From 05dbda4b519daa1db08a0cf0a730b9240e37c65b Mon Sep 17 00:00:00 2001 From: Thomas Date: Wed, 15 Jul 2020 22:41:15 +0200 Subject: [PATCH 1/7] added inwx plugin (#8115) * added inwx plugin * Update using.rst fixed convention naming --- certbot/docs/using.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/certbot/docs/using.rst b/certbot/docs/using.rst index 0a0b6d1a2..0423b1fec 100644 --- a/certbot/docs/using.rst +++ b/certbot/docs/using.rst @@ -281,6 +281,7 @@ proxmox_ N Y Install certificates in Proxmox Virtualization serv dns-standalone_ Y N Obtain certificates via an integrated DNS server dns-ispconfig_ Y N DNS Authentication using ISPConfig as DNS server dns-clouddns_ Y N DNS Authentication using CloudDNS API +dns-inwx Y Y DNS Authentication for INWX through the XML API ================== ==== ==== =============================================================== .. _haproxy: https://github.com/greenhost/certbot-haproxy @@ -293,6 +294,7 @@ dns-clouddns_ Y N DNS Authentication using CloudDNS API .. _dns-standalone: https://github.com/siilike/certbot-dns-standalone .. _dns-ispconfig: https://github.com/m42e/certbot-dns-ispconfig .. _dns-clouddns: https://github.com/vshosting/certbot-dns-clouddns +.. _dns-inwx: https://github.com/oGGy990/certbot-dns-inwx/ If you're interested, you can also :ref:`write your own plugin `. From 9d2e0ac013b9b2accc70f1a75584a51d335e7463 Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Fri, 17 Jul 2020 12:47:11 -0700 Subject: [PATCH 2/7] Specify the Certbot snap grade. (#8147) --- snap/snapcraft.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index df6149551..06e44e3d5 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -15,6 +15,7 @@ description: | - Help you revoke the certificate if that ever becomes necessary. confinement: classic base: core20 +grade: stable adopt-info: certbot apps: From ebf1349b15098548b0dcad30a0dabd07ed3f11d1 Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Fri, 17 Jul 2020 13:01:04 -0700 Subject: [PATCH 3/7] Update to IPython with Python 3.8 support. (#8152) --- certbot/setup.py | 2 +- tools/dev_constraints.txt | 7 +++++-- tools/oldest_constraints.txt | 7 +++++++ 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/certbot/setup.py b/certbot/setup.py index b2e0837d3..efa7e3c28 100644 --- a/certbot/setup.py +++ b/certbot/setup.py @@ -83,7 +83,6 @@ elif sys.version_info < (3,3): dev_extras = [ 'coverage', - 'ipdb', 'pytest', 'pytest-cov', 'pytest-xdist', @@ -94,6 +93,7 @@ dev_extras = [ dev3_extras = [ 'astroid', + 'ipdb', 'mypy', 'pylint', ] diff --git a/tools/dev_constraints.txt b/tools/dev_constraints.txt index 6e692841b..31ca577d5 100644 --- a/tools/dev_constraints.txt +++ b/tools/dev_constraints.txt @@ -10,6 +10,7 @@ asn1crypto==0.22.0 astroid==2.3.3 attrs==17.3.0 Babel==2.5.1 +backcall==0.2.0 backports.functools-lru-cache==1.5 backports.shutil-get-terminal-size==1.0.0 backports.ssl-match-hostname==3.7.0.1 @@ -40,9 +41,10 @@ httplib2==0.10.3 imagesize==0.7.1 importlib-metadata==0.23 ipdb==0.12.3 -ipython==5.8.0 +ipython==7.9.0 ipython-genutils==0.2.0 isort==4.3.21 +jedi==0.17.1 Jinja2==2.9.6 jmespath==0.9.4 josepy==1.1.0 @@ -59,13 +61,14 @@ ndg-httpsclient==0.3.2 oauth2client==4.0.0 packaging==19.2 paramiko==2.4.2 +parso==0.7.0 pathlib2==2.3.5 pexpect==4.7.0 pickleshare==0.7.5 pkginfo==1.4.2 pluggy==0.13.0 ply==3.4 -prompt-toolkit==1.0.18 +prompt-toolkit==2.0.10 ptyprocess==0.6.0 py==1.8.0 pyasn1==0.1.9 diff --git a/tools/oldest_constraints.txt b/tools/oldest_constraints.txt index ff4b8361a..5145e3ddf 100644 --- a/tools/oldest_constraints.txt +++ b/tools/oldest_constraints.txt @@ -63,3 +63,10 @@ dns-lexicon==2.2.1 # Tracking at https://github.com/certbot/certbot/issues/6473 boto3==1.4.7 botocore==1.7.41 + +# Old certbot[dev] constraints +# Old versions of certbot[dev] required ipdb and our normally pinned version of +# ipython which ipdb depends on doesn't support Python 2 so we pin an older +# version here to keep tests working while we have Python 2 support. +ipython==5.8.0 +prompt-toolkit==1.0.18 From b6964cae2e9ad6e9bd316c3dfb3d3b1c322c958b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C8=98tefan=20Talpalaru?