certbot/certbot-apache/certbot_apache/constants.py

"""Apache plugin constants."""
import pkg_resources
from certbot import util

from certbot.plugins import common

from certbot_apache import override_centos
from certbot_apache import override_debian

CLI_DEFAULTS_DEFAULT = dict(
    server_root="/etc/apache2",
    vhost_root="/etc/apache2/sites-available",
    vhost_files="*",
    logs_root="/var/log/apache2",
    version_cmd=['apache2ctl', '-v'],
    define_cmd=['apache2ctl', '-t', '-D', 'DUMP_RUN_CFG'],
    restart_cmd=['apache2ctl', 'graceful'],
    conftest_cmd=['apache2ctl', 'configtest'],
    enmod=None,
    dismod=None,
    le_vhost_ext="-le-ssl.conf",
    handle_mods=False,
    handle_sites=False,
    challenge_location="/etc/apache2",
    override_class=None,
    MOD_SSL_CONF_SRC=pkg_resources.resource_filename(
        "certbot_apache", "options-ssl-apache.conf")
)
CLI_DEFAULTS_DEBIAN = dict(
    server_root="/etc/apache2",
    vhost_root="/etc/apache2/sites-available",
    vhost_files="*",
    logs_root="/var/log/apache2",
    version_cmd=['apache2ctl', '-v'],
    define_cmd=['apache2ctl', '-t', '-D', 'DUMP_RUN_CFG'],
    restart_cmd=['apache2ctl', 'graceful'],
    conftest_cmd=['apache2ctl', 'configtest'],
    enmod="a2enmod",
    dismod="a2dismod",
    le_vhost_ext="-le-ssl.conf",
    handle_mods=True,
    handle_sites=True,
    challenge_location="/etc/apache2",
    override_class=override_debian.Override,
    MOD_SSL_CONF_SRC=pkg_resources.resource_filename(
        "certbot_apache", "options-ssl-apache.conf")
)
CLI_DEFAULTS_CENTOS = dict(
    server_root="/etc/httpd",
    vhost_root="/etc/httpd/conf.d",
    vhost_files="*.conf",
    logs_root="/var/log/httpd",
    version_cmd=['apachectl', '-v'],
    define_cmd=['apachectl', '-t', '-D', 'DUMP_RUN_CFG'],
    restart_cmd=['apachectl', 'graceful'],
    conftest_cmd=['apachectl', 'configtest'],
    enmod=None,
    dismod=None,
    le_vhost_ext="-le-ssl.conf",
    handle_mods=False,
    handle_sites=False,
    challenge_location="/etc/httpd/conf.d",
    override_class=override_centos.Override,
    MOD_SSL_CONF_SRC=pkg_resources.resource_filename(
        "certbot_apache", "centos-options-ssl-apache.conf")
)
CLI_DEFAULTS_GENTOO = dict(
    server_root="/etc/apache2",
    vhost_root="/etc/apache2/vhosts.d",
    vhost_files="*.conf",
    logs_root="/var/log/apache2",
    version_cmd=['/usr/sbin/apache2', '-v'],
    define_cmd=['apache2ctl', 'virtualhosts'],
    restart_cmd=['apache2ctl', 'graceful'],
    conftest_cmd=['apache2ctl', 'configtest'],
    enmod=None,
    dismod=None,
    le_vhost_ext="-le-ssl.conf",
    handle_mods=False,
    handle_sites=False,
    challenge_location="/etc/apache2/vhosts.d",
    override_class=None,
    MOD_SSL_CONF_SRC=pkg_resources.resource_filename(
        "certbot_apache", "options-ssl-apache.conf")
)
CLI_DEFAULTS_DARWIN = dict(
    server_root="/etc/apache2",
    vhost_root="/etc/apache2/other",
    vhost_files="*.conf",
    logs_root="/var/log/apache2",
    version_cmd=['/usr/sbin/httpd', '-v'],
    define_cmd=['/usr/sbin/httpd', '-t', '-D', 'DUMP_RUN_CFG'],
    restart_cmd=['apachectl', 'graceful'],
    conftest_cmd=['apachectl', 'configtest'],
    enmod=None,
    dismod=None,
    le_vhost_ext="-le-ssl.conf",
    handle_mods=False,
    handle_sites=False,
    challenge_location="/etc/apache2/other",
    override_class=None,
    MOD_SSL_CONF_SRC=pkg_resources.resource_filename(
        "certbot_apache", "options-ssl-apache.conf")
)
CLI_DEFAULTS_SUSE = dict(
    server_root="/etc/apache2",
    vhost_root="/etc/apache2/vhosts.d",
    vhost_files="*.conf",
    logs_root="/var/log/apache2",
    version_cmd=['apache2ctl', '-v'],
    define_cmd=['apache2ctl', '-t', '-D', 'DUMP_RUN_CFG'],
    restart_cmd=['apache2ctl', 'graceful'],
    conftest_cmd=['apache2ctl', 'configtest'],
    enmod="a2enmod",
    dismod="a2dismod",
    le_vhost_ext="-le-ssl.conf",
    handle_mods=False,
    handle_sites=False,
    challenge_location="/etc/apache2/vhosts.d",
    override_class=None,
    MOD_SSL_CONF_SRC=pkg_resources.resource_filename(
        "certbot_apache", "options-ssl-apache.conf")
)
CLI_DEFAULTS_ARCH = dict(
    server_root="/etc/httpd",
    vhost_root="/etc/httpd/conf",
    vhost_files="*.conf",
    logs_root="/var/log/httpd",
    version_cmd=['apachectl', '-v'],
    define_cmd=['apachectl', '-t', '-D', 'DUMP_RUN_CFG'],
    restart_cmd=['apachectl', 'graceful'],
    conftest_cmd=['apachectl', 'configtest'],
    enmod=None,
    dismod=None,
    le_vhost_ext="-le-ssl.conf",
    handle_mods=False,
    handle_sites=False,
    challenge_location="/etc/httpd/conf",
    override_class=None,
    MOD_SSL_CONF_SRC=pkg_resources.resource_filename(
        "certbot_apache", "options-ssl-apache.conf")
)
CLI_DEFAULTS = {
    "default": CLI_DEFAULTS_DEFAULT,
    "debian": CLI_DEFAULTS_DEBIAN,
    "ubuntu": CLI_DEFAULTS_DEBIAN,
    "centos": CLI_DEFAULTS_CENTOS,
    "centos linux": CLI_DEFAULTS_CENTOS,
    "fedora": CLI_DEFAULTS_CENTOS,
    "red hat enterprise linux server": CLI_DEFAULTS_CENTOS,
    "rhel": CLI_DEFAULTS_CENTOS,
    "amazon": CLI_DEFAULTS_CENTOS,
    "gentoo": CLI_DEFAULTS_GENTOO,
    "gentoo base system": CLI_DEFAULTS_GENTOO,
    "darwin": CLI_DEFAULTS_DARWIN,
    "opensuse": CLI_DEFAULTS_SUSE,
    "suse": CLI_DEFAULTS_SUSE,
    "arch": CLI_DEFAULTS_ARCH,
}
"""CLI defaults."""

