Merge remote-tracking branch 'upstream/master' into reduce-default-logging

2026-06-04 22:33:00 -04:00 · 2021-05-18 14:20:04 +10:00 · 2021-05-18 14:20:04 +10:00 · 06773ae3d5
commit 06773ae3d5
parent c75beb0116 2df279bc5b
25 changed files with 49 additions and 85 deletions
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@ -0,0 +1 @@
+custom: https://supporters.eff.org/donate/support-work-on-certbot
--- a/.github/issue_template.md
+++ b/.github/issue_template.md
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
--- a/certbot-dns-cloudxns/setup.py
+++ b/certbot-dns-cloudxns/setup.py
@ -9,7 +9,7 @@ version = '1.16.0.dev0'
 # Remember to update local-oldest-requirements.txt when changing the minimum
 # acme/certbot version.
 install_requires = [
-    'dns-lexicon>=2.2.1',  # Support for >1 TXT record per name
+    'dns-lexicon>=3.1.0',  # Changed `rtype` parameter name
    'setuptools>=39.0.1',
    'zope.interface',
 ]
--- a/certbot-dns-dnsimple/setup.py
+++ b/certbot-dns-dnsimple/setup.py
@ -32,7 +32,7 @@ if os.environ.get('SNAP_BUILD'):
 # which allows us to potentially upgrade our packages in these distros
 # as necessary.
 if os.environ.get('CERTBOT_OLDEST') == '1':
-    install_requires.append('dns-lexicon>=2.2.1')
+    install_requires.append('dns-lexicon>=3.1.0')  # Changed parameter name
 else:
    install_requires.append('dns-lexicon>=3.2.1')

--- a/certbot-dns-dnsmadeeasy/setup.py
+++ b/certbot-dns-dnsmadeeasy/setup.py
@ -9,7 +9,7 @@ version = '1.16.0.dev0'
 # Remember to update local-oldest-requirements.txt when changing the minimum
 # acme/certbot version.
 install_requires = [
-    'dns-lexicon>=2.2.1',  # Support for >1 TXT record per name
+    'dns-lexicon>=3.1.0',  # Changed `rtype` parameter name
    'setuptools>=39.0.1',
    'zope.interface',
 ]
--- a/certbot-dns-gehirn/setup.py
+++ b/certbot-dns-gehirn/setup.py
@ -8,7 +8,7 @@ version = '1.16.0.dev0'

 # Please update tox.ini when modifying dependency version requirements
 install_requires = [
-    'dns-lexicon>=2.1.22',
+    'dns-lexicon>=3.1.0',  # Changed `rtype` parameter name
    'setuptools>=39.0.1',
    'zope.interface',
 ]
--- a/certbot-dns-linode/local-oldest-requirements.txt
+++ b/certbot-dns-linode/local-oldest-requirements.txt
@ -1,4 +1,3 @@
 # Remember to update setup.py to match the package versions below.
 acme[dev]==0.31.0
 certbot[dev]==1.1.0
-dns-lexicon==2.2.3
--- a/certbot-dns-linode/setup.py
+++ b/certbot-dns-linode/setup.py
@ -8,7 +8,7 @@ version = '1.16.0.dev0'

