Undo certbot-auto changes and remove centos6 tests

* Don't deprecate certbot-auto quite yet

* Remove centos6 test farm tests

* undo changes to test farm test scripts

letsencrypt-auto-source/letsencrypt-auto

@@ -794,8 +794,110 @@ BootstrapMageiaCommon() {
 }
 
 
-# Certbot-auto is now fully deprecated
-DEPRECATED_OS=1
+# Set Bootstrap to the function that installs OS dependencies on this system
+# and BOOTSTRAP_VERSION to the unique identifier for the current version of
+# that function. If Bootstrap is set to a function that doesn't install any
+# packages BOOTSTRAP_VERSION is not set.
+if [ -f /etc/debian_version ]; then
+  DEPRECATED_OS=1
+elif [ -f /etc/mageia-release ]; then
+  # Mageia has both /etc/mageia-release and /etc/redhat-release
+  DEPRECATED_OS=1
+elif [ -f /etc/redhat-release ]; then
+  # Run DeterminePythonVersion to decide on the basis of available Python versions
+  # whether to use 2.x or 3.x on RedHat-like systems.
+  # Then, revert LE_PYTHON to its previous state.
+  prev_le_python="$LE_PYTHON"
+  unset LE_PYTHON
+  DeterminePythonVersion "NOCRASH"
+
+  RPM_DIST_NAME=`(. /etc/os-release 2> /dev/null && echo $ID) || echo "unknown"`
+
+  if [ "$PYVER" -eq 26 -a $(uname -m) != 'x86_64' ]; then
+    # 32 bits CentOS 6 and affiliates are not supported anymore by certbot-auto.
+    DEPRECATED_OS=1
+  fi
+
+  # Set RPM_DIST_VERSION to VERSION_ID from /etc/os-release after splitting on
+  # '.' characters (e.g. "8.0" becomes "8"). If the command exits with an
+  # error, RPM_DIST_VERSION is set to "unknown".
+  RPM_DIST_VERSION=$( (. /etc/os-release 2> /dev/null && echo "$VERSION_ID") | cut -d '.' -f1 || echo "unknown")
+
+  # If RPM_DIST_VERSION is an empty string or it contains any nonnumeric
+  # characters, the value is unexpected so we set RPM_DIST_VERSION to 0.
+  if [ -z "$RPM_DIST_VERSION" ] || [ -n "$(echo "$RPM_DIST_VERSION" | tr -d '[0-9]')" ]; then
+     RPM_DIST_VERSION=0
+  fi
+
+  # Handle legacy RPM distributions
+  if [ "$PYVER" -eq 26 ]; then
+    # Check if an automated bootstrap can be achieved on this system.
+    if ! Python36SclIsAvailable; then
+      INTERACTIVE_BOOTSTRAP=1
+    fi
+
+    Bootstrap() {
+      BootstrapMessage "Legacy RedHat-based OSes that will use Python3"
+      BootstrapRpmPython3Legacy
+    }
+    USE_PYTHON_3=1
+    BOOTSTRAP_VERSION="BootstrapRpmPython3Legacy $BOOTSTRAP_RPM_PYTHON3_LEGACY_VERSION"
+
+    # Try now to enable SCL rh-python36 for systems already bootstrapped
+    # NB: EnablePython36SCL has been defined along with BootstrapRpmPython3Legacy in certbot-auto
+    EnablePython36SCL
+  else
+    # Starting to Fedora 29, python2 is on a deprecation path. Let's move to python3 then.
+    # RHEL 8 also uses python3 by default.
+    if [ "$RPM_DIST_NAME" = "fedora" -a "$RPM_DIST_VERSION" -ge 29 ]; then
+      RPM_USE_PYTHON_3=1
+    elif [ "$RPM_DIST_NAME" = "rhel" -a "$RPM_DIST_VERSION" -ge 8 ]; then
+      RPM_USE_PYTHON_3=1
+    elif [ "$RPM_DIST_NAME" = "centos" -a "$RPM_DIST_VERSION" -ge 8 ]; then
+      RPM_USE_PYTHON_3=1
+    else
+      RPM_USE_PYTHON_3=0
+    fi
+
+    if [ "$RPM_USE_PYTHON_3" = 1 ]; then
+      Bootstrap() {
+        BootstrapMessage "RedHat-based OSes that will use Python3"
+        BootstrapRpmPython3
+      }
+      USE_PYTHON_3=1
+      BOOTSTRAP_VERSION="BootstrapRpmPython3 $BOOTSTRAP_RPM_PYTHON3_VERSION"
+    else
+      Bootstrap() {
+        BootstrapMessage "RedHat-based OSes"
+        BootstrapRpmCommon
+      }
+      BOOTSTRAP_VERSION="BootstrapRpmCommon $BOOTSTRAP_RPM_COMMON_VERSION"
+    fi
+  fi
+
+  LE_PYTHON="$prev_le_python"
+elif [ -f /etc/os-release ] && `grep -q openSUSE /etc/os-release` ; then
+  DEPRECATED_OS=1
+elif [ -f /etc/arch-release ]; then
+  DEPRECATED_OS=1
+elif [ -f /etc/manjaro-release ]; then
+  DEPRECATED_OS=1
+elif [ -f /etc/gentoo-release ]; then
+  DEPRECATED_OS=1
+elif uname | grep -iq FreeBSD ; then
+  DEPRECATED_OS=1
+elif uname | grep -iq Darwin ; then
+  DEPRECATED_OS=1
+elif [ -f /etc/issue ] && grep -iq "Amazon Linux" /etc/issue ; then
+  Bootstrap() {
+    ExperimentalBootstrap "Amazon Linux" BootstrapRpmCommon
+  }
+  BOOTSTRAP_VERSION="BootstrapRpmCommon $BOOTSTRAP_RPM_COMMON_VERSION"
+elif [ -f /etc/product ] && grep -q "Joyent Instance" /etc/product ; then
+  DEPRECATED_OS=1
+else
+  DEPRECATED_OS=1
+fi
 
