From 2c3d1232ec55f132589bae0ba7cbd0c9e8b0477e769f21af1de4dfc93dba4977 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mark=C3=A9ta=20Machov=C3=A1?= Date: Thu, 16 Nov 2023 12:58:04 +0000 Subject: [PATCH 1/7] - Update to 2.7.4 * Fixed a bug introduced in version 2.7.0 that caused interactively entered webroot plugin values to not be saved for renewal. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-certbot?expand=0&rev=106 --- certbot-2.7.3.tar.gz | 3 --- certbot-2.7.4.tar.gz | 3 +++ python-certbot.changes | 7 +++++++ python-certbot.spec | 2 +- 4 files changed, 11 insertions(+), 4 deletions(-) delete mode 100644 certbot-2.7.3.tar.gz create mode 100644 certbot-2.7.4.tar.gz diff --git a/certbot-2.7.3.tar.gz b/certbot-2.7.3.tar.gz deleted file mode 100644 index d249942..0000000 --- a/certbot-2.7.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6e6f5dbdbd36672925572f44feccef77501a36d4eb68d63ecd5e372f09606eb0 -size 434555 diff --git a/certbot-2.7.4.tar.gz b/certbot-2.7.4.tar.gz new file mode 100644 index 0000000..abe1be4 --- /dev/null +++ b/certbot-2.7.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:173778fef4e2e3014f60be02d4798dff7ea32790277b90b3c7249c5d46d17c75 +size 435602 diff --git a/python-certbot.changes b/python-certbot.changes index b5cff9f..5c0733f 100644 --- a/python-certbot.changes +++ b/python-certbot.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Nov 16 12:56:34 UTC 2023 - Markéta Machová + +- Update to 2.7.4 + * Fixed a bug introduced in version 2.7.0 that caused interactively entered + webroot plugin values to not be saved for renewal. + ------------------------------------------------------------------- Mon Oct 30 15:37:44 UTC 2023 - Markéta Machová diff --git a/python-certbot.spec b/python-certbot.spec index 8386a6f..9891da5 100644 --- a/python-certbot.spec +++ b/python-certbot.spec @@ -19,7 +19,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} %define skip_python2 1 Name: python-certbot -Version: 2.7.3 +Version: 2.7.4 Release: 0 Summary: ACME client License: Apache-2.0 From 751493d72059fca683b0a35adfe00f4987a67520d4c7055103b79dc10ffacf3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mark=C3=A9ta=20Machov=C3=A1?= Date: Thu, 16 Nov 2023 14:32:51 +0000 Subject: [PATCH 2/7] - Add built-in-lexicon.patch to fix failures with dns-lexicon. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-certbot?expand=0&rev=107 --- built-in-lexicon.patch | 91 ++++++++++++++++++++++++++++++++++++++++++ python-certbot.changes | 1 + python-certbot.spec | 2 + 3 files changed, 94 insertions(+) create mode 100644 built-in-lexicon.patch diff --git a/built-in-lexicon.patch b/built-in-lexicon.patch new file mode 100644 index 0000000..8f771ba --- /dev/null +++ b/built-in-lexicon.patch @@ -0,0 +1,91 @@ +From cabce363b1831a6bec1aa947a94eefcfab92d873 Mon Sep 17 00:00:00 2001 +From: Adrien Ferrand +Date: Thu, 9 Nov 2023 00:21:36 +0100 +Subject: [PATCH] Remove client authentication attemps in favor of built-in + lexicon zone name resolution + +--- + certbot/certbot/plugins/dns_common_lexicon.py | 51 ++----------------- + 1 file changed, 3 insertions(+), 48 deletions(-) + +diff --git a/certbot/certbot/plugins/dns_common_lexicon.py b/certbot/certbot/plugins/dns_common_lexicon.py +index be94e191ba..231342f89c 100644 +--- a/certbot/certbot/plugins/dns_common_lexicon.py ++++ b/certbot/certbot/plugins/dns_common_lexicon.py +@@ -198,10 +198,7 @@ def _build_lexicon_config(self, domain: str) -> ConfigResolver: + + dict_config = { + 'domain': domain, +- # We bypass Lexicon subdomain resolution by setting the 'delegated' field in the config +- # to the value of the 'domain' field itself. Here we consider that the domain passed to +- # _build_lexicon_config() is already the exact subdomain of the actual DNS zone to use. +- 'delegated': domain, ++ 'resolve_zone_name': 'true', + 