File dehydrated.changes of Package dehydrated
-------------------------------------------------------------------
Thu Dec 10 16:04:31 UTC 2020 - daniel.molkentin@suse.com
- Update to version 0.7.0+1.g3a77955:
* bump changelog for new draft releases
* preparing for release 0.7.0
* use normal error behaviour for failing http requests (fixes #782)
* allow to set domains.txt as cli argument (fixes #678)
* use secp384r1 as default (instead of rsa, fixes #651)
* use secp384r1 as default (instead of rsa, fixes #651)
* adding new CLI Command (--cleanupdelete / -gcd) to cleanup+delete (instead of just moving to /archive) (closes #587)
* allow setting OCSP_FETCH and OCSP_DAYS per certificate config (closes #602, thx @bjacke)
* cleanup: also remove dangling symlinks
* cleanup: also do cleanup if symlink is broken (closes #667)
* make alpn-validation certificates and keys group readable (closes #754, fixes #753)
* Fix OCSP_FETCH with libressl
-------------------------------------------------------------------
Thu Dec 10 12:24:52 UTC 2020 - daniel.molkentin@suse.com
- Update to version 0.6.5+52.g481aba7:
* remove quotes from per-cert-config vars to allow for spaces (fixes #789, closes #791)
* changed method for parsing issuer cn, fixing compatibility with some openssl versions
* show available options if preferred chain is not found
* fix spaces in sudo arguments
-------------------------------------------------------------------
Mon Nov 16 09:09:14 UTC 2020 - daniel.molkentin@suse.com
- Update to version 0.6.5+48.gc670c18:
* added display-terms to changelog+readme
* add --display-terms to display the URL for the current ToS
* added support for requesting preferred-chain instead of default chain
-------------------------------------------------------------------
Wed Sep 30 10:59:24 UTC 2020 - daniel.molkentin@suse.com
- Update to version 0.6.5+45.g7d3288f:
* one more \s -> [[:space:]] replacement
* Replace \s with [[:space:]] for compatibility
* Complain about deactivated accounts
* implement account deactivation through --deactivate parameter
* Don't require sudo before we know we really need it
* Do not fail silently with invalid sudo user/group
* add more CAs, now that support for CA presets is implemented
* fix OS name detection
-------------------------------------------------------------------
Thu Sep 17 13:29:21 UTC 2020 - daniel.molkentin@suse.com
- Update to version 0.6.5+37.gb3abc41:
* tmpfix: log error if acmev1 validation is denied + fix unbound variable
* eab: use hex key instead of binary (fixes issue with nullbytes)
* do not fail on challenge in "processing" state (fixes #759)
* fixed bad typo..
* readme+changelog
* EAB + ZeroSSL support
* read boolean values from json
* removed accidental shebang
* use presets for some CAs instead of requiring full urls
-------------------------------------------------------------------
Mon Sep 14 13:51:29 UTC 2020 - daniel.molkentin@suse.com
- Update to version v0.6.5+suse.28.g42a0fc9:
* fix tls-alpn-01 configuration example
* fixed some typos (fixes #725, fixes #741, fixes #740)
* removed tmp file in 'generate_alpn_certificate' function
* fixed zsh compatibility
* merged temporary json.sh into dehydrated, fixed authorization "pending" loop
* experimental json.sh support
* Use existing curl version var
* removed instructions for importing from "official" client (certbot) as it probably doesn't work anymore and there isn't really much use for it anyway
* fix link to wiki in documentation (fixes #690)
* reworked dependency check and moved it up a bit in code (fixes #715, resolves #717 again...)
-------------------------------------------------------------------
Mon Sep 14 13:42:19 UTC 2020 - Daniel Molkentin <daniel.molkentin@suse.com>
- Reenable nginx subpackage for factory
-------------------------------------------------------------------
Mon Jun 29 12:41:48 UTC 2020 - Daniel Molkentin <daniel.molkentin@suse.com>
- Update maintainer file and package description, remove features
that are better described in the (upstream maintained) man page.
-------------------------------------------------------------------
Mon Jun 29 12:38:31 UTC 2020 - Daniel Molkentin <daniel.molkentin@suse.com>
- Remove potentially harmful scriptlet (bsc#1154167). Documented
transition case in the maintainer README. Unlikely enough. The
versions that have not transitioned yet would be broken for more
than two years now.
-------------------------------------------------------------------
Wed May 6 12:34:56 UTC 2020 - Daniel Molkentin <daniel.molkentin@suse.com>
- Removed lighttpd 1.x integration package. If you still would like
to use lighttpd with dehydrated, follow the instructions in the
README.maintainers file.
