Hello community,
here is the log from the commit of package python-certbot for openSUSE:Factory checked in at 2019-02-11 21:26:17
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-certbot (Old)
and /work/SRC/openSUSE:Factory/.python-certbot.new.28833 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-certbot"
Mon Feb 11 21:26:17 2019 rev:8 rq:673116 version:0.31.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-certbot/python-certbot.changes 2019-02-02 21:48:52.208000525 +0100
+++ /work/SRC/openSUSE:Factory/.python-certbot.new.28833/python-certbot.changes 2019-02-11 21:26:23.695047935 +0100
@@ -1,0 +2,10 @@
+Fri Feb 8 10:32:10 UTC 2019 - Marketa Calabkova
+
+- update to version 0.31.0
+ * Avoid reprocessing challenges that are already validated when
+ a certificate is issued.
+ * Certbot's official Docker images are now based on Alpine Linux 3.9
+ rather than 3.7.
+ * Clarify behavior for deleting certs as part of revocation.
+
+-------------------------------------------------------------------
Old:
----
certbot-0.30.2.tar.gz
New:
----
certbot-0.31.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-certbot.spec ++++++
--- /var/tmp/diff_new_pack.vZNUlQ/_old 2019-02-11 21:26:27.191046050 +0100
+++ /var/tmp/diff_new_pack.vZNUlQ/_new 2019-02-11 21:26:27.223046032 +0100
@@ -18,7 +18,7 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-certbot
-Version: 0.30.2
+Version: 0.31.0
Release: 0
Summary: ACME client
License: Apache-2.0
++++++ certbot-0.30.2.tar.gz -> certbot-0.31.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-0.30.2/CHANGELOG.md new/certbot-0.31.0/CHANGELOG.md
--- old/certbot-0.30.2/CHANGELOG.md 2019-01-25 21:15:41.000000000 +0100
+++ new/certbot-0.31.0/CHANGELOG.md 2019-02-07 22:20:30.000000000 +0100
@@ -2,6 +2,49 @@
Certbot adheres to [Semantic Versioning](https://semver.org/).
+## 0.31.0 - 2019-02-07
+
+### Added
+
+* Avoid reprocessing challenges that are already validated
+ when a certificate is issued.
+* Support for initiating (but not solving end-to-end) TLS-ALPN-01 challenges
+ with the `acme` module.
+
+### Changed
+
+* Certbot's official Docker images are now based on Alpine Linux 3.9 rather
+ than 3.7. The new version comes with OpenSSL 1.1.1.
+* Lexicon-based DNS plugins are now fully compatible with Lexicon 3.x (support
+ on 2.x branch is maintained).
+* Apache plugin now attempts to configure all VirtualHosts matching requested
+ domain name instead of only a single one when answering the HTTP-01 challenge.
+
+### Fixed
+
+* Fixed accessing josepy contents through acme.jose when the full acme.jose
+ path is used.
+* Clarify behavior for deleting certs as part of revocation.
+
+Despite us having broken lockstep, we are continuing to release new versions of
+all Certbot components during releases for the time being, however, the only
+package with changes other than its version number was:
+
+* acme
+* certbot
+* certbot-apache
+* certbot-dns-cloudxns
+* certbot-dns-dnsimple
+* certbot-dns-dnsmadeeasy
+* certbot-dns-gehirn
+* certbot-dns-linode
+* certbot-dns-luadns
+* certbot-dns-nsone
+* certbot-dns-ovh
+* certbot-dns-sakuracloud
+
+More details about these changes can be found on our GitHub repo.
+
## 0.30.2 - 2019-01-25
### Fixed
@@ -43,7 +86,7 @@
* Copied account management functionality from the `register` subcommand
to the `update_account` subcommand.
-* Marked usage `register --update-registration` for deprecation and
+* Marked usage `register --update-registration` for deprecation and
removal in a future release.