 # Please update tox.ini when modifying dependency version requirements
 install_requires = [
-    'dns-lexicon>=2.2.3',
+    'dns-lexicon>=3.1.0',  # Changed `rtype` parameter name
    'setuptools>=39.0.1',
    'zope.interface',
 ]
--- a/certbot-dns-luadns/setup.py
+++ b/certbot-dns-luadns/setup.py
@ -9,7 +9,7 @@ version = '1.16.0.dev0'
 # Remember to update local-oldest-requirements.txt when changing the minimum
 # acme/certbot version.
 install_requires = [
-    'dns-lexicon>=2.2.1',  # Support for >1 TXT record per name
+    'dns-lexicon>=3.1.0',  # Changed `rtype` parameter name
    'setuptools>=39.0.1',
    'zope.interface',
 ]
--- a/certbot-dns-nsone/setup.py
+++ b/certbot-dns-nsone/setup.py
@ -9,7 +9,7 @@ version = '1.16.0.dev0'
 # Remember to update local-oldest-requirements.txt when changing the minimum
 # acme/certbot version.
 install_requires = [
-    'dns-lexicon>=2.2.1',  # Support for >1 TXT record per name
+    'dns-lexicon>=3.1.0',  # Changed `rtype` parameter name
    'setuptools>=39.0.1',
    'zope.interface',
 ]
--- a/certbot-dns-ovh/local-oldest-requirements.txt
+++ b/certbot-dns-ovh/local-oldest-requirements.txt
@ -1,4 +1,3 @@
 # Remember to update setup.py to match the package versions below.
 acme[dev]==0.31.0
 certbot[dev]==1.1.0
-dns-lexicon==2.7.14
--- a/certbot-dns-ovh/setup.py
+++ b/certbot-dns-ovh/setup.py
@ -9,7 +9,7 @@ version = '1.16.0.dev0'
 # Remember to update local-oldest-requirements.txt when changing the minimum
 # acme/certbot version.
 install_requires = [
-    'dns-lexicon>=2.7.14',  # Correct proxy use on OVH provider
+    'dns-lexicon>=3.1.0',  # Changed `rtype` parameter name
    'setuptools>=39.0.1',
    'zope.interface',
 ]
--- a/certbot-dns-sakuracloud/setup.py
+++ b/certbot-dns-sakuracloud/setup.py
@ -8,7 +8,7 @@ version = '1.16.0.dev0'

 # Please update tox.ini when modifying dependency version requirements
 install_requires = [
-    'dns-lexicon>=2.1.23',
+    'dns-lexicon>=3.1.0',  # Changed `rtype` parameter name
    'setuptools>=39.0.1',
    'zope.interface',
 ]
--- a/certbot/CHANGELOG.md
+++ b/certbot/CHANGELOG.md
@ -10,11 +10,14 @@ Certbot adheres to [Semantic Versioning](https://semver.org/).

 ### Changed

-*
+* DNS plugins based on lexicon now require dns-lexicon >= v3.1.0
+* Use UTF-8 encoding for renewal configuration files
+* Windows installer now cleans up old Certbot dependency packages
+  before installing the new ones to avoid version conflicts.

 ### Fixed

-*
+* Fix TypeError due to incompatibility with lexicon >= v3.6.0

 More details about these changes can be found on our GitHub repo.

--- a/certbot/certbot/_internal/main.py
+++ b/certbot/certbot/_internal/main.py
@ -616,7 +616,9 @@ def _delete_if_appropriate(config):

    # don't delete if the archive_dir is used by some other lineage
    archive_dir = storage.full_archive_path(
-            configobj.ConfigObj(storage.renewal_file_for_certname(config, config.certname)),
+            configobj.ConfigObj(
+                storage.renewal_file_for_certname(config, config.certname),
+                encoding='utf-8', default_encoding='utf-8'),
            config, config.certname)
    try:
        cert_manager.match_and_check_overlaps(config, [lambda x: archive_dir],
@ -1234,12 +1236,8 @@ def renew_cert(config, plugins, lineage):
    :raises errors.PluginSelectionError: MissingCommandlineFlag if supplied parameters do not pass

    """
-    try:
-        # installers are used in auth mode to determine domain names
-        installer, auth = plug_sel.choose_configurator_plugins(config, plugins, "certonly")
-    except errors.PluginSelectionError as e:
-        logger.error("Could not choose appropriate plugin: %s", e)
-        raise
+    # installers are used in auth mode to determine domain names
+    installer, auth = plug_sel.choose_configurator_plugins(config, plugins, "certonly")
    le_client = _init_le_client(config, auth, installer)

    renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
@ -1277,12 +1275,8 @@ def certonly(config, plugins):

    """
    # SETUP: Select plugins and construct a client instance
-    try:
-        # installers are used in auth mode to determine domain names
-        installer, auth = plug_sel.choose_configurator_plugins(config, plugins, "certonly")
-    except errors.PluginSelectionError as e:
-        logger.error("Could not choose appropriate plugin: %s", e)
-        raise
+    # installers are used in auth mode to determine domain names
+    installer, auth = plug_sel.choose_configurator_plugins(config, plugins, "certonly")

    le_client = _init_le_client(config, auth, installer)

