------------------------------------------------------------------- Mon Oct 16 09:27:28 UTC 2017 - daniel.molkentin@suse.com - In the timer service, execute root post run hooks in ExecStartPost ------------------------------------------------------------------- Mon Oct 16 04:43:22 UTC 2017 - daniel.molkentin@suse.com - Fix run of root hooks - Simplify root hook execution, this is also more robust ------------------------------------------------------------------- Thu Oct 5 13:36:39 UTC 2017 - daniel.molkentin@suse.com - Remove unused hooks directory - Introduced a directory for custom post-run hooks executed as root, see README.SUSE for details. (not to be confused with the native hooks run as dehyrated user) ------------------------------------------------------------------- Fri Sep 29 15:14:29 UTC 2017 - daniel.molkentin@suse.com - Clarify necessity of enabling dehydrated.timer in README.SUSE - Submit to SLE15 as per fate#323377 - Add optional post run hook directory, executed by cron/systemd after dehydrated --cron has run - Remove hook directory intended for packaging other native hooks. Will be approach differently ------------------------------------------------------------------- Wed Sep 27 10:09:16 UTC 2017 - daniel.molkentin@suse.com - No longer require nginx or lighttpd for SLE - Never go as far as to require acmeresponder, it might not be available - Drop -update from dehydrated-update.{timer,socket} for consistency - Add distro specific README.SUSE / README.Fedora - Ran spec-cleaner ------------------------------------------------------------------- Fri Sep 22 11:18:55 UTC 2017 - daniel.molkentin@suse.com - Add man page - Ensure dehydrated is always run as designated user * adds 0001-Add-optional-user-and-group-configuration.patch - Introduce config.d directory for user configuration - Avoid warning about empty config.d directory * adds 0002-use-nullglob-disable-warning-on-empty-CONFIG_D-direc.patch - Fix sed warning about unescaped curly braces in regex ------------------------------------------------------------------- Tue Sep 19 15:40:46 UTC 2017 - daniel.molkentin@suse.com - Swap statements in post: installing services requires tmp.d ------------------------------------------------------------------- Tue Sep 19 14:52:25 UTC 2017 - daniel.molkentin@suse.com - (Weak) dependency on dehydrated-acmeresponder. ------------------------------------------------------------------- Thu Sep 14 13:47:06 UTC 2017 - daniel.molkentin@suse.com - systemd update service: ConditionPathExists goes into [Unit] section ------------------------------------------------------------------- Wed Sep 13 15:27:08 UTC 2017 - daniel.molkentin@suse.com - Use timer instead of cron for systemd-enabled distros Note: Timer must be explicitly enabled! ------------------------------------------------------------------- Tue Feb 21 13:12:19 UTC 2017 - daniel.molkentin@suse.com - Drop the (undocumented) dependeny for mod_headers ------------------------------------------------------------------- Sat Feb 18 16:51:10 UTC 2017 - daniel@molkentin.de - Unify configuration file source names ------------------------------------------------------------------- Sat Feb 18 14:08:02 UTC 2017 - daniel@molkentin.de - Bump to 0.4.0 ------------------------------------------------------------------- Thu Feb 2 15:04:16 UTC 2017 - daniel.molkentin@suse.com - More dependency fixes ------------------------------------------------------------------- Thu Feb 2 13:59:16 UTC 2017 - daniel.molkentin@suse.com - Make nginx and lighttpd packages into features Default-disable them on distros where we cannot provide a dependency. ------------------------------------------------------------------- Thu Feb 2 12:32:20 UTC 2017 - daniel.molkentin@suse.com - Fix build on Fedora ------------------------------------------------------------------- Thu Feb 2 11:03:43 UTC 2017 - mrueckert@suse.de - make permissions of the lighty and nginx config files tighter ------------------------------------------------------------------- Thu Feb 2 10:56:58 UTC 2017 - mrueckert@suse.de - only own the configuration files and not the whole directory tree - add BR for nginx, lighttpd, apache2 to handle directory ownership ------------------------------------------------------------------- Thu Jan 12 10:24:20 UTC 2017 - mrueckert@suse.de - with making the permissions more tight ... dehydrated can not write its lock file anymore to /etc/dehydrated. To fix this we now create /var/run/dehydrated (sysvinit) or /run/dehydrated (systemd) and point the lock file in the default config to that directory. Please adapt your local config files accordingly. ------------------------------------------------------------------- Thu Jan 12 09:53:06 UTC 2017 - mrueckert@suse.de - change permissions of /etc/dehydrated to: root:dehydrated u=rwx,g=rx,o= - create the subdirs that dehydrated would create later anyway: /etc/dehydrated/accounts /etc/dehydrated/certs dehydrated::dehydrated u=rwx,go= - tighten up permissions on /etc/dehydrated/config /etc/dehydrated/domain.txt root:root u=rw,go=r -> root:dehydrated u=rw,g=r,o= /etc/dehydrated/hook.sh root:root u=rw,go=r -> root:dehydrated u=rwx,g=rx,o= ------------------------------------------------------------------- Wed Nov 23 02:20:53 UTC 2016 - daniel@molkentin.de - Add lighttpd configuration via dehydrated-lighttpd ------------------------------------------------------------------- Mon Nov 14 09:26:41 UTC 2016 - jengelh@inai.de - Test for user/group before adding them and don't suppress errors ------------------------------------------------------------------- Thu Nov 10 10:41:09 UTC 2016 - daniel@molkentin.de - Fix MIN HOUR order in crontab (boo#1009452) ------------------------------------------------------------------- Tue Sep 13 18:57:09 UTC 2016 - danimo@owncloud.com - Bump to v0.3.1 - Rename to dehydrated ------------------------------------------------------------------- Sun May 22 20:23:58 UTC 2016 - danimo@owncloud.com - Bump to v0.2.0 - This version fixes a json-parsing bug which made letsencrypt.sh incompatible with up-to-date ACME servers. - PRIVATE_KEY config parameter has been renamed to ACCOUNT_KEY to avoid confusion with certificate keys - deploy_cert hook now also has the certificates timestamp as standalone parameter - Temporary files are now identifiable (template: letsencrypt.sh-XXXXXX) - Private keys are now regenerated by default - Added documentation to repository - Fixed bug with uppercase names in domains.txt (script now converts everything to lowercase) - mktemp no longer uses the deprecated -t parameter. - Compatibility with "pretty" json ------------------------------------------------------------------- Wed Apr 20 01:03:52 UTC 2016 - danimo@owncloud.com - Explicitly add group and license, required for SLES 11 ------------------------------------------------------------------- Wed Apr 20 00:57:18 UTC 2016 - danimo@owncloud.com - Add nginx integration package - Proper dir permissions for apache package (755, not 644) ------------------------------------------------------------------- Mon Apr 18 18:25:44 UTC 2016 - draht@schaltsekun.de - fix build requirement for shadow (>=openSUSE-12.3) and pwdutils (before 12.3). - missing changelog for last change by danimo: do not require mod_ssl for suse distrbutions. ------------------------------------------------------------------- Mon Mar 28 17:05:02 UTC 2016 - danimo@owncloud.com - Add alias to /.well-known/acme-challenge by default ------------------------------------------------------------------- Sat Mar 26 09:33:25 UTC 2016 - danimo@owncloud.com - Add cron, do not remove letsencrypt user, adjust permissions ------------------------------------------------------------------- Fri Mar 25 18:42:00 UTC 2016 - danimo@owncloud.com - Initial commit