Commit Graph

67 Commits

Author SHA256 Message Date
Richard Brown
e5b502b382 Accepting request 876590 from security:dehydrated
- Clarified new default settings. KEY_ALGO=secp384r1. Please consult
  README.maintainer for details and how to return to RSA-based certificate
  issuance. (jsc#ECO-3435, jsc#SLE-15909)
- Added a note about ACMEv1 deprecation
- Added a note on new ACME providers and the new non-URL provider syntax
  See README.maintainer for details.

OBS-URL: https://build.opensuse.org/request/show/876590
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=21
2021-03-05 12:46:55 +00:00
Daniel Molkentin
a341530789 Be more precise concerning EC compatiblity
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=70
2021-03-03 17:23:27 +00:00
Daniel Molkentin
4f691d6fef - Clarified new default settings. KEY_ALGO=secp384r1. Please consult
README.maintainer for details and how to return to RSA-based certificate
  issuance. (jsc#ECO-3435, jsc#SLE-15909)
- Added a note about ACMEv1 deprecation
- Added a note on new ACME providers and the new non-URL provider syntax
  See README.maintainer for details.

OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=69
2021-03-03 17:15:11 +00:00
Dominique Leuenberger
38cafc83b6 Accepting request 854627 from security:dehydrated
- Update to dehydrated 0.7.0 (JSC#SLE-15909)
  Added
    Support for external account bindings
    Special support for ZeroSSL
    Support presets for some CAs instead of requiring URLs
    Allow requesting preferred chain (--preferred-chain)
    Added method to show CAs current terms of service (--display-terms)
    Allow setting path to domains.txt using cli arguments (--domains-txt)
    Added new cli command --cleanupdelete which deletes old files instead of archiving them
  Fixed
    No more silent failures on broken hook-scripts
    Better error-handling with KEEP_GOING enabled
    Check actual order status instead of assuming it's valid
    Don't include keyAuthorization in challenge validation (RFC compliance)
  Changed
    Using EC secp384r1 as default certificate type
    Use JSON.sh to parse JSON
    Use account URL instead of account ID (RFC compliance)
    Dehydrated now has a new home: https://github.com/dehydrated-io/dehydrated
    Added OCSP_FETCH and OCSP_DAYS to per-certificate configurable options
    Cleanup now also removes dangling symlinks

OBS-URL: https://build.opensuse.org/request/show/854627
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=20
2020-12-10 17:19:56 +00:00
Daniel Molkentin
9ddb42dcc7 - Update to dehydrated 0.7.0 (JSC#SLE-15909)
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=67
2020-12-10 16:32:35 +00:00
Daniel Molkentin
d28ade7659 - Update to dehydrated 0.7.0
Added
    Support for external account bindings
    Special support for ZeroSSL
    Support presets for some CAs instead of requiring URLs
    Allow requesting preferred chain (--preferred-chain)
    Added method to show CAs current terms of service (--display-terms)
    Allow setting path to domains.txt using cli arguments (--domains-txt)
    Added new cli command --cleanupdelete which deletes old files instead of archiving them
  Fixed
    No more silent failures on broken hook-scripts
    Better error-handling with KEEP_GOING enabled
    Check actual order status instead of assuming it's valid
    Don't include keyAuthorization in challenge validation (RFC compliance)
  Changed
    Using EC secp384r1 as default certificate type
    Use JSON.sh to parse JSON
    Use account URL instead of account ID (RFC compliance)
    Dehydrated now has a new home: https://github.com/dehydrated-io/dehydrated
    Added OCSP_FETCH and OCSP_DAYS to per-certificate configurable options
    Cleanup now also removes dangling symlinks

OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=66
2020-12-10 16:05:04 +00:00
Dominique Leuenberger
67eb7583e6 Accepting request 849382 from security:dehydrated
- dehydrated-apache2: Check for mod_compat (bsc#1178927)

OBS-URL: https://build.opensuse.org/request/show/849382
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=19
2020-11-19 15:46:30 +00:00
Daniel Molkentin
bc6d4bfda6 - dehydrated-apache2: Check for mod_compat (bsc#1178927)
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=64
2020-11-19 11:29:46 +00:00
Dominique Leuenberger
4a97011e97 Accepting request 835832 from security:dehydrated
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/835832
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=18
2020-09-21 15:47:58 +00:00
Daniel Molkentin
9d2a8c99b9 - Reenable nginx subpackage for factory
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=62
2020-09-14 13:43:34 +00:00
Dominique Leuenberger
18d3be14bc Accepting request 817721 from security:dehydrated
- Update maintainer file and package description, remove features
  that are better described in the (upstream maintained) man page.

