From 0f6486ec7fdc92b1c77d4d4701641a52ce941792 Mon Sep 17 00:00:00 2001
From: Robie Basak <robie.basak@canonical.com>
Date: Wed, 27 Jun 2018 15:38:45 +0100
Subject: [PATCH] Initial commit

* Add renewal timer

* Install libaugeas0 in python-augeas part build

This part needs libaugeas0 to build.

* Bump to 0.26.1

* Always act directly on upstream master

I want to keep this always working, so move to master. We can
reintroduce upstream stable releases when we are ready for general use.

Closes: #5

That particular issue seems to no longer happen. Presumably something
changed in upstream git or in PyPI. If it happens again, hopefully I'll
have CI against upstream master up by then and I'll be able to pin it
down.

* Add empty Travis build

* Add Travis automatic snap edge publication

* Add integration test

This uses upstream's test suite from their source tree to check the
built snap to make sure it behaves as expected, before attempting upload
to the store.

* Point Augeas to its lens library

Augeas defaults to looking in /usr/share/augeas/lenses, which in a snap
isn't found at this path, but inside $SNAP. So set AUGEAS_LENS_LIB to
where the lenses can be found within the snap.

This fixes the Apache plugin that uses Augeas.
---
 snap/.snapcraft/travis_snapcraft.cfg | Bin 0 -> 2448 bytes
 snap/.travis.yml                     |  11 +++++
 snap/snapcraft.yaml                  |  67 +++++++++++++++++++++++++++
 snap/test.bash                       |  34 ++++++++++++++
 4 files changed, 112 insertions(+)
 create mode 100644 snap/.snapcraft/travis_snapcraft.cfg
 create mode 100644 snap/.travis.yml
 create mode 100644 snap/snapcraft.yaml
 create mode 100644 snap/test.bash

