From 38e84151e04f4b31dd729abb28db4159045bfd41 Mon Sep 17 00:00:00 2001
From: Félix Baylac-Jacqué <felix@alternativebit.fr>
Date: Fri, 18 Oct 2019 19:11:49 +0200
Subject: certbot: 0.31.0 -> 0.39.0

Updating:

- nixos module to use the new `account_reg.json` file.
- use nixpkgs pebble for integration tests.

Co-authored-by: Florian Klink <flokli@flokli.de>

Replace certbot-embedded pebble
---
 nixos/modules/security/acme.nix                    |  4 +--
 ...pebble_artifacts-hardcode-pebble-location.patch | 24 ++++++++++++++
 pkgs/tools/admin/certbot/default.nix               | 38 +++++++++++++++++-----
 3 files changed, 56 insertions(+), 10 deletions(-)
 create mode 100644 pkgs/tools/admin/certbot/0001-pebble_artifacts-hardcode-pebble-location.patch

diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix
index b321c04e574c..e35ea0c7b927 100644
--- a/nixos/modules/security/acme.nix
+++ b/nixos/modules/security/acme.nix
@@ -69,9 +69,9 @@ let
       plugins = mkOption {
         type = types.listOf (types.enum [
           "cert.der" "cert.pem" "chain.pem" "external.sh"
-          "fullchain.pem" "full.pem" "key.der" "key.pem" "account_key.json"
+          "fullchain.pem" "full.pem" "key.der" "key.pem" "account_key.json" "account_reg.json"
         ]);
-        default = [ "fullchain.pem" "full.pem" "key.pem" "account_key.json" ];
+        default = [ "fullchain.pem" "full.pem" "key.pem" "account_key.json" "account_reg.json" ];
         description = ''
           Plugins to enable. With default settings simp_le will
           store public certificate bundle in <filename>fullchain.pem</filename>,
diff --git a/pkgs/tools/admin/certbot/0001-pebble_artifacts-hardcode-pebble-location.patch b/pkgs/tools/admin/certbot/0001-pebble_artifacts-hardcode-pebble-location.patch
new file mode 100644
index 000000000000..33f0cd216c1d
--- /dev/null
+++ b/pkgs/tools/admin/certbot/0001-pebble_artifacts-hardcode-pebble-location.patch
@@ -0,0 +1,24 @@
+From 8ddf2697508eca514a0dde4646ad14ac3ba34b2a Mon Sep 17 00:00:00 2001
+From: Florian Klink <flokli@flokli.de>
+Date: Fri, 18 Oct 2019 16:06:50 +0200
+Subject: [PATCH] pebble_artifacts: hardcode pebble location
+
+---
+ certbot-ci/certbot_integration_tests/utils/pebble_artifacts.py | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/certbot-ci/certbot_integration_tests/utils/pebble_artifacts.py b/certbot-ci/certbot_integration_tests/utils/pebble_artifacts.py
+index 2b1557928..d2603c51a 100644
+--- a/certbot-ci/certbot_integration_tests/utils/pebble_artifacts.py
++++ b/certbot-ci/certbot_integration_tests/utils/pebble_artifacts.py
+@@ -22,6 +22,7 @@ def fetch(workspace):
+ 
+ 
+ def _fetch_asset(asset, suffix):
++    return "@pebble@"
+     asset_path = os.path.join(ASSETS_PATH, '{0}_{1}_{2}'.format(asset, PEBBLE_VERSION, suffix))
+     if not os.path.exists(asset_path):
+         asset_url = ('https://github.com/letsencrypt/pebble/releases/download/{0}/{1}_{2}'
+-- 
+2.23.0
+
diff --git a/pkgs/tools/admin/certbot/default.nix b/pkgs/tools/admin/certbot/default.nix
index 782af149ed6a..3448e3c81831 100644
--- a/pkgs/tools/admin/certbot/default.nix
+++ b/pkgs/tools/admin/certbot/default.nix
@@ -1,21 +1,27 @@
-{ stdenv, python3Packages, fetchFromGitHub, dialog }:
+{ stdenv, python37Packages, fetchFromGitHub, fetchurl, dialog, autoPatchelfHook, nginx, pebble }:
 
-python3Packages.buildPythonApplication rec {
+
+python37Packages.buildPythonApplication rec {
   pname = "certbot";
-  version = "0.31.0";
+  version = "0.39.0";
 
   src = fetchFromGitHub {
     owner = pname;
     repo = pname;
     rev = "v${version}";
-    sha256 = "0rwjxmkpicyc9a5janvj1lfi430nq6ha94nyfgp11ds9fyydbh1s";
+    sha256 = "1s32xg2ljz7ci78wc8rqkjvgrz7vprb7fkznrlf9a4blm55pp54c";
   };
 
-  propagatedBuildInputs = with python3Packages; [
+  patches = [
+    ./0001-pebble_artifacts-hardcode-pebble-location.patch
+  ];
+
+  propagatedBuildInputs = with python37Packages; [
     ConfigArgParse
     acme
     configobj
     cryptography
+    distro
     josepy
     parsedatetime
     psutil
@@ -26,11 +32,19 @@ python3Packages.buildPythonApplication rec {
     zope_component
     zope_interface
   ];
-  buildInputs = [ dialog ] ++ (with python3Packages; [ mock gnureadline ]);
 
-  patchPhase = ''
+  buildInputs = [ dialog ] ++ (with python37Packages; [ mock gnureadline ]);
+
+  checkInputs = with python37Packages; [
+    pytest_xdist
+    pytest
+    dateutil
+  ];
+
+  postPatch = ''
     substituteInPlace certbot/notify.py --replace "/usr/sbin/sendmail" "/run/wrappers/bin/sendmail"
     substituteInPlace certbot/util.py --replace "sw_vers" "/usr/bin/sw_vers"
+    substituteInPlace certbot-ci/certbot_integration_tests/utils/pebble_artifacts.py --replace "@pebble@" "${pebble}/bin/pebble"
   '';
 
   postInstall = ''
@@ -40,7 +54,15 @@ python3Packages.buildPythonApplication rec {
     done
   '';
 
-  doCheck = !stdenv.isDarwin; # On Hydra Darwin tests fail with "Too many open files".
+  # tests currently time out, because they're trying to do network access
+  # Upstream issue: https://github.com/certbot/certbot/issues/7450
+  doCheck = false;
+
+  checkPhase = ''
+    PATH="$out/bin:${nginx}/bin:$PATH" pytest certbot-ci/certbot_integration_tests
+  '';
+
+  dontUseSetuptoolsCheck = true;
 
   meta = with stdenv.lib; {
     homepage = src.meta.homepage;
-- 
cgit 1.4.1