--- a/certbot/certbot/_internal/storage.py
+++ b/certbot/certbot/_internal/storage.py
@ -67,13 +67,16 @@ def cert_path_for_cert_name(config: interfaces.IConfig, cert_name: str) -> str:

    """
    cert_name_implied_conf = renewal_file_for_certname(config, cert_name)
-    return configobj.ConfigObj(cert_name_implied_conf)["fullchain"]
+    return configobj.ConfigObj(
+        cert_name_implied_conf, encoding='utf-8', default_encoding='utf-8')["fullchain"]


 def config_with_defaults(config=None):
    """Merge supplied config, if provided, on top of builtin defaults."""
-    defaults_copy = configobj.ConfigObj(constants.RENEWER_DEFAULTS)
-    defaults_copy.merge(config if config is not None else configobj.ConfigObj())
+    defaults_copy = configobj.ConfigObj(
+        constants.RENEWER_DEFAULTS, encoding='utf-8', default_encoding='utf-8')
+    defaults_copy.merge(config if config is not None else configobj.ConfigObj(
+        encoding='utf-8', default_encoding='utf-8'))
    return defaults_copy


@ -114,7 +117,7 @@ def write_renewal_config(o_filename, n_filename, archive_dir, target, relevant_d
    :rtype: configobj.ConfigObj

    """
-    config = configobj.ConfigObj(o_filename)
+    config = configobj.ConfigObj(o_filename, encoding='utf-8', default_encoding='utf-8')
    config["version"] = certbot.__version__
    config["archive_dir"] = archive_dir
    for kind in ALL_FOUR:
@ -196,7 +199,7 @@ def update_configuration(lineagename, archive_dir, target, cli_config):
    write_renewal_config(config_filename, temp_filename, archive_dir, target, values)
    filesystem.replace(temp_filename, config_filename)

-    return configobj.ConfigObj(config_filename)
+    return configobj.ConfigObj(config_filename, encoding='utf-8', default_encoding='utf-8')


 def get_link_target(link):
@ -324,7 +327,8 @@ def delete_files(config, certname):
    full_default_archive_dir = full_archive_path(None, config, certname)
    full_default_live_dir = _full_live_path(config, certname)
    try:
-        renewal_config = configobj.ConfigObj(renewal_filename)
+        renewal_config = configobj.ConfigObj(
+            renewal_filename, encoding='utf-8', default_encoding='utf-8')
    except configobj.ConfigObjError:
        # config is corrupted
        logger.error("Could not parse %s. You may wish to manually "
@ -434,7 +438,8 @@ class RenewableCert(interfaces.RenewableCert):
        # systemwide renewal configuration; self.configfile should be
        # used to make and save changes.
        try:
-            self.configfile = configobj.ConfigObj(config_filename)
+            self.configfile = configobj.ConfigObj(
+                config_filename, encoding='utf-8', default_encoding='utf-8')
        except configobj.ConfigObjError:
            raise errors.CertStorageError(
                "error parsing {0}".format(config_filename))
--- a/certbot/certbot/plugins/dns_common_lexicon.py
+++ b/certbot/certbot/plugins/dns_common_lexicon.py
@ -45,7 +45,7 @@ class LexiconClient:
        self._find_domain_id(domain)

        try:
-            self.provider.create_record(type='TXT', name=record_name, content=record_content)
+            self.provider.create_record(rtype='TXT', name=record_name, content=record_content)
        except RequestException as e:
            logger.debug('Encountered error adding TXT record: %s', e, exc_info=True)
            raise errors.PluginError('Error adding TXT record: {0}'.format(e))
@ -67,7 +67,7 @@ class LexiconClient:
            return

        try:
-            self.provider.delete_record(type='TXT', name=record_name, content=record_content)
+            self.provider.delete_record(rtype='TXT', name=record_name, content=record_content)
        except RequestException as e:
            logger.debug('Encountered error deleting TXT record: %s', e, exc_info=True)