### Fixed
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-0.30.2/PKG-INFO new/certbot-0.31.0/PKG-INFO
--- old/certbot-0.30.2/PKG-INFO 2019-01-25 21:15:42.000000000 +0100
+++ new/certbot-0.31.0/PKG-INFO 2019-02-07 22:20:31.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: certbot
-Version: 0.30.2
+Version: 0.31.0
Summary: ACME client
Home-page: https://github.com/letsencrypt/letsencrypt
Author: Certbot Project
@@ -107,8 +107,8 @@
|build-status| |coverage| |docs| |container|
- .. |build-status| image:: https://travis-ci.org/certbot/certbot.svg?branch=master
- :target: https://travis-ci.org/certbot/certbot
+ .. |build-status| image:: https://travis-ci.com/certbot/certbot.svg?branch=master
+ :target: https://travis-ci.com/certbot/certbot
:alt: Travis CI status
.. |coverage| image:: https://codecov.io/gh/certbot/certbot/branch/master/graph/badge.svg
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-0.30.2/README.rst new/certbot-0.31.0/README.rst
--- old/certbot-0.30.2/README.rst 2019-01-25 21:15:41.000000000 +0100
+++ new/certbot-0.31.0/README.rst 2019-02-07 22:20:29.000000000 +0100
@@ -99,8 +99,8 @@
|build-status| |coverage| |docs| |container|
-.. |build-status| image:: https://travis-ci.org/certbot/certbot.svg?branch=master
- :target: https://travis-ci.org/certbot/certbot
+.. |build-status| image:: https://travis-ci.com/certbot/certbot.svg?branch=master
+ :target: https://travis-ci.com/certbot/certbot
:alt: Travis CI status
.. |coverage| image:: https://codecov.io/gh/certbot/certbot/branch/master/graph/badge.svg
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-0.30.2/certbot/__init__.py new/certbot-0.31.0/certbot/__init__.py
--- old/certbot-0.30.2/certbot/__init__.py 2019-01-25 21:15:42.000000000 +0100
+++ new/certbot-0.31.0/certbot/__init__.py 2019-02-07 22:20:31.000000000 +0100
@@ -1,4 +1,4 @@
"""Certbot client."""
# version number like 1.2.3a0, must have at least 2 parts, like 1.2
-__version__ = '0.30.2'
+__version__ = '0.31.0'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-0.30.2/certbot/account.py new/certbot-0.31.0/certbot/account.py
--- old/certbot-0.30.2/certbot/account.py 2019-01-25 21:15:41.000000000 +0100
+++ new/certbot-0.31.0/certbot/account.py 2019-02-07 22:20:29.000000000 +0100
@@ -142,7 +142,7 @@
def __init__(self, config):
self.config = config
util.make_or_verify_dir(config.accounts_dir, 0o700, compat.os_geteuid(),
- self.config.strict_permissions)
+ self.config.strict_permissions)
def _account_dir_path(self, account_id):
return self._account_dir_path_for_server_path(account_id, self.config.server_path)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-0.30.2/certbot/auth_handler.py new/certbot-0.31.0/certbot/auth_handler.py
--- old/certbot-0.30.2/certbot/auth_handler.py 2019-01-25 21:15:41.000000000 +0100
+++ new/certbot-0.31.0/certbot/auth_handler.py 2019-02-07 22:20:29.000000000 +0100
@@ -31,7 +31,7 @@
:class:`~acme.challenges.Challenge` types
:type auth: :class:`certbot.interfaces.IAuthenticator`
- :ivar acme.client.BackwardsCompatibleClientV2 acme: ACME client API.
+ :ivar acme.client.BackwardsCompatibleClientV2 acme_client: ACME client API.
:ivar account: Client's Account
:type account: :class:`certbot.account.Account`
@@ -40,9 +40,9 @@
type strings with the most preferred challenge listed first
"""
- def __init__(self, auth, acme, account, pref_challs):
+ def __init__(self, auth, acme_client, account, pref_challs):
self.auth = auth
- self.acme = acme
+ self.acme = acme_client
self.account = account
self.pref_challs = pref_challs
@@ -85,19 +85,26 @@
self.verify_authzr_complete(aauthzrs)
# Only return valid authorizations
- retVal = [aauthzr.authzr for aauthzr in aauthzrs
- if aauthzr.authzr.body.status == messages.STATUS_VALID]
+ ret_val = [aauthzr.authzr for aauthzr in aauthzrs
+ if aauthzr.authzr.body.status == messages.STATUS_VALID]
- if not retVal:
+ if not ret_val:
raise errors.AuthorizationError(
"Challenges failed for all domains")
- return retVal
+ return ret_val
def _choose_challenges(self, aauthzrs):
- """Retrieve necessary challenges to satisfy server."""
- logger.info("Performing the following challenges:")
- for aauthzr in aauthzrs:
+ """
+ Retrieve necessary and pending challenges to satisfy server.
+ NB: Necessary and already validated challenges are not retrieved,
+ as they can be reused for a certificate issuance.
+ """
+ pending_authzrs = [aauthzr for aauthzr in aauthzrs
+ if aauthzr.authzr.body.status != messages.STATUS_VALID]
+ if pending_authzrs:
+ logger.info("Performing the following challenges:")
+ for aauthzr in pending_authzrs:
aauthzr_challenges = aauthzr.authzr.body.challenges
if self.acme.acme_version == 1:
combinations = aauthzr.authzr.body.combinations
@@ -125,7 +132,7 @@
def _solve_challenges(self, aauthzrs):
"""Get Responses for challenges from authenticators."""
