From f9327d553531ae04de0962a30b3ef05f338f41e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roy=20Wellington=20=E2=85=A3?= Date: Sat, 6 Feb 2016 21:43:52 -0800 Subject: [PATCH 01/23] Make this use of urlparse.urlparse Python 3 compatible. --- letsencrypt/configuration.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/letsencrypt/configuration.py b/letsencrypt/configuration.py index 2bbf1b019..c49751a6c 100644 --- a/letsencrypt/configuration.py +++ b/letsencrypt/configuration.py @@ -1,8 +1,8 @@ """Let's Encrypt user-supplied configuration.""" import copy import os -import urlparse +from six.moves.urllib import parse # pylint: disable=import-error import zope.interface from letsencrypt import constants @@ -50,7 +50,7 @@ class NamespaceConfig(object): @property def server_path(self): """File path based on ``server``.""" - parsed = urlparse.urlparse(self.namespace.server) + parsed = parse.urlparse(self.namespace.server) return (parsed.netloc + parsed.path).replace('/', os.path.sep) @property From 2369f1253bcd5eeb8d31ee135a78d59a5a207458 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roy=20Wellington=20=E2=85=A3?= Date: Sun, 7 Feb 2016 12:58:35 -0800 Subject: [PATCH 02/23] Fix import ordering s.t. future versions of pylint won't warn on it. pylint gets more strict about import order in the future, so adjust it now to make upgrading smoother. pylint is following the order from PEP-8: > Imports should be grouped in the following order: > > 1. standard library imports > 2. related third party imports > 3. local application/library specific imports > > You should put a blank line between each group of imports. --- letsencrypt/plugins/common.py | 2 +- letsencrypt/plugins/disco_test.py | 2 +- letsencrypt/tests/storage_test.py | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/letsencrypt/plugins/common.py b/letsencrypt/plugins/common.py index f18b1fb3b..2e9e15b2f 100644 --- a/letsencrypt/plugins/common.py +++ b/letsencrypt/plugins/common.py @@ -1,11 +1,11 @@ """Plugin common functions.""" import os -import pkg_resources import re import shutil import tempfile import OpenSSL +import pkg_resources import zope.interface from acme.jose import util as jose_util diff --git a/letsencrypt/plugins/disco_test.py b/letsencrypt/plugins/disco_test.py index 0df4f88f1..1aeaf81c1 100644 --- a/letsencrypt/plugins/disco_test.py +++ b/letsencrypt/plugins/disco_test.py @@ -1,8 +1,8 @@ """Tests for letsencrypt.plugins.disco.""" -import pkg_resources import unittest import mock +import pkg_resources import zope.interface from letsencrypt import errors diff --git a/letsencrypt/tests/storage_test.py b/letsencrypt/tests/storage_test.py index 9d402089c..5b9f393fe 100644 --- a/letsencrypt/tests/storage_test.py +++ b/letsencrypt/tests/storage_test.py @@ -1,13 +1,13 @@ """Tests for letsencrypt.storage.""" import datetime -import pytz import os -import tempfile import shutil +import tempfile import unittest import configobj import mock +import pytz from letsencrypt import configuration from letsencrypt import errors From 104fa3ad55bbf1be312130b3bb18fc704583afc0 Mon Sep 17 00:00:00 2001 From: Seth Schoen Date: Thu, 11 Feb 2016 09:10:25 -0800 Subject: [PATCH 03/23] Separate error for -d with an IP address --- letsencrypt/le_util.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/letsencrypt/le_util.py b/letsencrypt/le_util.py index 527c9bdae..73d112eca 100644 --- a/letsencrypt/le_util.py +++ b/letsencrypt/le_util.py @@ -6,6 +6,7 @@ import logging import os import platform import re +import socket import stat import subprocess import sys @@ -317,6 +318,15 @@ def enforce_domain_sanity(domain): # Remove trailing dot domain = domain[:-1] if domain.endswith('.') else domain + # Explain separately that IP addresses aren't allowed (apart from not + # being FQDNs) because hope springs eternal on this point + try: + socket.inet_aton(domain) + raise errors.ConfigurationError("Requested name {0} is an IP address. The Let's Encrypt certificate authority will not issue certificates for a bare IP address.".format(domain)) + except socket.error: + # It wasn't an IP address, so that's good + pass + # FQDN checks from # http://www.mkyong.com/regular-expressions/domain-name-regular-expression-example/ # Characters used, domain parts < 63 chars, tld > 1 < 64 chars From a819cdcd9aa8ad6fa92d794fe12a397ae5563900 Mon Sep 17 00:00:00 2001 From: Robert Xiao Date: Thu, 11 Feb 2016 17:09:50 -0500 Subject: [PATCH 04/23] Support system-default Apache on OS X. Tested on Yosemite (10.10). --- .../letsencrypt_apache/constants.py | 20 ++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/letsencrypt-apache/letsencrypt_apache/constants.py b/letsencrypt-apache/letsencrypt_apache/constants.py index 50156444b..77f71a461 100644 --- a/letsencrypt-apache/letsencrypt_apache/constants.py +++ b/letsencrypt-apache/letsencrypt_apache/constants.py @@ -54,6 +54,23 @@ CLI_DEFAULTS_GENTOO = dict( MOD_SSL_CONF_SRC=pkg_resources.resource_filename( "letsencrypt_apache", "options-ssl-apache.conf") ) +CLI_DEFAULTS_DARWIN = dict( + server_root="/etc/apache2", + vhost_root="/etc/apache2/other", + vhost_files="*.conf", + version_cmd=['/usr/sbin/httpd', '-v'], + define_cmd=['/usr/sbin/httpd', '-t', '-D', 'DUMP_RUN_CFG'], + restart_cmd=['apachectl', 