mirror of
https://github.com/certbot/certbot.git
synced 2026-06-07 07:42:08 -04:00
9e3c348dff
Fixes #7350. This PR changes the parsed modules from a `set` to a `dict`, with the filepath argument as the value. Accordingly, after calling `enable_mod` to enable `ssl_module`, modules now need to be re-parsed, so call `reset_modules`. * Add mechanism for selecting apache config file, based on work done in #7191. * Check OpenSSL version * Remove os imports * debian override still needs os * Reformat remaining apache tests with modules dict syntax * Clean up more apache tests * Switch from property to method for openssl and add tests for coverage. * Sometimes the dict location will be None in which case we should in fact return None * warn thoroughly and consistently in openssl_version function * update tests for new warnings * read file as bytes, and factor out the open for testing * normalize ssl_module_location path to account for being relative to server root * Use byte literals in a python 2 and 3 compatible way * string does need to be a literal * patch builtins open * add debug, remove space * Add test to check if OpenSSL detection is working on different systems * fix relative test location for cwd * put </IfModule> on its own line in test case * Revert test file to status in master. * Call augeas load before reparsing modules to pick up the changes * fix grep, tail, and mod_ssl location on centos * strip the trailing whitespace from fedora * just use LooseVersion in test * call apache2ctl on debian systems * Use sudo for apache2ctl command * add check to make sure we're getting a version * Add boolean so we don't warn on debian/ubuntu before trying to enable mod_ssl * Reduce warnings while testing by setting mock _openssl_version. * Make sure we're not throwing away any unwritten changes to the config * test last warning case for coverage * text changes for clarity
93 lines
3.5 KiB
Python
93 lines
3.5 KiB
Python
""" Distribution specific override class for Fedora 29+ """
|
|
import zope.interface
|
|
|
|
from certbot import errors
|
|
from certbot import interfaces
|
|
from certbot import util
|
|
from certbot_apache._internal import apache_util
|
|
from certbot_apache._internal import configurator
|
|
from certbot_apache._internal import parser
|
|
|
|
|
|
@zope.interface.provider(interfaces.IPluginFactory)
|
|
class FedoraConfigurator(configurator.ApacheConfigurator):
|
|
"""Fedora 29+ specific ApacheConfigurator override class"""
|
|
|
|
OS_DEFAULTS = dict(
|
|
server_root="/etc/httpd",
|
|
vhost_root="/etc/httpd/conf.d",
|
|
vhost_files="*.conf",
|
|
logs_root="/var/log/httpd",
|
|
ctl="httpd",
|
|
version_cmd=['httpd', '-v'],
|
|
restart_cmd=['apachectl', 'graceful'],
|
|
restart_cmd_alt=['apachectl', 'restart'],
|
|
conftest_cmd=['apachectl', 'configtest'],
|
|
enmod=None,
|
|
dismod=None,
|
|
le_vhost_ext="-le-ssl.conf",
|
|
handle_modules=False,
|
|
handle_sites=False,
|
|
challenge_location="/etc/httpd/conf.d",
|
|
)
|
|
|
|
def config_test(self):
|
|
"""
|
|
Override config_test to mitigate configtest error in vanilla installation
|
|
of mod_ssl in Fedora. The error is caused by non-existent self-signed
|
|
certificates referenced by the configuration, that would be autogenerated
|
|
during the first (re)start of httpd.
|
|
"""
|
|
try:
|
|
super(FedoraConfigurator, self).config_test()
|
|
except errors.MisconfigurationError:
|
|
self._try_restart_fedora()
|
|
|
|
def get_parser(self):
|
|
"""Initializes the ApacheParser"""
|
|
return FedoraParser(
|
|
self.option("server_root"), self.option("vhost_root"),
|
|
self.version, configurator=self)
|
|
|
|
def _try_restart_fedora(self):
|
|
"""
|
|
Tries to restart httpd using systemctl to generate the self signed keypair.
|
|
"""
|
|
try:
|
|
util.run_script(['systemctl', 'restart', 'httpd'])
|
|
except errors.SubprocessError as err:
|
|
raise errors.MisconfigurationError(str(err))
|
|
|
|
# Finish with actual config check to see if systemctl restart helped
|
|
super(FedoraConfigurator, self).config_test()
|
|
|
|
def _prepare_options(self):
|
|
"""
|
|
Override the options dictionary initialization to keep using apachectl
|
|
instead of httpd and so take advantages of this new bash script in newer versions
|
|
of Fedora to restart httpd.
|
|
"""
|
|
super(FedoraConfigurator, self)._prepare_options()
|
|
self.options["restart_cmd"][0] = 'apachectl'
|
|
self.options["restart_cmd_alt"][0] = 'apachectl'
|
|
self.options["conftest_cmd"][0] = 'apachectl'
|
|
|
|
|
|
class FedoraParser(parser.ApacheParser):
|
|
"""Fedora 29+ specific ApacheParser override class"""
|
|
def __init__(self, *args, **kwargs):
|
|
# Fedora 29+ specific configuration file for Apache
|
|
self.sysconfig_filep = "/etc/sysconfig/httpd"
|
|
super(FedoraParser, self).__init__(*args, **kwargs)
|
|
|
|
def update_runtime_variables(self):
|
|
""" Override for update_runtime_variables for custom parsing """
|
|
# Opportunistic, works if SELinux not enforced
|
|
super(FedoraParser, self).update_runtime_variables()
|
|
self._parse_sysconfig_var()
|
|
|
|
def _parse_sysconfig_var(self):
|
|
""" Parses Apache CLI options from Fedora configuration file """
|
|
defines = apache_util.parse_define_file(self.sysconfig_filep, "OPTIONS")
|
|
for k in defines:
|
|
self.variables[k] = defines[k]
|