From 99c575f04366d76cb195d7cd912714f3a0be7ede Mon Sep 17 00:00:00 2001 From: Joona Hoikkala Date: Wed, 13 Jan 2016 23:56:22 +0200 Subject: [PATCH 01/15] Check augeas version, and raise error if not recent enough --- .../letsencrypt_apache/configurator.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/letsencrypt-apache/letsencrypt_apache/configurator.py b/letsencrypt-apache/letsencrypt_apache/configurator.py index 4066d6264..00b93bb6e 100644 --- a/letsencrypt-apache/letsencrypt_apache/configurator.py +++ b/letsencrypt-apache/letsencrypt_apache/configurator.py @@ -158,6 +158,11 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): raise errors.NotSupportedError( "Apache Version %s not supported.", str(self.version)) + if not self._check_aug_version(): + raise errors.NotSupportedError( + "Your libaugeas0 is outdated, upgrade it from backports " + " or re-bootstrap letsencrypt") + self.parser = parser.ApacheParser( self.aug, self.conf("server-root"), self.conf("vhost-root"), self.version) @@ -169,6 +174,17 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): install_ssl_options_conf(self.mod_ssl_conf) + def _check_aug_version(self): + """ Checks that we have recent enough version of libaugeas. + If augeas version is recent enough, it will support case insensitive + regexp matching""" + + self.aug.set("/test/path/testing/arg", "aRgUMeNT") + matches = self.aug.match( + "/test//*[self::arg=~regexp('argument', 'i')]") + self.aug.remove("/test/path") + return matches + def deploy_cert(self, domain, cert_path, key_path, chain_path=None, fullchain_path=None): # pylint: disable=unused-argument """Deploys certificate to specified virtual host. From 30ad7dce9fb74f1fd8a401d16641fe8b49b1e06d Mon Sep 17 00:00:00 2001 From: Joona Hoikkala Date: Thu, 14 Jan 2016 00:06:52 +0200 Subject: [PATCH 02/15] Pick up the augeas RuntimeError and pass the correct one --- letsencrypt-apache/letsencrypt_apache/configurator.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/letsencrypt-apache/letsencrypt_apache/configurator.py b/letsencrypt-apache/letsencrypt_apache/configurator.py index 00b93bb6e..0c4d65c28 100644 --- a/letsencrypt-apache/letsencrypt_apache/configurator.py +++ b/letsencrypt-apache/letsencrypt_apache/configurator.py @@ -180,8 +180,11 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): regexp matching""" self.aug.set("/test/path/testing/arg", "aRgUMeNT") - matches = self.aug.match( - "/test//*[self::arg=~regexp('argument', 'i')]") + try: + matches = self.aug.match( + "/test//*[self::arg=~regexp('argument', 'i')]") + except RuntimeError: + return None self.aug.remove("/test/path") return matches From 7d51480c4dd8610c40d8e4aa4e78024e12e46e63 Mon Sep 17 00:00:00 2001 From: Joona Hoikkala Date: Thu, 14 Jan 2016 00:23:45 +0200 Subject: [PATCH 03/15] Remove the test path from augeas even if failing --- letsencrypt-apache/letsencrypt_apache/configurator.py | 1 + 1 file changed, 1 insertion(+) diff --git a/letsencrypt-apache/letsencrypt_apache/configurator.py b/letsencrypt-apache/letsencrypt_apache/configurator.py index 0c4d65c28..72db9c853 100644 --- a/letsencrypt-apache/letsencrypt_apache/configurator.py +++ b/letsencrypt-apache/letsencrypt_apache/configurator.py @@ -184,6 +184,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): matches = self.aug.match( "/test//*[self::arg=~regexp('argument', 'i')]") except RuntimeError: + self.aug.remove("/test/path") return None self.aug.remove("/test/path") return matches From ddbfb440412187447d4d51f0f7ac03025954aebf Mon Sep 17 00:00:00 2001 From: Joona Hoikkala Date: Thu, 14 Jan 2016 00:50:34 +0200 Subject: [PATCH 04/15] Add tests --- letsencrypt-apache/letsencrypt_apache/configurator.py | 2 +- .../letsencrypt_apache/tests/configurator_test.py | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/letsencrypt-apache/letsencrypt_apache/configurator.py b/letsencrypt-apache/letsencrypt_apache/configurator.py index 72db9c853..ad407a3bc 100644 --- a/letsencrypt-apache/letsencrypt_apache/configurator.py +++ b/letsencrypt-apache/letsencrypt_apache/configurator.py @@ -185,7 +185,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): "/test//*[self::arg=~regexp('argument', 'i')]") except RuntimeError: self.aug.remove("/test/path") - return