Bug 233909 - security/py-certbot: Incorrect config file path since update to 0.29.1
Summary: security/py-certbot: Incorrect config file path since update to 0.29.1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Matthew Seaman
Depends on:
Reported: 2018-12-10 15:38 UTC by Matthew Seaman
Modified: 2018-12-14 09:19 UTC (History)
4 users (show)

See Also:
koobs: maintainer-feedback+

Fix setting FreeBSD specific paths (2.91 KB, patch)
2018-12-10 22:40 UTC, Matthew Seaman
no flags Details | Diff
Fix setting FreeBSD specific paths (2.94 KB, patch)
2018-12-11 10:29 UTC, Matthew Seaman
no flags Details | Diff
Fix setting FreeBSD specific paths (2.95 KB, patch)
2018-12-11 15:21 UTC, Matthew Seaman
koobs: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Matthew Seaman freebsd_committer 2018-12-10 15:38:18 UTC
On 10/12/2018 14:54, Kubilay Kocak wrote:
> On 11/12/2018 1:43 am, Matthew Seaman wrote:
>> On 10/12/2018 14:10, Paul Macdonald via freebsd-ports wrote:
>>> On 10/12/2018 13:15, Paul Macdonald via freebsd-questions wrote:
>>>> Is anyone else seeing py-certbot having lost all installed certs, and the initial registation data?
>>>> There was an update on the 7th
>>>> Upgrade of py27-certbot-0.28.0_1,1 to py27-certbot-0.29.1_1,1
>>>> and on 3 boxes tested so far, which all had certs, i now see no certs listed and a request to redo the initial registation on attempts to install a new cert.
>>>> i don't see any issues upstream here: https://github.com/letsencrypt/boulder/issues/ so not sure if this is FBSD thing or not.
>>>> Paul.
>>> passing --config-dir /usr/local/etc/letsencrypt shows expected output, i suspect something has happend with that flag on the upgrade ( i see /etc/letsencrypt directories on affected servers)
>> This upstream commit:
>> https://github.com/certbot/certbot/commit/a23d76beb0e2c9539670766045314a5d50f582a2#diff-64ccdc74e8a07f9b039a6254093f1d0d
>> breaks the post-patch target in the security/certbot port Makefile:
>> post-patch:
>>          @${REINPLACE_CMD} \
>>                  -e 's|/etc/|${LOCALBASE}/etc/|' \
>>                  -e 's|/var/lib|/var/db|' \
>>                  ${WRKSRC}/${PORTNAME}/constants.py
>> Looks like the REINPLACE_CMD should be applied to ${WRKSRC}/${PORTNAME}/compat.py now.
>> Or compat.py should be patched to grok FREEBSD_DEFAULT_FOLDERS
>>      Cheers,
>>      Matthew
> Nice find Matthew.
> Prefer the latter (and sent upstream). Can one of you create a bugzilla issue for this and cc me please.
> If you'd like to give a representative/attempted patch a go, please do.
> ./koobs
Comment 1 Vick Khera 2018-12-10 21:01:25 UTC
My hack-around was to symlink /etc/letsencrypt to point to /usr/local/etc/letsencrypt.

Once this is fixed, anyone who configured it during this time will have to move their configs to /usr/local/etc.
Comment 2 Matthew Seaman freebsd_committer 2018-12-10 22:40:57 UTC
Created attachment 200016 [details]
Fix setting FreeBSD specific paths

Needs testing.  I'll be running this patch for my usual LetsEncrypt periodic jobs overnight.
Comment 3 Matthew Seaman freebsd_committer 2018-12-10 22:43:04 UTC
Patches updated by `make makepatch`

Needs testing.

I'll be running this for my overnight periodic jobs tonight.
Comment 4 Kubilay Kocak freebsd_committer freebsd_triage 2018-12-11 03:28:23 UTC
@Matthew Thanks for the patch

Longer term we might want to ship a default cli.ini
Comment 5 Matthew Seaman freebsd_committer 2018-12-11 07:27:09 UTC
Hmmm... I should add DragonFLY support too.  What does sys.platform look like on DFLY?
Comment 6 Kubilay Kocak freebsd_committer freebsd_triage 2018-12-11 09:34:37 UTC
While I'm -0 on supporting other OS's within FreeBSD ports, it appears [1][2] the value starts with dragonfly.

See Also: https://docs.python.org/2/library/sys.html#sys.platform 

In particular:

For most Unix systems, this is the lowercased OS name as returned by uname -s with the first part of the version as returned by uname -r appended, e.g. 'sunos5', at the time when Python was built

[1] https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1707
[2] google: sys.platform.startswith("dragonfly"):
Comment 7 Matthew Seaman freebsd_committer 2018-12-11 10:29:24 UTC
Created attachment 200033 [details]
Fix setting FreeBSD specific paths

Add DFLY support too
Comment 8 Yasuhiro Kimura freebsd_committer 2018-12-11 14:33:58 UTC
(In reply to Matthew Seaman from comment #7)

Hello Matthew,

Index: files/patch-certbot_compat.py
--- files/patch-certbot_compat.py	(nonexistent)
+++ files/patch-certbot_compat.py	(working copy)
@@ -0,0 +1,32 @@
+--- certbot/compat.py.orig	2018-12-05 23:47:58 UTC
++++ certbot/compat.py
+@@ -183,6 +183,11 @@ LINUX_DEFAULT_FOLDERS = {
+     'work': '/var/lib/letsencrypt',
+     'logs': '/var/log/letsencrypt',
+ }
++    'config': '%%LOCALBASE%%/letsencrypt',

This should be '%%LOCALBASE%%/etc/letsencrypt'.
Comment 9 Matthew Seaman freebsd_committer 2018-12-11 15:20:05 UTC
(In reply to Yasuhiro KIMURA from comment #8)

Good catch.  Thanks.
Comment 10 Matthew Seaman freebsd_committer 2018-12-11 15:21:14 UTC
Created attachment 200041 [details]
Fix setting FreeBSD specific paths
Comment 11 Matthew Seaman freebsd_committer 2018-12-14 07:32:29 UTC
This is working fine for me, and I've had reports of success from other users.  Can I get approval from python@ to commit?
Comment 12 Kubilay Kocak freebsd_committer freebsd_triage 2018-12-14 07:42:47 UTC
Comment on attachment 200041 [details]
Fix setting FreeBSD specific paths

Approved by: koobs (python)

@Matthew could you please add a comment to the patch header pointing to this bug, like:

# Incorrect config file path since update to 0.29.1
# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233909
# TODO: Upstream
Comment 13 commit-hook freebsd_committer 2018-12-14 09:18:37 UTC
A commit references this bug:

Author: matthew
Date: Fri Dec 14 09:18:34 UTC 2018
New revision: 487414
URL: https://svnweb.freebsd.org/changeset/ports/487414

  Fix setting FreeBSD specific paths since upstream change


  as part of the update to 0.29.1

  PR:		233909
  Reported by:	Paul Macdonald
  Approved by:	koobs (python)

Comment 14 Matthew Seaman freebsd_committer 2018-12-14 09:19:19 UTC