Changelog for
dehydrated-0.7.0+1.g3a77955-1.1.noarch.rpm :
* Thu Dec 10 2020 daniel.molkentinAATTsuse.com- Update to version 0.7.0+1.g3a77955:
* bump changelog for new draft releases
* preparing for release 0.7.0
* use normal error behaviour for failing http requests (fixes #782)
* allow to set domains.txt as cli argument (fixes #678)
* use secp384r1 as default (instead of rsa, fixes #651)
* use secp384r1 as default (instead of rsa, fixes #651)
* adding new CLI Command (--cleanupdelete / -gcd) to cleanup+delete (instead of just moving to /archive) (closes #587)
* allow setting OCSP_FETCH and OCSP_DAYS per certificate config (closes #602, thx AATTbjacke)
* cleanup: also remove dangling symlinks
* cleanup: also do cleanup if symlink is broken (closes #667)
* make alpn-validation certificates and keys group readable (closes #754, fixes #753)
* Fix OCSP_FETCH with libressl
* Thu Dec 10 2020 daniel.molkentinAATTsuse.com- Update to version 0.6.5+52.g481aba7:
* remove quotes from per-cert-config vars to allow for spaces (fixes #789, closes #791)
* changed method for parsing issuer cn, fixing compatibility with some openssl versions
* show available options if preferred chain is not found
* fix spaces in sudo arguments
* Mon Nov 16 2020 daniel.molkentinAATTsuse.com- Update to version 0.6.5+48.gc670c18:
* added display-terms to changelog+readme
* add --display-terms to display the URL for the current ToS
* added support for requesting preferred-chain instead of default chain
* Wed Sep 30 2020 daniel.molkentinAATTsuse.com- Update to version 0.6.5+45.g7d3288f:
* one more \\s -> [[:space:]] replacement
* Replace \\s with [[:space:]] for compatibility
* Complain about deactivated accounts
* implement account deactivation through --deactivate parameter
* Don\'t require sudo before we know we really need it
* Do not fail silently with invalid sudo user/group
* add more CAs, now that support for CA presets is implemented
* fix OS name detection
* Thu Sep 17 2020 daniel.molkentinAATTsuse.com- Update to version 0.6.5+37.gb3abc41:
* tmpfix: log error if acmev1 validation is denied + fix unbound variable
* eab: use hex key instead of binary (fixes issue with nullbytes)
* do not fail on challenge in \"processing\" state (fixes #759)
* fixed bad typo..
* readme+changelog
* EAB + ZeroSSL support
* read boolean values from json
* removed accidental shebang
* use presets for some CAs instead of requiring full urls
* Mon Sep 14 2020 daniel.molkentinAATTsuse.com- Update to version v0.6.5+suse.28.g42a0fc9:
* fix tls-alpn-01 configuration example
* fixed some typos (fixes #725, fixes #741, fixes #740)
* removed tmp file in \'generate_alpn_certificate\' function
* fixed zsh compatibility
* merged temporary json.sh into dehydrated, fixed authorization \"pending\" loop
* experimental json.sh support
* Use existing curl version var
* removed instructions for importing from \"official\" client (certbot) as it probably doesn\'t work anymore and there isn\'t really much use for it anyway
* fix link to wiki in documentation (fixes #690)
* reworked dependency check and moved it up a bit in code (fixes #715, resolves #717 again...)
* Mon Sep 14 2020 daniel.molkentinAATTsuse.com- Reenable nginx subpackage for factory
* Mon Jun 29 2020 daniel.molkentinAATTsuse.com- Update maintainer file and package description, remove features that are better described in the (upstream maintained) man page.
* Mon Jun 29 2020 daniel.molkentinAATTsuse.com- Remove potentially harmful scriptlet (bsc#1154167). Documented transition case in the maintainer README. Unlikely enough. The versions that have not transitioned yet would be broken for more than two years now.
