Giters

certbot / certbot

Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Apache tests crash on Debian unstable

alexzorin opened this issue · comments

commented

Reported by @hlieberman in Mattermost.

Initially I thought this might have something to do with how we replaced distutils.version.LooseVersion with our own implementation.

But, the crash would have happened even if we were still using the distutils module:

>>> version.LooseVersion("bookworm/sid") > version.LooseVersion("9")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/private/tmp/venv/lib/python3.11/site-packages/setuptools/_distutils/version.py", line 84, in __gt__
    c = self._cmp(other)
        ^^^^^^^^^^^^^^^^
  File "/private/tmp/venv/lib/python3.11/site-packages/setuptools/_distutils/version.py", line 352, in _cmp
    if self.version < other.version:
       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: '<' not supported between instances of 'str' and 'int'

The unsafe comparison was introducing in this recent change which was fixing our RHEL9 support:

certbot/certbot-apache/certbot_apache/_internal/override_centos.py

Lines 61 to 62 in c78503f

at_least_v9 = util.parse_loose_version(os_version) >= util.parse_loose_version('9')
return rhel_derived and at_least_v9

We could probably fix this in a simple way by preventing the unsafe comparison to begin with:

diff --git a/certbot-apache/certbot_apache/_internal/override_centos.py b/certbot-apache/certbot_apache/_internal/override_centos.py
index de5c31268..737e6d26d 100644
--- a/certbot-apache/certbot_apache/_internal/override_centos.py
+++ b/certbot-apache/certbot_apache/_internal/override_centos.py
@@ -58,8 +58,7 @@ class CentOSConfigurator(configurator.ApacheConfigurator):
             "rhel", "redhatenterpriseserver", "red hat enterprise linux server",
             "scientific", "scientific linux",
         ]
-        at_least_v9 = util.parse_loose_version(os_version) >= util.parse_loose_version('9')
-        return rhel_derived and at_least_v9
+        return rhel_derived and util.parse_loose_version(os_version) >= util.parse_loose_version('9')

     def _override_cmds(self) -> None:
         super()._override_cmds()

but I wonder if we shouldn't make parse_loose_version return a class instead with a type-safe comparison function on it instead, to prevent this issue recurring in the future. Backwards-compatibility is a pain though.

Also, why didn't mypy save us here 😠 ?

commented

As discussed in Mattermost, the proposed patch above has been included into the python3-certbot-apache release, version 2.0.0-1.

commented

I dug into mypy here and asked about this upstream at python/mypy#14227.