Accepting request 1299119 from devel:languages:python:certbot

certbot version bump

OBS-URL: https://build.opensuse.org/request/show/1299119
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-certbot?expand=0&rev=59

certbot-2.11.0.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:257ae1cb0a534373ca50dd807c9ae96f27660e41379c45afb9b50cab0e6a7a97
-size 438415

certbot-4.2.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fb1e56ca8a072bec49ac0c7b5390a29cbf68c2c05f712259a9b3491de041c27b
+size 442984

python-certbot.changes

@@ -1,11 +1,135 @@
+-------------------------------------------------------------------
+Tue Aug 12 15:53:44 UTC 2025 - Markéta Machová <mmachova@suse.com>
+
+- Update to 4.2.0
+  * Added --eab-hmac-alg parameter to support custom HMAC algorithm for
+    External Account Binding.
+  * Catches and ignores errors during the directory fetch for ARI checking
+    so that these errors do not hinder the actual certificate issuance.
+  * Removed the dependency on pytz
+  * Support for Python 3.9 was deprecated and will be removed in our next
+    planned release.
+  * The Certbot snap no longer sets the environment variable PYTHONPATH
+    stopping it from picking up Python files in the current directory
+    and polluting the environment for Certbot hooks written in Python.
+  * Previously, we claimed to set FAILED_DOMAINS and RENEWED_DOMAINS env
+    variables for use by post-hooks when certificate renewals fail, but
+    we were not actually setting them. Now, we are.
+  * Certbot now always uses the server value from the renewal configuration
+    file for ARI checks instead of the server value from the current
+    invocation of Certbot. This helps prevent ARI requests from going to the
+    wrong server if the user changes CAs.
+- Make the libalternatives transition conditional
+
+-------------------------------------------------------------------
+Wed Jun 25 12:10:30 UTC 2025 - Markéta Machová <mmachova@suse.com>
+
+- Convert to libalternatives
+- Drop some ancient compatibility code
+
+-------------------------------------------------------------------
+Fri Jun 13 14:34:45 UTC 2025 - Markéta Machová <mmachova@suse.com>
+
+- Update to 4.1.1
+  * Deprecated parameter enforce_openssl_binary_usage from
+    certbot.ocsp.RevocationChecker.
+  * The --preferred-profile and --required-profile flags now have their
+    values stored in the renewal configuration so the same setting will
+    be used on renewal.
+  * No longer checks ARI during certbot --dry-run.
+  * Fixed an unintended change introduced in 4.0.0 where renew_before_expiry
+    could not be shorter than certbot's default renewal time.
+  * Switched to src-layout from flat-layout to accommodate PEP 517 pip
+    editable installs
+
+-------------------------------------------------------------------
+Tue Apr 22 03:35:34 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Update to 4.0.0:
+  * Added
+    + The --preferred-profile and --required-profile flags allow requesting
+      a profile.
+  * Changed
+    + Certificates now renew with 1/3rd of lifetime left (or 1/2 of lifetime
+      left, if the lifetime is shorter than 10 days).
+    + removed acme.crypto_util._pyopenssl_cert_or_req_all_names
+    + removed acme.crypto_util._pyopenssl_cert_or_req_san
+    + removed acme.crypto_util.dump_pyopenssl_chain
+    + removed acme.crypto_util.gen_ss_cert
+    + removed certbot.crypto_util.dump_pyopenssl_chain
+    + removed certbot.crypto_util.pyopenssl_load_certificate
+  * Fixed
+    + Moved RewriteEngine on directive added during apache http01
+      authentication to the end of the virtual host, so that it overwrites
+      any RewriteEngine off directives that already exist and allows
+      redirection to the challenge URL.
+
+-------------------------------------------------------------------
+Fri Mar 21 12:21:54 UTC 2025 - Markéta Machová <mmachova@suse.com>
+
+- Update to 3.3.0
+  * The --register-unsafely-without-email flag is no longer needed
+    in non-interactive mode.
+  * In interactive mode, pressing Enter at the email prompt will
+    register without an email.
+  * deprecated certbot.crypto_util.dump_pyopenssl_chain
+  * deprecated certbot.crypto_util.pyopenssl_load_certificate
+  * Fixed a bug introduced in Certbot 3.1.0 where OpenSSL environment
+    variables needed in our snap configuration were persisted in calls
+    to external programs like nginx which could cause them to fail to
+    load OpenSSL.
+
+-------------------------------------------------------------------
+Thu Feb 13 11:23:18 UTC 2025 - Dirk Müller <dmueller@suse.com>
+
+- update to 3.2.0:
+  * certbot-nginx now requires pyparsing>=2.4.7.
+  * certbot and its acme library now require
+    cryptography>=43.0.0.
+  * certbot-nginx and our acme library now require
+    pyOpenSSL>=25.0.0.
+  * Deprecated `gen_ss_cert` in `acme.crypto_util` as it uses
+    deprecated pyOpenSSL API.
+  * Add `make_self_signed_cert` to `acme.crypto_util` to replace
+    `gen_ss_cert.
+  * Directory hooks are now run on all commands by default, not
+    just `renew`
+  * Help output now shows `False` as default when it can be set
+    via `cli.ini` instead of `None`
+  * Changed terms of service agreement text to have a newline
+    after the TOS link
+  * certbot-cloudflare-dns is now pinned to version 2.19 of
+    Cloudflare's python library
+
+-------------------------------------------------------------------
+Mon Jan 27 14:08:39 UTC 2025 - Markéta Machová <mmachova@suse.com>
+
+- Update to 3.1.0
+  * Python 3.8 support was removed.
+  * Our runtime dependency on setuptools has been dropped from all
+    Certbot components.
+  * Certbot's packages no longer depend on library importlib_resources.
+- Convert to pip-based build
+
+-------------------------------------------------------------------
+Tue Dec  3 14:46:41 UTC 2024 - Markéta Machová <mmachova@suse.com>
+
+- Update to 3.0.1
+  * The update_symlinks command was removed.
+  * The csr_dir and key_dir attributes on
+    certbot.configuration.NamespaceConfig were removed.
+  * The --manual-public-ip-logging-ok command line flag was removed.
+  * Support for Python 3.8 was deprecated and will be removed in our
+    next planned release.
+
 -------------------------------------------------------------------
 Tue Jun 25 12:15:06 UTC 2024 - Markéta Machová <mmachova@suse.com>
 