MOD_SSL_CONF_DEST = "options-ssl-apache.conf"
"""Name of the mod_ssl config file as saved in `IConfig.config_dir`."""


UPDATED_MOD_SSL_CONF_DIGEST = ".updated-options-ssl-apache-conf-digest.txt"
"""Name of the hash of the updated or informed mod_ssl_conf as saved in `IConfig.config_dir`."""

ALL_SSL_OPTIONS_HASHES = [
    '2086bca02db48daf93468332543c60ac6acdb6f0b58c7bfdf578a5d47092f82a',
    '4844d36c9a0f587172d9fa10f4f1c9518e3bcfa1947379f155e16a70a728c21a',
    '5a922826719981c0a234b1fbcd495f3213e49d2519e845ea0748ba513044b65b',
    '4066b90268c03c9ba0201068eaa39abbc02acf9558bb45a788b630eb85dadf27',
    'f175e2e7c673bd88d0aff8220735f385f916142c44aa83b09f1df88dd4767a88',
    'cfdd7c18d2025836ea3307399f509cfb1ebf2612c87dd600a65da2a8e2f2797b',
]
"""SHA256 hashes of the contents of previous versions of all versions of MOD_SSL_CONF_SRC"""

AUGEAS_LENS_DIR = pkg_resources.resource_filename(
    "certbot_apache", "augeas_lens")
"""Path to the Augeas lens directory"""

REWRITE_HTTPS_ARGS = [
    "^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[L,NE,R=permanent]"]
"""Apache version<2.3.9 rewrite rule arguments used for redirections to
https vhost"""

REWRITE_HTTPS_ARGS_WITH_END = [
    "^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[END,NE,R=permanent]"]
"""Apache version >= 2.3.9 rewrite rule arguments used for redirections to
    https vhost"""

OLD_REWRITE_HTTPS_ARGS = [
    ["^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[L,QSA,R=permanent]"],
    ["^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[END,QSA,R=permanent]"]]

HSTS_ARGS = ["always", "set", "Strict-Transport-Security",
             "\"max-age=31536000\""]
"""Apache header arguments for HSTS"""

UIR_ARGS = ["always", "set", "Content-Security-Policy",
            "upgrade-insecure-requests"]

HEADER_ARGS = {"Strict-Transport-Security": HSTS_ARGS,
               "Upgrade-Insecure-Requests": UIR_ARGS}

def install_ssl_options_conf(options_ssl, options_ssl_digest):
    """Copy Certbot's SSL options file into the system's config dir if required."""