None + return False self.aug.remove("/test/path") return matches diff --git a/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py b/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py index 113b3b2b2..ce3d20297 100644 --- a/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py +++ b/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py @@ -978,6 +978,13 @@ class TwoVhost80Test(util.ApacheTest): self.assertTrue(self.config.parser.find_dir( "NameVirtualHost", "*:443", exclude=False)) + def test_aug_version(self): + mock_match = mock.Mock(return_value=["something"]) + self.config.aug.match = mock_match + self.assertEquals(self.config._check_aug_version(), ["something"]) + self.config.aug.match.side_effect = RuntimeError + self.assertFalse(self.config._check_aug_version()) + if __name__ == "__main__": unittest.main() # pragma: no cover From d0832f741462cfa94046d7ed7a81835a8836e1e8 Mon Sep 17 00:00:00 2001 From: Joona Hoikkala Date: Thu, 14 Jan 2016 01:09:28 +0200 Subject: [PATCH 05/15] Added the missing test --- .../letsencrypt_apache/tests/configurator_test.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py b/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py index ce3d20297..fe7071f14 100644 --- a/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py +++ b/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py @@ -65,6 +65,15 @@ class TwoVhost80Test(util.ApacheTest): self.assertRaises( errors.NotSupportedError, self.config.prepare) + @mock.patch("letsencrypt_apache.parser.ApacheParser") + @mock.patch("letsencrypt_apache.configurator.le_util.exe_exists") + def test_prepare_old_aug(self, mock_exe_exists, _): + mock_exe_exists.return_value = True + self.config._check_aug_version = mock.Mock(return_value=False) + self.assertRaises( + errors.NotSupportedError, self.config.prepare) + + def test_add_parser_arguments(self): # pylint: disable=no-self-use from letsencrypt_apache.configurator import ApacheConfigurator # Weak test.. From 8f6ef8db5301ce4087a1de86eeaaaeda805f93f9 Mon Sep 17 00:00:00 2001 From: Joona Hoikkala Date: Thu, 14 Jan 2016 01:10:50 +0200 Subject: [PATCH 06/15] Modified error message --- letsencrypt-apache/letsencrypt_apache/configurator.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/letsencrypt-apache/letsencrypt_apache/configurator.py b/letsencrypt-apache/letsencrypt_apache/configurator.py index ad407a3bc..47d238140 100644 --- a/letsencrypt-apache/letsencrypt_apache/configurator.py +++ b/letsencrypt-apache/letsencrypt_apache/configurator.py @@ -160,8 +160,9 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): if not self._check_aug_version(): raise errors.NotSupportedError( - "Your libaugeas0 is outdated, upgrade it from backports " - " or re-bootstrap letsencrypt") + "Apache plugin support requires libaugeas0 and augeas-lenses " + "version 1.2.0 or higher, please make sure you have you have " + "those installed.") self.parser = parser.ApacheParser( self.aug, self.conf("server-root"), self.conf("vhost-root"), From 8c110e31d75a746ec6bb284bba61179140d445a9 Mon Sep 17 00:00:00 2001 From: Joona Hoikkala Date: Thu, 14 Jan 2016 01:30:34 +0200 Subject: [PATCH 07/15] Fixed tests --- .../letsencrypt_apache/tests/configurator_test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py b/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py index fe7071f14..5052da893 100644 --- a/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py +++ b/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py @@ -69,11 +69,11 @@ class TwoVhost80Test(util.ApacheTest): @mock.patch("letsencrypt_apache.configurator.le_util.exe_exists") def test_prepare_old_aug(self, mock_exe_exists, _): mock_exe_exists.return_value = True + self.config.config_test = mock.Mock() self.config._check_aug_version = mock.Mock(return_value=False) self.assertRaises( errors.NotSupportedError, self.config.prepare) - def test_add_parser_arguments(self): # pylint: disable=no-self-use from letsencrypt_apache.configurator import ApacheConfigurator # Weak test.. From fe8a0dcef26c15480ce0ae86f8f24450836e14a6 Mon Sep 17 00:00:00 2001 From: Joona Hoikkala Date: Thu, 14 Jan 2016 01:52:35 +0200 Subject: [PATCH 08/15] Make linter happy --- .../letsencrypt_apache/tests/configurator_test.