crypt/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-01-26 07:41:33 +03:00
Code Activity
Files
c3c587001faa516ee375ad52cb95cbdecacb4a25
certbot/tools/snap
History
Will Greenberg c3c587001f Update python version to 3.12 and base to core24 in snaps (#9983) 
Fixes #9872, originally merged in #9956.

To upgrade to python3.12 as 3.8 is reaching EOL, we need to upgrade the core snap that certbot is based on. The latest version is core24, so we're going with that for longevity. We will want to notify third party snaps to make changes as well. They can release their snaps to a version higher than certbot's, and their users will not be upgraded until the matching (or greater) version of certbot is released. They should do this as otherwise including these changes will break their plugins.

Key documents for this migration are https://snapcraft.io/docs/migrate-core22 and https://snapcraft.io/docs/migrate-core24. The discussion at https://forum.snapcraft.io/t/upgrading-classic-snap-to-core24-using-snapcraft-8-3-causes-python-3-12-errors-at-runtime/ is also relevant to understanding some changes, which may become unnecessary in future versions of snapcraft.


* Migrate primary certbot snap to core24 and python 3.12

* Migrate plugin snaps to core24 and python 3.12

* Migrate to core24 in build_remote

* Run snap tests using python 3.12

* Unstage pyvenv.cfg and set PYTHONPATH

---------

Co-authored-by: Erica Portnoy <ebportnoy@gmail.com>
Co-authored-by: Erica Portnoy <erica@eff.org>
2024-08-08 16:24:11 -07:00
..
build_remote.py
Update python version to 3.12 and base to core24 in snaps (#9983)
2024-08-08 16:24:11 -07:00
generate_dnsplugins_all.sh
Redo the majority of Certbot's pinning system (#8741)
2021-03-26 07:51:59 +01:00
generate_dnsplugins_postrefreshhook.sh
Update tools/snap/generate_* comments. (#8412)
2020-10-30 13:08:57 -07:00
generate_dnsplugins_snapcraft.sh
Update python version to 3.12 and base to core24 in snaps (#9983)
2024-08-08 16:24:11 -07:00
README.md
Update python version to 3.12 and base to core24 in snaps (#9983)
2024-08-08 16:24:11 -07:00

README.md

Building Certbot Snaps

Local Testing and Development

These instructions are recommended when testing anything about the snap setup for ease of debugging. The architecture of the built snap is limited to the architecture of the system it is built on.

Initial VM Set Up

These steps need to be done once to set up your VM and do not need to be run again to rebuild the snap.

  1. Start with a Focal VM. You need a full virtual machine using something like DigitalOcean, EC2, or VirtualBox. Docker won't work. Another version of Ubuntu can probably be used, but Focal was used when writing these instructions.
  2. Set up a user other than root with sudo privileges for use with snapcraft and run all of the following commands with it. A command to do this for a user named certbot looks like adduser certbot && usermod -aG sudo certbot && su - certbot.
  3. Install git and python with sudo apt update && sudo apt install -y git python.
  4. Set up lxd for use with snapcraft by running sudo snap install lxd; sudo /snap/bin/lxd waitready && sudo /snap/bin/lxd init --auto (errors here are ok; it may already have been installed on your system).
  5. Add your current user to the lxd group and update your shell to have the new assignment by running sudo usermod -a -G lxd ${USER} && newgrp lxd.
  6. Install snapcraft with sudo snap install --classic snapcraft.
  7. cd ~ (or any other directory where you want our source files to be)
  8. Run git clone https://github.com/certbot/certbot
  9. cd certbot (All further instructions are relative to this directory.)

Certbot Snap

Reset the Environment

If the snap has been built before, the instructions below clean up the build environment so it can reliably be used again.

  1. snapcraft clean --use-lxd
  2. [Optional] mv certbot_*_amd64.snap certbot_amd64.snap.bak

Build the Certbot Snap

These are the steps to build and install the Certbot snap. If you have run these steps before, you may want to run the commands in the section above to clean things up or save a previous build before building the snap again (running snapcraft again will overwrite the previous snap).

  1. Run snapcraft --use-lxd.
  2. Install the generated snap with sudo snap install --dangerous --classic certbot_*_amd64.snap. You can transfer the snap to a different machine to run it there instead if you prefer.

Run

Run Certbot as normal. For example, certbot plugins should display the Apache and Nginx plugins.

Certbot Plugin Snaps

These instructions use the certbot-dns-dnsimple plugin as an example, but all of Certbot's other plugin snaps can be built in the same way.

Reset the Environment

If the plugin snap has been built before, the instructions below clean up the build environment so it can reliably be used again.

  1. cd certbot-dns-dnsimple
  2. snapcraft clean --use-lxd
  3. [Optional] mv certbot-dns-dnsimple_*_amd64.snap certbot-dns-simple_amd64.snap.bak
  4. cd ..

Build a Certbot Plugin Snap

These are the steps to build and install the Certbot DNSimple plugin snap. If you have run these steps before, you may want to run the commands in the section above to clean things up or save a previous build before building the snap again (running snapcraft again will overwrite the previous snap).

  1. Run tools/snap/generate_dnsplugins_all.sh to generate all necessary files for all plugin snaps.
  2. cd certbot-dns-dnsimple
  3. snapcraft --use-lxd
  4. Run sudo snap set certbot trust-plugin-with-root=ok.
  5. Install the generated snap with sudo snap install --dangerous certbot-dns-dnsimple_*_amd64.snap. Again, you can transfer the snap to a different machine to run it there instead if you prefer.
  6. Connect the plugin with sudo snap connect certbot:plugin certbot-dns-dnsimple.
  7. Connect the plugin metadata with sudo snap connect certbot-dns-dnsimple:certbot-metadata certbot:certbot-metadata. Install the plugin again to test refresh; if the plugin's hook creates any logs, they are at /var/snap/certbot-dns-dnsimple/current/debuglog.

Run

Run Certbot as normal. For example, certbot plugins should display the DNSimple plugin as installed.

Building for Other Architectures

To build for an unavailable architecture or for multiple architectures simultaneously, we recommend using snapcraft's remote build feature. It is easiest to run this from a local machine.

Initial Local Setup

  1. Create or log into an Ubuntu One account here.
  2. Install git and python with sudo apt update && sudo apt install -y git python.
  3. Install snapcraft with sudo snap install --classic snapcraft.
  4. cd ~ (or any other directory where you want our source files to be)
  5. Run git clone https://github.com/certbot/certbot
  6. cd certbot (All further instructions are relative to this directory.)
  7. To trigger snapcraft to request access to your Launchpad account, run snapcraft remote-build --launchpad-accept-public-upload --status. A URL where you need to grant this access will be printed to your terminal and automatically open in your browser if one is available.

Build Snaps Remotely

Certbot provides a wrapper around snapcraft's remote build to make building all of our plugins easier. To see all available options, run python3 tools/snap/build_remote.py --help.

For example, to build all available snaps for all architectures, run python3 tools/snap/build_remote.py ALL --archs amd64 arm64 armhf.

To build only the certbot snap on only amd64, run python3 tools/snap/build_remote.py certbot --archs armhf.

The command will upload the entire contents of the working directory, so if the remote build appears to hang, try using a clean clone of the certbot repository.

View Git Blame Copy Permalink