1
0
mirror of https://github.com/certbot/certbot.git synced 2025-08-05 05:41:11 +03:00

211 Commits

Author SHA1 Message Date
Brad Warren
d73c6f44c5 Bump version to 1.24.0 2022-02-08 07:50:45 -08:00
Brad Warren
719f3ac577 Release 1.23.0 2022-02-08 07:50:44 -08:00
Erica Portnoy
c02ead0f11 Bump version to 1.23.0 2021-12-07 14:03:51 -08:00
Erica Portnoy
6463a2e22d Release 1.22.0 2021-12-07 14:03:50 -08:00
Brad Warren
e8265dbf9c Add Python 3.10 support and tests (#9077)
Fixes https://github.com/certbot/certbot/issues/9058.

The changes to the CI config are equivalent to the ones made in https://github.com/certbot/certbot/pull/8460.

Other than ignoring some warnings raised by botocore, the main additional work that had to be done here was switching away from using `distutils.version.LooseVersion` since the entire `distutils` module was deprecated in Python 3.10. To do that, I took a few different approaches:

* If the version strings being parsed are from Python packages such as Certbot or setuptools, I switched to using [pkg_resources.parse_version](https://setuptools.pypa.io/en/latest/pkg_resources.html#parsing-utilities) from `setuptools`. This functionality has been available since [setuptools 8.0 from 2014](https://setuptools.pypa.io/en/latest/history.html#id865).
* If the version strings being parsed are not from Python packages, I added code equivalent to `distutils.version.LooseVersion` in `certbot.util.parse_loose_version`.
* The code for `CERTBOT_PIP_NO_BINARY` can be completely removed since that variable isn't used or referenced anywhere in this repo.

* add python 3.10 support

* make some version changes

* don't use looseversion in setup.py

* switch to pkg_resources

* deprecate get_strict_version

* fix route53 tests

* remove unused CERTBOT_PIP_NO_BINARY code

* stop using distutils in letstest

* add unit tests

* more changelog entries
2021-11-08 15:55:32 -08:00
Brad Warren
9740f5428e Bump version to 1.22.0 2021-11-02 14:28:34 -07:00
Brad Warren
200e1f1709 Release 1.21.0 2021-11-02 14:28:33 -07:00
Brad Warren
46beb8af84 Bump version to 1.21.0 2021-10-05 06:53:59 -07:00
Brad Warren
93f61887be Release 1.20.0 2021-10-05 06:53:57 -07:00
Brad Warren
b9e4763de3 Bump version to 1.20.0 2021-09-07 10:15:07 -07:00
Brad Warren
5d6abc3234 Release 1.19.0 2021-09-07 10:15:05 -07:00
Adrien Ferrand
06c8113863 Cleanup zope dependencies in plugins and upgrade sphinx (#8997)
This PR removes all zope dependencies from plugins configuration.

It also lets Sphinx upgrade to the next major version by removing the plugin dedicated to zope interfaces documentation. As a consequence, the deprecated zope interfaces are not documented anymore.

* Cleanup zope dependencies in plugins and upgrade sphinx

* Update pinnings
2021-08-18 08:12:55 -07:00
Erica Portnoy
8194e8faef Bump version to 1.19.0 2021-08-03 13:23:45 -07:00
Erica Portnoy
0d76d1f219 Release 1.18.0 2021-08-03 13:23:13 -07:00
Brad Warren
915459258b Bump version to 1.18.0 2021-07-06 08:42:52 -07:00
Brad Warren
952a296e20 Release 1.17.0 2021-07-06 08:42:49 -07:00
Brad Warren
c372dd8aee Remove local-oldest-requirements files (#8863)
This is part of https://github.com/certbot/certbot/issues/8787. I got a +1 from our packagers at major distros in https://github.com/certbot/certbot/issues/8761.

* remove local-oldest-requirements files

* fix tests

* fix some oldest tests

* list packages on one line in tox.ini

* add changelog entry
2021-06-01 14:46:06 -07:00
Erica Portnoy
814d8d1aba Bump version to 1.17.0 2021-06-01 10:52:31 -07:00
Erica Portnoy
7e8f22e136 Release 1.16.0 2021-06-01 10:52:23 -07:00
Adrien Ferrand
f88105a952 Deprecate usage of IConfig as a singleton in Certbot (#8869)
* Deprecate usage of IConfig as a singleton in Certbot

* Fix local oldest requirements

* Add changelog

* Add tests for certbot.crypto_util.init_save_* functions

Co-authored-by: Brad Warren <bmw@users.noreply.github.com>
2021-05-28 12:17:56 -07:00
alexzorin
39b396763a apache/nginx: certbot>=1.10.0 -> 1.10.1 (#8859)
1.10.0 was a bad release and this breaks our oldest Boulder tests.