'provider_name': self._provider_name, + 'ttl': self._ttl, + self._provider_name: {item[2]: self._credentials.conf(item[0]) +@@ -217,10 +214,8 @@ def _setup_credentials(self) -> None: + ) + + def _perform(self, domain: str, validation_name: str, validation: str) -> None: +- resolved_domain = self._resolve_domain(domain) +- + try: +- with Client(self._build_lexicon_config(resolved_domain)) as operations: ++ with Client(self._build_lexicon_config(domain)) as operations: + operations.create_record(rtype='TXT', name=validation_name, content=validation) + except RequestException as e: + logger.debug('Encountered error adding TXT record: %s', e, exc_info=True) +@@ -228,51 +223,11 @@ def _perform(self, domain: str, validation_name: str, validation: str) -> None: + + def _cleanup(self, domain: str, validation_name: str, validation: str) -> None: + try: +- resolved_domain = self._resolve_domain(domain) +- except errors.PluginError as e: +- logger.debug('Encountered error finding domain_id during deletion: %s', e, +- exc_info=True) +- return +- +- try: +- with Client(self._build_lexicon_config(resolved_domain)) as operations: ++ with Client(self._build_lexicon_config(domain)) as operations: + operations.delete_record(rtype='TXT', name=validation_name, content=validation) + except RequestException as e: + logger.debug('Encountered error deleting TXT record: %s', e, exc_info=True) + +- def _resolve_domain(self, domain: str) -> str: +- domain_name_guesses = dns_common.base_domain_name_guesses(domain) +- +- for domain_name in domain_name_guesses: +- try: +- # Using client as a context manager requires `dns-lexicon>=3.14` and we may want to +- # provide better checks and error handling around this in the future. +- with Client(self._build_lexicon_config(domain_name)): +- return domain_name +- except HTTPError as e: +- result1 = self._handle_http_error(e, domain_name) +- +- if result1: +- raise result1 +- except Exception as e: # pylint: disable=broad-except +- result2 = self._handle_general_error(e, domain_name) +- +- if result2: +- raise result2 # pylint: disable=raising-bad-type +- +- raise errors.PluginError('Unable to determine zone identifier for {0} using zone names: {1}' +- .format(domain, domain_name_guesses)) +- +- def _handle_http_error(self, e: HTTPError, domain_name: str) -> Optional[errors.PluginError]: +- return errors.PluginError('Error determining zone identifier for {0}: {1}.' +- .format(domain_name, e)) +- +- def _handle_general_error(self, e: Exception, domain_name: str) -> Optional[errors.PluginError]: +- if not str(e).startswith('No domain found'): +- return errors.PluginError('Unexpected error determining zone identifier for {0}: {1}' +- .format(domain_name, e)) +- return None +- + + # This class takes a similar approach to the cryptography project to deprecate attributes + # in public modules. See the _ModuleWithDeprecation class here: diff --git a/python-certbot.changes b/python-certbot.changes index 5c0733f..4cf79ac 100644 --- a/python-certbot.changes +++ b/python-certbot.changes @@ -4,6 +4,7 @@ Thu Nov 16 12:56:34 UTC 2023 - Markéta Machová - Update to 2.7.4 * Fixed a bug introduced in version 2.7.0 that caused interactively entered webroot plugin values to not be saved for renewal. +- Add built-in-lexicon.patch to fix failures with dns-lexicon. ------------------------------------------------------------------- Mon Oct 30 15:37:44 UTC 2023 - Markéta Machová diff --git a/python-certbot.spec b/python-certbot.spec index 9891da5..9c996a8 100644 --- a/python-certbot.spec +++ b/python-certbot.spec @@ -25,6 +25,7 @@ Summary: ACME client License: Apache-2.0 URL: https://github.com/certbot/certbot Source0: https://files.pythonhosted.org/packages/source/c/certbot/certbot-%{version}.tar.gz +Patch: built-in-lexicon.patch BuildRequires: %{python_module acme >= %{version}} BuildRequires: %{python_module configargparse >= 1.5.3} BuildRequires: %{python_module configobj >= 5.0.6} @@ -69,6 +70,7 @@ to lower the barriers to entry for encrypting all HTTP traffic on the internet. %prep %setup -q -n certbot-%{version} +%autopatch -p1 %build %python_build From bd88a485ab48c79eeb0ad17b13b1bedf82271ef54c324d1a30b5389b6afa7c7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mark=C3=A9ta=20Machov=C3=A1?