diff --git a/README.maintainer b/README.maintainer index ab0db12..7f5c945 100644 --- a/README.maintainer +++ b/README.maintainer @@ -150,7 +150,6 @@ where should be the name of the first column in domains.txt Limitations & Ceveats ===================== -* It is currently not possible to aqcuire Wildcard certificates * No EV- or OV-validated certificates * Certificates expire within weeks, not years. This is by design. Ensure that certificate renewal works and that daemons get reloaded frequently to pick @@ -160,6 +159,13 @@ Limitations & Ceveats will be executed by the cron script / systemd timer *after* an update run has been performed. +Upgrade Notes +============= + +If you are upgrading from letsencrypt.sh, note that you need to move +/etc/letsencrypt.sh to /etc/dehydrated and chown it to the "dehydrated" +user. + Links ===== diff --git a/dehydrated.changes b/dehydrated.changes index 713414a..ae59675 100644 --- a/dehydrated.changes +++ b/dehydrated.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Mon Jun 29 12:41:48 UTC 2020 - Daniel Molkentin + +- Update maintainer file and package description, remove features + that are better described in the (upstream maintained) man page. + +------------------------------------------------------------------- +Mon Jun 29 12:38:31 UTC 2020 - Daniel Molkentin + +- Remove potentially harmful scriptlet (bsc#1154167). Documented + transition case in the maintainer README. Unlikely enough. The + versions that have not transitioned yet would be broken for more + than two years now. + ------------------------------------------------------------------- Wed May 6 12:34:56 UTC 2020 - Daniel Molkentin diff --git a/dehydrated.spec b/dehydrated.spec index a82fba4..2c9ef29 100644 --- a/dehydrated.spec +++ b/dehydrated.spec @@ -108,14 +108,7 @@ It uses the openssl utility for everything related to actually handling keys and certificates, so you need to have that installed. Other dependencies are: curl, sed, grep, mktemp (all found on almost -any system, curl being the only exception) - -Current features: - -* Signing of a list of domains -* Signing of a CSR -* Renewal if a certificate is about to expire or SAN (subdomains) changed -* Certificate revocation +any system, curl being the only exception). %package %{_apache} Summary: Apache Integration for dehydrated @@ -146,7 +139,6 @@ This adds a configuration file for dehydrated's acme-challenge to nginx. getent group %{_user} >/dev/null || %{_sbindir}/groupadd -r %{_user} getent passwd %{_user} >/dev/null || %{_sbindir}/useradd -g %{_user} \ -s /bin/false -r -c "%{_user}" -d %{_home} %{_user} -if [ -d %{_sysconfdir}/letsencrypt.sh ]; then mv %{_sysconfdir}/letsencrypt.sh %{_sysconfdir}/dehydrated; chown -R %{_user} %{_sysconfdir}/dehydrated; fi if [ -e %{_sysconfdir}/dehydrated/config.sh ]; then mv %{_sysconfdir}/dehydrated/config.sh %{_sysconfdir}/dehydrated/config; fi %if %{with systemd}