Merge pull request #2875 from certbot/deprecation-warning

Deprecation warning for non-updating letsencrypt-auto

certbot/cli.py

@@ -37,8 +37,14 @@ helpful_parser = None
 # should only be used for purposes where inability to detect letsencrypt-auto
 # fails safely
 
+LEAUTO = "letsencrypt-auto"
+if "CERTBOT_AUTO" in os.environ:
+    # if we're here, this is probably going to be certbot-auto, unless the
+    # user saved the script under a different name
+    LEAUTO = os.path.basename(os.environ["CERTBOT_AUTO"])
+
 fragment = os.path.join(".local", "share", "letsencrypt")
-cli_command = "letsencrypt-auto" if fragment in sys.argv[0] else "certbot"
+cli_command = LEAUTO if fragment in sys.argv[0] else "certbot"
 
 # Argparse's help formatting has a lot of unhelpful peculiarities, so we want
 # to replace as much of it as we can...
@@ -141,6 +147,22 @@ def usage_strings(plugins):
     return USAGE % (apache_doc, nginx_doc), SHORT_USAGE
 
 
+def possible_deprecation_warning(config):
+    "A deprecation warning for users with the old, not-self-upgrading letsencrypt-auto."
+    if cli_command != LEAUTO:
+        return
+    if config.no_self_upgrade:
+        # users setting --no-self-upgrade might be hanging on a clent version like 0.3.0
+        # or 0.5.0 which is the new script, but doesn't set CERTBOT_AUTO; they don't
+        # need warnings
+        return
+    if "CERTBOT_AUTO" not in os.environ:
+        logger.warn("You are running with an old copy of letsencrypt-auto that does "
+            "not receive updates, and is less reliable than more recent versions. "
+            "We recommend upgrading to the latest certbot-auto script, or using native "
+            "OS packages.")
+
+
 class _Default(object):
     """A class to use as a default to detect if a value is set by a user"""
 

certbot/main.py

@@ -661,6 +661,7 @@ def main(cli_args=sys.argv[1:]):
     le_util.make_or_verify_dir(
         config.logs_dir, 0o700, os.geteuid(), "--strict-permissions" in cli_args)
     setup_logging(config, _cli_log_handler, logfile='letsencrypt.log')
+    cli.possible_deprecation_warning(config)
 
     logger.debug("certbot version: %s", certbot.__version__)
     # do not log `config`, as it contains sensitive data (e.g. revoke --key)!

letsencrypt-auto-source/letsencrypt-auto

@@ -73,9 +73,12 @@ done
 # The "normal" case is that sudo is used for the steps that need root, but
 # this script *can* be run as root (not recommended), or fall back to using
 # `su`
+SUDO_ENV=""
+export CERTBOT_AUTO="$0"
 if test "`id -u`" -ne "0" ; then
   if command -v sudo 1>/dev/null 2>&1; then
     SUDO=sudo
+    SUDO_ENV="CERTBOT_AUTO=$0"
   else
     echo \"sudo\" is not available, will use \"su\" for installation steps...
     # Because the parameters in `su -c` has to be a string,
@@ -882,8 +885,16 @@ UNLIKELY_EOF
     echo "Installation succeeded."
   fi
   echo "Requesting root privileges to run certbot..."
-  echo "  " $SUDO "$VENV_BIN/letsencrypt" "$@"
-  $SUDO "$VENV_BIN/letsencrypt" "$@"
+  if [ -z "$SUDO_ENV" ] ; then
+    # SUDO is su wrapper / noop
+    echo "  " $SUDO "$VENV_BIN/letsencrypt" "$@"
+    $SUDO "$VENV_BIN/letsencrypt" "$@"
+  else
+    # sudo
+    echo "  " $SUDO "$SUDO_ENV" "$VENV_BIN/letsencrypt" "$@"
+    $SUDO "$SUDO_ENV" "$VENV_BIN/letsencrypt" "$@"
+  fi
+
 else
   # Phase 1: Upgrade certbot-auto if neceesary, then self-invoke.
   #
@@ -1040,8 +1051,9 @@ if __name__ == '__main__':
 UNLIKELY_EOF
     # ---------------------------------------------------------------------------
     DeterminePythonVersion
-    REMOTE_VERSION=`"$LE_PYTHON" "$TEMP_DIR/fetch.py" --latest-version`
-    if [ "$LE_AUTO_VERSION" != "$REMOTE_VERSION" ]; then
+    if ! REMOTE_VERSION=`"$LE_PYTHON" "$TEMP_DIR/fetch.py" --latest-version` ; then
+      echo "WARNING: unable to check for updates."
+    elif [ "$LE_AUTO_VERSION" != "$REMOTE_VERSION" ]; then
       echo "Upgrading certbot-auto $LE_AUTO_VERSION to $REMOTE_VERSION..."
 
       # Now we drop into Python so we don't have to install even more

letsencrypt-auto-source/letsencrypt-auto.template

@@ -73,9 +73,12 @@ done
 # The "normal" case is that sudo is used for the steps that need root, but
 # this script *can* be run as root (not recommended), or fall back to using
 # `su`
+SUDO_ENV=""
+export CERTBOT_AUTO="$0"
 if test "`id -u`" -ne "0" ; then
   if command -v sudo 1>/dev/null 2>&1; then
     SUDO=sudo
+    SUDO_ENV="CERTBOT_AUTO=$0"
   else
     echo \"sudo\" is not available, will use \"su\" for installation steps...
     # Because the parameters in `su -c` has to be a string,
@@ -250,8 +253,16 @@ UNLIKELY_EOF
     echo "Installation succeeded."
   fi
   echo "Requesting root privileges to run certbot..."
-  echo "  " $SUDO "$VENV_BIN/letsencrypt" "$@"
-  $SUDO "$VENV_BIN/letsencrypt" "$@"
+  if [ -z "$SUDO_ENV" ] ; then
+    # SUDO is su wrapper / noop
+    echo "  " $SUDO "$VENV_BIN/letsencrypt" "$@"
+    $SUDO "$VENV_BIN/letsencrypt" "$@"
+  else
+    # sudo
+    echo "  " $SUDO "$SUDO_ENV" "$VENV_BIN/letsencrypt" "$@"
+    $SUDO "$SUDO_ENV" "$VENV_BIN/letsencrypt" "$@"
+  fi
+
 else
   # Phase 1: Upgrade certbot-auto if neceesary, then self-invoke.
   #
@@ -282,8 +293,9 @@ else
 UNLIKELY_EOF
     # ---------------------------------------------------------------------------
     DeterminePythonVersion
-    REMOTE_VERSION=`"$LE_PYTHON" "$TEMP_DIR/fetch.py" --latest-version`
-    if [ "$LE_AUTO_VERSION" != "$REMOTE_VERSION" ]; then
+    if ! REMOTE_VERSION=`"$LE_PYTHON" "$TEMP_DIR/fetch.py" --latest-version` ; then
+      echo "WARNING: unable to check for updates."
+    elif [ "$LE_AUTO_VERSION" != "$REMOTE_VERSION" ]; then
       echo "Upgrading certbot-auto $LE_AUTO_VERSION to $REMOTE_VERSION..."
 
       # Now we drop into Python so we don't have to install even more