-------------------------------------------------------------------
Mon Apr 20 00:37:26 UTC 2020 - Daniel Molkentin <daniel.molkentin@suse.com>
- Fix lighttpd config file (boo#1169834)
- Provide nginx subpackage for SLE 15+ (jsc#SLE-11727)
-------------------------------------------------------------------
Mon Feb 3 12:25:00 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
- Drop systemd BuildRequires: pkgconfig(systemd) is already in
place and is synonymous.
-------------------------------------------------------------------
Thu Oct 17 17:23:53 UTC 2019 - Richard Brown <rbrown@suse.com>
- Remove obsolete Groups tag (fate#326485)
-------------------------------------------------------------------
Sat Aug 10 17:18:25 UTC 2019 - Daniel Molkentin <daniel.molkentin@suse.com>
- Behavioral change: Use cron only for older RHEL/CentOS versions
(along with SLE < 12.0). Everything else now uses systemd.
Please adopt accordingly! Refer to README.md for
-------------------------------------------------------------------
Wed Jun 26 11:03:27 UTC 2019 - Daniel Molkentin <daniel.molkentin@suse.com>
- Update to dehydrated 0.6.5
* Fixed broken APIv1 compatibility from last update
-------------------------------------------------------------------
Tue Jun 25 17:29:10 UTC 2019 - Daniel Molkentin <daniel.molkentin@suse.com>
- Update to dehydrated 0.6.4
* Fetch account ID from Location header instead of account json (bsc#1139408)
- Update to dehydrated 0.6.3
* OCSP refresh interval is now configurable
* Implemented POST-as-GET
* Call exit_hook on errors (with error-message as first parameter)
* Initial support for tls-alpn-01 validation
* New hook: sync_cert (for syncing certificate files to disk, see example
hook description)
* Fetch account information after registration to avoid missing account id
-------------------------------------------------------------------
Tue Jan 22 11:52:00 UTC 2019 - Daniel Molkentin <daniel.molkentin@suse.com>
- Remove RandomizedDelaySec attribute for distros with older systemd
(boo#1110697)
-------------------------------------------------------------------
Fri Apr 27 11:14:45 UTC 2018 - daniel.molkentin@suse.com
- Update to dehydrated 0.6.2
* removes 0001-fixed-CA-url-in-example-config.patch
* removes 0002-don-t-walk-certificate-chain-for-ACMEv2-certificate-.patch
Added
* New deploy_ocsp hook
* Allow account registration with custom key
Changed
* Don't walk certificate chain for ACMEv2 (certificate contains chain by default)
* Improved documentation on wildcards
Fixes
* Added workaround for compatibility with filesystem ACLs
* Close unwanted external file-descriptors
* Fixed JSON parsing on force-renewal (bsc#1091216)
* Fixed cleanup of challenge files/dns-entries on validation errors
* A few more minor fixes
-------------------------------------------------------------------
Thu Mar 15 10:52:56 UTC 2018 - daniel.molkentin@suse.com
- Don't add intermediate certificates twice when using ACMEv2 (bsc#1085305)
* Adds 0002-don-t-walk-certificate-chain-for-ACMEv2-certificate-.patch
-------------------------------------------------------------------
Wed Mar 14 16:51:29 UTC 2018 - daniel.molkentin@suse.com
- Fix issues introduced by 0.6.1 (bsc#1085305)
* bring back man page
* reflect new endpoint in (commented out) config file section
(adds 0001-fixed-CA-url-in-example-config.patch, backported
from upstream's master branch)
-------------------------------------------------------------------
Tue Mar 13 20:21:49 UTC 2018 - daniel.molkentin@suse.com
- Updated dehydrated to 0.6.1 (bsc#1084854)
* Use new ACME v2 endpoint by default
-------------------------------------------------------------------
Mon Mar 12 08:16:13 UTC 2018 - daniel.molkentin@suse.com
- Updated dehydrated to 0.6.0 (bsc#1084854)
Changed
* Challenge validation loop has been modified to loop over authorization identifiers instead of altnames (ACMEv2 + wildcard support)
* Removed LICENSE parameter from config (terms of service is now acquired directly from the CA directory)
Added
* Support for ACME v02 (including wildcard certificates!)
* New hook: generate_csr (see example hook script for more information)
* Calling random hook on startup to make it clear to hook script authors that unknown hooks should just be ignored...
-------------------------------------------------------------------
Mon Jan 15 12:15:07 UTC 2018 - daniel.molkentin@suse.com
- Remove redundant noarch entries. They cause an error in RPM 4.14.
-------------------------------------------------------------------
Mon Jan 15 11:29:11 UTC 2018 - daniel.molkentin@suse.com
- Updated dehydrated to 0.5.0
This removes the following patches and files, which are now part of the
upstream package:
* 0001-Add-optional-user-and-group-configuration.patch
* 0002-use-nullglob-disable-warning-on-empty-CONFIG_D-direc.patch
* dehydrated.1: the man page has been adopted by upstream
Starting with this version, upstream introduced signed releases, which
is now being used for source validation.
