Commit Graph

33 Commits

Author SHA256 Message Date
Dominique Leuenberger
39ddfc827c Accepting request 667788 from security:dehydrated
- Remove RandomizedDelaySec attribute for distros with older systemd
  (boo#1110697) (forwarded request 667787 from dmolkentin)

OBS-URL: https://build.opensuse.org/request/show/667788
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=10
2019-01-24 13:13:30 +00:00
Daniel Molkentin
7888635f15 Accepting request 667787 from home:dmolkentin:branches:security:dehydrated
- Remove RandomizedDelaySec attribute for distros with older systemd
  (boo#1110697)

OBS-URL: https://build.opensuse.org/request/show/667787
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=36
2019-01-22 12:52:01 +00:00
Dominique Leuenberger
b74091cf6f Accepting request 601882 from security:dehydrated
* removes 0001-fixed-CA-url-in-example-config.patch
  * removes 0002-don-t-walk-certificate-chain-for-ACMEv2-certificate-.patch (forwarded request 601881 from dmolkentin)

OBS-URL: https://build.opensuse.org/request/show/601882
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=9
2018-04-27 14:09:55 +00:00
Daniel Molkentin
c421ebf0a9 Accepting request 601881 from home:dmolkentin:branches:security:dehydrated
* removes 0001-fixed-CA-url-in-example-config.patch
  * removes 0002-don-t-walk-certificate-chain-for-ACMEv2-certificate-.patch

OBS-URL: https://build.opensuse.org/request/show/601881
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=34
2018-04-27 11:56:07 +00:00
Daniel Molkentin
d58a1e75d6 Accepting request 601877 from home:dmolkentin:branches:security:dehydrated
- Update to dehydrated 0.6.2
  Added
  * New deploy_ocsp hook
  * Allow account registration with custom key
  Changed
  * Don't walk certificate chain for ACMEv2 (certificate contains chain by default)
  * Improved documentation on wildcards
  Fixes
  * Added workaround for compatibility with filesystem ACLs
  * Close unwanted external file-descriptors
  * Fixed JSON parsing on force-renewal (bsc#1091216)
  * Fixed cleanup of challenge files/dns-entries on validation errors
  * A few more minor fixes

OBS-URL: https://build.opensuse.org/request/show/601877
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=33
2018-04-27 11:50:28 +00:00
Dominique Leuenberger
77892e717b Accepting request 587475 from security:dehydrated
- Don't add intermediate certificates twice when using ACMEv2 (bsc#1085305) 
  * Adds 0002-don-t-walk-certificate-chain-for-ACMEv2-certificate-.patch (forwarded request 587474 from dmolkentin)

OBS-URL: https://build.opensuse.org/request/show/587475
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=8
2018-03-16 09:43:57 +00:00
Daniel Molkentin
697d443d67 Accepting request 587474 from home:dmolkentin:branches:security:dehydrated
- Don't add intermediate certificates twice when using ACMEv2 (bsc#1085305) 
  * Adds 0002-don-t-walk-certificate-chain-for-ACMEv2-certificate-.patch

OBS-URL: https://build.opensuse.org/request/show/587474
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=31
2018-03-15 11:01:55 +00:00
Daniel Molkentin
03c58b8a3c Accepting request 587022 from home:dmolkentin:branches:security:dehydrated
- Fix issues introduced by 0.6.1 (bsc#1085305)
  * bring back man page
  * reflect new endpoint in (commented out) config file section
    (adds 0001-fixed-CA-url-in-example-config.patch, backported
    from upstream's master branch)

OBS-URL: https://build.opensuse.org/request/show/587022
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=30
2018-03-14 17:34:36 +00:00
Daniel Molkentin
538dad42ce Accepting request 587013 from home:dmolkentin:branches:security:dehydrated
- Properly install man page again (bsc#1085305)

OBS-URL: https://build.opensuse.org/request/show/587013
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=29
2018-03-14 16:53:11 +00:00
Daniel Molkentin
fadfc27461 Accepting request 586503 from home:dmolkentin:branches:security:dehydrated
- Updated dehydrated to 0.6.1 (bsc#1084854)
  * Use new ACME v2 endpoint by default

- Updated dehydrated to 0.6.0 (bsc#1084854)

OBS-URL: https://build.opensuse.org/request/show/586503
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=28
2018-03-13 20:36:22 +00:00
Dominique Leuenberger
efe9f15753 Accepting request 585801 from security:dehydrated
- Updated dehydrated to 0.6.0 (osc#1084854)
  Changed
  * Challenge validation loop has been modified to loop over authorization identifiers instead of altnames (ACMEv2 + wildcard support)
  * Removed LICENSE parameter from config (terms of service is now acquired directly from the CA directory)
  Added
  * Support for ACME v02 (including wildcard certificates!)
  * New hook: generate_csr (see example hook script for more information)
  * Calling random hook on startup to make it clear to hook script authors that unknown hooks should just be ignored... (forwarded request 585800 from dmolkentin)

