diff options
Diffstat (limited to 'certbot-auto')
| -rwxr-xr-x | certbot-auto | 234 |
1 files changed, 133 insertions, 101 deletions
diff --git a/certbot-auto b/certbot-auto index 4e27bbd52..90b8157fe 100755 --- a/certbot-auto +++ b/certbot-auto @@ -23,7 +23,7 @@ if [ -z "$VENV_PATH" ]; then VENV_PATH="$XDG_DATA_HOME/$VENV_NAME" fi VENV_BIN="$VENV_PATH/bin" -LE_AUTO_VERSION="0.10.2" +LE_AUTO_VERSION="0.11.0" BASENAME=$(basename $0) USAGE="Usage: $BASENAME [OPTIONS] A self-updating wrapper script for the Certbot ACME client. When run, updates @@ -38,8 +38,9 @@ Help for certbot itself cannot be provided until it is installed. -n, --non-interactive, --noninteractive run without asking for user input --no-self-upgrade do not download updates --os-packages-only install OS dependencies and exit - -q, --quiet provide only update/error output -v, --verbose provide more output + -q, --quiet provide only update/error output; + implies --non-interactive All arguments are accepted and forwarded to the Certbot client when run." @@ -84,6 +85,11 @@ if [ $BASENAME = "letsencrypt-auto" ]; then HELP=0 fi +# Set ASSUME_YES to 1 if QUIET (i.e. --quiet implies --non-interactive) +if [ "$QUIET" = 1 ]; then + ASSUME_YES=1 +fi + # Support for busybox and others where there is no "command", # but "which" instead if command -v command > /dev/null 2>&1 ; then @@ -99,7 +105,7 @@ fi # certbot itself needs root access for almost all modes of operation # The "normal" case is that sudo is used for the steps that need root, but # this script *can* be run as root (not recommended), or fall back to using -# `su`. Auto-detection can be overrided by explicitly setting the +# `su`. Auto-detection can be overridden by explicitly setting the # environment variable LE_AUTO_SUDO to 'sudo', 'sudo_su' or '' as used below. # Because the parameters in `su -c` has to be a string, @@ -207,7 +213,11 @@ BootstrapDebCommon() { # # - Debian 6.0.10 "squeeze" (x64) - $SUDO apt-get update || echo apt-get update hit problems but continuing anyway... + if [ "$QUIET" = 1 ]; then + QUIET_FLAG='-qq' + fi + + $SUDO apt-get $QUIET_FLAG update || echo apt-get update hit problems but continuing anyway... # virtualenv binary can be found in different packages depending on # distro version (#346) @@ -215,74 +225,74 @@ BootstrapDebCommon() { virtualenv= # virtual env is known to apt and is installable if apt-cache show virtualenv > /dev/null 2>&1 ; then - if ! LC_ALL=C apt-cache --quiet=0 show virtualenv 2>&1 | grep -q 'No packages found'; then - virtualenv="virtualenv" - fi + if ! LC_ALL=C apt-cache --quiet=0 show virtualenv 2>&1 | grep -q 'No packages found'; then + virtualenv="virtualenv" + fi fi if apt-cache show python-virtualenv > /dev/null 2>&1; then - virtualenv="$virtualenv python-virtualenv" + virtualenv="$virtualenv python-virtualenv" fi augeas_pkg="libaugeas0 augeas-lenses" AUGVERSION=`LC_ALL=C apt-cache show --no-all-versions libaugeas0 | grep ^Version: | cut -d" " -f2` if [ "$ASSUME_YES" = 1 ]; then - YES_FLAG="-y" + YES_FLAG="-y" fi AddBackportRepo() { - # ARGS: - BACKPORT_NAME="$1" - BACKPORT_SOURCELINE="$2" - echo "To use the Apache Certbot plugin, augeas needs to be installed from $BACKPORT_NAME." - if ! grep -v -e ' *#' /etc/apt/sources.list | grep -q "$BACKPORT_NAME" ; then - # This can theoretically error if sources.list.d is empty, but in that case we don't care. - if ! grep -v -e ' *#' /etc/apt/sources.list.d/* 2>/dev/null | grep -q "$BACKPORT_NAME"; then - if [ "$ASSUME_YES" = 1 ]; then - /bin/echo -n "Installing augeas from $BACKPORT_NAME in 3 seconds..." - sleep 1s - /bin/echo -ne "\e[0K\rInstalling augeas from $BACKPORT_NAME in 2 seconds..." - sleep 1s - /bin/echo -e "\e[0K\rInstalling augeas from $BACKPORT_NAME in 1 second ..." - sleep 1s - add_backports=1 - else - read -p "Would you like to enable the $BACKPORT_NAME repository [Y/n]? " response - case $response in - [yY][eE][sS]|[yY]|"") - add_backports=1;; - *) - add_backports=0;; - esac - fi - if [ "$add_backports" = 1 ]; then - $SUDO sh -c "echo $BACKPORT_SOURCELINE >> /etc/apt/sources.list.d/$BACKPORT_NAME.list" - $SUDO apt-get update - fi - fi - fi - if [ "$add_backports" != 0 ]; then - $SUDO apt-get install $YES_FLAG --no-install-recommends -t "$BACKPORT_NAME" $augeas_pkg - augeas_pkg= + # ARGS: + BACKPORT_NAME="$1" + BACKPORT_SOURCELINE="$2" + echo "To use the Apache Certbot plugin, augeas needs to be installed from $BACKPORT_NAME." + if ! grep -v -e ' *#' /etc/apt/sources.list | grep -q "$BACKPORT_NAME" ; then + # This can theoretically error if sources.list.d is empty, but in that case we don't care. + if ! grep -v -e ' *#' /etc/apt/sources.list.d/* 2>/dev/null | grep -q "$BACKPORT_NAME"; then + if [ "$ASSUME_YES" = 1 ]; then + /bin/echo -n "Installing augeas from $BACKPORT_NAME in 3 seconds..." + sleep 1s + /bin/echo -ne "\e[0K\rInstalling augeas from $BACKPORT_NAME in 2 seconds..." + sleep 1s + /bin/echo -e "\e[0K\rInstalling augeas from $BACKPORT_NAME in 1 second ..." + sleep 1s + add_backports=1 + else + read -p "Would you like to enable the $BACKPORT_NAME repository [Y/n]? " response + case $response in + [yY][eE][sS]|[yY]|"") + add_backports=1;; + *) + add_backports=0;; + esac + fi + if [ "$add_backports" = 1 ]; then + $SUDO sh -c "echo $BACKPORT_SOURCELINE >> /etc/apt/sources.list.d/$BACKPORT_NAME.list" + $SUDO apt-get $QUIET_FLAG update + fi fi + fi + if [ "$add_backports" != 0 ]; then + $SUDO apt-get install $QUIET_FLAG $YES_FLAG --no-install-recommends -t "$BACKPORT_NAME" $augeas_pkg + augeas_pkg= + fi } if dpkg --compare-versions 1.0 gt "$AUGVERSION" ; then - if lsb_release -a | grep -q wheezy ; then - AddBackportRepo wheezy-backports "deb http://http.debian.net/debian wheezy-backports main" - elif lsb_release -a | grep -q precise ; then - # XXX add ARM case - AddBackportRepo precise-backports "deb http://archive.ubuntu.com/ubuntu precise-backports main restricted universe multiverse" - else - echo "No libaugeas0 version is available that's new enough to run the" - echo "Certbot apache plugin..." - fi - # XXX add a case for ubuntu PPAs + if lsb_release -a | grep -q wheezy ; then + AddBackportRepo wheezy-backports "deb http://http.debian.net/debian wheezy-backports main" + elif lsb_release -a | grep -q precise ; then + # XXX add ARM case + AddBackportRepo precise-backports "deb http://archive.ubuntu.com/ubuntu precise-backports main restricted universe multiverse" + else + echo "No libaugeas0 version is available that's new enough to run