Merge pull request #980 from letsencrypt/wrapper-script

letsencrypt-auto implements bootstrapping, venv install, and pip autoupdate before running the client
2026-06-04 06:15:36 -04:00 · 2015-10-15 00:18:32 -07:00 · 2015-10-15 00:18:32 -07:00 · f99041011e
commit f99041011e
parent 3fd7cd6587 64385cbd80
5 changed files with 233 additions and 126 deletions
--- a/bootstrap/mac.sh
+++ b/bootstrap/mac.sh
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/sh -e
 if ! hash brew 2>/dev/null; then
    echo "Homebrew Not Installed\nDownloading..."
    ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
--- a/bootstrap/venv.sh
+++ b/bootstrap/venv.sh
@ -0,0 +1,33 @@
+#!/bin/sh -e
+#
+# Installs and updates letencrypt virtualenv
+#
+# USAGE: source ./dev/venv.sh
+
+
+XDG_DATA_HOME=${XDG_DATA_HOME:-~/.local/share}
+VENV_NAME="letsencrypt"
+VENV_PATH=${VENV_PATH:-"$XDG_DATA_HOME/$VENV_NAME"}
+
+# virtualenv call is not idempotent: it overwrites pip upgraded in
+# later steps, causing "ImportError: cannot import name unpack_url"
+if [ ! -d $VENV_PATH ]
+then
+  virtualenv --no-site-packages --python python2 $VENV_PATH
+fi
+
+. $VENV_PATH/bin/activate
+pip install -U setuptools
+pip install -U pip
+
+pip install -U letsencrypt letsencrypt-apache # letsencrypt-nginx
+
+echo
+echo "Congratulations, Let's Encrypt has been successfully installed/updated!"
+echo
+echo -n "Your prompt should now be prepended with ($VENV_NAME). Next "
+echo -n "time, if the prompt is different, 'source' this script again "
+echo -n "before running 'letsencrypt'."
+echo
+echo
+echo "You can now run 'letsencrypt --help'."
--- a/docs/contributing.rst
+++ b/docs/contributing.rst
@ -296,3 +296,82 @@ commands:

 This should generate documentation in the ``docs/_build/html``
 directory.
+
+.. _prerequisites:
+
+Notes on OS depedencies
+=======================
+
+OS level dependencies are managed by scripts in ``bootstrap``.  Some notes
+are provided here mainly for the :ref:`developers <hacking>` reference.
+
+In general:
+
+* ``sudo`` is required as a suggested way of running privileged process
+* `Augeas`_ is required for the Python bindings
+* ``virtualenv`` and ``pip`` are used for managing other python library
+  dependencies
+
+.. _Augeas: http://augeas.net/
+.. _Virtualenv: https://virtualenv.pypa.io
+
+Ubuntu
+------
+
+.. code-block:: shell
+
+   sudo ./bootstrap/ubuntu.sh
+
+
+Debian
+------
+
+.. code-block:: shell
+
+   sudo ./bootstrap/debian.sh
+
+For squeeze you will need to:
+
+- Use ``virtualenv --no-site-packages -p python`` instead of ``-p python2``.
+
+
+.. _`#280`: https://github.com/letsencrypt/letsencrypt/issues/280
+
+
+Mac OSX
+-------
+
+.. code-block:: shell
+
+   ./bootstrap/mac.sh
+
+
+Fedora
+------
+
+.. code-block:: shell
+
+   sudo ./bootstrap/fedora.sh
+
+
+Centos 7
+--------
+
+.. code-block:: shell
+
+   sudo ./bootstrap/centos.sh
+
+
+FreeBSD
+-------
+
+.. code-block:: shell
+
+   sudo ./bootstrap/freebsd.sh
+
+Bootstrap script for FreeBSD uses ``pkg`` for package installation,
+i.e. it does not use ports.
+
+FreeBSD by default uses ``tcsh``. In order to activate virtulenv (see
+below), you will need a compatbile shell, e.g. ``pkg install bash &&
+bash``.
--- a/docs/using.rst
+++ b/docs/using.rst
@ -2,26 +2,6 @@
 Using the Let's Encrypt client
 ==============================

-Quick start
-===========
-
-Using Docker_ you can quickly get yourself a testing cert. From the
-server that the domain your requesting a cert for resolves to,
-`install Docker`_, issue the following command:
-
-.. code-block:: shell
-
-   sudo docker run -it --rm -p 443:443 --name letsencrypt \
-               -v "/etc/letsencrypt:/etc/letsencrypt" \
-               -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
-               quay.io/letsencrypt/letsencrypt:latest
-
-and follow the instructions. Your new cert will be available in
-``/etc/letsencrypt/certs``.
-
-.. _Docker: https://docker.com
-.. _`install Docker`: https://docs.docker.com/docker/userguide/
-