'graceful'], + conftest_cmd=['apachectl', 'configtest'], + enmod=None, + dismod=None, + le_vhost_ext="-le-ssl.conf", + handle_mods=False, + handle_sites=False, + challenge_location="/etc/apache2/other", + MOD_SSL_CONF_SRC=pkg_resources.resource_filename( + "letsencrypt_apache", "options-ssl-apache.conf") +) CLI_DEFAULTS = { "debian": CLI_DEFAULTS_DEBIAN, "ubuntu": CLI_DEFAULTS_DEBIAN, @@ -61,7 +78,8 @@ CLI_DEFAULTS = { "centos linux": CLI_DEFAULTS_CENTOS, "fedora": CLI_DEFAULTS_CENTOS, "red hat enterprise linux server": CLI_DEFAULTS_CENTOS, - "gentoo base system": CLI_DEFAULTS_GENTOO + "gentoo base system": CLI_DEFAULTS_GENTOO, + "darwin": CLI_DEFAULTS_DARWIN, } """CLI defaults.""" From d791697b93d4e390336b189208e587968bf41d40 Mon Sep 17 00:00:00 2001 From: Erik Rose Date: Thu, 11 Feb 2016 17:13:08 -0500 Subject: [PATCH 05/23] If le-auto's installation fails, delete the venv. Fix #2332. Leaving broken venvs around can, if it got as far as installing the venv/bin/letsencrypt script, wreck future le-auto runs, since the presence of that script means "a working LE is installed" to it. Waiting until a new version of le-auto comes out and running it would recover, but this lets re-running the same version recover as well. --- letsencrypt-auto-source/letsencrypt-auto | 3 ++- letsencrypt-auto-source/letsencrypt-auto.template | 1 + letsencrypt-auto-source/tests/auto_test.py | 8 +++++++- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/letsencrypt-auto-source/letsencrypt-auto b/letsencrypt-auto-source/letsencrypt-auto index 9218bdc52..8cc90b64e 100755 --- a/letsencrypt-auto-source/letsencrypt-auto +++ b/letsencrypt-auto-source/letsencrypt-auto @@ -19,7 +19,7 @@ XDG_DATA_HOME=${XDG_DATA_HOME:-~/.local/share} VENV_NAME="letsencrypt" VENV_PATH=${VENV_PATH:-"$XDG_DATA_HOME/$VENV_NAME"} VENV_BIN=${VENV_PATH}/bin -LE_AUTO_VERSION="0.4.0" +LE_AUTO_VERSION="0.5.0.dev0" # This script takes the same arguments as the main letsencrypt program, but it # additionally responds to --verbose (more output) and --debug (allow support @@ -1630,6 +1630,7 @@ UNLIKELY_EOF # Report error. (Otherwise, be quiet.) echo "Had a problem while downloading and verifying Python packages:" echo "$PEEP_OUT" + rm -rf "$VENV_PATH" exit 1 fi fi diff --git a/letsencrypt-auto-source/letsencrypt-auto.template b/letsencrypt-auto-source/letsencrypt-auto.template index ad8c97a7f..53838280b 100755 --- a/letsencrypt-auto-source/letsencrypt-auto.template +++ b/letsencrypt-auto-source/letsencrypt-auto.template @@ -207,6 +207,7 @@ UNLIKELY_EOF # Report error. (Otherwise, be quiet.) echo "Had a problem while downloading and verifying Python packages:" echo "$PEEP_OUT" + rm -rf "$VENV_PATH" exit 1 fi fi diff --git a/letsencrypt-auto-source/tests/auto_test.py b/letsencrypt-auto-source/tests/auto_test.py index 32d591190..90e09f57f 100644 --- a/letsencrypt-auto-source/tests/auto_test.py +++ b/letsencrypt-auto-source/tests/auto_test.py @@ -5,7 +5,7 @@ from contextlib import contextmanager from functools import partial from json import dumps from os import chmod, environ -from os.path import abspath, dirname, join +from os.path import abspath, dirname, exists, join import re from shutil import copy, rmtree import socket @@ -338,6 +338,12 @@ class AutoTests(TestCase): self.assertIn("THE FOLLOWING PACKAGES DIDN'T MATCH THE " "HASHES SPECIFIED IN THE REQUIREMENTS", exc.output) + ok_(not exists(join(venv_dir, 'letsencrypt')), + msg="The virtualenv was left around, even though " + "installation didn't succeed. We shouldn't do " + "this, as it foils our detection of whether we " + "need to recreate the virtualenv, which hinges " + "on the presence of $VENV_BIN/letsencrypt.") else: self.fail("Peep didn't detect a bad hash and stop the " "installation.") From 6eb2d60166f142d489f70a2e6076d2fe7c3b3769 Mon Sep 17 00:00:00 2001 From: Erik Rose Date: Thu, 11 Feb 2016 18:02:27 -0500 Subject: [PATCH 06/23] Let --no-self-upgrade bootstrap OS packages. Fix #2432. --no-self-upgrade metamorphosed from a private flag to a public one, so add a new private flag, --le-auto-phase2 to take its original role of marking the division between phases. This flag must come first and, consequently, can be stripped off the arg list before calling through to letsencrypt, which means the client doesn't need to know about it. The downside is that anyone still (deprecatedly) running le-auto out of the root of a (recently updated) master checkout will get a "Hey, the current release version le-auto I just self-upgraded to doesn't understand the --le-auto-phase2 flag" error from when we merge this until the next release is made, but that's better than a documented option not working right. Also, remove a needless folder creation from the Dockerfile. --- letsencrypt-auto-source/Dockerfile | 2 +- letsencrypt-auto-source/letsencrypt-auto | 54 ++++++++++--------- .../letsencrypt-auto.template | 52 +++++++++--------- 3 files changed, 58 insertions(+), 50 deletions(-) diff --git a/letsencrypt-auto-source/Dockerfile b/letsencrypt-auto-source/Dockerfile index fd7fe4851..ad2465fda 100644 --- a/letsencrypt-auto-source/Dockerfile +++ b/letsencrypt-auto-source/Dockerfile @@ -17,7 +17,7 @@ RUN apt-get update && \ apt-get clean RUN pip install nose -RUN mkdir -p /home/lea/letsencrypt/letsencrypt +RUN mkdir -p /home/lea/letsencrypt # Install fake testing CA: COPY ./tests/certs/ca/my-root-ca.crt.pem /usr/local/share/ca-certificates/ diff --git a/letsencrypt-auto-source/letsencrypt-auto b/letsencrypt-auto-source/letsencrypt-auto index 9218bdc52..16466dd89 100755 --- a/letsencrypt-auto-source/letsencrypt-auto +++ b/letsencrypt-auto-source/letsencrypt-auto @@ -19,7 +19,7 @@ XDG_DATA_HOME=${XDG_DATA_HOME:-~/.local/share} VENV_NAME="letsencrypt" VENV_PATH=${VENV_PATH:-"$XDG_DATA_HOME/$VENV_NAME"} VENV_BIN=${VENV_PATH}/bin -LE_AUTO_VERSION="0.4.0" +LE_AUTO_VERSION="0.5.0.dev0" # This script takes the same arguments as the main letsencrypt program, but it # additionally responds to --verbose (more output) and --debug (allow support @@ -412,9 +412,10 @@ TempDir() { -if [ "$NO_SELF_UPGRADE" = 1 ]; then +if [ "$1" = "--le-auto-phase2" ]; then # Phase 2: Create venv, install LE, and run. + shift 1 # the --le-auto-phase2 arg if [ -f "$VENV_BIN/letsencrypt" ]; then INSTALLED_VERSION=$("$VENV_BIN/letsencrypt" --version 2>&1 | cut -d " " -f 2) else @@ -1653,10 +1654,11 @@ else exit 0 fi - echo "Checking for new version..." - TEMP_DIR=$(TempDir) - # --------------------------------------------------------------------------- - cat << "UNLIKELY_EOF" > "$TEMP_DIR/fetch.py" + if [ "$NO_SELF_UPGRADE" != 1 ]; then + echo "Checking for new version..." + TEMP_DIR=$(TempDir) + # --------------------------------------------------------------------------- + cat << "UNLIKELY_EOF" > "$TEMP_DIR/fetch.py" """Do downloading and JSON parsing without additional dependencies. :: # Print latest released version of LE to stdout: @@ -1785,25 +1787,27 @@ if __name__ == '__main__': exit(main()) UNLIKELY_EOF - # --------------------------------------------------------------------------- - DeterminePythonVersion - REMOTE_VERSION=`"$LE_PYTHON" "$TEMP_DIR/fetch.py" --latest-version` - if [ "$LE_AUTO_VERSION" != "$REMOTE_VERSION" ]; then - echo "Upgrading letsencrypt-auto $LE_AUTO_VERSION to $REMOTE_VERSION..." + # --------------------------------------------------------------------------- + DeterminePythonVersion + REMOTE_VERSION=`"$LE_PYTHON" "$TEMP_DIR/fetch.py" --latest-version` + if [ "$LE_AUTO_VERSION" != "$REMOTE_VERSION" ]; then + echo "Upgrading letsencrypt-auto $LE_AUTO_VERSION to $REMOTE_VERSION..." - # Now we drop into Python so we don't have to install even more - # dependencies (curl, etc.), for better flow control, and for the option of - # future Windows compatibility. - "$LE_PYTHON" "$TEMP_DIR/fetch.py" --le-auto-script "v$REMOTE_VERSION" + # Now we drop into Python so we don't have to install even more + # dependencies (curl, etc.), for better flow control, and for the option of + # future Windows compatibility. + "$LE_PYTHON" "$TEMP_DIR/fetch.py" --le-auto-script "v$REMOTE_VERSION" - # Install new copy of letsencrypt-auto. This preserves permissions and - # ownership from the old copy. - # TODO: Deal with quotes in pathnames. - echo "Replacing letsencrypt-auto..." - echo " " $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$0" - $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$0" - # TODO: Clean up temp dir safely, even if it has quotes in its path. - rm -rf "$TEMP_DIR" - fi # should upgrade - "$0" --no-self-upgrade "$@" + # Install new copy of letsencrypt-auto. This preserves permissions and + # ownership from the old copy. + # TODO: Deal with quotes in pathnames. + echo "Replacing letsencrypt-auto..." + echo " " $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$0" + $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$0" + # TODO: Clean up temp dir safely, even if it has quotes in its path. + rm -rf "$TEMP_DIR" + fi # A newer version is available. + fi # Self-upgrading is allowed. + + "$0" --le-auto-phase2 "$@" fi diff --git a/letsencrypt-auto-source/letsencrypt-auto.template b/letsencrypt-auto-source/letsencrypt-auto.template index ad8c97a7f..dbb823263 100755 --- a/letsencrypt-auto-source/letsencrypt-auto.template +++ b/letsencrypt-auto-source/letsencrypt-auto.template @@ -168,9 +168,10 @@ TempDir() { -if [ "$NO_SELF_UPGRADE" = 1 ]; then +if [ "$1" = "--le-auto-phase2" ]; then # Phase 2: Create venv, install LE, and run. + shift 1 # the --le-auto-phase2 arg if [ -f "$VENV_BIN/letsencrypt" ]; then INSTALLED_VERSION=$("$VENV_BIN/letsencrypt" --version 2>&1 | cut -d " " -f 2) else @@ -230,31 +231,34 @@ else exit 0 fi - echo "Checking for new version..." - TEMP_DIR=$(TempDir) - # --------------------------------------------------------------------------- - cat << "UNLIKELY_EOF" > "$TEMP_DIR/fetch.py" + if [ "$NO_SELF_UPGRADE" != 1 ]; then + echo "Checking for new version..." + TEMP_DIR=$(TempDir) + # --------------------------------------------------------------------------- + cat << "UNLIKELY_EOF" > "$TEMP_DIR/fetch.py" {{ fetch.py }} UNLIKELY_EOF - # --------------------------------------------------------------------------- - DeterminePythonVersion - REMOTE_VERSION=`"$LE_PYTHON" "$TEMP_DIR/fetch.py" --latest-version` - if [ "$LE_AUTO_VERSION" != "$REMOTE_VERSION" ]; then - echo "Upgrading letsencrypt-auto $LE_AUTO_VERSION to $REMOTE_VERSION..." + # --------------------------------------------------------------------------- + DeterminePythonVersion + REMOTE_VERSION=`"$LE_PYTHON" "$TEMP_DIR/fetch.py" --latest-version` + if [ "$LE_AUTO_VERSION" != "$REMOTE_VERSION" ]; then + echo "Upgrading letsencrypt-auto $LE_AUTO_VERSION to $REMOTE_VERSION..." - # Now we drop into Python so we don't have to install even more - # dependencies (curl, etc.), for better flow control, and for the option of - # future Windows compatibility. - "$LE_PYTHON" "$TEMP_DIR/fetch.py" --le-auto-script "v$REMOTE_VERSION" + # Now we drop into Python so we don't have to install even more + # dependencies (curl, etc.), for better flow control, and for the option of + # future Windows compatibility. + "$LE_PYTHON" "$TEMP_DIR/fetch.py" --le-auto-script "v$REMOTE_VERSION" - # Install new copy of letsencrypt-auto. This preserves permissions and - # ownership from the old copy. - # TODO: Deal with quotes in pathnames. - echo "Replacing letsencrypt-auto..." - echo " " $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$0" - $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$0" - # TODO: Clean up temp dir safely, even if it has quotes in its path. - rm -rf "$TEMP_DIR" - fi # should upgrade - "$0" --no-self-upgrade "$@" + # Install new copy of letsencrypt-auto. This preserves permissions and + # ownership from the old copy. + # TODO: Deal with quotes in pathnames. + echo "Replacing letsencrypt-auto..." + echo " " $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$0" + $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$0" + # TODO: Clean up temp dir safely, even if it has quotes in its path. + rm -rf "$TEMP_DIR" + fi # A newer version is available. + fi # Self-upgrading is allowed. + + "$0" --le-auto-phase2 "$@" fi From caf959997cbe4c10cf37df47efed2518c0e245b6 Mon Sep 17 00:00:00 2001 From: TheNavigat Date: Thu, 14 Jan 2016 03:10:12 +0200 Subject: [PATCH 07/23] Adding boulder integration support to Vagrant --- Vagrantfile | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/Vagrantfile b/Vagrantfile index 678abdf72..89b512b8c 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -5,10 +5,20 @@ VAGRANTFILE_API_VERSION = "2" # Setup instructions from docs/contributing.rst +# Script for installing dependencies for tox and boulder integration +# TODO: Check if the GO PATH lines already exist. If they do, don't add them. +# If they don't, add them before the exit line $ubuntu_setup_script = <> ~/.profile +echo "export PATH=\\$GOROOT/bin:\\$PATH" >> ~/.profile +echo "export GOPATH=\\$HOME/go" >> ~/.profile +export DEBIAN_FRONTEND=noninteractive +sudo -E apt-get -q -y install git mysql-server-5.5 libltdl-dev rabbitmq-server make nginx SETUP_SCRIPT Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| From a89b187186aab050cccd04f97f3e034833566e9c Mon Sep 17 00:00:00 2001 From: TheNavigat Date: Tue, 19 Jan 2016 19:15:22 +0200 Subject: [PATCH 08/23] Adding conditions for adding export lines to ~/.profile --- Vagrantfile | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/Vagrantfile b/Vagrantfile index 89b512b8c..7cc3fbece 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -5,18 +5,16 @@ VAGRANTFILE_API_VERSION = "2" # Setup instructions from docs/contributing.rst -# Script for installing dependencies for tox and boulder integration -# TODO: Check if the GO PATH lines already exist. If they do, don't add them. -# If they don't, add them before the exit line +# Script installs dependencies for tox and boulder integration $ubuntu_setup_script = <> ~/.profile -echo "export PATH=\\$GOROOT/bin:\\$PATH" >> ~/.profile -echo "export GOPATH=\\$HOME/go" >> ~/.profile +if ! grep -Fxq "export GOROOT=/usr/local/go" ~/.profile ; then echo "export GOROOT=/usr/local/go" >> ~/.profile; fi +if ! grep -Fxq "export PATH=\\$GOROOT/bin:\\$PATH" ~/.profile ; then echo "export PATH=\\$GOROOT/bin:\\$PATH" >> ~/.profile; fi +if ! grep -Fxq "export GOPATH=\\$HOME/go" ~/.profile ; then echo "export GOPATH=\\$HOME/go" >> ~/.profile; fi export DEBIAN_FRONTEND=noninteractive sudo -E apt-get -q -y install git mysql-server-5.5 libltdl-dev rabbitmq-server make nginx SETUP_SCRIPT From a4f46aa90a063bea5a2457e66e2ff950bb5cd77f Mon Sep 17 00:00:00 2001 From: TheNavigat Date: Sat, 23 Jan 2016 02:31:50 +0200 Subject: [PATCH 09/23] Replacing MySQL with MariaDB and nginx with nginx-light --- Vagrantfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Vagrantfile b/Vagrantfile index 7cc3fbece..0475761d1 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -16,7 +16,7 @@ if ! grep -Fxq "export GOROOT=/usr/local/go" ~/.profile ; then echo "export GORO if ! grep -Fxq "export PATH=\\$GOROOT/bin:\\$PATH" ~/.profile ; then echo "export PATH=\\$GOROOT/bin:\\$PATH" >> ~/.profile; fi if ! grep -Fxq "export GOPATH=\\$HOME/go" ~/.profile ; then echo "export GOPATH=\\$HOME/go" >> ~/.profile; fi export DEBIAN_FRONTEND=noninteractive -sudo -E apt-get -q -y install git mysql-server-5.5 libltdl-dev rabbitmq-server make nginx +sudo -E apt-get -q -y install git make libltdl-dev mariadb-server rabbitmq-server nginx-light SETUP_SCRIPT Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| From 037cc4e150eff2da9a4830ec27bdd3265e613232 Mon Sep 17 00:00:00 2001 From: TheNavigat Date: Sat, 23 Jan 2016 03:09:49 +0200 Subject: [PATCH 10/23] Adding running boulder-start.sh on boot --- Vagrantfile | 1 + docs/contributing.rst | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/Vagrantfile b/Vagrantfile