3. FreeBSD - メンテナンス・トラブルシュート - python - py27-acme-0.21.0,1

 
3.1 概要
3.2 試行錯誤
3.3 対応

3.1 概要


> pkg version -vl "<"
py27-acme-0.20.0,1                 <   needs updating (index has 0.21.0,1)
 実は他にもたくさんあって、途中でエラーになったりしたのです。  どうも、ports 上の依存関係と python の依存関係に齟齬があるらしく、ports をアップデートする順番によってうまくいったりします。  アップデートする順番を入れ替えることによって、最後に残ったのがこれです。

> portupgrade -rR py27-acme
[Reading data from pkg(8) ... - 401 packages found - done]
[Gathering depends for security/py-acme ...................... done]
[Gathering depends for security/py-certbot ............. done]
[Exclude up-to-date packages .......... done]
--->  Upgrading 'py27-acme-0.20.0,1' to 'py27-acme-0.21.0,1' (security/py-acme)
--->  Building '/usr/ports/security/py-acme'
===>  Cleaning for py27-josepy-1.0.1

	・・・

===>   py27-acme-0.21.0,1 depends on file: /usr/local/bin/python2.7 - found
===>  Configuring for py27-acme-0.21.0,1
running config
===>  Building for py27-acme-0.21.0,1
running build
running build_py

	・・・

running install_egg_info
Copying src/josepy.egg-info to /usr/ports/security/py-josepy/work-py27/stage/usr/local/lib/python2.7/site-packages/josepy-1.0.1-py2.7.egg-info
running install_scripts
Installing jws script to /usr/ports/security/py-josepy/work-py27/stage/usr/local/bin
writing list of installed files to '/usr/ports/security/py-josepy/work-py27/.PLIST.pymodtmp'
====> Compressing man pages (compress-man)
===>  Installing for py27-josepy-1.0.1
===>  Checking if py27-josepy already installed
===>   Registering installation for py27-josepy-1.0.1 as automatic
Installing py27-josepy-1.0.1...
pkg-static: py27-josepy-1.0.1 conflicts with py27-acme-0.20.0,1 (installs files into the same place).  Problematic file: /usr/local/bin/jws
*** Error code 70

Stop.
make[1]: stopped in /usr/ports/security/py-josepy
*** Error code 1

Stop.
make: stopped in /usr/ports/security/py-acme
** Command failed [exit code 1]: /usr/bin/script -qa /tmp/portupgrade20180123-61140-11he3y1 env UPGRADE_TOOL=portupgrade UPGRADE_PORT=py27-acme-0.20.0,1 UPGRADE_PORT_VER=0.20.0,1 make
** Fix the problem and try again.
** Listing the failed packages (-:ignored / *:skipped / !:failed)
        ! security/py-acme (py27-acme-0.20.0,1) (unknown build error)

3.2 試行錯誤

 pkg でアップデートしようとするも

> pkg upgrade py27-acme
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
Your packages are up to date.
 pkg ではアップデート対象にならないようで・・・。  py27-acme ってのが py27-josepy ってのに依存しているようなのです。  py27-josepy を deinstall しようとすると

make deinstall
===>  Deinstalling for py27-josepy
===>   py27-josepy not installed, skipping
 インストールされてないっちゅうし。  インストールしようとすると

make install
===>  Installing for py27-josepy-1.0.1
===>  Checking if py27-josepy already installed
===>   Registering installation for py27-josepy-1.0.1
Installing py27-josepy-1.0.1...
pkg-static: py27-josepy-1.0.1 conflicts with py27-acme-0.20.0,1 (installs files into the same place).  Problematic file: /usr/local/bin/jws
*** Error code 70

Stop.
make: stopped in /usr/ports/security/py-josepy
 py27-acme と conflicts を起こしてしまうわけです。  ちょっと思い当たる節はあるんだなぁ。  「無償の証明書を取得」で certbot をインストールしたときに無理やりなことをしたので・・・。  仕方ないので、py27-acme をアンインストール、インストールしました。

> cd /usr/ports/security/py-acme
> make deinstall
===>  Deinstalling for py27-acme
===>   Deinstalling py27-acme-0.20.0,1
Checking integrity... done (0 conflicting)
Deinstallation has been requested for the following 1 packages (of 0 packages in the universe):

Installed packages to be REMOVED:
        py27-acme-0.20.0,1

Number of packages to be removed: 1

The operation will free 1 MiB.
[1/1] Deinstalling py27-acme-0.20.0,1...
[1/1] Deleting files for py27-acme-0.20.0,1: 100%
> make
> make install
 これで、古い pkg はなくなったものの・・・。  certbot が動かなくなっていたら問題なので確認。  certbot のシェルスクリプトを動かしてみます。

./certbot.sh
An unexpected error occurred:
VersionConflict: (acme 0.21.0 (/usr/local/lib/python2.7/site-packages), Requirement.parse('acme==0.20.0'))
Please see the logfile '/tmp/tmpDMW9jx' for more details.
 うげ、やっぱり・・・。  で、ここからあれこれやったのですが・・・。  たどり着いたのが

> pkg search certbot
py27-certbot-0.20.0,1          Let's Encrypt client
py36-certbot-0.20.0,1          Let's Encrypt client
 なんだ、py36-certbot があるじゃん。