* Wed May 06 2020 daniel.molkentinAATTsuse.com- Removed lighttpd 1.x integration package. If you still would like to use lighttpd with dehydrated, follow the instructions in the README.maintainers file.
* Mon Apr 20 2020 daniel.molkentinAATTsuse.com- Fix lighttpd config file (boo#1169834)- Provide nginx subpackage for SLE 15+ (jsc#SLE-11727)
* Mon Feb 03 2020 dimstarAATTopensuse.org- Drop systemd BuildRequires: pkgconfig(systemd) is already in place and is synonymous.
* Thu Oct 17 2019 rbrownAATTsuse.com- Remove obsolete Groups tag (fate#326485)
* Sat Aug 10 2019 daniel.molkentinAATTsuse.com- Behavioral change: Use cron only for older RHEL/CentOS versions (along with SLE < 12.0). Everything else now uses systemd. Please adopt accordingly! Refer to README.md for
* Wed Jun 26 2019 daniel.molkentinAATTsuse.com- Update to dehydrated 0.6.5
* Fixed broken APIv1 compatibility from last update
* Tue Jun 25 2019 daniel.molkentinAATTsuse.com- Update to dehydrated 0.6.4
* Fetch account ID from Location header instead of account json (bsc#1139408)- Update to dehydrated 0.6.3
* OCSP refresh interval is now configurable
* Implemented POST-as-GET
* Call exit_hook on errors (with error-message as first parameter)
* Initial support for tls-alpn-01 validation
* New hook: sync_cert (for syncing certificate files to disk, see example hook description)
* Fetch account information after registration to avoid missing account id
* Tue Jan 22 2019 daniel.molkentinAATTsuse.com- Remove RandomizedDelaySec attribute for distros with older systemd (boo#1110697)
* Fri Apr 27 2018 daniel.molkentinAATTsuse.com- Update to dehydrated 0.6.2
* removes 0001-fixed-CA-url-in-example-config.patch
* removes 0002-don-t-walk-certificate-chain-for-ACMEv2-certificate-.patch Added
* New deploy_ocsp hook
* Allow account registration with custom key Changed
* Don\'t walk certificate chain for ACMEv2 (certificate contains chain by default)
* Improved documentation on wildcards Fixes
* Added workaround for compatibility with filesystem ACLs
* Close unwanted external file-descriptors
* Fixed JSON parsing on force-renewal (bsc#1091216)
* Fixed cleanup of challenge files/dns-entries on validation errors
* A few more minor fixes
* Thu Mar 15 2018 daniel.molkentinAATTsuse.com- Don\'t add intermediate certificates twice when using ACMEv2 (bsc#1085305)
* Adds 0002-don-t-walk-certificate-chain-for-ACMEv2-certificate-.patch
* Wed Mar 14 2018 daniel.molkentinAATTsuse.com- Fix issues introduced by 0.6.1 (bsc#1085305)
* bring back man page
* reflect new endpoint in (commented out) config file section (adds 0001-fixed-CA-url-in-example-config.patch, backported from upstream\'s master branch)
* Tue Mar 13 2018 daniel.molkentinAATTsuse.com- Updated dehydrated to 0.6.1 (bsc#1084854)
* Use new ACME v2 endpoint by default
* Mon Mar 12 2018 daniel.molkentinAATTsuse.com- Updated dehydrated to 0.6.0 (bsc#1084854) Changed
* Challenge validation loop has been modified to loop over authorization identifiers instead of altnames (ACMEv2 + wildcard support)
* Removed LICENSE parameter from config (terms of service is now acquired directly from the CA directory) Added
* Support for ACME v02 (including wildcard certificates!)
* New hook: generate_csr (see example hook script for more information)
* Calling random hook on startup to make it clear to hook script authors that unknown hooks should just be ignored...
* Mon Jan 15 2018 daniel.molkentinAATTsuse.com- Remove redundant noarch entries. They cause an error in RPM 4.14.
