Page MenuHomePhabricator

certcentral is incompatible with the current python3-acme version shipped in stretch-backports
Closed, ResolvedPublic

Description

python3-acme has been upgraded since initial pinning in certcentral:

vgutierrez@certcentral1001:~$ apt-cache policy python3-acme
python3-acme:
  Installed: 0.25.1-1~bpo9+1
  Candidate: 0.28.0-1~bpo9+1
  Version table:
     0.28.0-1~bpo9+1 1001
        100 http://mirrors.wikimedia.org/debian stretch-backports/main amd64 Packages
 *** 0.25.1-1~bpo9+1 100
        100 /var/lib/dpkg/status
     0.10.2-1 500
        500 http://mirrors.wikimedia.org/debian stretch/main amd64 Packages

Running the current tests using acme==0.28.1 triggers the following errors:

(certcentral3) willikins:certcentral vgutierrez$ python -m unittest discover -k ACMEIntegrationTests -s ./tests/
/Users/vgutierrez/.virtualenvs/certcentral3/lib/python3.7/site-packages/urllib3/connectionpool.py:847: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verifi
cation is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
.EEE
======================================================================
ERROR: test_full_workflow_dns_challenge (test_acme_requests.ACMEIntegrationTests)
Expects pebble to be invoked with PEBBLE_VA_ALWAYS_VALID=1
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/Users/vgutierrez/wikimedia.org/operations/software/certcentral/tests/test_acme_requests.py", line 171, in test_full_workflow_dns_challenge
    session = ACMERequests(account)
  File "/Users/vgutierrez/wikimedia.org/operations/software/certcentral/certcentral/acme_requests.py", line 331, in __init__
    if not self._account_is_valid():
  File "/Users/vgutierrez/wikimedia.org/operations/software/certcentral/certcentral/acme_requests.py", line 343, in _account_is_valid
    regr = self.acme_client.update_registration(self.acme_account.regr)
  File "/Users/vgutierrez/.virtualenvs/certcentral3/lib/python3.7/site-packages/acme/client.py", line 621, in update_registration
    new_regr = self._get_v2_account(regr)
  File "/Users/vgutierrez/.virtualenvs/certcentral3/lib/python3.7/site-packages/acme/client.py", line 627, in _get_v2_account
    response = self._post(self.directory['newAccount'], only_existing_reg)
  File "/Users/vgutierrez/.virtualenvs/certcentral3/lib/python3.7/site-packages/acme/client.py", line 94, in _post
    return self.net.post(*args, **kwargs)
  File "/Users/vgutierrez/.virtualenvs/certcentral3/lib/python3.7/site-packages/acme/client.py", line 1130, in post
    return self._post_once(*args, **kwargs)
  File "/Users/vgutierrez/.virtualenvs/certcentral3/lib/python3.7/site-packages/acme/client.py", line 1144, in _post_once
    data = self._wrap_in_jws(obj, self._get_nonce(url, new_nonce_url), url, acme_version)
  File "/Users/vgutierrez/.virtualenvs/certcentral3/lib/python3.7/site-packages/acme/client.py", line 946, in _wrap_in_jws
    jobj = obj.json_dumps(indent=2).encode()
AttributeError: 'NoneType' object has no attribute 'json_dumps'

======================================================================
ERROR: test_full_workflow_ec_certificate (test_acme_requests.ACMEIntegrationTests)
Expects pebble to be invoked with PEBBLE_VA_ALWAYS_VALID=1
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/Users/vgutierrez/wikimedia.org/operations/software/certcentral/tests/test_acme_requests.py", line 252, in test_full_workflow_ec_certificate
    session = ACMERequests(account)
  File "/Users/vgutierrez/wikimedia.org/operations/software/certcentral/certcentral/acme_requests.py", line 331, in __init__
    if not self._account_is_valid():
  File "/Users/vgutierrez/wikimedia.org/operations/software/certcentral/certcentral/acme_requests.py", line 343, in _account_is_valid
    regr = self.acme_client.update_registration(self.acme_account.regr)
  File "/Users/vgutierrez/.virtualenvs/certcentral3/lib/python3.7/site-packages/acme/client.py", line 621, in update_registration
    new_regr = self._get_v2_account(regr)
  File "/Users/vgutierrez/.virtualenvs/certcentral3/lib/python3.7/site-packages/acme/client.py", line 627, in _get_v2_account
    response = self._post(self.directory['newAccount'], only_existing_reg)
  File "/Users/vgutierrez/.virtualenvs/certcentral3/lib/python3.7/site-packages/acme/client.py", line 94, in _post
    return self.net.post(*args, **kwargs)
  File "/Users/vgutierrez/.virtualenvs/certcentral3/lib/python3.7/site-packages/acme/client.py", line 1130, in post
    return self._post_once(*args, **kwargs)
  File "/Users/vgutierrez/.virtualenvs/certcentral3/lib/python3.7/site-packages/acme/client.py", line 1144, in _post_once
    data = self._wrap_in_jws(obj, self._get_nonce(url, new_nonce_url), url, acme_version)
  File "/Users/vgutierrez/.virtualenvs/certcentral3/lib/python3.7/site-packages/acme/client.py", line 946, in _wrap_in_jws
    jobj = obj.json_dumps(indent=2).encode()
AttributeError: 'NoneType' object has no attribute 'json_dumps'

