Commit Graph

14 Commits

Author SHA256 Message Date
Daniel Molkentin
8fa4c3f221 Accepting request 585800 from home:dmolkentin:branches:security:dehydrated
- Updated dehydrated to 0.6.0 (osc#1084854)
  Changed
  * Challenge validation loop has been modified to loop over authorization identifiers instead of altnames (ACMEv2 + wildcard support)
  * Removed LICENSE parameter from config (terms of service is now acquired directly from the CA directory)
  Added
  * Support for ACME v02 (including wildcard certificates!)
  * New hook: generate_csr (see example hook script for more information)
  * Calling random hook on startup to make it clear to hook script authors that unknown hooks should just be ignored...

OBS-URL: https://build.opensuse.org/request/show/585800
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=26
2018-03-12 09:53:49 +00:00
Daniel Molkentin
71f5c6d75d Accepting request 565803 from home:dmolkentin:branches:security:dehydrated
OBS-URL: https://build.opensuse.org/request/show/565803
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=24
2018-01-15 15:33:17 +00:00
7c6d19e025 properly fix the last commit:
remove noarch in the subpackages and push it into the main package

OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=23
2018-01-15 12:32:30 +00:00
Daniel Molkentin
920b454f04 Accepting request 564949 from home:dmolkentin:branches:security:dehydrated
- Remove redundant noarch entries. They cause an error in RPM 4.14.

OBS-URL: https://build.opensuse.org/request/show/564949
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=22
2018-01-15 12:19:24 +00:00
f303fdbcb8 Accepting request 564525 from home:dmolkentin:branches:security:dehydrated
- Updated dehydrated to 0.5.0
  This removes the following patches and files, which are now part of the
  upstream package:
  * 0001-Add-optional-user-and-group-configuration.patch
  * 0002-use-nullglob-disable-warning-on-empty-CONFIG_D-direc.patch
  * dehydrated.1: the man page has been adopted by upstream
  Starting with this version, upstream introduced signed releases, which
  is now being used for source validation.
  Upstream changes:
  Changed
  * Certificate chain is now cached (CHAINCACHE)
  * OpenSSL binary path is now configurable (OPENSSL)
  * Cleanup now also moves revoked certificates
  Added
  * New feature for updating contact information (--account)
  * Allow automatic cleanup on exit (AUTO_CLEANUP)
  * Initial support for fetching OCSP status to be used for OCSP stapling
    (OCSP_FETCH)
  * Certificates can now have aliases to create multiple certificates with
    identical set of domains (see --alias and domains.txt documentation)
  * Allow dehydrated to run as specified user (/group). This was already
    available previously as a patch to this package.

OBS-URL: https://build.opensuse.org/request/show/564525
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=21
2018-01-15 11:59:16 +00:00
dd7fda6243 - actually try to find the real path to bash and don't hardcode
/usr/bin/bash

OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=18
2017-10-20 10:57:53 +00:00
bae7cb3bbf Accepting request 535146 from home:dmolkentin:branches:security:dehydrated
- Use /usr/bin/bash directly, rather than via env 

- Use sudo instead of su to allow for argument handling, also
  works in all cases when no login shell is assigned to the
  dehydrated user
  * updates 0001-Add-optional-user-and-group-configuration.patch

OBS-URL: https://build.opensuse.org/request/show/535146
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=17
2017-10-20 09:54:53 +00:00
Daniel Molkentin
4089aed6d0 Accepting request 531761 from home:dmolkentin:branches:security:dehydrated
- Remove unused hooks directory
- Introduced a directory for custom post-run hooks executed as root,
  see README.SUSE for details. (not to be confused with the native hooks
  run as dehyrated user)

- Clarify necessity of enabling dehydrated.timer in README.SUSE
- Submit to SLE15 as per fate#323377
- Add optional post run hook directory, executed by cron/systemd
  after dehydrated --cron has run
- Remove hook directory intended for packaging other native hooks.
  Will be approach differently

OBS-URL: https://build.opensuse.org/request/show/531761
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=13
2017-10-06 10:52:01 +00:00
3a1b390a5c Accepting request 528993 from home:dmolkentin:branches:security:dehydrated
- No longer require nginx or lighttpd for SLE
- Never go as far as to require acmeresponder, it might not be available
- Drop -update from dehydrated-update.{timer,socket} for consistency
- Add distro specific README.SUSE / README.Fedora
- Ran spec-cleaner

OBS-URL: https://build.opensuse.org/request/show/528993
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=12
2017-09-27 16:31:31 +00:00
fc9dddc9f9 Accepting request 528299 from home:dmolkentin:branches:security:dehydrated
- Add man page
- Ensure dehydrated is always run as designated user
  * adds 0001-Add-optional-user-and-group-configuration.patch
- Introduce config.d directory for user configuration
- Avoid warning about empty config.d directory
  * adds 0002-use-nullglob-disable-warning-on-empty-CONFIG_D-direc.patch
- Fix sed warning about unescaped curly braces in regex

- Use timer instead of cron for systemd-enabled distros
  Note: Timer must be explicitly enabled!

OBS-URL: https://build.opensuse.org/request/show/528299
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=11
2017-09-22 13:35:31 +00:00
19ef4a12d8 Accepting request 527349 from home:dmolkentin:branches:security:dehydrated
- Swap statements in post: installing services requires tmp.d 

- (Weak) dependency on dehydrated-acmeresponder.

- systemd update service: ConditionPathExists goes into [Unit] section 

- Use timer instead of cron for systemd-enabled distros

OBS-URL: https://build.opensuse.org/request/show/527349
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=10
2017-09-19 15:42:45 +00:00
Daniel Molkentin
78d0c8ad7b Accepting request 459171 from home:danimo:branches:security:dehydrated
- Unify configuration file source names 

- Bump to 0.4.0

OBS-URL: https://build.opensuse.org/request/show/459171
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=7
2017-02-21 12:11:20 +00:00
Dominique Leuenberger
5628f7872c Accepting request 455792 from security:dehydrated
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/455792
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=2
2017-02-13 06:49:05 +00:00
Dominique Leuenberger
10d381b04a Accepting request 441496 from security
Lightweight LE client (formally known as letsencrypt.sh). I'll maintain in in TW.

OBS-URL: https://build.opensuse.org/request/show/441496
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=1
2017-01-27 10:00:22 +00:00