Merge branch 'master' into ecdsa

certbot-apache/certbot_apache/configurator.py

@@ -538,6 +538,9 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator):
                 is_ssl = True
 
         filename = get_file_path(self.aug.get("/augeas/files%s/path" % get_file_path(path)))
+        if filename is None:
+            return None
+
         if self.conf("handle-sites"):
             is_enabled = self.is_site_enabled(filename)
         else:
@@ -1801,25 +1804,25 @@ def get_file_path(vhost_path):
     :rtype: str
 
     """
-    # Strip off /files
-    avail_fp = vhost_path[6:]
-    # This can be optimized...
-    while True:
-        # Cast all to lowercase to be case insensitive
-        find_if = avail_fp.lower().find("/ifmodule")
-        if find_if != -1:
-            avail_fp = avail_fp[:find_if]
-            continue
-        find_vh = avail_fp.lower().find("/virtualhost")
-        if find_vh != -1:
-            avail_fp = avail_fp[:find_vh]
-            continue
-        find_macro = avail_fp.lower().find("/macro")
-        if find_macro != -1:
-            avail_fp = avail_fp[:find_macro]
-            continue
-        break
-    return avail_fp
+    # Strip off /files/
+    try:
+        if vhost_path.startswith("/files/"):
+            avail_fp = vhost_path[7:].split("/")
+        else:
+            return None
+    except AttributeError:
+        # If we recieved a None path
+        return None
+
+    last_good = ""
+    # Loop through the path parts and validate after every addition
+    for p in avail_fp:
+        cur_path = last_good+"/"+p
+        if os.path.exists(cur_path):
+            last_good = cur_path
+        else:
+            break
+    return last_good
 
 
 def install_ssl_options_conf(options_ssl):

certbot-apache/certbot_apache/constants.py

@@ -2,7 +2,23 @@
 import pkg_resources
 from certbot import util
 
-
+CLI_DEFAULTS_DEFAULT = dict(
+    server_root="/etc/apache2",
+    vhost_root="/etc/apache2/sites-available",
+    vhost_files="*",
+    version_cmd=['apache2ctl', '-v'],
+    define_cmd=['apache2ctl', '-t', '-D', 'DUMP_RUN_CFG'],
+    restart_cmd=['apache2ctl', 'graceful'],
+    conftest_cmd=['apache2ctl', 'configtest'],
+    enmod=None,
+    dismod=None,
+    le_vhost_ext="-le-ssl.conf",
+    handle_mods=False,
+    handle_sites=False,
+    challenge_location="/etc/apache2",
+    MOD_SSL_CONF_SRC=pkg_resources.resource_filename(
+        "certbot_apache", "options-ssl-apache.conf")
+)
 CLI_DEFAULTS_DEBIAN = dict(
     server_root="/etc/apache2",
     vhost_root="/etc/apache2/sites-available",
@@ -71,7 +87,25 @@ CLI_DEFAULTS_DARWIN = dict(
     MOD_SSL_CONF_SRC=pkg_resources.resource_filename(
         "certbot_apache", "options-ssl-apache.conf")
 )
+CLI_DEFAULTS_SUSE = dict(
+    server_root="/etc/apache2",
+    vhost_root="/etc/apache2/vhosts.d",
+    vhost_files="*.conf",
+    version_cmd=['apache2ctl', '-v'],
+    define_cmd=['apache2ctl', '-t', '-D', 'DUMP_RUN_CFG'],
+    restart_cmd=['apache2ctl', 'graceful'],
+    conftest_cmd=['apache2ctl', 'configtest'],
+    enmod="a2enmod",
+    dismod="a2dismod",
+    le_vhost_ext="-le-ssl.conf",
+    handle_mods=False,
+    handle_sites=False,
+    challenge_location="/etc/apache2/vhosts.d",
+    MOD_SSL_CONF_SRC=pkg_resources.resource_filename(
+        "certbot_apache", "options-ssl-apache.conf")
+)
 CLI_DEFAULTS = {
+    "default": CLI_DEFAULTS_DEFAULT,
     "debian": CLI_DEFAULTS_DEBIAN,
     "ubuntu": CLI_DEFAULTS_DEBIAN,
     "centos": CLI_DEFAULTS_CENTOS,
@@ -83,6 +117,8 @@ CLI_DEFAULTS = {
     "gentoo": CLI_DEFAULTS_GENTOO,
     "gentoo base system": CLI_DEFAULTS_GENTOO,
     "darwin": CLI_DEFAULTS_DARWIN,
+    "opensuse": CLI_DEFAULTS_SUSE,
+    "suse": CLI_DEFAULTS_SUSE,
 }
 """CLI defaults."""
 
