Accepting request 817721 from security:dehydrated

- Update maintainer file and package description, remove features
  that are better described in the (upstream maintained) man page.

- Remove potentially harmful scriptlet (bsc#1154167). Documented
  transition case in the maintainer README. Unlikely enough. The
  versions that have not transitioned yet would be broken for more
  than two years now.

OBS-URL: https://build.opensuse.org/request/show/817721
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=17
This commit is contained in:
Dominique Leuenberger 2020-06-29 19:18:30 +00:00 committed by Git OBS Bridge
commit 18d3be14bc
3 changed files with 22 additions and 10 deletions

View File

@ -150,7 +150,6 @@ where <domainname> should be the name of the first column in domains.txt
Limitations & Ceveats Limitations & Ceveats
===================== =====================
* It is currently not possible to aqcuire Wildcard certificates
* No EV- or OV-validated certificates * No EV- or OV-validated certificates
* Certificates expire within weeks, not years. This is by design. Ensure that * Certificates expire within weeks, not years. This is by design. Ensure that
certificate renewal works and that daemons get reloaded frequently to pick certificate renewal works and that daemons get reloaded frequently to pick
@ -160,6 +159,13 @@ Limitations & Ceveats
will be executed by the cron script / systemd timer *after* an update run will be executed by the cron script / systemd timer *after* an update run
has been performed. has been performed.
Upgrade Notes
=============
If you are upgrading from letsencrypt.sh, note that you need to move
/etc/letsencrypt.sh to /etc/dehydrated and chown it to the "dehydrated"
user.
Links Links
===== =====

View File

@ -1,3 +1,17 @@
-------------------------------------------------------------------
Mon Jun 29 12:41:48 UTC 2020 - Daniel Molkentin <daniel.molkentin@suse.com>
- Update maintainer file and package description, remove features
that are better described in the (upstream maintained) man page.
-------------------------------------------------------------------
Mon Jun 29 12:38:31 UTC 2020 - Daniel Molkentin <daniel.molkentin@suse.com>
- Remove potentially harmful scriptlet (bsc#1154167). Documented
transition case in the maintainer README. Unlikely enough. The
versions that have not transitioned yet would be broken for more
than two years now.
------------------------------------------------------------------- -------------------------------------------------------------------
Wed May 6 12:34:56 UTC 2020 - Daniel Molkentin <daniel.molkentin@suse.com> Wed May 6 12:34:56 UTC 2020 - Daniel Molkentin <daniel.molkentin@suse.com>

View File

@ -108,14 +108,7 @@ It uses the openssl utility for everything related to actually
handling keys and certificates, so you need to have that installed. handling keys and certificates, so you need to have that installed.
Other dependencies are: curl, sed, grep, mktemp (all found on almost Other dependencies are: curl, sed, grep, mktemp (all found on almost
any system, curl being the only exception) any system, curl being the only exception).
Current features:
* Signing of a list of domains
* Signing of a CSR
* Renewal if a certificate is about to expire or SAN (subdomains) changed
* Certificate revocation
%package %{_apache} %package %{_apache}
Summary: Apache Integration for dehydrated Summary: Apache Integration for dehydrated
@ -146,7 +139,6 @@ This adds a configuration file for dehydrated's acme-challenge to nginx.
getent group %{_user} >/dev/null || %{_sbindir}/groupadd -r %{_user} getent group %{_user} >/dev/null || %{_sbindir}/groupadd -r %{_user}
getent passwd %{_user} >/dev/null || %{_sbindir}/useradd -g %{_user} \ getent passwd %{_user} >/dev/null || %{_sbindir}/useradd -g %{_user} \
-s /bin/false -r -c "%{_user}" -d %{_home} %{_user} -s /bin/false -r -c "%{_user}" -d %{_home} %{_user}
if [ -d %{_sysconfdir}/letsencrypt.sh ]; then mv %{_sysconfdir}/letsencrypt.sh %{_sysconfdir}/dehydrated; chown -R %{_user} %{_sysconfdir}/dehydrated; fi
if [ -e %{_sysconfdir}/dehydrated/config.sh ]; then mv %{_sysconfdir}/dehydrated/config.sh %{_sysconfdir}/dehydrated/config; fi if [ -e %{_sysconfdir}/dehydrated/config.sh ]; then mv %{_sysconfdir}/dehydrated/config.sh %{_sysconfdir}/dehydrated/config; fi
%if %{with systemd} %if %{with systemd}