Bug 210617 - security/py-certbot: Refuses to start for wrong required version of acme
Summary: security/py-certbot: Refuses to start for wrong required version of acme
Status: Closed Not A Bug
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: amd64 Any
: --- Affects Some People
Assignee: Kubilay Kocak
URL:
Keywords:
: 210669 (view as bug list)
Depends on:
Blocks:
 
Reported: 2016-06-27 10:30 UTC by Matthias M.
Modified: 2016-06-29 08:40 UTC (History)
3 users (show)

See Also:
koobs: maintainer-feedback+


Attachments
certbot python trace (1.10 KB, text/x-log)
2016-06-27 10:30 UTC, Matthias M.
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias M. 2016-06-27 10:30:51 UTC
Created attachment 171859 [details]
certbot python trace

Hi,

I've changed from py-letsencrypt to py-certbot and today I tried to update my certs but py-certbot refused to start with:

VersionConflict: (acme 0.8.1 (/usr/local/lib/python2.7/site-packages), Requirement.parse('acme==0.2.0.dev0'))

Full trace as attachment.


OS: FreeBSD 10.3-RELEASE-p5 amd64


# pip list
acme (0.8.1)
alabaster (0.7.6)
b3 (1.9.1)
Babel (2.3.4)
cdiff (0.9.8)
certbot (0.8.1)
cffi (1.7.0)
ConfigArgParse (0.10.0)
configobj (5.0.6)
cryptography (1.4)
docutils (0.12)
ecdsa (0.11)
enum34 (1.1.6)
funcsigs (1.0.2)
idna (2.1)
imagesize (0.7.1)
ipaddress (1.0.16)
Jinja2 (2.8)
letsencrypt (0.2.0.dev0)
lxml (3.6.0)
MarkupSafe (0.23)
mercurial (3.8.3)
mock (2.0.0)
MySQL-python (1.2.5)
ndg-httpsclient (0.4.1)
paramiko (2.0.0)
parsedatetime (1.5)
pbr (1.10.0)
Pillow (3.1.1)
pip (8.1.2)
psutil (3.3.0)
pyasn1 (0.1.9)
pycparser (2.14)
pycrypto (2.6.1)
Pygments (2.1.3)
pyOpenSSL (16.0.0)
pyRFC3339 (1.0)
PyStemmer (1.3.0)
python2-pythondialog (3.3.0)
pytz (2016.4)
requests (2.10.0)
setuptools (23.1.0)
simplejson (3.8.2)
six (1.10.0)
snowballstemmer (1.2.0)
Sphinx (1.4.4)
sphinx-rtd-theme (0.1.9)
Tkinter (0.0.0)
virtualenv (14.0.0)
Werkzeug (0.11.10)
zope.component (4.2.2)
zope.event (4.1.0)
zope.interface (4.1.3)
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2016-06-27 11:57:23 UTC
Over to last committer
Comment 2 VK freebsd_triage 2016-06-28 20:17:37 UTC
*** Bug 210669 has been marked as a duplicate of this bug. ***
Comment 3 VK freebsd_triage 2016-06-28 20:21:36 UTC
setup.py is parsing the required acme version from certbot/__init__.py (and with a regex no less which is a wtf in itself). Seems to me a previous version of the file, possibly from py-letsencrypt remained lingering and pkg didn't clobber it?
Comment 4 Bernard Spil freebsd_committer freebsd_triage 2016-06-28 20:26:12 UTC
That is very weird!

py-certbot (and py-letsencrypt before that) has to have the same version as py-acme.

site-packages/certbot-0.8.1-py2.7.egg-info/requires.txt
acme==0.8.1

Can you check that please? Installed port looks OK here.

Hardly likely this comes from old py-letsencrypt, that has been in site-packages/letsencrypt
Comment 5 Bernard Spil freebsd_committer freebsd_triage 2016-06-28 20:27:27 UTC
Contents of certbot/__init__.py

"""Certbot client."""

# version number like 1.2.3a0, must have at least 2 parts, like 1.2
__version__ = '0.8.1'
Comment 6 VK freebsd_triage 2016-06-28 20:50:47 UTC
(In reply to Bernard Spil from comment #4)

I see the same thing (0.8.1 everywhere in the dep chain), but I never had py-letsencrypt installed and I can't attest to what happens during the change. Poudriere build and import test (in python shell from the build jail) passed just fine.

Is Bug #210508 perhaps relevant? The UPDATING entry and process that _should_'ve happened after all?
Comment 7 Kubilay Kocak freebsd_committer freebsd_triage 2016-06-29 04:50:46 UTC
The likely cause is the use of pip to install/upgrade or otherwise manage python packages in the system site-packages location. To that effect, there is a pkg-message warning upon installation of pip about doing this.

The likely root cause is a stale/older version of letsencrypt leftover from a previous port/package install, then subsequently using pip to install or upgrade to a later version.

Removing the old versions of these packages from LOCALBASE/lib/pythonX.Y/site-packages should solve the problem.

Can you please provide (as attachments):

* list (ls -la) of the contents of LOCALBASE/lib/pythonX.Y/site-packages
* pkg version -v output
Comment 8 Matthias M. 2016-06-29 07:53:25 UTC
Hi,

finally have it working like Kubilay said there was a piece of an old letsencrypt version.

find . -name '*acme*'
./certbot/tests/acme_util.py
./certbot/tests/acme_util.pyc
./certbot/tests/acme_util.pyo
./acme
./letsencrypt-0.2.0.dev0-py2.7.egg/letsencrypt/tests/acme_util.py
./letsencrypt-0.2.0.dev0-py2.7.egg/letsencrypt/tests/acme_util.pyc
./acme-0.8.1-py2.7.egg-info

I've removed the whole letsencrypt-0.2.0.dev0-py2.7.egg stuff which did the trick.

Thank you very much for you help. May the bug is invalid even if we may should check for any recently installed versions.