Bug 1795666 - RFE: add python-certbot-apache to EPEL8
Summary: RFE: add python-certbot-apache to EPEL8
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: python-certbot-apache
Version: epel8
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Felix Schwarz
QA Contact: Fedora Extras Quality Assurance
: 1806331 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2020-01-28 15:29 UTC by Till Hofmann
Modified: 2020-04-07 19:51 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2020-04-07 19:51:23 UTC
Type: Bug

Attachments (Terms of Use)

Description Till Hofmann 2020-01-28 15:29:26 UTC
EPEL8 currently provides certbot, but the apache plugin is missing. It would be nice to have python-certbot-apache on EPEL8!

Comment 1 Till Hofmann 2020-01-28 16:00:45 UTC
I tested a local build starting from master:
* I needed to build with `--with python3 --without python2`
* I needed to disable tests

Other than that, the plugin seems to be working fine on CentOS 8.

Comment 2 Brad Warren 2020-02-01 00:34:36 UTC
As an upstream developer on Certbot, I'm happy to help with test failures if someone can provide a log or instructions on how to reproduce them.

Comment 3 Till Hofmann 2020-02-01 07:53:00 UTC
The package is also FTBFS on rawhide, with the same errors:

So to reproduce:
$ fedpkg clone python-certbot-apache
$ cd python-certbot-apache
$ git checkout master
$ fedpkg mockbuild

Comment 4 Felix Schwarz 2020-02-01 23:09:18 UTC
Till - the problem seems to be that I tried to strip down the final certbot rpm size by not shipping the tests. Usually this is a good idea but it seems as if certbot plugins try to import these tests (in my Python projects I often put reusable test code in a "testutils" package). I can revert that change in certbot - but I'll look into the specifics when plugins need to be updated.

Status about plugin updates:
I already contacted Eli about this update scripts and asked if he has plans to do the update for the plugins. I don't want to deviate from his preferred way of handling the updates (so he does not have to do manual cleanups once he takes over again).

However as he seems to be short on time I'm preparing some scripts/tests to update all the plugins. I expect that updating all of them is almost the same amount of work as updating only one. Brad encouraged us to focus on the apache/nginx integration as these are the most popular plugins. If necessary, I'll update these first.

(In general all changes will go to rawhide first and then propagate to the individual branches.)

Comment 5 Felix Schwarz 2020-02-02 06:54:59 UTC
I rebuilt certbot (in rawhide) so it includes "certbot/tests".

Comment 6 Eric Smith 2020-02-03 22:29:06 UTC
I verified that the latest rawhide Certbot package rebuilds and works on CentOS 8.1, and that with that change I can rebuild python-cerbot-apache and it works.

One minor request:
In the certbot spec, please change the line "mv %{SOURCE13} README.fedora" to use cp or install instead of mv, so that it doesn't remove the source file from the SOURCES directory.

Comment 7 Brad Warren 2020-02-03 22:37:58 UTC
Thanks a lot for the help everyone.

To explain what's going on with the tests, since Certbot 1.0 the package has contained two "tests" directories.

One is mixed with the Certbot code under the "certbot" directory (at the same level as files like achallenges.py, crypto_util.py, etc.) and importable with the absolute import "import certbot.tests". These are test utilities used by some of our plugins like Felix described from their own projects. The directory still has the name "tests" for now for backwards compatibility with plugins that used this directory when they also contained Certbot's unit tests.

The second directory is one level higher in the Certbot tarball. This contains all of Certbot's unit tests and is not installed with the Certbot code.

Comment 8 Till Hofmann 2020-02-04 08:42:37 UTC
One idea regarding the tests:
Can't you put them into a separate sub-package? This way, plugins could BR: the test environment, but they wouldn't end up on the users' systems.

Comment 9 Brad Warren 2020-02-04 18:29:51 UTC
We could at the cost of additional complexity both for us upstream and for all distros packaging Certbot. The directory is currently about 156KB which we should be able to easily prune down even more in a new (major) release of Certbot.

If this is something that the long term maintainers of this package would like to see, I'm happy to consider it, but until then I think we'll probably keep things as is for the sake of simplicity.

Comment 10 Felix Schwarz 2020-02-06 22:55:11 UTC
(In reply to Brad Warren from comment #9)
> We could at the cost of additional complexity both for us upstream and for
> all distros packaging Certbot. The directory is currently about 156KB which
> we should be able to easily prune down even more in a new (major) release of
> Certbot.

I don't think you need add additional complexity just for "certbot.tests". Fedora can handle this just fine by adding a "python-certbot-testutils" subpackage as long as nothing besides actual tests requires "certbot.tests".

What is much more annoying to me is the extra dependency on "mock" in setup.py.
- As far as I know with Python 3.3+ "unittest.mock" should be good enough.
- "python3-mock" requires "python3-pbr" in Fedora (which is > 1 MB !)
- Also "pytest" is required at runtime currently.

For EPEL 8 I will probably only remove python3-mock as that package is not available in EPEL8 but it would be nice if you could declare your dependencies more fine-grained. (I'm wondering what Debian does - I don't think they ship a package which these excessive dependencies.)

Comment 11 Brad Warren 2020-02-07 00:00:34 UTC
In code maintained by us, nothing but the tests for Certbot and its plugins use "certbot.tests". We do have "certbot.tests" documented as part of our public API though at https://certbot.eff.org/docs/api/certbot.tests.html which for example allows 3rd party plugins to use this code in their tests like we do in our own plugins. Between this and the size of the directory we're talking about, I'd personally be a little hesitant to create a subpackage for it, but I'm not a Fedora maintainer and if you all think it's the best approach, go for it!

Our dependency on "mock" can be trivially removed by us in a few months when we drop Python 2 support. If it makes things significantly easier on your end, let me know and we can potentially do it before then, but it at least wouldn't be until our next release at the beginning of March.

As for "pytest", it is a test dependency of ours, but we declare it as such and do not import it outside of our tests. I think that may be a problem in the Fedora package.

(Debian includes python3-mock as an unconditional dependency and the "certbot.tests" directory in the installation.)

Comment 12 Felix Schwarz 2020-02-23 21:45:41 UTC
*** Bug 1806331 has been marked as a duplicate of this bug. ***

Comment 13 Fedora Update System 2020-03-03 08:57:53 UTC
FEDORA-EPEL-2020-213d8ca6c9 has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-213d8ca6c9

Comment 14 Felix Schwarz 2020-03-03 09:02:50 UTC
As you noticed I just submitted an EPEL8 update for testing. It should be available in "epel-testing" within the next days ("dnf install --enablerepo=epel-testing python-certbot-apache"). I'd be glad if some users could test this and leave feedback (bodhi preferred but bugzilla helps as well).

Comment 15 Fedora Update System 2020-03-03 20:40:58 UTC
python-certbot-apache-1.2.0-2.el8 has been pushed to the Fedora EPEL 8 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-213d8ca6c9

Comment 16 Fedora Update System 2020-04-06 10:48:20 UTC
FEDORA-EPEL-2020-0473ea9308 has been pushed to the Fedora EPEL 8 stable repository.
If problem still persists, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.