Accepting request 817721 from security:dehydrated

- Update maintainer file and package description, remove features that are better described in the (upstream maintained) man page. - Remove potentially harmful scriptlet (bsc#1154167). Documented transition case in the maintainer README. Unlikely enough. The versions that have not transitioned yet would be broken for more than two years now. OBS-URL: https://build.opensuse.org/request/show/817721 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=17
2020-06-29 19:18:30 +00:00 · 2020-06-29 19:18:30 +00:00 · 18d3be14bc
commit 18d3be14bc
parent c5bd2c54c9 2ae092d676
3 changed files with 22 additions and 10 deletions
--- a/README.maintainer
+++ b/README.maintainer
@ -150,7 +150,6 @@ where <domainname> should be the name of the first column in domains.txt
 Limitations & Ceveats
 =====================

-* It is currently not possible to aqcuire Wildcard certificates
 * No EV- or OV-validated certificates
 * Certificates expire within weeks, not years. This is by design. Ensure that
  certificate renewal works and that daemons get reloaded frequently to pick
@ -160,6 +159,13 @@ Limitations & Ceveats
  will be executed by the cron script / systemd timer *after* an update run
  has been performed.

+Upgrade Notes
+=============
+
+If you are upgrading from letsencrypt.sh, note that you need to move
+/etc/letsencrypt.sh to /etc/dehydrated and chown it to the "dehydrated"
+user.
+
 Links
 =====

--- a/dehydrated.changes
+++ b/dehydrated.changes
@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Mon Jun 29 12:41:48 UTC 2020 - Daniel Molkentin <daniel.molkentin@suse.com>
+
+- Update maintainer file and package description, remove features
+  that are better described in the (upstream maintained) man page.
+
+-------------------------------------------------------------------
+Mon Jun 29 12:38:31 UTC 2020 - Daniel Molkentin <daniel.molkentin@suse.com>
+
+- Remove potentially harmful scriptlet (bsc#1154167). Documented
+  transition case in the maintainer README. Unlikely enough. The
+  versions that have not transitioned yet would be broken for more
+  than two years now.
+
 -------------------------------------------------------------------
 Wed May  6 12:34:56 UTC 2020 - Daniel Molkentin <daniel.molkentin@suse.com>

--- a/dehydrated.spec
+++ b/dehydrated.spec
@ -108,14 +108,7 @@ It uses the openssl utility for everything related to actually
 handling keys and certificates, so you need to have that installed.

 Other dependencies are: curl, sed, grep, mktemp (all found on almost
-any system, curl being the only exception)
-
-Current features:
-
-* Signing of a list of domains
-* Signing of a CSR
-* Renewal if a certificate is about to expire or SAN (subdomains) changed
-* Certificate revocation
+any system, curl being the only exception).

 %package %{_apache}
 Summary:        Apache Integration for dehydrated
@ -146,7 +139,6 @@ This adds a configuration file for dehydrated's acme-challenge to nginx.
 getent group %{_user} >/dev/null || %{_sbindir}/groupadd -r %{_user}
 getent passwd %{_user} >/dev/null || %{_sbindir}/useradd -g %{_user} \
 	-s /bin/false -r -c "%{_user}" -d %{_home} %{_user}
-if [ -d %{_sysconfdir}/letsencrypt.sh ]; then mv %{_sysconfdir}/letsencrypt.sh %{_sysconfdir}/dehydrated; chown -R %{_user} %{_sysconfdir}/dehydrated; fi
 if [ -e %{_sysconfdir}/dehydrated/config.sh ]; then mv %{_sysconfdir}/dehydrated/config.sh %{_sysconfdir}/dehydrated/config; fi

 %if %{with systemd}