Merge branch 'master' into merge-test-everything

2026-06-05 06:42:10 -04:00 · 2018-07-17 20:01:21 -07:00 · 2018-07-17 20:01:21 -07:00 · da897172b9
commit da897172b9
parent 6eca187b19 94cadd33eb
11 changed files with 92 additions and 99 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -40,7 +40,7 @@ matrix:
      sudo: required
      services: docker
    - python: "2.7"
-      env: TOXENV='py27-{acme,apache,certbot,dns}-oldest'
+      env: TOXENV='py27-{acme,apache,certbot,dns,nginx,postfix}-oldest'
    - sudo: required
      env: TOXENV=apache_compat
      services: docker
--- a/26
+++ b/26
@ -31,7 +31,7 @@ if [ -z "$VENV_PATH" ]; then
 fi
 VENV_BIN="$VENV_PATH/bin"
 BOOTSTRAP_VERSION_PATH="$VENV_PATH/certbot-auto-bootstrap-version.txt"
-LE_AUTO_VERSION="0.26.0"
+LE_AUTO_VERSION="0.26.1"
 BASENAME=$(basename $0)
 USAGE="Usage: $BASENAME [OPTIONS]
 A self-updating wrapper script for the Certbot ACME client. When run, updates
@ -1197,18 +1197,18 @@ letsencrypt==0.7.0 \
    --hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \
    --hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9

-certbot==0.26.0 \
-    --hash=sha256:0e171c00fce6ca7f3638602caaa9ca0b5b41ff35013d8a802afbea1d4b77e83a \
-    --hash=sha256:5c0a0394c3745fa2d1ef49b9f8d0bd31eec11113b1b127055172fb053dc0946d
-acme==0.26.0 \
-    --hash=sha256:65ea0b75eba577775afbdc81db576a7ebc5287c87d04c18017d25ee899698956 \
-    --hash=sha256:86d5fe89daf45d46dce68711990d6a145b323d84ee7b34322bfe20dc1624e26f
-certbot-apache==0.26.0 \
-    --hash=sha256:72e147a19c7ab609f6656529f1574327cb08b90d7556974e131f795cab04d18b \
-    --hash=sha256:865a08ea38e7911745804de078a386e994888c084823e45710d5cc58ac5824c5
-certbot-nginx==0.26.0 \
-    --hash=sha256:4bebf1350765ed3220a163e0c63b23021d19172aee5b7896b12e2341ea129210 \
-    --hash=sha256:18d5a9b10aed07a9f0d465e6f08ee57ca112b356e7bc3190ee2ec66347f45cf4
+certbot==0.26.1 \
+    --hash=sha256:4e2ffdeebb7f5097600bcb1ca19131441fa021f952b443ca7454a279337af609 \
+    --hash=sha256:4983513d63f7f36e24a07873ca2d6ea1c0101aa6cb1cd825cda02ed520f6ca66
+acme==0.26.1 \
+    --hash=sha256:d47841e66adc1336ecca2f0d41a247c1b62307c981be6d07996bbf3f95af1dc5 \
+    --hash=sha256:86e7b5f4654cb19215f16c0e6225750db7421f68ef6a0a040a61796f24e690be
+certbot-apache==0.26.1 \
+    --hash=sha256:c16acb49bd4f84fff25bcbb7eaf74412145efe9b68ce46e1803be538894f2ce3 \
+    --hash=sha256:b7fa327e987b892d64163e7519bdeaf9723d78275ef6c438272848894ace6d87
+certbot-nginx==0.26.1 \
+    --hash=sha256:c0048dc83672dc90805a8ddf513be3e48c841d6e91607e91e8657c1785d65660 \
+    --hash=sha256:d0c95a32625e0f1612d7fcf9021e6e050ba3d879823489d1edd2478a78ae6624

 UNLIKELY_EOF
    # -------------------------------------------------------------------------
--- a/certbot-postfix/certbot_postfix/tests/installer_test.py
+++ b/certbot-postfix/certbot_postfix/tests/installer_test.py
@ -253,7 +253,7 @@ class InstallerTest(certbot_test_util.ConfigTestCase):
                fake_set.reset_mock()
                installer.deploy_cert("example.com", "cert_path", "key_path",
                                      "chain_path", "fullchain_path")
-                fake_set.assert_not_called()
+                self.assertFalse(fake_set.called)