 - update to 2.11.0
-  * Fixed a bug in Certbot where a CSR's SANs did not always follow 
+  * Fixed a bug in Certbot where a CSR's SANs did not always follow
-    the order of the domain names that the user requested interactively. 
+    the order of the domain names that the user requested interactively.
-    In some cases, the resulting cert's common name might seem picked 
+    In some cases, the resulting cert's common name might seem picked
-    up randomly from the SANs when it should be the first item the user 
+    up randomly from the SANs when it should be the first item the user
     had in mind.
 
 -------------------------------------------------------------------

python-certbot.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python-certbot
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,9 +16,14 @@
 #
 
 
+%if 0%{?suse_version} > 1500
+%bcond_without libalternatives
+%else
+%bcond_with libalternatives
+%endif
 %{?sle15_python_module_pythons}
 Name:           python-certbot
-Version:        2.11.0
+Version:        4.2.0
 Release:        0
 Summary:        ACME client
 License:        Apache-2.0
@@ -27,38 +32,33 @@ Source0:        https://files.pythonhosted.org/packages/source/c/certbot/certbot
 BuildRequires:  %{python_module acme >= %{version}}
 BuildRequires:  %{python_module configargparse >= 1.5.3}
 BuildRequires:  %{python_module configobj >= 5.0.6}
-BuildRequires:  %{python_module cryptography >= 3.2.1}
+BuildRequires:  %{python_module cryptography >= 43.0.0}
 BuildRequires:  %{python_module distro >= 1.0.1}
-BuildRequires:  %{python_module importlib-metadata if %python-base < 3.10}
+BuildRequires:  %{python_module josepy >= 2.0.0}
-BuildRequires:  %{python_module importlib-resources if %python-base < 3.9}
-BuildRequires:  %{python_module josepy >= 1.13.0}
 BuildRequires:  %{python_module parsedatetime >= 2.4}
+BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module pyRFC3339}
 BuildRequires:  %{python_module pytest}
-BuildRequires:  %{python_module pytz >= 2019.3}
 BuildRequires:  %{python_module setuptools >= 41.6.0}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
 Requires:       python-acme >= %{version}
 Requires:       python-configargparse >= 1.5.3
 Requires:       python-configobj >= 5.0.6
-Requires:       python-cryptography >= 3.2.1
+Requires:       python-cryptography >= 43.0.0
 Requires:       python-distro >= 1.0.1
-Requires:       python-josepy >= 1.9.0
+Requires:       python-josepy >= 2.0.0
 Requires:       python-parsedatetime >= 2.4
 Requires:       python-pyRFC3339
-Requires:       python-pytz >= 2019.3
-Requires:       python-setuptools >= 41.6.0
-Requires(post): update-alternatives
-Requires(postun): update-alternatives
-%if %{python_version_nodots} < 310
-Requires:       python-importlib-metadata
-%endif
-%if %{python_version_nodots} < 39
-Requires:       python-importlib-resources
-%endif
 Provides:       certbot = %{version}
 Obsoletes:      certbot < %{version}
+%if %{with libalternatives}
+BuildRequires:  alts
+Requires:       alts
+%else
+Requires(post): update-alternatives
+Requires(postun): update-alternatives
+%endif
 BuildArch:      noarch
 %python_subpackages
 
@@ -67,29 +67,25 @@ certbot is a free, automated certificate authority that aims
 to lower the barriers to entry for encrypting all HTTP traffic on the internet.
 
 %prep
-%setup -q -n certbot-%{version}
+%autosetup -p1 -n certbot-%{version}
-%autopatch -p1
 
 %build
-%python_build
+%pyproject_wheel
 
 %install
-%python_install
+%pyproject_install
 %python_clone -a %{buildroot}%{_bindir}/certbot
 %python_expand %fdupes %{buildroot}%{$python_sitelib}
 
 %check
-%pytest
+# test_lock_order[renew] needs internet connection to check ARI
+%pytest -k "not (test_lock_order and renew)"
+
+%pre
+%python_libalternatives_reset_alternative certbot
 
 %post
 %python_install_alternative certbot
-# migrate from old certbot to new certbot
-if test ! -h %{_sysconfdir}/certbot -a -e %{_sysconfdir}/certbot; then
-	echo "Migrating %{_sysconfdir}/certbot to %{_sysconfdir}/letsencrypt..."
-	mv %{_sysconfdir}/letsencrypt %{_sysconfdir}/letsencrypt.empty
-	mv %{_sysconfdir}/certbot %{_sysconfdir}/letsencrypt
-	cd %{_sysconfdir} ; ln -s letsencrypt certbot
-fi
 
 %postun
 %python_uninstall_alternative certbot
@@ -97,7 +93,8 @@ fi
 %files %{python_files}
 %license LICENSE.txt
 %doc README.rst
-%{python_sitelib}/*
+%{python_sitelib}/certbot
+%{python_sitelib}/certbot-%{version}.dist-info
 %python_alternative %{_bindir}/certbot
 
 %changelog