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py b/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py index 5052da893..2a32b04be 100644 --- a/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py +++ b/letsencrypt-apache/letsencrypt_apache/tests/configurator_test.py @@ -70,7 +70,7 @@ class TwoVhost80Test(util.ApacheTest): def test_prepare_old_aug(self, mock_exe_exists, _): mock_exe_exists.return_value = True self.config.config_test = mock.Mock() - self.config._check_aug_version = mock.Mock(return_value=False) + self.config._check_aug_version = mock.Mock(return_value=False) # pylint: disable=protected-access self.assertRaises( errors.NotSupportedError, self.config.prepare) @@ -990,9 +990,9 @@ class TwoVhost80Test(util.ApacheTest): def test_aug_version(self): mock_match = mock.Mock(return_value=["something"]) self.config.aug.match = mock_match - self.assertEquals(self.config._check_aug_version(), ["something"]) + self.assertEquals(self.config._check_aug_version(), ["something"]) # pylint: disable=protected-access self.config.aug.match.side_effect = RuntimeError - self.assertFalse(self.config._check_aug_version()) + self.assertFalse(self.config._check_aug_version()) # pylint: disable=protected-access if __name__ == "__main__": From 8989dfc1ff7533fb961c237eadbee76cae70c049 Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Wed, 13 Jan 2016 16:17:26 -0800 Subject: [PATCH 09/15] Disable Apache 2.2 support --- letsencrypt-apache/letsencrypt_apache/configurator.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/letsencrypt-apache/letsencrypt_apache/configurator.py b/letsencrypt-apache/letsencrypt_apache/configurator.py index 4066d6264..2ce9d008b 100644 --- a/letsencrypt-apache/letsencrypt_apache/configurator.py +++ b/letsencrypt-apache/letsencrypt_apache/configurator.py @@ -154,7 +154,7 @@ class ApacheConfigurator(augeas_configurator.AugeasConfigurator): # Set Version if self.version is None: self.version = self.get_version() - if self.version < (2, 2): + if self.version < (2, 4): raise errors.NotSupportedError( "Apache Version %s not supported.", str(self.version)) From a7b878b825e73b0d05abd0495d40eded7ae2d608 Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Wed, 13 Jan 2016 16:51:13 -0800 Subject: [PATCH 10/15] Ensure that all pip upload version #s are reflect in git --- tools/release.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tools/release.sh b/tools/release.sh index 172f6fea1..a945e3970 100755 --- a/tools/release.sh +++ b/tools/release.sh @@ -85,9 +85,12 @@ SetVersion() { sed -i "s/^version.*/version = '$ver'/" $pkg_dir/setup.py done sed -i "s/^__version.*/__version__ = '$ver'/" letsencrypt/__init__.py + + # interactive user input + git add -p letsencrypt $SUBPKGS letsencrypt-compatibility-test - git add -p letsencrypt $SUBPKGS # interactive user input } + SetVersion "$version" git commit --gpg-sign="$RELEASE_GPG_KEY" -m "Release $version" git tag --local-user "$RELEASE_GPG_KEY" \ From 4762ede4ea901abcc6ff0240fc84d7ba80763987 Mon Sep 17 00:00:00 2001 From: Peter Eckersley Date: Wed, 13 Jan 2016 17:09:45 -0800 Subject: [PATCH 11/15] Also *set* the letsencrypt-compatibility-test version number --- tools/release.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/release.sh b/tools/release.sh index a945e3970..43c7556de 100755 --- a/tools/release.sh +++ b/tools/release.sh @@ -80,7 +80,7 @@ git checkout "$RELEASE_BRANCH" SetVersion() { ver="$1" - for pkg_dir in $SUBPKGS + for pkg_dir in $SUBPKGS letsencrypt-compatibility-test do sed -i "s/^version.*/version = '$ver'/" $pkg_dir/setup.py done From 2e034e6c6c6992eea55e74fa6bb5cbd66347ee3c Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Thu, 14 Jan 2016 11:42:10 -0800 Subject: [PATCH 12/15] Revert changes to acme's setup.py --- acme/setup.py | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/acme/setup.py b/acme/setup.py index 372c05b13..3d7b882d5 100644 --- a/acme/setup.py +++ b/acme/setup.py @@ -11,6 +11,8 @@ install_requires = [ # load_pem_private/public_key (>=0.6) # rsa_recover_prime_factors (>=0.8) 'cryptography>=0.8', + 'ndg-httpsclient', # urllib3 InsecurePlatformWarning (#304) + 'pyasn1', # urllib3 InsecurePlatformWarning (#304) # Connection.set_tlsext_host_name (>=0.13) 