index 0475761d1..3798085c0 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -15,6 +15,7 @@ sudo tar -C /usr/local -xzf /tmp/go1.5.3.linux-amd64.tar.gz if ! grep -Fxq "export GOROOT=/usr/local/go" ~/.profile ; then echo "export GOROOT=/usr/local/go" >> ~/.profile; fi if ! grep -Fxq "export PATH=\\$GOROOT/bin:\\$PATH" ~/.profile ; then echo "export PATH=\\$GOROOT/bin:\\$PATH" >> ~/.profile; fi if ! grep -Fxq "export GOPATH=\\$HOME/go" ~/.profile ; then echo "export GOPATH=\\$HOME/go" >> ~/.profile; fi +if ! grep -Fxq "cd /vagrant/tests/; ./boulder-start.sh &" /etc/rc.local ; then sed -i -e '$i \cd /vagrant/tests/; ./boulder-start.sh &\n' /etc/rc.local; fi export DEBIAN_FRONTEND=noninteractive sudo -E apt-get -q -y install git make libltdl-dev mariadb-server rabbitmq-server nginx-light SETUP_SCRIPT diff --git a/docs/contributing.rst b/docs/contributing.rst index 36dff01b9..ce4078ea3 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -96,6 +96,14 @@ Integration testing with the boulder CA Generally it is sufficient to open a pull request and let Github and Travis run integration tests for you. +However, if you prefer to run tests, you can use Vagrant, using the Vagrantfile +in Let's Encrypt's repository. To execute the tests on a Vagrant box, the only +command you are required to run is:: + + ./tests/boulder-integration.sh + +Otherwise, please follow the following instructions. + Mac OS X users: Run ``./tests/mac-bootstrap.sh`` instead of ``boulder-start.sh`` to install dependencies, configure the environment, and start boulder. From 14b85c6d6f3e25c5800e8ae4bd19524e835502a0 Mon Sep 17 00:00:00 2001 From: TheNavigat Date: Sat, 23 Jan 2016 03:10:40 +0200 Subject: [PATCH 11/23] Replacing relative ~/.profile paths with absolute /home/vagrant/.profile ones --- Vagrantfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Vagrantfile b/Vagrantfile index 3798085c0..7c304c227 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -12,9 +12,9 @@ cd /vagrant ./tools/venv.sh wget https://storage.googleapis.com/golang/go1.5.3.linux-amd64.tar.gz -P /tmp/ sudo tar -C /usr/local -xzf /tmp/go1.5.3.linux-amd64.tar.gz -if ! grep -Fxq "export GOROOT=/usr/local/go" ~/.profile ; then echo "export GOROOT=/usr/local/go" >> ~/.profile; fi -if ! grep -Fxq "export PATH=\\$GOROOT/bin:\\$PATH" ~/.profile ; then echo "export PATH=\\$GOROOT/bin:\\$PATH" >> ~/.profile; fi -if ! grep -Fxq "export GOPATH=\\$HOME/go" ~/.profile ; then echo "export GOPATH=\\$HOME/go" >> ~/.profile; fi +if ! grep -Fxq "export GOROOT=/usr/local/go" /home/vagrant/.profile ; then echo "export GOROOT=/usr/local/go" >> /home/vagrant/.profile; fi +if ! grep -Fxq "export PATH=\\$GOROOT/bin:\\$PATH" /home/vagrant/.profile ; then echo "export PATH=\\$GOROOT/bin:\\$PATH" >> /home/vagrant/.profile; fi +if ! grep -Fxq "export GOPATH=\\$HOME/go" /home/vagrant/.profile ; then echo "export GOPATH=\\$HOME/go" >> /home/vagrant/.profile; fi if ! grep -Fxq "cd /vagrant/tests/; ./boulder-start.sh &" /etc/rc.local ; then sed -i -e '$i \cd /vagrant/tests/; ./boulder-start.sh &\n' /etc/rc.local; fi export DEBIAN_FRONTEND=noninteractive sudo -E apt-get -q -y install git make libltdl-dev mariadb-server rabbitmq-server nginx-light From da1542e57f52801f8b02092707b56217a4109c0e Mon Sep 17 00:00:00 2001 From: TheNavigat Date: Fri, 12 Feb 2016 13:52:05 +0200 Subject: [PATCH 12/23] Fixing path from which boulder-start.sh is executed --- Vagrantfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Vagrantfile b/Vagrantfile index 7c304c227..e5975442f 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -15,7 +15,7 @@ sudo tar -C /usr/local -xzf /tmp/go1.5.3.linux-amd64.tar.gz if ! grep -Fxq "export GOROOT=/usr/local/go" /home/vagrant/.profile ; then echo "export GOROOT=/usr/local/go" >> /home/vagrant/.profile; fi if ! grep -Fxq "export PATH=\\$GOROOT/bin:\\$PATH" /home/vagrant/.profile ; then echo "export PATH=\\$GOROOT/bin:\\$PATH" >> /home/vagrant/.profile; fi if ! grep -Fxq "export GOPATH=\\$HOME/go" /home/vagrant/.profile ; then echo "export GOPATH=\\$HOME/go" >> /home/vagrant/.profile; fi -if ! grep -Fxq "cd /vagrant/tests/; ./boulder-start.sh &" /etc/rc.local ; then sed -i -e '$i \cd /vagrant/tests/; ./boulder-start.sh &\n' /etc/rc.local; fi +if ! grep -Fxq "cd /vagrant/; ./tests/boulder-start.sh &" /etc/rc.local ; then sed -i -e '$i \cd /vagrant/; ./tests/boulder-start.sh &\n' /etc/rc.local; fi export DEBIAN_FRONTEND=noninteractive sudo -E apt-get -q -y install git make libltdl-dev mariadb-server rabbitmq-server nginx-light SETUP_SCRIPT From 462d60def9ead9d7d5005c5242c40ece4c206490 Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Fri, 12 Feb 2016 15:31:18 -0800 Subject: [PATCH 13/23] Reorder travis matrix by typical runtime Since that makes most efficient use of travis's parallelism --- .travis.