upstream/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-06-07 15:52:08 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'upstream/master' into cli_new_cert_reporting

Browse source
This commit is contained in:
Alex Zorin 2021-02-08 17:23:54 +11:00
commit 13cee5aac9
123 changed files with 1071 additions and 1207 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.azure-pipelines/main.yml
View file

@ -5,3 +5,4 @@ pr:
jobs:
- template: templates/jobs/standard-tests-jobs.yml

14
.azure-pipelines/templates/jobs/extended-tests-jobs.yml
View file

@ -21,26 +21,24 @@ jobs:
PYTHON_VERSION: 3.7
TOXENV: py37
CERTBOT_NO_PIN: 1
linux-external-mock:
TOXENV: external-mock
linux-boulder-v1-integration-certbot-oldest:
PYTHON_VERSION: 3.6
TOXENV: integration-certbot-oldest
ACME_SERVER: boulder-v1
linux-boulder-v2-integration-certbot-oldest:
PYTHON_VERSION: 3.6
TOXENV: integration-certbot-oldest
ACME_SERVER: boulder-v2
linux-boulder-v1-integration-nginx-oldest:
PYTHON_VERSION: 3.6
TOXENV: integration-nginx-oldest
ACME_SERVER: boulder-v1
linux-boulder-v2-integration-nginx-oldest:
PYTHON_VERSION: 3.6
TOXENV: integration-nginx-oldest
ACME_SERVER: boulder-v2
linux-boulder-v1-py27-integration:
PYTHON_VERSION: 2.7
TOXENV: integration
ACME_SERVER: boulder-v1
linux-boulder-v2-py27-integration:
PYTHON_VERSION: 2.7
TOXENV: integration
ACME_SERVER: boulder-v2
linux-boulder-v1-py36-integration:
PYTHON_VERSION: 3.6
TOXENV: integration

2
.azure-pipelines/templates/jobs/packaging-jobs.yml
View file

@ -56,7 +56,7 @@ jobs:
steps:
- task: UsePythonVersion@0
inputs:
versionSpec: 3.7
versionSpec: 3.8
architecture: x86
addToPath: true
- script: python windows-installer/construct.py

33
.azure-pipelines/templates/jobs/standard-tests-jobs.yml
View file

@ -4,10 +4,10 @@ jobs:
PYTHON_VERSION: 3.9
strategy:
matrix:
macos-py27:
macos-py36:
IMAGE_NAME: macOS-10.15
PYTHON_VERSION: 2.7
TOXENV: py27
PYTHON_VERSION: 3.6
TOXENV: py36
macos-py39:
IMAGE_NAME: macOS-10.15
PYTHON_VERSION: 3.9
@ -16,24 +16,22 @@ jobs:
IMAGE_NAME: vs2017-win2016
PYTHON_VERSION: 3.6
TOXENV: py36
windows-py37-cover:
windows-py38-cover:
IMAGE_NAME: vs2017-win2016
PYTHON_VERSION: 3.7
TOXENV: py37-cover
PYTHON_VERSION: 3.8
TOXENV: py38-cover
windows-integration-certbot:
IMAGE_NAME: vs2017-win2016
PYTHON_VERSION: 3.7
PYTHON_VERSION: 3.8
TOXENV: integration-certbot
linux-oldest-tests-1:
IMAGE_NAME: ubuntu-18.04
TOXENV: py27-{acme,apache,apache-v2,certbot}-oldest
PYTHON_VERSION: 3.6
TOXENV: '{acme,apache,apache-v2,certbot}-oldest'
linux-oldest-tests-2:
IMAGE_NAME: ubuntu-18.04
TOXENV: py27-{dns,nginx}-oldest
linux-py27:
IMAGE_NAME: ubuntu-18.04
PYTHON_VERSION: 2.7
TOXENV: py27
PYTHON_VERSION: 3.6
TOXENV: '{dns,nginx}-oldest'
linux-py36:
IMAGE_NAME: ubuntu-18.04
PYTHON_VERSION: 3.6
@ -63,13 +61,18 @@ jobs:
TOXENV: modification
apacheconftest:
IMAGE_NAME: ubuntu-18.04
PYTHON_VERSION: 2.7
PYTHON_VERSION: 3.6
TOXENV: apacheconftest-with-pebble
nginxroundtrip:
IMAGE_NAME: ubuntu-18.04
PYTHON_VERSION: 2.7
PYTHON_VERSION: 3.6
TOXENV: nginxroundtrip
pool:
vmImage: $(IMAGE_NAME)
steps:
- template: ../steps/tox-steps.yml
- job: test_sphinx_builds
pool:
vmImage: ubuntu-20.04
steps:
- template: ../steps/sphinx-steps.yml

2
.azure-pipelines/templates/stages/notify-failure-stage.yml
View file

@ -5,7 +5,7 @@ stages:
variables:
- group: certbot-common
pool:
vmImage: ubuntu-latest
vmImage: ubuntu-20.04
steps:
- bash: |
set -e

23
.azure-pipelines/templates/steps/sphinx-steps.yml Normal file
View file

@ -0,0 +1,23 @@
steps:
- bash: |
FINAL_STATUS=0
declare -a FAILED_BUILDS
python3 -m venv .venv
source .venv/bin/activate
python tools/pipstrap.py
for doc_path in */docs
do
echo ""
echo "##[group]Building $doc_path"
pip install -q -e $doc_path/..[docs]
if ! sphinx-build -W --keep-going -b html $doc_path $doc_path/_build/html; then
FINAL_STATUS=1
FAILED_BUILDS[${#FAILED_BUILDS[@]}]="${doc_path%/docs}"
fi
echo "##[endgroup]"
done
if [[ $FINAL_STATUS -ne 0 ]]; then
echo "##[error]The following builds failed: ${FAILED_BUILDS[*]}"
exit 1
fi
displayName: Build Sphinx Documentation

6
.azure-pipelines/templates/steps/tox-steps.yml
View file

@ -45,11 +45,7 @@ steps:
export TARGET_BRANCH="`echo "${BUILD_SOURCEBRANCH}" | sed -E 's!refs/(heads|tags)/!!g'`"
[ -z "${SYSTEM_PULLREQUEST_TARGETBRANCH}" ] || export TARGET_BRANCH="${SYSTEM_PULLREQUEST_TARGETBRANCH}"
env
if [[ "${TOXENV}" == *"oldest"* ]]; then
tools/run_oldest_tests.sh
else
python -m tox
fi
python -m tox
env:
AWS_ACCESS_KEY_ID: $(AWS_ACCESS_KEY_ID)
AWS_SECRET_ACCESS_KEY: $(AWS_SECRET_ACCESS_KEY)

1
.dockerignore
View file

@ -8,5 +8,4 @@
.git
.tox
venv
venv3
docs

2
.envrc
View file

@ -3,7 +3,7 @@
# activated and then deactivated when you cd elsewhere. Developers have to have
# direnv set up and run `direnv allow` to allow this file to execute on their
# system. You can find more information at https://direnv.net/.
. venv3/bin/activate
. venv/bin/activate
# direnv doesn't support modifying PS1 so we unset it to squelch the error
# it'll otherwise print about this being done in the activate script. See
# https://github.com/direnv/direnv/wiki/PS1. If you would like your shell

2
AUTHORS.md
View file

@ -1,6 +1,7 @@
Authors
=======
* [Aaron Gable](https://github.com/aarongable)
* [Aaron Zirbes](https://github.com/aaronzirbes)
* Aaron Zuehlke
* Ada Lovelace
@ -60,6 +61,7 @@ Authors
* [DanCld](https://github.com/DanCld)
* [Daniel Albers](https://github.com/AID)
* [Daniel Aleksandersen](https://github.com/da2x)
* [Daniel Almasi](https://github.com/almasen)
* [Daniel Convissor](https://github.com/convissor)
* [Daniel "Drex" Drexler](https://github.com/aeturnum)
* [Daniel Huang](https://github.com/dhuang)

4
Dockerfile-dev
View file

@ -15,6 +15,6 @@ RUN apt-get update && \
/tmp/* \
/var/tmp/*
RUN VENV_NAME="../venv3" python3 tools/venv3.py
RUN VENV_NAME="../venv" python3 tools/venv.py
ENV PATH /opt/certbot/venv3/bin:$PATH
ENV PATH /opt/certbot/venv/bin:$PATH

8
acme/acme/__init__.py
View file

@ -6,7 +6,6 @@ This module is an implementation of the `ACME protocol`_.
"""
import sys
import warnings
# This code exists to keep backwards compatibility with people using acme.jose
# before it became the standalone josepy package.
@ -20,10 +19,3 @@ for mod in list(sys.modules):
# preserved (acme.jose.* is josepy.*)
if mod == 'josepy' or mod.startswith('josepy.'):
sys.modules['acme.' + mod.replace('josepy', 'jose', 1)] = sys.modules[mod]
if sys.version_info[0] == 2:
warnings.warn(
"Python 2 support will be dropped in the next release of acme. "
"Please upgrade your Python version.",
PendingDeprecationWarning,
) # pragma: no cover

2
acme/acme/challenges.py
View file

@ -150,7 +150,7 @@ class KeyAuthorizationChallenge(_TokenChallenge):
"""Challenge based on Key Authorization.
:param response_cls: Subclass of `KeyAuthorizationChallengeResponse`
that will be used to generate `response`.
that will be used to generate ``response``.
:param str typ: type of the challenge
"""
typ = NotImplemented

12
acme/acme/client.py
View file

@ -6,7 +6,6 @@ from email.utils import parsedate_tz
import heapq
import logging
import re
import sys
import time
import josepy as jose
@ -30,17 +29,6 @@ from acme.mixins import VersionedLEACMEMixin
logger = logging.getLogger(__name__)
# Prior to Python 2.7.9 the stdlib SSL module did not allow a user to configure
# many important security related options. On these platforms we use PyOpenSSL
# for SSL, which does allow these options to be configured.
# https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning
if sys.version_info < (2, 7, 9): # pragma: no cover
try:
requests.packages.urllib3.contrib.pyopenssl.inject_into_urllib3() # type: ignore
except AttributeError:
import urllib3.contrib.pyopenssl
urllib3.contrib.pyopenssl.inject_into_urllib3()
DEFAULT_NETWORK_TIMEOUT = 45
DER_CONTENT_TYPE = 'application/pkix-cert'

2
acme/acme/crypto_util.py
View file

@ -166,7 +166,7 @@ def probe_sni(name, host, port=443, timeout=300, # pylint: disable=too-many-argu
" from {0}:{1}".format(
source_address[0],
source_address[1]
) if socket_kwargs else ""
) if any(source_address) else ""
)
socket_tuple = (host, port) # type: Tuple[str, int]
sock = socket.create_connection(socket_tuple, **socket_kwargs) # type: ignore

2
acme/acme/errors.py
View file

@ -49,7 +49,7 @@ class MissingNonce(NonceError):
Replay-Nonce header field in each successful response to a POST it
provides to a client (...)".
:ivar requests.Response response: HTTP Response
:ivar requests.Response ~.response: HTTP Response
"""
def __init__(self, response, *args, **kwargs):

4
acme/acme/messages.py
View file

@ -275,7 +275,7 @@ class Resource(jose.JSONObjectWithFields):
class ResourceWithURI(Resource):
"""ACME Resource with URI.
:ivar unicode uri: Location of the resource.
:ivar unicode ~.uri: Location of the resource.
"""
uri = jose.Field('uri') # no ChallengeResource.uri
@ -627,7 +627,7 @@ class Order(ResourceBody):
:ivar str finalize: URL to POST to to request issuance once all
authorizations have "valid" status.
:ivar datetime.datetime expires: When the order expires.
:ivar .Error error: Any error that occurred during finalization, if applicable.
:ivar ~.Error error: Any error that occurred during finalization, if applicable.
"""
identifiers = jose.Field('identifiers', omitempty=True)
status = jose.Field('status', decoder=Status.from_json,

5
acme/docs/conf.py
View file

@ -85,7 +85,10 @@ language = 'en'
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
exclude_patterns = ['_build']
exclude_patterns = [
'_build',
'man/*'
]
# The reST default role (used for this markup: `text`) to use for all
# documents.