    @certbot_test_util.patch_get_utility()
    def test_deploy_already_secure(self, mock_util):
--- a/docs/cli-help.txt
+++ b/docs/cli-help.txt
@ -108,7 +108,7 @@ optional arguments:
                        case, and to know when to deprecate support for past
                        Python versions and flags. If you wish to hide this
                        information from the Let's Encrypt server, set this to
-                        "". (default: CertbotACMEClient/0.26.0
+                        "". (default: CertbotACMEClient/0.26.1
                        (certbot(-auto); OS_NAME OS_VERSION) Authenticator/XXX
                        Installer/YYY (SUBCOMMAND; flags: FLAGS)
                        Py/major.minor.patchlevel). The flags encoded in the
@ -475,9 +475,11 @@ apache:
  Apache Web Server plugin - Beta

  --apache-enmod APACHE_ENMOD
-                        Path to the Apache 'a2enmod' binary. (default: None)
+                        Path to the Apache 'a2enmod' binary. (default:
+                        a2enmod)
  --apache-dismod APACHE_DISMOD
-                        Path to the Apache 'a2dismod' binary. (default: None)
+                        Path to the Apache 'a2dismod' binary. (default:
+                        a2dismod)
  --apache-le-vhost-ext APACHE_LE_VHOST_EXT
                        SSL vhost configuration extension. (default: -le-
                        ssl.conf)
@ -491,13 +493,13 @@ apache:
                        /var/log/apache2)
  --apache-challenge-location APACHE_CHALLENGE_LOCATION
                        Directory path for challenge configuration. (default:
-                        /etc/apache2/other)
+                        /etc/apache2)
  --apache-handle-modules APACHE_HANDLE_MODULES
                        Let installer handle enabling required modules for
-                        you. (Only Ubuntu/Debian currently) (default: False)
+                        you. (Only Ubuntu/Debian currently) (default: True)
  --apache-handle-sites APACHE_HANDLE_SITES
                        Let installer handle enabling sites for you. (Only
-                        Ubuntu/Debian currently) (default: False)
+                        Ubuntu/Debian currently) (default: True)

 certbot-route53:auth:
  Obtain certificates using a DNS TXT record (if you are using AWS Route53
--- a/26
+++ b/26
@ -31,7 +31,7 @@ if [ -z "$VENV_PATH" ]; then
 fi
 VENV_BIN="$VENV_PATH/bin"
 BOOTSTRAP_VERSION_PATH="$VENV_PATH/certbot-auto-bootstrap-version.txt"
-LE_AUTO_VERSION="0.26.0"
+LE_AUTO_VERSION="0.26.1"
 BASENAME=$(basename $0)
 USAGE="Usage: $BASENAME [OPTIONS]
 A self-updating wrapper script for the Certbot ACME client. When run, updates
@ -1197,18 +1197,18 @@ letsencrypt==0.7.0 \
    --hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \
    --hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9