    # XXX if we ever try to enforce a local privilege boundary (eg, running
    # certbot for unprivileged users via setuid), this function will need
    # to be modified.
    return common.install_version_controlled_file(options_ssl, options_ssl_digest,
        os_constant("MOD_SSL_CONF_SRC"), ALL_SSL_OPTIONS_HASHES)

def os_constant(key):
    """
    Get a constant value for operating system

    :param key: name of cli constant
    :return: value of constant for active os
    """

    os_info = util.get_os_info()
    try:
        constants = CLI_DEFAULTS[os_info[0].lower()]
    except KeyError:
        constants = os_like_constants()
        if not constants:
            constants = CLI_DEFAULTS["default"]
    return constants[key]


def os_like_constants():
    """
    Try to get constants for distribution with
    similar layout and configuration, indicated by
    /etc/os-release variable "LIKE"

    :returns: Constants dictionary
    :rtype: `dict`
    """

    os_like = util.get_systemd_os_like()
    if os_like:
        for os_name in os_like:
            if os_name in CLI_DEFAULTS.keys():
                return CLI_DEFAULTS[os_name]
    return {}

def get_override(caller):
    """
    Initialize the override class and pass the caller class to it

    :param caller: `class` of caller
    :return: Override class or `None` if not found
    """
    override_class = os_constant("override_class")
    if override_class:
        return override_class(caller)
    return None

def override(method):
    """Decorator for ApacheConfigurator for distribution specific method
    overrides."""
    def override_args(caller_class, *args, **kwargs):
        """Check if distro specific class overrides called method, return
        overriding method if found, in other case, return the default"""
        try:
            # Try to find overriding method
            caller = {"class": caller_class, "method": method}
            return getattr(caller_class.os_info,
                           method.__name__)(caller, *args, **kwargs)
        except AttributeError:
            # Override not found, return the default
            return method(caller_class, *args, **kwargs)
    return override_args
Move apache constants/args/IConfig to its subdirectory 2015-04-22 04:32:34 -04:00			`"""Apache plugin constants."""`
			`import pkg_resources`
Rename certbot.le_util to certbot.util Also rename certbot/tests/le_util_test.py to certbot/tests/util_test.py 2016-05-25 19:28:40 -04:00			`from certbot import util`
Move apache constants/args/IConfig to its subdirectory 2015-04-22 04:32:34 -04:00
Distro override code back over current master 2017-10-03 16:27:13 -04:00			`from certbot.plugins import common`