 # We handle this case after determining the normal bootstrap version to allow
 # variables like USE_PYTHON_3 to be properly set. As described above, if the

letsencrypt-auto-source/letsencrypt-auto.template

@@ -316,8 +316,110 @@ DeterminePythonVersion() {
 {{ bootstrappers/smartos.sh }}
 {{ bootstrappers/mageia_common.sh }}
 
-# Certbot-auto is now fully deprecated
-DEPRECATED_OS=1
+# Set Bootstrap to the function that installs OS dependencies on this system
+# and BOOTSTRAP_VERSION to the unique identifier for the current version of
+# that function. If Bootstrap is set to a function that doesn't install any
+# packages BOOTSTRAP_VERSION is not set.
+if [ -f /etc/debian_version ]; then
+  DEPRECATED_OS=1
+elif [ -f /etc/mageia-release ]; then
+  # Mageia has both /etc/mageia-release and /etc/redhat-release
+  DEPRECATED_OS=1
+elif [ -f /etc/redhat-release ]; then
+  # Run DeterminePythonVersion to decide on the basis of available Python versions
+  # whether to use 2.x or 3.x on RedHat-like systems.
+  # Then, revert LE_PYTHON to its previous state.
+  prev_le_python="$LE_PYTHON"
+  unset LE_PYTHON
+  DeterminePythonVersion "NOCRASH"
+
+  RPM_DIST_NAME=`(. /etc/os-release 2> /dev/null && echo $ID) || echo "unknown"`
+
+  if [ "$PYVER" -eq 26 -a $(uname -m) != 'x86_64' ]; then
+    # 32 bits CentOS 6 and affiliates are not supported anymore by certbot-auto.
+    DEPRECATED_OS=1
+  fi
+
+  # Set RPM_DIST_VERSION to VERSION_ID from /etc/os-release after splitting on
+  # '.' characters (e.g. "8.0" becomes "8"). If the command exits with an
+  # error, RPM_DIST_VERSION is set to "unknown".
+  RPM_DIST_VERSION=$( (. /etc/os-release 2> /dev/null && echo "$VERSION_ID") | cut -d '.' -f1 || echo "unknown")
+
+  # If RPM_DIST_VERSION is an empty string or it contains any nonnumeric
+  # characters, the value is unexpected so we set RPM_DIST_VERSION to 0.
+  if [ -z "$RPM_DIST_VERSION" ] || [ -n "$(echo "$RPM_DIST_VERSION" | tr -d '[0-9]')" ]; then
+     RPM_DIST_VERSION=0
+  fi
+
+  # Handle legacy RPM distributions
+  if [ "$PYVER" -eq 26 ]; then
+    # Check if an automated bootstrap can be achieved on this system.
+    if ! Python36SclIsAvailable; then
+      INTERACTIVE_BOOTSTRAP=1
+    fi
+
+    Bootstrap() {
+      BootstrapMessage "Legacy RedHat-based OSes that will use Python3"
+      BootstrapRpmPython3Legacy
+    }
+    USE_PYTHON_3=1
+    BOOTSTRAP_VERSION="BootstrapRpmPython3Legacy $BOOTSTRAP_RPM_PYTHON3_LEGACY_VERSION"
+
+    # Try now to enable SCL rh-python36 for systems already bootstrapped
+    # NB: EnablePython36SCL has been defined along with BootstrapRpmPython3Legacy in certbot-auto
+    EnablePython36SCL
+  else
+    # Starting to Fedora 29, python2 is on a deprecation path. Let's move to python3 then.
+    # RHEL 8 also uses python3 by default.
+    if [ "$RPM_DIST_NAME" = "fedora" -a "$RPM_DIST_VERSION" -ge 29 ]; then
+      RPM_USE_PYTHON_3=1
+    elif [ "$RPM_DIST_NAME" = "rhel" -a "$RPM_DIST_VERSION" -ge 8 ]; then
+      RPM_USE_PYTHON_3=1
+    elif [ "$RPM_DIST_NAME" = "centos" -a "$RPM_DIST_VERSION" -ge 8 ]; then
+      RPM_USE_PYTHON_3=1
+    else
+      RPM_USE_PYTHON_3=0
+    fi
+
+    if [ "$RPM_USE_PYTHON_3" = 1 ]; then
+      Bootstrap() {
+        BootstrapMessage "RedHat-based OSes that will use Python3"
+        BootstrapRpmPython3
+      }
+      USE_PYTHON_3=1
+      BOOTSTRAP_VERSION="BootstrapRpmPython3 $BOOTSTRAP_RPM_PYTHON3_VERSION"
+    else
+      Bootstrap() {
+        BootstrapMessage "RedHat-based OSes"
+        BootstrapRpmCommon
+      }
+      BOOTSTRAP_VERSION="BootstrapRpmCommon $BOOTSTRAP_RPM_COMMON_VERSION"
+    fi
+  fi
+
+  LE_PYTHON="$prev_le_python"
+elif [ -f /etc/os-release ] && `grep -q openSUSE /etc/os-release` ; then
+  DEPRECATED_OS=1
+elif [ -f /etc/arch-release ]; then
+  DEPRECATED_OS=1
+elif [ -f /etc/manjaro-release ]; then
+  DEPRECATED_OS=1
+elif [ -f /etc/gentoo-release ]; then
+  DEPRECATED_OS=1
+elif uname | grep -iq FreeBSD ; then
+  DEPRECATED_OS=1
+elif uname | grep -iq Darwin ; then
+  DEPRECATED_OS=1
+elif [ -f /etc/issue ] && grep -iq "Amazon Linux" /etc/issue ; then
+  Bootstrap() {
+    ExperimentalBootstrap "Amazon Linux" BootstrapRpmCommon
+  }
+  BOOTSTRAP_VERSION="BootstrapRpmCommon $BOOTSTRAP_RPM_COMMON_VERSION"
+elif [ -f /etc/product ] && grep -q "Joyent Instance" /etc/product ; then
+  DEPRECATED_OS=1
+else
+  DEPRECATED_OS=1
+fi
 