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.travis.yml b/.travis.yml index 1d2f7b1db..8b298196f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -38,20 +38,20 @@ matrix: env: TOXENV=py27 BOULDER_INTEGRATION=1 - python: "2.7" env: TOXENV=py27-oldest BOULDER_INTEGRATION=1 - - python: "2.7" - env: TOXENV=cover - python: "2.7" env: TOXENV=lint + - sudo: required + env: TOXENV=le_auto + services: docker + before_install: + - python: "2.7" + env: TOXENV=cover - python: "3.3" env: TOXENV=py33 - python: "3.4" env: TOXENV=py34 - python: "3.5" env: TOXENV=py35 - - sudo: required - env: TOXENV=le_auto - services: docker - before_install: # Only build pushes to the master branch, PRs, and branches beginning with # `test-`. This reduces the number of simultaneous Travis runs, which speeds From 049c1fa114552f074c0206f9ce2a76329bdbeaf5 Mon Sep 17 00:00:00 2001 From: rugk Date: Sun, 14 Feb 2016 14:47:21 +0100 Subject: [PATCH 14/23] Fix typo --- docs/ciphers.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/ciphers.rst b/docs/ciphers.rst index c8ff26117..ef644b7a0 100644 --- a/docs/ciphers.rst +++ b/docs/ciphers.rst @@ -139,7 +139,7 @@ client's priorities. The Mozilla security team is likely to have more resources and expertise to bring to bear on evaluating reasons why its recommendations should be updated. -The Let's Encrpyt project will entertain proposals to create a *very* +The Let's Encrypt project will entertain proposals to create a *very* small number of alternative configurations (apart from Modern, Intermediate, and Old) that there's reason to believe would be widely used by sysadmins; this would usually be a preferable course to modifying From e4fb4108ff69d1119ef91cb57f152b92d9a13dc7 Mon Sep 17 00:00:00 2001 From: TheNavigat Date: Sun, 14 Feb 2016 21:50:49 +0200 Subject: [PATCH 15/23] Adding test for client, register_unsafely_without_email=True --- letsencrypt/tests/client_test.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/letsencrypt/tests/client_test.py b/letsencrypt/tests/client_test.py index dbc57565e..f712ea94c 100644 --- a/letsencrypt/tests/client_test.py +++ b/letsencrypt/tests/client_test.py @@ -74,6 +74,15 @@ class RegisterTest(unittest.TestCase): self.config.email = None self.assertRaises(errors.Error, self._call) + @mock.patch("letsencrypt.client.logger") + def test_without_email(self, mock_logger): + with mock.patch("letsencrypt.client.acme_client.Client"): + with mock.patch("letsencrypt.account.report_new_account"): + self.config.email = None + self.config.register_unsafely_without_email = True + self._call() + mock_logger.warn.assert_called_once_with(mock.ANY) + class ClientTest(unittest.TestCase): """Tests for letsencrypt.client.Client.""" From 4bbea4e30b8ca1cd144ca40f6323e75ece9a4ab2 Mon Sep 17 00:00:00 2001 From: TheNavigat Date: Wed, 30 Dec 2015 23:19:52 +0200 Subject: [PATCH 16/23] Updating perform method documentation in interfaces.py --- letsencrypt/interfaces.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/letsencrypt/interfaces.py b/letsencrypt/interfaces.py index db5d2c5e8..1921b1e54 100644 --- a/letsencrypt/interfaces.py +++ b/letsencrypt/interfaces.py @@ -169,7 +169,9 @@ class IAuthenticator(IPlugin): Authenticator will never be able to perform (error). :rtype: :class:`list` of - :class:`acme.challenges.ChallengeResponse` + :class:`acme.challenges.ChallengeResponse`, + where responses are required to be returned in + the same order as corresponding input challenges :raises .PluginError: If challenges cannot be performed From 953aa2aa852cac62e864d7b49c83bf02523e3009 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=B4she=20van=20der=20Sterre?= Date: Mon, 15 Feb 2016 17:31:28 +0100 Subject: [PATCH 17/23] Adding required /etc/hosts entries to .travis.yml --- .travis.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 1d2f7b1db..127c6e680 100644 --- a/.travis.yml +++ b/.travis.yml @@ -65,9 +65,14 @@ branches: sudo: false addons: - # make sure simplehttp simple verification works (custom /etc/hosts) + # Custom /etc/hosts required for SimpleHTTP simple verification, + # simple_verify for http01 and tls-sni-01, and letsencrypt_test_nginx hosts: - le.wtf + - le1.wtf + - le2.wtf + - le3.wtf + - nginx.wtf mariadb: "10.0" apt: sources: From 89916e726cc6eb1831ad63411b328ee741bc90a0 Mon Sep 17 00:00:00 2001 From: TheNavigat Date: Sun, 10 Jan 2016 10:40:27 +0200 Subject: [PATCH 18/23] Adding required /etc/hosts entries to docs/contributing.rst --- docs/contributing.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/contributing.rst b/docs/contributing.rst index 36dff01b9..3045c31aa 100644 --- a/docs/contributing.rst +++ b/docs/contributing.rst @@ -127,9 +127,9 @@ Afterwards, you'd be able to start Boulder_ using the following command:: The script will download, compile and run the executable; please be patient - it will take some time... Once its ready, you will see -``Server running, listening on 127.0.0.1:4000...``. Add an -``/etc/hosts`` entry pointing ``le.wtf`` to 127.0.0.1. You may now -run (in a separate terminal):: +``Server running, listening on 127.0.0.1:4000...``. Add ``/etc/hosts`` +entries pointing ``le.wtf``, ``le1.wtf``, ``le2.wtf``, ``le3.wtf`` +and ``nginx.wtf`` to 127.0.0.1. You may now run (in a separate terminal):: ./tests/boulder-integration.sh && echo OK || echo FAIL From 607c48d0a3d670ddbdf5f7056af7da44e537fc8f Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Mon, 15 Feb 2016 12:08:20 -0800 Subject: [PATCH 19/23] [test farm] Fix use of the newleauto in test_letsencrypt_auto_certonly_standalone.sh --- .../scripts/test_letsencrypt_auto_certonly_standalone.