			`from certbot_apache import override_centos`
Import order 2017-10-20 13:11:38 -04:00			`from certbot_apache import override_debian`
Distro override code back over current master 2017-10-03 16:27:13 -04:00
Un-debian the defaults 2016-07-30 03:44:46 -04:00			`CLI_DEFAULTS_DEFAULT = dict(`
			`server_root="/etc/apache2",`
			`vhost_root="/etc/apache2/sites-available",`
			`vhost_files="*",`
Fix apache logs dir for centos 2016-08-21 14:50:14 -04:00			`logs_root="/var/log/apache2",`
Un-debian the defaults 2016-07-30 03:44:46 -04:00			`version_cmd=['apache2ctl', '-v'],`
			`define_cmd=['apache2ctl', '-t', '-D', 'DUMP_RUN_CFG'],`
			`restart_cmd=['apache2ctl', 'graceful'],`
			`conftest_cmd=['apache2ctl', 'configtest'],`
Remove enmod and dismod values as they are not needed 2016-07-30 04:59:58 -04:00			`enmod=None,`
			`dismod=None,`
Un-debian the defaults 2016-07-30 03:44:46 -04:00			`le_vhost_ext="-le-ssl.conf",`
			`handle_mods=False,`
			`handle_sites=False,`
			`challenge_location="/etc/apache2",`
Distro override code back over current master 2017-10-03 16:27:13 -04:00			`override_class=None,`
Un-debian the defaults 2016-07-30 03:44:46 -04:00			`MOD_SSL_CONF_SRC=pkg_resources.resource_filename(`
			`"certbot_apache", "options-ssl-apache.conf")`
			`)`
Per-OS constants 2015-12-03 07:14:02 -05:00			`CLI_DEFAULTS_DEBIAN = dict(`
Use CLI_DEFAULTS in plugins 2015-05-08 17:32:13 -04:00			`server_root="/etc/apache2",`
New constant for VirtualHost - configuration directory and changing the configurator to use it 2015-12-06 15:40:51 -05:00			`vhost_root="/etc/apache2/sites-available",`
Abstract config file matching to os based constants 2015-12-28 05:56:44 -05:00			`vhost_files="*",`
Fix apache logs dir for centos 2016-08-21 14:50:14 -04:00			`logs_root="/var/log/apache2",`
Changed define and version commands from string to list to avoid unneeded parsing later on 2015-12-25 03:18:24 -05:00			`version_cmd=['apache2ctl', '-v'],`
			`define_cmd=['apache2ctl', '-t', '-D', 'DUMP_RUN_CFG'],`
Abstract the remaining commands to configurable ones 2015-12-28 06:47:14 -05:00			`restart_cmd=['apache2ctl', 'graceful'],`
			`conftest_cmd=['apache2ctl', 'configtest'],`
Use CLI_DEFAULTS in plugins 2015-05-08 17:32:13 -04:00			`enmod="a2enmod",`
Use a2enmod and update reverter 2015-07-30 02:40:07 -04:00			`dismod="a2dismod",`
--le-vhost-ext -> --apache-le-vhost-ext 2015-05-22 03:28:21 -04:00			`le_vhost_ext="-le-ssl.conf",`
Configurable directory path for challenge configuration file 2015-12-07 04:07:31 -05:00			`handle_mods=True,`
Constant value per OS basis if installer should handle enabling / disabling sites 2015-12-07 05:42:40 -05:00			`handle_sites=True,`
make different options ssl conf for centos 2016-01-26 13:17:34 -05:00			`challenge_location="/etc/apache2",`
Distro override code back over current master 2017-10-03 16:27:13 -04:00			`override_class=override_debian.Override,`
fix mapping issue 2016-01-26 13:39:54 -05:00			`MOD_SSL_CONF_SRC=pkg_resources.resource_filename(`
s/letsencrypt/certbot letsencrypt-apache 2016-04-13 19:30:57 -04:00			`"certbot_apache", "options-ssl-apache.conf")`
Use CLI_DEFAULTS in plugins 2015-05-08 17:32:13 -04:00			`)`
Per-OS constants 2015-12-03 07:14:02 -05:00			`CLI_DEFAULTS_CENTOS = dict(`
			`server_root="/etc/httpd",`
New constant for VirtualHost - configuration directory and changing the configurator to use it 2015-12-06 15:40:51 -05:00			`vhost_root="/etc/httpd/conf.d",`
Abstract config file matching to os based constants 2015-12-28 05:56:44 -05:00			`vhost_files="*.conf",`
Fix apache logs dir for centos 2016-08-21 14:50:14 -04:00			`logs_root="/var/log/httpd",`
Changed define and version commands from string to list to avoid unneeded parsing later on 2015-12-25 03:18:24 -05:00			`version_cmd=['apachectl', '-v'],`
			`define_cmd=['apachectl', '-t', '-D', 'DUMP_RUN_CFG'],`
Abstract the remaining commands to configurable ones 2015-12-28 06:47:14 -05:00			`restart_cmd=['apachectl', 'graceful'],`
			`conftest_cmd=['apachectl', 'configtest'],`
Per-OS constants 2015-12-03 07:14:02 -05:00			`enmod=None,`
			`dismod=None,`
			`le_vhost_ext="-le-ssl.conf",`
Configurable directory path for challenge configuration file 2015-12-07 04:07:31 -05:00			`handle_mods=False,`
Constant value per OS basis if installer should handle enabling / disabling sites 2015-12-07 05:42:40 -05:00			`handle_sites=False,`
make different options ssl conf for centos 2016-01-26 13:17:34 -05:00			`challenge_location="/etc/httpd/conf.d",`
Distro override code back over current master 2017-10-03 16:27:13 -04:00			`override_class=override_centos.Override,`
fix mapping issue 2016-01-26 13:39:54 -05:00			`MOD_SSL_CONF_SRC=pkg_resources.resource_filename(`
s/letsencrypt/certbot letsencrypt-apache 2016-04-13 19:30:57 -04:00			`"certbot_apache", "centos-options-ssl-apache.conf")`
Per-OS constants 2015-12-03 07:14:02 -05:00			`)`
Gentoo constants, still missing gentoo fingerprint though 2015-12-14 02:27:16 -05:00			`CLI_DEFAULTS_GENTOO = dict(`
			`server_root="/etc/apache2",`
			`vhost_root="/etc/apache2/vhosts.d",`
Abstract config file matching to os based constants 2015-12-28 05:56:44 -05:00			`vhost_files="*.conf",`
Fix apache logs dir for centos 2016-08-21 14:50:14 -04:00			`logs_root="/var/log/apache2",`
Changed define and version commands from string to list to avoid unneeded parsing later on 2015-12-25 03:18:24 -05:00			`version_cmd=['/usr/sbin/apache2', '-v'],`
Fixed Gentoo define command 2016-03-23 12:12:07 -04:00			`define_cmd=['apache2ctl', 'virtualhosts'],`
Abstract the remaining commands to configurable ones 2015-12-28 06:47:14 -05:00			`restart_cmd=['apache2ctl', 'graceful'],`
			`conftest_cmd=['apache2ctl', 'configtest'],`
Gentoo constants, still missing gentoo fingerprint though 2015-12-14 02:27:16 -05:00			`enmod=None,`
			`dismod=None,`
			`le_vhost_ext="-le-ssl.conf",`
			`handle_mods=False,`
			`handle_sites=False,`
make different options ssl conf for centos 2016-01-26 13:17:34 -05:00			`challenge_location="/etc/apache2/vhosts.d",`
