name: certbot
summary: Automatically configure HTTPS using Let's Encrypt
description: |
 The objective of Certbot, Let's Encrypt, and the ACME (Automated
 Certificate Management Environment) protocol is to make it possible
 to set up an HTTPS server and have it automatically obtain a
 browser-trusted certificate, without any human intervention. This is
 accomplished by running a certificate management agent on the web
 server.

 This agent is used to:
   - Automatically prove to the Let's Encrypt CA that you control the website
   - Obtain a browser-trusted certificate and set it up on your web server
   - Keep track of when your certificate is going to expire, and renew it
   - Help you revoke the certificate if that ever becomes necessary.
confinement: classic
base: core20
grade: stable
adopt-info: certbot

apps:
  certbot:
    command: bin/python3 -s $SNAP/bin/certbot
    environment:
      PATH: "$SNAP/bin:$SNAP/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"
      AUGEAS_LENS_LIB: "$SNAP/usr/share/augeas/lenses/dist"
      CERTBOT_SNAPPED: "True"
  renew:
    command: bin/python3 -s $SNAP/bin/certbot -q renew
    daemon: oneshot
    environment:
      PATH: "$SNAP/bin:$SNAP/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"
      AUGEAS_LENS_LIB: $SNAP/usr/share/augeas/lenses/dist
      CERTBOT_SNAPPED: "True"
    # Run approximately twice a day with randomization
    timer: 00:00~24:00/2


parts:
  certbot:
    plugin: python
    source: .
    python-packages:
      - git+https://github.com/certbot/python-augeas.git@certbot-patched
      - ./acme
      - ./certbot
      - ./certbot-apache
      - ./certbot-nginx
    stage:
      - -usr/lib/python3.8/sitecustomize.py # maybe unnecessary
      # Old versions of this file used to unstage
      # lib/python3.8/site-packages/augeas.py to avoid conflicts between
      # python-augeas 0.5.0 which was pinned in snap-constraints.txt and
      # our python-augeas fork which creates an auto-generated cffi file at
      # the same path. Since we've combined things in one part and removed the
      # python-augeas pinning, unstaging this file had a different, unintended
      # effect so we now stage the file to keep the auto-generated cffi file.
    stage-packages:
      - libaugeas0
      - libpython3.8-dev
      # added to stage python:
      - libpython3-stdlib
      - libpython3.8-stdlib
      - libpython3.8-minimal
      - python3-pip
      - python3-wheel
      - python3-venv
      - python3-minimal
      - python3-distutils
      - python3-pkg-resources
      - python3.8-minimal
    # To build cryptography and cffi if needed
    build-packages:
      - gcc
      - git
      - libaugeas-dev
      - build-essential
      - libssl-dev
      - libffi-dev
      - python3-dev
      - cargo
    build-environment:
      # We set this environment variable while building to try and increase the
      # stability of fetching the rust crates needed to build the cryptography
      # library.
      - CARGO_NET_GIT_FETCH_WITH_CLI: "true"
      - SNAPCRAFT_PYTHON_VENV_ARGS: --upgrade
      # Constraints are passed through the environment variable PIP_CONSTRAINTS instead of using the
      # parts.[part_name].constraints option available in snapcraft.yaml when the Python plugin is
      # used. This is done to let these constraints be applied not only on the certbot package
      # build, but also on any isolated build that pip could trigger when building wheels for
      # dependencies. See https://github.com/certbot/certbot/pull/8443 for more info.
      - PIP_CONSTRAINT: $SNAPCRAFT_PART_SRC/snap-constraints.txt
    override-build: |
      python3 -m venv "${SNAPCRAFT_PART_INSTALL}"
      "${SNAPCRAFT_PART_INSTALL}/bin/python3" "${SNAPCRAFT_PART_SRC}/tools/pipstrap.py"
      snapcraftctl build
    override-pull: |
      snapcraftctl pull
      grep -v python-augeas "${SNAPCRAFT_PART_SRC}/tools/requirements.txt" >> "${SNAPCRAFT_PART_SRC}/snap-constraints.txt"
      snapcraftctl set-version `grep -oP "__version__ = '\K.*(?=')" "${SNAPCRAFT_PART_SRC}/certbot/certbot/__init__.py"`
  shared-metadata:
    plugin: dump
    source: .
    override-pull: |
      snapcraftctl pull
      mkdir -p certbot-metadata
      grep -oP "__version__ = '\K.*(?=')" $SNAPCRAFT_PART_SRC/certbot/certbot/__init__.py > certbot-metadata/certbot-version.txt
    stage: [certbot-metadata/certbot-version.txt]

plugs:
  plugin:
    interface: content
    content: certbot-1
    target: $SNAP/certbot-plugin

slots:
  certbot-metadata:
    interface: content
    content: metadata-1
    read: [$SNAP/certbot-metadata]