Ubuntu
python-certbot-nginx package

Merge ~ahasenack/ubuntu/+source/python-certbot-nginx:focal-certbot-nginx-1875471 into ubuntu/+source/python-certbot-nginx:ubuntu/devel

  1. Git
  2. lp:~ahasenack/ubuntu/+source/python-certbot-nginx
  3. focal-certbot-nginx-1875471
  4. Merge into ubuntu/devel
Proposed by Andreas Hasenack
Status: Superseded
Proposed branch: ~ahasenack/ubuntu/+source/python-certbot-nginx:focal-certbot-nginx-1875471
Merge into: ubuntu/+source/python-certbot-nginx:ubuntu/devel
Diff against target: 220 lines (+131/-2) (has conflicts)
8 files modified
PKG-INFO (+4/-0)
certbot_nginx.egg-info/PKG-INFO (+4/-0)
certbot_nginx.egg-info/SOURCES.txt (+59/-1)
debian/changelog (+13/-0)
debian/patches/fix-tests-with-newer-acme.patch (+45/-0)
debian/patches/series (+1/-0)
debian/rules (+1/-1)
setup.py (+4/-0)
Conflict in PKG-INFO
Conflict in certbot_nginx.egg-info/PKG-INFO
Conflict in certbot_nginx.egg-info/SOURCES.txt
Conflict in debian/changelog
Conflict in setup.py
Reviewer Review Type Date Requested Status
Canonical Server MOTU reviewers Pending
Canonical Server Pending
Review via email: mp+383528@code.launchpad.net

This proposal has been superseded by a proposal from 2020-05-06.

Description of the change

The bug has details on what happened, and how it was fixed. The options we had were outlined in https://bugs.launchpad.net/ubuntu/+source/python-certbot-nginx/+bug/1875471/comments/12 and upstream suggested a fourth alternative in https://bugs.launchpad.net/ubuntu/+source/python-certbot-nginx/+bug/1875471/comments/15 which is what I adopted.

Test PPA: https://launchpad.net/~ahasenack/+archive/ubuntu/certbot-tlssni01-1875471-d

Running all the tests properly needs a specific setup, which I suggest to leave for the SRU verification. I have done those with my test PPA already prior to submitting this.

What can easily be tested is the python error which originated this:

AttributeError: module 'acme.challenges' has no attribute 'TLSSNI01'

Just run this, on any host/container (no need to replace the fake domain):

sudo apt install python3-certbot-nginx
sudo certbot -d example.org --agree-tos --staging --register-unsafely-without-email --nginx

The fixed version won't fail with AttributeError, but will try to fetch a certificate for example.org, and that will of course fail and is fine.

The second check to make is to confirm that the build-time tests were run. Search build logs for "dh_auto_test".

To post a comment you must log in.

Unmerged commits

723b055... by Andreas Hasenack

changelog

5653982... by Andreas Hasenack

    - d/p/fix-tests-with-newer-acme.patch: fix tests with newer python-acme
      that has no TLSSNI01. Thanks to Brad Warren <email address hidden>

0b77cca... by Andreas Hasenack

    - d/rules: actually run the tests by fixing the expression that looks
      for nocheck in DEB_BUILD_OPTIONS

f2ccbb2... by Andreas Hasenack

  * Cope with newer python-acme that dropped TLSSNI01 (LP: #1875471):
    - new upstream version: 0.40.0