30
acme/setup.py
View file

@ -1,40 +1,26 @@
from distutils.version import LooseVersion
import sys
from setuptools import __version__ as setuptools_version
from setuptools import find_packages
from setuptools import setup
version = '1.11.0.dev0'
version = '1.13.0.dev0'
# Please update tox.ini when modifying dependency version requirements
install_requires = [
# load_pem_private/public_key (>=0.6)
# rsa_recover_prime_factors (>=0.8)
'cryptography>=1.2.3',
'cryptography>=2.1.4',
# formerly known as acme.jose:
# 1.1.0+ is required to avoid the warnings described at
# https://github.com/certbot/josepy/issues/13.
'josepy>=1.1.0',
# Connection.set_tlsext_host_name (>=0.13) + matching Xenial requirements (>=0.15.1)
'PyOpenSSL>=0.15.1',
'PyOpenSSL>=17.3.0',
'pyrfc3339',
'pytz',
'requests[security]>=2.6.0', # security extras added in 2.4.1
'requests>=2.6.0',
'requests-toolbelt>=0.3.0',
'setuptools',
'six>=1.9.0', # needed for python_2_unicode_compatible
'setuptools>=39.0.1',
'six>=1.11.0',
]
setuptools_known_environment_markers = (LooseVersion(setuptools_version) >= LooseVersion('36.2'))
if setuptools_known_environment_markers:
install_requires.append('mock ; python_version < "3.3"')
elif 'bdist_wheel' in sys.argv[1:]:
raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
'of setuptools. Version 36.2+ of setuptools is required.')
elif sys.version_info < (3,3):
install_requires.append('mock')
dev_extras = [
'pytest',
'pytest-xdist',
@ -54,14 +40,12 @@ setup(
author="Certbot Project",
author_email='client-dev@letsencrypt.org',
license='Apache License 2.0',
python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*',
python_requires='>=3.6',
classifiers=[
'Development Status :: 5 - Production/Stable',
'Intended Audience :: Developers',
'License :: OSI Approved :: Apache Software License',
'Programming Language :: Python',
'Programming Language :: Python :: 2',
'Programming Language :: Python :: 2.7',
'Programming Language :: Python :: 3',
'Programming Language :: Python :: 3.6',
'Programming Language :: Python :: 3.7',

5
acme/tests/challenges_test.py
View file

@ -1,12 +1,9 @@
"""Tests for acme.challenges."""
import unittest
from unittest import mock
import josepy as jose
import OpenSSL
try:
import mock
except ImportError: # pragma: no cover
from unittest import mock # type: ignore
import requests
from six.moves.urllib import parse as urllib_parse

5
acme/tests/client_test.py
View file

@ -4,12 +4,9 @@ import copy
import datetime
import json
import unittest
from unittest import mock
import josepy as jose
try:
import mock
except ImportError: # pragma: no cover
from unittest import mock # type: ignore
import OpenSSL
import requests
from six.moves import http_client # pylint: disable=import-error

6
acme/tests/errors_test.py
View file

@ -1,10 +1,6 @@
"""Tests for acme.errors."""
import unittest
try:
import mock
except ImportError: # pragma: no cover
from unittest import mock # type: ignore
from unittest import mock
class BadNonceTest(unittest.TestCase):

6
acme/tests/magic_typing_test.py
View file

@ -1,11 +1,7 @@
"""Tests for acme.magic_typing."""
import sys
import unittest
try:
import mock
except ImportError: # pragma: no cover
from unittest import mock # type: ignore
from unittest import mock
class MagicTypingTest(unittest.TestCase):

5
acme/tests/messages_test.py
View file

@ -1,11 +1,8 @@
"""Tests for acme.messages."""
import unittest
from unittest import mock
import josepy as jose
try:
import mock
except ImportError: # pragma: no cover
from unittest import mock # type: ignore
from acme import challenges
import test_util

5
acme/tests/standalone_test.py
View file

@ -2,12 +2,9 @@
import socket
import threading
import unittest
from unittest import mock
import josepy as jose
try:
import mock
except ImportError: # pragma: no cover
from unittest import mock # type: ignore
import requests
from six.moves import http_client # pylint: disable=import-error
from six.moves import socketserver # type: ignore # pylint: disable=import-error

8
certbot-apache/certbot_apache/_internal/override_suse.py
View file

@ -14,10 +14,10 @@ class OpenSUSEConfigurator(configurator.ApacheConfigurator):
vhost_root="/etc/apache2/vhosts.d",
vhost_files="*.conf",
logs_root="/var/log/apache2",
ctl="apache2ctl",
version_cmd=['apache2ctl', '-v'],
restart_cmd=['apache2ctl', 'graceful'],
conftest_cmd=['apache2ctl', 'configtest'],
ctl="apachectl",
version_cmd=['apachectl', '-v'],
restart_cmd=['apachectl', 'graceful'],
conftest_cmd=['apachectl', 'configtest'],
enmod="a2enmod",
dismod="a2dismod",
le_vhost_ext="-le-ssl.conf",

21
certbot-apache/setup.py
View file

@ -1,11 +1,7 @@
from distutils.version import LooseVersion
import sys
from setuptools import __version__ as setuptools_version
from setuptools import find_packages
from setuptools import setup
version = '1.11.0.dev0'
version = '1.13.0.dev0'
# Remember to update local-oldest-requirements.txt when changing the minimum
# acme/certbot version.
@ -13,20 +9,11 @@ install_requires = [
'acme>=0.29.0',
'certbot>=1.6.0',
'python-augeas',
'setuptools',
'setuptools>=39.0.1',
'zope.component',
'zope.interface',
]
setuptools_known_environment_markers = (LooseVersion(setuptools_version) >= LooseVersion('36.2'))
if setuptools_known_environment_markers:
install_requires.append('mock ; python_version < "3.3"')
elif 'bdist_wheel' in sys.argv[1:]:
raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
'of setuptools. Version 36.2+ of setuptools is required.')
elif sys.version_info < (3,3):
install_requires.append('mock')
dev_extras = [
'apacheconfig>=0.3.2',
]
@ -39,7 +26,7 @@ setup(
author="Certbot Project",
author_email='client-dev@letsencrypt.org',
license='Apache License 2.0',
python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*',
python_requires='>=3.6',
classifiers=[
'Development Status :: 5 - Production/Stable',
'Environment :: Plugins',
@ -47,8 +34,6 @@ setup(
'License :: OSI Approved :: Apache Software License',
'Operating System :: POSIX :: Linux',
'Programming Language :: Python',
'Programming Language :: Python :: 2',
'Programming Language :: Python :: 2.7',
'Programming Language :: Python :: 3',
'Programming Language :: Python :: 3.6',
'Programming Language :: Python :: 3.7',

62
certbot-auto
View file

@ -31,7 +31,7 @@ if [ -z "$VENV_PATH" ]; then
fi
VENV_BIN="$VENV_PATH/bin"
BOOTSTRAP_VERSION_PATH="$VENV_PATH/certbot-auto-bootstrap-version.txt"
LE_AUTO_VERSION="1.10.1"
LE_AUTO_VERSION="1.12.0"
BASENAME=$(basename $0)
USAGE="Usage: $BASENAME [OPTIONS]
A self-updating wrapper script for the Certbot ACME client. When run, updates
@ -803,7 +803,9 @@ if [ -f /etc/debian_version ]; then
elif [ -f /etc/mageia-release ]; then
# Mageia has both /etc/mageia-release and /etc/redhat-release
DEPRECATED_OS=1
NO_SELF_UPGRADE=1
elif [ -f /etc/redhat-release ]; then
DEPRECATED_OS=1
# Run DeterminePythonVersion to decide on the basis of available Python versions
# whether to use 2.x or 3.x on RedHat-like systems.
# Then, revert LE_PYTHON to its previous state.
@ -836,12 +838,7 @@ elif [ -f /etc/redhat-release ]; then
INTERACTIVE_BOOTSTRAP=1
fi
Bootstrap() {
BootstrapMessage "Legacy RedHat-based OSes that will use Python3"
BootstrapRpmPython3Legacy
}
USE_PYTHON_3=1
BOOTSTRAP_VERSION="BootstrapRpmPython3Legacy $BOOTSTRAP_RPM_PYTHON3_LEGACY_VERSION"
# Try now to enable SCL rh-python36 for systems already bootstrapped
# NB: EnablePython36SCL has been defined along with BootstrapRpmPython3Legacy in certbot-auto
@ -860,43 +857,38 @@ elif [ -f /etc/redhat-release ]; then
fi
if [ "$RPM_USE_PYTHON_3" = 1 ]; then
Bootstrap() {
BootstrapMessage "RedHat-based OSes that will use Python3"
BootstrapRpmPython3
}
USE_PYTHON_3=1
BOOTSTRAP_VERSION="BootstrapRpmPython3 $BOOTSTRAP_RPM_PYTHON3_VERSION"
else
Bootstrap() {
BootstrapMessage "RedHat-based OSes"
BootstrapRpmCommon
}
BOOTSTRAP_VERSION="BootstrapRpmCommon $BOOTSTRAP_RPM_COMMON_VERSION"
fi
fi
LE_PYTHON="$prev_le_python"
elif [ -f /etc/os-release ] && `grep -q openSUSE /etc/os-release` ; then
DEPRECATED_OS=1
NO_SELF_UPGRADE=1
elif [ -f /etc/arch-release ]; then
DEPRECATED_OS=1
NO_SELF_UPGRADE=1
elif [ -f /etc/manjaro-release ]; then
DEPRECATED_OS=1
NO_SELF_UPGRADE=1
elif [ -f /etc/gentoo-release ]; then
DEPRECATED_OS=1
NO_SELF_UPGRADE=1
elif uname | grep -iq FreeBSD ; then
DEPRECATED_OS=1
NO_SELF_UPGRADE=1
elif uname | grep -iq Darwin ; then
DEPRECATED_OS=1
NO_SELF_UPGRADE=1
elif [ -f /etc/issue ] && grep -iq "Amazon Linux" /etc/issue ; then
Bootstrap() {
ExperimentalBootstrap "Amazon Linux" BootstrapRpmCommon
}
BOOTSTRAP_VERSION="BootstrapRpmCommon $BOOTSTRAP_RPM_COMMON_VERSION"
DEPRECATED_OS=1
NO_SELF_UPGRADE=1
elif [ -f /etc/product ] && grep -q "Joyent Instance" /etc/product ; then
DEPRECATED_OS=1
NO_SELF_UPGRADE=1
else
DEPRECATED_OS=1
NO_SELF_UPGRADE=1
fi
# We handle this case after determining the normal bootstrap version to allow
@ -1125,7 +1117,9 @@ if [ "$1" = "--le-auto-phase2" ]; then
fi
if [ -f "$VENV_BIN/letsencrypt" -a "$INSTALL_ONLY" != 1 ]; then
error "Certbot will no longer receive updates."
error "certbot-auto and its Certbot installation will no longer receive updates."
error "You will not receive any bug fixes including those fixing server compatibility"
error "or security problems."
error "Please visit https://certbot.eff.org/ to check for other alternatives."
"$VENV_BIN/letsencrypt" "$@"
exit 0
@ -1493,18 +1487,18 @@ letsencrypt==0.7.0 \
--hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \
--hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9
certbot==1.10.1 \
--hash=sha256:011ac980fa21b9f29e02c9b8d8b86e8a4bf4670b51b6ad91656e401e9d2d2231 \
--hash=sha256:0d9ee3fc09e0d03b2d1b1f1c4916e61ecfc6904b4216ddef4e6a5ca1424d9cb7
acme==1.10.1 \
--hash=sha256:752d598e54e98ad1e874de53fd50c61044f1b566d6deb790db5676ce9c573546 \
--hash=sha256:fcbb559aedc96b404edf593e78517dcd7291984d5a37036c3fc77f3c5c122fd8
certbot-apache==1.10.1 \
--hash=sha256:f077b4b7f166627ef5e0921fe7cde57700670fc86e9ad9dbdfaf2c573cc0f2fa \
--hash=sha256:97ed637b4c7b03820db6c69aa90145dc989933351d46a3d62baf6b71674f0a10
certbot-nginx==1.10.1 \
--hash=sha256:7c36459021f8a1ec3b6c062e4c4fc866bfaa1dbf26ccd29e043dd6848003be08 \
--hash=sha256:c0bbeccf85f46b728fd95e6bb8c2649d32d3383d7f47ea4b9c312d12bf04d2f0
certbot==1.12.0 \
--hash=sha256:f4bb3da5391e4a28e9a2e52ab54986171c0864feff17eaaaca6729a1d4c433a6 \
--hash=sha256:5ee738773479bcb7794e43fedd2415acc0969b75bdd2a21f451e3bff9d99df59
acme==1.12.0 \
--hash=sha256:ca4ad044429f1b8b670b958e5c7ea38159def9d601f4af2359355993918c3317 \
--hash=sha256:aa363474d50e9fdda27acb8b1aa7efb26fecc5650e02039a0de3a3f0e696c2f2
certbot-apache==1.12.0 \
--hash=sha256:38899f6fa08799de9535795d919acf968f288d7208909baf7733f9a763c15227 \
--hash=sha256:e5679b40d99bd241f4fcd9fe44b73e6e25ccc969a617131ff6ebc90d562a49f2
certbot-nginx==1.12.0 \
--hash=sha256:332cd70067bbcf6db52a002650ffa4844d0bd9780279d662aa6725b43f776c14 \
--hash=sha256:3fb6a55290d37ad466681a89a85ceca4c4026fdd8702f3010b87a74266a6fe7b
UNLIKELY_EOF
# -------------------------------------------------------------------------

35
certbot-ci/certbot_integration_tests/certbot_tests/test_main.py
View file

@ -9,7 +9,7 @@ import shutil
import subprocess
import time
from cryptography.hazmat.primitives.asymmetric.ec import SECP256R1, SECP384R1
from cryptography.hazmat.primitives.asymmetric.ec import SECP256R1, SECP384R1, SECP521R1
from cryptography.x509 import NameOID
import pytest
@ -148,6 +148,17 @@ def test_certonly(context):
"""Test the certonly verb on certbot."""
context.certbot(['certonly', '--cert-name', 'newname', '-d', context.get_domain('newname')])
assert_cert_count_for_lineage(context.config_dir, 'newname', 1)
def test_certonly_webroot(context):
"""Test the certonly verb with webroot plugin"""
with misc.create_http_server(context.http_01_port) as webroot:
certname = context.get_domain('webroot')
context.certbot(['certonly', '-a', 'webroot', '--webroot-path', webroot, '-d', certname])
assert_cert_count_for_lineage(context.config_dir, certname, 1)
def test_auth_and_install_with_csr(context):
"""Test certificate issuance and install using an existing CSR."""
@ -476,6 +487,28 @@ def test_default_curve_type(context):
assert_elliptic_key(key1, SECP256R1)
@pytest.mark.parametrize('curve,curve_cls,skip_servers', [
# Curve name, Curve class, ACME servers to skip
('secp256r1', SECP256R1, []),
('secp384r1', SECP384R1, []),
('secp521r1', SECP521R1, ['boulder-v1', 'boulder-v2'])]
)
def test_ecdsa_curves(context, curve, curve_cls, skip_servers):
"""Test issuance for each supported ECDSA curve"""
if context.acme_server in skip_servers:
pytest.skip('ACME server {} does not support ECDSA curve {}'
.format(context.acme_server, curve))
domain = context.get_domain('curve')
context.certbot([
'certonly',
'--key-type', 'ecdsa', '--elliptic-curve', curve,
'--force-renewal', '-d', domain,
])
key = join(context.config_dir, "live", domain, 'privkey.pem')
assert_elliptic_key(key, curve_cls)
def test_renew_with_ec_keys(context):
"""Test proper renew with updated private key complexity."""
certname = context.get_domain('renew')

4
certbot-ci/setup.py
View file

@ -40,14 +40,12 @@ setup(
author="Certbot Project",
author_email='client-dev@letsencrypt.org',
license='Apache License 2.0',
python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*',
python_requires='>=3.6',
classifiers=[
'Development Status :: 3 - Alpha',
'Intended Audience :: Developers',
'License :: OSI Approved :: Apache Software License',
'Programming Language :: Python',
'Programming Language :: Python :: 2',
'Programming Language :: Python :: 2.7',
'Programming Language :: Python :: 3',
'Programming Language :: Python :: 3.6',
'Programming Language :: Python :: 3.7',