the" + echo "Certbot apache plugin..." + fi + # XXX add a case for ubuntu PPAs fi - $SUDO apt-get install $YES_FLAG --no-install-recommends \ + $SUDO apt-get install $QUIET_FLAG $YES_FLAG --no-install-recommends \ python \ python-dev \ $virtualenv \ @@ -294,7 +304,6 @@ BootstrapDebCommon() { ca-certificates \ - if ! $EXISTS virtualenv > /dev/null ; then echo Failed to install a working \"virtualenv\" command, exiting exit 1 @@ -323,6 +332,9 @@ BootstrapRpmCommon() { if [ "$ASSUME_YES" = 1 ]; then yes_flag="-y" fi + if [ "$QUIET" = 1 ]; then + QUIET_FLAG='--quiet' + fi if ! $SUDO $tool list *virtualenv >/dev/null 2>&1; then echo "To use Certbot, packages from the EPEL repository need to be installed." @@ -331,14 +343,14 @@ BootstrapRpmCommon() { exit 1 fi if [ "$ASSUME_YES" = 1 ]; then - /bin/echo -n "Enabling the EPEL repository in 3 seconds..." - sleep 1s - /bin/echo -ne "\e[0K\rEnabling the EPEL repository in 2 seconds..." - sleep 1s - /bin/echo -e "\e[0K\rEnabling the EPEL repository in 1 seconds..." - sleep 1s + /bin/echo -n "Enabling the EPEL repository in 3 seconds..." + sleep 1s + /bin/echo -ne "\e[0K\rEnabling the EPEL repository in 2 seconds..." + sleep 1s + /bin/echo -e "\e[0K\rEnabling the EPEL repository in 1 seconds..." + sleep 1s fi - if ! $SUDO $tool install $yes_flag epel-release; then + if ! $SUDO $tool install $yes_flag $QUIET_FLAG epel-release; then echo "Could not enable EPEL. Aborting bootstrap!" exit 1 fi @@ -380,9 +392,9 @@ BootstrapRpmCommon() { " fi - if ! $SUDO $tool install $yes_flag $pkgs; then - echo "Could not install OS dependencies. Aborting bootstrap!" - exit 1 + if ! $SUDO $tool install $yes_flag $QUIET_FLAG $pkgs; then + echo "Could not install OS dependencies. Aborting bootstrap!" + exit 1 fi } @@ -394,7 +406,11 @@ BootstrapSuseCommon() { install_flags="-l" fi - $SUDO zypper $zypper_flags in $install_flags \ + if [ "$QUIET" = 1 ]; then + QUIET_FLAG='-qq' + fi + + $SUDO zypper $QUIET_FLAG $zypper_flags in $install_flags \ python \ python-devel \ python-virtualenv \ @@ -432,7 +448,11 @@ BootstrapArchCommon() { fi if [ "$missing" ]; then - $SUDO pacman -S --needed $missing $noconfirm + if [ "$QUIET" = 1]; then + $SUDO pacman -S --needed $missing $noconfirm > /dev/null + else + $SUDO pacman -S --needed $missing $noconfirm + fi fi } @@ -465,7 +485,11 @@ BootstrapGentooCommon() { } BootstrapFreeBsd() { - $SUDO pkg install -Ay \ + if [ "$QUIET" = 1 ]; then + QUIET_FLAG="--quiet" + fi + + $SUDO pkg install -Ay $QUIET_FLAG \ python \ py27-virtualenv \ augeas \ @@ -505,15 +529,15 @@ BootstrapMac() { fi if ! hash pip 2>/dev/null; then - echo "pip not installed" - echo "Installing pip..." - curl --silent --show-error --retry 5 https://bootstrap.pypa.io/get-pip.py | python + echo "pip not installed" + echo "Installing pip..." + curl --silent --show-error --retry 5 https://bootstrap.pypa.io/get-pip.py | python fi if ! hash virtualenv 2>/dev/null; then - echo "virtualenv not installed." - echo "Installing with pip..." - pip install virtualenv + echo "virtualenv not installed." + echo "Installing with pip..." + pip install virtualenv fi } @@ -523,26 +547,29 @@ BootstrapSmartOS() { } BootstrapMageiaCommon() { - if ! $SUDO urpmi --force \ - python \ - libpython-devel \ - python-virtualenv + if [ "$QUIET" = 1 ]; then + QUIET_FLAG='--quiet' + fi + + if ! $SUDO urpmi --force $QUIET_FLAG \ + python \ + libpython-devel \ + python-virtualenv then echo "Could not install Python dependencies. Aborting bootstrap!" exit 1 - fi + fi - if ! $SUDO urpmi --force \ - git \ - gcc \ - python-augeas \ - openssl \ - libopenssl-devel \ - libffi-devel \ - rootcerts + if ! $SUDO urpmi --force $QUIET_FLAG \ + git \ + gcc \ + python-augeas \ + libopenssl-devel \ + libffi-devel \ + rootcerts then - echo "Could not install additional dependencies. Aborting bootstrap!" - exit 1 + echo "Could not install additional dependencies. Aborting bootstrap!" + exit 1 fi } @@ -609,6 +636,11 @@ if [ "$1" = "--le-auto-phase2" ]; then # --version output ran through grep due to python-cryptography DeprecationWarnings # grep for both certbot and letsencrypt until certbot and shim packages have been released INSTALLED_VERSION=$("$VENV_BIN/letsencrypt" --version 2>&1 | grep "^certbot\|^letsencrypt" | cut -d " " -f 2) + if [ -z "$INSTALLED_VERSION" ]; then + echo "Error: couldn't get currently installed version for $VENV_BIN/letsencrypt: " 1>&2 + "$VENV_BIN/letsencrypt" --version + exit 1 + fi else INSTALLED_VERSION="none" fi @@ -801,18 +833,18 @@ letsencrypt==0.7.0 \ # THE LINES BELOW ARE EDITED BY THE RELEASE SCRIPT; ADD ALL DEPENDENCIES ABOVE. -acme==0.10.2 \ - --hash=sha256:053bbf8d36be298e411e0fa397289307e1a888f419de1205931236114f8f825e \ - --hash=sha256:6465b66256849f8cd4269a43037d404b1ccf31a60d3c93fc628d6f6f4c43de78 -certbot==0.10.2 \ - --hash=sha256:1e680cab3cda6c3079ee64066903f93e421df46a8d4db63264a6359f3d5ba63e \ - --hash=sha256:33729ce100fc9d00d9820c81fc3ef9b95802b8d261f0cca0cce422bc568b1631 -certbot-apache==0.10.2 \ - --hash=sha256:c1f196506bf961e2171fb2af9feca8926100564b644acda1895acdf294c46e71 \ - --hash=sha256:8573275e74c8b74a9c7d7824636a37a4bc83327a7cc97a43b334fe8956ba8cb1 -certbot-nginx==0.10.2 \ - --hash=sha256:74c32bdaf2f3873aa811c3e2cdc205d3137b59c64dbcdca6f3982ed2a89b4f2a \ - --hash=sha256:c8265ab4b4bc0a6a3a81d7f0b8ff2606dd28ebbb3cd045635862286b97af2c36 +acme==0.11.0 \ + --hash=sha256:9c084f9a62241a11231af63266f2f12ad696be590393a4ab4974276a47d63404 \ + --hash=sha256:1513ae74ee8424c739a953a552890830315669d95d105469d1cff5b7db9ae888 +certbot==0.11.0 \ + --hash=sha256:cc94d890a8697b3bdbdc555bcf4ba93955f64324bc256b2ea710fd053fc03b8a \ + --hash=sha256:0f91fee360f9ce5e0584d0954fa3123832435f77f465915389032a90ac0248b1 +certbot-apache==0.11.0 \ + --hash=sha256:9a01883ca7e1159cff2a6e36bf97b83793c899c62944335f6ac2f59f9b3e8b5d \ + --hash=sha256:2b67871e7ae8bbfa7a2779fcd6444f28847fbb7a347ef4bfdb19fb55a0d75673 +certbot-nginx==0.11.0 \ + --hash=sha256:cfae45a42560e39889eebd287437556084c421a9e07a2deb3cbc0aeef92d2dab \ + --hash=sha256:dbddffe47c8e8b2d1cf47fe393b434003270a45aec896f133492c855c77e6f08 UNLIKELY_EOF # ------------------------------------------------------------------------- @@ -1024,7 +1056,7 @@ UNLIKELY_EOF fi else - # Phase 1: Upgrade certbot-auto if neceesary, then self-invoke. + # Phase 1: Upgrade certbot-auto if necessary, then self-invoke. # # Each phase checks the version of only the thing it is responsible for # upgrading. Phase 1 checks the version of the latest release of |