Ubuntu
python-certbot-nginx package

Merge ~ahasenack/ubuntu/+source/python-certbot-nginx:focal-certbot-nginx-1875471 into ubuntu/+source/python-certbot-nginx:ubuntu/devel

  1. Git
  2. lp:~ahasenack/ubuntu/+source/python-certbot-nginx
  3. focal-certbot-nginx-1875471
  4. Merge into ubuntu/devel
Proposed by Andreas Hasenack
Status: Superseded
Proposed branch: ~ahasenack/ubuntu/+source/python-certbot-nginx:focal-certbot-nginx-1875471
Merge into: ubuntu/+source/python-certbot-nginx:ubuntu/devel
Diff against target: 220 lines (+131/-2) (has conflicts)
8 files modified
PKG-INFO (+4/-0)
certbot_nginx.egg-info/PKG-INFO (+4/-0)
certbot_nginx.egg-info/SOURCES.txt (+59/-1)
debian/changelog (+13/-0)
debian/patches/fix-tests-with-newer-acme.patch (+45/-0)
debian/patches/series (+1/-0)
debian/rules (+1/-1)
setup.py (+4/-0)
Conflict in PKG-INFO
Conflict in certbot_nginx.egg-info/PKG-INFO
Conflict in certbot_nginx.egg-info/SOURCES.txt
Conflict in debian/changelog
Conflict in setup.py
Reviewer Review Type Date Requested Status
Canonical Server MOTU reviewers Pending
Canonical Server Pending
Review via email: mp+383528@code.launchpad.net

This proposal has been superseded by a proposal from 2020-05-06.

Description of the change

The bug has details on what happened, and how it was fixed. The options we had were outlined in https://bugs.launchpad.net/ubuntu/+source/python-certbot-nginx/+bug/1875471/comments/12 and upstream suggested a fourth alternative in https://bugs.launchpad.net/ubuntu/+source/python-certbot-nginx/+bug/1875471/comments/15 which is what I adopted.

Test PPA: https://launchpad.net/~ahasenack/+archive/ubuntu/certbot-tlssni01-1875471-d

Running all the tests properly needs a specific setup, which I suggest to leave for the SRU verification. I have done those with my test PPA already prior to submitting this.

What can easily be tested is the python error which originated this:

AttributeError: module 'acme.challenges' has no attribute 'TLSSNI01'

Just run this, on any host/container (no need to replace the fake domain):

sudo apt install python3-certbot-nginx
sudo certbot -d example.org --agree-tos --staging --register-unsafely-without-email --nginx

The fixed version won't fail with AttributeError, but will try to fetch a certificate for example.org, and that will of course fail and is fine.

The second check to make is to confirm that the build-time tests were run. Search build logs for "dh_auto_test".

To post a comment you must log in.

Unmerged commits

723b055... by Andreas Hasenack

changelog

5653982... by Andreas Hasenack

    - d/p/fix-tests-with-newer-acme.patch: fix tests with newer python-acme
      that has no TLSSNI01. Thanks to Brad Warren <email address hidden>

0b77cca... by Andreas Hasenack

    - d/rules: actually run the tests by fixing the expression that looks
      for nocheck in DEB_BUILD_OPTIONS

f2ccbb2... by Andreas Hasenack

  * Cope with newer python-acme that dropped TLSSNI01 (LP: #1875471):
    - new upstream version: 0.40.0