Distro override code back over current master 2017-10-03 16:27:13 -04:00			`override_class=None,`
fix mapping issue 2016-01-26 13:39:54 -05:00			`MOD_SSL_CONF_SRC=pkg_resources.resource_filename(`
s/letsencrypt/certbot letsencrypt-apache 2016-04-13 19:30:57 -04:00			`"certbot_apache", "options-ssl-apache.conf")`
Gentoo constants, still missing gentoo fingerprint though 2015-12-14 02:27:16 -05:00			`)`
Support system-default Apache on OS X. Tested on Yosemite (10.10). 2016-02-11 17:09:50 -05:00			`CLI_DEFAULTS_DARWIN = dict(`
			`server_root="/etc/apache2",`
			`vhost_root="/etc/apache2/other",`
			`vhost_files="*.conf",`
Fix apache logs dir for centos 2016-08-21 14:50:14 -04:00			`logs_root="/var/log/apache2",`
Support system-default Apache on OS X. Tested on Yosemite (10.10). 2016-02-11 17:09:50 -05:00			`version_cmd=['/usr/sbin/httpd', '-v'],`
			`define_cmd=['/usr/sbin/httpd', '-t', '-D', 'DUMP_RUN_CFG'],`
			`restart_cmd=['apachectl', 'graceful'],`
			`conftest_cmd=['apachectl', 'configtest'],`
			`enmod=None,`
			`dismod=None,`
			`le_vhost_ext="-le-ssl.conf",`
			`handle_mods=False,`
			`handle_sites=False,`
			`challenge_location="/etc/apache2/other",`
Distro override code back over current master 2017-10-03 16:27:13 -04:00			`override_class=None,`
Support system-default Apache on OS X. Tested on Yosemite (10.10). 2016-02-11 17:09:50 -05:00			`MOD_SSL_CONF_SRC=pkg_resources.resource_filename(`
s/letsencrypt/certbot letsencrypt-apache 2016-04-13 19:30:57 -04:00			`"certbot_apache", "options-ssl-apache.conf")`
Support system-default Apache on OS X. Tested on Yosemite (10.10). 2016-02-11 17:09:50 -05:00			`)`
Added suse constants 2016-07-30 18:10:28 -04:00			`CLI_DEFAULTS_SUSE = dict(`
			`server_root="/etc/apache2",`
			`vhost_root="/etc/apache2/vhosts.d",`
			`vhost_files="*.conf",`
Fix apache logs dir for centos 2016-08-21 14:50:14 -04:00			`logs_root="/var/log/apache2",`
Added suse constants 2016-07-30 18:10:28 -04:00			`version_cmd=['apache2ctl', '-v'],`
			`define_cmd=['apache2ctl', '-t', '-D', 'DUMP_RUN_CFG'],`
			`restart_cmd=['apache2ctl', 'graceful'],`
			`conftest_cmd=['apache2ctl', 'configtest'],`
			`enmod="a2enmod",`
			`dismod="a2dismod",`
			`le_vhost_ext="-le-ssl.conf",`
Changed SUSE mod handling constant 2016-08-02 02:57:34 -04:00			`handle_mods=False,`
Added suse constants 2016-07-30 18:10:28 -04:00			`handle_sites=False,`
			`challenge_location="/etc/apache2/vhosts.d",`
Distro override code back over current master 2017-10-03 16:27:13 -04:00			`override_class=None,`
Added suse constants 2016-07-30 18:10:28 -04:00			`MOD_SSL_CONF_SRC=pkg_resources.resource_filename(`
			`"certbot_apache", "options-ssl-apache.conf")`
			`)`
Add Arch Linux constants for Apache (#4466) 2017-06-08 15:08:47 -04:00			`CLI_DEFAULTS_ARCH = dict(`
			`server_root="/etc/httpd",`
			`vhost_root="/etc/httpd/conf",`
			`vhost_files="*.conf",`
			`logs_root="/var/log/httpd",`
			`version_cmd=['apachectl', '-v'],`
			`define_cmd=['apachectl', '-t', '-D', 'DUMP_RUN_CFG'],`
			`restart_cmd=['apachectl', 'graceful'],`
			`conftest_cmd=['apachectl', 'configtest'],`
			`enmod=None,`
			`dismod=None,`
			`le_vhost_ext="-le-ssl.conf",`
			`handle_mods=False,`
			`handle_sites=False,`
			`challenge_location="/etc/httpd/conf",`
Distro override code back over current master 2017-10-03 16:27:13 -04:00			`override_class=None,`
Add Arch Linux constants for Apache (#4466) 2017-06-08 15:08:47 -04:00			`MOD_SSL_CONF_SRC=pkg_resources.resource_filename(`
			`"certbot_apache", "options-ssl-apache.conf")`
			`)`
Per-OS constants 2015-12-03 07:14:02 -05:00			`CLI_DEFAULTS = {`
Un-debian the defaults 2016-07-30 03:44:46 -04:00			`"default": CLI_DEFAULTS_DEFAULT,`
Per-OS constants 2015-12-03 07:14:02 -05:00			`"debian": CLI_DEFAULTS_DEBIAN,`
			`"ubuntu": CLI_DEFAULTS_DEBIAN,`
Added correct os_info string for CentOS 2015-12-05 12:10:40 -05:00			`"centos": CLI_DEFAULTS_CENTOS,`
Added fedora layout 2015-12-07 07:22:56 -05:00			`"centos linux": CLI_DEFAULTS_CENTOS,`
Add RedHat Enterprise defaults to constants 2015-12-10 11:17:12 -05:00			`"fedora": CLI_DEFAULTS_CENTOS,`
Add gentoo fingerprint 2015-12-21 15:52:32 -05:00			`"red hat enterprise linux server": CLI_DEFAULTS_CENTOS,`
Added constants for os-release names 2016-04-12 11:59:27 -04:00			`"rhel": CLI_DEFAULTS_CENTOS,`
			`"amazon": CLI_DEFAULTS_CENTOS,`
Changed Gentoo os_info string See bug #3091 2016-05-29 07:54:01 -04:00			`"gentoo": CLI_DEFAULTS_GENTOO,`
Update constants.py Add strings for Gentoo: one matches platform.linux_distribution(), the other matches contents of /etc/os-release 2016-06-02 10:17:21 -04:00			`"gentoo base system": CLI_DEFAULTS_GENTOO,`
Support system-default Apache on OS X. Tested on Yosemite (10.10). 2016-02-11 17:09:50 -05:00			`"darwin": CLI_DEFAULTS_DARWIN,`
Added suse constants 2016-07-30 18:10:28 -04:00			`"opensuse": CLI_DEFAULTS_SUSE,`
			`"suse": CLI_DEFAULTS_SUSE,`
Add Arch Linux constants for Apache (#4466) 2017-06-08 15:08:47 -04:00			`"arch": CLI_DEFAULTS_ARCH,`
Per-OS constants 2015-12-03 07:14:02 -05:00			`}`
Use CLI_DEFAULTS in plugins 2015-05-08 17:32:13 -04:00			`"""CLI defaults."""`
Move apache constants/args/IConfig to its subdirectory 2015-04-22 04:32:34 -04:00
Don't allow user supplied mod_ssl conf destination (fixes #451). 2015-06-01 20:14:10 -04:00			`MOD_SSL_CONF_DEST = "options-ssl-apache.conf"`
			"""Name of the mod_ssl config file as saved in `IConfig.config_dir`."""
Move apache constants/args/IConfig to its subdirectory 2015-04-22 04:32:34 -04:00
Mechanism for automatically updating options-ssl-apache.conf file * add file update mechanism + tests to apache * update with actual hashes, and update apache test to match since there aren't previous versions 2017-05-23 19:25:39 -04:00
			`UPDATED_MOD_SSL_CONF_DIGEST = ".updated-options-ssl-apache-conf-digest.txt"`
			"""Name of the hash of the updated or informed mod_ssl_conf as saved in `IConfig.config_dir`."""

