upstream/certbot
1
0
Fork 0
mirror of https://github.com/certbot/certbot.git synced 2026-06-05 14:54:24 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
certbot/certbot-dns-route53
History
Adrien Ferrand ab76834100 [Windows|Linux] Forbid os.stat and os.fstat (#7325) 
Fixes #7212

This PR forbid os.stat and os.fstat, and fix or provide alternatives to avoid its usage in certbot outside of certbot.compat.filesystem.

* Reimplement private key mode propagation

* Remove other os.stat

* Remove last call of os.stat in certbot package

* Forbid stat and fstat

* Implement mode comparison checks

* Add unit tests

* Update certbot/compat/filesystem.py

Co-Authored-By: Brad Warren <bmw@users.noreply.github.com>

* Update certbot/compat/filesystem.py

Co-Authored-By: Brad Warren <bmw@users.noreply.github.com>

* Handle case where multiple ace concerns a given SID in has_min_permissions

* Add a new test scenario

* Add a simple test for has_same_ownership

* Fix name function

* Add a comment explaining an ACE structure

* Move a test in its dedicated class

* Improve a message error

* Calculate has_min_permission result using effective permission rights to be more generic.

* Change an exception message

* Add comments, avoid to skip a test.

* Update certbot/compat/filesystem.py

Co-Authored-By: Brad Warren <bmw@users.noreply.github.com>
2019-09-06 14:30:25 -07:00
..
certbot_dns_route53 [Windows] Security model for files permissions - STEP 2 (#6895) 2019-04-12 13:32:51 -07:00
docs Put API link at the bottom of DNS plugin docs (#5699) 2018-03-12 17:10:23 -07:00
examples route53: rename to match other DNS plugins (#4747) 2017-06-06 15:41:04 -07:00
tools route53: rename to match other DNS plugins (#4747) 2017-06-06 15:41:04 -07:00
.gitignore route53: rename to match other DNS plugins (#4747) 2017-06-06 15:41:04 -07:00
LICENSE.txt Unify license filename (LICENSE.txt) (#7239) 2019-07-12 22:53:43 +03:00
local-oldest-requirements.txt [Windows|Linux] Forbid os.stat and os.fstat (#7325) 2019-09-06 14:30:25 -07:00
MANIFEST.in Unify license filename (LICENSE.txt) (#7239) 2019-07-12 22:53:43 +03:00
README.md route53: rename to match other DNS plugins (#4747) 2017-06-06 15:41:04 -07:00
readthedocs.org.requirements.txt Add readthedocs requirements files (#5696) 2018-03-08 17:24:30 -08:00
setup.cfg route53: rename to match other DNS plugins (#4747) 2017-06-06 15:41:04 -07:00
setup.py [Windows|Linux] Forbid os.stat and os.fstat (#7325) 2019-09-06 14:30:25 -07:00

README.md

Route53 plugin for Let's Encrypt client

Before you start

It's expected that the root hosted zone for the domain in question already exists in your account.

Setup

  1. Create a virtual environment

  2. Update its pip and setuptools (VENV/bin/pip install -U setuptools pip) to avoid problems with cryptography's dependency on setuptools>=11.3.

  3. Make sure you have libssl-dev and libffi (or your regional equivalents) installed. You might have to set compiler flags to pick things up (I have to use CPPFLAGS=-I/usr/local/opt/openssl/include LDFLAGS=-L/usr/local/opt/openssl/lib on my macOS to pick up brew's openssl, for example).

  4. Install this package.

How to use it

Make sure you have access to AWS's Route53 service, either through IAM roles or via .aws/credentials. Check out sample-aws-policy.json for the necessary permissions.

To generate a certificate:

certbot certonly \
  -n --agree-tos --email DEVOPS@COMPANY.COM \
  --dns-route53 \
  -d MY.DOMAIN.NAME