OBS-URL: https://build.opensuse.org/request/show/585801
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=7
2018-03-13 09:23:51 +00:00
Daniel Molkentin
8fa4c3f221 Accepting request 585800 from home:dmolkentin:branches:security:dehydrated
- Updated dehydrated to 0.6.0 (osc#1084854)
  Changed
  * Challenge validation loop has been modified to loop over authorization identifiers instead of altnames (ACMEv2 + wildcard support)
  * Removed LICENSE parameter from config (terms of service is now acquired directly from the CA directory)
  Added
  * Support for ACME v02 (including wildcard certificates!)
  * New hook: generate_csr (see example hook script for more information)
  * Calling random hook on startup to make it clear to hook script authors that unknown hooks should just be ignored...

OBS-URL: https://build.opensuse.org/request/show/585800
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=26
2018-03-12 09:53:49 +00:00
Dominique Leuenberger
78cb80e11a Accepting request 565804 from security:dehydrated
(forwarded request 565803 from dmolkentin)

OBS-URL: https://build.opensuse.org/request/show/565804
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=6
2018-01-16 08:43:17 +00:00
Daniel Molkentin
71f5c6d75d Accepting request 565803 from home:dmolkentin:branches:security:dehydrated
OBS-URL: https://build.opensuse.org/request/show/565803
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=24
2018-01-15 15:33:17 +00:00
7c6d19e025 properly fix the last commit:
remove noarch in the subpackages and push it into the main package

OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=23
2018-01-15 12:32:30 +00:00
Daniel Molkentin
920b454f04 Accepting request 564949 from home:dmolkentin:branches:security:dehydrated
- Remove redundant noarch entries. They cause an error in RPM 4.14.

OBS-URL: https://build.opensuse.org/request/show/564949
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=22
2018-01-15 12:19:24 +00:00
f303fdbcb8 Accepting request 564525 from home:dmolkentin:branches:security:dehydrated
- Updated dehydrated to 0.5.0
  This removes the following patches and files, which are now part of the
  upstream package:
  * 0001-Add-optional-user-and-group-configuration.patch
  * 0002-use-nullglob-disable-warning-on-empty-CONFIG_D-direc.patch
  * dehydrated.1: the man page has been adopted by upstream
  Starting with this version, upstream introduced signed releases, which
  is now being used for source validation.
  Upstream changes:
  Changed
  * Certificate chain is now cached (CHAINCACHE)
  * OpenSSL binary path is now configurable (OPENSSL)
  * Cleanup now also moves revoked certificates
  Added
  * New feature for updating contact information (--account)
  * Allow automatic cleanup on exit (AUTO_CLEANUP)
  * Initial support for fetching OCSP status to be used for OCSP stapling
    (OCSP_FETCH)
  * Certificates can now have aliases to create multiple certificates with
    identical set of domains (see --alias and domains.txt documentation)
  * Allow dehydrated to run as specified user (/group). This was already
    available previously as a patch to this package.

OBS-URL: https://build.opensuse.org/request/show/564525
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=21
2018-01-15 11:59:16 +00:00
Dominique Leuenberger
7f94fd2df8 Accepting request 537056 from security:dehydrated
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/537056
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=5
2017-10-29 19:24:21 +00:00
69cee6f711 - actually try to find the real path to bash and don't hardcode
/usr/bin/bash

OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=19
2017-10-20 11:02:37 +00:00
dd7fda6243 - actually try to find the real path to bash and don't hardcode
/usr/bin/bash

OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=18
2017-10-20 10:57:53 +00:00
bae7cb3bbf Accepting request 535146 from home:dmolkentin:branches:security:dehydrated
- Use /usr/bin/bash directly, rather than via env 

- Use sudo instead of su to allow for argument handling, also
  works in all cases when no login shell is assigned to the
  dehydrated user
  * updates 0001-Add-optional-user-and-group-configuration.patch

OBS-URL: https://build.opensuse.org/request/show/535146
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=17
2017-10-20 09:54:53 +00:00
ea11f1cea0 Accepting request 534491 from home:dmolkentin:branches:security:dehydrated
- Commands in service files need some escaping after all. Fix ExecStartPost.