= Date: Thu, 16 Nov 2023 14:40:34 +0000 Subject: [PATCH 3/7] correct the file path OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-certbot?expand=0&rev=108 --- built-in-lexicon.patch | 14 +++++++------- python-certbot.spec | 8 ++++---- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/built-in-lexicon.patch b/built-in-lexicon.patch index 8f771ba..42bc9b2 100644 --- a/built-in-lexicon.patch +++ b/built-in-lexicon.patch @@ -8,11 +8,11 @@ Subject: [PATCH] Remove client authentication attemps in favor of built-in certbot/certbot/plugins/dns_common_lexicon.py | 51 ++----------------- 1 file changed, 3 insertions(+), 48 deletions(-) -diff --git a/certbot/certbot/plugins/dns_common_lexicon.py b/certbot/certbot/plugins/dns_common_lexicon.py -index be94e191ba..231342f89c 100644 ---- a/certbot/certbot/plugins/dns_common_lexicon.py -+++ b/certbot/certbot/plugins/dns_common_lexicon.py -@@ -198,10 +198,7 @@ def _build_lexicon_config(self, domain: str) -> ConfigResolver: +Index: certbot-2.7.4/certbot/plugins/dns_common_lexicon.py +=================================================================== +--- certbot-2.7.4.orig/certbot/plugins/dns_common_lexicon.py ++++ certbot-2.7.4/certbot/plugins/dns_common_lexicon.py +@@ -198,10 +198,7 @@ class LexiconDNSAuthenticator(dns_common dict_config = { 'domain': domain, @@ -24,7 +24,7 @@ index be94e191ba..231342f89c 100644 'provider_name': self._provider_name, 'ttl': self._ttl, self._provider_name: {item[2]: self._credentials.conf(item[0]) -@@ -217,10 +214,8 @@ def _setup_credentials(self) -> None: +@@ -217,10 +214,8 @@ class LexiconDNSAuthenticator(dns_common ) def _perform(self, domain: str, validation_name: str, validation: str) -> None: @@ -36,7 +36,7 @@ index be94e191ba..231342f89c 100644 operations.create_record(rtype='TXT', name=validation_name, content=validation) except RequestException as e: logger.debug('Encountered error adding TXT record: %s', e, exc_info=True) -@@ -228,51 +223,11 @@ def _perform(self, domain: str, validation_name: str, validation: str) -> None: +@@ -228,51 +223,11 @@ class LexiconDNSAuthenticator(dns_common def _cleanup(self, domain: str, validation_name: str, validation: str) -> None: try: diff --git a/python-certbot.spec b/python-certbot.spec index 9c996a8..1425b42 100644 --- a/python-certbot.spec +++ b/python-certbot.spec @@ -53,12 +53,12 @@ Requires: python-pytz >= 2019.3 Requires: python-setuptools >= 41.6.0 Requires(post): update-alternatives Requires(postun):update-alternatives -%if %{python_version_nodots} < 310 +#%if %{python_version_nodots} < 310 Requires: python-importlib-metadata -%endif -%if %{python_version_nodots} < 39 +#%endif +#%if %{python_version_nodots} < 39 Requires: python-importlib-resources -%endif +#%endif Provides: certbot = %{version} Obsoletes: certbot < %{version} BuildArch: noarch From 41fc1bdbfab5b6c1fb5bbbd4c6c2d3c779c76f853ddbaa0f1c8bb08e3f188ac9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mark=C3=A9ta=20Machov=C3=A1?= Date: Thu, 16 Nov 2023 14:41:41 +0000 Subject: [PATCH 4/7] OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-certbot?expand=0&rev=109 --- python-certbot.