Accepting request 1032541 from security:dehydrated

OBS-URL: https://build.opensuse.org/request/show/1032541
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=25
This commit is contained in:
Dominique Leuenberger 2022-11-01 12:42:48 +00:00 committed by Git OBS Bridge
commit 4b8c224531
7 changed files with 25 additions and 73 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1c5f12c2e57e64b1762803f82f0f7e767a72e65a6ce68e4d1ec197e61b9dc4f9
size 86574

View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEPC8mBeB4oeGPR5OQnE2+bPQ48zMFAl/SRfEACgkQnE2+bPQ4
8zP7FAgAvogz5n6yTPO0pa5o/oCuiz3MHBtVpkPNiDQvb0DqcVdxZvOqR5FE5Dtu
xtlOBsA2c595UemDUSUbiAu7Me9ytSTJnpm+TIvAiy/bFrZLoSih02qLbEW8YTE4
TO4yMTwZqmAZpFz8+MGZYUlp92EiFb/aujjtq5XjDVj75IMpf7YfVP9N10zSlF2I
nU7IUY9EYLBR6FxfWUiiNrPa0A9wMclVEWC9WPhXq3yVlVT1Q9uOyzA7aLUYbSp5
/Q1aNHHdoyfS9Nm1DpbJLnwpKyhHZDUbj6wAnrKD/I1vnLASpej8FzClIK8qlfiD
HVHChYB/jiIZZHBDmRdnZjT2oqo2Gw==
=CGfz
-----END PGP SIGNATURE-----

3
dehydrated-0.7.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4d28a0598230b276b316070ce16be7d9ab984f3bdef482acf0bc24fcdcc0d0b0
size 119992

View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEPC8mBeB4oeGPR5OQnE2+bPQ48zMFAmNf3pYACgkQnE2+bPQ4
8zN73Qf/R2sxCoCr80X/yBf8GOfMr29SMCSibnO066b2/f6A82VGPzHWoFcBeSMN
/hvDnFRdWSln7Gg45a/Cn94uMDcwCfoQk6/wml/THrkMmBYtP4/wkPyIlO9OGfhI
/Ta6zB4puBP5WOzaw41cGMG3tWcm0+ljxjLNgKAhQfsf6JPsTrWvuuu0khaMtHjH
8AOfHrhk93RjtL9pdimPwMSXtOW1hidNNbR1ct10DMSM3yezT8ZH9nBRlkUrOAh3
NqGjN6WG5f13TX7bwFan5TpYnzFAbsgcP04e6D+bCRMoRehR4OBHnJmsuLjVEKDi
5BNw40zAAMu9SyOqHNYlhEYdU1PpEg==
=7I1j
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Sat Oct 29 05:03:26 UTC 2022 - Daniel Molkentin <daniel@molkentin.de>
- Update to 0.7.1
* See https://github.com/dehydrated-io/dehydrated/releases/tag/v0.7.1
* Removes more-examples.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Sat Jul 23 07:56:50 UTC 2022 - Bernhard Wiedemann <bwiedemann@suse.com> Sat Jul 23 07:56:50 UTC 2022 - Bernhard Wiedemann <bwiedemann@suse.com>