- resp = [] # type: Collection[acme.challenges.ChallengeResponse]
+ resp = [] # type: Collection[challenges.ChallengeResponse]
all_achalls = self._get_all_achalls(aauthzrs)
try:
if all_achalls:
@@ -531,7 +538,7 @@
"""
problems = collections.defaultdict(list)\
- # type: DefaultDict[str, List[achallenges.KeyAuthorizationAnnotatedChallenge]]
+ # type: DefaultDict[str, List[achallenges.KeyAuthorizationAnnotatedChallenge]]
for achall in failed_achalls:
if achall.error:
problems[achall.error.typ].append(achall)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-0.30.2/certbot/cli.py new/certbot-0.31.0/certbot/cli.py
--- old/certbot-0.30.2/certbot/cli.py 2019-01-25 21:15:41.000000000 +0100
+++ new/certbot-0.31.0/certbot/cli.py 2019-02-07 22:20:29.000000000 +0100
@@ -1311,7 +1311,8 @@
helpful.add("revoke",
"--delete-after-revoke", action="store_true",
default=flag_default("delete_after_revoke"),
- help="Delete certificates after revoking them.")
+ help="Delete certificates after revoking them, along with all previous and later "
+ "versions of those certificates.")
helpful.add("revoke",
"--no-delete-after-revoke", action="store_false",
dest="delete_after_revoke",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-0.30.2/certbot/compat.py new/certbot-0.31.0/certbot/compat.py
--- old/certbot-0.30.2/certbot/compat.py 2019-01-25 21:15:41.000000000 +0100
+++ new/certbot-0.31.0/certbot/compat.py 2019-02-07 22:20:29.000000000 +0100
@@ -1,12 +1,8 @@
"""
Compatibility layer to run certbot both on Linux and Windows.
-The approach used here is similar to Modernizr for Web browsers.
-We do not check the platform type to determine if a particular logic is supported.
-Instead, we apply a logic, and then fallback to another logic if first logic
-is not supported at runtime.
-
-Then logic chains are abstracted into single functions to be exposed to certbot.
+This module contains all required platform specific code,
+allowing the rest of Certbot codebase to be platform agnostic.
"""
import os
import select
@@ -27,6 +23,8 @@
UNPRIVILEGED_SUBCOMMANDS_ALLOWED = [
'certificates', 'enhance', 'revoke', 'delete',
'register', 'unregister', 'config_changes', 'plugins']
+
+
def raise_for_non_administrative_windows_rights(subcommand):
"""
On Windows, raise if current shell does not have the administrative rights.
@@ -50,6 +48,7 @@
'Error, "{0}" subcommand must be run on a shell with administrative rights.'
.format(subcommand))
+
def os_geteuid():
"""
Get current user uid
@@ -65,6 +64,7 @@
# Windows specific
return 0
+
def os_rename(src, dst):
"""
Rename a file to a destination path and handles situations where the destination exists.
@@ -117,6 +117,7 @@
# So no timeout on Windows for now.
return sys.stdin.readline()
+
def lock_file(fd):
"""
Lock the file linked to the specified file descriptor.
@@ -131,6 +132,7 @@
# Windows specific
msvcrt.locking(fd, msvcrt.LK_NBLCK, 1)
+
def release_locked_file(fd, path):
"""
Remove, close, and release a lock file specified by its file descriptor and its path.
@@ -164,15 +166,17 @@
finally:
os.close(fd)
+
def compare_file_modes(mode1, mode2):
"""Return true if the two modes can be considered as equals for this platform"""
- if 'fcntl' in sys.modules:
+ if os.name != 'nt':
# Linux specific: standard compare
return oct(stat.S_IMODE(mode1)) == oct(stat.S_IMODE(mode2))
# Windows specific: most of mode bits are ignored on Windows. Only check user R/W rights.
return (stat.S_IMODE(mode1) & stat.S_IREAD == stat.S_IMODE(mode2) & stat.S_IREAD
and stat.S_IMODE(mode1) & stat.S_IWRITE == stat.S_IMODE(mode2) & stat.S_IWRITE)
+
WINDOWS_DEFAULT_FOLDERS = {
'config': 'C:\\Certbot',
'work': 'C:\\Certbot\\lib',
@@ -184,6 +188,7 @@
'logs': '/var/log/letsencrypt',
}
+
def get_default_folder(folder_type):
"""
Return the relevant default folder for the current OS
@@ -194,8 +199,25 @@
:rtype: str
"""
- if 'fcntl' in sys.modules:
+ if os.name != 'nt':
# Linux specific
return LINUX_DEFAULT_FOLDERS[folder_type]
# Windows specific
return WINDOWS_DEFAULT_FOLDERS[folder_type]
+
+
+def underscores_for_unsupported_characters_in_path(path):
+ # type: (str) -> str
+ """
+ Replace unsupported characters in path for current OS by underscores.