* Mon Jan 15 2018 daniel.molkentinAATTsuse.com- Updated dehydrated to 0.5.0 This removes the following patches and files, which are now part of the upstream package:
* 0001-Add-optional-user-and-group-configuration.patch
* 0002-use-nullglob-disable-warning-on-empty-CONFIG_D-direc.patch
* dehydrated.1: the man page has been adopted by upstream Starting with this version, upstream introduced signed releases, which is now being used for source validation. Upstream changes: Changed
* Certificate chain is now cached (CHAINCACHE)
* OpenSSL binary path is now configurable (OPENSSL)
* Cleanup now also moves revoked certificates Added
* New feature for updating contact information (--account)
* Allow automatic cleanup on exit (AUTO_CLEANUP)
* Initial support for fetching OCSP status to be used for OCSP stapling (OCSP_FETCH)
* Certificates can now have aliases to create multiple certificates with identical set of domains (see --alias and domains.txt documentation)
* Allow dehydrated to run as specified user (/group). This was already available previously as a patch to this package.
* Fri Oct 20 2017 mrueckertAATTsuse.de- revert accidental change to the service file
* Fri Oct 20 2017 mrueckertAATTsuse.de- actually try to find the real path to bash and don\'t hardcode /usr/bin/bash
* Thu Oct 19 2017 daniel.molkentinAATTsuse.com- Use /usr/bin/bash directly, rather than via env
* Wed Oct 18 2017 daniel.molkentinAATTsuse.com- Use sudo instead of su to allow for argument handling, also works in all cases when no login shell is assigned to the dehydrated user
* updates 0001-Add-optional-user-and-group-configuration.patch
* Tue Oct 17 2017 daniel.molkentinAATTsuse.com- Commands in service files need some escaping after all. Fix ExecStartPost.
* Mon Oct 16 2017 daniel.molkentinAATTsuse.com- In the timer service, execute root post run hooks in ExecStartPost
* Mon Oct 16 2017 daniel.molkentinAATTsuse.com- Fix run of root hooks- Simplify root hook execution, this is also more robust
* Thu Oct 05 2017 daniel.molkentinAATTsuse.com- Remove unused hooks directory- Introduced a directory for custom post-run hooks executed as root, see README.SUSE for details. (not to be confused with the native hooks run as dehyrated user)
* Fri Sep 29 2017 daniel.molkentinAATTsuse.com- Clarify necessity of enabling dehydrated.timer in README.SUSE- Submit to SLE15 as per fate#323377- Add optional post run hook directory, executed by cron/systemd after dehydrated --cron has run- Remove hook directory intended for packaging other native hooks. Will be approach differently
* Wed Sep 27 2017 daniel.molkentinAATTsuse.com- No longer require nginx or lighttpd for SLE- Never go as far as to require acmeresponder, it might not be available- Drop -update from dehydrated-update.{timer,socket} for consistency- Add distro specific README.SUSE / README.Fedora- Ran spec-cleaner
* Fri Sep 22 2017 daniel.molkentinAATTsuse.com- Add man page- Ensure dehydrated is always run as designated user
* adds 0001-Add-optional-user-and-group-configuration.patch- Introduce config.d directory for user configuration- Avoid warning about empty config.d directory
* adds 0002-use-nullglob-disable-warning-on-empty-CONFIG_D-direc.patch- Fix sed warning about unescaped curly braces in regex
* Tue Sep 19 2017 daniel.molkentinAATTsuse.com- Swap statements in post: installing services requires tmp.d
* Tue Sep 19 2017 daniel.molkentinAATTsuse.com- (Weak) dependency on dehydrated-acmeresponder.
* Thu Sep 14 2017 daniel.molkentinAATTsuse.com- systemd update service: ConditionPathExists goes into [Unit] section
* Wed Sep 13 2017 daniel.molkentinAATTsuse.com- Use timer instead of cron for systemd-enabled distros Note: Timer must be explicitly enabled!