View File

@ -53,7 +53,7 @@
%endif %endif
Name: dehydrated Name: dehydrated
Version: 0.7.0 Version: 0.7.1
Release: 0 Release: 0
Summary: A client for signing certificates with an ACME server Summary: A client for signing certificates with an ACME server
License: MIT License: MIT
@ -77,7 +77,6 @@ Source17: dehydrated.target
Source18: dehydrated-postrun-hooks.service Source18: dehydrated-postrun-hooks.service
Source19: dehydrated-postrun-hooks@.service Source19: dehydrated-postrun-hooks@.service
Source20: README.postrun-hooks Source20: README.postrun-hooks
Patch: more-examples.patch
BuildRequires: %{_apache} BuildRequires: %{_apache}
Requires: coreutils Requires: coreutils
Requires: curl Requires: curl
@ -172,7 +171,6 @@ if [ -e %{_sysconfdir}/dehydrated/config.sh ]; then mv %{_sysconfdir}/dehydrated
%prep %prep
%setup -q %setup -q
%patch -p1
cp %{SOURCE9} . cp %{SOURCE9} .
cp %{SOURCE10} . cp %{SOURCE10} .
cp %{SOURCE20} . cp %{SOURCE20} .
@ -206,10 +204,12 @@ cat > %{buildroot}%{_sysconfdir}/dehydrated/postrun-hooks.d/reload-apache2.sh <<
#!/bin/sh #!/bin/sh
systemctl reload apache2.service systemctl reload apache2.service
EOF EOF
%if %{with nginx}
cat > %{buildroot}%{_sysconfdir}/dehydrated/postrun-hooks.d/reload-nginx.sh << EOF cat > %{buildroot}%{_sysconfdir}/dehydrated/postrun-hooks.d/reload-nginx.sh << EOF
#!/bin/sh #!/bin/sh
systemctl reload nginx.service systemctl reload nginx.service
EOF EOF
%endif
%if %{with nginx} %if %{with nginx}
install -m 0755 -d %{buildroot}%{_sysconfdir}/nginx install -m 0755 -d %{buildroot}%{_sysconfdir}/nginx
@ -280,7 +280,7 @@ diff -urN docs/examples/config %{buildroot}%{_home}/config ||:
%{_bindir}/dehydrated %{_bindir}/dehydrated
%attr(-,%{_user},root) %dir %{_localstatedir}/lib/acme-challenge %attr(-,%{_user},root) %dir %{_localstatedir}/lib/acme-challenge
%{_mandir}/man1/* %{_mandir}/man1/*
%doc LICENSE README.md docs/*.md docs/*.jpg %doc LICENSE README.md docs/*.md
%doc README.maintainer %doc README.maintainer
%if %{defined redhat} %if %{defined redhat}
%doc README.Fedora %doc README.Fedora

View File

@ -1,55 +0,0 @@
Index: dehydrated-0.7.0/docs/domains_txt.md
===================================================================
--- dehydrated-0.7.0.orig/docs/domains_txt.md
+++ dehydrated-0.7.0/docs/domains_txt.md
@@ -34,6 +34,30 @@ under your `CERTDIR`.
example.net www.example.net wiki.example.net > certalias
```
+This allows to set per certificates options. The options you can change are
+explained in [Per Certificate Config](per-certificate-config.md).
+
+If you want to create different certificate types for the same domain
+you can use:
+
+```text
+*.service.example.org service.example.org > star_service_example_org_rsa
+*.service.example.org service.example.org > star_service_example_org_ecdsa
+```
+
+Then add a config file `certs/star_service_example_org_rsa/config` with
+the value
+
+```
+KEY_ALGO="rsa"
+```
+
+or respectively
+
+```
+KEY_ALGO="ecdsa"
+```
+
### Wildcards
Support for wildcards was added by the ACME v2 protocol.
Index: dehydrated-0.7.0/docs/examples/domains.txt
===================================================================
--- dehydrated-0.7.0.orig/docs/examples/domains.txt
+++ dehydrated-0.7.0/docs/examples/domains.txt
@@ -24,6 +24,15 @@ example.net www.example.net > certalias
# NOTE: It is a certificate for 'service.example.org'
*.service.example.org service.example.org > star_service_example_org
+# Optionally you can also append the certificate algorithm here to create
+# multiple certificate types for the same domain.
+#
+# This allows to set per certificates options. The options you can change are
+# explained in [domains.txt documentation](domains_txt.md).
+#
+*.service.example.org service.example.org > star_service_example_org_rsa
+*.service.example.org service.example.org > star_service_example_org_ecdsa
+
# Create a certificate for 'service.example.net' with an alternative name of
# '*.service.example.net' (which is a wildcard domain) and store it in the
# directory ${CERTDIR}/service.example.net