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/python-certbot.spec b/python-certbot.spec index 1425b42..f2a69ee 100644 --- a/python-certbot.spec +++ b/python-certbot.spec @@ -25,6 +25,7 @@ Summary: ACME client License: Apache-2.0 URL: https://github.com/certbot/certbot Source0: https://files.pythonhosted.org/packages/source/c/certbot/certbot-%{version}.tar.gz +# PATCH-FIX-UPSTREAM picked from https://github.com/certbot/certbot/pull/9838 Actual resolution of the DNS zone name in Lexicon-based DNS plugins Patch: built-in-lexicon.patch BuildRequires: %{python_module acme >= %{version}} BuildRequires: %{python_module configargparse >= 1.5.3} From a724401a0c4015c7004b23c91e83a103fbaa01923b6f0d1346a77b35a0f34682 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mark=C3=A9ta=20Machov=C3=A1?= Date: Thu, 16 Nov 2023 14:43:35 +0000 Subject: [PATCH 5/7] oops OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-certbot?expand=0&rev=110 --- python-certbot.spec | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/python-certbot.spec b/python-certbot.spec index f2a69ee..eb9f915 100644 --- a/python-certbot.spec +++ b/python-certbot.spec @@ -54,12 +54,12 @@ Requires: python-pytz >= 2019.3 Requires: python-setuptools >= 41.6.0 Requires(post): update-alternatives Requires(postun):update-alternatives -#%if %{python_version_nodots} < 310 +%if %{python_version_nodots} < 310 Requires: python-importlib-metadata -#%endif -#%if %{python_version_nodots} < 39 +%endif +%if %{python_version_nodots} < 39 Requires: python-importlib-resources -#%endif +%endif Provides: certbot = %{version} Obsoletes: certbot < %{version} BuildArch: noarch From c4c07835b61833557616cec31fa12f5e13af551e678832f26bed4e60ce8ec89e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mark=C3=A9ta=20Machov=C3=A1?= Date: Thu, 16 Nov 2023 14:59:50 +0000 Subject: [PATCH 6/7] OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-certbot?expand=0&rev=111 --- built-in-lexicon.patch | 119 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) diff --git a/built-in-lexicon.patch b/built-in-lexicon.patch index 42bc9b2..d187f39 100644 --- a/built-in-lexicon.patch +++ b/built-in-lexicon.patch @@ -89,3 +89,122 @@ Index: certbot-2.7.4/certbot/plugins/dns_common_lexicon.py # This class takes a similar approach to the cryptography project to deprecate attributes # in public modules. See the _ModuleWithDeprecation class here: +Index: certbot-2.7.4/certbot/plugins/dns_test_common_lexicon.py +=================================================================== +--- certbot-2.7.4.orig/certbot/plugins/dns_test_common_lexicon.py ++++ certbot-2.7.4/certbot/plugins/dns_test_common_lexicon.py +@@ -197,21 +197,11 @@ class BaseLexiconClientTest: # pragma: + + class _BaseLexiconDNSAuthenticatorTestProto(_AuthenticatorCallableTestCase, Protocol): + """Protocol for BaseLexiconDNSAuthenticatorTest instances""" +- DOMAIN_NOT_FOUND: Exception +- GENERIC_ERROR: Exception +- LOGIN_ERROR: Exception +- UNKNOWN_LOGIN_ERROR: Exception +- + achall: AnnotatedChallenge + + + class BaseLexiconDNSAuthenticatorTest(dns_test_common.BaseAuthenticatorTest): + +- DOMAIN_NOT_FOUND = DOMAIN_NOT_FOUND +- GENERIC_ERROR = GENERIC_ERROR +- LOGIN_ERROR = LOGIN_ERROR +- UNKNOWN_LOGIN_ERROR = UNKNOWN_LOGIN_ERROR +- + def test_perform_succeed(self: _BaseLexiconDNSAuthenticatorTestProto) -> None: + with test_util.patch_display_util(): + with _patch_lexicon_client() as (mock_client, mock_operations): +@@ -224,48 +214,10 @@ class BaseLexiconDNSAuthenticatorTest(dn + mock_operations.create_record.assert_called_with( + rtype='TXT', name=f'_acme-challenge.{DOMAIN}', content=mock.ANY) + +- def test_perform_with_one_domain_resolution_failure_succeed( +- self: _BaseLexiconDNSAuthenticatorTestProto) -> None: +- with test_util.patch_display_util(): +- with _patch_lexicon_client() as (mock_client, mock_operations): +- mock_client.return_value.__enter__.side_effect = [ +- self.DOMAIN_NOT_FOUND, # First resolution domain attempt +- mock_operations, # Second resolution domain attempt +- mock_operations, # Create record operation +- ] +- self.auth.perform([self.achall]) +- +- def test_perform_with_two_domain_resolution_failures_raise( +- self: _BaseLexiconDNSAuthenticatorTestProto) -> None: +- with test_util.patch_display_util(): +- with _patch_lexicon_client() as (mock_client, _): +- mock_client.return_value.