6
certbot-compatibility-test/Dockerfile
View file

@ -8,11 +8,11 @@ RUN apt-get update && \
WORKDIR /opt/certbot/src
# We copy all contents of the build directory to allow us to easily use
# things like tools/venv3.py which expects all of our packages to be available.
# things like tools/venv.py which expects all of our packages to be available.
COPY . .
RUN tools/venv3.py
ENV PATH /opt/certbot/src/venv3/bin:$PATH
RUN tools/venv.py
ENV PATH /opt/certbot/src/venv/bin:$PATH
# install in editable mode (-e) to save space: it's not possible to
# "rm -rf /opt/certbot/src" (it's stays in the underlaying image);

5
certbot-compatibility-test/certbot_compatibility_test/configurators/apache/common.py
View file

@ -2,11 +2,8 @@
import os
import shutil
import subprocess
from unittest import mock
try:
import mock
except ImportError: # pragma: no cover
from unittest import mock # type: ignore
import zope.interface
from certbot import errors as le_errors

5
certbot-compatibility-test/certbot_compatibility_test/validator_test.py
View file

@ -1,10 +1,7 @@
"""Tests for certbot_compatibility_test.validator."""
import unittest
from unittest import mock
try:
import mock
except ImportError: # pragma: no cover
from unittest import mock # type: ignore
import OpenSSL
import requests

17
certbot-compatibility-test/setup.py
View file

@ -1,11 +1,9 @@
from distutils.version import LooseVersion
import sys
from setuptools import __version__ as setuptools_version
from setuptools import find_packages
from setuptools import setup
version = '1.11.0.dev0'
version = '1.13.0.dev0'
install_requires = [
'certbot',
@ -15,15 +13,6 @@ install_requires = [
'zope.interface',
]
setuptools_known_environment_markers = (LooseVersion(setuptools_version) >= LooseVersion('36.2'))
if setuptools_known_environment_markers:
install_requires.append('mock ; python_version < "3.3"')
elif 'bdist_wheel' in sys.argv[1:]:
raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
'of setuptools. Version 36.2+ of setuptools is required.')
elif sys.version_info < (3,3):
install_requires.append('mock')
if sys.version_info < (2, 7, 9):
# For secure SSL connexion with Python 2.7 (InsecurePlatformWarning)
install_requires.append('ndg-httpsclient')
@ -38,14 +27,12 @@ setup(
author="Certbot Project",
author_email='client-dev@letsencrypt.org',
license='Apache License 2.0',
python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*',
python_requires='>=3.6',
classifiers=[
'Development Status :: 3 - Alpha',
'Intended Audience :: Developers',
'License :: OSI Approved :: Apache Software License',
'Programming Language :: Python',
'Programming Language :: Python :: 2',
'Programming Language :: Python :: 2.7',
'Programming Language :: Python :: 3',
'Programming Language :: Python :: 3.6',
'Programming Language :: Python :: 3.7',

2
certbot-dns-cloudflare/docs/conf.py
View file

@ -111,7 +111,7 @@ if not on_rtd: # only import and set the theme if we're building docs locally
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
html_static_path = ['_static']
#html_static_path = ['_static']
# -- Options for HTMLHelp output ------------------------------------------

19
certbot-dns-cloudflare/setup.py
View file

@ -1,18 +1,16 @@
from distutils.version import LooseVersion
import os
import sys
from setuptools import __version__ as setuptools_version
from setuptools import find_packages
from setuptools import setup
version = '1.11.0.dev0'
version = '1.13.0.dev0'
# Remember to update local-oldest-requirements.txt when changing the minimum
# acme/certbot version.
install_requires = [
'cloudflare>=1.5.1',
'setuptools',
'setuptools>=39.0.1',
'zope.interface',
]
@ -27,15 +25,6 @@ elif 'bdist_wheel' in sys.argv[1:]:
if os.environ.get('SNAP_BUILD'):
install_requires.append('packaging')
setuptools_known_environment_markers = (LooseVersion(setuptools_version) >= LooseVersion('36.2'))
if setuptools_known_environment_markers:
install_requires.append('mock ; python_version < "3.3"')
elif 'bdist_wheel' in sys.argv[1:]:
raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
'of setuptools. Version 36.2+ of setuptools is required.')
elif sys.version_info < (3,3):
install_requires.append('mock')
docs_extras = [
'Sphinx>=1.0', # autodoc_member_order = 'bysource', autodoc_default_flags
'sphinx_rtd_theme',
@ -49,7 +38,7 @@ setup(
author="Certbot Project",
author_email='client-dev@letsencrypt.org',
license='Apache License 2.0',
python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*',
python_requires='>=3.6',
classifiers=[
'Development Status :: 5 - Production/Stable',
'Environment :: Plugins',
@ -57,8 +46,6 @@ setup(
'License :: OSI Approved :: Apache Software License',
'Operating System :: POSIX :: Linux',
'Programming Language :: Python',
'Programming Language :: Python :: 2',
'Programming Language :: Python :: 2.7',
'Programming Language :: Python :: 3',
'Programming Language :: Python :: 3.6',
'Programming Language :: Python :: 3.7',

2
certbot-dns-cloudxns/docs/conf.py
View file

@ -111,7 +111,7 @@ if not on_rtd: # only import and set the theme if we're building docs locally
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
html_static_path = ['_static']
#html_static_path = ['_static']
# -- Options for HTMLHelp output ------------------------------------------

19
certbot-dns-cloudxns/setup.py
View file

@ -1,18 +1,16 @@
from distutils.version import LooseVersion
import os
import sys
from setuptools import __version__ as setuptools_version
from setuptools import find_packages
from setuptools import setup
version = '1.11.0.dev0'
version = '1.13.0.dev0'
# Remember to update local-oldest-requirements.txt when changing the minimum
# acme/certbot version.
install_requires = [
'dns-lexicon>=2.2.1', # Support for >1 TXT record per name
'setuptools',
'setuptools>=39.0.1',
'zope.interface',
]
@ -27,15 +25,6 @@ elif 'bdist_wheel' in sys.argv[1:]:
if os.environ.get('SNAP_BUILD'):
install_requires.append('packaging')
setuptools_known_environment_markers = (LooseVersion(setuptools_version) >= LooseVersion('36.2'))
if setuptools_known_environment_markers:
install_requires.append('mock ; python_version < "3.3"')
elif 'bdist_wheel' in sys.argv[1:]:
raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
'of setuptools. Version 36.2+ of setuptools is required.')
elif sys.version_info < (3,3):
install_requires.append('mock')
docs_extras = [
'Sphinx>=1.0', # autodoc_member_order = 'bysource', autodoc_default_flags
'sphinx_rtd_theme',
@ -49,7 +38,7 @@ setup(
author="Certbot Project",
author_email='client-dev@letsencrypt.org',
license='Apache License 2.0',
python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*',
python_requires='>=3.6',
classifiers=[
'Development Status :: 5 - Production/Stable',
'Environment :: Plugins',
@ -57,8 +46,6 @@ setup(
'License :: OSI Approved :: Apache Software License',
'Operating System :: POSIX :: Linux',
'Programming Language :: Python',
'Programming Language :: Python :: 2',
'Programming Language :: Python :: 2.7',
'Programming Language :: Python :: 3',
'Programming Language :: Python :: 3.6',
'Programming Language :: Python :: 3.7',

2
certbot-dns-digitalocean/docs/conf.py
View file

@ -111,7 +111,7 @@ if not on_rtd: # only import and set the theme if we're building docs locally
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
html_static_path = ['_static']
#html_static_path = ['_static']
# -- Options for HTMLHelp output ------------------------------------------

21
certbot-dns-digitalocean/setup.py
View file

@ -1,19 +1,17 @@
from distutils.version import LooseVersion
import os
import sys
from setuptools import __version__ as setuptools_version
from setuptools import find_packages
from setuptools import setup
version = '1.11.0.dev0'
version = '1.13.0.dev0'
# Remember to update local-oldest-requirements.txt when changing the minimum
# acme/certbot version.
install_requires = [
'python-digitalocean>=1.11',
'setuptools',
'six',
'setuptools>=39.0.1',
'six>=1.11.0',
'zope.interface',
]
@ -28,15 +26,6 @@ elif 'bdist_wheel' in sys.argv[1:]:
if os.environ.get('SNAP_BUILD'):
install_requires.append('packaging')
setuptools_known_environment_markers = (LooseVersion(setuptools_version) >= LooseVersion('36.2'))
if setuptools_known_environment_markers:
install_requires.append('mock ; python_version < "3.3"')
elif 'bdist_wheel' in sys.argv[1:]:
raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
'of setuptools. Version 36.2+ of setuptools is required.')
elif sys.version_info < (3,3):
install_requires.append('mock')
docs_extras = [
'Sphinx>=1.0', # autodoc_member_order = 'bysource', autodoc_default_flags
'sphinx_rtd_theme',
@ -50,7 +39,7 @@ setup(
author="Certbot Project",
author_email='client-dev@letsencrypt.org',
license='Apache License 2.0',
python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*',
python_requires='>=3.6',
classifiers=[
'Development Status :: 5 - Production/Stable',
'Environment :: Plugins',
@ -58,8 +47,6 @@ setup(
'License :: OSI Approved :: Apache Software License',
'Operating System :: POSIX :: Linux',
'Programming Language :: Python',
'Programming Language :: Python :: 2',
'Programming Language :: Python :: 2.7',
'Programming Language :: Python :: 3',
'Programming Language :: Python :: 3.6',
'Programming Language :: Python :: 3.7',

2
certbot-dns-dnsimple/docs/conf.py
View file

@ -111,7 +111,7 @@ if not on_rtd: # only import and set the theme if we're building docs locally
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
html_static_path = ['_static']
#html_static_path = ['_static']
# -- Options for HTMLHelp output ------------------------------------------

19
certbot-dns-dnsimple/setup.py
View file

@ -1,17 +1,15 @@
from distutils.version import LooseVersion
import os
import sys
from setuptools import __version__ as setuptools_version
from setuptools import find_packages
from setuptools import setup
version = '1.11.0.dev0'
version = '1.13.0.dev0'
# Remember to update local-oldest-requirements.txt when changing the minimum
# acme/certbot version.
install_requires = [
'setuptools',
'setuptools>=39.0.1',
'zope.interface',
]
@ -26,15 +24,6 @@ elif 'bdist_wheel' in sys.argv[1:]:
if os.environ.get('SNAP_BUILD'):
install_requires.append('packaging')
setuptools_known_environment_markers = (LooseVersion(setuptools_version) >= LooseVersion('36.2'))
if setuptools_known_environment_markers:
install_requires.append('mock ; python_version < "3.3"')
elif 'bdist_wheel' in sys.argv[1:]:
raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
'of setuptools. Version 36.2+ of setuptools is required.')
elif sys.version_info < (3,3):
install_requires.append('mock')
# This package normally depends on dns-lexicon>=3.2.1 to address the
# problem described in https://github.com/AnalogJ/lexicon/issues/387,
# however, the fix there has been backported to older versions of
@ -60,7 +49,7 @@ setup(
author="Certbot Project",
author_email='client-dev@letsencrypt.org',
license='Apache License 2.0',
python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*',
python_requires='>=3.6',
classifiers=[
'Development Status :: 5 - Production/Stable',
'Environment :: Plugins',
@ -68,8 +57,6 @@ setup(
'License :: OSI Approved :: Apache Software License',
'Operating System :: POSIX :: Linux',
'Programming Language :: Python',
'Programming Language :: Python :: 2',
'Programming Language :: Python :: 2.7',
'Programming Language :: Python :: 3',
'Programming Language :: Python :: 3.6',
'Programming Language :: Python :: 3.7',

2
certbot-dns-dnsmadeeasy/docs/conf.py
View file

@ -111,7 +111,7 @@ if not on_rtd: # only import and set the theme if we're building docs locally
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
html_static_path = ['_static']
#html_static_path = ['_static']
# -- Options for HTMLHelp output ------------------------------------------

19
certbot-dns-dnsmadeeasy/setup.py
View file

@ -1,18 +1,16 @@
from distutils.version import LooseVersion
import os
import sys
from setuptools import __version__ as setuptools_version
from setuptools import find_packages
from setuptools import setup
version = '1.11.0.dev0'
version = '1.13.0.dev0'
# Remember to update local-oldest-requirements.txt when changing the minimum
# acme/certbot version.
install_requires = [
'dns-lexicon>=2.2.1', # Support for >1 TXT record per name
'setuptools',
'setuptools>=39.0.1',
'zope.interface',
]
@ -27,15 +25,6 @@ elif 'bdist_wheel' in sys.argv[1:]:
if os.environ.get('SNAP_BUILD'):
install_requires.append('packaging')
setuptools_known_environment_markers = (LooseVersion(setuptools_version) >= LooseVersion('36.2'))
if setuptools_known_environment_markers:
install_requires.append('mock ; python_version < "3.3"')
elif 'bdist_wheel' in sys.argv[1:]:
raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
'of setuptools. Version 36.2+ of setuptools is required.')
elif sys.version_info < (3,3):
install_requires.append('mock')
docs_extras = [
'Sphinx>=1.0', # autodoc_member_order = 'bysource', autodoc_default_flags
'sphinx_rtd_theme',
@ -49,7 +38,7 @@ setup(
author="Certbot Project",
author_email='client-dev@letsencrypt.org',
license='Apache License 2.0',
python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*',
python_requires='>=3.6',
classifiers=[
'Development Status :: 5 - Production/Stable',
'Environment :: Plugins',
@ -57,8 +46,6 @@ setup(
'License :: OSI Approved :: Apache Software License',
'Operating System :: POSIX :: Linux',
'Programming Language :: Python',
'Programming Language :: Python :: 2',
'Programming Language :: Python :: 2.7',
'Programming Language :: Python :: 3',
'Programming Language :: Python :: 3.6',
'Programming Language :: Python :: 3.7',

2
certbot-dns-gehirn/docs/conf.py
View file

@ -111,7 +111,7 @@ if not on_rtd: # only import and set the theme if we're building docs locally
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
html_static_path = ['_static']
#html_static_path = ['_static']
# -- Options for HTMLHelp output ------------------------------------------

