Merge pull request #71291 from NinjaTrappeur/nin-update-acme

simp_le: 0.9.0 -> 0.16.0

6 files changed, 119 insertions, 12 deletions

diff --git a/pkgs/tools/admin/boulder/default.nix b/pkgs/tools/admin/boulder/default.nix
new file mode 100644
index 00000000000..a21a3ebdde1
--- /dev/null
+++ b/pkgs/tools/admin/boulder/default.nix
@@ -0,0 +1,33 @@
+{ buildGoPackage
+, libtool
+, fetchFromGitHub
+, lib
+}:
+
+let
+  version = "release-2019-10-13";
+
+in buildGoPackage {
+
+  pname = "boulder";
+  inherit version;
+
+  goPackagePath = "github.com/letsencrypt/boulder";
+
+  buildInputs = [ libtool ];
+
+  src = fetchFromGitHub {
+    owner = "letsencrypt";
+    repo = "boulder";
+    rev = version;
+    sha256 = "0kis23dnjja6jp192rjpv2m9m2zmzfwhs93440nxg354k6fp8jdg";
+  };
+
+  meta = {
+    homepage = "https://github.com/letsencrypt/boulder";
+    description = "An ACME-based CA, written in Go";
+    license = [ lib.licenses.mpl20 ];
+    maintainers = [ ];
+  };
+
+}
diff --git a/pkgs/tools/admin/certbot/0001-pebble_artifacts-hardcode-pebble-location.patch b/pkgs/tools/admin/certbot/0001-pebble_artifacts-hardcode-pebble-location.patch
new file mode 100644
index 00000000000..33f0cd216c1
--- /dev/null
+++ b/pkgs/tools/admin/certbot/0001-pebble_artifacts-hardcode-pebble-location.patch
@@ -0,0 +1,24 @@
+From 8ddf2697508eca514a0dde4646ad14ac3ba34b2a Mon Sep 17 00:00:00 2001
+From: Florian Klink <flokli@flokli.de>
+Date: Fri, 18 Oct 2019 16:06:50 +0200
+Subject: [PATCH] pebble_artifacts: hardcode pebble location
+
+---
+ certbot-ci/certbot_integration_tests/utils/pebble_artifacts.py | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/certbot-ci/certbot_integration_tests/utils/pebble_artifacts.py b/certbot-ci/certbot_integration_tests/utils/pebble_artifacts.py
+index 2b1557928..d2603c51a 100644
+--- a/certbot-ci/certbot_integration_tests/utils/pebble_artifacts.py
++++ b/certbot-ci/certbot_integration_tests/utils/pebble_artifacts.py
+@@ -22,6 +22,7 @@ def fetch(workspace):
+ 
+ 
+ def _fetch_asset(asset, suffix):
++    return "@pebble@"
+     asset_path = os.path.join(ASSETS_PATH, '{0}_{1}_{2}'.format(asset, PEBBLE_VERSION, suffix))
+     if not os.path.exists(asset_path):
+         asset_url = ('https://github.com/letsencrypt/pebble/releases/download/{0}/{1}_{2}'
+-- 
+2.23.0
+
diff --git a/pkgs/tools/admin/certbot/default.nix b/pkgs/tools/admin/certbot/default.nix
index 782af149ed6..3448e3c8183 100644
--- a/pkgs/tools/admin/certbot/default.nix
+++ b/pkgs/tools/admin/certbot/default.nix
@@ -1,21 +1,27 @@
-{ stdenv, python3Packages, fetchFromGitHub, dialog }:
+{ stdenv, python37Packages, fetchFromGitHub, fetchurl, dialog, autoPatchelfHook, nginx, pebble }:
 
-python3Packages.buildPythonApplication rec {
+
+python37Packages.buildPythonApplication rec {
   pname = "certbot";
-  version = "0.31.0";
+  version = "0.39.0";
 
   src = fetchFromGitHub {
     owner = pname;
     repo = pname;
     rev = "v${version}";
-    sha256 = "0rwjxmkpicyc9a5janvj1lfi430nq6ha94nyfgp11ds9fyydbh1s";
+    sha256 = "1s32xg2ljz7ci78wc8rqkjvgrz7vprb7fkznrlf9a4blm55pp54c";
   };
 
-  propagatedBuildInputs = with python3Packages; [
+  patches = [
+    ./0001-pebble_artifacts-hardcode-pebble-location.patch
+  ];
+
+  propagatedBuildInputs = with python37Packages; [
     ConfigArgParse
     acme
     configobj
     cryptography
+    distro
     josepy
     parsedatetime
     psutil
@@ -26,11 +32,19 @@ python3Packages.buildPythonApplication rec {
     zope_component
     zope_interface
   ];
-  buildInputs = [ dialog ] ++ (with python3Packages; [ mock gnureadline ]);
 