I bumped the version to 1.10.0 in #8852 to get access to a new public display_util API, but that was the release with the broken deprecation of `--manual-public-ip-logging-ok`. So let's bump it to 1.10.1.
2021-05-25 08:40:18 -07:00
ohemorange
6f27c32db1 Command-line UX overhaul (#8852)
Streamline and reorganize Certbot's CLI output.

This change is a substantial command-line UX overhaul,
based on previous user research. The main goal was to streamline
and clarify output. To see more verbose output, use the -v or -vv flags.

---

* nginx,apache: CLI logging changes

- Add "Successfully deployed ..." message using display_util
- Remove IReporter usage and replace with display_util
- Standardize "... could not find a VirtualHost ..." error

This changes also bumps the version of certbot required by certbot-nginx
and certbot-apache to take use of the new display_util function.

* fix certbot_compatibility_test

since the http plugins now require IDisplay, we need to inject it

* fix dependency version on certbot

* use better asserts

* try fix oldest deps

because certbot 1.10.0 depends on acme>=1.8.0, we need to use
acme==1.8.0 in the -oldest tests

* cli: redesign output of new certificate reporting

Changes the output of run, certonly and certonly --csr. No longer uses
IReporter.

* cli: redesign output of failed authz reporting

* fix problem sorting to be stable between py2 & 3

* add some catch-all error text

* cli: dont use IReporter for EFF donation prompt

* add per-authenticator hints

* pass achalls to auth_hint, write some tests

* exclude static auth hints from coverage

* dont call auth_hint unless derived from .Plugin

* dns fallback hint: dont assume --dns-blah works

--dns-blah won't work for third-party plugins, they need to be specified
using --authenticator dns-blah.

* add code comments about the auth_hint interface

* renew: don't restart the installer for dry-runs

Prevents Certbot from superfluously invoking the installer restart
during dry-run renewals. (This does not affect authenticator restarts).

Additionally removes some CLI output that was reporting the fullchain
path of the renewed certificate.

* update CHANGELOG.md

* cli: redesign output when cert installation failed

- Display a message when certificate installation begins.
- Don't use IReporter, just log errors immediately if restart/rollback
  fails.
- Prompt the user with a command to retry the installation process once
  they have fixed any underlying problems.

* vary by preconfigured_renewal

and move expiry date to be above the renewal advice

* update code comment

Co-authored-by: ohemorange <ebportnoy@gmail.com>

* update code comment

Co-authored-by: ohemorange <ebportnoy@gmail.com>

* fix lint

* derve cert name from cert_path, if possible

* fix type annotation

* text change in nginx hint

Co-authored-by: ohemorange <ebportnoy@gmail.com>

* print message when restarting server after renewal

* log: print "advice" when exiting with an error

When running in non-quiet mode.

* try fix -oldest lock_test.py

* fix docstring

* s/Restarting/Reloading/ when notifying the user

* fix test name

Co-authored-by: ohemorange <ebportnoy@gmail.com>

* type annotations

* s/using the {} plugin/installer: {}/

* copy: avoid "plugin" where possible

* link to user guide#automated-renewals

when not running with --preconfigured-renewal

* cli: reduce default logging verbosity

* fix lock_test: -vv is needed to see logger.debug

* Change comment in log.py to match the change to default verbosity

* Audit and adjust logging levels in apache module

* Audit and adjust logging levels in nginx module

* Audit, adjust logging levels, and improve logging calls in certbot module

* Fix tests to mock correct methods and classes

* typo in non-preconfigured-renewal message

Co-authored-by: ohemorange <ebportnoy@gmail.com>

* fix test

* revert acme version bump

* catch up to python3 changes

* Revert "revert acme version bump"

This reverts commit fa83d6a51c.

* Change ocsp check error to warning since it's non-fatal

* Update storage_test in parallel with last change

* get rid of leading newline on "Deploying [...]"

* shrink renewal and installation success messages

* print logfile rather than logdir in exit handler

* Decrease logging level to info for idempotent operation where enhancement is already set

* Display cert not yet due for renewal message when renewing and no other action will be taken, and change cert to certificate