@@ -115,13 +151,36 @@ HEADER_ARGS = {"Strict-Transport-Security": HSTS_ARGS,
 
 
 def os_constant(key):
-    """Get a constant value for operating system
+    """
+    Get a constant value for operating system
+
     :param key: name of cli constant
     :return: value of constant for active os
     """
+
     os_info = util.get_os_info()
     try:
         constants = CLI_DEFAULTS[os_info[0].lower()]
     except KeyError:
-        constants = CLI_DEFAULTS["debian"]
+        constants = os_like_constants()
+        if not constants:
+            constants = CLI_DEFAULTS["default"]
     return constants[key]
+
+
+def os_like_constants():
+    """
+    Try to get constants for distribution with
+    similar layout and configuration, indicated by
+    /etc/os-release variable "LIKE"
+
+    :returns: Constants dictionary
+    :rtype: `dict`
+    """
+
+    os_like = util.get_systemd_os_like()
+    if os_like:
+        for os_name in os_like:
+            if os_name in CLI_DEFAULTS.keys():
+                return CLI_DEFAULTS[os_name]
+    return {}

certbot-apache/certbot_apache/tests/configurator_test.py

@@ -125,6 +125,12 @@ class MultipleVhostsTest(util.ApacheTest):
         self.assertTrue("google.com" in names)
         self.assertTrue("certbot.demo" in names)
 
+    def test_get_bad_path(self):
+        from certbot_apache.configurator import get_file_path
+        self.assertEqual(get_file_path(None), None)
+        self.assertEqual(get_file_path("nonexistent"), None)
+        self.assertEqual(self.config._create_vhost("nonexistent"), None) # pylint: disable=protected-access
+
     def test_bad_servername_alias(self):
         ssl_vh1 = obj.VirtualHost(
             "fp1", "ap1", set([obj.Addr(("*", "443"))]),

certbot-apache/certbot_apache/tests/constants_test.py

@@ -25,3 +25,20 @@ class ConstantsTest(unittest.TestCase):
         os_info.return_value = ('Nonexistent Linux', '', '')
         self.assertEqual(constants.os_constant("vhost_root"),
                          "/etc/apache2/sites-available")
+
+    @mock.patch("certbot.util.get_os_info")
+    def test_get_default_constants(self, os_info):
+        os_info.return_value = ('Nonexistent Linux', '', '')
+        with mock.patch("certbot.util.get_systemd_os_like") as os_like:
+            # Get defaults
+            os_like.return_value = False
+            c_hm = constants.os_constant("handle_mods")
+            c_sr = constants.os_constant("server_root")
+            self.assertFalse(c_hm)
+            self.assertEqual(c_sr, "/etc/apache2")
+            # Use darwin as like test target
+            os_like.return_value = ["something", "nonexistent", "darwin"]
+            d_vr = constants.os_constant("vhost_root")
+            d_em = constants.os_constant("enmod")
+            self.assertFalse(d_em)
+            self.assertEqual(d_vr, "/etc/apache2/other")

certbot/auth_handler.py

@@ -1,8 +1,8 @@
 """ACME AuthHandler."""
-import itertools
 import logging
 import time
 
+import six
 import zope.component
 
 from acme import challenges
@@ -141,7 +141,7 @@ class AuthHandler(object):
 
         """
         active_achalls = []
-        for achall, resp in itertools.izip(achalls, resps):
+        for achall, resp in six.moves.zip(achalls, resps):
             # This line needs to be outside of the if block below to
             # ensure failed challenges are cleaned up correctly
             active_achalls.append(achall)
@@ -472,7 +472,7 @@ def _report_failed_challs(failed_achalls):
             problems.setdefault(achall.error.typ, []).append(achall)
 
     reporter = zope.component.getUtility(interfaces.IReporter)
-    for achalls in problems.itervalues():
+    for achalls in six.itervalues(problems):
         reporter.add_message(
             _generate_failed_chall_msg(achalls), reporter.MEDIUM_PRIORITY)
 