19
certbot-dns-gehirn/setup.py
View file

@ -1,17 +1,15 @@
from distutils.version import LooseVersion
import os
import sys
from setuptools import __version__ as setuptools_version
from setuptools import find_packages
from setuptools import setup
version = '1.11.0.dev0'
version = '1.13.0.dev0'
# Please update tox.ini when modifying dependency version requirements
install_requires = [
'dns-lexicon>=2.1.22',
'setuptools',
'setuptools>=39.0.1',
'zope.interface',
]
@ -26,15 +24,6 @@ elif 'bdist_wheel' in sys.argv[1:]:
if os.environ.get('SNAP_BUILD'):
install_requires.append('packaging')
setuptools_known_environment_markers = (LooseVersion(setuptools_version) >= LooseVersion('36.2'))
if setuptools_known_environment_markers:
install_requires.append('mock ; python_version < "3.3"')
elif 'bdist_wheel' in sys.argv[1:]:
raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
'of setuptools. Version 36.2+ of setuptools is required.')
elif sys.version_info < (3,3):
install_requires.append('mock')
docs_extras = [
'Sphinx>=1.0', # autodoc_member_order = 'bysource', autodoc_default_flags
'sphinx_rtd_theme',
@ -48,7 +37,7 @@ setup(
author="Certbot Project",
author_email='client-dev@letsencrypt.org',
license='Apache License 2.0',
python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*',
python_requires='>=3.6',
classifiers=[
'Development Status :: 5 - Production/Stable',
'Environment :: Plugins',
@ -56,8 +45,6 @@ setup(
'License :: OSI Approved :: Apache Software License',
'Operating System :: POSIX :: Linux',
'Programming Language :: Python',
'Programming Language :: Python :: 2',
'Programming Language :: Python :: 2.7',
'Programming Language :: Python :: 3',
'Programming Language :: Python :: 3.6',
'Programming Language :: Python :: 3.7',

2
certbot-dns-google/docs/conf.py
View file

@ -112,7 +112,7 @@ if not on_rtd: # only import and set the theme if we're building docs locally
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
html_static_path = ['_static']
#html_static_path = ['_static']
# -- Options for HTMLHelp output ------------------------------------------

19
certbot-dns-google/setup.py
View file

@ -1,19 +1,17 @@
from distutils.version import LooseVersion
import os
import sys
from setuptools import __version__ as setuptools_version
from setuptools import find_packages
from setuptools import setup
version = '1.11.0.dev0'
version = '1.13.0.dev0'
# Remember to update local-oldest-requirements.txt when changing the minimum
# acme/certbot version.
install_requires = [
'google-api-python-client>=1.5.5',
'oauth2client>=4.0',
'setuptools',
'setuptools>=39.0.1',
'zope.interface',
# already a dependency of google-api-python-client, but added for consistency
'httplib2'
@ -30,15 +28,6 @@ elif 'bdist_wheel' in sys.argv[1:]:
if os.environ.get('SNAP_BUILD'):
install_requires.append('packaging')
setuptools_known_environment_markers = (LooseVersion(setuptools_version) >= LooseVersion('36.2'))
if setuptools_known_environment_markers:
install_requires.append('mock ; python_version < "3.3"')
elif 'bdist_wheel' in sys.argv[1:]:
raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
'of setuptools. Version 36.2+ of setuptools is required.')
elif sys.version_info < (3,3):
install_requires.append('mock')
docs_extras = [
'Sphinx>=1.0', # autodoc_member_order = 'bysource', autodoc_default_flags
'sphinx_rtd_theme',
@ -52,7 +41,7 @@ setup(
author="Certbot Project",
author_email='client-dev@letsencrypt.org',
license='Apache License 2.0',
python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*',
python_requires='>=3.6',
classifiers=[
'Development Status :: 5 - Production/Stable',
'Environment :: Plugins',
@ -60,8 +49,6 @@ setup(
'License :: OSI Approved :: Apache Software License',
'Operating System :: POSIX :: Linux',
'Programming Language :: Python',
'Programming Language :: Python :: 2',
'Programming Language :: Python :: 2.7',
'Programming Language :: Python :: 3',
'Programming Language :: Python :: 3.6',
'Programming Language :: Python :: 3.7',

2
certbot-dns-linode/docs/conf.py
View file

@ -111,7 +111,7 @@ if not on_rtd: # only import and set the theme if we're building docs locally
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
html_static_path = ['_static']
#html_static_path = ['_static']
# -- Options for HTMLHelp output ------------------------------------------

19
certbot-dns-linode/setup.py
View file

@ -1,17 +1,15 @@
from distutils.version import LooseVersion
import os
import sys
from setuptools import __version__ as setuptools_version
from setuptools import find_packages
from setuptools import setup
version = '1.11.0.dev0'
version = '1.13.0.dev0'
# Please update tox.ini when modifying dependency version requirements
install_requires = [
'dns-lexicon>=2.2.3',
'setuptools',
'setuptools>=39.0.1',
'zope.interface',
]
@ -26,15 +24,6 @@ elif 'bdist_wheel' in sys.argv[1:]:
if os.environ.get('SNAP_BUILD'):
install_requires.append('packaging')
setuptools_known_environment_markers = (LooseVersion(setuptools_version) >= LooseVersion('36.2'))
if setuptools_known_environment_markers:
install_requires.append('mock ; python_version < "3.3"')
elif 'bdist_wheel' in sys.argv[1:]:
raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
'of setuptools. Version 36.2+ of setuptools is required.')
elif sys.version_info < (3,3):
install_requires.append('mock')
docs_extras = [
'Sphinx>=1.0', # autodoc_member_order = 'bysource', autodoc_default_flags
'sphinx_rtd_theme',
@ -48,7 +37,7 @@ setup(
author="Certbot Project",
author_email='client-dev@letsencrypt.org',
license='Apache License 2.0',
python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*',
python_requires='>=3.6',
classifiers=[
'Development Status :: 5 - Production/Stable',
'Environment :: Plugins',
@ -56,8 +45,6 @@ setup(
'License :: OSI Approved :: Apache Software License',
'Operating System :: POSIX :: Linux',
'Programming Language :: Python',
'Programming Language :: Python :: 2',
'Programming Language :: Python :: 2.7',
'Programming Language :: Python :: 3',
'Programming Language :: Python :: 3.6',
'Programming Language :: Python :: 3.7',

2
certbot-dns-luadns/docs/conf.py
View file

@ -111,7 +111,7 @@ if not on_rtd: # only import and set the theme if we're building docs locally
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
html_static_path = ['_static']
#html_static_path = ['_static']
# -- Options for HTMLHelp output ------------------------------------------

19
certbot-dns-luadns/setup.py
View file

@ -1,18 +1,16 @@
from distutils.version import LooseVersion
import os
import sys
from setuptools import __version__ as setuptools_version
from setuptools import find_packages
from setuptools import setup
version = '1.11.0.dev0'
version = '1.13.0.dev0'
# Remember to update local-oldest-requirements.txt when changing the minimum
# acme/certbot version.
install_requires = [
'dns-lexicon>=2.2.1', # Support for >1 TXT record per name
'setuptools',
'setuptools>=39.0.1',
'zope.interface',
]
@ -27,15 +25,6 @@ elif 'bdist_wheel' in sys.argv[1:]:
if os.environ.get('SNAP_BUILD'):
install_requires.append('packaging')
setuptools_known_environment_markers = (LooseVersion(setuptools_version) >= LooseVersion('36.2'))
if setuptools_known_environment_markers:
install_requires.append('mock ; python_version < "3.3"')
elif 'bdist_wheel' in sys.argv[1:]:
raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
'of setuptools. Version 36.2+ of setuptools is required.')
elif sys.version_info < (3,3):
install_requires.append('mock')
docs_extras = [
'Sphinx>=1.0', # autodoc_member_order = 'bysource', autodoc_default_flags
'sphinx_rtd_theme',
@ -49,7 +38,7 @@ setup(
author="Certbot Project",
author_email='client-dev@letsencrypt.org',
license='Apache License 2.0',
python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*',
python_requires='>=3.6',
classifiers=[
'Development Status :: 5 - Production/Stable',
'Environment :: Plugins',
@ -57,8 +46,6 @@ setup(
'License :: OSI Approved :: Apache Software License',
'Operating System :: POSIX :: Linux',
'Programming Language :: Python',
'Programming Language :: Python :: 2',
'Programming Language :: Python :: 2.7',
'Programming Language :: Python :: 3',
'Programming Language :: Python :: 3.6',
'Programming Language :: Python :: 3.7',

2
certbot-dns-nsone/docs/conf.py
View file

@ -111,7 +111,7 @@ if not on_rtd: # only import and set the theme if we're building docs locally
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
html_static_path = ['_static']
#html_static_path = ['_static']
# -- Options for HTMLHelp output ------------------------------------------

19
certbot-dns-nsone/setup.py
View file

@ -1,18 +1,16 @@
from distutils.version import LooseVersion
import os
import sys
from setuptools import __version__ as setuptools_version
from setuptools import find_packages
from setuptools import setup
version = '1.11.0.dev0'
version = '1.13.0.dev0'
# Remember to update local-oldest-requirements.txt when changing the minimum
# acme/certbot version.
install_requires = [
'dns-lexicon>=2.2.1', # Support for >1 TXT record per name
'setuptools',
'setuptools>=39.0.1',
'zope.interface',
]
@ -27,15 +25,6 @@ elif 'bdist_wheel' in sys.argv[1:]:
if os.environ.get('SNAP_BUILD'):
install_requires.append('packaging')
setuptools_known_environment_markers = (LooseVersion(setuptools_version) >= LooseVersion('36.2'))
if setuptools_known_environment_markers:
install_requires.append('mock ; python_version < "3.3"')
elif 'bdist_wheel' in sys.argv[1:]:
raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
'of setuptools. Version 36.2+ of setuptools is required.')
elif sys.version_info < (3,3):
install_requires.append('mock')
docs_extras = [
'Sphinx>=1.0', # autodoc_member_order = 'bysource', autodoc_default_flags
'sphinx_rtd_theme',
@ -49,7 +38,7 @@ setup(
author="Certbot Project",
author_email='client-dev@letsencrypt.org',
license='Apache License 2.0',
python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*',
python_requires='>=3.6',
classifiers=[
'Development Status :: 5 - Production/Stable',
'Environment :: Plugins',
@ -57,8 +46,6 @@ setup(
'License :: OSI Approved :: Apache Software License',
'Operating System :: POSIX :: Linux',
'Programming Language :: Python',
'Programming Language :: Python :: 2',
'Programming Language :: Python :: 2.7',
'Programming Language :: Python :: 3',
'Programming Language :: Python :: 3.6',
'Programming Language :: Python :: 3.7',

2
certbot-dns-ovh/docs/conf.py
View file

@ -111,7 +111,7 @@ if not on_rtd: # only import and set the theme if we're building docs locally
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
html_static_path = ['_static']
#html_static_path = ['_static']
# -- Options for HTMLHelp output ------------------------------------------

19
certbot-dns-ovh/setup.py
View file

@ -1,18 +1,16 @@
from distutils.version import LooseVersion
import os
import sys
from setuptools import __version__ as setuptools_version
from setuptools import find_packages
from setuptools import setup
version = '1.11.0.dev0'
version = '1.13.0.dev0'
# Remember to update local-oldest-requirements.txt when changing the minimum
# acme/certbot version.
install_requires = [
'dns-lexicon>=2.7.14', # Correct proxy use on OVH provider
'setuptools',
'setuptools>=39.0.1',
'zope.interface',
]
@ -27,15 +25,6 @@ elif 'bdist_wheel' in sys.argv[1:]:
if os.environ.get('SNAP_BUILD'):
install_requires.append('packaging')
setuptools_known_environment_markers = (LooseVersion(setuptools_version) >= LooseVersion('36.2'))
if setuptools_known_environment_markers:
install_requires.append('mock ; python_version < "3.3"')
elif 'bdist_wheel' in sys.argv[1:]:
raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
'of setuptools. Version 36.2+ of setuptools is required.')
elif sys.version_info < (3,3):
install_requires.append('mock')
docs_extras = [
'Sphinx>=1.0', # autodoc_member_order = 'bysource', autodoc_default_flags
'sphinx_rtd_theme',
@ -49,7 +38,7 @@ setup(
author="Certbot Project",
author_email='client-dev@letsencrypt.org',
license='Apache License 2.0',
python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*',
python_requires='>=3.6',
classifiers=[
'Development Status :: 5 - Production/Stable',
'Environment :: Plugins',
@ -57,8 +46,6 @@ setup(
'License :: OSI Approved :: Apache Software License',
'Operating System :: POSIX :: Linux',
'Programming Language :: Python',
'Programming Language :: Python :: 2',
'Programming Language :: Python :: 2.7',
'Programming Language :: Python :: 3',
'Programming Language :: Python :: 3.6',
'Programming Language :: Python :: 3.7',

10
certbot-dns-rfc2136/certbot_dns_rfc2136/_internal/dns_rfc2136.py
View file

@ -1,13 +1,3 @@
# type: ignore
# pylint: disable=no-member
# Many attributes of dnspython are now dynamically defined which causes both
# mypy and pylint to error about accessing attributes they think do not exist.
# This is the case even in up-to-date versions of mypy and pylint which as of
# writing this are 0.790 and 2.6.0 respectively. This problem may be fixed in
# dnspython 2.1.0. See https://github.com/rthalley/dnspython/issues/598. For
# now, let's disable these checks. This is done at the very top of the file
# like this because "type: ignore" must be the first line in the file to be
# respected by mypy.
"""DNS Authenticator using RFC 2136 Dynamic Updates."""
import logging

2
certbot-dns-rfc2136/docs/conf.py
View file

@ -111,7 +111,7 @@ if not on_rtd: # only import and set the theme if we're building docs locally
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
html_static_path = ['_static']
#html_static_path = ['_static']
# -- Options for HTMLHelp output ------------------------------------------

