diff --git a/built-in-lexicon.patch b/built-in-lexicon.patch deleted file mode 100644 index d187f39..0000000 --- a/built-in-lexicon.patch +++ /dev/null @@ -1,210 +0,0 @@ -From cabce363b1831a6bec1aa947a94eefcfab92d873 Mon Sep 17 00:00:00 2001 -From: Adrien Ferrand -Date: Thu, 9 Nov 2023 00:21:36 +0100 -Subject: [PATCH] Remove client authentication attemps in favor of built-in - lexicon zone name resolution - ---- - certbot/certbot/plugins/dns_common_lexicon.py | 51 ++----------------- - 1 file changed, 3 insertions(+), 48 deletions(-) - -Index: certbot-2.7.4/certbot/plugins/dns_common_lexicon.py -=================================================================== ---- certbot-2.7.4.orig/certbot/plugins/dns_common_lexicon.py -+++ certbot-2.7.4/certbot/plugins/dns_common_lexicon.py -@@ -198,10 +198,7 @@ class LexiconDNSAuthenticator(dns_common - - dict_config = { - 'domain': domain, -- # We bypass Lexicon subdomain resolution by setting the 'delegated' field in the config -- # to the value of the 'domain' field itself. Here we consider that the domain passed to -- # _build_lexicon_config() is already the exact subdomain of the actual DNS zone to use. -- 'delegated': domain, -+ 'resolve_zone_name': 'true', - 'provider_name': self._provider_name, - 'ttl': self._ttl, - self._provider_name: {item[2]: self._credentials.conf(item[0]) -@@ -217,10 +214,8 @@ class LexiconDNSAuthenticator(dns_common - ) - - def _perform(self, domain: str, validation_name: str, validation: str) -> None: -- resolved_domain = self._resolve_domain(domain) -- - try: -- with Client(self._build_lexicon_config(resolved_domain)) as operations: -+ with Client(self._build_lexicon_config(domain)) as operations: - operations.create_record(rtype='TXT', name=validation_name, content=validation) - except RequestException as e: - logger.debug('Encountered error adding TXT record: %s', e, exc_info=True) -@@ -228,51 +223,11 @@ class LexiconDNSAuthenticator(dns_common - - def _cleanup(self, domain: str, validation_name: str, validation: str) -> None: - try: -- resolved_domain = self._resolve_domain(domain) -- except errors.PluginError as e: -- logger.debug('Encountered error finding domain_id during deletion: %s', e, -- exc_info=True) -- return -- -- try: -- with Client(self._build_lexicon_config(resolved_domain)) as operations: -+ with Client(self._build_lexicon_config(domain)) as operations: - operations.delete_record(rtype='TXT', name=validation_name, content=validation) - except RequestException as e: - logger.debug('Encountered error deleting TXT record: %s', e, exc_info=True) - -- def _resolve_domain(self, domain: str) -> str: -- domain_name_guesses = dns_common.base_domain_name_guesses(domain) -- -- for domain_name in domain_name_guesses: -- try: -- # Using client as a context manager requires `dns-lexicon>=3.14` and we may want to -- # provide better checks and error handling around this in the future. -- with Client(self._build_lexicon_config(domain_name)): -- return domain_name -- except HTTPError as e: -- result1 = self._handle_http_error(e, domain_name) -- -- if result1: -- raise result1 -- except Exception as e: # pylint: disable=broad-except -- result2 = self._handle_general_error(e, domain_name) -- -- if result2: -- raise result2 # pylint: disable=raising-bad-type -- -- raise errors.PluginError('Unable to determine zone identifier for {0} using zone names: {1}' -- .format(domain, domain_name_guesses)) -- -- def _handle_http_error(self, e: HTTPError, domain_name: str) -> Optional[errors.PluginError]: -- return errors.PluginError('Error determining zone identifier for {0}: {1}.' -- .format(domain_name, e)) -- -- def _handle_general_error(self, e: Exception, domain_name: str) -> Optional[errors.PluginError]: -- if not str(e).startswith('No domain