diff --git a/snap/.snapcraft/travis_snapcraft.cfg b/snap/.snapcraft/travis_snapcraft.cfg
new file mode 100644
index 0000000000000000000000000000000000000000..d54f41155fe3ff5850721619d5e34d6b0ad85afc
GIT binary patch
literal 2448
zcmV;B32*ioqW&}!9P1blSSTry(okTVjYkP?5Wp~YL%*7glNCXMj}n<<XCyr?|AmSY
z!c`EL8}1ll4s}zS^%BSC0}zy!KQu9l=sa1pF@Bh)0K4^Y_G(CC;y@c|;Xq~V-`Yg_
zXK>x)aFiR0p~b(~Lr-<v(DXMz%m05W%4I=%PK=h9?%|}~G8ivS$OI|A(&b;r(o-)j
z^HCydJhm(<)xUI{N+p7?-DYDd+mri{x5B;5SMTU8yW_(uA7X-5ds3ho>2a%WaDxNW
za?T9WiJ>=#5)Tv?W^tOlDqEo4dg!o4Bsp-DcwCs0&#uf66A*9Je9ZncL}uaGpw%iI
z2^X^wfNaDms2C;|Gsk-%Hy$nN9+sqSkSmk}rD&I;?a9O_C~o%wWi5e@C%g!8Ff0Bo
z#hU>DS&>7I+i?1)LQHx?n5)hVWPMPL^=f_lwmisSuxt7`qG5#~$3Uk0B?_#3Gu|$y
zA?h1^nZ=AQf>X3UNbKbly&DRX$~<*(t=e6sVrUKEwRLsOy0h~*>U?9KuOhThsG3Dk
z(m}Qa?^ew_=*BVFBySco&{Qr>6mYKiP~W6aPn*$ibOLO*aW4Rb<IF2`hvX;ayH&Un
z9lUhMKemQkA}Wgxi5zGeeI&_=(WtxYH$b_T+w(1d9i-!=ik#Wd-WbOBZALyGl}@>!
zH1`)DqV<d=T7HX4<oo{E2K<Lz#8<`1`4v1QS{Si5IYbU?FNg!sqU?+QM67sD{@ML9
z9b9z-blG$>jauEA#DjT0+#QNEN%!10i!V<N>Gh9)($2gq%!e+Ak$#MTRbA)JsJNS6
z!dQ7w;L61&A=I{~I3fsbl^4(<(EB6*R}rx{NPv66sFYV&2?zi-rY*Iti%UxnS%Wla
zJW<v2F4msOA4LXF562Z+x5q4GxhwwICu03^<GYO(yFH7&0h4FF9s%`Fe?PNkf9&wu
zNXXs|cc)7I(@Ub`pnH>zamc&fCV0LSWNi6rm!32AazC_g@@tnoeO4;Uyi4**X&ni0
z!@|b)O0QMjb!?CV>7Br$X{<0f!fZw1WEQU%QKP9wy#PQmV=aWlb)XckcsZ!MKg9b_
zrgzTjPBNzx@IepXqUjwLL9f2INb(l@i+)obL=^nrbGLnA>xBv%{yO~dN9p)ukkLz=
zt#h^pA;p(uCihtoFaj{S8U}H*{sV}>za$3iW4Zi>M`Q(C%v4r+GK-usI-d&3K+OSs
z)!{?S*`>5QWVHV-KoT=LC!ycSAQ_cM)QtU3jwm=6fO`d;YD7q8Yo#EacGsgGwYlGh
z|4FDD2m>FB3d;ptjq{g5Pxk<H?Y)=L9!J!OSAu*<?8?lLlq@0dfN}9@MJKE1;siY5
zu{(mPT0-q#=c>w0=Wy+vR>`f17L@CB<tfUAi#7c<>G5kdq~8Lo*>RcGMRt7#Q237y
zD|mr7V-~-TBv-?Lty9i9Ro10M5=P{L4)D^%l?#m4m?<*+2W-ExQ3~Gq81sd66B^Dt
z7o4{k%oP}2OasXZvGlIn8f`qz<ZikFF}8&(7N1waTd8dQBLUxHp%P<BC7!d68EQ^u
z3GCj7gd4tF)(brHIXpS(0Gq@Ukik|M0u}h{sVK~}KOVqP;fPO-IW#~Oyojp1IGwtc
zx_dRhOFqSnLMD7P%;O=(DS~i*khA?dtGrt739?bx2qawNyAYl#Yg}v1$$*wFET>H%
zs0gJIA@_`Tpsl+U$!twrGg*q<eTJ-G0V@UaB9QtChA2K1YuC!4;g|zXdY*ZEcvX>k
z`oNJOxdC$PCyDFz;hynHJkR#j>265mFUgsaXWAzgEn42N1AQ0o;Qm!b{gb5CInGAY
zj8Tm5S-vo>ss@(q0%BZ9B_~6e-wh|(Bol-32pwUY)0hG=#(fh^>$L&btbk7t_wW0t
zc6B^FgrN8AFj+}N!SYWDMTs`?m;W+Gc5*BYE&4JK2?2~Rakjy113&GLm2|t{jvC6G
zqYB_{0A#v5@7_GbjBQ)KGhzTRFsUpa{NyhG^krSR%Z8edP}_AschHegr+w_A0=)GQ
zQNgX?ps<dt(9;Y0@YDdYi@vp@<k-4Gi)h$bt=2v}Xl$Q2nV`NFf04M~?J&C2z#cHI
z`oHfEP?S~f0E14dS3M&|fhISDb!Uf7_<E1jC5ug*JurxH1@p(rcz<1M@UBCHguuo5
zTrs|e2;77RQ;>x`(HhfK(J93l`&f49!HYE|;3Y+wq43WIJ(=8Ec_C8^b81a*9LeT<
zTfIiq%Eh?|-ie{5ozKc>!@N%t@_cLih>6U2Hk-wCg}KlGwU8O^jP*nuOLdlal@;Z4
z6=o9ooLrc)uv4ilB-_x_6>W3-#uYK>cHXg|iNMl$f+5mKPOlpWGxC6SyAn6vl>M`8
zyb_WU4C}T%bZ|kh7Pu5lRqN{YICM|?O=)+WNe~&XMfRH4ORFNO0<^CoGnGh)A;2P%
z=-@5~;f(g3ml!7N8#Kw2@GgJ7gbOI4#JIvLS0F@FIL|R|yvdl9XN=z3U%IrfbGRN&
zSm$m$BnSb)pOEN?vSf%%Lxd7FDuWH_s8{^fvgglT+Nn&k^B)$Tf+5LzOG8*J(e{1>
zcPX;+Uaai526@f8zA2bdclu)#_jDQ-Hv<;=+OTi9IpJiYEQ^|%zWprvV@sXeCgs*K
zX$>pCL(*~A0CH{2Z$9kWyI{1ZB`}q<>kHnd0=5U=lHhe0HZ+Mvhb$zYAkqPcWYc4@
zO#sdX4!Xus6raVi#<lXOjeBJ#9C-%VXqgXiJd`hrNDJ*(rPhHkrfQ=Q!nMP4r3N>}
z?7SbP&}-?}8_+?B;brcRR7$-svQ8Qe*pC!LJJ--7{M?z?id&iI+N95Ygq4rGaL}jI
zzg@1O@CVI+QQD@oEnQE21@d=Aocw!K-9AL3qb_btf0BilGrk8ud_6$QmROJ|WCXx`
zU+(RdGK|dkFgNsT(#n`8tvrkF?N>av0Dv`cl(ejja|i3_H1`oa_5J!En2hP6+YL!M
zIBhzz;jj3PDtKgr+I^_Kc8W!2*+E_V)T*OBqww_Wid151=<wjcK!ax_0eVN#@YkFZ
ziNXN7>!vll3u)HxK(#&)f&YYYsC>SyoUOOF(0Z{V(qivF0#(W6oYjMvR6$S|`s9Jl
zS%Ztzb~ouF4Q>Ow7Q3#JZiI&!F<k%7RK3dexT0Yz_cG$v-_!eC?1Z>XfNmx(1kv!w
OnZUwb{V>Dqu1Ux#JH%H2