19
certbot-dns-rfc2136/setup.py
View file

@ -1,18 +1,16 @@
from distutils.version import LooseVersion
import os
import sys
from setuptools import __version__ as setuptools_version
from setuptools import find_packages
from setuptools import setup
version = '1.11.0.dev0'
version = '1.13.0.dev0'
# Remember to update local-oldest-requirements.txt when changing the minimum
# acme/certbot version.
install_requires = [
'dnspython',
'setuptools',
'setuptools>=39.0.1',
'zope.interface',
]
@ -27,15 +25,6 @@ elif 'bdist_wheel' in sys.argv[1:]:
if os.environ.get('SNAP_BUILD'):
install_requires.append('packaging')
setuptools_known_environment_markers = (LooseVersion(setuptools_version) >= LooseVersion('36.2'))
if setuptools_known_environment_markers:
install_requires.append('mock ; python_version < "3.3"')
elif 'bdist_wheel' in sys.argv[1:]:
raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
'of setuptools. Version 36.2+ of setuptools is required.')
elif sys.version_info < (3,3):
install_requires.append('mock')
docs_extras = [
'Sphinx>=1.0', # autodoc_member_order = 'bysource', autodoc_default_flags
'sphinx_rtd_theme',
@ -49,7 +38,7 @@ setup(
author="Certbot Project",
author_email='client-dev@letsencrypt.org',
license='Apache License 2.0',
python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*',
python_requires='>=3.6',
classifiers=[
'Development Status :: 5 - Production/Stable',
'Environment :: Plugins',
@ -57,8 +46,6 @@ setup(
'License :: OSI Approved :: Apache Software License',
'Operating System :: POSIX :: Linux',
'Programming Language :: Python',
'Programming Language :: Python :: 2',
'Programming Language :: Python :: 2.7',
'Programming Language :: Python :: 3',
'Programming Language :: Python :: 3.6',
'Programming Language :: Python :: 3.7',

2
certbot-dns-route53/MANIFEST.in
View file

@ -1,5 +1,5 @@
include LICENSE.txt
include README
include README.rst
recursive-include docs *
recursive-include tests *
global-exclude __pycache__

35
certbot-dns-route53/README.md
View file

@ -1,35 +0,0 @@
## Route53 plugin for Let's Encrypt client
### Before you start
It's expected that the root hosted zone for the domain in question already
exists in your account.
### Setup
1. Create a virtual environment
2. Update its pip and setuptools (`VENV/bin/pip install -U setuptools pip`)
to avoid problems with cryptography's dependency on setuptools>=11.3.
3. Make sure you have libssl-dev and libffi (or your regional equivalents)
installed. You might have to set compiler flags to pick things up (I have to
use `CPPFLAGS=-I/usr/local/opt/openssl/include
LDFLAGS=-L/usr/local/opt/openssl/lib` on my macOS to pick up brew's openssl,
for example).
4. Install this package.
### How to use it
Make sure you have access to AWS's Route53 service, either through IAM roles or
via `.aws/credentials`. Check out
[sample-aws-policy.json](examples/sample-aws-policy.json) for the necessary permissions.
To generate a certificate:
```
certbot certonly \
-n --agree-tos --email DEVOPS@COMPANY.COM \
--dns-route53 \
-d MY.DOMAIN.NAME
```

1
certbot-dns-route53/README.rst Normal file
View file

@ -0,0 +1 @@
Amazon Web Services Route 53 DNS Authenticator plugin for Certbot

2
certbot-dns-route53/docs/conf.py
View file

@ -111,7 +111,7 @@ if not on_rtd: # only import and set the theme if we're building docs locally
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
html_static_path = ['_static']
#html_static_path = ['_static']
# -- Options for HTMLHelp output ------------------------------------------

25
certbot-dns-route53/setup.py
View file

@ -1,18 +1,16 @@
from distutils.version import LooseVersion
import os
import sys
from setuptools import __version__ as setuptools_version
from setuptools import find_packages
from setuptools import setup
version = '1.11.0.dev0'
version = '1.13.0.dev0'
# Remember to update local-oldest-requirements.txt when changing the minimum
# acme/certbot version.
install_requires = [
'boto3',
'setuptools',
'setuptools>=39.0.1',
'zope.interface',
]
@ -27,14 +25,10 @@ elif 'bdist_wheel' in sys.argv[1:]:
if os.environ.get('SNAP_BUILD'):
install_requires.append('packaging')
setuptools_known_environment_markers = (LooseVersion(setuptools_version) >= LooseVersion('36.2'))
if setuptools_known_environment_markers:
install_requires.append('mock ; python_version < "3.3"')
elif 'bdist_wheel' in sys.argv[1:]:
raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
'of setuptools. Version 36.2+ of setuptools is required.')
elif sys.version_info < (3,3):
install_requires.append('mock')
docs_extras = [
'Sphinx>=1.0', # autodoc_member_order = 'bysource', autodoc_default_flags
'sphinx_rtd_theme',
]
setup(
name='certbot-dns-route53',
@ -44,7 +38,7 @@ setup(
author="Certbot Project",
author_email='client-dev@letsencrypt.org',
license='Apache License 2.0',
python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*',
python_requires='>=3.6',
classifiers=[
'Development Status :: 5 - Production/Stable',
'Environment :: Plugins',
@ -52,8 +46,6 @@ setup(
'License :: OSI Approved :: Apache Software License',
'Operating System :: POSIX :: Linux',
'Programming Language :: Python',
'Programming Language :: Python :: 2',
'Programming Language :: Python :: 2.7',
'Programming Language :: Python :: 3',
'Programming Language :: Python :: 3.6',
'Programming Language :: Python :: 3.7',
@ -70,6 +62,9 @@ setup(
include_package_data=True,
install_requires=install_requires,
keywords=['certbot', 'route53', 'aws'],
extras_require={
'docs': docs_extras,
},
entry_points={
'certbot.plugins': [
'dns-route53 = certbot_dns_route53._internal.dns_route53:Authenticator',

2
certbot-dns-sakuracloud/docs/conf.py
View file

@ -111,7 +111,7 @@ if not on_rtd: # only import and set the theme if we're building docs locally
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
html_static_path = ['_static']
#html_static_path = ['_static']
# -- Options for HTMLHelp output ------------------------------------------

19
certbot-dns-sakuracloud/setup.py
View file

@ -1,17 +1,15 @@
from distutils.version import LooseVersion
import os
import sys
from setuptools import __version__ as setuptools_version
from setuptools import find_packages
from setuptools import setup
version = '1.11.0.dev0'
version = '1.13.0.dev0'
# Please update tox.ini when modifying dependency version requirements
install_requires = [
'dns-lexicon>=2.1.23',
'setuptools',
'setuptools>=39.0.1',
'zope.interface',
]
@ -26,15 +24,6 @@ elif 'bdist_wheel' in sys.argv[1:]:
if os.environ.get('SNAP_BUILD'):
install_requires.append('packaging')
setuptools_known_environment_markers = (LooseVersion(setuptools_version) >= LooseVersion('36.2'))
if setuptools_known_environment_markers:
install_requires.append('mock ; python_version < "3.3"')
elif 'bdist_wheel' in sys.argv[1:]:
raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
'of setuptools. Version 36.2+ of setuptools is required.')
elif sys.version_info < (3,3):
install_requires.append('mock')
docs_extras = [
'Sphinx>=1.0', # autodoc_member_order = 'bysource', autodoc_default_flags
'sphinx_rtd_theme',
@ -48,7 +37,7 @@ setup(
author="Certbot Project",
author_email='client-dev@letsencrypt.org',
license='Apache License 2.0',
python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*',
python_requires='>=3.6',
classifiers=[
'Development Status :: 5 - Production/Stable',
'Environment :: Plugins',
@ -56,8 +45,6 @@ setup(
'License :: OSI Approved :: Apache Software License',
'Operating System :: POSIX :: Linux',
'Programming Language :: Python',
'Programming Language :: Python :: 2',
'Programming Language :: Python :: 2.7',
'Programming Language :: Python :: 3',
'Programming Language :: Python :: 3.6',
'Programming Language :: Python :: 3.7',

25
certbot-nginx/setup.py
View file

@ -1,32 +1,19 @@
from distutils.version import LooseVersion
import sys
from setuptools import __version__ as setuptools_version
from setuptools import find_packages
from setuptools import setup
version = '1.11.0.dev0'
version = '1.13.0.dev0'
# Remember to update local-oldest-requirements.txt when changing the minimum
# acme/certbot version.
install_requires = [
'acme>=1.4.0',
'certbot>=1.6.0',
'PyOpenSSL',
'pyparsing>=1.5.5', # Python3 support
'setuptools',
'PyOpenSSL>=17.3.0',
'pyparsing>=2.2.0',
'setuptools>=39.0.1',
'zope.interface',
]
setuptools_known_environment_markers = (LooseVersion(setuptools_version) >= LooseVersion('36.2'))
if setuptools_known_environment_markers:
install_requires.append('mock ; python_version < "3.3"')
elif 'bdist_wheel' in sys.argv[1:]:
raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
'of setuptools. Version 36.2+ of setuptools is required.')
elif sys.version_info < (3,3):
install_requires.append('mock')
setup(
name='certbot-nginx',
version=version,
@ -35,7 +22,7 @@ setup(
author="Certbot Project",
author_email='client-dev@letsencrypt.org',
license='Apache License 2.0',
python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*',
python_requires='>=3.6',
classifiers=[
'Development Status :: 5 - Production/Stable',
'Environment :: Plugins',
@ -43,8 +30,6 @@ setup(
'License :: OSI Approved :: Apache Software License',
'Operating System :: POSIX :: Linux',
'Programming Language :: Python',
'Programming Language :: Python :: 2',
'Programming Language :: Python :: 2.7',
'Programming Language :: Python :: 3',
'Programming Language :: Python :: 3.6',
'Programming Language :: Python :: 3.7',

51
certbot/CHANGELOG.md
View file

@ -2,7 +2,56 @@
Certbot adheres to [Semantic Versioning](https://semver.org/).
## 1.11.0 - master
## 1.13.0 - master
### Added
*
### Changed
* Certbot no longer conditionally depends on an external mock module. Certbot's
test API will continue to use it if it is available for backwards
compatibility, however, this behavior has been deprecated and will be removed
in a future release.
* The acme library no longer depends on the `security` extras from `requests`
which was needed to support SNI in TLS requests when using old versions of
Python 2.
### Fixed
*
More details about these changes can be found on our GitHub repo.
## 1.12.0 - 2021-02-02
### Added
*
### Changed
* The `--preferred-chain` flag now only checks the Issuer Common Name of the
topmost (closest to the root) certificate in the chain, instead of checking
every certificate in the chain.
See [#8577](https://github.com/certbot/certbot/issues/8577).
* Support for Python 2 has been removed.
* In previous releases, we caused certbot-auto to stop updating its Certbot
installation. In this release, we are beginning to disable updates to the
certbot-auto script itself. This release includes Amazon Linux users, and all
other systems that are not based on Debian or RHEL. We plan to make this
change to the certbot-auto script for all users in the coming months.
### Fixed
* Fixed the apache component on openSUSE Tumbleweed which no longer provides
an apache2ctl symlink and uses apachectl instead.
* Fixed a typo in `certbot/crypto_util.py` causing an error upon attempting `secp521r1` key generation
More details about these changes can be found on our GitHub repo.
## 1.11.0 - 2021-01-05
### Added

12
certbot/certbot/__init__.py
View file

@ -1,13 +1,3 @@
"""Certbot client."""
import warnings
import sys
# version number like 1.2.3a0, must have at least 2 parts, like 1.2
__version__ = '1.11.0.dev0'
if sys.version_info[0] == 2:
warnings.warn(
"Python 2 support will be dropped in the next release of Certbot. "
"Please upgrade your Python version.",
PendingDeprecationWarning,
) # pragma: no cover
__version__ = '1.13.0.dev0'

5
certbot/certbot/_internal/account.py
View file

@ -20,6 +20,7 @@ from certbot import interfaces
from certbot import util
from certbot._internal import constants
from certbot.compat import os
from certbot.compat import filesystem
logger = logging.getLogger(__name__)
@ -324,7 +325,7 @@ class AccountFileStorage(interfaces.AccountStorage):
if server_path in reused_servers:
next_server_path = reused_servers[server_path]
next_dir_path = link_func(next_server_path)
if os.path.islink(next_dir_path) and os.readlink(next_dir_path) == dir_path:
if os.path.islink(next_dir_path) and filesystem.readlink(next_dir_path) == dir_path:
possible_next_link = True
server_path = next_server_path
dir_path = next_dir_path
@ -332,7 +333,7 @@ class AccountFileStorage(interfaces.AccountStorage):
# if there's not a next one up to delete, then delete me
# and whatever I link to
while os.path.islink(dir_path):
target = os.readlink(dir_path)
target = filesystem.readlink(dir_path)
os.unlink(dir_path)
dir_path = target

11
certbot/certbot/_internal/cli/__init__.py
View file

@ -28,7 +28,8 @@ from certbot._internal.cli.cli_constants import (
ARGPARSE_PARAMS_TO_REMOVE,
EXIT_ACTIONS,
ZERO_ARG_ACTIONS,
VAR_MODIFIERS
VAR_MODIFIERS,
DEPRECATED_OPTIONS
)
from certbot._internal.cli.cli_utils import (
@ -471,6 +472,11 @@ def set_by_cli(var):
(CLI or config file) including if the user explicitly set it to the
default. Returns False if the variable was assigned a default value.
"""
# We should probably never actually hit this code. But if we do,
# a deprecated option has logically never been set by the CLI.
if var in DEPRECATED_OPTIONS:
return False
detector = set_by_cli.detector # type: ignore
if detector is None and helpful_parser is not None:
# Setup on first run: `detector` is a weird version of config in which
@ -531,6 +537,9 @@ def option_was_set(option, value):
:rtype: bool
"""
# If an option is deprecated, it was effectively not set by the user.
if option in DEPRECATED_OPTIONS:
return False
return set_by_cli(option) or not has_default_value(option, value)

5
certbot/certbot/_internal/cli/cli_constants.py
View file

@ -105,3 +105,8 @@ VAR_MODIFIERS = {"account": {"server",},
"renew_hook": {"deploy_hook",},
"server": {"dry_run", "staging",},
"webroot_map": {"webroot_path",}}
# This is a list of all CLI options that we have ever deprecated. It lets us
# opt out of the default detection, which can interact strangely with option
# deprecation. See https://github.com/certbot/certbot/issues/8540 for more info.
DEPRECATED_OPTIONS = {"manual_public_ip_logging_ok",}