certbot/cli.py

@@ -343,8 +343,10 @@ class HelpfulArgumentParser(object):
         self.determine_verb()
         help1 = self.prescan_for_flag("-h", self.help_topics)
         help2 = self.prescan_for_flag("--help", self.help_topics)
-        assert max(True, "a") == "a", "Gravity changed direction"
-        self.help_arg = max(help1, help2)
+        if isinstance(help1, bool) and isinstance(help2, bool):
+            self.help_arg = help1 or help2
+        else:
+            self.help_arg = help1 if isinstance(help1, str) else help2
         if self.help_arg is True:
             # just --help with no topic; avoid argparse altogether
             print(usage)

certbot/constants.py

@@ -18,7 +18,7 @@ CLI_DEFAULTS = dict(
         os.path.join(os.environ.get("XDG_CONFIG_HOME", "~/.config"),
                      "letsencrypt", "cli.ini"),
     ],
-    verbose_count=-(logging.INFO / 10),
+    verbose_count=-int(logging.INFO / 10),
     server="https://acme-v01.api.letsencrypt.org/directory",
     rsa_key_size=2048,
     ecdsa_curve="P-256",

certbot/plugins/disco.py

@@ -3,6 +3,7 @@ import collections
 import itertools
 import logging
 import pkg_resources
+import six
 
 import zope.interface
 import zope.interface.verify
@@ -194,12 +195,12 @@ class PluginsRegistry(collections.Mapping):
     def init(self, config):
         """Initialize all plugins in the registry."""
         return [plugin_ep.init(config) for plugin_ep
-                in self._plugins.itervalues()]
+                in six.itervalues(self._plugins)]
 
     def filter(self, pred):
         """Filter plugins based on predicate."""
         return type(self)(dict((name, plugin_ep) for name, plugin_ep
-                               in self._plugins.iteritems() if pred(plugin_ep)))
+                               in six.iteritems(self._plugins) if pred(plugin_ep)))
 
     def visible(self):
         """Filter plugins based on visibility."""
@@ -216,7 +217,7 @@ class PluginsRegistry(collections.Mapping):
 
     def prepare(self):
         """Prepare all plugins in the registry."""
-        return [plugin_ep.prepare() for plugin_ep in self._plugins.itervalues()]
+        return [plugin_ep.prepare() for plugin_ep in six.itervalues(self._plugins)]
 
     def available(self):
         """Filter plugins based on availability."""
@@ -238,7 +239,7 @@ class PluginsRegistry(collections.Mapping):
 
         """
         # use list instead of set because PluginEntryPoint is not hashable
-        candidates = [plugin_ep for plugin_ep in self._plugins.itervalues()
+        candidates = [plugin_ep for plugin_ep in six.itervalues(self._plugins)
                       if plugin_ep.initialized and plugin_ep.init() is plugin]
         assert len(candidates) <= 1
         if candidates:
@@ -249,7 +250,7 @@ class PluginsRegistry(collections.Mapping):
     def __repr__(self):
         return "{0}({1})".format(
             self.__class__.__name__, ','.join(
-                repr(p_ep) for p_ep in self._plugins.itervalues()))
+                repr(p_ep) for p_ep in six.itervalues(self._plugins)))
 
     def __str__(self):
         if not self._plugins:

certbot/plugins/manual.py

@@ -10,6 +10,7 @@ import sys
 import tempfile
 import time
 
+import six
 import zope.component
 import zope.interface
 
@@ -187,7 +188,7 @@ s.serve_forever()" """
         #answer = zope.component.getUtility(interfaces.IDisplay).notification(
         #    message=message, height=25, pause=True)
         sys.stdout.write(message)
-        raw_input("Press ENTER to continue")
+        six.moves.input("Press ENTER to continue")
 
     def cleanup(self, achalls):
         # pylint: disable=missing-docstring,no-self-use,unused-argument

certbot/plugins/selection.py

@@ -84,7 +84,7 @@ def pick_plugin(config, default, plugins, question, ifaces):
         else:
             return plugin_ep.init()
     elif len(prepared) == 1:
-        plugin_ep = prepared.values()[0]
+        plugin_ep = list(prepared.values())[0]
         logger.debug("Single candidate plugin: %s", plugin_ep)
         if plugin_ep.misconfigured:
             return None

certbot/tests/testdata/os-release

@@ -1,7 +1,7 @@
 NAME="SystemdOS"
 VERSION="42.42.42 LTS, Unreal"
 ID=systemdos
-ID_LIKE=debian
+ID_LIKE="something nonexistent debian"
 VERSION_ID="42"
 HOME_URL="http://www.example.com/"
 SUPPORT_URL="http://help.example.com/"

certbot/tests/util_test.py

@@ -359,6 +359,15 @@ class OsInfoTest(unittest.TestCase):
         with mock.patch('os.path.isfile', return_value=False):
             self.assertEqual(get_systemd_os_info(), ("", ""))
 