 # We handle this case after determining the normal bootstrap version to allow
 # variables like USE_PYTHON_3 to be properly set. As described above, if the

tests/letstest/auto_targets.yaml

@@ -56,17 +56,6 @@ targets:
     type: centos
     virt: hvm
     user: centos
-  # centos6 requires EPEL repo added
-  - ami: ami-1585c46a
-    name: centos6
-    type: centos
-    virt: hvm
-    user: centos
-    userdata: |
-      #cloud-config
-      runcmd:
-        - yum install -y epel-release
-        - iptables -F
   - ami: ami-01ca03df4a6012157
     name: centos8
     type: centos

tests/letstest/scripts/test_leauto_upgrades.sh

@@ -105,10 +105,15 @@ if ./letsencrypt-auto -v --debug --version | grep "WARNING: couldn't find Python
     exit 1
 fi
 
-# Since certbot-auto is deprecated, we expect it to leave existing Certbot
-# installations unmodified so we check for the same version that was initially
-# installed below.
-EXPECTED_VERSION="$INITIAL_VERSION"
+# On systems like Debian where certbot-auto is deprecated, we expect it to
+# leave existing Certbot installations unmodified so we check for the same
+# version that was initially installed below.  Once certbot-auto is deprecated
+# on RHEL systems, we can unconditionally check for INITIAL_VERSION.
+if [ -f /etc/debian_version ]; then
+    EXPECTED_VERSION="$INITIAL_VERSION"
+else
+    EXPECTED_VERSION=$(grep -m1 LE_AUTO_VERSION certbot-auto | cut -d\" -f2)
+fi
 
