diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 000000000..f02dc2086 --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1 @@ +custom: https://supporters.eff.org/donate/support-work-on-certbot diff --git a/ISSUE_TEMPLATE.md b/.github/issue_template.md similarity index 100% rename from ISSUE_TEMPLATE.md rename to .github/issue_template.md diff --git a/pull_request_template.md b/.github/pull_request_template.md similarity index 100% rename from pull_request_template.md rename to .github/pull_request_template.md diff --git a/certbot-dns-cloudxns/setup.py b/certbot-dns-cloudxns/setup.py index 20b499327..153e373bd 100644 --- a/certbot-dns-cloudxns/setup.py +++ b/certbot-dns-cloudxns/setup.py @@ -9,7 +9,7 @@ version = '1.16.0.dev0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. install_requires = [ - 'dns-lexicon>=2.2.1', # Support for >1 TXT record per name + 'dns-lexicon>=3.1.0', # Changed `rtype` parameter name 'setuptools>=39.0.1', 'zope.interface', ] diff --git a/certbot-dns-dnsimple/setup.py b/certbot-dns-dnsimple/setup.py index c0da63d71..70181ae78 100644 --- a/certbot-dns-dnsimple/setup.py +++ b/certbot-dns-dnsimple/setup.py @@ -32,7 +32,7 @@ if os.environ.get('SNAP_BUILD'): # which allows us to potentially upgrade our packages in these distros # as necessary. if os.environ.get('CERTBOT_OLDEST') == '1': - install_requires.append('dns-lexicon>=2.2.1') + install_requires.append('dns-lexicon>=3.1.0') # Changed parameter name else: install_requires.append('dns-lexicon>=3.2.1') diff --git a/certbot-dns-dnsmadeeasy/setup.py b/certbot-dns-dnsmadeeasy/setup.py index 2feae0bd1..852eac606 100644 --- a/certbot-dns-dnsmadeeasy/setup.py +++ b/certbot-dns-dnsmadeeasy/setup.py @@ -9,7 +9,7 @@ version = '1.16.0.dev0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. install_requires = [ - 'dns-lexicon>=2.2.1', # Support for >1 TXT record per name + 'dns-lexicon>=3.1.0', # Changed `rtype` parameter name 'setuptools>=39.0.1', 'zope.interface', ] diff --git a/certbot-dns-gehirn/setup.py b/certbot-dns-gehirn/setup.py index d24f6b309..85058ab90 100644 --- a/certbot-dns-gehirn/setup.py +++ b/certbot-dns-gehirn/setup.py @@ -8,7 +8,7 @@ version = '1.16.0.dev0' # Please update tox.ini when modifying dependency version requirements install_requires = [ - 'dns-lexicon>=2.1.22', + 'dns-lexicon>=3.1.0', # Changed `rtype` parameter name 'setuptools>=39.0.1', 'zope.interface', ] diff --git a/certbot-dns-linode/local-oldest-requirements.txt b/certbot-dns-linode/local-oldest-requirements.txt index a8bd7449a..1307698d4 100644 --- a/certbot-dns-linode/local-oldest-requirements.txt +++ b/certbot-dns-linode/local-oldest-requirements.txt @@ -1,4 +1,3 @@ # Remember to update setup.py to match the package versions below. acme[dev]==0.31.0 certbot[dev]==1.1.0 -dns-lexicon==2.2.3 diff --git a/certbot-dns-linode/setup.py b/certbot-dns-linode/setup.py index 72c7ee2fd..293dc25c3 100644 --- a/certbot-dns-linode/setup.py +++ b/certbot-dns-linode/setup.py @@ -8,7 +8,7 @@ version = '1.16.0.dev0' # Please update tox.ini when modifying dependency version requirements install_requires = [ - 'dns-lexicon>=2.2.3', + 'dns-lexicon>=3.1.0', # Changed `rtype` parameter name 'setuptools>=39.0.1', 'zope.interface', ] diff --git a/certbot-dns-luadns/setup.py b/certbot-dns-luadns/setup.py index b2c54779f..9ecacdd26 100644 --- a/certbot-dns-luadns/setup.py +++ b/certbot-dns-luadns/setup.py @@ -9,7 +9,7 @@ version = '1.16.0.dev0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. install_requires = [ - 'dns-lexicon>=2.2.1', # Support for >1 TXT record per name + 'dns-lexicon>=3.1.0', # Changed `rtype` parameter name 'setuptools>=39.0.1', 'zope.interface', ] diff --git a/certbot-dns-nsone/setup.py