--- a/certbot/certbot/plugins/dns_test_common_lexicon.py
+++ b/certbot/certbot/plugins/dns_test_common_lexicon.py
@ -95,7 +95,7 @@ class BaseLexiconClientTest:
    def test_add_txt_record(self: _LexiconAwareTestCase):
        self.client.add_txt_record(DOMAIN, self.record_name, self.record_content)

-        self.provider_mock.create_record.assert_called_with(type='TXT',
+        self.provider_mock.create_record.assert_called_with(rtype='TXT',
                                                            name=self.record_name,
                                                            content=self.record_content)

@ -104,7 +104,7 @@ class BaseLexiconClientTest:

        self.client.add_txt_record(DOMAIN, self.record_name, self.record_content)

-        self.provider_mock.create_record.assert_called_with(type='TXT',
+        self.provider_mock.create_record.assert_called_with(rtype='TXT',
                                                            name=self.record_name,
                                                            content=self.record_content)

@ -148,7 +148,7 @@ class BaseLexiconClientTest:
    def test_del_txt_record(self: _LexiconAwareTestCase):
        self.client.del_txt_record(DOMAIN, self.record_name, self.record_content)

-        self.provider_mock.delete_record.assert_called_with(type='TXT',
+        self.provider_mock.delete_record.assert_called_with(rtype='TXT',
                                                            name=self.record_name,
                                                            content=self.record_content)

--- a/certbot/docs/using.rst
+++ b/certbot/docs/using.rst
@ -285,6 +285,7 @@ dns-clouddns_      Y    N    DNS Authentication using CloudDNS API
 dns-lightsail_     Y    N    DNS Authentication using Amazon Lightsail DNS API
 dns-inwx_          Y    Y    DNS Authentication for INWX through the XML API
 dns-azure_         Y    N    DNS Authentication using Azure DNS
+dns-godaddy_       Y    N    DNS Authentication using Godaddy DNS
 ================== ==== ==== ===============================================================

 .. _haproxy: https://github.com/greenhost/certbot-haproxy
@ -300,6 +301,7 @@ dns-azure_         Y    N    DNS Authentication using Azure DNS
 .. _dns-lightsail: https://github.com/noi/certbot-dns-lightsail
 .. _dns-inwx: https://github.com/oGGy990/certbot-dns-inwx/
 .. _dns-azure: https://github.com/binkhq/certbot-dns-azure
+.. _dns-godaddy: https://github.com/miigotu/certbot-dns-godaddy

 If you're interested, you can also :ref:`write your own plugin <dev-plugin>`.

--- a/letstest/scripts/test_apache2.sh
+++ b/letstest/scripts/test_apache2.sh
@ -12,25 +12,6 @@ then
    # For apache 2.4, set up ServerName
    sudo sed -i '/ServerName/ s/#ServerName/ServerName/' $CONFFILE
    sudo sed -i '/ServerName/ s/www.example.com/'$PUBLIC_HOSTNAME'/' $CONFFILE
-    if [ $(python3 -V 2>&1 | cut -d" " -f 2 | cut -d. -f1,2 | sed 's/\.//') -lt 36 ]
-    then
-        # Upgrade python version using pyenv because py3.5 is deprecated
-        # Don't upgrade if it's already 3.8 because pyenv doesn't work great on arm, and
-        # our arm representative happens to be ubuntu20, which already has a perfectly
-        # good version of python.
-        sudo apt-get install -y make gcc build-essential libssl-dev zlib1g-dev libbz2-dev \
-          libreadline-dev libsqlite3-dev wget curl llvm libncurses5-dev libncursesw5-dev \
-          xz-utils tk-dev libffi-dev liblzma-dev python-openssl git # pyenv deps
-        curl https://pyenv.run | bash
-        export PATH="~/.pyenv/bin:$PATH"
-        pyenv init -
-        pyenv virtualenv-init -
-        pyenv install 3.8.5
-        pyenv global 3.8.5
-        # you do, in fact need to run these again, exactly like this.
-        eval "$(pyenv init -)"
-        eval "$(pyenv virtualenv-init -)"
-    fi
 elif [ "$OS_TYPE" = "centos" ]
 then
    CONFFILE=/etc/httpd/conf/httpd.conf
--- a/letstest/targets/apache2_targets.yaml
+++ b/letstest/targets/apache2_targets.yaml
@ -21,11 +21,6 @@ targets:
    type: ubuntu
    virt: hvm
    user: ubuntu
-  - ami: ami-09677e0a6b14905b0
-    name: ubuntu16.04LTS
-    type: ubuntu
-    virt: hvm
-    user: ubuntu
  #-----------------------------------------------------------------------------
  # Debian
  - ami: ami-01db78123b2b99496
@ -33,11 +28,6 @@ targets:
    type: ubuntu
    virt: hvm
    user: admin
-  - ami: ami-003f19e0e687de1cd
-    name: debian9
-    type: ubuntu
-    virt: hvm
-    user: admin
  #-----------------------------------------------------------------------------
  # CentOS
  - ami: ami-9887c6e7
--- a/tools/_release.sh
+++ b/tools/_release.sh
@ -189,15 +189,6 @@ while ! git commit --gpg-sign="$RELEASE_GPG_KEY" -m "Release $version"; do
 done
 git tag --local-user "$RELEASE_GPG_KEY" --sign --message "Release $version" "$tag"