'PyOpenSSL>=0.13', 'pyrfc3339', @@ -31,11 +33,6 @@ if sys.version_info < (2, 7): else: install_requires.append('mock') -if sys.version_info < (2, 7, 9): - # For secure SSL connection with Python 2.7 (InsecurePlatformWarning) - install_requires.append('ndg-httpsclient') - install_requires.append('pyasn1') - docs_extras = [ 'Sphinx>=1.0', # autodoc_member_order = 'bysource', autodoc_default_flags 'sphinx_rtd_theme', From 5d93678303cf3d2cdc69aaa16d3297739a72d3e6 Mon Sep 17 00:00:00 2001 From: Erik Rose Date: Thu, 14 Jan 2016 16:40:47 -0500 Subject: [PATCH 13/15] Make ConfigArgParse dependencies unconditional as well. None of this is ideal, since we're making the dependencies tighter than they theoretically need to be, but the behavior of the old le-auto makes this necessary to make it succeed in practice (when using LE wheels). Once we move to the new le-auto (which pins everything and makes setup.py dependencies irrelevant for auto installs), we should redo this using env markers as in https://github.com/letsencrypt/letsencrypt/pull/2177. We're too afraid to do it now. Similarly, we're too afraid to change how we handle argparse right now, despite that it should be required directly by us under 2.6. In practice, ConfigArgParse pulls it in for us, so we're okay as long as it continues to do that. --- setup.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/setup.py b/setup.py index ad7fb6909..4d9cc7850 100644 --- a/setup.py +++ b/setup.py @@ -33,6 +33,7 @@ version = meta['version'] # Please update tox.ini when modifying dependency version requirements install_requires = [ 'acme=={0}'.format(version), + 'ConfigArgParse>=0.10.0', # python2.6 support, upstream #17 'configobj', 'cryptography>=0.7', # load_pem_x509_certificate 'parsedatetime', @@ -52,12 +53,10 @@ if sys.version_info < (2, 7): install_requires.extend([ # only some distros recognize stdlib argparse as already satisfying 'argparse', - 'ConfigArgParse>=0.10.0', # python2.6 support, upstream #17 'mock<1.1.0', ]) else: install_requires.extend([ - 'ConfigArgParse', 'mock', ]) From b7b3f24da085765f8963c95826a6b54b401c58cd Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Thu, 14 Jan 2016 16:35:20 -0800 Subject: [PATCH 14/15] Convert sites-enabled files to symlinks --- .../letsencrypt_apache/tests/util.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/letsencrypt-apache/letsencrypt_apache/tests/util.py b/letsencrypt-apache/letsencrypt_apache/tests/util.py index 798d4814b..12237b209 100644 --- a/letsencrypt-apache/letsencrypt_apache/tests/util.py +++ b/letsencrypt-apache/letsencrypt_apache/tests/util.py @@ -42,6 +42,20 @@ class ApacheTest(unittest.TestCase): # pylint: disable=too-few-public-methods self.rsa512jwk = jose.JWKRSA.load(test_util.load_vector( "rsa512_key.pem")) + # Make sure all vhosts in sites-enabled are symlinks (Python packaging + # does not preserve symlinks) + sites_enabled = os.path.join(self.config_path, "sites-enabled") + if not os.path.exists(sites_enabled): + return + + for vhost_basename in os.listdir(sites_enabled): + vhost = os.path.join(sites_enabled, vhost_basename) + if not os.path.islink(vhost): + os.remove(vhost) + target = os.path.join( + os.path.pardir, "sites-available", vhost_basename) + os.symlink(target, vhost) + class ParserTest(ApacheTest): # pytlint: disable=too-few-public-methods From 2939b62f242f05e24c5ede23c8dfeed2f1a0535c Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Thu, 14 Jan 2016 16:59:29 -0800 Subject: [PATCH 15/15] Stop cover from failing --- letsencrypt-apache/letsencrypt_apache/tests/util.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/letsencrypt-apache/letsencrypt_apache/tests/util.py b/letsencrypt-apache/letsencrypt_apache/tests/util.py index 12237b209..782ed6f44 100644 --- a/letsencrypt-apache/letsencrypt_apache/tests/util.py +++ b/letsencrypt-apache/letsencrypt_apache/tests/util.py @@ -50,7 +50,7 @@ class ApacheTest(unittest.TestCase): # pylint: disable=too-few-public-methods for vhost_basename in os.listdir(sites_enabled): vhost = os.path.join(sites_enabled, vhost_basename) - if not os.path.islink(vhost): + if not os.path.islink(vhost): # pragma: no cover os.remove(vhost) target = os.path.join( os.path.pardir, "sites-available", vhost_basename)