+ :param str path: the path to normalize
+ :return: the normalized path
+ :rtype: str
+ """
+ if os.name != 'nt':
+ # Linux specific
+ return path
+
+ # Windows specific
+ drive, tail = os.path.splitdrive(path)
+ return drive + tail.replace(':', '_')
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-0.30.2/certbot/configuration.py new/certbot-0.31.0/certbot/configuration.py
--- old/certbot-0.30.2/certbot/configuration.py 2019-01-25 21:15:41.000000000 +0100
+++ new/certbot-0.31.0/certbot/configuration.py 2019-02-07 22:20:29.000000000 +0100
@@ -5,6 +5,7 @@
from six.moves.urllib import parse # pylint: disable=import-error
import zope.interface
+from certbot import compat
from certbot import constants
from certbot import errors
from certbot import interfaces
@@ -69,6 +70,7 @@
def accounts_dir_for_server_path(self, server_path):
"""Path to accounts directory based on server_path"""
+ server_path = compat.underscores_for_unsupported_characters_in_path(server_path)
return os.path.join(
self.namespace.config_dir, constants.ACCOUNTS_DIR, server_path)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-0.30.2/certbot/constants.py new/certbot-0.31.0/certbot/constants.py
--- old/certbot-0.30.2/certbot/constants.py 2019-01-25 21:15:41.000000000 +0100
+++ new/certbot-0.31.0/certbot/constants.py 2019-02-07 22:20:29.000000000 +0100
@@ -146,7 +146,7 @@
"""Defaults for renewer script."""
-ENHANCEMENTS = ["redirect", "ensure-http-header", "ocsp-stapling", "spdy"]
+ENHANCEMENTS = ["redirect", "ensure-http-header", "ocsp-stapling"]
"""List of possible :class:`certbot.interfaces.IInstaller`
enhancements.
@@ -154,7 +154,6 @@
- redirect: None
- ensure-http-header: name of header (i.e. Strict-Transport-Security)
- ocsp-stapling: certificate chain file path
-- spdy: TODO
"""
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-0.30.2/certbot/interfaces.py new/certbot-0.31.0/certbot/interfaces.py
--- old/certbot-0.30.2/certbot/interfaces.py 2019-01-25 21:15:41.000000000 +0100
+++ new/certbot-0.31.0/certbot/interfaces.py 2019-02-07 22:20:29.000000000 +0100
@@ -522,56 +522,6 @@
"""
-class IValidator(zope.interface.Interface):
- """Configuration validator."""
-
- def certificate(cert, name, alt_host=None, port=443):
- """Verifies the certificate presented at name is cert
-
- :param OpenSSL.crypto.X509 cert: Expected certificate
- :param str name: Server's domain name
- :param bytes alt_host: Host to connect to instead of the IP
- address of host
- :param int port: Port to connect to
-
- :returns: True if the certificate was verified successfully
- :rtype: bool
-
- """
-
- def redirect(name, port=80, headers=None):
- """Verify redirect to HTTPS
-
- :param str name: Server's domain name
- :param int port: Port to connect to
- :param dict headers: HTTP headers to include in request
-
- :returns: True if redirect is successfully enabled
- :rtype: bool
-
- """
-
- def hsts(name):
- """Verify HSTS header is enabled
-
- :param str name: Server's domain name
-
- :returns: True if HSTS header is successfully enabled
- :rtype: bool
-
- """
-
- def ocsp_stapling(name):
- """Verify ocsp stapling for domain
-
- :param str name: Server's domain name
-
- :returns: True if ocsp stapling is successfully enabled
- :rtype: bool
-
- """
-
-
class IReporter(zope.interface.Interface):
"""Interface to collect and display information to the user."""
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-0.30.2/certbot/main.py new/certbot-0.31.0/certbot/main.py
--- old/certbot-0.30.2/certbot/main.py 2019-01-25 21:15:41.000000000 +0100
+++ new/certbot-0.31.0/certbot/main.py 2019-02-07 22:20:29.000000000 +0100
@@ -548,7 +548,8 @@
attempt_deletion = config.delete_after_revoke
if attempt_deletion is None:
- msg = ("Would you like to delete the cert(s) you just revoked?")