= Date: Sun, 19 Jul 2020 16:32:30 +0200 Subject: [PATCH 4/7] certbot_dns_linode: decrease the default propagation interval MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit «When you add or change DNS zones or records, your changes will now be reflected at our authoritative nameservers in under 60 seconds. This is down from the previous “every quarter hour” approach that we had for so long.» - https://www.linode.com/blog/linode/linode-turns-17/ --- AUTHORS.md | 1 + .../certbot_dns_linode/__init__.py | 16 ++++++++-------- .../certbot_dns_linode/_internal/dns_linode.py | 2 +- certbot/CHANGELOG.md | 3 ++- 4 files changed, 12 insertions(+), 10 deletions(-) diff --git a/AUTHORS.md b/AUTHORS.md index 6b6b5d118..0cedcbd19 100644 --- a/AUTHORS.md +++ b/AUTHORS.md @@ -237,6 +237,7 @@ Authors * [Spencer Bliven](https://github.com/sbliven) * [Stacey Sheldon](https://github.com/solidgoldbomb) * [Stavros Korokithakis](https://github.com/skorokithakis) +* [Ștefan Talpalaru](https://github.com/stefantalpalaru) * [Stefan Weil](https://github.com/stweil) * [Steve Desmond](https://github.com/stevedesmond-ca) * [sydneyli](https://github.com/sydneyli) diff --git a/certbot-dns-linode/certbot_dns_linode/__init__.py b/certbot-dns-linode/certbot_dns_linode/__init__.py index 107781a13..4bfd95573 100644 --- a/certbot-dns-linode/certbot_dns_linode/__init__.py +++ b/certbot-dns-linode/certbot_dns_linode/__init__.py @@ -14,10 +14,10 @@ Named Arguments DNS to propagate before asking the ACME server to verify the DNS record. - (Default: 1200 because Linode - updates its first DNS every 15 - minutes and we allow 5 more minutes - for the update to reach the other 5 + (Default: 120 because Linode + updates its first DNS every 60 + seconds and we allow 60 more seconds + for the update to reach other 5 servers) ========================================== =================================== @@ -80,15 +80,15 @@ Examples -d www.example.com .. code-block:: bash - :caption: To acquire a certificate for ``example.com``, waiting 1000 seconds - for DNS propagation (Linode updates its first DNS every 15 minutes - and we allow some extra time for the update to reach the other 5 + :caption: To acquire a certificate for ``example.com``, waiting 120 seconds + for DNS propagation (Linode updates its first DNS every minute + and we allow some extra time for the update to reach other 5 servers) certbot certonly \\ --dns-linode \\ --dns-linode-credentials ~/.secrets/certbot/linode.ini \\ - --dns-linode-propagation-seconds 1000 \\ + --dns-linode-propagation-seconds 120 \\ -d example.com """ diff --git a/certbot-dns-linode/certbot_dns_linode/_internal/dns_linode.py b/certbot-dns-linode/certbot_dns_linode/_internal/dns_linode.py index f7b3ec3d4..f9450c02c 100644 --- a/certbot-dns-linode/certbot_dns_linode/_internal/dns_linode.py +++ b/certbot-dns-linode/certbot_dns_linode/_internal/dns_linode.py @@ -32,7 +32,7 @@ class Authenticator(dns_common.DNSAuthenticator): @classmethod def add_parser_arguments(cls, add): # pylint: disable=arguments-differ - super(Authenticator, cls).add_parser_arguments(add, default_propagation_seconds=1200) + super(Authenticator, cls).add_parser_arguments(add, default_propagation_seconds=120) add('credentials', help='Linode credentials INI