 Getting the code
 ================
@ -42,126 +22,35 @@ above method instead.
   https://github.com/letsencrypt/letsencrypt/archive/master.zip


-.. _prerequisites:
+Installation and Usage
+======================

-Prerequisites
-=============
-
-The demo code is supported and known to work on **Ubuntu and
-Debian**. Therefore, prerequisites for other platforms listed below
-are provided mainly for the :ref:`developers <hacking>` reference.
-
-In general:
-
-* ``sudo`` is required as a suggested way of running privileged process
-* `Augeas`_ is required for the Python bindings
-
-
-Ubuntu
------
+To install and run the client you just need to type:

 .. code-block:: shell

-   sudo ./bootstrap/ubuntu.sh
+   ./letsencrypt-auto

+(Once letsencrypt is packaged by distributions, the command will just be
+``letsencrypt``.  ``letsencrypt-auto`` is a wrapper which installs virtualized
+dependencies and provides automated updates during the beta program)

-Debian
------
-
-.. code-block:: shell
-
-   sudo ./bootstrap/debian.sh
-
-For squeeze you will need to:
-
- Use ``virtualenv --no-site-packages -p python`` instead of ``-p python2``.
-
-
-.. _`#280`: https://github.com/letsencrypt/letsencrypt/issues/280
-
-
-Mac OSX
-------
-
-.. code-block:: shell
-
-   ./bootstrap/mac.sh
-
-
-Fedora
------
-
-.. code-block:: shell
-
-   sudo ./bootstrap/fedora.sh
-
-
-Centos 7
--------
-
-.. code-block:: shell
-
-   sudo ./bootstrap/centos.sh
-
-
-FreeBSD
-------
-
-.. code-block:: shell
-
-   sudo ./bootstrap/freebsd.sh
-
-Bootstrap script for FreeBSD uses ``pkg`` for package installation,
-i.e. it does not use ports.
-
-FreeBSD by default uses ``tcsh``. In order to activate virtulenv (see
-below), you will need a compatbile shell, e.g. ``pkg install bash &&
-bash``.
-
-
-Installation
-============
-
-.. "pip install acme" doesn't search for "acme" in cwd, just like "pip
-   install -e acme" does; `-U setuptools pip` necessary for #722
-
-.. code-block:: shell
-
-   virtualenv --no-site-packages -p python2 venv
-   ./venv/bin/pip install -U setuptools
-   ./venv/bin/pip install -U pip
-   ./venv/bin/pip install -r requirements.txt acme/ . letsencrypt-apache/ letsencrypt-nginx/
-
-.. warning:: Please do **not** use ``python setup.py install``. Please
-             do **not** attempt the installation commands as
-             superuser/root and/or without Virtualenv_, e.g. ``sudo
-             python setup.py install``, ``sudo pip install``, ``sudo
-             ./venv/bin/...``. These modes of operation might corrupt
-             your operating system and are **not supported** by the
-             Let's Encrypt team!
-
-
-Usage
-=====
-
-To get a new certificate run:
-
-.. code-block:: shell
-
-   sudo ./venv/bin/letsencrypt auth
+.. warning:: Please do **not** use ``python setup.py install`` or ``sudo pip install`.
+             Those mode of operation might corrupt your operating system and is
+             **not supported** by the Let's Encrypt team!

 The ``letsencrypt`` commandline tool has a builtin help:

 .. code-block:: shell

-   ./venv/bin/letsencrypt --help
+   ./letsencrypt-auto --help


 Configuration file
 ------------------

 It is possible to specify configuration file with
-``letsencrypt --config cli.ini`` (or shorter ``-c cli.ini``). For
+``letsencrypt-auto --config cli.ini`` (or shorter ``-c cli.ini``). For
 instance, if you are a contributor, you might find the following
 handy:

@ -178,5 +67,22 @@ By default, the following locations are searched:
 .. keep it up to date with constants.py