Upstream changes:
Changed
* Certificate chain is now cached (CHAINCACHE)
* OpenSSL binary path is now configurable (OPENSSL)
* Cleanup now also moves revoked certificates
Added
* New feature for updating contact information (--account)
* Allow automatic cleanup on exit (AUTO_CLEANUP)
* Initial support for fetching OCSP status to be used for OCSP stapling
(OCSP_FETCH)
* Certificates can now have aliases to create multiple certificates with
identical set of domains (see --alias and domains.txt documentation)
* Allow dehydrated to run as specified user (/group). This was already
available previously as a patch to this package.
-------------------------------------------------------------------
Fri Oct 20 11:02:24 UTC 2017 - mrueckert@suse.de
- revert accidental change to the service file
-------------------------------------------------------------------
Fri Oct 20 10:55:26 UTC 2017 - mrueckert@suse.de
- actually try to find the real path to bash and don't hardcode
/usr/bin/bash
-------------------------------------------------------------------
Thu Oct 19 08:11:20 UTC 2017 - daniel.molkentin@suse.com
- Use /usr/bin/bash directly, rather than via env
-------------------------------------------------------------------
Wed Oct 18 16:42:31 UTC 2017 - daniel.molkentin@suse.com
- Use sudo instead of su to allow for argument handling, also
works in all cases when no login shell is assigned to the
dehydrated user
* updates 0001-Add-optional-user-and-group-configuration.patch
-------------------------------------------------------------------
Tue Oct 17 14:46:16 UTC 2017 - daniel.molkentin@suse.com
- Commands in service files need some escaping after all. Fix ExecStartPost.
-------------------------------------------------------------------
Mon Oct 16 09:27:28 UTC 2017 - daniel.molkentin@suse.com
- In the timer service, execute root post run hooks in ExecStartPost
-------------------------------------------------------------------
Mon Oct 16 04:43:22 UTC 2017 - daniel.molkentin@suse.com
- Fix run of root hooks
- Simplify root hook execution, this is also more robust
-------------------------------------------------------------------
Thu Oct 5 13:36:39 UTC 2017 - daniel.molkentin@suse.com
- Remove unused hooks directory
- Introduced a directory for custom post-run hooks executed as root,
see README.SUSE for details. (not to be confused with the native hooks
run as dehyrated user)
-------------------------------------------------------------------
Fri Sep 29 15:14:29 UTC 2017 - daniel.molkentin@suse.com
- Clarify necessity of enabling dehydrated.timer in README.SUSE
- Submit to SLE15 as per fate#323377
- Add optional post run hook directory, executed by cron/systemd
after dehydrated --cron has run
- Remove hook directory intended for packaging other native hooks.
Will be approach differently
-------------------------------------------------------------------
Wed Sep 27 10:09:16 UTC 2017 - daniel.molkentin@suse.com
- No longer require nginx or lighttpd for SLE
- Never go as far as to require acmeresponder, it might not be available
- Drop -update from dehydrated-update.{timer,socket} for consistency
- Add distro specific README.SUSE / README.Fedora
- Ran spec-cleaner
-------------------------------------------------------------------
Fri Sep 22 11:18:55 UTC 2017 - daniel.molkentin@suse.com
- Add man page
- Ensure dehydrated is always run as designated user
* adds 0001-Add-optional-user-and-group-configuration.patch
- Introduce config.d directory for user configuration
- Avoid warning about empty config.d directory
* adds 0002-use-nullglob-disable-warning-on-empty-CONFIG_D-direc.patch
- Fix sed warning about unescaped curly braces in regex
-------------------------------------------------------------------
Tue Sep 19 15:40:46 UTC 2017 - daniel.molkentin@suse.com
- Swap statements in post: installing services requires tmp.d
-------------------------------------------------------------------
Tue Sep 19 14:52:25 UTC 2017 - daniel.molkentin@suse.com
- (Weak) dependency on dehydrated-acmeresponder.
-------------------------------------------------------------------
Thu Sep 14 13:47:06 UTC 2017 - daniel.molkentin@suse.com
- systemd update service: ConditionPathExists goes into [Unit] section
-------------------------------------------------------------------
Wed Sep 13 15:27:08 UTC 2017 - daniel.molkentin@suse.com
- Use timer instead of cron for systemd-enabled distros
Note: Timer must be explicitly enabled!