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/PKG-INFO b/PKG-INFO
index 16469ad..a3ecea3 100644
--- a/PKG-INFO
+++ b/PKG-INFO
@@ -1,6 +1,10 @@
1Metadata-Version: 1.21Metadata-Version: 1.2
2Name: certbot-nginx2Name: certbot-nginx
3<<<<<<< PKG-INFO
3Version: 1.4.04Version: 1.4.0
5=======
6Version: 0.40.0
7>>>>>>> PKG-INFO
4Summary: Nginx plugin for Certbot8Summary: Nginx plugin for Certbot
5Home-page: https://github.com/letsencrypt/letsencrypt9Home-page: https://github.com/letsencrypt/letsencrypt
6Author: Certbot Project10Author: Certbot Project
diff --git a/certbot_nginx.egg-info/PKG-INFO b/certbot_nginx.egg-info/PKG-INFO
index 16469ad..a36d314 100644
--- a/certbot_nginx.egg-info/PKG-INFO
+++ b/certbot_nginx.egg-info/PKG-INFO
@@ -1,6 +1,10 @@
1Metadata-Version: 1.21Metadata-Version: 1.2
2Name: certbot-nginx2Name: certbot-nginx
3<<<<<<< certbot_nginx.egg-info/PKG-INFO
3Version: 1.4.04Version: 1.4.0
5=======
6Version: 0.40.0
7>>>>>>> certbot_nginx.egg-info/PKG-INFO
4Summary: Nginx plugin for Certbot8Summary: Nginx plugin for Certbot
5Home-page: https://github.com/letsencrypt/letsencrypt9Home-page: https://github.com/letsencrypt/letsencrypt
6Author: Certbot Project10Author: Certbot Project
diff --git a/certbot_nginx.egg-info/SOURCES.txt b/certbot_nginx.egg-info/SOURCES.txt
index 9d2fa54..e0d5c71 100644
--- a/certbot_nginx.egg-info/SOURCES.txt
+++ b/certbot_nginx.egg-info/SOURCES.txt
@@ -10,6 +10,7 @@ certbot_nginx.egg-info/dependency_links.txt
10certbot_nginx.egg-info/entry_points.txt10certbot_nginx.egg-info/entry_points.txt
11certbot_nginx.egg-info/requires.txt11certbot_nginx.egg-info/requires.txt
12certbot_nginx.egg-info/top_level.txt12certbot_nginx.egg-info/top_level.txt
13<<<<<<< certbot_nginx.egg-info/SOURCES.txt
13certbot_nginx/_internal/__init__.py14certbot_nginx/_internal/__init__.py
14certbot_nginx/_internal/configurator.py15certbot_nginx/_internal/configurator.py
15certbot_nginx/_internal/constants.py16certbot_nginx/_internal/constants.py
@@ -66,4 +67,61 @@ tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/scgi_params
66tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/uwsgi_params67tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/uwsgi_params
67tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/win-utf68tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/win-utf
68tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/sites-available/default69tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/sites-available/default
69tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/sites-enabled/default
70\ No newline at end of file70\ No newline at end of file
71tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/sites-enabled/default
72=======
73certbot_nginx/tests/__init__.py
74certbot_nginx/tests/configurator_test.py
75certbot_nginx/tests/display_ops_test.py
76certbot_nginx/tests/http_01_test.py
77certbot_nginx/tests/nginxparser_test.py
78certbot_nginx/tests/obj_test.py
79certbot_nginx/tests/parser_obj_test.py
80certbot_nginx/tests/parser_test.py
81certbot_nginx/tests/util.py
82certbot_nginx/tests/testdata/etc_nginx/broken.conf
83certbot_nginx/tests/testdata/etc_nginx/comment_in_file.conf
84certbot_nginx/tests/testdata/etc_nginx/edge_cases.conf
85certbot_nginx/tests/testdata/etc_nginx/foo.conf
86certbot_nginx/tests/testdata/etc_nginx/mime.types
87certbot_nginx/tests/testdata/etc_nginx/minimalistic_comments.conf
88certbot_nginx/tests/testdata/etc_nginx/multiline_quotes.conf
89certbot_nginx/tests/testdata/etc_nginx/nginx.conf
90certbot_nginx/tests/testdata/etc_nginx/server.conf
91certbot_nginx/tests/testdata/etc_nginx/sites-enabled/default
92certbot_nginx/tests/testdata/etc_nginx/sites-enabled/example.com
93certbot_nginx/tests/testdata/etc_nginx/sites-enabled/globalssl.com
94certbot_nginx/tests/testdata/etc_nginx/sites-enabled/headers.com
95certbot_nginx/tests/testdata/etc_nginx/sites-enabled/ipv6.com
96certbot_nginx/tests/testdata/etc_nginx/sites-enabled/ipv6ssl.com
97certbot_nginx/tests/testdata/etc_nginx/sites-enabled/migration.com
98certbot_nginx/tests/testdata/etc_nginx/sites-enabled/sslon.com
99certbot_nginx/tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/fastcgi_params
100certbot_nginx/tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/koi-utf
101certbot_nginx/tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/koi-win
102certbot_nginx/tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/mime.types
103certbot_nginx/tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/naxsi-ui.conf.1.4.1
104certbot_nginx/tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/naxsi.rules
105certbot_nginx/tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/naxsi_core.rules
106certbot_nginx/tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/nginx.conf
107certbot_nginx/tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/proxy_params
108certbot_nginx/tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/scgi_params
109certbot_nginx/tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/uwsgi_params
110certbot_nginx/tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/win-utf
111certbot_nginx/tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/sites-available/default
112certbot_nginx/tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/sites-enabled/default