__enter__.side_effect = self.DOMAIN_NOT_FOUND +- self.assertRaises(errors.PluginError, +- self.auth.perform, +- [self.achall]) +- +- def test_perform_with_domain_resolution_general_failure_raise( +- self: _BaseLexiconDNSAuthenticatorTestProto) -> None: +- with test_util.patch_display_util(): +- with _patch_lexicon_client() as (mock_client, _): +- mock_client.return_value.__enter__.side_effect = self.GENERIC_ERROR +- self.assertRaises(errors.PluginError, +- self.auth.perform, +- [self.achall]) +- + def test_perform_with_auth_failure_raise(self: _BaseLexiconDNSAuthenticatorTestProto) -> None: + with test_util.patch_display_util(): + with _patch_lexicon_client() as (mock_client, _): +- mock_client.side_effect = self.LOGIN_ERROR +- self.assertRaises(errors.PluginError, +- self.auth.perform, +- [self.achall]) +- +- def test_perform_with_unknown_auth_failure_raise( +- self: _BaseLexiconDNSAuthenticatorTestProto) -> None: +- with test_util.patch_display_util(): +- with _patch_lexicon_client() as (mock_client, _): +- mock_client.side_effect = self.UNKNOWN_LOGIN_ERROR ++ mock_client.side_effect = RequestException() + self.assertRaises(errors.PluginError, + self.auth.perform, + [self.achall]) +@@ -274,7 +226,7 @@ class BaseLexiconDNSAuthenticatorTest(dn + self: _BaseLexiconDNSAuthenticatorTestProto) -> None: + with test_util.patch_display_util(): + with _patch_lexicon_client() as (_, mock_operations): +- mock_operations.create_record.side_effect = self.GENERIC_ERROR ++ mock_operations.create_record.side_effect = RequestException() + self.assertRaises(errors.PluginError, + self.auth.perform, + [self.achall]) +@@ -293,31 +245,13 @@ class BaseLexiconDNSAuthenticatorTest(dn + + def test_cleanup_with_auth_failure_ignore(self: _BaseLexiconDNSAuthenticatorTestProto) -> None: + with _patch_lexicon_client() as (mock_client, _): +- mock_client.side_effect = self.LOGIN_ERROR +- self.auth.cleanup([self.achall]) +- +- def test_cleanup_with_unknown_auth_failure_ignore( +- self: _BaseLexiconDNSAuthenticatorTestProto) -> None: +- with _patch_lexicon_client() as (mock_client, _): +- mock_client.side_effect = self.LOGIN_ERROR +- self.auth.cleanup([self.achall]) +- +- def test_cleanup_with_domain_resolution_failure_ignore( +- self: _BaseLexiconDNSAuthenticatorTestProto) -> None: +- with _patch_lexicon_client() as (mock_client, _): +- mock_client.return_value.__enter__.side_effect = self.DOMAIN_NOT_FOUND +- self.auth.cleanup([self.achall]) +- +- def test_cleanup_with_domain_resolution_general_failure_ignore( +- self: _BaseLexiconDNSAuthenticatorTestProto) -> None: +- with _patch_lexicon_client() as (mock_client, _): +- mock_client.return_value.__enter__.side_effect = self.GENERIC_ERROR ++ mock_client.side_effect = RequestException() + self.auth.cleanup([self.achall]) + + def test_cleanup_with_delete_record_failure_ignore( + self: _BaseLexiconDNSAuthenticatorTestProto) -> None: + with _patch_lexicon_client() as (_, mock_operations): +- mock_operations.create_record.side_effect = self.GENERIC_ERROR ++ mock_operations.create_record.side_effect = RequestException() + self.auth.cleanup([self.achall]) + + From 9519055731dc0aae856fa7866a541a4f77d4e622506157e51cf2a2e3142e403c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mark=C3=A9ta=20Machov=C3=A1?