+ msg = ("Would you like to delete the cert(s) you just revoked, along with all earlier and "
+ "later versions of the cert?")
attempt_deletion = display.yesno(msg, yes_label="Yes (recommended)", no_label="No",
force_interactive=True, default=True)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-0.30.2/certbot/plugins/dns_common_lexicon.py new/certbot-0.31.0/certbot/plugins/dns_common_lexicon.py
--- old/certbot-0.30.2/certbot/plugins/dns_common_lexicon.py 2019-01-25 21:15:41.000000000 +0100
+++ new/certbot-0.31.0/certbot/plugins/dns_common_lexicon.py 2019-02-07 22:20:30.000000000 +0100
@@ -1,12 +1,22 @@
"""Common code for DNS Authenticator Plugins built on Lexicon."""
-
import logging
from requests.exceptions import HTTPError, RequestException
+from acme.magic_typing import Union, Dict, Any # pylint: disable=unused-import,no-name-in-module
from certbot import errors
from certbot.plugins import dns_common
+# Lexicon is not declared as a dependency in Certbot itself,
+# but in the Certbot plugins backed by Lexicon.
+# So we catch import error here to allow this module to be
+# always importable, even if it does not make sense to use it
+# if Lexicon is not available, obviously.
+try:
+ from lexicon.config import ConfigResolver
+except ImportError:
+ ConfigResolver = None # type: ignore
+
logger = logging.getLogger(__name__)
@@ -100,3 +110,28 @@
if not str(e).startswith('No domain found'):
return errors.PluginError('Unexpected error determining zone identifier for {0}: {1}'
.format(domain_name, e))
+
+
+def build_lexicon_config(lexicon_provider_name, lexicon_options, provider_options):
+ # type: (str, Dict, Dict) -> Union[ConfigResolver, Dict]
+ """
+ Convenient function to build a Lexicon 2.x/3.x config object.
+ :param str lexicon_provider_name: the name of the lexicon provider to use
+ :param dict lexicon_options: options specific to lexicon
+ :param dict provider_options: options specific to provider
+ :return: configuration to apply to the provider
+ :rtype: ConfigurationResolver or dict
+ """
+ config = {'provider_name': lexicon_provider_name} # type: Dict[str, Any]
+ config.update(lexicon_options)
+ if not ConfigResolver:
+ # Lexicon 2.x
+ config.update(provider_options)
+ else:
+ # Lexicon 3.x
+ provider_config = {}
+ provider_config.update(provider_options)
+ config[lexicon_provider_name] = provider_config
+ config = ConfigResolver().with_dict(config).with_env()
+
+ return config
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-0.30.2/certbot/storage.py new/certbot-0.31.0/certbot/storage.py
--- old/certbot-0.30.2/certbot/storage.py 2019-01-25 21:15:41.000000000 +0100
+++ new/certbot-0.31.0/certbot/storage.py 2019-02-07 22:20:30.000000000 +0100
@@ -41,7 +41,9 @@
:rtype: `list` of `str`
"""
- return glob.glob(os.path.join(config.renewal_configs_dir, "*.conf"))
+ result = glob.glob(os.path.join(config.renewal_configs_dir, "*.conf"))
+ result.sort()
+ return result
def renewal_file_for_certname(config, certname):
"""Return /path/to/certname.conf in the renewal conf directory"""
@@ -877,45 +879,6 @@
with open(target) as f:
return crypto_util.get_names_from_cert(f.read())
- def autodeployment_is_enabled(self):
- """Is automatic deployment enabled for this cert?
-
- If autodeploy is not specified, defaults to True.
-
- :returns: True if automatic deployment is enabled
- :rtype: bool
-
- """
- return ("autodeploy" not in self.configuration or
- self.configuration.as_bool("autodeploy"))
-
- def should_autodeploy(self, interactive=False):
- """Should this lineage now automatically deploy a newer version?
-
- This is a policy question and does not only depend on whether
- there is a newer version of the cert. (This considers whether
- autodeployment is enabled, whether a relevant newer version
- exists, and whether the time interval for autodeployment has
- been reached.)
-
- :param bool interactive: set to True to examine the question
- regardless of whether the renewal configuration allows
- automated deployment (for interactive use). Default False.
-
- :returns: whether the lineage now ought to autodeploy an
- existing newer cert version
- :rtype: bool
-
- """
- if interactive or self.autodeployment_is_enabled():
- if self.has_pending_deployment():
- interval = self.configuration.get("deploy_before_expiry",
- "5 days")
- now = pytz.UTC.fromutc(datetime.datetime.utcnow())
- if self.target_expiry < add_time_interval(now, interval):
- return True
- return False
-
def ocsp_revoked(self, version=None):
# pylint: disable=no-self-use,unused-argument
"""Is the specified cert version revoked according to OCSP?