b/certbot-dns-nsone/setup.py index a78b6c3b7..cf88a118a 100644 --- a/certbot-dns-nsone/setup.py +++ b/certbot-dns-nsone/setup.py @@ -9,7 +9,7 @@ version = '1.16.0.dev0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. install_requires = [ - 'dns-lexicon>=2.2.1', # Support for >1 TXT record per name + 'dns-lexicon>=3.1.0', # Changed `rtype` parameter name 'setuptools>=39.0.1', 'zope.interface', ] diff --git a/certbot-dns-ovh/local-oldest-requirements.txt b/certbot-dns-ovh/local-oldest-requirements.txt index c55e0d570..1307698d4 100644 --- a/certbot-dns-ovh/local-oldest-requirements.txt +++ b/certbot-dns-ovh/local-oldest-requirements.txt @@ -1,4 +1,3 @@ # Remember to update setup.py to match the package versions below. acme[dev]==0.31.0 certbot[dev]==1.1.0 -dns-lexicon==2.7.14 diff --git a/certbot-dns-ovh/setup.py b/certbot-dns-ovh/setup.py index 4831fa480..e4dd4d712 100644 --- a/certbot-dns-ovh/setup.py +++ b/certbot-dns-ovh/setup.py @@ -9,7 +9,7 @@ version = '1.16.0.dev0' # Remember to update local-oldest-requirements.txt when changing the minimum # acme/certbot version. install_requires = [ - 'dns-lexicon>=2.7.14', # Correct proxy use on OVH provider + 'dns-lexicon>=3.1.0', # Changed `rtype` parameter name 'setuptools>=39.0.1', 'zope.interface', ] diff --git a/certbot-dns-sakuracloud/setup.py b/certbot-dns-sakuracloud/setup.py index 7b76bb324..353111ec2 100644 --- a/certbot-dns-sakuracloud/setup.py +++ b/certbot-dns-sakuracloud/setup.py @@ -8,7 +8,7 @@ version = '1.16.0.dev0' # Please update tox.ini when modifying dependency version requirements install_requires = [ - 'dns-lexicon>=2.1.23', + 'dns-lexicon>=3.1.0', # Changed `rtype` parameter name 'setuptools>=39.0.1', 'zope.interface', ] diff --git a/certbot/CHANGELOG.md b/certbot/CHANGELOG.md index fd2f0ffb4..0220f1039 100644 --- a/certbot/CHANGELOG.md +++ b/certbot/CHANGELOG.md @@ -10,11 +10,14 @@ Certbot adheres to [Semantic Versioning](https://semver.org/). ### Changed -* +* DNS plugins based on lexicon now require dns-lexicon >= v3.1.0 +* Use UTF-8 encoding for renewal configuration files +* Windows installer now cleans up old Certbot dependency packages + before installing the new ones to avoid version conflicts. ### Fixed -* +* Fix TypeError due to incompatibility with lexicon >= v3.6.0 More details about these changes can be found on our GitHub repo. diff --git a/certbot/certbot/_internal/main.py b/certbot/certbot/_internal/main.py index 703ee0452..db71b8ecf 100644 --- a/certbot/certbot/_internal/main.py +++ b/certbot/certbot/_internal/main.py @@ -616,7 +616,9 @@ def _delete_if_appropriate(config): # don't delete if the archive_dir is used by some other lineage archive_dir = storage.full_archive_path( - configobj.ConfigObj(storage.renewal_file_for_certname(config, config.certname)), + configobj.ConfigObj( + storage.renewal_file_for_certname(config, config.certname), + encoding='utf-8', default_encoding='utf-8'), config, config.certname) try: cert_manager.match_and_check_overlaps(config, [lambda x: archive_dir], @@ -1234,12 +1236,8 @@ def renew_cert(config, plugins, lineage): :raises errors.PluginSelectionError: MissingCommandlineFlag if supplied parameters do not pass """ - try: - # installers are used in auth mode to determine domain names - installer, auth = plug_sel.choose_configurator_plugins(config, plugins, "certonly") - except errors.PluginSelectionError as e: - logger.error("Could not choose appropriate plugin: %s", e) - raise + # installers are used in auth mode to determine domain names + installer, auth = plug_sel.choose_configurator_plugins(config, plugins, "certonly") le_client = _init_le_client(config, auth, installer) renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage) @@ -1277,12 +1275,8 @@ def certonly(config, plugins): """ # SETUP: Select plugins and construct a client instance - try: - # installers are used in auth mode to determine domain names - installer, auth = plug_sel.choose_configurator_plugins(config, plugins, "certonly") - except errors.PluginSelectionError as e: - logger.error("Could not choose appropriate plugin: %s", e) - raise + # installers are used in auth mode to determine domain names + installer, auth = plug_sel.choose_configurator_plugins(config, plugins, "certonly") le_client = _init_le_client(config, auth, installer) diff --git a/certbot/certbot/_internal/storage.py b/certbot/certbot/_internal/storage.py index c6384d491..788c8a2c4 100644 --- a/certbot/certbot/_internal/storage.py +++ b/certbot/certbot/_internal/storage.py @@ -67,13 +67,16 @@ def cert_path_for_cert_name(config: interfaces.IConfig, cert_name: str) -> str: """ cert_name_implied_conf = renewal_file_for_certname(config, cert_name) - return configobj.ConfigObj(cert_name_implied_conf)["fullchain"] + return configobj.ConfigObj( + cert_name_implied_conf, encoding='utf-8', default_encoding='utf-8')["fullchain"] def config_with_defaults(config=None): """Merge supplied config, if provided, on top of builtin defaults.""" - defaults_copy = configobj.ConfigObj(constants.RENEWER_DEFAULTS) - defaults_copy.merge(config if config is not None else configobj.ConfigObj()) + defaults_copy = configobj.ConfigObj( + constants.RENEWER_DEFAULTS, encoding='utf-8', default_encoding='utf-8') + defaults_copy.merge(config if config is not None else configobj.ConfigObj( + encoding='utf-8', default_encoding='utf-8')) return defaults_copy @@ -114,7 +117,7 @@ def write_renewal_config(o_filename, n_filename, archive_dir, target, relevant_d :rtype: configobj.ConfigObj """ - config = configobj.ConfigObj(o_filename) + config = configobj.ConfigObj(o_filename, encoding='utf-8', default_encoding='utf-8') config["version"] = certbot.__version__ config["archive_dir"] = archive_dir for kind in ALL_FOUR: @@ -196,7 +199,7 @@ def update_configuration(lineagename, archive_dir, target, cli_config): write_renewal_config(config_filename, temp_filename, archive_dir, target, values) filesystem.replace(temp_filename, config_filename) - return configobj.ConfigObj(config_filename) + return configobj.ConfigObj(config_filename, encoding='utf-8', default_encoding='utf-8') def get_link_target(link): @@ -324,7 +327,8 @@ def delete_files(config, certname): full_default_archive_dir = full_archive_path(None, config, certname) full_default_live_dir = _full_live_path(config, certname) try: - renewal_config = configobj.ConfigObj(renewal_filename) + renewal_config = configobj.ConfigObj( + renewal_filename, encoding='utf-8', default_encoding='utf-8') except configobj.ConfigObjError: # config is corrupted logger.error("Could not parse %s. You may wish to manually " @@ -434,7 +438,8 @@ class RenewableCert(interfaces.RenewableCert): # systemwide renewal configuration; self.configfile should be # used to make and save changes. try: - self.configfile = configobj.ConfigObj(config_filename) + self.configfile = configobj.ConfigObj( + config_filename, encoding='utf-8', default_encoding='utf-8') except configobj.ConfigObjError: raise errors.CertStorageError( "error parsing {0}".format(config_filename)) diff --git a/certbot/certbot/plugins/dns_common_lexicon.py b/certbot/certbot/plugins/dns_common_lexicon.py index a4d46587e..32213999d 100644 --- a/certbot/certbot/plugins/dns_common_lexicon.py +++ b/certbot/certbot/plugins/dns_common_lexicon.py @@ -45,7 +45,7 @@ class LexiconClient: self._find_domain_id(domain) try: - self.provider.create_record(type='TXT', name=record_name, content=record_content) + self.provider.create_record(rtype='TXT', name=record_name, content=record_content) except