-.. _Augeas: http://augeas.net/
-.. _Virtualenv: https://virtualenv.pypa.io
+Running with Docker
+===================
+
+Docker_ is another way to quickly obtain testing certs. From the
+server that the domain your requesting a cert for resolves to,
+`install Docker`_, issue the following command:
+
+.. code-block:: shell
+
+   sudo docker auth -it --rm -p 443:443 --name letsencrypt \
+               -v "/etc/letsencrypt:/etc/letsencrypt" \
+               -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
+               quay.io/letsencrypt/letsencrypt:latest auth
+
+and follow the instructions. Your new cert will be available in
+``/etc/letsencrypt/certs``.
+
+.. _Docker: https://docker.com
+.. _`install Docker`: https://docs.docker.com/docker/userguide/
--- a/89
+++ b/89
@ -0,0 +1,89 @@
+#!/bin/sh -e
+#
+# Installs and updates the letencrypt virtualenv, and runs letsencrypt
+# using that virtual environment.  This allows the client to function decently
+# without requiring specific versions of its dependencies from the operating
+# system.
+
+XDG_DATA_HOME=${XDG_DATA_HOME:-~/.local/share}
+VENV_NAME="letsencrypt"
+VENV_PATH=${VENV_PATH:-"$XDG_DATA_HOME/$VENV_NAME"}
+VENV_BIN=${VENV_PATH}/bin
+
+if test "`id -u`" -ne "0" ; then
+  SUDO=sudo
+else
+  SUDO=
+fi
+
+for arg in "$@" ; do 
+  # This first clause is redundant with the third, but hedging on portability
+  if [ "$arg" = "-v" ] || [ "$arg" = "--verbose" ] || echo "$arg" | grep -E -- -v+ ; then
+    VERBOSE=1
+  fi
+done
+
+# virtualenv call is not idempotent: it overwrites pip upgraded in
+# later steps, causing "ImportError: cannot import name unpack_url"
+if [ ! -d $VENV_PATH ]
+then
+  BOOTSTRAP=`dirname $0`/bootstrap
+  if [ ! -f $BOOTSTRAP/debian.sh ] ; then
+    echo "Cannot find the letsencrypt bootstrap scripts in $BOOTSTRAP"
+    exit 1
+  fi
+  if [ -f /etc/debian_version ] ; then
+    echo "Bootstrapping dependencies for Debian-based OSes..."
+    $SUDO $BOOTSTRAP/_deb_common.sh
+  elif [ -f /etc/arch-release ] ; then
+    echo "Bootstrapping dependencies for Archlinux..."
+    $SUDO $BOOTSTRAP/archlinux.sh
+  elif [ -f /etc/redhat-release ] ; then
+    echo "Bootstrapping dependencies for RedHat-based OSes..."
+    $SUDO $BOOTSTRAP/_rpm_common.sh
+  elif uname | grep -iq FreeBSD ; then
+    echo "Bootstrapping dependencies for FreeBSD..."
+    $SUDO $BOOTSTRAP/freebsd.sh
+  elif uname | grep -iq Darwin ; then
+    echo "Bootstrapping dependencies for Mac OS X..."
+    echo "WARNING: Mac support is very experimental at present..."
+    $BOOTSTRAP/mac.sh
+  else
+    echo "Sorry, I don't know how to bootstrap Let's Encrypt on your operating system!"
+    echo
+    echo "You will need to bootstrap, configure virtualenv, and run a pip install manually"
+    echo "Please see https://letsencrypt.readthedocs.org/en/latest/contributing.html#prerequisites"
+    echo "for more info"
+  fi
+
+  echo "Creating virtual environment..."
+  if [ "$VERBOSE" = 1 ] ; then
+    virtualenv --no-site-packages --python python2 $VENV_PATH
+  else
+    virtualenv --no-site-packages --python python2 $VENV_PATH > /dev/null
+  fi
+fi
+
+echo -n "Updating letsencrypt and virtual environment dependencies..."
+if [ "$VERBOSE" = 1 ]  ; then
+  echo
+  $VENV_BIN/pip install -U setuptools
+  $VENV_BIN/pip install -U pip
+  # nginx is buggy / disabled for now...
+  $VENV_BIN/pip install -U letsencrypt letsencrypt-apache #letsencrypt-nginx
+else
+  $VENV_BIN/pip install -U setuptools > /dev/null
+  echo -n .
+  $VENV_BIN/pip install -U pip > /dev/null
+  echo -n .
+  # nginx is buggy / disabled for now...
+  $VENV_BIN/pip install -U letsencrypt > /dev/null
+  echo -n .
+  $VENV_BIN/pip install -U letsencrypt-apache > /dev/null
+  echo
+fi
+
+# Explain what's about to happen, for the benefit of those getting sudo
+# password prompts...
+echo "Running with virtualenv:" $SUDO $VENV_BIN/letsencrypt "$@"
+$SUDO $VENV_BIN/letsencrypt "$@"