blob: 0c2b374f2ab0948e5185a0898e9f7baf0ed2aa9f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
#!/bin/bash -xe
set -o pipefail
# $OS_TYPE $PUBLIC_IP $PRIVATE_IP $PUBLIC_HOSTNAME $BOULDER_URL
# are dynamically set at execution
cd letsencrypt
if ! command -v git ; then
if [ "$OS_TYPE" = "ubuntu" ] ; then
sudo apt-get update
fi
if ! ( sudo apt-get install -y git || sudo yum install -y git-all || sudo yum install -y git || sudo dnf install -y git ) ; then
echo git installation failed!
exit 1
fi
fi
# 0.17.0 is the oldest version of letsencrypt-auto that has precompiled
# cryptography and the tagged commit is in master. 0.16.0 was the first version
# to use precompiled cryptography, but the release PR was squashed losing the
# commit. We want to use a precompiled version of cryptography for stability.
# Previous versions that have to compile against OpenSSL on installation
# started failing on newer distros with newer versions of OpenSSL.
INITIAL_VERSION="0.17.0"
git checkout -f "v$INITIAL_VERSION" letsencrypt-auto
if ! ./letsencrypt-auto -v --debug --version --no-self-upgrade 2>&1 | grep "$INITIAL_VERSION" ; then
echo initial installation appeared to fail
exit 1
fi
# Now that python and openssl have been installed, we can set up a fake server
# to provide a new version of letsencrypt-auto. First, we start the server and
# directory to be served.
MY_TEMP_DIR=$(mktemp -d)
PORT_FILE="$MY_TEMP_DIR/port"
SERVER_PATH=$(tools/readlink.py tools/simple_http_server.py)
cd "$MY_TEMP_DIR"
"$SERVER_PATH" 0 > $PORT_FILE &
SERVER_PID=$!
trap 'kill "$SERVER_PID" && rm -rf "$MY_TEMP_DIR"' EXIT
cd ~-
# Then, we set up the files to be served.
FAKE_VERSION_NUM="99.99.99"
echo "{\"releases\": {\"$FAKE_VERSION_NUM\": null}}" > "$MY_TEMP_DIR/json"
LE_AUTO_SOURCE_DIR="$MY_TEMP_DIR/v$FAKE_VERSION_NUM"
NEW_LE_AUTO_PATH="$LE_AUTO_SOURCE_DIR/letsencrypt-auto"
mkdir "$LE_AUTO_SOURCE_DIR"
cp letsencrypt-auto-source/letsencrypt-auto "$LE_AUTO_SOURCE_DIR/letsencrypt-auto"
SIGNING_KEY="letsencrypt-auto-source/tests/signing.key"
openssl dgst -sha256 -sign "$SIGNING_KEY" -out "$NEW_LE_AUTO_PATH.sig" "$NEW_LE_AUTO_PATH"
# Next, we wait for the server to start and get the port number.
sleep 5s
SERVER_PORT=$(sed -n 's/.*port \([0-9]\+\).*/\1/p' "$PORT_FILE")
# Finally, we set the necessary certbot-auto environment variables.
export LE_AUTO_DIR_TEMPLATE="http://localhost:$SERVER_PORT/%s/"
export LE_AUTO_JSON_URL="http://localhost:$SERVER_PORT/json"
export LE_AUTO_PUBLIC_KEY="-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMoSzLYQ7E1sdSOkwelg
tzKIh2qi3bpXuYtcfFC0XrvWig071NwIj+dZiT0OLZ2hPispEH0B7ISuuWg1ll7G
hFW0VdbxL6JdGzS2ShNWkX9hE9z+j8VqwDPOBn3ZHm03qwpYkBDwQib3KqOdYbTT
uUtJmmGcuk3a9Aq/sCT6DdfmTSdP5asdQYwIcaQreDrOosaS84DTWI3IU+UYJVgl
LsIVPBuy9IcgHidUQ96hJnoPsDCWsHwX62495QKEarauyKQrJzFes0EY95orDM47
Z5o/NDiQB11m91yNB0MmPYY9QSbnOA9j7IaaC97AwRLuwXY+/R2ablTcxurWou68
iQIDAQAB
-----END PUBLIC KEY-----
"
if [ $(python -V 2>&1 | cut -d" " -f 2 | cut -d. -f1,2 | sed 's/\.//') -eq 26 ]; then
RUN_PYTHON3_TESTS=1
if command -v python3; then
echo "Didn't expect Python 3 to be installed!"
exit 1
fi
cp letsencrypt-auto cb-auto
if ! ./cb-auto -v --debug --version 2>&1 | grep "$INITIAL_VERSION" ; then
echo "Certbot shouldn't have updated to a new version!"
exit 1
fi
if [ -d "/opt/eff.org" ]; then
echo "New directory shouldn't have been created!"
exit 1
fi
# Create a 2nd venv at the new path to ensure we properly handle this case
export VENV_PATH="/opt/eff.org/certbot/venv"
if ! sudo -E ./letsencrypt-auto -v --debug --version --no-self-upgrade 2>&1 | grep "$INITIAL_VERSION" ; then
echo second installation appeared to fail
exit 1
fi
unset VENV_PATH
fi
if ./letsencrypt-auto -v --debug --version | grep "WARNING: couldn't find Python" ; then
echo "Had problems checking for updates!"
exit 1
fi
EXPECTED_VERSION=$(grep -m1 LE_AUTO_VERSION certbot-auto | cut -d\" -f2)
if ! /opt/eff.org/certbot/venv/bin/letsencrypt --version 2>&1 | grep "$EXPECTED_VERSION" ; then
echo upgrade appeared to fail
exit 1
fi
if ! diff letsencrypt-auto letsencrypt-auto-source/letsencrypt-auto ; then
echo letsencrypt-auto and letsencrypt-auto-source/letsencrypt-auto differ
exit 1
fi
if [ "$RUN_PYTHON3_TESTS" = 1 ]; then
if ! command -v python3; then
echo "Python3 wasn't properly installed"
exit 1
fi
if [ "$(/opt/eff.org/certbot/venv/bin/python -V 2>&1 | cut -d" " -f 2 | cut -d. -f1)" != 3 ]; then
echo "Python3 wasn't used in venv!"
exit 1
fi
fi
echo upgrade appeared to be successful
if [ "$(tools/readlink.py ${XDG_DATA_HOME:-~/.local/share}/letsencrypt)" != "/opt/eff.org/certbot/venv" ]; then
echo symlink from old venv path not properly created!
exit 1
fi
echo symlink properly created
|