- Remove potentially harmful scriptlet (bsc#1154167). Documented
  transition case in the maintainer README. Unlikely enough. The
  versions that have not transitioned yet would be broken for more
  than two years now.

OBS-URL: https://build.opensuse.org/request/show/817721
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=17
2020-06-29 19:18:30 +00:00
Daniel Molkentin
2ae092d676 - Update maintainer file and package description, remove features
that are better described in the (maintained) man page.

OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=60
2020-06-29 12:45:22 +00:00
Daniel Molkentin
169bd5f56b - Remove potentially harmful scriptlet (bsc#1154167). Documented
transition case in the maintainer README. Unlikely enough. The
  versions that have not transitioned yet would be broken for more
  than two years now.

OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=59
2020-06-29 12:40:34 +00:00
Dominique Leuenberger
c5bd2c54c9 Accepting request 800773 from security:dehydrated
- Removed lighttpd 1.x integration package. If you still would like
  to use lighttpd with dehydrated, follow the instructions in the
  README.maintainers file.

OBS-URL: https://build.opensuse.org/request/show/800773
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=16
2020-05-07 12:54:21 +00:00
Daniel Molkentin
9810800404 - Removed lighttpd 1.x integration package. If you still would like
to use lighttpd with dehydrated, follow the instructions in the
  README.maintainers file.

OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=57
2020-05-06 15:00:46 +00:00
Dominique Leuenberger
283a5a706e Accepting request 796512 from security:dehydrated
- Provide nginx subpackage for SLE 15+ (jsc#SLE-11727)

OBS-URL: https://build.opensuse.org/request/show/796512
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=15
2020-04-23 16:26:42 +00:00
Daniel Molkentin
15c290c4eb - Provide nginx subpackage for SLE 15+ (jsc#SLE-11727)
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=55
2020-04-23 11:16:38 +00:00
Dominique Leuenberger
2489e026cf Accepting request 796008 from security:dehydrated
- Fix lighttpd config file (boo#1169834)
- Provide nginx subpackage for SLE 15+ (jsc#11756)

OBS-URL: https://build.opensuse.org/request/show/796008
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=14
2020-04-21 11:13:48 +00:00
Daniel Molkentin
a9f7c92991 - Fix lighttpd config file (boo#1169834)
- Provide nginx subpackage for SLE 15+ (jsc#11756)

OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=53
2020-04-20 10:44:17 +00:00
Dominique Leuenberger
59924aebc2 Accepting request 769716 from security:dehydrated
OBS-URL: https://build.opensuse.org/request/show/769716
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=13
2020-02-04 18:54:01 +00:00
Daniel Molkentin
9952a18f28 Accepting request 769563 from home:dimstar:Factory
Shortcut through -mini

OBS-URL: https://build.opensuse.org/request/show/769563
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=51
2020-02-03 16:29:03 +00:00
Daniel Molkentin
f7dc01a76d Accepting request 740571 from home:RBrownSUSE:branches:security:dehydrated
Remove obsolete Groups tag (fate#326485)

OBS-URL: https://build.opensuse.org/request/show/740571
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=50
2019-10-17 17:28:18 +00:00
Dominique Leuenberger
7fc5f33752 Accepting request 724273 from security:dehydrated
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/724273
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=12
2019-08-19 19:39:49 +00:00
Daniel Molkentin
ada9a540d7 install rcdehydrated only for suse
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=48
2019-08-10 18:01:43 +00:00
Daniel Molkentin
4a20247149 Negate again, < comparisions do not work
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=47
2019-08-10 17:58:33 +00:00
Daniel Molkentin
29ce8547a4 Fix typo
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=46
2019-08-10 17:53:28 +00:00
Daniel Molkentin
695fa06d07 TW requires suse_version
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=45
2019-08-10 17:50:58 +00:00
Daniel Molkentin
c29b838222 Fix version conditions
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=44
2019-08-10 17:43:44 +00:00
Daniel Molkentin
f49a7b4c9f - Behavioral change: Use cron only for older RHEL/CentOS versions
(along with openSUSE < 12.3). Everything else now uses systemd.
  Please adopt accordingly! Refer to README.md for

OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=43
2019-08-10 17:30:39 +00:00
Dominique Leuenberger
a260366c2b Accepting request 712112 from security:dehydrated
- Update to dehydrated 0.6.5
  * Fixed broken APIv1 compatibility from last update (forwarded request 712111 from dmolkentin)

OBS-URL: https://build.opensuse.org/request/show/712112
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=11
2019-06-26 14:05:10 +00:00
Daniel Molkentin
8040ffa8f3 Accepting request 712111 from home:dmolkentin:branches:security:dehydrated
- Update to dehydrated 0.6.5
  * Fixed broken APIv1 compatibility from last update

OBS-URL: https://build.opensuse.org/request/show/712111
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=41
2019-06-26 11:06:19 +00:00
Daniel Molkentin
d5e40d1a3a Accepting request 712102 from home:dmolkentin:branches:security:dehydrated
* Fetch account ID from Location header instead of account json (bsc#1139408)

OBS-URL: https://build.opensuse.org/request/show/712102
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=40
2019-06-26 09:46:46 +00:00
Daniel Molkentin
b89a8c7363 Accepting request 712099 from home:dmolkentin:branches:security:dehydrated
* Fetch account ID from Location header instead of account json (osc#1139408)

OBS-URL: https://build.opensuse.org/request/show/712099
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=39
2019-06-26 09:23:56 +00:00
Daniel Molkentin
8b4b8c8c74 Accepting request 711919 from home:dmolkentin:branches:security:dehydrated
- Update to dehydrated 0.6.4
  * Fetch account ID from Location header instead of account json
- Update to dehydrated 0.6.3
  * OCSP refresh interval is now configurable
  * Implemented POST-as-GET
  * Call exit_hook on errors (with error-message as first parameter)
  * Initial support for tls-alpn-01 validation
  * New hook: sync_cert (for syncing certificate files to disk, see example
    hook description)
  * Fetch account information after registration to avoid missing account id

OBS-URL: https://build.opensuse.org/request/show/711919
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=38
2019-06-25 17:34:27 +00:00
Dominique Leuenberger
39ddfc827c Accepting request 667788 from security:dehydrated
- Remove RandomizedDelaySec attribute for distros with older systemd
  (boo#1110697) (forwarded request 667787 from dmolkentin)

OBS-URL: https://build.opensuse.org/request/show/667788
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=10
2019-01-24 13:13:30 +00:00
Daniel Molkentin
7888635f15 Accepting request 667787 from home:dmolkentin:branches:security:dehydrated
- Remove RandomizedDelaySec attribute for distros with older systemd
  (boo#1110697)

OBS-URL: https://build.opensuse.org/request/show/667787
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=36
2019-01-22 12:52:01 +00:00
Dominique Leuenberger
b74091cf6f Accepting request 601882 from security:dehydrated
* removes 0001-fixed-CA-url-in-example-config.patch
  * removes 0002-don-t-walk-certificate-chain-for-ACMEv2-certificate-.patch (forwarded request 601881 from dmolkentin)

OBS-URL: https://build.opensuse.org/request/show/601882
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=9
2018-04-27 14:09:55 +00:00
Daniel Molkentin
c421ebf0a9 Accepting request 601881 from home:dmolkentin:branches:security:dehydrated
* removes 0001-fixed-CA-url-in-example-config.patch
  * removes 0002-don-t-walk-certificate-chain-for-ACMEv2-certificate-.patch

OBS-URL: https://build.opensuse.org/request/show/601881
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=34
2018-04-27 11:56:07 +00:00
Daniel Molkentin
d58a1e75d6 Accepting request 601877 from home:dmolkentin:branches:security:dehydrated
- Update to dehydrated 0.6.2
  Added
  * New deploy_ocsp hook
  * Allow account registration with custom key
  Changed
  * Don't walk certificate chain for ACMEv2 (certificate contains chain by default)
  * Improved documentation on wildcards
  Fixes
  * Added workaround for compatibility with filesystem ACLs
  * Close unwanted external file-descriptors
  * Fixed JSON parsing on force-renewal (bsc#1091216)
  * Fixed cleanup of challenge files/dns-entries on validation errors
  * A few more minor fixes