-------------------------------------------------------------------
Tue Feb 21 13:12:19 UTC 2017 - daniel.molkentin@suse.com
- Drop the (undocumented) dependeny for mod_headers
-------------------------------------------------------------------
Sat Feb 18 16:51:10 UTC 2017 - daniel@molkentin.de
- Unify configuration file source names
-------------------------------------------------------------------
Sat Feb 18 14:08:02 UTC 2017 - daniel@molkentin.de
- Bump to 0.4.0
-------------------------------------------------------------------
Thu Feb 2 15:04:16 UTC 2017 - daniel.molkentin@suse.com
- More dependency fixes
-------------------------------------------------------------------
Thu Feb 2 13:59:16 UTC 2017 - daniel.molkentin@suse.com
- Make nginx and lighttpd packages into features
Default-disable them on distros where we cannot provide a dependency.
-------------------------------------------------------------------
Thu Feb 2 12:32:20 UTC 2017 - daniel.molkentin@suse.com
- Fix build on Fedora
-------------------------------------------------------------------
Thu Feb 2 11:03:43 UTC 2017 - mrueckert@suse.de
- make permissions of the lighty and nginx config files tighter
-------------------------------------------------------------------
Thu Feb 2 10:56:58 UTC 2017 - mrueckert@suse.de
- only own the configuration files and not the whole directory tree
- add BR for nginx, lighttpd, apache2 to handle directory
ownership
-------------------------------------------------------------------
Thu Jan 12 10:24:20 UTC 2017 - mrueckert@suse.de
- with making the permissions more tight ... dehydrated can not
write its lock file anymore to /etc/dehydrated. To fix this we
now create /var/run/dehydrated (sysvinit) or /run/dehydrated
(systemd) and point the lock file in the default config to that
directory.
Please adapt your local config files accordingly.
-------------------------------------------------------------------
Thu Jan 12 09:53:06 UTC 2017 - mrueckert@suse.de
- change permissions of /etc/dehydrated to:
root:dehydrated u=rwx,g=rx,o=
- create the subdirs that dehydrated would create later anyway:
/etc/dehydrated/accounts
/etc/dehydrated/certs
dehydrated::dehydrated u=rwx,go=
- tighten up permissions on
/etc/dehydrated/config
/etc/dehydrated/domain.txt
root:root u=rw,go=r -> root:dehydrated u=rw,g=r,o=
/etc/dehydrated/hook.sh
root:root u=rw,go=r -> root:dehydrated u=rwx,g=rx,o=
-------------------------------------------------------------------
Wed Nov 23 02:20:53 UTC 2016 - daniel@molkentin.de
- Add lighttpd configuration via dehydrated-lighttpd
-------------------------------------------------------------------
Mon Nov 14 09:26:41 UTC 2016 - jengelh@inai.de
- Test for user/group before adding them and don't suppress errors
-------------------------------------------------------------------
Thu Nov 10 10:41:09 UTC 2016 - daniel@molkentin.de
- Fix MIN HOUR order in crontab (boo#1009452)
-------------------------------------------------------------------
Tue Sep 13 18:57:09 UTC 2016 - danimo@owncloud.com
- Bump to v0.3.1
- Rename to dehydrated
-------------------------------------------------------------------
Sun May 22 20:23:58 UTC 2016 - danimo@owncloud.com
- Bump to v0.2.0
- This version fixes a json-parsing bug which made letsencrypt.sh
incompatible with up-to-date ACME servers.
- PRIVATE_KEY config parameter has been renamed to ACCOUNT_KEY to avoid
confusion with certificate keys
- deploy_cert hook now also has the certificates timestamp as standalone
parameter
- Temporary files are now identifiable (template: letsencrypt.sh-XXXXXX)
- Private keys are now regenerated by default
- Added documentation to repository
- Fixed bug with uppercase names in domains.txt (script now converts everything
to lowercase)
- mktemp no longer uses the deprecated -t parameter.
- Compatibility with "pretty" json
-------------------------------------------------------------------
Wed Apr 20 01:03:52 UTC 2016 - danimo@owncloud.com
- Explicitly add group and license, required for SLES 11
-------------------------------------------------------------------
Wed Apr 20 00:57:18 UTC 2016 - danimo@owncloud.com
- Add nginx integration package
- Proper dir permissions for apache package (755, not 644)
-------------------------------------------------------------------
Mon Apr 18 18:25:44 UTC 2016 - draht@schaltsekun.de
- fix build requirement for shadow (>=openSUSE-12.3) and pwdutils
(before 12.3).
- missing changelog for last change by danimo: do not require mod_ssl for
suse distrbutions.
-------------------------------------------------------------------
Mon Mar 28 17:05:02 UTC 2016 - danimo@owncloud.com
- Add alias to /.well-known/acme-challenge by default
-------------------------------------------------------------------
Sat Mar 26 09:33:25 UTC 2016 - danimo@owncloud.com
- Add cron, do not remove letsencrypt user, adjust permissions
-------------------------------------------------------------------
Fri Mar 25 18:42:00 UTC 2016 - danimo@owncloud.com
- Initial commit