-  patchPhase = ''
+  buildInputs = [ dialog ] ++ (with python37Packages; [ mock gnureadline ]);
+
+  checkInputs = with python37Packages; [
+    pytest_xdist
+    pytest
+    dateutil
+  ];
+
+  postPatch = ''
     substituteInPlace certbot/notify.py --replace "/usr/sbin/sendmail" "/run/wrappers/bin/sendmail"
     substituteInPlace certbot/util.py --replace "sw_vers" "/usr/bin/sw_vers"
+    substituteInPlace certbot-ci/certbot_integration_tests/utils/pebble_artifacts.py --replace "@pebble@" "${pebble}/bin/pebble"
   '';
 
   postInstall = ''
@@ -40,7 +54,15 @@ python3Packages.buildPythonApplication rec {
     done
   '';
 
-  doCheck = !stdenv.isDarwin; # On Hydra Darwin tests fail with "Too many open files".
+  # tests currently time out, because they're trying to do network access
+  # Upstream issue: https://github.com/certbot/certbot/issues/7450
+  doCheck = false;
+
+  checkPhase = ''
+    PATH="$out/bin:${nginx}/bin:$PATH" pytest certbot-ci/certbot_integration_tests
+  '';
+
+  dontUseSetuptoolsCheck = true;
 
   meta = with stdenv.lib; {
     homepage = src.meta.homepage;
diff --git a/pkgs/tools/admin/pebble/default.nix b/pkgs/tools/admin/pebble/default.nix
new file mode 100644
index 00000000000..5aa220fd89e
--- /dev/null
+++ b/pkgs/tools/admin/pebble/default.nix
@@ -0,0 +1,26 @@
+{ buildGoPackage
+, fetchFromGitHub
+, lib
+}:
+
+let
+  version = "v2.2.2";
+  pname = "pebble";
+in buildGoPackage {
+  inherit pname version;
+  goPackagePath = "github.com/letsencrypt/${pname}";
+
+  src = fetchFromGitHub {
+    owner = "letsencrypt";
+    repo = pname;
+    rev = version;
+    sha256 = "10g6ivdxxp3632wk0gvmp75v9x668kchhmlczbsq8qnsc8sb8pwf";
+  };
+
+  meta = {
+    homepage = "https://github.com/letsencrypt/boulder";
+    description = "A miniature version of Boulder, Pebble is a small RFC 8555 ACME test server not suited for a production CA";
+    license = [ lib.licenses.mpl20 ];
+    maintainers = [ ];
+  };
+}
diff --git a/pkgs/tools/admin/simp_le/default.nix b/pkgs/tools/admin/simp_le/default.nix
index f5be7719d0d..37f627a18f5 100644
--- a/pkgs/tools/admin/simp_le/default.nix
+++ b/pkgs/tools/admin/simp_le/default.nix
@@ -2,16 +2,14 @@
 
 python3Packages.buildPythonApplication rec {
   pname = "simp_le-client";
-  version = "0.9.0";
+  version = "0.16.0";
 
   src = python3Packages.fetchPypi {
     inherit pname version;
-    sha256 = "1yxfznd78zkg2f657v520zj5w4dvq5n594d0kpm4lra8xnpg4zcv";
+    sha256 = "17azqlb1xsnh9p0m75apb19j7pramgj00cf5k6fwzz2zqz0x0hpp";
   };
 
   postPatch = ''
-    # drop upper bound of acme requirement
-    sed -ri "s/'(acme>=[^,]+),<[^']+'/'\1'/" setup.py
     # drop upper bound of idna requirement
     sed -ri "s/'(idna)<[^']+'/'\1'/" setup.py
     substituteInPlace simp_le.py \
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 91ac481809b..2a7f23d2fd2 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -767,6 +767,8 @@ in
 
   bonfire = callPackage ../tools/misc/bonfire { };
 
+  boulder = callPackage ../tools/admin/boulder { };
+
   buildbot = with python3Packages; toPythonApplication buildbot;
   buildbot-ui = with python3Packages; toPythonApplication buildbot-ui;
   buildbot-full = with python3Packages; toPythonApplication buildbot-full;
@@ -939,6 +941,8 @@ in
 
   m-cli = callPackage ../os-specific/darwin/m-cli { };
 
+  pebble = callPackage ../tools/admin/pebble { };
+
   reattach-to-user-namespace = callPackage ../os-specific/darwin/reattach-to-user-namespace {};
 
   skhd = callPackage ../os-specific/darwin/skhd {