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/letstest/scripts/test_letsencrypt_auto_certonly_standalone.sh b/tests/letstest/scripts/test_letsencrypt_auto_certonly_standalone.sh index ecef9814b..f4aef11fe 100755 --- a/tests/letstest/scripts/test_letsencrypt_auto_certonly_standalone.sh +++ b/tests/letstest/scripts/test_letsencrypt_auto_certonly_standalone.sh @@ -8,7 +8,7 @@ #private_ip=$(curl -s http://169.254.169.254/2014-11-05/meta-data/local-ipv4) cd letsencrypt -./letsencrypt-auto --os-packages-only +./letsencrypt-auto --os-packages-only --debug --version ./letsencrypt-auto certonly --no-self-upgrade -v --standalone --debug \ --text --agree-dev-preview --agree-tos \ --renew-by-default --redirect \ From beeb65d2f24f10a19a31b3bcf97322f7d11ce8bf Mon Sep 17 00:00:00 2001 From: Seth Schoen Date: Tue, 16 Feb 2016 12:24:29 -0800 Subject: [PATCH 20/23] Add test --- letsencrypt/tests/cli_test.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/letsencrypt/tests/cli_test.py b/letsencrypt/tests/cli_test.py index 8184a557e..77a4b5892 100644 --- a/letsencrypt/tests/cli_test.py +++ b/letsencrypt/tests/cli_test.py @@ -351,6 +351,11 @@ class CLITest(unittest.TestCase): # pylint: disable=too-many-public-methods self._call, ['-d', '*.wildcard.tld']) + # Bare IP address (this is actually a different error message now) + self.assertRaises(errors.ConfigurationError, + self._call, + ['-d', '204.11.231.35']) + def _get_argument_parser(self): plugins = disco.PluginsRegistry.find_all() return functools.partial(cli.prepare_and_parse_args, plugins) From 16761bc8367497d2a00221d5165de1f11dcaaea0 Mon Sep 17 00:00:00 2001 From: Seth Schoen Date: Tue, 16 Feb 2016 13:00:08 -0800 Subject: [PATCH 21/23] Fix lint line-too-long complaint --- letsencrypt/le_util.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/letsencrypt/le_util.py b/letsencrypt/le_util.py index 73d112eca..1178d1968 100644 --- a/letsencrypt/le_util.py +++ b/letsencrypt/le_util.py @@ -322,7 +322,10 @@ def enforce_domain_sanity(domain): # being FQDNs) because hope springs eternal on this point try: socket.inet_aton(domain) - raise errors.ConfigurationError("Requested name {0} is an IP address. The Let's Encrypt certificate authority will not issue certificates for a bare IP address.".format(domain)) + raise errors.ConfigurationError( + "Requested name {0} is an IP address. The Let's Encrypt " + "certificate authority will not issue certificates for a " + "bare IP address.".format(domain)) except socket.error: # It wasn't an IP address, so that's good pass From 31a27f675ae00a7762170bee1b8ad683a3a8e9ac Mon Sep 17 00:00:00 2001 From: Seth Schoen Date: Tue, 16 Feb 2016 14:41:02 -0800 Subject: [PATCH 22/23] Trivial change to re-run tests after spurious integration test failure --- letsencrypt/le_util.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/letsencrypt/le_util.py b/letsencrypt/le_util.py index 1178d1968..c8a9d24c2 100644 --- a/letsencrypt/le_util.py +++ b/letsencrypt/le_util.py @@ -319,7 +319,7 @@ def enforce_domain_sanity(domain): domain = domain[:-1] if domain.endswith('.') else domain # Explain separately that IP addresses aren't allowed (apart from not - # being FQDNs) because hope springs eternal on this point + # being FQDNs) because hope springs eternal concerning this point try: socket.inet_aton(domain) raise errors.ConfigurationError( From dbc81490e5257ee3dbdb82b85140144ce85ef4bf Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Tue, 16 Feb 2016 17:10:59 -0800 Subject: [PATCH 23/23] Revert "Let --no-self-upgrade bootstrap OS packages. Fix #2432." This reverts commit 6eb2d60166f142d489f70a2e6076d2fe7c3b3769. --- letsencrypt-auto-source/Dockerfile | 2 +- letsencrypt-auto-source/letsencrypt-auto | 52 +++++++++---------- .../letsencrypt-auto.template | 52 +++++++++---------- 3 files changed, 49 insertions(+), 57 deletions(-) diff --git a/letsencrypt-auto-source/Dockerfile b/letsencrypt-auto-source/Dockerfile index ad2465fda..fd7fe4851 100644 --- a/letsencrypt-auto-source/Dockerfile +++ b/letsencrypt-auto-source/Dockerfile @@ -17,7 +17,7 @@ RUN apt-get update && \ apt-get clean RUN pip install nose -RUN mkdir -p /home/lea/letsencrypt +RUN mkdir -p /home/lea/letsencrypt/letsencrypt # Install fake testing CA: COPY ./tests/certs/ca/my-root-ca.crt.pem /usr/local/share/ca-certificates/ diff --git a/letsencrypt-auto-source/letsencrypt-auto b/letsencrypt-auto-source/letsencrypt-auto index 743770f35..b542c8d3e 100755 --- a/letsencrypt-auto-source/letsencrypt-auto +++ b/letsencrypt-auto-source/letsencrypt-auto @@ -422,10 +422,9 @@ TempDir() { -if [ "$1" = "--le-auto-phase2" ]; then +if [ "$NO_SELF_UPGRADE" = 1 ]; then # Phase 2: Create venv, install LE, and run. - shift 1 # the --le-auto-phase2 arg if [ -f "$VENV_BIN/letsencrypt" ]; then INSTALLED_VERSION=$("$VENV_BIN/letsencrypt" --version 2>&1 | cut -d " " -f 2) else @@ -1666,11 +1665,10 @@ else exit 0 fi - if [ "$NO_SELF_UPGRADE" != 1 ]; then - echo "Checking for new version..." - TEMP_DIR=$(TempDir) - # --------------------------------------------------------------------------- - cat << "UNLIKELY_EOF" > "$TEMP_DIR/fetch.py" + echo "Checking for new version..." + TEMP_DIR=$(TempDir) + # --------------------------------------------------------------------------- + cat << "UNLIKELY_EOF" > "$TEMP_DIR/fetch.py" """Do downloading and JSON parsing without additional dependencies. :: # Print latest released version of