= Date: Thu, 7 Dec 2023 10:42:45 +0000 Subject: [PATCH 7/7] - Update to 2.8.0 * Support for Python 3.7 was removed. * Stop using the deprecated pkg_resources API included in setuptools. Note: delegate the lexicon fixes to the home branch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:certbot/python-certbot?expand=0&rev=112 --- built-in-lexicon.patch | 210 ----------------------------------------- certbot-2.7.4.tar.gz | 3 - certbot-2.8.0.tar.gz | 3 + python-certbot.changes | 8 +- python-certbot.spec | 4 +- 5 files changed, 11 insertions(+), 217 deletions(-) delete mode 100644 built-in-lexicon.patch delete mode 100644 certbot-2.7.4.tar.gz create mode 100644 certbot-2.8.0.tar.gz diff --git a/built-in-lexicon.patch b/built-in-lexicon.patch deleted file mode 100644 index d187f39..0000000 --- a/built-in-lexicon.patch +++ /dev/null @@ -1,210 +0,0 @@ -From cabce363b1831a6bec1aa947a94eefcfab92d873 Mon Sep 17 00:00:00 2001 -From: Adrien Ferrand -Date: Thu, 9 Nov 2023 00:21:36 +0100 -Subject: [PATCH] Remove client authentication attemps in favor of built-in - lexicon zone name resolution - ---- - certbot/certbot/plugins/dns_common_lexicon.py | 51 ++----------------- - 1 file changed, 3 insertions(+), 48 deletions(-) - -Index: certbot-2.7.4/certbot/plugins/dns_common_lexicon.py -=================================================================== ---- certbot-2.7.4.orig/certbot/plugins/dns_common_lexicon.py -+++ certbot-2.7.4/certbot/plugins/dns_common_lexicon.py -@@ -198,10 +198,7 @@ class LexiconDNSAuthenticator(dns_common - - dict_config = { - 'domain': domain, -- # We bypass Lexicon subdomain resolution by setting the 'delegated' field in the config -- # to the value of the 'domain' field itself. Here we consider that the domain passed to -- # _build_lexicon_config() is already the exact subdomain of the actual DNS zone to use. -- 'delegated': domain, -+ 'resolve_zone_name': 'true', - 'provider_name': self._provider_name, - 'ttl': self._ttl, - self._provider_name: {item[2]: self._credentials.conf(item[0]) -@@ -217,10 +214,8 @@ class LexiconDNSAuthenticator(dns_common - ) - - def _perform(self, domain: str, validation_name: str, validation: str) -> None: -- resolved_domain = self._resolve_domain(domain) -- - try: -- with Client(self._build_lexicon_config(resolved_domain)) as operations: -+ with Client(self._build_lexicon_config(domain)) as operations: - operations.create_record(rtype='TXT', name=validation_name, content=validation) - except RequestException as e: - logger.debug('Encountered error adding TXT record: %s', e, exc_info=True) -@@ -228,51 +223,11 @@ class LexiconDNSAuthenticator(dns_common - - def _cleanup(self, domain: str, validation_name: str, validation: str) -> None: - try: -- resolved_domain = self._resolve_domain(domain) -- except errors.PluginError as e: -- logger.debug('Encountered error finding domain_id during deletion: %s', e, -- exc_info=True) -- return -- -- try: -- with Client(self._build_lexicon_config(resolved_domain)) as operations: -+ with Client(self._build_lexicon_config(domain)) as operations: - operations.delete_record(rtype='TXT', name=validation_name, content=validation) - except RequestException as e: - logger.debug('Encountered error deleting TXT record: %s', e, exc_info=True) - -- def _resolve_domain(self, domain: str) -> str: -- domain_name_guesses = dns_common.base_domain_name_guesses(domain) -- -- for domain_name in domain_name_guesses: -- try: -- # Using client as a context manager requires `dns-lexicon>=3.14` and we may want to -- # provide better checks and error handling around this in the future. -- with Client(self._build_lexicon_config(domain_name)): -- return domain_name -- except HTTPError as e: -- result1 = self._handle_http_error(e, domain_name) -- -- if result1: -- raise result1 -- except Exception as e: # pylint: disable=broad-except -- result2 = self._handle_general_error(e, domain_name) -- -- if result2: -- raise result2 # pylint: disable=raising-bad-type -- -- raise errors.PluginError('Unable to determine zone identifier for {0} using zone names: {1}' -- .format(domain, domain_name_guesses)) -- -- def _handle_http_error(self, e: HTTPError, domain_name: str) -> Optional[errors.PluginError]: -- return errors.PluginError('Error determining zone identifier for {0}: {1}.' -- .format(domain_name, e)) -- -- def _handle_general_error(self, e: Exception, domain_name: str) -> Optional[errors.PluginError]: -- if not str(e).startswith('No domain found'): -- return errors.PluginError('Unexpected error determining zone identifier for {0}: {1}' -- .format(domain_name, e)) -- return None -- - - # This class takes a similar approach to the cryptography project to deprecate attributes - # in public modules. See the _ModuleWithDeprecation class here: -Index: certbot-2.7.4/certbot/plugins/dns_test_common_lexicon.py -=================================================================== ---- certbot-2.7.4.orig/certbot/plugins/dns_test_common_lexicon.py -+++ certbot-2.7.4/certbot/plugins/dns_test_common_lexicon.py -@@ -197,21 +197,11 @@ class BaseLexiconClientTest: # pragma: - - class _BaseLexiconDNSAuthenticatorTestProto(_AuthenticatorCallableTestCase, Protocol): - """Protocol for BaseLexiconDNSAuthenticatorTest instances""" -- DOMAIN_NOT_FOUND: Exception -- GENERIC_ERROR: Exception -- LOGIN_ERROR: Exception -- UNKNOWN_LOGIN_ERROR: Exception -- - achall: AnnotatedChallenge - - - class BaseLexiconDNSAuthenticatorTest(dns_test_common.BaseAuthenticatorTest): - -- DOMAIN_NOT_FOUND = DOMAIN_NOT_FOUND -- GENERIC_ERROR = GENERIC_ERROR -- LOGIN_ERROR = LOGIN_ERROR -- UNKNOWN_LOGIN_ERROR = UNKNOWN_LOGIN_ERROR -- - def test_perform_succeed(self: _BaseLexiconDNSAuthenticatorTestProto) -> None: - with test_util.patch_display_util(): - with _patch_lexicon_client() as (mock_client, mock_operations): -@@ -224,48 +214,10 @@ class BaseLexiconDNSAuthenticatorTest(dn - mock_operations.create_record.assert_called_with( - rtype='TXT', name=f'_acme-challenge.{DOMAIN}', content=mock.ANY) - -- def test_perform_with_one_domain_resolution_failure_succeed( -- self: _BaseLexiconDNSAuthenticatorTestProto) -> None: -- with test_util.patch_display_util(): -- with _patch_lexicon_client() as (mock_client, mock_operations): -- mock_client.return_value.__enter__.side_effect = [ -- self.DOMAIN_NOT_FOUND, # First resolution domain attempt -- mock_operations, # Second resolution domain attempt -- mock_operations, # Create record operation -- ] -- self.auth.perform([self.achall]) -- -- def test_perform_with_two_domain_resolution_failures_raise( -- self: _BaseLexiconDNSAuthenticatorTestProto) -> None: -- with test_util.patch_display_util(): -- with _patch_lexicon_client() as (mock_client, _): -- mock_client.return_value.__enter__.side_effect = self.DOMAIN_NOT_FOUND -- self.assertRaises(errors.PluginError, -- self.auth.perform, -- [self.achall]) -- -- def test_perform_with_domain_resolution_general_failure_raise( -- self: _BaseLexiconDNSAuthenticatorTestProto) -> None: -- with test_util.patch_display_util(): -- with _patch_lexicon_client() as (mock_client, _): -- mock_client.return_value.__enter__.side_effect = self.GENERIC_ERROR -- self.assertRaises(errors.PluginError, -- self.auth.perform, -- [self.achall]) -- - def test_perform_with_auth_failure_raise(self: _BaseLexiconDNSAuthenticatorTestProto) -> None: - with test_util.patch_display_util(): - with _patch_lexicon_client() as (mock_client, _): -- mock_client.side_effect = self.LOGIN_ERROR -- self.assertRaises(errors.PluginError, -- self.auth.perform, -- [self.achall]) -- -- def test_perform_with_unknown_auth_failure_raise( -- self: _BaseLexiconDNSAuthenticatorTestProto) -> None: -- with test_util.patch_display_util(): -- with _patch_lexicon_client() as (mock_client, _): -- mock_client.side_effect = self.UNKNOWN_LOGIN_ERROR -+ mock_client.side_effect = RequestException() - self.assertRaises(errors.PluginError, - self.auth.perform, - [self.achall]) -@@ -274,7 +226,7 @@ class BaseLexiconDNSAuthenticatorTest(dn - self: _BaseLexiconDNSAuthenticatorTestProto) -> None: - with test_util.patch_display_util(): - with _patch_lexicon_client() as (_, mock_operations): -- mock_operations.create_record.side_effect = self.GENERIC_ERROR -+ mock_operations.create_record.side_effect = RequestException() - self.assertRaises(errors.PluginError, - self.auth.perform, - [self.achall]) -@@ -293,31 +245,13 @@ class BaseLexiconDNSAuthenticatorTest(dn - - def test_cleanup_with_auth_failure_ignore(self: _BaseLexiconDNSAuthenticatorTestProto) -> None: - with _patch_lexicon_client() as (mock_client, _): -- mock_client.side_effect = self.LOGIN_ERROR -- self.auth.cleanup([self.achall]) -- -- def test_cleanup_with_unknown_auth_failure_ignore( -- self: _BaseLexiconDNSAuthenticatorTestProto) -> None: -- with _patch_lexicon_client() as (mock_client, _): -- mock_client.side_effect = self.LOGIN_ERROR -- self.auth.cleanup([self.achall]) -- -- def test_cleanup_with_domain_resolution_failure_ignore( -- self: _BaseLexiconDNSAuthenticatorTestProto) -> None: -- with _patch_lexicon_client() as (mock_client, _): -- mock_client.return_value.__enter__.side_effect = self.DOMAIN_NOT_FOUND -- self.auth.cleanup([self.achall]) -- -- def test_cleanup_with_domain_resolution_general_failure_ignore( -- self: _BaseLexiconDNSAuthenticatorTestProto) -> None: -- with _patch_lexicon_client() as (mock_client, _): -- mock_client.return_value.__enter__.side_effect = self.GENERIC_ERROR -+ mock_client.side_effect = RequestException() - self.auth.cleanup([self.achall]) - - def test_cleanup_with_delete_record_failure_ignore( - self: _BaseLexiconDNSAuthenticatorTestProto) -> None: - with _patch_lexicon_client() as (_, mock_operations): -- mock_operations.create_record.side_effect = self.GENERIC_ERROR -+ mock_operations.create_record.side_effect = RequestException() - self.auth.cleanup([self.achall]) - - diff --git a/certbot-2.7.4.tar.gz b/certbot-2.7.4.tar.gz deleted file mode 100644 index abe1be4..0000000 --- a/certbot-2.7.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:173778fef4e2e3014f60be02d4798dff7ea32790277b90b3c7249c5d46d17c75 -size 435602 diff --git a/certbot-2.8.0.tar.gz b/certbot-2.8.0.tar.gz new file mode 100644 index 0000000..8fcb537 --- /dev/null +++ b/certbot-2.8.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:95234695951e458fcc4199b8bc60589d5c7055193265ea0973773b01c5293d4d +size 436184 diff --git a/python-certbot.changes b/python-certbot.changes index 4cf79ac..13fe957 100644 --- a/python-certbot.changes +++ b/python-certbot.changes @@ -1,10 +1,16 @@ +------------------------------------------------------------------- +Thu Dec 7 10:40:28 UTC 2023 - Markéta Machová + +- Update to 2.8.0 + * Support for Python 3.7 was removed. + * Stop using the deprecated pkg_resources API included in setuptools. + ------------------------------------------------------------------- Thu Nov 16 12:56:34 UTC 2023 - Markéta Machová - Update to 2.7.4 * Fixed a bug introduced in version 2.7.0 that caused interactively entered webroot plugin values to not be saved for renewal. -- Add built-in-lexicon.patch to fix failures with dns-lexicon. ------------------------------------------------------------------- Mon Oct 30 15:37:44 UTC 2023 - Markéta Machová diff --git a/python-certbot.spec b/python-certbot.spec index eb9f915..2ae2358 100644 --- a/python-certbot.spec +++ b/python-certbot.spec @@ -19,14 +19,12 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} %define skip_python2 1 Name: python-certbot -Version: 2.7.4 +Version: 2.8.0 Release: 0 Summary: ACME client License: Apache-2.0 URL: https://github.com/certbot/certbot Source0: https://files.pythonhosted.org/packages/source/c/certbot/certbot-%{version}.tar.gz -# PATCH-FIX-UPSTREAM picked from https://github.com/certbot/certbot/pull/9838 Actual resolution of the DNS zone name in Lexicon-based DNS plugins -Patch: built-in-lexicon.patch BuildRequires: %{python_module acme >= %{version}} BuildRequires: %{python_module configargparse >= 1.5.3} BuildRequires: %{python_module configobj >= 5.0.6}