Bug 1409686

Summary: python3 incompatibility with --chain argument patch
Product: [Fedora] Fedora Reporter: Ed Marshall <esm>
Component: acme-tinyAssignee: Stuart D Gathman <stuart>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 25CC: stuart
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: acme-tiny-0.2-1.20170516gitaf025f5.fc26 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-09-06 14:52:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Fixed version of acme-tiny-chain.patch for Python 3 compatibility none

Description Ed Marshall 2017-01-03 01:55:33 UTC 
Created attachment 1236755 [details]
Fixed version of acme-tiny-chain.patch for Python 3 compatibility

The patch adding the --chain argument to acme-tiny doesn't work properly with the version of Python 3 shipped with Fedora 25. While it doesn't throw an error, it doesn't actually download and append the intermediate chain to the freshly-renewed cert.

Tested with:
acme-tiny-0.1-10.20160810git5a7b4e7.fc25.noarch
python3-3.5.2-4.fc25.x86_64

The problem is with the use of headers.getallmatchingheaders, which hasn't worked properly in Python 3 since, well, 3.0, as far as I can tell. There's more backstory here:

https://bugs.python.org/issue13425

I've attached a modified version of acme-tiny-chain.patch that corrects the problem; let me know if you need anything else!
Comment 1 Ed Marshall 2017-01-03 01:59:11 UTC 
Sorry, bad paste: while that python bug is applicable, a better one to see is probably https://bugs.python.org/issue5053
Comment 2 Stuart D Gathman 2017-01-03 03:32:47 UTC 
Heh.  Heh.  From the python bug:

option 4) Replace the body of getallmatchingheaders() with return [], as that is what it does now, and deprecate it.

Gotta love "document the bug but don't fix it in case something depends on it".

I've applied your fix, and will look at doing something about other issues for release 11, at least bz#1409345 needs fixing.
Comment 3 Fedora Update System 2017-07-07 01:48:54 UTC 
acme-tiny-0.2-1.20170516gitaf025f5.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-5773468f36
Comment 4 Fedora Update System 2017-07-09 02:53:18 UTC 
acme-tiny-0.2-1.20170516gitaf025f5.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-5773468f36
Comment 5 Fedora Update System 2017-09-06 14:52:13 UTC 
acme-tiny-0.2-1.20170516gitaf025f5.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.