LE to stdout: @@ -1799,27 +1797,25 @@ if __name__ == '__main__': exit(main()) UNLIKELY_EOF - # --------------------------------------------------------------------------- - DeterminePythonVersion - REMOTE_VERSION=`"$LE_PYTHON" "$TEMP_DIR/fetch.py" --latest-version` - if [ "$LE_AUTO_VERSION" != "$REMOTE_VERSION" ]; then - echo "Upgrading letsencrypt-auto $LE_AUTO_VERSION to $REMOTE_VERSION..." + # --------------------------------------------------------------------------- + DeterminePythonVersion + REMOTE_VERSION=`"$LE_PYTHON" "$TEMP_DIR/fetch.py" --latest-version` + if [ "$LE_AUTO_VERSION" != "$REMOTE_VERSION" ]; then + echo "Upgrading letsencrypt-auto $LE_AUTO_VERSION to $REMOTE_VERSION..." - # Now we drop into Python so we don't have to install even more - # dependencies (curl, etc.), for better flow control, and for the option of - # future Windows compatibility. - "$LE_PYTHON" "$TEMP_DIR/fetch.py" --le-auto-script "v$REMOTE_VERSION" + # Now we drop into Python so we don't have to install even more + # dependencies (curl, etc.), for better flow control, and for the option of + # future Windows compatibility. + "$LE_PYTHON" "$TEMP_DIR/fetch.py" --le-auto-script "v$REMOTE_VERSION" - # Install new copy of letsencrypt-auto. This preserves permissions and - # ownership from the old copy. - # TODO: Deal with quotes in pathnames. - echo "Replacing letsencrypt-auto..." - echo " " $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$0" - $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$0" - # TODO: Clean up temp dir safely, even if it has quotes in its path. - rm -rf "$TEMP_DIR" - fi # A newer version is available. - fi # Self-upgrading is allowed. - - "$0" --le-auto-phase2 "$@" + # Install new copy of letsencrypt-auto. This preserves permissions and + # ownership from the old copy. + # TODO: Deal with quotes in pathnames. + echo "Replacing letsencrypt-auto..." + echo " " $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$0" + $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$0" + # TODO: Clean up temp dir safely, even if it has quotes in its path. + rm -rf "$TEMP_DIR" + fi # should upgrade + "$0" --no-self-upgrade "$@" fi diff --git a/letsencrypt-auto-source/letsencrypt-auto.template b/letsencrypt-auto-source/letsencrypt-auto.template index 204813daf..bccd9e2c9 100755 --- a/letsencrypt-auto-source/letsencrypt-auto.template +++ b/letsencrypt-auto-source/letsencrypt-auto.template @@ -171,10 +171,9 @@ TempDir() { -if [ "$1" = "--le-auto-phase2" ]; then +if [ "$NO_SELF_UPGRADE" = 1 ]; then # Phase 2: Create venv, install LE, and run. - shift 1 # the --le-auto-phase2 arg if [ -f "$VENV_BIN/letsencrypt" ]; then INSTALLED_VERSION=$("$VENV_BIN/letsencrypt" --version 2>&1 | cut -d " " -f 2) else @@ -236,34 +235,31 @@ else exit 0 fi - if [ "$NO_SELF_UPGRADE" != 1 ]; then - echo "Checking for new version..." - TEMP_DIR=$(TempDir) - # --------------------------------------------------------------------------- - cat << "UNLIKELY_EOF" > "$TEMP_DIR/fetch.py" + echo "Checking for new version..." + TEMP_DIR=$(TempDir) + # --------------------------------------------------------------------------- + cat << "UNLIKELY_EOF" > "$TEMP_DIR/fetch.py" {{ fetch.py }} UNLIKELY_EOF - # --------------------------------------------------------------------------- - DeterminePythonVersion - REMOTE_VERSION=`"$LE_PYTHON" "$TEMP_DIR/fetch.py" --latest-version` - if [ "$LE_AUTO_VERSION" != "$REMOTE_VERSION" ]; then - echo "Upgrading letsencrypt-auto $LE_AUTO_VERSION to $REMOTE_VERSION..." + # --------------------------------------------------------------------------- + DeterminePythonVersion + REMOTE_VERSION=`"$LE_PYTHON" "$TEMP_DIR/fetch.py" --latest-version` + if [ "$LE_AUTO_VERSION" != "$REMOTE_VERSION" ]; then + echo "Upgrading letsencrypt-auto $LE_AUTO_VERSION to $REMOTE_VERSION..." - # Now we drop into Python so we don't have to install even more - # dependencies (curl, etc.), for better flow control, and for the option of - # future Windows compatibility. - "$LE_PYTHON" "$TEMP_DIR/fetch.py" --le-auto-script "v$REMOTE_VERSION" + # Now we drop into Python so we don't have to install even more + # dependencies (curl, etc.), for better flow control, and for the option of + # future Windows compatibility. + "$LE_PYTHON" "$TEMP_DIR/fetch.py" --le-auto-script "v$REMOTE_VERSION" - # Install new copy of letsencrypt-auto. This preserves permissions and - # ownership from the old copy. - # TODO: Deal with quotes in pathnames. - echo "Replacing letsencrypt-auto..." - echo " " $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$0" - $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$0" - # TODO: Clean up temp dir safely, even if it has quotes in its path. - rm -rf "$TEMP_DIR" - fi # A newer version is available. - fi # Self-upgrading is allowed. - - "$0" --le-auto-phase2 "$@" + # Install new copy of letsencrypt-auto. This preserves permissions and + # ownership from the old copy. + # TODO: Deal with quotes in pathnames. + echo "Replacing letsencrypt-auto..." + echo " " $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$0" + $SUDO cp "$TEMP_DIR/letsencrypt-auto" "$0" + # TODO: Clean up temp dir safely, even if it has quotes in its path. + rm -rf "$TEMP_DIR" + fi # should upgrade + "$0" --no-self-upgrade "$@" fi