OBS-URL: https://build.opensuse.org/request/show/534491
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=16
2017-10-17 14:48:54 +00:00
bce49d6f11 Accepting request 534175 from home:dmolkentin:branches:security:dehydrated
- In the timer service, execute root post run hooks in ExecStartPost

- Fix run of root hooks 
- Simplify root hook execution, this is also more robust

OBS-URL: https://build.opensuse.org/request/show/534175
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=15
2017-10-17 02:03:39 +00:00
Dominique Leuenberger
f5e7e6d9b2 Accepting request 532177 from security:dehydrated
- Remove unused hooks directory
- Introduced a directory for custom post-run hooks executed as root,
  see README.SUSE for details. (not to be confused with the native hooks
  run as dehyrated user)

- Clarify necessity of enabling dehydrated.timer in README.SUSE
- Submit to SLE15 as per fate#323377
- Add optional post run hook directory, executed by cron/systemd
  after dehydrated --cron has run
- Remove hook directory intended for packaging other native hooks.
  Will be approach differently

- No longer require nginx or lighttpd for SLE
- Never go as far as to require acmeresponder, it might not be available
- Drop -update from dehydrated-update.{timer,socket} for consistency
- Add distro specific README.SUSE / README.Fedora
- Ran spec-cleaner

- Add man page
- Ensure dehydrated is always run as designated user
  * adds 0001-Add-optional-user-and-group-configuration.patch
- Introduce config.d directory for user configuration
- Avoid warning about empty config.d directory
  * adds 0002-use-nullglob-disable-warning-on-empty-CONFIG_D-direc.patch
- Fix sed warning about unescaped curly braces in regex

- Swap statements in post: installing services requires tmp.d 

- (Weak) dependency on dehydrated-acmeresponder.

OBS-URL: https://build.opensuse.org/request/show/532177
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=4
2017-10-07 15:51:05 +00:00
Daniel Molkentin
4089aed6d0 Accepting request 531761 from home:dmolkentin:branches:security:dehydrated
- Remove unused hooks directory
- Introduced a directory for custom post-run hooks executed as root,
  see README.SUSE for details. (not to be confused with the native hooks
  run as dehyrated user)

- Clarify necessity of enabling dehydrated.timer in README.SUSE
- Submit to SLE15 as per fate#323377
- Add optional post run hook directory, executed by cron/systemd
  after dehydrated --cron has run
- Remove hook directory intended for packaging other native hooks.
  Will be approach differently

OBS-URL: https://build.opensuse.org/request/show/531761
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=13
2017-10-06 10:52:01 +00:00
3a1b390a5c Accepting request 528993 from home:dmolkentin:branches:security:dehydrated
- No longer require nginx or lighttpd for SLE
- Never go as far as to require acmeresponder, it might not be available
- Drop -update from dehydrated-update.{timer,socket} for consistency
- Add distro specific README.SUSE / README.Fedora
- Ran spec-cleaner

OBS-URL: https://build.opensuse.org/request/show/528993
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=12
2017-09-27 16:31:31 +00:00
fc9dddc9f9 Accepting request 528299 from home:dmolkentin:branches:security:dehydrated
- Add man page
- Ensure dehydrated is always run as designated user
  * adds 0001-Add-optional-user-and-group-configuration.patch
- Introduce config.d directory for user configuration
- Avoid warning about empty config.d directory
  * adds 0002-use-nullglob-disable-warning-on-empty-CONFIG_D-direc.patch
- Fix sed warning about unescaped curly braces in regex

- Use timer instead of cron for systemd-enabled distros
  Note: Timer must be explicitly enabled!

OBS-URL: https://build.opensuse.org/request/show/528299
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=11
2017-09-22 13:35:31 +00:00
19ef4a12d8 Accepting request 527349 from home:dmolkentin:branches:security:dehydrated
- Swap statements in post: installing services requires tmp.d 

- (Weak) dependency on dehydrated-acmeresponder.

- systemd update service: ConditionPathExists goes into [Unit] section 

- Use timer instead of cron for systemd-enabled distros

OBS-URL: https://build.opensuse.org/request/show/527349
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=10
2017-09-19 15:42:45 +00:00
Dominique Leuenberger
0127f3b52c Accepting request 460891 from security:dehydrated
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/460891
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=3
2017-03-02 18:38:39 +00:00
Daniel Molkentin
b03ec4a263 - Drop the (undocumented) dependeny for mod_headers
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=8
2017-02-21 13:13:43 +00:00
Daniel Molkentin
78d0c8ad7b Accepting request 459171 from home:danimo:branches:security:dehydrated
- Unify configuration file source names 

- Bump to 0.4.0

OBS-URL: https://build.opensuse.org/request/show/459171
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=7
2017-02-21 12:11:20 +00:00
Dominique Leuenberger
5628f7872c Accepting request 455792 from security:dehydrated
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/455792
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=2
2017-02-13 06:49:05 +00:00
Dominique Leuenberger
10d381b04a Accepting request 441496 from security
Lightweight LE client (formally known as letsencrypt.sh). I'll maintain in in TW.

OBS-URL: https://build.opensuse.org/request/show/441496
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=1
2017-01-27 10:00:22 +00:00