Accepting request 817721 from security:dehydrated

- Update maintainer file and package description, remove features
  that are better described in the (upstream maintained) man page.

- Remove potentially harmful scriptlet (bsc#1154167). Documented
  transition case in the maintainer README. Unlikely enough. The
  versions that have not transitioned yet would be broken for more
  than two years now.

OBS-URL: https://build.opensuse.org/request/show/817721
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=17
This commit is contained in:
Dominique Leuenberger 2020-06-29 19:18:30 +00:00 committed by Git OBS Bridge
commit 18d3be14bc
3 changed files with 22 additions and 10 deletions

View File

@ -150,7 +150,6 @@ where <domainname> should be the name of the first column in domains.txt
Limitations & Ceveats
=====================
* It is currently not possible to aqcuire Wildcard certificates
* No EV- or OV-validated certificates
* Certificates expire within weeks, not years. This is by design. Ensure that
certificate renewal works and that daemons get reloaded frequently to pick
@ -160,6 +159,13 @@ Limitations & Ceveats
will be executed by the cron script / systemd timer *after* an update run
has been performed.
Upgrade Notes
=============
If you are upgrading from letsencrypt.sh, note that you need to move
/etc/letsencrypt.sh to /etc/dehydrated and chown it to the "dehydrated"
user.
Links
=====

View File

@ -1,3 +1,17 @@
-------------------------------------------------------------------
Mon Jun 29 12:41:48 UTC 2020 - Daniel Molkentin <daniel.molkentin@suse.com>
- Update maintainer file and package description, remove features
that are better described in the (upstream maintained) man page.
-------------------------------------------------------------------
Mon Jun 29 12:38:31 UTC 2020 - Daniel Molkentin <daniel.molkentin@suse.com>
- Remove potentially harmful scriptlet (bsc#1154167). Documented
transition case in the maintainer README. Unlikely enough. The
versions that have not transitioned yet would be broken for more
than two years now.
-------------------------------------------------------------------
Wed May 6 12:34:56 UTC 2020 - Daniel Molkentin <daniel.molkentin@suse.com>

View File

@ -108,14 +108,7 @@ It uses the openssl utility for everything related to actually
handling keys and certificates, so you need to have that installed.
Other dependencies are: curl, sed, grep, mktemp (all found on almost
any system, curl being the only exception)
Current features:
* Signing of a list of domains
* Signing of a CSR
* Renewal if a certificate is about to expire or SAN (subdomains) changed
* Certificate revocation
any system, curl being the only exception).
%package %{_apache}
Summary: Apache Integration for dehydrated
@ -146,7 +139,6 @@ This adds a configuration file for dehydrated's acme-challenge to nginx.
getent group %{_user} >/dev/null || %{_sbindir}/groupadd -r %{_user}
getent passwd %{_user} >/dev/null || %{_sbindir}/useradd -g %{_user} \
-s /bin/false -r -c "%{_user}" -d %{_home} %{_user}
if [ -d %{_sysconfdir}/letsencrypt.sh ]; then mv %{_sysconfdir}/letsencrypt.sh %{_sysconfdir}/dehydrated; chown -R %{_user} %{_sysconfdir}/dehydrated; fi
if [ -e %{_sysconfdir}/dehydrated/config.sh ]; then mv %{_sysconfdir}/dehydrated/config.sh %{_sysconfdir}/dehydrated/config; fi
%if %{with systemd}