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-0.30.2/certbot/tests/account_test.py new/certbot-0.31.0/certbot/tests/account_test.py
--- old/certbot-0.30.2/certbot/tests/account_test.py 2019-01-25 21:15:41.000000000 +0100
+++ new/certbot-0.31.0/certbot/tests/account_test.py 2019-02-07 22:20:30.000000000 +0100
@@ -12,6 +12,7 @@
from acme import messages
+from certbot import compat
from certbot import errors
import certbot.tests.util as test_util
@@ -114,7 +115,8 @@
self.mock_client.directory.new_authz = new_authzr_uri
def test_init_creates_dir(self):
- self.assertTrue(os.path.isdir(self.config.accounts_dir))
+ self.assertTrue(os.path.isdir(
+ compat.underscores_for_unsupported_characters_in_path(self.config.accounts_dir)))
@test_util.broken_on_windows
def test_save_and_restore(self):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-0.30.2/certbot/tests/auth_handler_test.py new/certbot-0.31.0/certbot/tests/auth_handler_test.py
--- old/certbot-0.30.2/certbot/tests/auth_handler_test.py 2019-01-25 21:15:41.000000000 +0100
+++ new/certbot-0.31.0/certbot/tests/auth_handler_test.py 2019-02-07 22:20:30.000000000 +0100
@@ -57,7 +57,7 @@
errors.Error, self.handler._challenge_factory, authzr, [0])
-class HandleAuthorizationsTest(unittest.TestCase):
+class HandleAuthorizationsTest(unittest.TestCase): # pylint: disable=too-many-public-methods
"""handle_authorizations test.
This tests everything except for all functions under _poll_challenges.
@@ -316,6 +316,24 @@
self.assertEqual(
self.mock_auth.cleanup.call_args[0][0][0].typ, "tls-sni-01")
+ def test_validated_challenge_not_rerun(self):
+ # With pending challenge, we expect the challenge to be tried, and fail.
+ authzr = acme_util.gen_authzr(
+ messages.STATUS_PENDING, "0",
+ [acme_util.HTTP01],
+ [messages.STATUS_PENDING], False)
+ mock_order = mock.MagicMock(authorizations=[authzr])
+ self.assertRaises(
+ errors.AuthorizationError, self.handler.handle_authorizations, mock_order)
+
+ # With validated challenge; we expect the challenge not be tried again, and succeed.
+ authzr = acme_util.gen_authzr(
+ messages.STATUS_VALID, "0",
+ [acme_util.HTTP01],
+ [messages.STATUS_VALID], False)
+ mock_order = mock.MagicMock(authorizations=[authzr])
+ self.handler.handle_authorizations(mock_order)
+
def _validate_all(self, aauthzrs, unused_1, unused_2):
for i, aauthzr in enumerate(aauthzrs):
azr = aauthzr.authzr
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-0.30.2/certbot/tests/configuration_test.py new/certbot-0.31.0/certbot/tests/configuration_test.py
--- old/certbot-0.30.2/certbot/tests/configuration_test.py 2019-01-25 21:15:41.000000000 +0100
+++ new/certbot-0.31.0/certbot/tests/configuration_test.py 2019-02-07 22:20:30.000000000 +0100
@@ -4,6 +4,7 @@
import mock
+from certbot import compat
from certbot import constants
from certbot import errors
@@ -47,9 +48,11 @@
mock_constants.KEY_DIR = 'keys'
mock_constants.TEMP_CHECKPOINT_DIR = 't'
+ ref_path = compat.underscores_for_unsupported_characters_in_path(
+ 'acc/acme-server.org:443/new')
self.assertEqual(
os.path.normpath(self.config.accounts_dir),
- os.path.normpath(os.path.join(self.config.config_dir, 'acc/acme-server.org:443/new')))
+ os.path.normpath(os.path.join(self.config.config_dir, ref_path)))
self.assertEqual(
os.path.normpath(self.config.backup_dir),
os.path.normpath(os.path.join(self.config.work_dir, 'backups')))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-0.30.2/certbot/tests/storage_test.py new/certbot-0.31.0/certbot/tests/storage_test.py
--- old/certbot-0.30.2/certbot/tests/storage_test.py 2019-01-25 21:15:41.000000000 +0100
+++ new/certbot-0.31.0/certbot/tests/storage_test.py 2019-02-07 22:20:30.000000000 +0100
@@ -388,8 +388,7 @@
@mock.patch("certbot.storage.cli")
@mock.patch("certbot.storage.datetime")
def test_time_interval_judgments(self, mock_datetime, mock_cli):
- """Test should_autodeploy() and should_autorenew() on the basis
- of expiry time windows."""