-certbot==0.26.0 \
-    --hash=sha256:0e171c00fce6ca7f3638602caaa9ca0b5b41ff35013d8a802afbea1d4b77e83a \
-    --hash=sha256:5c0a0394c3745fa2d1ef49b9f8d0bd31eec11113b1b127055172fb053dc0946d
-acme==0.26.0 \
-    --hash=sha256:65ea0b75eba577775afbdc81db576a7ebc5287c87d04c18017d25ee899698956 \
-    --hash=sha256:86d5fe89daf45d46dce68711990d6a145b323d84ee7b34322bfe20dc1624e26f
-certbot-apache==0.26.0 \
-    --hash=sha256:72e147a19c7ab609f6656529f1574327cb08b90d7556974e131f795cab04d18b \
-    --hash=sha256:865a08ea38e7911745804de078a386e994888c084823e45710d5cc58ac5824c5
-certbot-nginx==0.26.0 \
-    --hash=sha256:4bebf1350765ed3220a163e0c63b23021d19172aee5b7896b12e2341ea129210 \
-    --hash=sha256:18d5a9b10aed07a9f0d465e6f08ee57ca112b356e7bc3190ee2ec66347f45cf4
+certbot==0.26.1 \
+    --hash=sha256:4e2ffdeebb7f5097600bcb1ca19131441fa021f952b443ca7454a279337af609 \
+    --hash=sha256:4983513d63f7f36e24a07873ca2d6ea1c0101aa6cb1cd825cda02ed520f6ca66
+acme==0.26.1 \
+    --hash=sha256:d47841e66adc1336ecca2f0d41a247c1b62307c981be6d07996bbf3f95af1dc5 \
+    --hash=sha256:86e7b5f4654cb19215f16c0e6225750db7421f68ef6a0a040a61796f24e690be
+certbot-apache==0.26.1 \
+    --hash=sha256:c16acb49bd4f84fff25bcbb7eaf74412145efe9b68ce46e1803be538894f2ce3 \
+    --hash=sha256:b7fa327e987b892d64163e7519bdeaf9723d78275ef6c438272848894ace6d87
+certbot-nginx==0.26.1 \
+    --hash=sha256:c0048dc83672dc90805a8ddf513be3e48c841d6e91607e91e8657c1785d65660 \
+    --hash=sha256:d0c95a32625e0f1612d7fcf9021e6e050ba3d879823489d1edd2478a78ae6624

 UNLIKELY_EOF
    # -------------------------------------------------------------------------
--- a/letsencrypt-auto-source/certbot-auto.asc
+++ b/letsencrypt-auto-source/certbot-auto.asc
@ -1,11 +1,11 @@
 -----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2

-iQEzBAABCAAdFiEEos+1H6J1pyhiNOeyTRfJlc2XdfIFAltGdAYACgkQTRfJlc2X
-dfKUyQf+NakhD3SfMeuJyT1StexEc9iGaAvspNH+Gf6P5v5dZOZnSOdtraR2kQAi
-OQE2L5FAajIhpuELpZTAgCEFU1LZpqTvWOb/1Vb06T8DuLIYierh64LkAn0zJY/M
-e8PTWyU5dcM6pY0ITvhuIMDAtomV+TzKeD1qHy2hJVTJGttk/yNtT5p8/NYIuH8Z
-OWXkNuo/346xvYpTDp2Xpwv79L9JhQsxfEBpKV4IGObpTf+Mfl2f4taroLYEATGU
-vrNM39P0cxu/hEHpog74CHPeK99YlBR6+7tMINQ9bYHkdjq2vLYdyopE8mCN16oy
-CwITDfR5POwvs+WjU+oEtgQb73kTug==
-=3XNY
+iQEcBAABCAAGBQJbTSv8AAoJEE0XyZXNl3Xy12sH/1FgV3SDVG0T1jgKQOYEUwrq
+cmpjdav8YPgFOSQDOcyFZG0DNcRfTskZt45IMkBLLnXq2PuPvkppc1+akP81vMoK
+NXHHS+PXDMjnBW4NFkexoM06KRF1SyHnvqsOg13w7UW2CjsAgtazGF5BucNCnjPH
+XJTwUf4uhKxeUb0Xkva1OPH++oTWz8+SYgWr/iMggkBrK8y04QUUJ6lyCO6MZgcE
+3JcECG7CwMK+hW0gCUkCSNZ0NzOBALCd9wCxNGszgkeJXrrW73oUpZmGC5BxIwYY
+o6lcF0qo7Jb92t4B3+7JhulMC5JoVoG4lpiXpKQFFCT0P4pZKotIomKNMATmnB4=
+=hzUL
 -----END PGP SIGNATURE-----
--- a/letsencrypt-auto-source/letsencrypt-auto
+++ b/letsencrypt-auto-source/letsencrypt-auto
@ -1197,18 +1197,18 @@ letsencrypt==0.7.0 \
    --hash=sha256:105a5fb107e45bcd0722eb89696986dcf5f08a86a321d6aef25a0c7c63375ade \
    --hash=sha256:c36e532c486a7e92155ee09da54b436a3c420813ec1c590b98f635d924720de9