literal 0
HcmV?d00001

diff --git a/snap/.travis.yml b/snap/.travis.yml
new file mode 100644
index 000000000..603609b6d
--- /dev/null
+++ b/snap/.travis.yml
@@ -0,0 +1,11 @@
+language: bash
+script: docker run -v $(pwd):$(pwd) -t snapcore/snapcraft sh -c "apt-get update -qq && cd $(pwd) && snapcraft" && sudo apt-get -y install snapd && sudo snap install --dangerous --classic *.snap && sudo bash test.bash
+sudo: required
+services:
+- docker
+deploy:
+  'on':
+    branch: master
+  provider: script
+  script: openssl aes-256-cbc -K $encrypted_edc9d3b1405a_key -iv $encrypted_edc9d3b1405a_iv -in .snapcraft/travis_snapcraft.cfg -out .snapcraft/snapcraft.cfg -d && docker run -v $(pwd):$(pwd) -t snapcore/snapcraft sh -c "cd $(pwd) && snapcraft push *.snap --release edge"
+  skip_cleanup: true
diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml
new file mode 100644
index 000000000..46425f182
--- /dev/null
+++ b/snap/snapcraft.yaml
@@ -0,0 +1,67 @@
+name: certbot
+version: script
+version-script: cd parts/certbot/src && git describe|sed s/^v//
+summary: Automatically configure HTTPS using Let's Encrypt
+description: |
+ The objective of Certbot, Let's Encrypt, and the ACME (Automated
+ Certificate Management Environment) protocol is to make it possible
+ to set up an HTTPS server and have it automatically obtain a
+ browser-trusted certificate, without any human intervention. This is
+ accomplished by running a certificate management agent on the web
+ server.
+ 
+ This agent is used to:
+   - Automatically prove to the Let's Encrypt CA that you control the website
+   - Obtain a browser-trusted certificate and set it up on your web server
+   - Keep track of when your certificate is going to expire, and renew it
+   - Help you revoke the certificate if that ever becomes necessary.
+confinement: classic
+grade: devel
+
+apps:
+  certbot:
+    command: certbot
+    environment:
+      PATH: "$SNAP/bin:$SNAP/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"
+      AUGEAS_LENS_LIB: $SNAP/usr/share/augeas/lenses/dist
+  renew:
+    command: certbot -q renew
+    daemon: oneshot
+    environment:
+      PATH: "$SNAP/bin:$SNAP/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"
+      AUGEAS_LENS_LIB: $SNAP/usr/share/augeas/lenses/dist
+    passthrough:
+        # Run approximately twice a day with randomization
+        timer: 00:00~24:00/2
+
+parts:
+  python-augeas:
+    plugin: python
+    source: git://github.com/basak/python-augeas
+    source-branch: snap
+    python-version: python2
+    build-packages: [libaugeas0]
+  certbot:
+    plugin: python
+    source: git://github.com/certbot/certbot
+    source-branch: master
+    python-version: python2
+    after: [python-augeas]
+  certbot-nginx:
+    plugin: python
+    source: git://github.com/certbot/certbot
+    source-branch: master
+    source-subdir: certbot-nginx
+    build-packages: [libaugeas-dev]
+    stage-packages: [libaugeas0]
+    after: [certbot]
+    python-version: python2
+  certbot-apache:
+    plugin: python
+    source: git://github.com/certbot/certbot
+    source-branch: master
+    source-subdir: certbot-apache
+    build-packages: [libaugeas-dev]
+    stage-packages: [libaugeas0]
+    after: [certbot]
+    python-version: python2
diff --git a/snap/test.bash b/snap/test.bash
new file mode 100644
index 000000000..e723b67bf
--- /dev/null
+++ b/snap/test.bash
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+set -ex
+
+apt-get -y install lsb-release net-tools wget python nginx
+
+wget https://github.com/docker/compose/releases/download/1.15.0-rc1/docker-compose-Linux-x86_64 -O /usr/local/bin/docker-compose
+chmod +x /usr/local/bin/docker-compose
+
+cat << EOF > /usr/local/bin/coverage
+#!/bin/bash -xe
+
+if [ "\$1" != "run" ]; then
+    exit 0;
+fi
+
+"\${@:7}"
+EOF
+chmod +x /usr/local/bin/coverage
+
+certbot_version=$(certbot --version 2>&1 | grep "^certbot" | cut -d " " -f 2)
+
+cd parts/certbot/src
+
+tests/boulder-fetch.sh
+until curl http://localhost:4000/directory 2>/dev/null; do
+  echo waiting for boulder
+  sleep 1
+done
+# Not needed under Travis Trusty?
+#sed -i "s/'1.3.6.1.5.5.7.1.24'/-e '1.3.6.1.5.5.7.1.24' -e 'status_request'/g" tests/certbot-boulder-integration.sh
+tests/boulder-integration.sh
+
+echo "Success!"