40
certbot/certbot/_internal/main.py
View file

@ -5,7 +5,6 @@ from __future__ import print_function
import functools
import logging.handlers
import sys
import warnings
import configobj
import josepy as jose
@ -691,7 +690,7 @@ def unregister(config, unused_plugins):
:type config: interfaces.IConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: `list` of `str`
:type unused_plugins: plugins_disco.PluginsRegistry
:returns: `None`
:rtype: None
@ -731,7 +730,7 @@ def register(config, unused_plugins):
:type config: interfaces.IConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: `list` of `str`
:type unused_plugins: plugins_disco.PluginsRegistry
:returns: `None` or a string indicating and error
:rtype: None or str
@ -761,7 +760,7 @@ def update_account(config, unused_plugins):
:type config: interfaces.IConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: `list` of `str`
:type unused_plugins: plugins_disco.PluginsRegistry
:returns: `None` or a string indicating and error
:rtype: None or str
@ -838,7 +837,7 @@ def install(config, plugins):
:type config: interfaces.IConfig
:param plugins: List of plugins
:type plugins: `list` of `str`
:type plugins: plugins_disco.PluginsRegistry
:returns: `None`
:rtype: None
@ -921,7 +920,7 @@ def plugins_cmd(config, plugins):
:type config: interfaces.IConfig
:param plugins: List of plugins
:type plugins: `list` of `str`
:type plugins: plugins_disco.PluginsRegistry
:returns: `None`
:rtype: None
@ -960,7 +959,7 @@ def enhance(config, plugins):
:type config: interfaces.IConfig
:param plugins: List of plugins
:type plugins: `list` of `str`
:type plugins: plugins_disco.PluginsRegistry
:returns: `None`
:rtype: None
@ -1019,7 +1018,7 @@ def rollback(config, plugins):
:type config: interfaces.IConfig
:param plugins: List of plugins
:type plugins: `list` of `str`
:type plugins: plugins_disco.PluginsRegistry
:returns: `None`
:rtype: None
@ -1037,7 +1036,7 @@ def update_symlinks(config, unused_plugins):
:type config: interfaces.IConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: `list` of `str`
:type unused_plugins: plugins_disco.PluginsRegistry
:returns: `None`
:rtype: None
@ -1055,7 +1054,7 @@ def rename(config, unused_plugins):
:type config: interfaces.IConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: `list` of `str`
:type unused_plugins: plugins_disco.PluginsRegistry
:returns: `None`
:rtype: None
@ -1073,7 +1072,7 @@ def delete(config, unused_plugins):
:type config: interfaces.IConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: `list` of `str`
:type unused_plugins: plugins_disco.PluginsRegistry
:returns: `None`
:rtype: None
@ -1089,7 +1088,7 @@ def certificates(config, unused_plugins):
:type config: interfaces.IConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: `list` of `str`
:type unused_plugins: plugins_disco.PluginsRegistry
:returns: `None`
:rtype: None
@ -1106,7 +1105,7 @@ def revoke(config, unused_plugins):
:type config: interfaces.IConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: `list` of `str`
:type unused_plugins: plugins_disco.PluginsRegistry
:returns: `None` or string indicating error in case of error
:rtype: None or str
@ -1151,7 +1150,7 @@ def run(config, plugins):
:type config: interfaces.IConfig
:param plugins: List of plugins
:type plugins: `list` of `str`
:type plugins: plugins_disco.PluginsRegistry
:returns: `None`
:rtype: None
@ -1248,7 +1247,7 @@ def renew_cert(config, plugins, lineage):
:type config: interfaces.IConfig
:param plugins: List of plugins
:type plugins: `list` of `str`
:type plugins: plugins_disco.PluginsRegistry
:param lineage: Certificate lineage object
:type lineage: storage.RenewableCert
@ -1293,7 +1292,7 @@ def certonly(config, plugins):
:type config: interfaces.IConfig
:param plugins: List of plugins
:type plugins: `list` of `str`
:type plugins: plugins_disco.PluginsRegistry
:returns: `None`
:rtype: None
@ -1343,7 +1342,7 @@ def renew(config, unused_plugins):
:type config: interfaces.IConfig
:param unused_plugins: List of plugins (deprecated)
:type unused_plugins: `list` of `str`
:type unused_plugins: plugins_disco.PluginsRegistry
:returns: `None`
:rtype: None
@ -1439,13 +1438,6 @@ def main(cli_args=None):
if config.func != plugins_cmd: # pylint: disable=comparison-with-callable
raise
if sys.version_info[0] == 2:
warnings.warn(
"Python 2 support will be dropped in the next release of Certbot. "
"Please upgrade your Python version.",
PendingDeprecationWarning,
) # pragma: no cover
set_displayer(config)
# Reporter

3
certbot/certbot/_internal/plugins/webroot.py
View file

@ -157,7 +157,8 @@ to serve all files under specified web root ({0})."""
"--webroot-path and --domains, or --webroot-map. Run with "
" --help webroot for examples.")
for name, path in path_map.items():
self.full_roots[name] = os.path.join(path, challenges.HTTP01.URI_ROOT_PATH)
self.full_roots[name] = os.path.join(path, os.path.normcase(
challenges.HTTP01.URI_ROOT_PATH))
logger.debug("Creating root challenges validation dir at %s",
self.full_roots[name])

14
certbot/certbot/_internal/renewal.py
View file

@ -85,6 +85,7 @@ def _reconstitute(config, full_path):
return None
# Now restore specific values along with their data types, if
# those elements are present.
renewalparams = _remove_deprecated_config_elements(renewalparams)
try:
restore_required_config_elements(config, renewalparams)
_restore_plugin_configs(config, renewalparams)
@ -188,6 +189,19 @@ def restore_required_config_elements(config, renewalparams):
setattr(config, item_name, value)
def _remove_deprecated_config_elements(renewalparams):
"""Removes deprecated config options from the parsed renewalparams.
:param dict renewalparams: list of parsed renewalparams
:returns: list of renewalparams with deprecated config options removed
:rtype: dict
"""
return {option_name: v for (option_name, v) in renewalparams.items()
if option_name not in cli.DEPRECATED_OPTIONS}
def _restore_pref_challs(unused_name, value):
"""Restores preferred challenges from a renewal config file.

9
certbot/certbot/_internal/storage.py
View file

@ -214,7 +214,7 @@ def get_link_target(link):
"""
try:
target = os.readlink(link)
target = filesystem.readlink(link)
except OSError:
raise errors.CertStorageError(
"Expected {0} to be a symlink".format(link))
@ -223,6 +223,7 @@ def get_link_target(link):
target = os.path.join(os.path.dirname(link), target)
return os.path.abspath(target)
def _write_live_readme_to(readme_path, is_base_dir=False):
prefix = ""
if is_base_dir:
@ -665,7 +666,7 @@ class RenewableCert(interfaces.RenewableCert):
current_link = getattr(self, kind)
if os.path.lexists(current_link):
os.unlink(current_link)
os.symlink(os.readlink(previous_link), current_link)
os.symlink(filesystem.readlink(previous_link), current_link)
for _, link in previous_symlinks:
if os.path.exists(link):
@ -846,7 +847,7 @@ class RenewableCert(interfaces.RenewableCert):
link = getattr(self, kind)
filename = "{0}{1}.pem".format(kind, version)
# Relative rather than absolute target directory
target_directory = os.path.dirname(os.readlink(link))
target_directory = os.path.dirname(filesystem.readlink(link))
# TODO: it could be safer to make the link first under a temporary
# filename, then unlink the old link, then rename the new link
# to the old link; this ensures that this process is able to
@ -1121,7 +1122,7 @@ class RenewableCert(interfaces.RenewableCert):
# The behavior below keeps the prior key by creating a new
# symlink to the old key or the target of the old key symlink.
if os.path.islink(old_privkey):
old_privkey = os.readlink(old_privkey)
old_privkey = filesystem.readlink(old_privkey)
else:
old_privkey = "privkey{0}.pem".format(prior_version)
logger.debug("Writing symlink to old private key, %s.", old_privkey)

2
certbot/certbot/_internal/updater.py
View file

@ -18,7 +18,7 @@ def run_generic_updaters(config, lineage, plugins):
:type lineage: storage.RenewableCert
:param plugins: List of plugins
:type plugins: `list` of `str`
:type plugins: certbot._internal.plugins.disco.PluginsRegistry
:returns: `None`
:rtype: None

2
certbot/certbot/achallenges.py
View file

@ -33,7 +33,7 @@ class AnnotatedChallenge(jose.ImmutableMap):
Wraps around server provided challenge and annotates with data
useful for the client.
:ivar challb: Wrapped `~.ChallengeBody`.
:ivar ~.challb: Wrapped `~.ChallengeBody`.
"""
__slots__ = ('challb',)

34
certbot/certbot/compat/filesystem.py
View file

@ -4,6 +4,7 @@ from __future__ import absolute_import
import errno
import os # pylint: disable=os-module-forbidden
import stat
import sys
from acme.magic_typing import List
@ -361,7 +362,8 @@ def realpath(file_path):
"""
original_path = file_path
if POSIX_MODE:
# Since Python 3.8, os.path.realpath also resolves symlinks on Windows.
if POSIX_MODE or sys.version_info >= (3, 8):
path = os.path.realpath(file_path)
if os.path.islink(path):
# If path returned by realpath is still a link, it means that it failed to
@ -383,8 +385,36 @@ def realpath(file_path):
return os.path.abspath(file_path)
def readlink(link_path):
# type: (str) -> str
"""
Return a string representing the path to which the symbolic link points.
:param str link_path: The symlink path to resolve
:return: The path the symlink points to
:returns: str
:raise: ValueError if a long path (260> characters) is encountered on Windows
"""
path = os.readlink(link_path)
if POSIX_MODE or not path.startswith('\\\\?\\'):
return path
# At this point, we know we are on Windows and that the path returned uses
# the extended form which is done for all paths in Python 3.8+
# Max length of a normal path is 260 characters on Windows, including the non printable
# termination character "<NUL>". The termination character is not included in Python
# strings, giving a max length of 259 characters, + 4 characters for the extended form
# prefix, to an effective max length 263 characters on a string representing a normal path.
if len(path) < 264:
return path[4:]
raise ValueError("Long paths are not supported by Certbot on Windows.")
# On Windows is_executable run from an unprivileged shell may claim that a path is
# executable when it is excutable only if run from a privileged shell. This result
# executable when it is executable only if run from a privileged shell. This result
# is due to the fact that GetEffectiveRightsFromAcl calculate effective rights
# without taking into consideration if the target user has currently required the
# elevated privileges or not. However this is not a problem since certbot always

15
certbot/certbot/compat/os.py
View file

@ -7,6 +7,10 @@ This module has the same API as the os module in the Python standard library
except for the functions defined below.
"""
# NOTE: If adding a new documented function to compat.os, ensure that it is added to the
# ':members:' list in certbot/docs/api/certbot.compat.os.rst.
# isort:skip_file
# pylint: disable=function-redefined
from __future__ import absolute_import
@ -152,3 +156,14 @@ def fstat(*unused_args, **unused_kwargs):
raise RuntimeError('Usage of os.fstat() is forbidden. '
'Use certbot.compat.filesystem functions instead '
'(eg. has_min_permissions, has_same_ownership).')
# Method os.readlink has a significant behavior change with Python 3.8+. Starting
# with this version, it will return the resolved path in its "extended-style" form
# unconditionally, which allows to use more than 259 characters, and its string
# representation is prepended with "\\?\". Problem is that it does it for any path,
# and will make equality comparison fail with paths that will use the simple form.
def readlink(*unused_args, **unused_kwargs):
"""Method os.readlink() is forbidden"""
raise RuntimeError('Usage of os.readlink() is forbidden. '
'Use certbot.compat.filesystem.realpath() instead.')

22
certbot/certbot/crypto_util.py
View file

@ -205,7 +205,7 @@ def make_key(bits=1024, key_type="rsa", elliptic_curve=None):
elif key_type == 'ecdsa':
try:
name = elliptic_curve.upper()
if name in ('SECP256R1', 'SECP384R1', 'SECP512R1'):
if name in ('SECP256R1', 'SECP384R1', 'SECP521R1'):
_key = ec.generate_private_key(
curve=getattr(ec, elliptic_curve.upper(), None)(),
backend=default_backend()
@ -291,7 +291,7 @@ def verify_signed_payload(public_key, signature, payload, signature_hash_algorit
:param RSAPublicKey/EllipticCurvePublicKey public_key: the public_key to check signature
:param bytes signature: the signature bytes
:param bytes payload: the payload bytes
:param cryptography.hazmat.primitives.hashes.HashAlgorithm
:param cryptography.hazmat.primitives.hashes.HashAlgorithm \
signature_hash_algorithm: algorithm used to hash the payload
:raises InvalidSignature: If signature verification fails.
@ -586,8 +586,9 @@ def get_serial_from_cert(cert_path):
def find_chain_with_issuer(fullchains, issuer_cn, warn_on_no_match=False):
"""Chooses the first certificate chain from fullchains which contains an
Issuer Subject Common Name matching issuer_cn.
"""Chooses the first certificate chain from fullchains whose topmost
intermediate has an Issuer Common Name matching issuer_cn (in other words
the first chain which chains to a root whose name matches issuer_cn).
:param fullchains: The list of fullchains in PEM chain format.
:type fullchains: `list` of `str`
@ -598,14 +599,11 @@ def find_chain_with_issuer(fullchains, issuer_cn, warn_on_no_match=False):
:rtype: `str`
"""
for chain in fullchains:
certs = [x509.load_pem_x509_certificate(cert, default_backend()) \
for cert in CERT_PEM_REGEX.findall(chain.encode())]
# Iterate the fullchain beginning from the leaf. For each certificate encountered,
# match against Issuer Subject CN.
for cert in certs:
cert_issuer_cn = cert.issuer.get_attributes_for_oid(x509.NameOID.COMMON_NAME)
if cert_issuer_cn and cert_issuer_cn[0].value == issuer_cn:
return chain
certs = CERT_PEM_REGEX.findall(chain.encode())
top_cert = x509.load_pem_x509_certificate(certs[-1], default_backend())
top_issuer_cn = top_cert.issuer.get_attributes_for_oid(x509.NameOID.COMMON_NAME)
if top_issuer_cn and top_issuer_cn[0].value == issuer_cn:
return chain
# Nothing matched, return whatever was first in the list.
if warn_on_no_match:

6
certbot/certbot/interfaces.py
View file

@ -262,9 +262,9 @@ class IConfig(zope.interface.Interface):
" with \"renew\" verb should be disabled.")
preferred_chain = zope.interface.Attribute(
"If the CA offers multiple certificate chains, prefer the chain with "
"an issuer matching this Subject Common Name. If no match, the default "
"offered chain will be used."
"If the CA offers multiple certificate chains, prefer the chain whose "
"topmost certificate was issued from this Subject Common Name. "
"If no match, the default offered chain will be used."
)

8
certbot/certbot/plugins/util.py
View file

@ -10,9 +10,11 @@ logger = logging.getLogger(__name__)
def get_prefixes(path):
"""Retrieves all possible path prefixes of a path, in descending order
of length. For instance,
(linux) /a/b/c returns ['/a/b/c', '/a/b', '/a', '/']
(windows) C:\\a\\b\\c returns ['C:\\a\\b\\c', 'C:\\a\\b', 'C:\\a', 'C:']
of length. For instance:
* (Linux) `/a/b/c` returns `['/a/b/c', '/a/b', '/a', '/']`
* (Windows) `C:\\a\\b\\c` returns `['C:\\a\\b\\c', 'C:\\a\\b', 'C:\\a', 'C:']`
:param str path: the path to break into prefixes
:returns: all possible path prefixes of given path in descending order

14
certbot/certbot/tests/testdata/sample-renewal-deprecated-option.conf vendored Normal file
View file

@ -0,0 +1,14 @@
# renew_before_expiry = 30 days
version = 1.11.0
archive_dir = MAGICDIR/live/sample-renewal-deprecated-option
cert = MAGICDIR/live/sample-renewal-deprecated-option/cert.pem
privkey = MAGICDIR/live/sample-renewal-deprecated-option/privkey.pem
chain = MAGICDIR/live/sample-renewal-deprecated-option/chain.pem
fullchain = MAGICDIR/live/sample-renewal-deprecated-option/fullchain.pem
# Options used in the renewal process
[renewalparams]
account = ffffffffffffffffffffffffffffffff
authenticator = nginx
installer = nginx
manual_public_ip_logging_ok = None

7
certbot/certbot/tests/util.py
View file

@ -6,12 +6,19 @@ import shutil
import sys
import tempfile
import unittest
import warnings
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
import josepy as jose
try:
import mock
warnings.warn(
"The external mock module is being used for backwards compatibility "
"since it is available, however, future versions of Certbot's tests will "
"use unittest.mock. Be sure to update your code accordingly.",
PendingDeprecationWarning
)
except ImportError: # pragma: no cover
from unittest import mock # type: ignore
import OpenSSL

4
certbot/docs/api/certbot.compat.os.rst
View file

@ -2,6 +2,4 @@ certbot.compat.os module
========================
.. automodule:: certbot.compat.os
:members:
:undoc-members:
:show-inheritance:
:members: chmod, umask, chown, open, mkdir, makedirs, rename, replace, access, stat, fstat

15
certbot/docs/cli-help.txt
View file

@ -99,9 +99,9 @@ optional arguments:
before submitting to CA (default: False)
--preferred-chain PREFERRED_CHAIN
If the CA offers multiple certificate chains, prefer
the chain with an issuer matching this Subject Common
Name. If no match, the default offered chain will be
used. (default: None)
the chain whose topmost certificate was issued from
this Subject Common Name. If no match, the default
offered chain will be used. (default: None)
--preferred-challenges PREF_CHALLS
A sorted, comma delimited list of the preferred
challenge to use during authorization with the most
@ -118,7 +118,7 @@ optional arguments:
case, and to know when to deprecate support for past
Python versions and flags. If you wish to hide this
information from the Let's Encrypt server, set this to
"". (default: CertbotACMEClient/1.10.1
"". (default: CertbotACMEClient/1.12.0
(certbot(-auto); OS_NAME OS_VERSION) Authenticator/XXX
Installer/YYY (SUBCOMMAND; flags: FLAGS)
Py/major.minor.patchlevel). The flags encoded in the
@ -539,8 +539,8 @@ dns-cloudxns:
CloudXNS credentials INI file. (default: None)
dns-digitalocean:
Obtain certs using a DNS TXT record (if you are using DigitalOcean for
DNS).
Obtain certificates using a DNS TXT record (if you are using DigitalOcean
for DNS).
--dns-digitalocean-propagation-seconds DNS_DIGITALOCEAN_PROPAGATION_SECONDS
The number of seconds to wait for DNS to propagate
@ -601,7 +601,8 @@ dns-google:
therequired permissions.) (default: None)
dns-linode:
Obtain certs using a DNS TXT record (if you are using Linode for DNS).
Obtain certificates using a DNS TXT record (if you are using Linode for
DNS).
--dns-linode-propagation-seconds DNS_LINODE_PROPAGATION_SECONDS
The number of seconds to wait for DNS to propagate

7
certbot/docs/conf.py
View file

@ -95,7 +95,12 @@ language = None
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
exclude_patterns = ['_build']
exclude_patterns = [
'_build',
'man',
'challenges.rst',
'ciphers.rst'
]
# The reST default role (used for this markup: `text`) to use for all
# documents.

19
certbot/docs/contributing.rst
View file

@ -56,18 +56,18 @@ Set up the Python virtual environment that will host your Certbot local instance
.. code-block:: shell
cd certbot
python tools/venv3.py
python tools/venv.py
.. note:: You may need to repeat this when
Certbot's dependencies change or when a new plugin is introduced.
You can now run the copy of Certbot from git either by executing
``venv3/bin/certbot``, or by activating the virtual environment. You can do the
``venv/bin/certbot``, or by activating the virtual environment. You can do the
latter by running:
.. code-block:: shell
source venv3/bin/activate
source venv/bin/activate
After running this command, ``certbot`` and development tools like ``ipdb``,
``ipython``, ``pytest``, and ``tox`` are available in the shell where you ran
@ -169,7 +169,7 @@ To do so you need:
- Docker installed, and a user with access to the Docker client,
- an available `local copy`_ of Certbot.
The virtual environment set up with `python tools/venv3.py` contains two CLI tools
The virtual environment set up with `python tools/venv.py` contains two CLI tools
that can be used once the virtual environment is activated:
.. code-block:: shell
@ -197,8 +197,8 @@ using an HTTP-01 challenge on a machine with Python 3:
.. code-block:: shell
python tools/venv3.py
source venv3/bin/activate
python tools/venv.py
source venv/bin/activate
run_acme_server &
certbot_test certonly --standalone -d test.example.com
# To stop Pebble, launch `fg` to get back the background job, then press CTRL+C
@ -470,11 +470,8 @@ Mypy type annotations
=====================
Certbot uses the `mypy`_ static type checker. Python 3 natively supports official type annotations,
which can then be tested for consistency using mypy. Python 2 doesnt, but type annotations can
be `added in comments`_. Mypy does some type checks even without type annotations; we can find
bugs in Certbot even without a fully annotated codebase.
Certbot supports both Python 2 and 3, so were using Python 2-style annotations.
which can then be tested for consistency using mypy. Mypy does some type checks even without type
annotations; we can find bugs in Certbot even without a fully annotated codebase.
Zulip wrote a `great guide`_ to using mypy. Its useful, but you dont have to read the whole thing
to start contributing to Certbot.

13
certbot/docs/install.rst
View file

@ -28,7 +28,7 @@ your system.
System Requirements
===================
Certbot currently requires Python 2.7 or 3.6+ running on a UNIX-like operating
Certbot currently requires Python 3.6+ running on a UNIX-like operating
system. By default, it requires root access in order to write to
``/etc/letsencrypt``, ``/var/log/letsencrypt``, ``/var/lib/letsencrypt``; to
bind to port 80 (if you use the ``standalone`` plugin) and to read and
@ -197,12 +197,12 @@ Optionally to install the Certbot Apache plugin, you can use:
.. code-block:: shell
sudo dnf install certbot python2-certbot-apache
sudo dnf install certbot python3-certbot-apache
**FreeBSD**
* Port: ``cd /usr/ports/security/py-certbot && make install clean``
* Package: ``pkg install py27-certbot``
* Package: ``pkg install py37-certbot``
**Gentoo**
@ -223,7 +223,7 @@ They need to be installed separately if you require their functionality.
**NetBSD**
* Build from source: ``cd /usr/pkgsrc/security/py-certbot && make install clean``
* Install pre-compiled package: ``pkg_add py27-certbot``
* Install pre-compiled package: ``pkg_add py37-certbot``
**OpenBSD**
@ -240,6 +240,11 @@ look at the :doc:`packaging`.
Certbot-Auto
------------
.. toctree::
:hidden:
uninstall
We used to have a shell script named ``certbot-auto`` to help people install
Certbot on UNIX operating systems, however, this script is no longer supported.

8
certbot/examples/cli.ini
View file

@ -24,3 +24,11 @@ rsa-key-size = 4096
# path to the public_html / webroot folder being served by your web server.
# authenticator = webroot
# webroot-path = /usr/share/nginx/html
# Uncomment to automatically agree to the terms of service of the ACME server
# agree-tos = true
# An example of using an alternate ACME server that uses EAB credentials
# server = https://acme.sectigo.com/v2/InCommonRSAOV
# eab-kid = somestringofstuffwithoutquotes
# eab-hmac-key = yaddayaddahexhexnotquoted

38
certbot/setup.py
View file

@ -40,16 +40,16 @@ install_requires = [
# saying so here causes a runtime error against our temporary fork of 0.9.3
# in which we added 2.6 support (see #2243), so we relax the requirement.
'ConfigArgParse>=0.9.3',
'configobj',
'cryptography>=1.2.3', # load_pem_x509_certificate
'configobj>=5.0.6',
'cryptography>=2.1.4',
'distro>=1.0.1',
# 1.1.0+ is required to avoid the warnings described at
# https://github.com/certbot/josepy/issues/13.
'josepy>=1.1.0',
'parsedatetime>=1.3', # Calendar.parseDT
'parsedatetime>=2.4',
'pyrfc3339',
'pytz',
'setuptools',
'setuptools>=39.0.1',
'zope.component',
'zope.interface',
]
@ -59,7 +59,7 @@ install_requires = [
# However environment markers are supported only with setuptools >= 36.2.
# So this dependency is not added for old Linux distributions with old setuptools,
# in order to allow these systems to build certbot from sources.
pywin32_req = 'pywin32>=227' # do not forget to edit pywin32 dependency accordingly in windows-installer/construct.py
pywin32_req = 'pywin32>=300' # do not forget to edit pywin32 dependency accordingly in windows-installer/construct.py
setuptools_known_environment_markers = (LooseVersion(setuptools_version) >= LooseVersion('36.2'))
if setuptools_known_environment_markers:
install_requires.append(pywin32_req + " ; sys_platform == 'win32'")
@ -72,16 +72,14 @@ elif os.name == 'nt':
# setuptools, pywin32 will not be specified as a dependency.
install_requires.append(pywin32_req)
if setuptools_known_environment_markers:
install_requires.append('mock ; python_version < "3.3"')
elif 'bdist_wheel' in sys.argv[1:]:
raise RuntimeError('Error, you are trying to build certbot wheels using an old version '
'of setuptools. Version 36.2+ of setuptools is required.')
elif sys.version_info < (3,3):
install_requires.append('mock')
dev_extras = [
'astroid',
'azure-devops',
'coverage',
'ipdb',
'mypy',
'PyGithub',
'pylint',
'pytest',
'pytest-cov',
'pytest-xdist',
@ -90,15 +88,6 @@ dev_extras = [
'wheel',
]
dev3_extras = [
'astroid',
'azure-devops',
'ipdb',
'mypy',
'PyGithub',
'pylint',
]
docs_extras = [
# If you have Sphinx<1.5.1, you need docutils<0.13.1
# https://github.com/sphinx-doc/sphinx/issues/3212
@ -116,7 +105,7 @@ setup(
author="Certbot Project",
author_email='client-dev@letsencrypt.org',
license='Apache License 2.0',
python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*',
python_requires='>=3.6',
classifiers=[
'Development Status :: 5 - Production/Stable',
'Environment :: Console',
@ -125,8 +114,6 @@ setup(
'License :: OSI Approved :: Apache Software License',
'Operating System :: POSIX :: Linux',
'Programming Language :: Python',
'Programming Language :: Python :: 2',
'Programming Language :: Python :: 2.7',
'Programming Language :: Python :: 3',
'Programming Language :: Python :: 3.6',
'Programming Language :: Python :: 3.7',
@ -146,7 +133,6 @@ setup(
install_requires=install_requires,
extras_require={
'dev': dev_extras,
'dev3': dev3_extras,
'docs': docs_extras,
},

7
certbot/tests/account_test.py
View file

@ -113,11 +113,16 @@ class AccountFileStorageTest(test_util.ConfigTestCase):
from certbot._internal.account import Account
new_authzr_uri = "hi"
meta = Account.Meta(
creation_host="test.example.org",
creation_dt=datetime.datetime(
2021, 1, 5, 14, 4, 10, tzinfo=pytz.UTC))
self.acc = Account(
regr=messages.RegistrationResource(
uri=None, body=messages.Registration(),
new_authzr_uri=new_authzr_uri),
key=KEY)
key=KEY,
meta=meta)
self.mock_client = mock.MagicMock()
self.mock_client.directory.new_authz = new_authzr_uri

2
certbot/tests/cert_manager_test.py
View file

@ -99,7 +99,7 @@ class UpdateLiveSymlinksTest(BaseCertManagerTest):
for kind in ALL_FOUR:
os.chdir(os.path.dirname(self.config_files[domain][kind]))
self.assertEqual(
filesystem.realpath(os.readlink(self.config_files[domain][kind])),
filesystem.realpath(filesystem.readlink(self.config_files[domain][kind])),
filesystem.realpath(archive_paths[domain][kind]))
finally:
os.chdir(prev_dir)