RequestException as e: logger.debug('Encountered error adding TXT record: %s', e, exc_info=True) raise errors.PluginError('Error adding TXT record: {0}'.format(e)) @@ -67,7 +67,7 @@ class LexiconClient: return try: - self.provider.delete_record(type='TXT', name=record_name, content=record_content) + self.provider.delete_record(rtype='TXT', name=record_name, content=record_content) except RequestException as e: logger.debug('Encountered error deleting TXT record: %s', e, exc_info=True) diff --git a/certbot/certbot/plugins/dns_test_common_lexicon.py b/certbot/certbot/plugins/dns_test_common_lexicon.py index af56cb422..0b1375cc1 100644 --- a/certbot/certbot/plugins/dns_test_common_lexicon.py +++ b/certbot/certbot/plugins/dns_test_common_lexicon.py @@ -95,7 +95,7 @@ class BaseLexiconClientTest: def test_add_txt_record(self: _LexiconAwareTestCase): self.client.add_txt_record(DOMAIN, self.record_name, self.record_content) - self.provider_mock.create_record.assert_called_with(type='TXT', + self.provider_mock.create_record.assert_called_with(rtype='TXT', name=self.record_name, content=self.record_content) @@ -104,7 +104,7 @@ class BaseLexiconClientTest: self.client.add_txt_record(DOMAIN, self.record_name, self.record_content) - self.provider_mock.create_record.assert_called_with(type='TXT', + self.provider_mock.create_record.assert_called_with(rtype='TXT', name=self.record_name, content=self.record_content) @@ -148,7 +148,7 @@ class BaseLexiconClientTest: def test_del_txt_record(self: _LexiconAwareTestCase): self.client.del_txt_record(DOMAIN, self.record_name, self.record_content) - self.provider_mock.delete_record.assert_called_with(type='TXT', + self.provider_mock.delete_record.assert_called_with(rtype='TXT', name=self.record_name, content=self.record_content) diff --git a/certbot/docs/using.rst b/certbot/docs/using.rst index cc061b622..be4d96c4f 100644 --- a/certbot/docs/using.rst +++ b/certbot/docs/using.rst @@ -285,6 +285,7 @@ dns-clouddns_ Y N DNS Authentication using CloudDNS API dns-lightsail_ Y N DNS Authentication using Amazon Lightsail DNS API dns-inwx_ Y Y DNS Authentication for INWX through the XML API dns-azure_ Y N DNS Authentication using Azure DNS +dns-godaddy_ Y N DNS Authentication using Godaddy DNS ================== ==== ==== =============================================================== .. _haproxy: https://github.com/greenhost/certbot-haproxy @@ -300,6 +301,7 @@ dns-azure_ Y N DNS Authentication using Azure DNS .. _dns-lightsail: https://github.com/noi/certbot-dns-lightsail .. _dns-inwx: https://github.com/oGGy990/certbot-dns-inwx/ .. _dns-azure: https://github.com/binkhq/certbot-dns-azure +.. _dns-godaddy: https://github.com/miigotu/certbot-dns-godaddy If you're interested, you can also :ref:`write your own plugin `. diff --git a/letstest/scripts/test_apache2.sh b/letstest/scripts/test_apache2.sh index 9d9ca6c12..830ae44b2 100755 --- a/letstest/scripts/test_apache2.sh +++ b/letstest/scripts/test_apache2.sh @@ -12,25 +12,6 @@ then # For apache 2.4, set up ServerName sudo sed -i '/ServerName/ s/#ServerName/ServerName/' $CONFFILE sudo sed -i '/ServerName/ s/www.example.com/'$PUBLIC_HOSTNAME'/' $CONFFILE - if [ $(python3 -V 2>&1 | cut -d" " -f 2 | cut -d. -f1,2 | sed 's/\.