* also write to logger so it goes in the log file

* Don't double write to log file; fix main test

* cli: remove trailing newline on new cert reporting

* ignore type error

* revert accidental changes to dependencies

* Pass tests in any timezone by using utcfromtimestamp

* Add changelog entry

* fix nits

* Improve wording of try again message

* minor wording change to changelog

* hooks: send hook stdout to CLI stdout

includes both --manual and --{pre,post,renew} hooks

* update docstrings and remove TODO

* add a pending deprecation on execute_command

* add test coverage for both

* update deprecation text

Co-authored-by: ohemorange <ebportnoy@gmail.com>

Co-authored-by: Alex Zorin <alex@zorin.id.au>
Co-authored-by: alexzorin <alex@zor.io>
2021-05-25 10:47:39 +10:00
Brad Warren
56c781aec4 Bump version to 1.16.0 2021-05-04 11:50:12 -07:00
Brad Warren
67e3c54744 Release 1.15.0 2021-05-04 11:50:10 -07:00
Brad Warren
d3d9a05826 fix client email address (#8817)
client-dev@letsencrypt.org is no longer used by the Certbot team so this PR updates the email address in our packages to our current mailing list.
2021-05-03 12:38:54 -07:00
Brad Warren
04a85742c1 Bump version to 1.15.0 2021-04-06 10:24:35 -07:00
Brad Warren
bf40b81b5a Release 1.14.0 2021-04-06 10:24:32 -07:00
Erica Portnoy
9d97be3a84 Bump version to 1.14.0 2021-03-02 13:50:04 -08:00
Erica Portnoy
92a66454b6 Release 1.13.0 2021-03-02 13:49:58 -08:00
Brad Warren
711cc95dc4 Remove mock dependency (#8630)
Fixes https://github.com/certbot/certbot/issues/7913.

I only added the deprecation warning to `certbot.tests.util` because that's the only place where I think someone could be using the `mock` module through our API.

* remove external mock from acme

* update Certbot's mock usage

* remove mock dependency in plugins

* remove external mock from compatibility test

* add changelog entry
2021-02-05 15:51:18 -08:00
Erica Portnoy
2bcd8c59db Bump version to 1.13.0 2021-02-02 11:06:48 -08:00
Erica Portnoy
786a130b7d Release 1.12.0 2021-02-02 11:06:40 -08:00
Adrien Ferrand
7399807ff2 Drop Python 2 support (#8591)
Fixes #8389 #8584.

This PR makes the necessary modifications to officially drop Python 2 support in the Certbot project.

I did not remove the specific Python 2 compatibility branches that has been added in various places in the codebase, to reduce the size of this PR and this will be done in a future one

* Update classifiers and python_requires in setup.py

* Remove warnings about Python 2 deprecation

* Remove Azure jobs on Python 2.7

* Remove references to python 2 in documentation

* Pin dnspython to 2.1.0

* Update changelog

* Remove warning ignore
2021-01-25 15:07:43 -08:00
Brad Warren
00235d3807 Switch oldest tests to Python 3 (#8590)
Fixes https://github.com/certbot/certbot/issues/8580.

With this PR, it should now be possible to run the oldest tests natively on Linux, at least when using an older version of Python 3, which hasn't been possible in a long time. Unfortunately, this isn't possible on macOS which I opened https://github.com/certbot/certbot/issues/8589 to track.

You can see the full test suite running with these changes at https://dev.azure.com/certbot/certbot/_build/results?buildId=3283&view=results.

I took the version numbers for the packages I updated by searching for the oldest version of the dependency I think we should try and support based on the updated comments at the top of `oldest_constraints.txt`. While kind of annoying, I think it'd be a good idea for the reviewer to double check that I didn't make a mistake with the versions I used here.

To find these versions, I used https://packages.ubuntu.com, https://packages.debian.org, and a CentOS 7 Docker image with EPEL 7 installed. For the latter, not all packages are available in Python 3 yet (which is something Certbot's EPEL package maintainers are working on) and in that case I didn't worry about the system because I think they can/will package the newest version available. If they end up hitting any issues here when trying to package Certbot on Python 3, we can always work with them to fix it.

* remove py27 from oldest name

* update min cryptography version

* remove run_oldest_tests.sh

* upgrade setuptools and pyopenssl

* update cffi, pyparsing, and idna

* expand oldest_constraints comments

* clarify oldest comment

* update min configobj version

* update min parsedatetime version

* quote tox env name

* use Python 3.6 in the oldest tests

* use Python 3.6 for oldest integration tests

* properly pin asn1crypto

* update min six version

* set basepython for a nicer error message

* remove outdated python 2 oldest constraints
2021-01-25 12:59:14 -08:00
Brad Warren
fc6c238bf9 Bump version to 1.12.0 2021-01-05 09:51:11 -08:00
Brad Warren
7567e8d8db Release 1.11.0 2021-01-05 09:51:09 -08:00
Brad Warren
baab69e653 Bump version to 1.11.0 2020-12-01 10:35:58 -08:00
Brad Warren
adacc4ab6d Release 1.10.0 2020-12-01 10:35:55 -08:00
Brad Warren
9a4e95e25a Add Python 3.9 support and tests (#8460)
Fixes https://github.com/certbot/certbot/issues/8134.

* Test on Python 3.9.

* Mention Python 3.9 support in changelog.