+    def test_systemd_os_release_like(self):
+        from certbot.util import get_systemd_os_like
+
+        with mock.patch('os.path.isfile', return_value=True):
+            id_likes = get_systemd_os_like(test_util.vector_path(
+                "os-release"))
+            self.assertEqual(len(id_likes), 3)
+            self.assertTrue("debian" in id_likes)
+
     @mock.patch("certbot.util.subprocess.Popen")
     def test_non_systemd_os_info(self, popen_mock):
         from certbot.util import (get_os_info, get_python_os_info,

certbot/util.py

@@ -268,6 +268,19 @@ def get_systemd_os_info(filepath="/etc/os-release"):
     return (os_name, os_version)
 
 
+def get_systemd_os_like(filepath="/etc/os-release"):
+    """
+    Get a list of strings that indicate the distribution likeness to
+    other distributions.
+
+    :param str filepath: File path of os-release file
+    :returns: List of distribution acronyms
+    :rtype: `list` of `str`
+    """
+
+    return _get_systemd_os_release_var("ID_LIKE", filepath).split(" ")
+
+
 def _get_systemd_os_release_var(varname, filepath="/etc/os-release"):
     """
     Get single value from systemd /etc/os-release
@@ -409,6 +422,9 @@ def enforce_domain_sanity(domain):
         else:
             raise errors.ConfigurationError(str(error_fmt).format(domain))
 
+    if six.PY3:
+        domain = domain.decode('ascii')
+
     # Remove trailing dot
     domain = domain[:-1] if domain.endswith('.') else domain
 

docs/contributing.rst

@@ -6,9 +6,9 @@ Developer Guide
    :local:
 
 
-.. _hacking:
+.. _getting_started:
 
-Hacking
+Getting Started
 =======
 
 Running a local copy of the client

setup.py

@@ -42,7 +42,6 @@ install_requires = [
     'parsedatetime>=1.3',  # Calendar.parseDT
     'PyOpenSSL',
     'pyrfc3339',
-    'python2-pythondialog>=3.2.2rc1',  # Debian squeeze support, cf. #280
     'pytz',
     # For pkg_resources. >=1.0 so pip resolves it to a version cryptography
     # will tolerate; see #2599:
@@ -52,6 +51,12 @@ install_requires = [
     'zope.interface',
 ]
 
+# Debian squeeze support, cf. #280
+if sys.version_info[0] == 2:
+    install_requires.append('python2-pythondialog>=3.2.2rc1')
+else:
+    install_requires.append('pythondialog>=3.2.2rc1')
+
 # env markers in extras_require cause problems with older pip: #517
 # Keep in sync with conditional_requirements.py.
 if sys.version_info < (2, 7):

tests/boulder-fetch.sh

@@ -5,6 +5,6 @@ set -xe
 # Check out special branch until latest docker changes land in Boulder master.
 git clone -b docker-integration https://github.com/letsencrypt/boulder $BOULDERPATH
 cd $BOULDERPATH
-sed -i 's/FAKE_DNS: .*/FAKE_DNS: 172.17.42.1/' docker-compose.yml
+FAKE_DNS=$(ifconfig docker0 | grep "inet addr:" | cut -d: -f2 | awk '{ print $1}')
+sed -i "s/FAKE_DNS: .*/FAKE_DNS: $FAKE_DNS/" docker-compose.yml
 docker-compose up -d
-

tests/letstest/scripts/boulder_install.sh

@@ -5,5 +5,6 @@
 # Check out special branch until latest docker changes land in Boulder master.
 git clone -b docker-integration https://github.com/letsencrypt/boulder $BOULDERPATH
 cd $BOULDERPATH
-sed -i 's/FAKE_DNS: .*/FAKE_DNS: 172.17.42.1/' docker-compose.yml
+FAKE_DNS=$(ifconfig docker0 | grep "inet addr:" | cut -d: -f2 | awk '{ print $1}')
+sed -i "s/FAKE_DNS: .*/FAKE_DNS: $FAKE_DNS/" docker-compose.yml
 docker-compose up -d