found'): -- return errors.PluginError('Unexpected error determining zone identifier for {0}: {1}' -- .format(domain_name, e)) -- return None -- - - # This class takes a similar approach to the cryptography project to deprecate attributes - # in public modules. See the _ModuleWithDeprecation class here: -Index: certbot-2.7.4/certbot/plugins/dns_test_common_lexicon.py -=================================================================== ---- certbot-2.7.4.orig/certbot/plugins/dns_test_common_lexicon.py -+++ certbot-2.7.4/certbot/plugins/dns_test_common_lexicon.py -@@ -197,21 +197,11 @@ class BaseLexiconClientTest: # pragma: - - class _BaseLexiconDNSAuthenticatorTestProto(_AuthenticatorCallableTestCase, Protocol): - """Protocol for BaseLexiconDNSAuthenticatorTest instances""" -- DOMAIN_NOT_FOUND: Exception -- GENERIC_ERROR: Exception -- LOGIN_ERROR: Exception -- UNKNOWN_LOGIN_ERROR: Exception -- - achall: AnnotatedChallenge - - - class BaseLexiconDNSAuthenticatorTest(dns_test_common.BaseAuthenticatorTest): - -- DOMAIN_NOT_FOUND = DOMAIN_NOT_FOUND -- GENERIC_ERROR = GENERIC_ERROR -- LOGIN_ERROR = LOGIN_ERROR -- UNKNOWN_LOGIN_ERROR = UNKNOWN_LOGIN_ERROR -- - def test_perform_succeed(self: _BaseLexiconDNSAuthenticatorTestProto) -> None: - with test_util.patch_display_util(): - with _patch_lexicon_client() as (mock_client, mock_operations): -@@ -224,48 +214,10 @@ class BaseLexiconDNSAuthenticatorTest(dn - mock_operations.create_record.assert_called_with( - rtype='TXT', name=f'_acme-challenge.{DOMAIN}', content=mock.ANY) - -- def test_perform_with_one_domain_resolution_failure_succeed( -- self: _BaseLexiconDNSAuthenticatorTestProto) -> None: -- with test_util.patch_display_util(): -- with _patch_lexicon_client() as (mock_client, mock_operations): -- mock_client.return_value.__enter__.side_effect = [ -- self.DOMAIN_NOT_FOUND, # First resolution domain attempt -- mock_operations, # Second resolution domain attempt -- mock_operations, # Create record operation -- ] -- self.auth.perform([self.achall]) -- -- def test_perform_with_two_domain_resolution_failures_raise( -- self: _BaseLexiconDNSAuthenticatorTestProto) -> None: -- with test_util.patch_display_util(): -- with _patch_lexicon_client() as (mock_client, _): -- mock_client.return_value.__enter__.side_effect = self.DOMAIN_NOT_FOUND -- self.assertRaises(errors.PluginError, -- self.auth.perform, -- [self.achall]) -- -- def test_perform_with_domain_resolution_general_failure_raise( -- self: _BaseLexiconDNSAuthenticatorTestProto) -> None: -- with test_util.patch_display_util(): -- with _patch_lexicon_client() as (mock_client, _): -- mock_client.return_value.__enter__.side_effect = self.GENERIC_ERROR -- self.assertRaises(errors.PluginError, -- self.auth.perform, -- [self.achall]) -- - def test_perform_with_auth_failure_raise(self: _BaseLexiconDNSAuthenticatorTestProto) -> None: - with test_util.patch_display_util(): - with _patch_lexicon_client() as (mock_client, _): -- mock_client.side_effect = self.LOGIN_ERROR -- self.assertRaises(errors.PluginError, -- self.auth.perform, -- [self.achall]) -- -- def test_perform_with_unknown_auth_failure_raise( -- self: _BaseLexiconDNSAuthenticatorTestProto) -> None: -- with test_util.patch_display_util(): -- with _patch_lexicon_client() as (mock_client, _): -- mock_client.side_effect = self.UNKNOWN_LOGIN_ERROR -+ mock_client.side_effect = RequestException() - self.assertRaises(errors.PluginError, - self.auth.perform, - [self.achall]) -@@ -274,7 +226,7 @@ class BaseLexiconDNSAuthenticatorTest(dn - self: _BaseLexiconDNSAuthenticatorTestProto) -> None: - with test_util.patch_display_util(): - with _patch_lexicon_client() as (_, mock_operations): -- mock_operations.create_record.side_effect = self.GENERIC_ERROR -+ mock_operations.create_record.side_effect = RequestException() - self.assertRaises(errors.PluginError, - self.auth.perform, - [self.achall]) -@@ -293,31 +245,13 @@ class BaseLexiconDNSAuthenticatorTest(dn - - def test_cleanup_with_auth_failure_ignore(self: _BaseLexiconDNSAuthenticatorTestProto) -> None: - with _patch_lexicon_client() as (mock_client, _): -- mock_client.side_effect = self.LOGIN_ERROR -- self.auth.cleanup([self.achall]) -- -- def test_cleanup_with_unknown_auth_failure_ignore( -- self: _BaseLexiconDNSAuthenticatorTestProto) -> None: -- with _patch_lexicon_client() as (mock_client, _): -- mock_client.side_effect = self.LOGIN_ERROR -- self.auth.cleanup([self.achall]) -- -- def test_cleanup_with_domain_resolution_failure_ignore( -- self: _BaseLexiconDNSAuthenticatorTestProto) -> None: -- with _patch_lexicon_client() as (mock_client, _): -- mock_client.return_value.__enter__.side_effect = self.DOMAIN_NOT_FOUND -- self.auth.cleanup([self.achall]) -- -- def test_cleanup_with_domain_resolution_general_failure_ignore( -- self: _BaseLexiconDNSAuthenticatorTestProto) -> None: -- with _patch_lexicon_client() as (mock_client, _): -- mock_client.return_value.__enter__.side_effect = self.GENERIC_ERROR -+ mock_client.side_effect = RequestException() - self.auth.cleanup([self.achall]) - - def test_cleanup_with_delete_record_failure_ignore( - self: _BaseLexiconDNSAuthenticatorTestProto) -> None: - with _patch_lexicon_client() as (_, mock_operations): -- mock_operations.create_record.side_effect = self.GENERIC_ERROR -+ mock_operations.create_record.side_effect = RequestException() - self.auth.cleanup([self.achall]) - - diff --git a/certbot-2.7.4.tar.gz b/certbot-2.7.4.tar.gz deleted file mode 100644 index abe1be4..0000000 --- a/certbot-2.7.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:173778fef4e2e3014f60be02d4798dff7ea32790277b90b3c7249c5d46d17c75 -size 435602 diff --git a/certbot-2.8.0.tar.gz b/certbot-2.8.0.tar.gz new file mode 100644 index 0000000..8fcb537 --- /dev/null +++ b/certbot-2.8.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:95234695951e458fcc4199b8bc60589d5c7055193265ea0973773b01c5293d4d +size 436184 diff --git a/python-certbot.changes b/python-certbot.changes index 4cf79ac..13fe957 100644 --- a/python-certbot.changes +++ b/python-certbot.changes @@ -1,10 +1,16 @@ +------------------------------------------------------------------- +Thu Dec 7 10:40:28 UTC 2023 - Markéta Machová + +- Update to 2.8.0 + * Support for Python 3.7 was removed. + * Stop using the deprecated pkg_resources API included in setuptools. + ------------------------------------------------------------------- Thu Nov 16 12:56:34 UTC 2023 - Markéta Machová - Update to 2.7.4 * Fixed a bug introduced in version 2.7.0 that caused interactively entered webroot plugin values to not be saved for renewal. -- Add built-in-lexicon.patch to fix failures with dns-lexicon. ------------------------------------------------------------------- Mon Oct 30 15:37:44 UTC 2023 - Markéta Machová diff --git a/python-certbot.spec b/python-certbot.spec index eb9f915..2ae2358 100644 --- a/python-certbot.spec +++ b/python-certbot.spec @@ -19,14 +19,12 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} %define skip_python2 1 Name: python-certbot -Version: 2.7.4 +Version: 2.8.0 Release: 0 Summary: ACME client License: Apache-2.0 URL: https://github.com/certbot/certbot Source0: https://files.pythonhosted.org/packages/source/c/certbot/certbot-%{version}.tar.gz -# PATCH-FIX-UPSTREAM picked from https://github.com/certbot/certbot/pull/9838 Actual resolution of the DNS zone name in Lexicon-based DNS plugins -Patch: built-in-lexicon.patch BuildRequires: %{python_module acme >= %{version}} BuildRequires: %{python_module configargparse >= 1.5.3} BuildRequires: %{python_module configobj >= 5.0.6}