======================================================================
ERROR: test_full_workflow_http_challenge (test_acme_requests.ACMEIntegrationTests)
Expects pebble to be invoked with PEBBLE_VA_ALWAYS_VALID=1
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/Users/vgutierrez/wikimedia.org/operations/software/certcentral/tests/test_acme_requests.py", line 215, in test_full_workflow_http_challenge
    session = ACMERequests(account)
  File "/Users/vgutierrez/wikimedia.org/operations/software/certcentral/certcentral/acme_requests.py", line 331, in __init__
    if not self._account_is_valid():
  File "/Users/vgutierrez/wikimedia.org/operations/software/certcentral/certcentral/acme_requests.py", line 343, in _account_is_valid
    regr = self.acme_client.update_registration(self.acme_account.regr)
  File "/Users/vgutierrez/.virtualenvs/certcentral3/lib/python3.7/site-packages/acme/client.py", line 621, in update_registration
    new_regr = self._get_v2_account(regr)
  File "/Users/vgutierrez/.virtualenvs/certcentral3/lib/python3.7/site-packages/acme/client.py", line 627, in _get_v2_account
    response = self._post(self.directory['newAccount'], only_existing_reg)
  File "/Users/vgutierrez/.virtualenvs/certcentral3/lib/python3.7/site-packages/acme/client.py", line 94, in _post
    return self.net.post(*args, **kwargs)
  File "/Users/vgutierrez/.virtualenvs/certcentral3/lib/python3.7/site-packages/acme/client.py", line 1130, in post
    return self._post_once(*args, **kwargs)
  File "/Users/vgutierrez/.virtualenvs/certcentral3/lib/python3.7/site-packages/acme/client.py", line 1144, in _post_once
    data = self._wrap_in_jws(obj, self._get_nonce(url, new_nonce_url), url, acme_version)
  File "/Users/vgutierrez/.virtualenvs/certcentral3/lib/python3.7/site-packages/acme/client.py", line 946, in _wrap_in_jws
    jobj = obj.json_dumps(indent=2).encode()
AttributeError: 'NoneType' object has no attribute 'json_dumps'

----------------------------------------------------------------------
Ran 4 tests in 1.436s

FAILED (errors=3)

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 15 2019, 2:33 PM

Change 484438 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/software/certcentral@master] certcentral: Bump acme to the latest version shipped in stretch-backports

https://gerrit.wikimedia.org/r/484438

Change 484442 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/software/certcentral@master] certcentral: Bump josepy to the latest version shipped in stretch-bp

https://gerrit.wikimedia.org/r/484442

Change 484438 merged by jenkins-bot:
[operations/software/certcentral@master] certcentral: Bump acme to the latest version shipped in stretch-backports

https://gerrit.wikimedia.org/r/484438

Change 484442 merged by jenkins-bot:
[operations/software/certcentral@master] certcentral: Bump josepy to the latest version shipped in stretch-bp

https://gerrit.wikimedia.org/r/484442

Change 484511 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/software/certcentral@master] Release 0.8

https://gerrit.wikimedia.org/r/484511

@Vgutierrez: this is done now right?

Change 484511 merged by jenkins-bot:
[operations/software/certcentral@master] Release 0.8

https://gerrit.wikimedia.org/r/484511

Change 485008 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/software/certcentral@debian] certcentral: Bump acme to the latest version shipped in stretch-backports

https://gerrit.wikimedia.org/r/485008

Change 485009 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/software/certcentral@debian] certcentral: Bump josepy to the latest version shipped in stretch-bp

https://gerrit.wikimedia.org/r/485009

Change 485011 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/software/certcentral@debian] Release 0.8

https://gerrit.wikimedia.org/r/485011

Change 485008 merged by Vgutierrez:
[operations/software/certcentral@debian] certcentral: Bump acme to the latest version shipped in stretch-backports

https://gerrit.wikimedia.org/r/485008

Change 485009 merged by Vgutierrez:
[operations/software/certcentral@debian] certcentral: Bump josepy to the latest version shipped in stretch-bp

https://gerrit.wikimedia.org/r/485009

Change 485011 merged by Vgutierrez:
[operations/software/certcentral@debian] Release 0.8

https://gerrit.wikimedia.org/r/485011

Change 485014 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/software/certcentral@debian] debian: Add release 0.8 to changelog

https://gerrit.wikimedia.org/r/485014

Change 485017 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/software/certcentral@master] CI: Run tests against py{35,36,37} with min and latest deps

https://gerrit.wikimedia.org/r/485017

@Vgutierrez: this is done now right?

yes, I wanted to merge https://gerrit.wikimedia.org/r/#/c/operations/software/certcentral/+/485017/ to avoid this kind of issue in the future but it's being more troublesome than expected

Krenair closed this task as Resolved.Jan 17 2019, 1:11 PM

Change 485014 merged by jenkins-bot:
[operations/software/certcentral@debian] debian: Add release 0.8 to changelog

https://gerrit.wikimedia.org/r/485014

Stashbot added a subscriber: Stashbot.

Mentioned in SAL (#wikimedia-operations) [2019-02-04T07:56:44Z] <vgutierrez> uploaded certcentral 0.8 to apt.wikimedia.org (stretch) - T209980 T213820 T213301

Change 497715 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/software/acme-chief@master] CI: Run tests with minimum and latest dependencies

https://gerrit.wikimedia.org/r/497715

Change 485017 abandoned by Vgutierrez:
CI: Run tests with minimum and latest dependencies

Reason:
See https://gerrit.wikimedia.org/r/c/operations/software/acme-chief/ /497715

https://gerrit.wikimedia.org/r/485017