26
certbot/tests/compat/filesystem_test.py
View file

@ -597,6 +597,32 @@ class IsExecutableTest(test_util.TempDirTestCase):
self.assertFalse(filesystem.is_executable("exe"))
class ReadlinkTest(unittest.TestCase):
@unittest.skipUnless(POSIX_MODE, reason='Tests specific to Linux')
@mock.patch("certbot.compat.filesystem.os.readlink")
def test_path_posix(self, mock_readlink):
mock_readlink.return_value = "/normal/path"
self.assertEqual(filesystem.readlink("dummy"), "/normal/path")
@unittest.skipIf(POSIX_MODE, reason='Tests specific to Windows')
@mock.patch("certbot.compat.filesystem.os.readlink")
def test_normal_path_windows(self, mock_readlink):
# Python <3.8
mock_readlink.return_value = "C:\\short\\path"
self.assertEqual(filesystem.readlink("dummy"), "C:\\short\\path")
# Python >=3.8 (os.readlink always returns the extended form)
mock_readlink.return_value = "\\\\?\\C:\\short\\path"
self.assertEqual(filesystem.readlink("dummy"), "C:\\short\\path")
@unittest.skipIf(POSIX_MODE, reason='Tests specific to Windows')
@mock.patch("certbot.compat.filesystem.os.readlink")
def test_extended_path_windows(self, mock_readlink):
# Following path is largely over the 260 characters permitted in the normal form.
mock_readlink.return_value = "\\\\?\\C:\\long" + 1000 * "\\path"
with self.assertRaises(ValueError):
filesystem.readlink("dummy")
@contextlib.contextmanager
def _fix_windows_runtime():
if os.name != 'nt':

23
certbot/tests/crypto_util_test.py
View file

@ -184,11 +184,13 @@ class MakeKeyTest(unittest.TestCase):
def test_ec(self): # pylint: disable=no-self-use
# ECDSA Key Type Tests
from certbot.crypto_util import make_key
# Do not test larger keys as it takes too long.
# Try a good key size for ECDSA
OpenSSL.crypto.load_privatekey(
OpenSSL.crypto.FILETYPE_PEM, make_key(elliptic_curve="secp256r1", key_type='ecdsa'))
for (name, bits) in [('secp256r1', 256), ('secp384r1', 384), ('secp521r1', 521)]:
pkey = OpenSSL.crypto.load_privatekey(
OpenSSL.crypto.FILETYPE_PEM,
make_key(elliptic_curve=name, key_type='ecdsa')
)
self.assertEqual(pkey.bits(), bits)
def test_bad_key_sizes(self):
from certbot.crypto_util import make_key
@ -502,6 +504,19 @@ class FindChainWithIssuerTest(unittest.TestCase):
matched = self._call(fullchains, "Pebble Root CA 0cc6f0")
self.assertEqual(matched, fullchains[1])
@mock.patch('certbot.crypto_util.logger.info')
def test_intermediate_match(self, mock_info):
"""Don't pick a chain where only an intermediate matches"""
fullchains = self._all_fullchains()
# Make the second chain actually only contain "Pebble Root CA 0cc6f0"
# as an intermediate, not as the root. This wouldn't be a valid chain
# (the CERT_ISSUER cert didn't issue the CERT_ALT_ISSUER cert), but the
# function under test here doesn't care about that.
fullchains[1] = fullchains[1] + CERT_ISSUER.decode()
matched = self._call(fullchains, "Pebble Root CA 0cc6f0")
self.assertEqual(matched, fullchains[0])
mock_info.assert_not_called()
@mock.patch('certbot.crypto_util.logger.info')
def test_no_match(self, mock_info):
fullchains = self._all_fullchains()

4
certbot/tests/main_test.py
View file

@ -814,8 +814,10 @@ class MainTest(test_util.ConfigTestCase):
self._call_no_clientmock(['delete'])
self.assertEqual(1, mock_cert_manager.call_count)
@mock.patch('certbot._internal.main.plugins_disco')
@mock.patch('certbot._internal.main.cli.HelpfulArgumentParser.determine_help_topics')
@mock.patch('certbot._internal.log.post_arg_parse_setup')
def test_plugins(self, _):
def test_plugins(self, _, _det, mock_disco):
flags = ['--init', '--prepare', '--authenticators', '--installers']
for args in itertools.chain(
*(itertools.combinations(flags, r)

19
certbot/tests/renewal_test.py
View file

@ -1,4 +1,6 @@
"""Tests for certbot._internal.renewal"""
import copy
import unittest
try:
@ -98,6 +100,23 @@ class RenewalTest(test_util.ConfigTestCase):
assert self.config.elliptic_curve == 'secp256r1'
@test_util.patch_get_utility()
@mock.patch('certbot._internal.renewal.cli.set_by_cli')
def test_remove_deprecated_config_elements(self, mock_set_by_cli, unused_mock_get_utility):
mock_set_by_cli.return_value = False
config = configuration.NamespaceConfig(self.config)
config.certname = "sample-renewal-deprecated-option"
rc_path = test_util.make_lineage(
self.config.config_dir, 'sample-renewal-deprecated-option.conf')
from certbot._internal import renewal
lineage_config = copy.deepcopy(self.config)
renewal_candidate = renewal._reconstitute(lineage_config, rc_path)
# This means that manual_public_ip_logging_ok was not modified in the config based on its
# value in the renewal conf file
self.assertTrue(isinstance(lineage_config.manual_public_ip_logging_ok, mock.MagicMock))
class RestoreRequiredConfigElementsTest(test_util.ConfigTestCase):
"""Tests for certbot._internal.renewal.restore_required_config_elements."""

15
certbot/tests/storage_test.py
View file

@ -77,6 +77,17 @@ class RelevantValuesTest(unittest.TestCase):
self.assertEqual(self._call(self.values), expected_relevant_values)
@mock.patch("certbot._internal.cli.set_by_cli")
def test_deprecated_item(self, unused_mock_set_by_cli):
# deprecated items should never be relevant to store
expected_relevant_values = self.values.copy()
self.values["manual_public_ip_logging_ok"] = None
self.assertEqual(self._call(self.values), expected_relevant_values)
self.values["manual_public_ip_logging_ok"] = True
self.assertEqual(self._call(self.values), expected_relevant_values)
self.values["manual_public_ip_logging_ok"] = False
self.assertEqual(self._call(self.values), expected_relevant_values)
class BaseRenewableCertTest(test_util.ConfigTestCase):
"""Base class for setting up Renewable Cert tests.
@ -330,7 +341,7 @@ class RenewableCertTests(BaseRenewableCertTest):
self.test_rc._update_link_to("chain", 3000)
# However, current_version doesn't allow querying the resulting
# version (because it's a broken link).
self.assertEqual(os.path.basename(os.readlink(self.test_rc.chain)),
self.assertEqual(os.path.basename(filesystem.readlink(self.test_rc.chain)),
"chain3000.pem")
def test_version(self):
@ -514,7 +525,7 @@ class RenewableCertTests(BaseRenewableCertTest):
# privkey.
for i in (6, 7, 8):
self.assertTrue(os.path.islink(self.test_rc.version("privkey", i)))
self.assertEqual("privkey3.pem", os.path.basename(os.readlink(
self.assertEqual("privkey3.pem", os.path.basename(filesystem.readlink(
self.test_rc.version("privkey", i))))
for kind in ALL_FOUR:

62
letsencrypt-auto
View file

@ -31,7 +31,7 @@ if [ -z "$VENV_PATH" ]; then
fi
VENV_BIN="$VENV_PATH/bin"
BOOTSTRAP_VERSION_PATH="$VENV_PATH/certbot-auto-bootstrap-version.txt"
LE_AUTO_VERSION="1.10.1"
LE_AUTO_VERSION="1.12.0"
BASENAME=$(basename $0)
USAGE="Usage: $BASENAME [OPTIONS]
A self-updating wrapper script for the Certbot ACME client. When run, updates
@ -803,7 +803,9 @@ if [ -f /etc/debian_version ]; then
elif [ -f /etc/mageia-release ]; then
# Mageia has both /etc/mageia-release and /etc/redhat-release
DEPRECATED_OS=1
NO_SELF_UPGRADE=1
elif [ -f /etc/redhat-release ]; then
DEPRECATED_OS=1
# Run DeterminePythonVersion to decide on the basis of available Python versions
# whether to use 2.x or 3.x on RedHat-like systems.
# Then, revert LE_PYTHON to its previous state.
@ -836,12 +838,7 @@ elif [ -f /etc/redhat-release ]; then
INTERACTIVE_BOOTSTRAP=1
fi
Bootstrap() {
BootstrapMessage "Legacy RedHat-based OSes that will use Python3"
BootstrapRpmPython3Legacy
}
USE_PYTHON_3=1
BOOTSTRAP_VERSION="BootstrapRpmPython3Legacy $BOOTSTRAP_RPM_PYTHON3_LEGACY_VERSION"
# Try now to enable SCL rh-python36 for systems already bootstrapped
# NB: EnablePython36SCL has been defined along with BootstrapRpmPython3Legacy in certbot-auto
@ -860,43 +857,38 @@ elif [ -f /etc/redhat-release ]; then
fi
if [ "$RPM_USE_PYTHON_3" = 1 ]; then
Bootstrap() {
BootstrapMessage "RedHat-based OSes that will use Python3"
BootstrapRpmPython3
}
USE_PYTHON_3=1
BOOTSTRAP_VERSION="BootstrapRpmPython3 $BOOTSTRAP_RPM_PYTHON3_VERSION"
else
Bootstrap() {
BootstrapMessage "RedHat-based OSes"
BootstrapRpmCommon
}
BOOTSTRAP_VERSION="BootstrapRpmCommon $BOOTSTRAP_RPM_COMMON_VERSION"
fi
fi
LE_PYTHON="$prev_le_python"
elif [ -f /etc/os-release ] && `grep -q openSUSE /etc/os-release` ; then
DEPRECATED_OS=1
NO_SELF_UPGRADE=1
elif [ -f /etc/arch-release ]; then
DEPRECATED_OS=1
NO_SELF_UPGRADE=1
elif [ -f /etc/manjaro-release ]; then
DEPRECATED_OS=1
NO_SELF_UPGRADE=1
elif [ -f /etc/gentoo-release ]; then
DEPRECATED_OS=1
NO_SELF_UPGRADE=1
elif uname | grep -iq FreeBSD ; then
DEPRECATED_OS=1
NO_SELF_UPGRADE=1
elif uname | grep -iq Darwin ; then
DEPRECATED_OS=1
NO_SELF_UPGRADE=1
elif [ -f /etc/issue ] && grep -iq "Amazon Linux" /etc/issue ; then
Bootstrap() {
ExperimentalBootstrap "Amazon Linux" BootstrapRpmCommon
}
BOOTSTRAP_VERSION="BootstrapRpmCommon $BOOTSTRAP_RPM_COMMON_VERSION"
DEPRECATED_OS=1
NO_SELF_UPGRADE=1
elif [ -f /etc/product ] && grep -q "Joyent Instance" /etc/product ; then
DEPRECATED_OS=1
NO_SELF_UPGRADE=1
else
DEPRECATED_OS=1
NO_SELF_UPGRADE=1
fi
# We handle this case after determining the normal bootstrap version to allow
@ -1125,7 +1117,9 @@ if [ "$1" = "--le-auto-phase2" ]; then
fi
if [ -f "$VENV_BIN/letsencrypt" -a "$INSTALL_ONLY" != 1 ]; then
error "Certbot will no longer receive updates."
error "certbot-auto and its Certbot installation will no longer receive updates."
error "You will not receive any bug fixes including those fixing server compatibility"
error "or security problems."
error "Please visit https://certbot.eff.org/ to check for other alternatives."
"$VENV_BIN/letsencrypt" "$@"
exit 0
@ -1493,18 +1487,18 @@ letsencrypt==0.7.0 \
--hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \
--hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9
certbot==1.10.1 \
--hash=sha256:011ac980fa21b9f29e02c9b8d8b86e8a4bf4670b51b6ad91656e401e9d2d2231 \
--hash=sha256:0d9ee3fc09e0d03b2d1b1f1c4916e61ecfc6904b4216ddef4e6a5ca1424d9cb7
acme==1.10.1 \
--hash=sha256:752d598e54e98ad1e874de53fd50c61044f1b566d6deb790db5676ce9c573546 \
--hash=sha256:fcbb559aedc96b404edf593e78517dcd7291984d5a37036c3fc77f3c5c122fd8
certbot-apache==1.10.1 \
--hash=sha256:f077b4b7f166627ef5e0921fe7cde57700670fc86e9ad9dbdfaf2c573cc0f2fa \
--hash=sha256:97ed637b4c7b03820db6c69aa90145dc989933351d46a3d62baf6b71674f0a10
certbot-nginx==1.10.1 \
--hash=sha256:7c36459021f8a1ec3b6c062e4c4fc866bfaa1dbf26ccd29e043dd6848003be08 \
--hash=sha256:c0bbeccf85f46b728fd95e6bb8c2649d32d3383d7f47ea4b9c312d12bf04d2f0
certbot==1.12.0 \
--hash=sha256:f4bb3da5391e4a28e9a2e52ab54986171c0864feff17eaaaca6729a1d4c433a6 \
--hash=sha256:5ee738773479bcb7794e43fedd2415acc0969b75bdd2a21f451e3bff9d99df59
acme==1.12.0 \
--hash=sha256:ca4ad044429f1b8b670b958e5c7ea38159def9d601f4af2359355993918c3317 \
--hash=sha256:aa363474d50e9fdda27acb8b1aa7efb26fecc5650e02039a0de3a3f0e696c2f2
certbot-apache==1.12.0 \
--hash=sha256:38899f6fa08799de9535795d919acf968f288d7208909baf7733f9a763c15227 \
--hash=sha256:e5679b40d99bd241f4fcd9fe44b73e6e25ccc969a617131ff6ebc90d562a49f2
certbot-nginx==1.12.0 \
--hash=sha256:332cd70067bbcf6db52a002650ffa4844d0bd9780279d662aa6725b43f776c14 \
--hash=sha256:3fb6a55290d37ad466681a89a85ceca4c4026fdd8702f3010b87a74266a6fe7b
UNLIKELY_EOF
# -------------------------------------------------------------------------

Some files were not shown because too many files have changed in this diff Show more