+ """Test should_autorenew() on the basis of expiry time windows."""
test_cert = test_util.load_vector("cert_512.pem")
self._write_out_ex_kinds()
@@ -430,31 +429,8 @@
mock_datetime.datetime.utcnow.return_value = sometime
self.test_rc.configuration["deploy_before_expiry"] = interval
self.test_rc.configuration["renew_before_expiry"] = interval
- self.assertEqual(self.test_rc.should_autodeploy(), result)
self.assertEqual(self.test_rc.should_autorenew(), result)
- def test_autodeployment_is_enabled(self):
- self.assertTrue(self.test_rc.autodeployment_is_enabled())
- self.test_rc.configuration["autodeploy"] = "1"
- self.assertTrue(self.test_rc.autodeployment_is_enabled())
-
- self.test_rc.configuration["autodeploy"] = "0"
- self.assertFalse(self.test_rc.autodeployment_is_enabled())
-
- def test_should_autodeploy(self):
- """Test should_autodeploy() on the basis of reasons other than
- expiry time window."""
- # pylint: disable=too-many-statements
- # Autodeployment turned off
- self.test_rc.configuration["autodeploy"] = "0"
- self.assertFalse(self.test_rc.should_autodeploy())
- self.test_rc.configuration["autodeploy"] = "1"
- # No pending deployment
- for ver in six.moves.range(1, 6):
- for kind in ALL_FOUR:
- self._write_out_kind(kind, ver)
- self.assertFalse(self.test_rc.should_autodeploy())
-
def test_autorenewal_is_enabled(self):
self.test_rc.configuration["renewalparams"] = {}
self.assertTrue(self.test_rc.autorenewal_is_enabled())
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-0.30.2/certbot.egg-info/PKG-INFO new/certbot-0.31.0/certbot.egg-info/PKG-INFO
--- old/certbot-0.30.2/certbot.egg-info/PKG-INFO 2019-01-25 21:15:42.000000000 +0100
+++ new/certbot-0.31.0/certbot.egg-info/PKG-INFO 2019-02-07 22:20:31.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: certbot
-Version: 0.30.2
+Version: 0.31.0
Summary: ACME client
Home-page: https://github.com/letsencrypt/letsencrypt
Author: Certbot Project
@@ -107,8 +107,8 @@
|build-status| |coverage| |docs| |container|
- .. |build-status| image:: https://travis-ci.org/certbot/certbot.svg?branch=master
- :target: https://travis-ci.org/certbot/certbot
+ .. |build-status| image:: https://travis-ci.com/certbot/certbot.svg?branch=master
+ :target: https://travis-ci.com/certbot/certbot
:alt: Travis CI status
.. |coverage| image:: https://codecov.io/gh/certbot/certbot/branch/master/graph/badge.svg
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-0.30.2/certbot.egg-info/requires.txt new/certbot-0.31.0/certbot.egg-info/requires.txt
--- old/certbot-0.30.2/certbot.egg-info/requires.txt 2019-01-25 21:15:42.000000000 +0100
+++ new/certbot-0.31.0/certbot.egg-info/requires.txt 2019-02-07 22:20:31.000000000 +0100
@@ -1,7 +1,7 @@
acme>=0.29.0
ConfigArgParse>=0.9.3
configobj
-cryptography>=1.2
+cryptography>=1.2.3
josepy
mock
parsedatetime>=1.3
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-0.30.2/docs/cli-help.txt new/certbot-0.31.0/docs/cli-help.txt
--- old/certbot-0.30.2/docs/cli-help.txt 2019-01-25 21:15:41.000000000 +0100
+++ new/certbot-0.31.0/docs/cli-help.txt 2019-02-07 22:20:30.000000000 +0100
@@ -113,7 +113,7 @@
case, and to know when to deprecate support for past
Python versions and flags. If you wish to hide this
information from the Let's Encrypt server, set this to
- "". (default: CertbotACMEClient/0.30.1
+ "". (default: CertbotACMEClient/0.30.2
(certbot(-auto); OS_NAME OS_VERSION) Authenticator/XXX
Installer/YYY (SUBCOMMAND; flags: FLAGS)
Py/major.minor.patchlevel). The flags encoded in the
@@ -479,9 +479,10 @@
Apache Web Server plugin
--apache-enmod APACHE_ENMOD
- Path to the Apache 'a2enmod' binary (default: None)
+ Path to the Apache 'a2enmod' binary (default: a2enmod)
--apache-dismod APACHE_DISMOD
- Path to the Apache 'a2dismod' binary (default: None)
+ Path to the Apache 'a2dismod' binary (default:
+ a2dismod)
--apache-le-vhost-ext APACHE_LE_VHOST_EXT
SSL vhost configuration extension (default: -le-
ssl.conf)
@@ -495,16 +496,16 @@
/var/log/apache2)
--apache-challenge-location APACHE_CHALLENGE_LOCATION
Directory path for challenge configuration (default:
- /etc/apache2/other)
+ /etc/apache2)
--apache-handle-modules APACHE_HANDLE_MODULES
Let installer handle enabling required modules for you
