutil.rmtree(self.temp_dir, onerror=onerror_handler) - shutil.rmtree(self.config_dir, onerror=onerror_handler) - shutil.rmtree(self.work_dir, onerror=onerror_handler) - shutil.rmtree(self.logs_dir, onerror=onerror_handler) + shutil.rmtree(self.temp_dir) + shutil.rmtree(self.config_dir) + shutil.rmtree(self.work_dir) + shutil.rmtree(self.logs_dir) def get_data_filename(filename): diff --git a/certbot/client.py b/certbot/client.py index 7372d6d9d..c1199daac 100644 --- a/certbot/client.py +++ b/certbot/client.py @@ -624,7 +624,7 @@ class Client(object): reporter.add_message( "An error occurred and we failed to restore your config and " "restart your server. Please post to " - "https://community.letsencrypt.org/c/server-config " + "https://community.letsencrypt.org/c/help " "with details about your configuration and this error you received.", reporter.HIGH_PRIORITY) raise diff --git a/certbot/compat/filesystem.py b/certbot/compat/filesystem.py index 7a48e24f1..0649f9bad 100644 --- a/certbot/compat/filesystem.py +++ b/certbot/compat/filesystem.py @@ -166,11 +166,11 @@ def open(file_path, flags, mode=0o777): # pylint: disable=redefined-builtin # See https://docs.microsoft.com/en-us/windows/desktop/api/securitybaseapi/nf-securitybaseapi-setsecuritydescriptordacl # pylint: disable=line-too-long security.SetSecurityDescriptorDacl(1, dacl, 0) + handle = None try: handle = win32file.CreateFile(file_path, win32file.GENERIC_READ, win32file.FILE_SHARE_READ & win32file.FILE_SHARE_WRITE, attributes, disposition, 0, None) - handle.Close() except pywintypes.error as err: # Handle native windows errors into python errors to be consistent with the API # of os.open in the situation of a file already existing or locked. @@ -179,6 +179,9 @@ def open(file_path, flags, mode=0o777): # pylint: disable=redefined-builtin if err.winerror == winerror.ERROR_SHARING_VIOLATION: raise OSError(errno.EACCES, err.strerror) raise err + finally: + if handle: + handle.Close() # At this point, the file that did not exist has been created with proper permissions, # so os.O_CREAT and os.O_EXCL are not needed anymore. We remove them from the flags to diff --git a/certbot/tests/compat/filesystem_test.py b/certbot/tests/compat/filesystem_test.py index 11293fbfe..c808a5238 100644 --- a/certbot/tests/compat/filesystem_test.py +++ b/certbot/tests/compat/filesystem_test.py @@ -210,15 +210,15 @@ class WindowsOpenTest(TempDirTestCase): def _test_one_creation(self, num, file_exist, flags): one_file = os.path.join(self.tempdir, str(num)) if file_exist and not os.path.exists(one_file): - open(one_file, 'w').close() + with open(one_file, 'w'): + pass handler = None try: handler = filesystem.open(one_file, flags) - except BaseException as err: + finally: if handler: os.close(handler) - raise err @unittest.skipIf(POSIX_MODE, reason='Test specific to Windows security') diff --git a/certbot/tests/util.py b/certbot/tests/util.py index 7ee215c66..c46623e0a 100644 --- a/certbot/tests/util.py +++ b/certbot/tests/util.py @@ -5,7 +5,6 @@ """ import logging import shutil -import stat import sys import tempfile import unittest @@ -339,16 +338,7 @@ class TempDirTestCase(unittest.TestCase): logging.getLogger().handlers = [] util._release_locks() # pylint: disable=protected-access - def handle_rw_files(_, path, __): - """Handle read-only files, that will fail to be removed on Windows.""" - filesystem.chmod(path, stat.S_IWRITE) - try: - os.remove(path) - except (IOError, OSError): - # TODO: remote the try/except once all logic from windows file permissions is merged - if os.name != 'nt': - raise - shutil.rmtree(self.tempdir, onerror=handle_rw_files) + shutil.rmtree(self.tempdir) class ConfigTestCase(TempDirTestCase): diff --git a/docs/contributing.rst b/docs/contributing.rst index 8aeef54cc..1051413ae 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -114,9 +114,9 @@ Once you are done with your code changes, and the tests in ``foo_test.py`` pass, run all of the unittests for Certbot with ``tox -e py27`` (this uses Python 2.7). -Once all the unittests pass, check for sufficient test coverage using -``tox -e cover``, and then check for code style with ``tox -e lint`` (all files) -or ``pylint --rcfile=.pylintrc path/to/file.py`` (single file at a time). +Once all the unittests pass, check for sufficient test coverage using ``tox -e +py27-cover``, and then check for code style with ``tox -e lint`` (all files) or +``pylint --rcfile=.pylintrc path/to/file.py`` (single file at a time). Once all of the above is successful, you may run the full test suite using ``tox --skip-missing-interpreters``. We recommend running the commands above diff --git a/docs/using.rst b/docs/using.rst index a54e28ec7..700fcf92a 100644 --- a/docs/using.rst +++ b/docs/using.rst @@ -281,6 +281,7 @@ pritunl_ N Y Install certificates in pritunl distributed OpenVPN proxmox_ N Y Install certificates in Proxmox Virtualization servers heroku_ Y Y Integration with Heroku SSL dns-standalone_ Y N Obtain certificates via an integrated DNS server +dns-ispconfig_ Y N DNS Authentication using ISPConfig as DNS server ================== ==== ==== =============================================================== .. _haproxy: https://github.com/greenhost/certbot-haproxy @@ -294,6 +295,7 @@ dns-standalone_ Y N Obtain certificates via an integrated DNS server .. _external: https://github.com/marcan/letsencrypt-external .. _heroku: https://github.com/gboudreau/certbot-heroku .. _dns-standalone: https://github.com/siilike/certbot-dns-standalone +.. _dns-ispconfig: https://github.com/m42e/certbot-dns-ispconfig If you're interested, you can also :ref:`write your own plugin `.