-cd ..
-echo Now in $PWD
-name=${root_without_le%.*}
-ext="${root_without_le##*.}"
-rev="$(git rev-parse --short HEAD)"
-echo tar cJvf $name.$rev.tar.xz $name.$rev
-echo gpg2 -U $RELEASE_GPG_KEY --detach-sign --armor $name.$rev.tar.xz
-cd ~-
-
 # Add master section to CHANGELOG.md
 header=$(head -n 4 certbot/CHANGELOG.md)
 body=$(sed s/nextversion/$nextversion/ tools/_changelog_top.txt)
@ -210,12 +201,6 @@ $footer" > certbot/CHANGELOG.md
 git add certbot/CHANGELOG.md
 git commit -m "Add contents to certbot/CHANGELOG.md for next version"

-echo "New root: $root"
-echo "Test commands (in the letstest directory):"
-echo 'letstest --saveinstances targets/targets.yaml $AWS_KEY $USERNAME scripts/test_apache2.sh'
-echo "In order to upload packages run the following command:"
-echo twine upload "$root/dist.$version/*/*"
-
 if [ "$RELEASE_BRANCH" = candidate-"$version" ] ; then
    SetVersion "$nextversion".dev0
    git commit -m "Bump version to $nextversion"
--- a/tools/oldest_constraints.txt
+++ b/tools/oldest_constraints.txt
@ -59,9 +59,6 @@ zope.hookable==4.0.4
 # Ubuntu Bionic constraints.
 cryptography==2.1.4
 distro==1.0.1
-# Lexicon oldest constraint is overridden appropriately on relevant DNS provider plugins
-# using their local-oldest-requirements.txt
-dns-lexicon==2.2.1
 httplib2==0.9.2
 idna==2.6
 setuptools==39.0.1
@ -77,3 +74,6 @@ parsedatetime==2.4
 # Tracking at https://github.com/certbot/certbot/issues/6473
 boto3==1.4.7
 botocore==1.7.41
+# Lexicon oldest constraint is overridden appropriately on relevant DNS provider plugins
+# using their local-oldest-requirements.txt
+dns-lexicon==3.1.0
--- a/windows-installer/assets/template.nsi
+++ b/windows-installer/assets/template.nsi
@ -83,6 +83,11 @@ SectionEnd
 [% block sections %]

 Section "!${PRODUCT_NAME}" sec_app
+  ; CERTBOT CUSTOM BEGIN
+  ; Try to cleanup Certbot pkg directory to avoid dependencies conflicts
+  RMDir /r "$INSTDIR\pkgs"
+  ; CERTBOT CUSTOM END
+
  SetRegView [[ib.py_bitness]]
  SectionIn RO
  File ${PRODUCT_ICON}
				`@ -0,0 +1 @@`
				`custom: https://supporters.eff.org/donate/support-work-on-certbot`