* Tue Feb 21 2017 daniel.molkentinAATTsuse.com- Drop the (undocumented) dependeny for mod_headers
* Sat Feb 18 2017 danielAATTmolkentin.de- Unify configuration file source names
* Sat Feb 18 2017 danielAATTmolkentin.de- Bump to 0.4.0
* Thu Feb 02 2017 daniel.molkentinAATTsuse.com- More dependency fixes
* Thu Feb 02 2017 daniel.molkentinAATTsuse.com- Make nginx and lighttpd packages into features Default-disable them on distros where we cannot provide a dependency.
* Thu Feb 02 2017 daniel.molkentinAATTsuse.com- Fix build on Fedora
* Thu Feb 02 2017 mrueckertAATTsuse.de- make permissions of the lighty and nginx config files tighter
* Thu Feb 02 2017 mrueckertAATTsuse.de- only own the configuration files and not the whole directory tree - add BR for nginx, lighttpd, apache2 to handle directory ownership
* Thu Jan 12 2017 mrueckertAATTsuse.de- with making the permissions more tight ... dehydrated can not write its lock file anymore to /etc/dehydrated. To fix this we now create /var/run/dehydrated (sysvinit) or /run/dehydrated (systemd) and point the lock file in the default config to that directory. Please adapt your local config files accordingly.
* Thu Jan 12 2017 mrueckertAATTsuse.de- change permissions of /etc/dehydrated to: root:dehydrated u=rwx,g=rx,o=- create the subdirs that dehydrated would create later anyway: /etc/dehydrated/accounts /etc/dehydrated/certs dehydrated::dehydrated u=rwx,go=- tighten up permissions on /etc/dehydrated/config /etc/dehydrated/domain.txt root:root u=rw,go=r -> root:dehydrated u=rw,g=r,o= /etc/dehydrated/hook.sh root:root u=rw,go=r -> root:dehydrated u=rwx,g=rx,o=
* Wed Nov 23 2016 danielAATTmolkentin.de- Add lighttpd configuration via dehydrated-lighttpd
* Mon Nov 14 2016 jengelhAATTinai.de- Test for user/group before adding them and don\'t suppress errors
* Thu Nov 10 2016 danielAATTmolkentin.de- Fix MIN HOUR order in crontab (boo#1009452)
* Tue Sep 13 2016 danimoAATTowncloud.com- Bump to v0.3.1- Rename to dehydrated
* Sun May 22 2016 danimoAATTowncloud.com- Bump to v0.2.0- This version fixes a json-parsing bug which made letsencrypt.sh incompatible with up-to-date ACME servers.- PRIVATE_KEY config parameter has been renamed to ACCOUNT_KEY to avoid confusion with certificate keys- deploy_cert hook now also has the certificates timestamp as standalone parameter- Temporary files are now identifiable (template: letsencrypt.sh-XXXXXX)- Private keys are now regenerated by default- Added documentation to repository- Fixed bug with uppercase names in domains.txt (script now converts everything to lowercase)- mktemp no longer uses the deprecated -t parameter.- Compatibility with \"pretty\" json
* Wed Apr 20 2016 danimoAATTowncloud.com- Explicitly add group and license, required for SLES 11
* Wed Apr 20 2016 danimoAATTowncloud.com- Add nginx integration package- Proper dir permissions for apache package (755, not 644)
* Mon Apr 18 2016 drahtAATTschaltsekun.de- fix build requirement for shadow (>=openSUSE-12.3) and pwdutils (before 12.3).- missing changelog for last change by danimo: do not require mod_ssl for suse distrbutions.
* Mon Mar 28 2016 danimoAATTowncloud.com- Add alias to /.well-known/acme-challenge by default
* Sat Mar 26 2016 danimoAATTowncloud.com- Add cron, do not remove letsencrypt user, adjust permissions
* Fri Mar 25 2016 danimoAATTowncloud.com- Initial commit