- (Only Ubuntu/Debian currently) (default: False)
+ (Only Ubuntu/Debian currently) (default: True)
--apache-handle-sites APACHE_HANDLE_SITES
Let installer handle enabling sites for you (Only
- Ubuntu/Debian currently) (default: False)
+ Ubuntu/Debian currently) (default: True)
--apache-ctl APACHE_CTL
Full path to Apache control script (default:
- apachectl)
+ apache2ctl)
dns-cloudflare:
Obtain certificates using a DNS TXT record (if you are using Cloudflare
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-0.30.2/docs/using.rst new/certbot-0.31.0/docs/using.rst
--- old/certbot-0.30.2/docs/using.rst 2019-01-25 21:15:41.000000000 +0100
+++ new/certbot-0.31.0/docs/using.rst 2019-02-07 22:20:30.000000000 +0100
@@ -44,8 +44,7 @@
=========== ==== ==== =============================================================== =============================
Plugin Auth Inst Notes Challenge types (and port)
=========== ==== ==== =============================================================== =============================
-apache_ Y Y | Automates obtaining and installing a certificate with Apache http-01_ (80)
- | 2.4 on OSes with ``libaugeas0`` 1.0+.
+apache_ Y Y | Automates obtaining and installing a certificate with Apache. http-01_ (80)
nginx_ Y Y | Automates obtaining and installing a certificate with Nginx. http-01_ (80)
webroot_ Y N | Obtains a certificate by writing to the webroot directory of http-01_ (80)
| an already running webserver.
@@ -83,8 +82,7 @@
Apache
------
-The Apache plugin currently requires an OS with augeas version 1.0; currently `it
-supports
+The Apache plugin currently `supports
https://github.com/certbot/certbot/blob/master/certbot-apache/certbot_apache...`_
modern OSes based on Debian, Fedora, SUSE, Gentoo and Darwin.
This automates both obtaining *and* installing certificates on an Apache
@@ -136,9 +134,8 @@
Nginx
-----
-The Nginx plugin has been distributed with Certbot since version 0.9.0 and should
-work for most configurations. We recommend backing up Nginx
-configurations before using it (though you can also revert changes to
+The Nginx plugin should work for most configurations. We recommend backing up
+Nginx configurations before using it (though you can also revert changes to
configurations with ``certbot --nginx rollback``). You can use it by providing
the ``--nginx`` flag on the commandline.
@@ -262,6 +259,7 @@
be renewed automatically.)
::
+
certbot run -a manual -i nginx -d example.com
.. _third-party-plugins:
@@ -488,8 +486,9 @@
renewal, so you can run the above command frequently without
unnecessarily stopping your webserver.
-``--pre-hook`` and ``--post-hook`` hooks run before and after every renewal
-attempt. If you want your hook to run only after a successful renewal, use
+When Certbot detects that a certificate is due for renewal, ``--pre-hook``
+and ``--post-hook`` hooks run before and after each attempt to renew it.
+If you want your hook to run only after a successful renewal, use
``--deploy-hook`` in a command like this.
``certbot renew --deploy-hook /path/to/deploy-hook-script``
@@ -905,7 +904,7 @@
Since the directories used by Certbot are configurable, Certbot
will write a lock file for all of the directories it uses. This include Certbot's
``--work-dir``, ``--logs-dir``, and ``--config-dir``. By default these are
-``/var/lib/letsencrypt``, ``/var/logs/letsencrypt``, and ``/etc/letsencrypt``
+``/var/lib/letsencrypt``, ``/var/log/letsencrypt``, and ``/etc/letsencrypt``
respectively. Additionally if you are using Certbot with Apache or nginx it will
lock the configuration folder for that program, which are typically also in the
``/etc`` directory.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/certbot-0.30.2/setup.py new/certbot-0.31.0/setup.py
--- old/certbot-0.30.2/setup.py 2019-01-25 21:15:42.000000000 +0100
+++ new/certbot-0.31.0/setup.py 2019-02-07 22:20:31.000000000 +0100
@@ -37,7 +37,7 @@
# in which we added 2.6 support (see #2243), so we relax the requirement.
'ConfigArgParse>=0.9.3',
'configobj',
- 'cryptography>=1.2', # load_pem_x509_certificate
+ 'cryptography>=1.2.3', # load_pem_x509_certificate
'josepy',
'mock',
'parsedatetime>=1.3', # Calendar.parseDT