			`ALL_SSL_OPTIONS_HASHES = [`
			`'2086bca02db48daf93468332543c60ac6acdb6f0b58c7bfdf578a5d47092f82a',`
			`'4844d36c9a0f587172d9fa10f4f1c9518e3bcfa1947379f155e16a70a728c21a',`
Finish work on #4718. * Update in response to changes in #4720. * Update ALL_SSL_OPTIONS_HASHES. * Add warning to Apache's SSL options files. 2017-06-01 12:12:50 -04:00			`'5a922826719981c0a234b1fbcd495f3213e49d2519e845ea0748ba513044b65b',`
			`'4066b90268c03c9ba0201068eaa39abbc02acf9558bb45a788b630eb85dadf27',`
			`'f175e2e7c673bd88d0aff8220735f385f916142c44aa83b09f1df88dd4767a88',`
			`'cfdd7c18d2025836ea3307399f509cfb1ebf2612c87dd600a65da2a8e2f2797b',`
Mechanism for automatically updating options-ssl-apache.conf file * add file update mechanism + tests to apache * update with actual hashes, and update apache test to match since there aren't previous versions 2017-05-23 19:25:39 -04:00			`]`
			`"""SHA256 hashes of the contents of previous versions of all versions of MOD_SSL_CONF_SRC"""`