file.') def more_info(self): # pylint: disable=missing-function-docstring diff --git a/certbot/CHANGELOG.md b/certbot/CHANGELOG.md index 8124d1e0c..58eb03984 100644 --- a/certbot/CHANGELOG.md +++ b/certbot/CHANGELOG.md @@ -12,7 +12,8 @@ Certbot adheres to [Semantic Versioning](https://semver.org/). ### Changed -* +* The Linode DNS plugin now waits 120 seconds for DNS propagation, instead of 1200, + due to https://www.linode.com/blog/linode/linode-turns-17/ ### Fixed From b13dfc6437ab14bff801607c6124292aefcc48b2 Mon Sep 17 00:00:00 2001 From: Adrien Ferrand Date: Tue, 21 Jul 2020 01:01:09 +0200 Subject: [PATCH 5/7] Do not create the symlink for test assets on Windows if the asset path is already a symlink (#8159) --- certbot-ci/certbot_integration_tests/utils/misc.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/certbot-ci/certbot_integration_tests/utils/misc.py b/certbot-ci/certbot_integration_tests/utils/misc.py index 9d1676c60..38c2e60a8 100644 --- a/certbot-ci/certbot_integration_tests/utils/misc.py +++ b/certbot-ci/certbot_integration_tests/utils/misc.py @@ -279,16 +279,17 @@ def load_sample_data_path(workspace): shutil.copytree(original, copied, symlinks=True) if os.name == 'nt': - # Fix the symlinks on Windows since GIT is not creating them upon checkout + # Fix the symlinks on Windows if GIT is not configured to create them upon checkout for lineage in ['a.encryption-example.com', 'b.encryption-example.com']: current_live = os.path.join(copied, 'live', lineage) for name in os.listdir(current_live): if name != 'README': current_file = os.path.join(current_live, name) - with open(current_file) as file_h: - src = file_h.read() - os.unlink(current_file) - os.symlink(os.path.join(current_live, src), current_file) + if not os.path.islink(current_file): + with open(current_file) as file_h: + src = file_h.read() + os.unlink(current_file) + os.symlink(os.path.join(current_live, src), current_file) return copied From 74b0340a13304cfeeb7c4ca5bb3b9ff404a2dcdd Mon Sep 17 00:00:00 2001 From: Adrien Ferrand Date: Tue, 21 Jul 2020 02:17:10 +0200 Subject: [PATCH 6/7] Use a specific tag of adferrand/snapcraft to build QEMU snaps and avoid failures (#8158) The latest builds of snapcraft introduced somehow several failures when snaps are built on QEMU for armhf. See https://dev.azure.com/certbot/certbot/_build/results?buildId=2326&view=logs&j=7c548e18-6053-5a42-b366-e6480da09a69&t=a7c7ca26-ae0c-54e6-0355-3bfcd7bab03c for instance. This PR uses a specific tags from `adferrand/snapcraft`, extracted from the last known working `nightly` pipeline, to avoid these failures until a more permanent fix is done. Very likely the fix will be the move to snapcraft remote builds. * Use a specific tag of adferrand/snapcraft to build snaps and avoid an error on QEMU for armhf. * Update tools/snap/build.sh Co-authored-by: Brad Warren * Update tools/snap/build_dns.sh Co-authored-by: Brad Warren Co-authored-by: Brad Warren --- tools/snap/build.sh | 5 ++++- tools/snap/build_dns.sh | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/tools/snap/build.sh b/tools/snap/build.sh index ef34c479a..c9392f909 100755 --- a/tools/snap/build.sh +++ b/tools/snap/build.sh @@ -31,11 +31,14 @@ function cleanup() { trap cleanup EXIT +# NB: We use ARCH-stable-save tag instead of ARCH-stable, because recent versions of snapcraft images +# behave badly on QEMU for arm64 architecture. This should be fixed either by a new version of the +# image that does not have this problem anymore, or the migration to snapcraft remote builds. docker run \ --rm \ --net=host \ -v "${CERTBOT_DIR}:/certbot" \ -w "/certbot" \ -e "PIP_EXTRA_INDEX_URL=http://localhost:8080" \ - "adferrand/snapcraft:${DOCKER_ARCH}-stable" \ + "adferrand/snapcraft:${DOCKER_ARCH}-stable-save" \ bash -c "snapcraft clean && snapcraft" diff --git a/tools/snap/build_dns.sh b/tools/snap/build_dns.sh index aba008d7e..5ebad2969 100755 --- a/tools/snap/build_dns.sh +++ b/tools/snap/build_dns.sh @@ -60,6 +60,9 @@ for DNS_PLUGIN in ${DNS_PLUGINS}; do done EOF +# NB: We use ARCH-stable-save tag instead of ARCH-stable, because recent versions of snapcraft images +# behave badly on QEMU for arm64 architecture. This should be fixed either by a new version of the +# image that does not have this problem anymore, or the migration to snapcraft remote builds. docker run \ --rm \ --net=host \ @@ -69,5 +72,5 @@ docker run \ -w "/certbot" \ -e "DNS_PLUGINS=${DNS_PLUGINS}" \ -e "PIP_EXTRA_INDEX_URL=http://localhost:8080" \ - "adferrand/snapcraft:${DOCKER_ARCH}-stable" \ + "adferrand/snapcraft:${DOCKER_ARCH}-stable-save" \ /script.sh From 270b5535e24fd3dab4c05fa8929adca8117942f1 Mon Sep 17 00:00:00 2001 From: Adrien Ferrand Date: Tue, 21 Jul 2020 02:46:38 +0200 Subject: [PATCH 7/7] Add warnings about Python 3.5 deprecation in Certbot (#8154) Fixes #8149 This PR adds warnings to warn about the incoming deprecation of Python 3.5 in Certbot. * Add warnings about Python 3.5 deprecation in Certbot * Update certbot/certbot/__init__.py Co-authored-by: Brad Warren Co-authored-by: Brad Warren --- acme/acme/__init__.py | 8 ++++++++ certbot/CHANGELOG.md | 2 ++ certbot/certbot/__init__.py | 9 +++++++++ certbot/certbot/_internal/main.py | 4 ++++ 4 files changed, 23 insertions(+) diff --git a/acme/acme/__init__.py b/acme/acme/__init__.py index d1679fcad..c16f95826 100644 --- a/acme/acme/__init__.py +++ b/acme/acme/__init__.py @@ -20,3 +20,11 @@ for mod in list(sys.modules): # preserved (acme.jose.* is josepy.*) if mod == 'josepy' or mod.startswith('josepy.'): sys.modules['acme.' + mod.replace('josepy', 'jose', 1)] = sys.modules[mod] + + +if sys.version_info[:2] == (3, 5): + warnings.warn( + "Python 3.5 support will be dropped in the next release of " + "acme. Please upgrade your Python version.", + PendingDeprecationWarning, + ) # pragma: no cover diff --git a/certbot/CHANGELOG.md b/certbot/CHANGELOG.md index 58eb03984..4eca065af 100644 --- a/certbot/CHANGELOG.md +++ b/certbot/CHANGELOG.md @@ -14,6 +14,8 @@ Certbot adheres to [Semantic Versioning](https://semver.org/). * The Linode DNS plugin now waits 120 seconds for DNS propagation, instead of 1200, due to https://www.linode.com/blog/linode/linode-turns-17/ +* We deprecated support for Python 3.5 in Certbot and its ACME library. + Support for Python 3.5 will be removed in the next major release of Certbot. ### Fixed diff --git a/certbot/certbot/__init__.py b/certbot/certbot/__init__.py index 4db5f1e39..db2e829d4 100644 --- a/certbot/certbot/__init__.py +++ b/certbot/certbot/__init__.py @@ -1,4 +1,13 @@ """Certbot client.""" +import warnings +import sys # version number like 1.2.3a0, must have at least 2 parts, like 1.2 __version__ = '1.7.0.dev0' + +if sys.version_info[:2] == (3, 5): + warnings.warn( + "Python 3.5 support will be dropped in the next release of " + "certbot. Please upgrade your Python version.", + PendingDeprecationWarning, + ) # pragma: no cover diff --git a/certbot/certbot/_internal/main.py b/certbot/certbot/_internal/main.py index 30f4dd0a2..6cf2ccf17 100644 --- a/certbot/certbot/_internal/main.py +++ b/certbot/certbot/_internal/main.py @@ -1343,6 +1343,10 @@ def main(cli_args=None): if config.func != plugins_cmd: # pylint: disable=comparison-with-callable raise + if sys.version_info[:2] == (3, 5): + logger.warning("Python 3.5 support will be dropped in the next release " + "of Certbot - please upgrade your Python version.") + set_displayer(config) # Reporter