OBS-URL: https://build.opensuse.org/request/show/601877
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=33
2018-04-27 11:50:28 +00:00
Dominique Leuenberger
77892e717b Accepting request 587475 from security:dehydrated
- Don't add intermediate certificates twice when using ACMEv2 (bsc#1085305) 
  * Adds 0002-don-t-walk-certificate-chain-for-ACMEv2-certificate-.patch (forwarded request 587474 from dmolkentin)

OBS-URL: https://build.opensuse.org/request/show/587475
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=8
2018-03-16 09:43:57 +00:00
Daniel Molkentin
697d443d67 Accepting request 587474 from home:dmolkentin:branches:security:dehydrated
- Don't add intermediate certificates twice when using ACMEv2 (bsc#1085305) 
  * Adds 0002-don-t-walk-certificate-chain-for-ACMEv2-certificate-.patch

OBS-URL: https://build.opensuse.org/request/show/587474
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=31
2018-03-15 11:01:55 +00:00
Daniel Molkentin
03c58b8a3c Accepting request 587022 from home:dmolkentin:branches:security:dehydrated
- Fix issues introduced by 0.6.1 (bsc#1085305)
  * bring back man page
  * reflect new endpoint in (commented out) config file section
    (adds 0001-fixed-CA-url-in-example-config.patch, backported
    from upstream's master branch)

OBS-URL: https://build.opensuse.org/request/show/587022
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=30
2018-03-14 17:34:36 +00:00
Daniel Molkentin
538dad42ce Accepting request 587013 from home:dmolkentin:branches:security:dehydrated
- Properly install man page again (bsc#1085305)

OBS-URL: https://build.opensuse.org/request/show/587013
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=29
2018-03-14 16:53:11 +00:00
Daniel Molkentin
fadfc27461 Accepting request 586503 from home:dmolkentin:branches:security:dehydrated
- Updated dehydrated to 0.6.1 (bsc#1084854)
  * Use new ACME v2 endpoint by default

- Updated dehydrated to 0.6.0 (bsc#1084854)

OBS-URL: https://build.opensuse.org/request/show/586503
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=28
2018-03-13 20:36:22 +00:00
Dominique Leuenberger
efe9f15753 Accepting request 585801 from security:dehydrated
- Updated dehydrated to 0.6.0 (osc#1084854)
  Changed
  * Challenge validation loop has been modified to loop over authorization identifiers instead of altnames (ACMEv2 + wildcard support)
  * Removed LICENSE parameter from config (terms of service is now acquired directly from the CA directory)
  Added
  * Support for ACME v02 (including wildcard certificates!)
  * New hook: generate_csr (see example hook script for more information)
  * Calling random hook on startup to make it clear to hook script authors that unknown hooks should just be ignored... (forwarded request 585800 from dmolkentin)

OBS-URL: https://build.opensuse.org/request/show/585801
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=7
2018-03-13 09:23:51 +00:00
Daniel Molkentin
8fa4c3f221 Accepting request 585800 from home:dmolkentin:branches:security:dehydrated
- Updated dehydrated to 0.6.0 (osc#1084854)
  Changed
  * Challenge validation loop has been modified to loop over authorization identifiers instead of altnames (ACMEv2 + wildcard support)
  * Removed LICENSE parameter from config (terms of service is now acquired directly from the CA directory)
  Added
  * Support for ACME v02 (including wildcard certificates!)
  * New hook: generate_csr (see example hook script for more information)
  * Calling random hook on startup to make it clear to hook script authors that unknown hooks should just be ignored...

OBS-URL: https://build.opensuse.org/request/show/585800
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=26
2018-03-12 09:53:49 +00:00
Dominique Leuenberger
78cb80e11a Accepting request 565804 from security:dehydrated
(forwarded request 565803 from dmolkentin)

OBS-URL: https://build.opensuse.org/request/show/565804
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=6
2018-01-16 08:43:17 +00:00
Daniel Molkentin
71f5c6d75d Accepting request 565803 from home:dmolkentin:branches:security:dehydrated
OBS-URL: https://build.opensuse.org/request/show/565803
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=24
2018-01-15 15:33:17 +00:00
7c6d19e025 properly fix the last commit:
remove noarch in the subpackages and push it into the main package

OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=23
2018-01-15 12:32:30 +00:00
Daniel Molkentin
920b454f04 Accepting request 564949 from home:dmolkentin:branches:security:dehydrated
- Remove redundant noarch entries. They cause an error in RPM 4.14.

OBS-URL: https://build.opensuse.org/request/show/564949
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=22
2018-01-15 12:19:24 +00:00