3.3 対応

 py27-certbot をアンインストール(ここは省略します)。  py36-certbot をインストール

> pkg install py36-certbot
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
pkg: ja-man has a missing dependency: ja-less+iso
The following 25 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        py36-certbot: 0.20.0,1

	・・・

        py36-configargparse: 0.12.0

Installed packages to be REINSTALLED:
        libyaml-0.1.6_2 (ABI changed: 'freebsd:9:x86:32' -> 'freebsd:10:x86:32')
        compat6x-i386-6.4.604000.200810_3

Number of packages to be installed: 23
Number of packages to be reinstalled: 2

The process will require 21 MiB more space.
5 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/25] Fetching py36-certbot-0.20.0,1.txz: 100%  400 KiB 409.7kB/s    00:01

	・・・

[25/25] Fetching py36-configargparse-0.12.0.txz: 100%   24 KiB  24.9kB/s    00:01
Checking integrity... done (1 conflicting)
  - py36-acme-0.20.0,1 conflicts with py27-josepy-1.0.1 on /usr/local/bin/jws
Checking integrity... done (0 conflicting)
Conflicts with the existing packages have been found.
One more solver iteration is needed to resolve them.
The following 28 package(s) will be affected (of 0 checked):

Installed packages to be REMOVED:
        py27-acme-0.21.0,1
        py27-josepy-1.0.1

New packages to be INSTALLED:
        py36-setuptools: 36.5.0

	・・・

        py36-certbot: 0.20.0,1

Installed packages to be DOWNGRADED:
        pkg: 1.10.4 -> 1.10.3_1

Installed packages to be REINSTALLED:
        libyaml-0.1.6_2 (ABI changed: 'freebsd:9:x86:32' -> 'freebsd:10:x86:32')
        compat6x-i386-6.4.604000.200810_3

Number of packages to be removed: 2
Number of packages to be installed: 23
Number of packages to be reinstalled: 2
Number of packages to be downgraded: 1

The process will require 20 MiB more space.
3 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/1] Fetching pkg-1.10.3_1.txz: 100%    3 MiB   2.7MB/s    00:01
[1/28] Deinstalling py27-acme-0.21.0,1...

	・・・

[28/28] Extracting compat6x-i386-6.4.604000.200810_3: 100%
Message from py36-setuptools-36.5.0:

*******************************************************************

  Only /usr/local/bin/easy_install-3.6 script has been installed
  since Python 3.6 is not the default Python version.

*******************************************************************
Message from py36-urllib3-1.22:

Be careful, support of IPv6 is broken with PySocks 1.5.7.
Message from py36-certbot-0.20.0,1:

===========================================================================

This port installs the "standalone" client only, which does not use and
is not the certbot-auto bootstrap/wrapper script.

The simplest form of usage to obtain certificates is:

 # sudo certbot certonly --standalone -d <domain>, [domain2, ... domainN]>

NOTE:

The client requires the ability to bind on TCP port 80 or 443 (depending
on the --preferred-challenges option used). If a server is running on that
port, it will need to be temporarily stopped so that the standalone server
can listen on that port to complete the challenge authentication process.

For more information on the 'standalone' mode, see:

  https://certbot.eff.org/docs/using.html#standalone

The certbot plugins to support apache and nginx certificate installation
will be made available in the following ports:

 * Apache plugin: security/py-certbot-apache
 * Nginx plugin: security/py-certbot-nginx

===========================================================================
Message from compat6x-i386-6.4.604000.200810_3:

*******************************************************************************
*                                                                             *
* Do not forget to add COMPAT_FREEBSD6 into                                   *
* your kernel configuration (enabled by default).                             *
*                                                                             *
* To configure and recompile your kernel see:                                 *
* http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html *
*                                                                             *
*******************************************************************************

===>   NOTICE:

The compat6x-i386 port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
 で、certbot のシェルスクリプトを実行しようとすると

> ./certbot.sh
./certbot.sh: /usr/local/bin/certbot: not found

/usr/local/bin/certbot
 は

/usr/local/bin/certbot-3.6
 になっちゃってたのでした。  シェルスクリプトを編集

/usr/local/bin/certbot-3.6 \
        renew \
        --standalone \
        --pre-hook "/usr/local/etc/rc.d/apache24 stop" \
        --post-hook "/usr/local/etc/rc.d/apache24 start"
 再度実行

> ./certbot.sh
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /usr/local/etc/letsencrypt/renewal/www.sing.ne.jp.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal

-------------------------------------------------------------------------------
Processing /usr/local/etc/letsencrypt/renewal/freebsd.sing.ne.jp.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal

-------------------------------------------------------------------------------
Processing /usr/local/etc/letsencrypt/renewal/ns.sing.ne.jp.conf
-------------------------------------------------------------------------------
Cert not yet due for renewal

-------------------------------------------------------------------------------

The following certs are not due for renewal yet:
  /usr/local/etc/letsencrypt/live/www.sing.ne.jp/fullchain.pem (skipped)
  /usr/local/etc/letsencrypt/live/freebsd.sing.ne.jp/fullchain.pem (skipped)
  /usr/local/etc/letsencrypt/live/ns.sing.ne.jp/fullchain.pem (skipped)
No renewals were attempted.
No hooks were run.
-------------------------------------------------------------------------------
 どうやらうまく動きました。ほっとしました。