//') -lt 36 ] - then - # Upgrade python version using pyenv because py3.5 is deprecated - # Don't upgrade if it's already 3.8 because pyenv doesn't work great on arm, and - # our arm representative happens to be ubuntu20, which already has a perfectly - # good version of python. - sudo apt-get install -y make gcc build-essential libssl-dev zlib1g-dev libbz2-dev \ - libreadline-dev libsqlite3-dev wget curl llvm libncurses5-dev libncursesw5-dev \ - xz-utils tk-dev libffi-dev liblzma-dev python-openssl git # pyenv deps - curl https://pyenv.run | bash - export PATH="~/.pyenv/bin:$PATH" - pyenv init - - pyenv virtualenv-init - - pyenv install 3.8.5 - pyenv global 3.8.5 - # you do, in fact need to run these again, exactly like this. - eval "$(pyenv init -)" - eval "$(pyenv virtualenv-init -)" - fi elif [ "$OS_TYPE" = "centos" ] then CONFFILE=/etc/httpd/conf/httpd.conf diff --git a/letstest/targets/apache2_targets.yaml b/letstest/targets/apache2_targets.yaml index 2663782ce..c0c08be12 100644 --- a/letstest/targets/apache2_targets.yaml +++ b/letstest/targets/apache2_targets.yaml @@ -21,11 +21,6 @@ targets: type: ubuntu virt: hvm user: ubuntu - - ami: ami-09677e0a6b14905b0 - name: ubuntu16.04LTS - type: ubuntu - virt: hvm - user: ubuntu #----------------------------------------------------------------------------- # Debian - ami: ami-01db78123b2b99496 @@ -33,11 +28,6 @@ targets: type: ubuntu virt: hvm user: admin - - ami: ami-003f19e0e687de1cd - name: debian9 - type: ubuntu - virt: hvm - user: admin #----------------------------------------------------------------------------- # CentOS - ami: ami-9887c6e7 diff --git a/tools/_release.sh b/tools/_release.sh index 4e118c2d7..7dd4601ff 100755 --- a/tools/_release.sh +++ b/tools/_release.sh @@ -189,15 +189,6 @@ while ! git commit --gpg-sign="$RELEASE_GPG_KEY" -m "Release $version"; do done git tag --local-user "$RELEASE_GPG_KEY" --sign --message "Release $version" "$tag" -cd .. -echo Now in $PWD -name=${root_without_le%.*} -ext="${root_without_le##*.}" -rev="$(git rev-parse --short HEAD)" -echo tar cJvf $name.$rev.tar.xz $name.$rev -echo gpg2 -U $RELEASE_GPG_KEY --detach-sign --armor $name.$rev.tar.xz -cd ~- - # Add master section to CHANGELOG.md header=$(head -n 4 certbot/CHANGELOG.md) body=$(sed s/nextversion/$nextversion/ tools/_changelog_top.txt) @@ -210,12 +201,6 @@ $footer" > certbot/CHANGELOG.md git add certbot/CHANGELOG.md git commit -m "Add contents to certbot/CHANGELOG.md for next version" -echo "New root: $root" -echo "Test commands (in the letstest directory):" -echo 'letstest --saveinstances targets/targets.yaml $AWS_KEY $USERNAME scripts/test_apache2.sh' -echo "In order to upload packages run the following command:" -echo twine upload "$root/dist.$version/*/*" - if [ "$RELEASE_BRANCH" = candidate-"$version" ] ; then SetVersion "$nextversion".dev0 git commit -m "Bump version to $nextversion" diff --git a/tools/oldest_constraints.txt b/tools/oldest_constraints.txt index f6528f396..c0f114639 100644 --- a/tools/oldest_constraints.txt +++ b/tools/oldest_constraints.txt @@ -59,9 +59,6 @@ zope.hookable==4.0.4 # Ubuntu Bionic constraints. cryptography==2.1.4 distro==1.0.1 -# Lexicon oldest constraint is overridden appropriately on relevant DNS provider plugins -# using their local-oldest-requirements.txt -dns-lexicon==2.2.1 httplib2==0.9.2 idna==2.6 setuptools==39.0.1 @@ -77,3 +74,6 @@ parsedatetime==2.4 # Tracking at https://github.com/certbot/certbot/issues/6473 boto3==1.4.7 botocore==1.7.41 +# Lexicon oldest constraint is overridden appropriately on relevant DNS provider plugins +# using their local-oldest-requirements.txt +dns-lexicon==3.1.0 diff --git a/windows-installer/assets/template.nsi b/windows-installer/assets/template.nsi index 566e1b004..5c551729a 100644 --- a/windows-installer/assets/template.nsi +++ b/windows-installer/assets/template.nsi @@ -83,6 +83,11 @@ SectionEnd [% block sections %] Section "!${PRODUCT_NAME}" sec_app + ; CERTBOT CUSTOM BEGIN + ; Try to cleanup Certbot pkg directory to avoid dependencies conflicts + RMDir /r "$INSTDIR\pkgs" + ; CERTBOT CUSTOM END + SetRegView [[ib.py_bitness]] SectionIn RO File ${PRODUCT_ICON}