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/PKG-INFO b/PKG-INFO
2index 16469ad..a3ecea3 100644
3--- a/PKG-INFO
4+++ b/PKG-INFO
5@@ -1,6 +1,10 @@
6 Metadata-Version: 1.2
7 Name: certbot-nginx
8+<<<<<<< PKG-INFO
9 Version: 1.4.0
10+=======
11+Version: 0.40.0
12+>>>>>>> PKG-INFO
13 Summary: Nginx plugin for Certbot
14 Home-page: https://github.com/letsencrypt/letsencrypt
15 Author: Certbot Project
16diff --git a/certbot_nginx.egg-info/PKG-INFO b/certbot_nginx.egg-info/PKG-INFO
17index 16469ad..a36d314 100644
18--- a/certbot_nginx.egg-info/PKG-INFO
19+++ b/certbot_nginx.egg-info/PKG-INFO
20@@ -1,6 +1,10 @@
21 Metadata-Version: 1.2
22 Name: certbot-nginx
23+<<<<<<< certbot_nginx.egg-info/PKG-INFO
24 Version: 1.4.0
25+=======
26+Version: 0.40.0
27+>>>>>>> certbot_nginx.egg-info/PKG-INFO
28 Summary: Nginx plugin for Certbot
29 Home-page: https://github.com/letsencrypt/letsencrypt
30 Author: Certbot Project
31diff --git a/certbot_nginx.egg-info/SOURCES.txt b/certbot_nginx.egg-info/SOURCES.txt
32index 9d2fa54..e0d5c71 100644
33--- a/certbot_nginx.egg-info/SOURCES.txt
34+++ b/certbot_nginx.egg-info/SOURCES.txt
35@@ -10,6 +10,7 @@ certbot_nginx.egg-info/dependency_links.txt
36 certbot_nginx.egg-info/entry_points.txt
37 certbot_nginx.egg-info/requires.txt
38 certbot_nginx.egg-info/top_level.txt
39+<<<<<<< certbot_nginx.egg-info/SOURCES.txt
40 certbot_nginx/_internal/__init__.py
41 certbot_nginx/_internal/configurator.py
42 certbot_nginx/_internal/constants.py
43@@ -66,4 +67,61 @@ tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/scgi_params
44 tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/uwsgi_params
45 tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/win-utf
46 tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/sites-available/default
47-tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/sites-enabled/default
48\ No newline at end of file
49+tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/sites-enabled/default
50+=======
51+certbot_nginx/tests/__init__.py
52+certbot_nginx/tests/configurator_test.py
53+certbot_nginx/tests/display_ops_test.py
54+certbot_nginx/tests/http_01_test.py
55+certbot_nginx/tests/nginxparser_test.py
56+certbot_nginx/tests/obj_test.py
57+certbot_nginx/tests/parser_obj_test.py
58+certbot_nginx/tests/parser_test.py
59+certbot_nginx/tests/util.py
60+certbot_nginx/tests/testdata/etc_nginx/broken.conf
61+certbot_nginx/tests/testdata/etc_nginx/comment_in_file.conf
62+certbot_nginx/tests/testdata/etc_nginx/edge_cases.conf
63+certbot_nginx/tests/testdata/etc_nginx/foo.conf
64+certbot_nginx/tests/testdata/etc_nginx/mime.types
65+certbot_nginx/tests/testdata/etc_nginx/minimalistic_comments.conf
66+certbot_nginx/tests/testdata/etc_nginx/multiline_quotes.conf
67+certbot_nginx/tests/testdata/etc_nginx/nginx.conf
68+certbot_nginx/tests/testdata/etc_nginx/server.conf
69+certbot_nginx/tests/testdata/etc_nginx/sites-enabled/default
70+certbot_nginx/tests/testdata/etc_nginx/sites-enabled/example.com
71+certbot_nginx/tests/testdata/etc_nginx/sites-enabled/globalssl.com
72+certbot_nginx/tests/testdata/etc_nginx/sites-enabled/headers.com
73+certbot_nginx/tests/testdata/etc_nginx/sites-enabled/ipv6.com
74+certbot_nginx/tests/testdata/etc_nginx/sites-enabled/ipv6ssl.com
75+certbot_nginx/tests/testdata/etc_nginx/sites-enabled/migration.com
76+certbot_nginx/tests/testdata/etc_nginx/sites-enabled/sslon.com
77+certbot_nginx/tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/fastcgi_params
78+certbot_nginx/tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/koi-utf
79+certbot_nginx/tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/koi-win
80+certbot_nginx/tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/mime.types
81+certbot_nginx/tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/naxsi-ui.conf.1.4.1
82+certbot_nginx/tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/naxsi.rules
83+certbot_nginx/tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/naxsi_core.rules
84+certbot_nginx/tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/nginx.conf
85+certbot_nginx/tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/proxy_params
86+certbot_nginx/tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/scgi_params
87+certbot_nginx/tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/uwsgi_params
88+certbot_nginx/tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/win-utf
89+certbot_nginx/tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/sites-available/default
90+certbot_nginx/tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/sites-enabled/default
91+certbot_nginx/tls_configs/options-ssl-nginx-old.conf
92+certbot_nginx/tls_configs/options-ssl-nginx-tls12-only.conf