113certbot_nginx/tls_configs/options-ssl-nginx-old.conf
114certbot_nginx/tls_configs/options-ssl-nginx-tls12-only.conf
115certbot_nginx/tls_configs/options-ssl-nginx-tls13-session-tix-on.conf
116certbot_nginx/tls_configs/options-ssl-nginx.conf
117docs/.gitignore
118docs/Makefile
119docs/api.rst
120docs/conf.py
121docs/index.rst
122docs/make.bat
123docs/_static/.gitignore
124docs/_templates/.gitignore
125docs/api/nginxparser.rst
126docs/api/obj.rst
127docs/api/parser.rst
128>>>>>>> certbot_nginx.egg-info/SOURCES.txt
diff --git a/debian/changelog b/debian/changelog
index 3948f9d..6782663 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,4 @@
1<<<<<<< debian/changelog
1python-certbot-nginx (1.4.0-1) unstable; urgency=medium2python-certbot-nginx (1.4.0-1) unstable; urgency=medium
23
3 * New upstream version 1.4.04 * New upstream version 1.4.0
@@ -35,6 +36,18 @@ python-certbot-nginx (1.1.0-1) unstable; urgency=medium
35 * Drop docs package removed by upstream.36 * Drop docs package removed by upstream.
3637
37 -- Harlan Lieberman-Berg <hlieberman@debian.org> Fri, 24 Jan 2020 20:12:20 -050038 -- Harlan Lieberman-Berg <hlieberman@debian.org> Fri, 24 Jan 2020 20:12:20 -0500
39=======
40python-certbot-nginx (0.40.0-0ubuntu0.1) focal; urgency=medium
41
42 * Cope with newer python-acme that dropped TLSSNI01 (LP: #1875471):
43 - new upstream version: 0.40.0
44 - d/rules: actually run the tests by fixing the expression that looks
45 for nocheck in DEB_BUILD_OPTIONS
46 - d/p/fix-tests-with-newer-acme.patch: fix tests with newer python-acme
47 that has no TLSSNI01. Thanks to Brad Warren <bmw@eff.org>
48
49 -- Andreas Hasenack <andreas@canonical.com> Tue, 05 May 2020 15:39:00 -0300
50>>>>>>> debian/changelog
3851
39python-certbot-nginx (0.39.0-1) unstable; urgency=medium52python-certbot-nginx (0.39.0-1) unstable; urgency=medium
4053
diff --git a/debian/patches/fix-tests-with-newer-acme.patch b/debian/patches/fix-tests-with-newer-acme.patch
41new file mode 10064454new file mode 100644
index 0000000..2cdd71d
--- /dev/null
+++ b/debian/patches/fix-tests-with-newer-acme.patch
@@ -0,0 +1,45 @@
1Description: fix tests with newer python-acme that has no TLSSNI01
2 This extracts the minimal pieces from upstream's bigger refactoring
3 necessary to cope with python-acme's removal of TLSSNI01 in the version shipped
4 in Focal.
5Author: Brad Warren <bmw@eff.org>
6Origin: upstream, https://gist.github.com/bmw/e4f13e17d1f4647c9d6be730c7ec3512
7Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/python-certbot-nginx/+bug/1875471
8Applied-Upstream: https://github.com/certbot/certbot/commit/4abd81e2186eddc67551d61a8260440bd177d18d
9Last-Update: 2020-05-05
10---
11This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
12diff --git a/certbot-nginx/certbot_nginx/tests/http_01_test.py b/certbot-nginx/certbot_nginx/tests/http_01_test.py
13index d05370c68..8e0450f6a 100644
14--- a/certbot_nginx/tests/http_01_test.py
15+++ b/certbot_nginx/tests/http_01_test.py
16@@ -1,6 +1,7 @@
17 """Tests for certbot_nginx.http_01"""
18 import unittest
19
20+import josepy as jose
21 import mock
22 import six
23
24@@ -8,17 +9,19 @@ from acme import challenges
25
26 from certbot import achallenges
27
28-from certbot.plugins import common_test
29 from certbot.tests import acme_util
30+from certbot.tests import util as test_util
31
32 from certbot_nginx.obj import Addr
33 from certbot_nginx.tests import util
34
35+AUTH_KEY = jose.JWKRSA.load(test_util.load_vector("rsa512_key.pem"))
36+
37
38 class HttpPerformTest(util.NginxTest):
39 """Test the NginxHttp01 challenge."""
40
41- account_key = common_test.AUTH_KEY
42+ account_key = AUTH_KEY
43 achalls = [
44 achallenges.KeyAuthorizationAnnotatedChallenge(
45 challb=acme_util.chall_to_challb(
diff --git a/debian/patches/series b/debian/patches/series
0new file mode 10064446new file mode 100644
index 0000000..86c7057
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
1fix-tests-with-newer-acme.patch
diff --git a/debian/rules b/debian/rules
index a664a06..10211c0 100755
--- a/debian/rules
+++ b/debian/rules
@@ -10,6 +10,6 @@ override_dh_auto_install:
10 rm -rf $(CURDIR)/debian/python3-certbot-nginx/usr/lib/python*/dist-packages/certbot_nginx/tests/testdata10 rm -rf $(CURDIR)/debian/python3-certbot-nginx/usr/lib/python*/dist-packages/certbot_nginx/tests/testdata
1111
12override_dh_auto_test:12override_dh_auto_test:
13ifdef (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))13ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
14 python3 setup.py test14 python3 setup.py test
15endif15endif
diff --git a/setup.py b/setup.py
index 42ea077..7fb7d50 100644
--- a/setup.py
+++ b/setup.py
@@ -6,7 +6,11 @@ from setuptools import find_packages
6from setuptools import setup6from setuptools import setup
7from setuptools.command.test import test as TestCommand7from setuptools.command.test import test as TestCommand
88
9<<<<<<< setup.py
9version = '1.4.0'10version = '1.4.0'
11=======
12version = '0.40.0'
13>>>>>>> setup.py
1014
11# Remember to update local-oldest-requirements.txt when changing the minimum15# Remember to update local-oldest-requirements.txt when changing the minimum
12# acme/certbot version.16# acme/certbot version.

Subscribers

People subscribed via source and target branches