snap/snapcraft.yaml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111

name: certbot
summary: Automatically configure HTTPS using Let's Encrypt
description: |
 The objective of Certbot, Let's Encrypt, and the ACME (Automated
 Certificate Management Environment) protocol is to make it possible
 to set up an HTTPS server and have it automatically obtain a
 browser-trusted certificate, without any human intervention. This is
 accomplished by running a certificate management agent on the web
 server.

 This agent is used to:
   - Automatically prove to the Let's Encrypt CA that you control the website
   - Obtain a browser-trusted certificate and set it up on your web server
   - Keep track of when your certificate is going to expire, and renew it
   - Help you revoke the certificate if that ever becomes necessary.
confinement: classic
base: core20
grade: stable
adopt-info: certbot

apps:
  certbot:
    command: bin/python3 -s $SNAP/bin/certbot
    environment:
      PATH: "$SNAP/bin:$SNAP/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"
      AUGEAS_LENS_LIB: "$SNAP/usr/share/augeas/lenses/dist"
      CERTBOT_SNAPPED: "True"
  renew:
    command: bin/python3 -s $SNAP/bin/certbot -q renew
    daemon: oneshot
    environment:
      PATH: "$SNAP/bin:$SNAP/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"
      AUGEAS_LENS_LIB: $SNAP/usr/share/augeas/lenses/dist
      CERTBOT_SNAPPED: "True"
    # Run approximately twice a day with randomization
    timer: 00:00~24:00/2


parts:
  certbot:
    plugin: python
    source: .
    python-packages:
      - git+https://github.com/certbot/python-augeas.git@certbot-patched
      - ./acme
      - ./certbot
      - ./certbot-apache
      - ./certbot-nginx
    stage:
      - -usr/lib/python3.8/sitecustomize.py # maybe unnecessary
      # Old versions of this file used to unstage
      # lib/python3.8/site-packages/augeas.py to avoid conflicts between
      # python-augeas 0.5.0 which was pinned in snap-constraints.txt and
      # our python-augeas fork which creates an auto-generated cffi file at
      # the same path. Since we've combined things in one part and removed the
      # python-augeas pinning, unstaging this file had a different, unintended
      # effect so we now stage the file to keep the auto-generated cffi file.
    stage-packages:
      - libaugeas0
      - libpython3.8-dev
      # added to stage python:
      - libpython3-stdlib
      - libpython3.8-stdlib
      - libpython3.8-minimal
      - python3-pip
      - python3-wheel
      - python3-venv
      - python3-minimal
      - python3-distutils
      - python3-pkg-resources
      - python3.8-minimal
    # To build cryptography and cffi if needed
    build-packages: [gcc, libffi-dev, libssl-dev, git, libaugeas-dev, python3-dev]
    build-environment:
      - SNAPCRAFT_PYTHON_VENV_ARGS: --upgrade
      # Constraints are passed through the environment variable PIP_CONSTRAINTS instead of using the 
      # parts.[part_name].constraints option available in snapcraft.yaml when the Python plugin is
      # used. This is done to let these constraints be applied not only on the certbot package
      # build, but also on any isolated build that pip could trigger when building wheels for 
      # dependencies. See https://github.com/certbot/certbot/pull/8443 for more info.
      - PIP_CONSTRAINT: $SNAPCRAFT_PART_SRC/snap-constraints.txt
    override-build: |
      python3 -m venv "${SNAPCRAFT_PART_INSTALL}"
      "${SNAPCRAFT_PART_INSTALL}/bin/python3" "${SNAPCRAFT_PART_SRC}/tools/pipstrap.py"
      snapcraftctl build
    override-pull: |
      snapcraftctl pull
      python3 "${SNAPCRAFT_PART_SRC}/tools/strip_hashes.py" "${SNAPCRAFT_PART_SRC}/letsencrypt-auto-source/pieces/dependency-requirements.txt" | grep -v python-augeas >> "${SNAPCRAFT_PART_SRC}/snap-constraints.txt"
      python3 "${SNAPCRAFT_PART_SRC}/tools/strip_hashes.py" "${SNAPCRAFT_PART_SRC}/tools/pipstrap_constraints.txt" >> "${SNAPCRAFT_PART_SRC}/snap-constraints.txt"
      echo "$(python3 "${SNAPCRAFT_PART_SRC}/tools/merge_requirements.py" "${SNAPCRAFT_PART_SRC}/snap-constraints.txt")" > "${SNAPCRAFT_PART_SRC}/snap-constraints.txt"
      snapcraftctl set-version `grep -oP "__version__ = '\K.*(?=')" "${SNAPCRAFT_PART_SRC}/certbot/certbot/__init__.py"`
  shared-metadata:
    plugin: dump
    source: .
    override-pull: |
      snapcraftctl pull
      mkdir -p certbot-metadata
      grep -oP "__version__ = '\K.*(?=')" $SNAPCRAFT_PART_SRC/certbot/certbot/__init__.py > certbot-metadata/certbot-version.txt
    stage: [certbot-metadata/certbot-version.txt]

plugs:
  plugin:
    interface: content
    content: certbot-1
    target: $SNAP/certbot-plugin

slots:
  certbot-metadata:
    interface: content
    content: metadata-1
    read: [$SNAP/certbot-metadata]