* s/\( *'Pro.*3\.\)8\(',\)/\18\2\n\19\2/

* undo changes to tox.ini

* Move more tests to Python 3.9

* Update PyYAML and packages which pinned it back

* Upgrade typed-ast

* Use <= to "pin" dnspython

* Fix lint by telling pylint it cannot be trusted

* Disable mypy on RFC plugin

* add comment about <= support
2020-11-19 12:48:36 -08:00
Erica Portnoy
eff761ab1e Bump version to 1.10.0 2020-10-06 12:15:29 -07:00
Erica Portnoy
5173ab6b90 Release 1.9.0 2020-10-06 12:15:27 -07:00
Adrien Ferrand
55d411f1eb Remove deprecated python setup.py test call and update packager guide (#8262)
Fixes #7585

This PR removes the specific configuration to configure the test runner included in `setuptools` to use pytest, the deprecated parameters related to setuptools testing in `setup.py`, and update the packaging guide to use `python -m pytest` instead of `python setup.py test`.

The farm test `test_sdist.sh` is also updated to use directly pytest. This test is designed to reproduce the steps used by OS integrators when they package `certbot`, and ensure that we are not breaking something that will impact their work. We discussed with integrators from RHEL/CentOS and Debian, and they are fine with us testing sdist directly with pytest.

One execution of the `test_sdist.sh` farm test with the modifications made by this PR can be seen here: https://dev.azure.com/certbot/certbot/_build/results?buildId=2606&view=results

* Remove setuptools deprecated features about testing

* Updating packaging guide

* Add changelog entry
2020-09-10 15:57:59 -07:00
Brad Warren
ec147740ee Bump version to 1.9.0 2020-09-08 09:59:33 -07:00
Brad Warren
7fe7a965f5 Release 1.8.0 2020-09-08 09:59:31 -07:00
Brad Warren
575092d603 Drop Python 3.5 support (#8206)
* delete classifiers

* update python_requires

* Update py35 Azure jobs

* Revert "Add warnings about Python 3.5 deprecation in Certbot (#8154)"

This reverts commit 270b5535e2.

* Update other Python 3.5 references.

* update changelog

* bump MIN_PYTHON_3_VERSION
2020-08-16 13:19:08 -07:00
Erica Portnoy
b08fdc7dfb Bump version to 1.8.0 2020-08-04 11:33:04 -07:00
Erica Portnoy
6ec83d52b5 Release 1.7.0 2020-08-04 11:33:03 -07:00
Brad Warren
590eeca38a Bump version to 1.7.0 2020-07-07 10:33:16 -07:00
Brad Warren
41b99eba79 Release 1.6.0 2020-07-07 10:33:13 -07:00
ohemorange
713b91495b Fix paths when calling out to programs outside of snap (#8108)
Fixes #8093.

This PR modifies and audits all uses of `subprocess` and `Popen` outside of tests, `certbot-ci/`, `certbot-compatibility-test/`, `letsencrypt-auto-source/`, `tools/`, and `windows-installer/`. Calls to outside programs have their `env` modified to remove the `SNAP` components of paths, if they exist. This includes any calls made from hooks, calls to `apachectl` and `nginx`, and to `openssl` from `ocsp.py`.

For testing manually, rsync flags will look something like:

```
rsync -avzhe ssh root@focal.domain:/home/certbot/certbot/certbot_*_amd64.snap .
rsync -avzhe ssh certbot_*_amd64.snap root@centos7.domain:/root/certbot/
```

With these modifications, `certbot plugins --prepare` now passes on Centos 7.

If I'm wrong and we package the `openssl` binary, the modifications should be removed from `ocsp.py`, and `env` should be passed into `run_script` rather than set internally in its calls from nginx and apache.

One caveat with this approach is the disconnect between why it's a problem (packaging) and where it's solved (internal to Certbot). I considered a wrapping approach, but we'd still have to audit specific calls. I think the best way to address this is robust testing; specifically, running the snap on other systems.

For hooks, all calls will remove the snap paths if they exist. This is probably fine, because even if the hook intends to call back into certbot, it can do that, it'll just create a new snap.

I'm not sure if we need these modifications for the Mac OS X/ Darwin calls, but they can't hurt.

* Add method to plugins util to get env without snap paths

* Use modified environment in Nginx plugin

* Pass through env to certbot.util.run_script

* Use modified environment in Apache plugin

* move env_no_snap_for_external_calls to certbot.util

* Set env internally to run_script, since we use that only to call out

* Add env to mac subprocess calls in certbot.util

* Add env to openssl call in ocsp.py

* Add env for hooks calls in certbot.compat.misc.

* Pass env into execute_command to avoid circular dependency

* Update hook test to assert called with env

* Fix mypy type hint to account for new param

* Change signature to include Optional

* go back to using CERTBOT_PLUGIN_PATH

* no need to modify PYTHONPATH in env

* robustly detect when we're in a snap

* Improve env util fxn docstring

* Update changelog

* Add unit tests for env_no_snap_for_external_calls

* Import compat.os
2020-06-25 15:36:29 -07:00