-certbot==0.26.0 \
-    --hash=sha256:0e171c00fce6ca7f3638602caaa9ca0b5b41ff35013d8a802afbea1d4b77e83a \
-    --hash=sha256:5c0a0394c3745fa2d1ef49b9f8d0bd31eec11113b1b127055172fb053dc0946d
-acme==0.26.0 \
-    --hash=sha256:65ea0b75eba577775afbdc81db576a7ebc5287c87d04c18017d25ee899698956 \
-    --hash=sha256:86d5fe89daf45d46dce68711990d6a145b323d84ee7b34322bfe20dc1624e26f
-certbot-apache==0.26.0 \
-    --hash=sha256:72e147a19c7ab609f6656529f1574327cb08b90d7556974e131f795cab04d18b \
-    --hash=sha256:865a08ea38e7911745804de078a386e994888c084823e45710d5cc58ac5824c5
-certbot-nginx==0.26.0 \
-    --hash=sha256:4bebf1350765ed3220a163e0c63b23021d19172aee5b7896b12e2341ea129210 \
-    --hash=sha256:18d5a9b10aed07a9f0d465e6f08ee57ca112b356e7bc3190ee2ec66347f45cf4
+certbot==0.26.1 \
+    --hash=sha256:4e2ffdeebb7f5097600bcb1ca19131441fa021f952b443ca7454a279337af609 \
+    --hash=sha256:4983513d63f7f36e24a07873ca2d6ea1c0101aa6cb1cd825cda02ed520f6ca66
+acme==0.26.1 \
+    --hash=sha256:d47841e66adc1336ecca2f0d41a247c1b62307c981be6d07996bbf3f95af1dc5 \
+    --hash=sha256:86e7b5f4654cb19215f16c0e6225750db7421f68ef6a0a040a61796f24e690be
+certbot-apache==0.26.1 \
+    --hash=sha256:c16acb49bd4f84fff25bcbb7eaf74412145efe9b68ce46e1803be538894f2ce3 \
+    --hash=sha256:b7fa327e987b892d64163e7519bdeaf9723d78275ef6c438272848894ace6d87
+certbot-nginx==0.26.1 \
+    --hash=sha256:c0048dc83672dc90805a8ddf513be3e48c841d6e91607e91e8657c1785d65660 \
+    --hash=sha256:d0c95a32625e0f1612d7fcf9021e6e050ba3d879823489d1edd2478a78ae6624

 UNLIKELY_EOF
    # -------------------------------------------------------------------------
--- a/letsencrypt-auto-source/letsencrypt-auto.sig
+++ b/letsencrypt-auto-source/letsencrypt-auto.sig
--- a/letsencrypt-auto-source/pieces/certbot-requirements.txt
+++ b/letsencrypt-auto-source/pieces/certbot-requirements.txt
@ -1,12 +1,12 @@
-certbot==0.26.0 \
-    --hash=sha256:0e171c00fce6ca7f3638602caaa9ca0b5b41ff35013d8a802afbea1d4b77e83a \
-    --hash=sha256:5c0a0394c3745fa2d1ef49b9f8d0bd31eec11113b1b127055172fb053dc0946d
-acme==0.26.0 \
-    --hash=sha256:65ea0b75eba577775afbdc81db576a7ebc5287c87d04c18017d25ee899698956 \
-    --hash=sha256:86d5fe89daf45d46dce68711990d6a145b323d84ee7b34322bfe20dc1624e26f
-certbot-apache==0.26.0 \
-    --hash=sha256:72e147a19c7ab609f6656529f1574327cb08b90d7556974e131f795cab04d18b \
-    --hash=sha256:865a08ea38e7911745804de078a386e994888c084823e45710d5cc58ac5824c5
-certbot-nginx==0.26.0 \
-    --hash=sha256:4bebf1350765ed3220a163e0c63b23021d19172aee5b7896b12e2341ea129210 \
-    --hash=sha256:18d5a9b10aed07a9f0d465e6f08ee57ca112b356e7bc3190ee2ec66347f45cf4
+certbot==0.26.1 \
+    --hash=sha256:4e2ffdeebb7f5097600bcb1ca19131441fa021f952b443ca7454a279337af609 \
+    --hash=sha256:4983513d63f7f36e24a07873ca2d6ea1c0101aa6cb1cd825cda02ed520f6ca66
+acme==0.26.1 \
+    --hash=sha256:d47841e66adc1336ecca2f0d41a247c1b62307c981be6d07996bbf3f95af1dc5 \
+    --hash=sha256:86e7b5f4654cb19215f16c0e6225750db7421f68ef6a0a040a61796f24e690be
+certbot-apache==0.26.1 \
+    --hash=sha256:c16acb49bd4f84fff25bcbb7eaf74412145efe9b68ce46e1803be538894f2ce3 \
+    --hash=sha256:b7fa327e987b892d64163e7519bdeaf9723d78275ef6c438272848894ace6d87
+certbot-nginx==0.26.1 \
+    --hash=sha256:c0048dc83672dc90805a8ddf513be3e48c841d6e91607e91e8657c1785d65660 \
+    --hash=sha256:d0c95a32625e0f1612d7fcf9021e6e050ba3d879823489d1edd2478a78ae6624
--- a/tests/letstest/multitester.py
+++ b/tests/letstest/multitester.py
@ -128,6 +128,7 @@ def make_instance(instance_name,
                  userdata=""): #userdata contains bash or cloud-init script

