Bug 22175 - Update request: certbot
Summary: Update request: certbot
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL:
Whiteboard: MGA6-64-OK MGA6-32-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2017-12-12 04:58 CET by Dimitri Jakov
Modified: 2018-11-04 18:01 CET (History)
5 users (show)

See Also:
Source RPM: python-acme-0.20.0-1.mga6 certbot-0.20.0-1.mga6 certbot-apache-0.20.0-1.mga6 certbot-nginx-0.20.0-1.mga6
CVE:
Status comment:


Attachments

Description Dimitri Jakov 2017-12-12 04:58:54 CET
The packages have been uploaded to Mageia 6 Core Updates Testing.

Mageia 6 ships certbot 0.14.2; since then, there have been six releases, each of them containing a lot of bugfixes. This is a therefore a cumulative update.

NB: Mageia 6 comes with python-OpenSSL 16.0.0, while newest Certbot requires at least 16.1.0, so python-OpenSSL would need an update, too. This is a minor and 100% backwards compatible update; moreover, the guys from Let's Encrypt were kind enough to perform compatibility tests for python-OpenSSL 16.1.0 + python-cryptography 1.5.3.

Suggested advisory:
========================

Certbot 0.20.0 contains multiple bugfixes and improvements.

References:
https://certbot.eff.org
https://github.com/certbot/certbot/blob/master/CHANGELOG.md

========================

Updated packages in core/updates_testing:
========================
python2-acme-0.20.0-1.mga6
python3-acme-0.20.0-1.mga6
python-OpenSSL-16.1.0-1.mga6
python-OpenSSL-doc-16.1.0-1.mga6
python3-OpenSSL-16.1.0-1.mga6
certbot-0.20.0-1.mga6
certbot-doc-0.20.0-1.mga6
certbot-apache-0.20.0-1.mga6
certbot-nginx-0.20.0-1.mga6

Source RPMs: 
python-acme-0.20.0-1.mga6.src.rpm
python-OpenSSL-16.1.0-1.mga6.src.rpm
certbot-0.20.0-1.mga6.src.rpm
certbot-apache-0.20.0-1.mga6.src.rpm
certbot-nginx-0.20.0-1.mga6.src.rpm
Comment 1 Dimitri Jakov 2017-12-12 04:59:44 CET
Reassigning to QA Team

python-acme-0.20.0-1.mga6.src.rpm
python-OpenSSL-16.1.0-1.mga6.src.rpm
certbot-0.20.0-1.mga6.src.rpm
certbot-apache-0.20.0-1.mga6.src.rpm
certbot-nginx-0.20.0-1.mga6.src.rpm

Assignee: bugsquad => qa-bugs

Comment 2 José Jorge 2017-12-18 19:05:25 CET
I have tested this update as I am willing to use certbot, and it failed for me using apache module with a python OSError in augeas. I have updated all mentioned packages but the error is the same.

Here is the error :

sudo  certbot --apache -d mydomain.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
OSError: library not found: 'augeas'
Please see the logfiles in /var/log/letsencrypt for more details.

rpm -qa | grep augeas
augeas-lenses-1.8.0-1.1.mga6
python3-augeas-1.0.2-3.mga6
lib64augeas0-1.8.0-1.1.mga6

CC: (none) => lists.jjorge

José Jorge 2017-12-18 19:06:00 CET

Assignee: qa-bugs => mitya

Comment 3 José Jorge 2017-12-18 22:17:40 CET
(In reply to José Jorge from comment #2)
> I have tested this update as I am willing to use certbot, and it failed for
> me using apache module with a python OSError in augeas. 

This is a python-augeas bug : it needs libaugeas-devel. Sorry for the noise.

Assignee: mitya => qa-bugs
Status: NEW => ASSIGNED

José Jorge 2017-12-18 22:18:02 CET

CC: (none) => mitya

Comment 4 José Jorge 2017-12-18 22:46:58 CET
Tested a certificate creation with Let'sEncrypt, all went ok.

Pkgs installed :

urpmi --searchmedia testing certbot-apache python3-acme python3-OpenSSL

Whiteboard: (none) => MGA6-64-OK

Comment 5 Dimitri Jakov 2017-12-19 01:12:31 CET
José, thanks for testing!

BTW, did you experience the python-augeas bug under Mga6 (stable)? I've failed to reproduce it either on i586 or on x86_64. All the package versions are the same, but libaugeas-devel is not installed, and everything works fine. Here's a short snippet to test it:

[user@localhost ~]$ python3 -c "import augeas; a = augeas.Augeas(); print(a)"
<augeas.Augeas object at 0x7f56b7f29f98>
Comment 6 Dimitri Jakov 2017-12-19 01:15:41 CET
Also you might experience another error from Augeas trying to parse erroneous /etc/httpd/conf/conf.d/security.conf (missing closing quotes). That's not a certbot/augeas bug either; should be fixed with our next Apache update.
Comment 7 José Jorge 2017-12-19 19:01:35 CET
(In reply to Dimitri Jakov from comment #5)
> José, thanks for testing!
> 
> BTW, did you experience the python-augeas bug under Mga6 (stable)? I've
> failed to reproduce it either on i586 or on x86_64. All the package versions
> are the same, but libaugeas-devel is not installed, and everything works
> fine. Here's a short snippet to test it:
> 
> [user@localhost ~]$ python3 -c "import augeas; a = augeas.Augeas(); print(a)"
> <augeas.Augeas object at 0x7f56b7f29f98>

It's strange, I cannot reproduce this bug anymore now....
Comment 8 Herman Viaene 2017-12-23 09:57:01 CET
MGA6-32 on Dell Latitude D600 MATE
No installation issues at first
At CLI:
# certbot certonly -d <mydummydomain>
Saving debug log to /var/log/letsencrypt/letsencrypt.log
An unexpected error occurred:
OSError: library not found: 'augeas'
Please see the logfiles in /var/log/letsencrypt for more details.
Installed libaugeas-devel as indicated above, then

# certbot certonly -d <mydummydomain>
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
-------------------------------------------------------------------------------
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator standalone, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): c
An e-mail address or --register-unsafely-without-email must be provided.

[root@mach6 ~]# certbot certonly --register-unsafely-without-email -d <mydummydomain>
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
-------------------------------------------------------------------------------
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator standalone, Installer None
Registering without email!

-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: A
Obtaining a new certificate
An unexpected error occurred:
The request message was malformed :: Error creating new authz :: Name does not end in a public suffix
Please see the logfiles in /var/log/letsencrypt for more details.

IMPORTANT NOTES:
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

The last response is valid as it is really a dummy domain.
Good enough for me.

Whiteboard: MGA6-64-OK => MGA6-64-OK MGA6-32-OK
CC: (none) => herman.viaene

Comment 9 Lewis Smith 2017-12-25 20:00:06 CET
Advisory from comment 0.
Validating. Thanks to José & Herman for testing this.

Keywords: (none) => advisory, validated_update
CC: (none) => sysadmin-bugs

Comment 10 Mageia Robot 2017-12-28 14:17:54 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGAA-2017-0135.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED

Comment 11 Per Nelvig 2018-11-04 18:01:51 CET
Tried to install certbot ver 0.20.0-1.mga6.noarch  with MCC in mageia 6.  MCC gives the following response:

Sorry, the following package cannot be selected:

- certbot-0.20.0-1.mga6.noarch (due to conflicts with python3-cryptography-2.3.1-1.mga6.x86_64)

Seems the issues with certbot are not resolved yet.

CC: (none) => pernel


Note You need to log in before you can comment on or make changes to this bug.