constants.AUGEAS_LENS_DIR 2015-11-04 15:12:39 -05:00			`AUGEAS_LENS_DIR = pkg_resources.resource_filename(`
s/letsencrypt/certbot letsencrypt-apache 2016-04-13 19:30:57 -04:00			`"certbot_apache", "augeas_lens")`
constants.AUGEAS_LENS_DIR 2015-11-04 15:12:39 -05:00			`"""Path to the Augeas lens directory"""`
load augeas httpd lens from inside of lets encrypt 2015-11-02 19:22:58 -05:00
Move apache constants/args/IConfig to its subdirectory 2015-04-22 04:32:34 -04:00			`REWRITE_HTTPS_ARGS = [`
Change QSA to NE in HTTPS redirection (#4204) * Change QSA to NE in HTTPS redirection * Seamless transition to new HTTPS redirection RewriteRule 2017-03-02 19:49:34 -05:00			`"^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[L,NE,R=permanent]"]`
Pep8 love 2016-01-14 06:25:15 -05:00			`"""Apache version<2.3.9 rewrite rule arguments used for redirections to`
			`https vhost"""`
Add HSTS header enhancement to Apache 2015-11-06 17:31:30 -05:00
alter redirect_verification to raise only when an exact Letsencrypt redirction rewrite rule is encountered 2015-12-01 19:05:15 -05:00			`REWRITE_HTTPS_ARGS_WITH_END = [`
Change QSA to NE in HTTPS redirection (#4204) * Change QSA to NE in HTTPS redirection * Seamless transition to new HTTPS redirection RewriteRule 2017-03-02 19:49:34 -05:00			`"^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[END,NE,R=permanent]"]`
delete unneeded tests 2015-12-01 19:16:13 -05:00			`"""Apache version >= 2.3.9 rewrite rule arguments used for redirections to`
alter redirect_verification to raise only when an exact Letsencrypt redirction rewrite rule is encountered 2015-12-01 19:05:15 -05:00			`https vhost"""`
Generalized http-header enhancement 2015-11-07 23:37:57 -05:00
Change QSA to NE in HTTPS redirection (#4204) * Change QSA to NE in HTTPS redirection * Seamless transition to new HTTPS redirection RewriteRule 2017-03-02 19:49:34 -05:00			`OLD_REWRITE_HTTPS_ARGS = [`
			`["^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[L,QSA,R=permanent]"],`
			`["^", "https://%{SERVER_NAME}%{REQUEST_URI}", "[END,QSA,R=permanent]"]]`