    new_instance = EC2.create_instances(
+        BlockDeviceMappings=_get_block_device_mappings(ami_id),
        ImageId=ami_id,
        SecurityGroups=security_groups,
        KeyName=keyname,
@ -151,38 +152,21 @@ def make_instance(instance_name,
            raise
    return new_instance

-def terminate_and_clean(instances):
+def _get_block_device_mappings(ami_id):
+    """Returns the list of block device mappings to ensure cleanup.
+
+    This list sets connected EBS volumes to be deleted when the EC2
+    instance is terminated.
+
    """
-    Some AMIs specify EBS stores that won't delete on instance termination.
-    These must be manually deleted after shutdown.
-    """
-    volumes_to_delete = []
-    for instance in instances:
-        for bdmap in instance.block_device_mappings:
-            if 'Ebs' in bdmap.keys():
-                if not bdmap['Ebs']['DeleteOnTermination']:
-                    volumes_to_delete.append(bdmap['Ebs']['VolumeId'])
-
-    for instance in instances:
-        instance.terminate()
-
-    # can't delete volumes until all attaching instances are terminated
-    _ids = [instance.id for instance in instances]
-    all_terminated = False
-    while not all_terminated:
-        all_terminated = True
-        for _id in _ids:
-            # necessary to reinit object for boto3 to get true state
-            inst = EC2.Instance(id=_id)
-            if inst.state['Name'] != 'terminated':
-                all_terminated = False
-        time.sleep(5)
-
-    for vol_id in volumes_to_delete:
-        volume = EC2.Volume(id=vol_id)
-        volume.delete()
-
-    return volumes_to_delete
+    # Not all devices use EBS, but the default value for DeleteOnTermination
+    # when the device does use EBS is true. See:
+    # * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-blockdev-mapping.html
+    # * https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-blockdev-template.html
+    return [{'DeviceName': mapping['DeviceName'],
+             'Ebs': {'DeleteOnTermination': True}}
+            for mapping in EC2.Image(ami_id).block_device_mappings
+            if not mapping.get('Ebs', {}).get('DeleteOnTermination', True)]


 # Helper Routines
@ -370,10 +354,11 @@ def test_client_process(inqueue, outqueue):
 def cleanup(cl_args, instances, targetlist):
    print('Logs in ', LOGDIR)
    if not cl_args.saveinstances:
-        print('Terminating EC2 Instances and Cleaning Dangling EBS Volumes')
+        print('Terminating EC2 Instances')
        if cl_args.killboulder:
            boulder_server.terminate()
-        terminate_and_clean(instances)
+        for instance in instances:
+            instance.terminate()
    else:
        # print login information for the boxes for debugging
        for ii, target in enumerate(targetlist):
--- a/tox.ini
+++ b/tox.ini
@ -108,6 +108,12 @@ commands =
 setenv =
    {[testenv:py27-oldest]setenv}

+[testenv:py27-postfix-oldest]
+commands =
+    {[base]install_and_test} certbot-postfix
+setenv =
+    {[testenv:py27-oldest]setenv}
+
 [testenv:py27_install]
 basepython = python2.7
 commands =