93+certbot_nginx/tls_configs/options-ssl-nginx-tls13-session-tix-on.conf
94+certbot_nginx/tls_configs/options-ssl-nginx.conf
95+docs/.gitignore
96+docs/Makefile
97+docs/api.rst
98+docs/conf.py
99+docs/index.rst
100+docs/make.bat
101+docs/_static/.gitignore
102+docs/_templates/.gitignore
103+docs/api/nginxparser.rst
104+docs/api/obj.rst
105+docs/api/parser.rst
106+>>>>>>> certbot_nginx.egg-info/SOURCES.txt
107diff --git a/debian/changelog b/debian/changelog
108index 3948f9d..6782663 100644
109--- a/debian/changelog
110+++ b/debian/changelog
111@@ -1,3 +1,4 @@
112+<<<<<<< debian/changelog
113 python-certbot-nginx (1.4.0-1) unstable; urgency=medium
114
115 * New upstream version 1.4.0
116@@ -35,6 +36,18 @@ python-certbot-nginx (1.1.0-1) unstable; urgency=medium
117 * Drop docs package removed by upstream.
118
119 -- Harlan Lieberman-Berg <hlieberman@debian.org> Fri, 24 Jan 2020 20:12:20 -0500
120+=======
121+python-certbot-nginx (0.40.0-0ubuntu0.1) focal; urgency=medium
122+
123+ * Cope with newer python-acme that dropped TLSSNI01 (LP: #1875471):
124+ - new upstream version: 0.40.0
125+ - d/rules: actually run the tests by fixing the expression that looks
126+ for nocheck in DEB_BUILD_OPTIONS
127+ - d/p/fix-tests-with-newer-acme.patch: fix tests with newer python-acme
128+ that has no TLSSNI01. Thanks to Brad Warren <bmw@eff.org>
129+
130+ -- Andreas Hasenack <andreas@canonical.com> Tue, 05 May 2020 15:39:00 -0300
131+>>>>>>> debian/changelog
132
133 python-certbot-nginx (0.39.0-1) unstable; urgency=medium
134
135diff --git a/debian/patches/fix-tests-with-newer-acme.patch b/debian/patches/fix-tests-with-newer-acme.patch
136new file mode 100644
137index 0000000..2cdd71d
138--- /dev/null
139+++ b/debian/patches/fix-tests-with-newer-acme.patch
140@@ -0,0 +1,45 @@
141+Description: fix tests with newer python-acme that has no TLSSNI01
142+ This extracts the minimal pieces from upstream's bigger refactoring
143+ necessary to cope with python-acme's removal of TLSSNI01 in the version shipped
144+ in Focal.
145+Author: Brad Warren <bmw@eff.org>
146+Origin: upstream, https://gist.github.com/bmw/e4f13e17d1f4647c9d6be730c7ec3512
147+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/python-certbot-nginx/+bug/1875471
148+Applied-Upstream: https://github.com/certbot/certbot/commit/4abd81e2186eddc67551d61a8260440bd177d18d
149+Last-Update: 2020-05-05
150+---
151+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
152+diff --git a/certbot-nginx/certbot_nginx/tests/http_01_test.py b/certbot-nginx/certbot_nginx/tests/http_01_test.py
153+index d05370c68..8e0450f6a 100644
154+--- a/certbot_nginx/tests/http_01_test.py
155++++ b/certbot_nginx/tests/http_01_test.py
156+@@ -1,6 +1,7 @@
157+ """Tests for certbot_nginx.http_01"""
158+ import unittest
159+
160++import josepy as jose
161+ import mock
162+ import six
163+
164+@@ -8,17 +9,19 @@ from acme import challenges
165+
166+ from certbot import achallenges
167+
168+-from certbot.plugins import common_test
169+ from certbot.tests import acme_util
170++from certbot.tests import util as test_util
171+
172+ from certbot_nginx.obj import Addr
173+ from certbot_nginx.tests import util
174+
175++AUTH_KEY = jose.JWKRSA.load(test_util.load_vector("rsa512_key.pem"))
176++
177+
178+ class HttpPerformTest(util.NginxTest):
179+ """Test the NginxHttp01 challenge."""
180+
181+- account_key = common_test.AUTH_KEY
182++ account_key = AUTH_KEY
183+ achalls = [
184+ achallenges.KeyAuthorizationAnnotatedChallenge(
185+ challb=acme_util.chall_to_challb(
186diff --git a/debian/patches/series b/debian/patches/series
187new file mode 100644
188index 0000000..86c7057
189--- /dev/null
190+++ b/debian/patches/series
191@@ -0,0 +1 @@
192+fix-tests-with-newer-acme.patch
193diff --git a/debian/rules b/debian/rules
194index a664a06..10211c0 100755
195--- a/debian/rules
196+++ b/debian/rules
197@@ -10,6 +10,6 @@ override_dh_auto_install:
198 rm -rf $(CURDIR)/debian/python3-certbot-nginx/usr/lib/python*/dist-packages/certbot_nginx/tests/testdata
199
200 override_dh_auto_test:
201-ifdef (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
202+ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
203 python3 setup.py test
204 endif
205diff --git a/setup.py b/setup.py
206index 42ea077..7fb7d50 100644
207--- a/setup.py
208+++ b/setup.py
209@@ -6,7 +6,11 @@ from setuptools import find_packages
210 from setuptools import setup
211 from setuptools.command.test import test as TestCommand
212
213+<<<<<<< setup.py
214 version = '1.4.0'
215+=======
216+version = '0.40.0'
217+>>>>>>> setup.py
218
219 # Remember to update local-oldest-requirements.txt when changing the minimum
220 # acme/certbot version.

Subscribers

People subscribed via source and target branches