 if ! /opt/eff.org/certbot/venv/bin/letsencrypt --version 2>&1 | tail -n1 | grep "^certbot $EXPECTED_VERSION$" ; then
     echo unexpected certbot version found
@@ -119,3 +124,22 @@ if ! diff letsencrypt-auto letsencrypt-auto-source/letsencrypt-auto ; then
     echo letsencrypt-auto and letsencrypt-auto-source/letsencrypt-auto differ
     exit 1
 fi
+
+if [ "$RUN_RHEL6_TESTS" = 1 ]; then
+    # Add the SCL python release to PATH in order to resolve python3 command
+    PATH="/opt/rh/rh-python36/root/usr/bin:$PATH"
+    if ! command -v python3; then
+        echo "Python3 wasn't properly installed"
+        exit 1
+    fi
+    if [ "$(/opt/eff.org/certbot/venv/bin/python -V 2>&1 | cut -d" " -f 2 | cut -d. -f1)" != 3 ]; then
+        echo "Python3 wasn't used in venv!"
+        exit 1
+    fi
+
+    if [ "$("$PYTHON_NAME" tools/readlink.py $OLD_VENV_PATH)" != "/opt/eff.org/certbot/venv" ]; then
+        echo symlink from old venv path not properly created!
+        exit 1
+    fi
+fi
+echo upgrade appeared to be successful

tests/letstest/scripts/test_letsencrypt_auto_certonly_standalone.sh

@@ -16,14 +16,58 @@ sudo chown root "$LE_AUTO_PATH"
 sudo chmod 0755 "$LE_AUTO_PATH"
 export PATH="$LE_AUTO_DIR:$PATH"
 
-# Since certbot-auto is deprecated, we expect certbot-auto to error and
-# refuse to install Certbot.
-set +o pipefail
-if ! letsencrypt-auto --debug --version | grep "Certbot cannot be installed."; then
-    echo "letsencrypt-auto didn't report being uninstallable."
+# On systems like Debian where certbot-auto is deprecated, we expect
+# certbot-auto to error and refuse to install Certbot.  Once certbot-auto is
+# deprecated on RHEL systems, we can unconditionally run this code.
+if [ -f /etc/debian_version ]; then
+    set +o pipefail
+    if ! letsencrypt-auto --debug --version | grep "Certbot cannot be installed."; then
+        echo "letsencrypt-auto didn't report being uninstallable."
+        exit 1
+    fi
+    if [ ${PIPESTATUS[0]} != 1 ]; then
+        echo "letsencrypt-auto didn't exit with status 1 as expected"
+        exit 1
+    fi
+    # letsencrypt-auto is deprecated and cannot be installed on this system so
+    # we cannot run the rest of this test.
+    exit 0
+fi
+
+letsencrypt-auto --os-packages-only --debug --version
+
+# This script sets the environment variables PYTHON_NAME, VENV_PATH, and
+# VENV_SCRIPT based on the version of Python available on the system. For
+# instance, Fedora uses Python 3 and Python 2 is not installed.
+. tests/letstest/scripts/set_python_envvars.sh
+
+# Create a venv-like layout at the old virtual environment path to test that a
+# symlink is properly created when letsencrypt-auto runs.
+HOME=${HOME:-~root}
+XDG_DATA_HOME=${XDG_DATA_HOME:-~/.local/share}
+OLD_VENV_BIN="$XDG_DATA_HOME/letsencrypt/bin"
+mkdir -p "$OLD_VENV_BIN"
+touch "$OLD_VENV_BIN/letsencrypt"
+
+letsencrypt-auto certonly --no-self-upgrade -v --standalone --debug \
+                   --text --agree-tos \
+                   --renew-by-default --redirect \
+                   --register-unsafely-without-email \
+                   --domain $PUBLIC_HOSTNAME --server $BOULDER_URL
+
+LINK_PATH=$("$PYTHON_NAME" tools/readlink.py ${XDG_DATA_HOME:-~/.local/share}/letsencrypt)
+if [ "$LINK_PATH" != "/opt/eff.org/certbot/venv" ]; then
+    echo symlink from old venv path not properly created!
     exit 1
 fi
-if [ ${PIPESTATUS[0]} != 1 ]; then
-    echo "letsencrypt-auto didn't exit with status 1 as expected"
+
+if ! letsencrypt-auto --help --no-self-upgrade | grep -F "letsencrypt-auto [SUBCOMMAND]"; then
+    echo "letsencrypt-auto not included in help output!"
+    exit 1
+fi
+
+OUTPUT_LEN=$(letsencrypt-auto --install-only --no-self-upgrade --quiet 2>&1 | wc -c)
+if [ "$OUTPUT_LEN" != 0 ]; then
+    echo letsencrypt-auto produced unexpected output!
     exit 1
 fi

tests/letstest/targets.yaml

@@ -52,17 +52,6 @@ targets:
     type: centos
     virt: hvm
     user: centos
-  # centos6 requires EPEL repo added
-  - ami: ami-1585c46a
-    name: centos6
-    type: centos
-    virt: hvm
-    user: centos
-    userdata: |
-      #cloud-config
-      runcmd:
-        - yum install -y epel-release
-        - iptables -F
   - ami: ami-01ca03df4a6012157
     name: centos8
     type: centos