Generalized http-header enhancement 2015-11-07 23:37:57 -05:00			`HSTS_ARGS = ["always", "set", "Strict-Transport-Security",`
Pep8 love 2016-01-14 06:25:15 -05:00			`"\"max-age=31536000\""]`
Add HSTS header enhancement to Apache 2015-11-06 17:31:30 -05:00			`"""Apache header arguments for HSTS"""`

Generalized http-header enhancement 2015-11-07 23:37:57 -05:00			`UIR_ARGS = ["always", "set", "Content-Security-Policy",`
Pep8 love 2016-01-14 06:25:15 -05:00			`"upgrade-insecure-requests"]`
Generalized http-header enhancement 2015-11-07 23:37:57 -05:00
Add tests and comments 2015-11-08 10:21:36 -05:00			`HEADER_ARGS = {"Strict-Transport-Security": HSTS_ARGS,`
Pep8 love 2016-01-14 06:25:15 -05:00			`"Upgrade-Insecure-Requests": UIR_ARGS}`
Generalized http-header enhancement 2015-11-07 23:37:57 -05:00
Distro override code back over current master 2017-10-03 16:27:13 -04:00			`def install_ssl_options_conf(options_ssl, options_ssl_digest):`
			`"""Copy Certbot's SSL options file into the system's config dir if required."""`

			`# XXX if we ever try to enforce a local privilege boundary (eg, running`
			`# certbot for unprivileged users via setuid), this function will need`
			`# to be modified.`
			`return common.install_version_controlled_file(options_ssl, options_ssl_digest,`
			`os_constant("MOD_SSL_CONF_SRC"), ALL_SSL_OPTIONS_HASHES)`
PEP8 & linter love 2015-12-07 06:37:58 -05:00
Per-OS constants 2015-12-03 07:14:02 -05:00			`def os_constant(key):`
If os name is not found, try LIKE var from os-release 2016-07-30 03:43:38 -04:00			`"""`
			`Get a constant value for operating system`

Cleanup & pydoc 2015-12-07 05:01:35 -05:00			`:param key: name of cli constant`
			`:return: value of constant for active os`
			`"""`
If os name is not found, try LIKE var from os-release 2016-07-30 03:43:38 -04:00
Rename certbot.le_util to certbot.util Also rename certbot/tests/le_util_test.py to certbot/tests/util_test.py 2016-05-25 19:28:40 -04:00			`os_info = util.get_os_info()`
Per-OS constants 2015-12-03 07:14:02 -05:00			`try:`
			`constants = CLI_DEFAULTS[os_info[0].lower()]`
			`except KeyError:`
If os name is not found, try LIKE var from os-release 2016-07-30 03:43:38 -04:00			`constants = os_like_constants()`
			`if not constants:`
			`constants = CLI_DEFAULTS["default"]`
Per-OS constants 2015-12-03 07:14:02 -05:00			`return constants[key]`
If os name is not found, try LIKE var from os-release 2016-07-30 03:43:38 -04:00

			`def os_like_constants():`
			`"""`
			`Try to get constants for distribution with`
			`similar layout and configuration, indicated by`
			`/etc/os-release variable "LIKE"`

			`:returns: Constants dictionary`
			:rtype: `dict`
			`"""`

			`os_like = util.get_systemd_os_like()`
			`if os_like:`
			`for os_name in os_like:`
			`if os_name in CLI_DEFAULTS.keys():`
			`return CLI_DEFAULTS[os_name]`
			`return {}`
Distro override code back over current master 2017-10-03 16:27:13 -04:00
			`def get_override(caller):`
			`"""`
			`Initialize the override class and pass the caller class to it`

			:param caller: `class` of caller
			:return: Override class or `None` if not found
			`"""`
			`override_class = os_constant("override_class")`
			`if override_class:`
			`return override_class(caller)`
			`return None`

			`def override(method):`
			`"""Decorator for ApacheConfigurator for distribution specific method`
			`overrides."""`
			`def override_args(caller_class, args, *kwargs):`
			`"""Check if distro specific class overrides called method, return`
			`overriding method if found, in other case, return the default"""`
			`try:`
			`# Try to find overriding method`
Move more debian specific functionality to override and add caller access for overrides 2017-10-09 17:05:13 -04:00			`caller = {"class": caller_class, "method": method}`
Distro override code back over current master 2017-10-03 16:27:13 -04:00			`return getattr(caller_class.os_info,`
Move more debian specific functionality to override and add caller access for overrides 2017-10-09 17:05:13 -04:00			`method.__name__)(caller, args, *kwargs)`
Distro override code back over current master 2017-10-03 16:27:13 -04:00			`except AttributeError:`
			`# Override not found, return the default`
			`return method(caller_class, args, *kwargs)`
			`return override_args`