Make Certbot runnable on Windows #6296
Conversation
… linux and windows.
|
I just added a prototype of certbot-auto for windows, coded as a batch script. It is a wrapper that:
In theory, a user could clone the certbot repo, and run something like For now, this script installs certbot from the git repo sources as editable through pip for testing purpose. |
|
hi mate https://github.com/ahaw021/CERTBOT-WINDOWS-BUILD/blob/master/WIN-CERTBOT-BUILDER.ps1 this is something i built a while ago to build certbot on windows environments i haven't touched it in a while but more than happy to review :D |
|
Hello @ahaw021, yes I analyzed your script together with the posts you did to integrate I order to make this PR. My approach here is to modify the certbot source code to make it runnable both on Linux and on Windows, in a manner that one can call In your script there is two parts, modifications on code required to avoid exceptions on windows, and the runtime operations needed at the os and python level. For the modifications on the code, I gathered them on a new library in certbot, |
|
yup you are right - i forgot i cheated on removing some of the issues :D good to see you have everything in hand -- let me know if you would like me to test |
|
Definitively I will need your help to test this ^^ First, I have only a Windows 10, but the target for production is very likely to be Windows Server editions. Secondly, I would like to build a plugin for IIS. I know that Microsoft provides a IIS instance for developers on Windows 10, but making certbot production-grade ready for a full fledged IIS running on Windows Server 2012R2 is another story :) |
|
As we are on testing, about continuous integration. So far all tests are passing on Linux (like through Travis CI) as one can see on the PR. It was one of the goal, to keep complete compatibility in Linux. On Windows, launching the unit tests on the core library gives a lot of errors. For what I can see, it is not because of the functionalities themselves, but because of the mocking mechanism which is completely failing. And of course integration tests on Linux apache, nging and so on are irrelevant. So I think that for Windows, we would need a completely new stack for integration tests. |
…s (necessary for symlink creation)
|
OK, here is what I think for a CI stack on Windows. We can create a new Then, the equivalent of Travis CI for Windows is AppVeyor. It allows, in a very similar way, to run builds on a Windows environment (typically 2012 or 2016 Server). It is configured using a yml file located at the root of the project: About the tests themselves, approximately 25% of them are failing for various reasons. It will take a lot of time to correct them. In the mean time, I propose a decorator, I did a start on my forked repo on the branch If it is ok, I will merge |
|
So, about the python compatibility matrix. I will not make compatible certbot with python 2.7. It will require a least python 3.4. On 2.x, I have 40 tests that are failing just because of the lack of support for windows file manipulation, in particular the symbolic links. Adding the support manually seems to be quite impossible, and some proposed patches never reached upstream, as basically python 2.x does not receive developments anymore. And as we can consider certbot on windows as a "new" software, we can follow most of the advices in the community about dropping support for python 2.x. So here it is. For Linux, where Debian still uses a well supported python 2.x version by default, it seems reasonable to ensure the compatibility. But on Windows, python 2.x is quite a mess, and users should be required to run python 3.4 to run correctly certbot. I am preparing the CI for Windows accordingly. |
|
OK @bmw, for me, the PR is now complete. Do not hesitate to ask me if some work still need to be done. Regards, |
…ch to install certbot.
There was a problem hiding this comment.
So, about the python compatibility matrix. I will not make compatible certbot with python 2.7. It will require a least python 3.4.
That's totally fine. We probably will be deprecating Python 2.7 support on UNIX in the near future as well.
I have a few very small changes I'd like to see, but otherwise, this LGTM!
EDIT: I forgot to mention that I opened issues to track the issues we're leaving unresolved for now. They were:
So I wanted to build a python library for Linux and Windows using Certbot, when I discovered that it was compatible only with UNIX-like systems.
@ahaw021 already did a study and local actions to make Certbot runnable on Windows (see this topic) last year, but it did not get to upstream.
This PR is based on his work, and includes other compatibility fixes with the latest certbot version.
So far, here is what I tested, on Windows 10 with Python 3.7:
I will update this PR with more tests and relevant improvements, in particular functionalities mentionned as working by @ahaw021. Do not hesitate to submit use cases to make the compatibility more complete.
Currently, this is the very beginning, with really basic functionalities. In particular, all the logic of certbot-auto should be ported to Windows, certainly as a Batch script.
Available for any discussion, I know this is a long-term work before this PR could be merged.