Package Release Info

dehydrated-0.7.0-11.1

Update Info: openSUSE-2021-385
Available in Package Hub : 12 GA-SP5

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

dehydrated
dehydrated-apache2

Change Logs

* Wed Mar 03 2021 daniel.molkentin@suse.com
- Clarified new default settings. KEY_ALGO=secp384r1. Please consult
  README.maintainer for details and how to return to RSA-based certificate
  issuance. (jsc#ECO-3435, jsc#SLE-15909)
- Added a note about ACMEv1 deprecation
- Added a note on new ACME providers and the new non-URL provider syntax
  See README.maintainer for details.
* Thu Dec 10 2020 daniel.molkentin@suse.com
- Update to dehydrated 0.7.0 (JSC#SLE-15909)
  Added
    Support for external account bindings
    Special support for ZeroSSL
    Support presets for some CAs instead of requiring URLs
    Allow requesting preferred chain (--preferred-chain)
    Added method to show CAs current terms of service (--display-terms)
    Allow setting path to domains.txt using cli arguments (--domains-txt)
    Added new cli command --cleanupdelete which deletes old files instead of archiving them
  Fixed
    No more silent failures on broken hook-scripts
    Better error-handling with KEEP_GOING enabled
    Check actual order status instead of assuming it's valid
    Don't include keyAuthorization in challenge validation (RFC compliance)
  Changed
    Using EC secp384r1 as default certificate type
    Use JSON.sh to parse JSON
    Use account URL instead of account ID (RFC compliance)
    Dehydrated now has a new home: https://github.com/dehydrated-io/dehydrated
    Added OCSP_FETCH and OCSP_DAYS to per-certificate configurable options
    Cleanup now also removes dangling symlinks
Version: 0.6.1-2.1
* Thu Mar 15 2018 daniel.molkentin@suse.com
- Don't add intermediate certificates twice when using ACMEv2 (bsc#1085305)
  * Adds 0002-don-t-walk-certificate-chain-for-ACMEv2-certificate-.patch
* Wed Mar 14 2018 daniel.molkentin@suse.com
- Fix issues introduced by 0.6.1 (bsc#1085305)
  * bring back man page
  * reflect new endpoint in (commented out) config file section
    (adds 0001-fixed-CA-url-in-example-config.patch, backported
    from upstream's master branch)
* Tue Mar 13 2018 daniel.molkentin@suse.com
- Updated dehydrated to 0.6.1 (bsc#1084854)
  * Use new ACME v2 endpoint by default
* Mon Mar 12 2018 daniel.molkentin@suse.com
- Updated dehydrated to 0.6.0 (bsc#1084854)
  Changed
  * Challenge validation loop has been modified to loop over authorization identifiers instead of altnames (ACMEv2 + wildcard support)
  * Removed LICENSE parameter from config (terms of service is now acquired directly from the CA directory)
  Added
  * Support for ACME v02 (including wildcard certificates!)
  * New hook: generate_csr (see example hook script for more information)
  * Calling random hook on startup to make it clear to hook script authors that unknown hooks should just be ignored...
* Mon Jan 15 2018 daniel.molkentin@suse.com
- Remove redundant noarch entries. They cause an error in RPM 4.14.
* Mon Jan 15 2018 daniel.molkentin@suse.com
- Remove redundant noarch entries. They cause an error in RPM 4.14.
* Fri Oct 20 2017 mrueckert@suse.de
- revert accidental change to the service file
* Fri Oct 20 2017 mrueckert@suse.de
- revert accidental change to the service file
* Thu Oct 19 2017 daniel.molkentin@suse.com
- Use /usr/bin/bash directly, rather than via env
* Wed Oct 18 2017 daniel.molkentin@suse.com
- Use sudo instead of su to allow for argument handling, also
  works in all cases when no login shell is assigned to the
  dehydrated user
  * updates 0001-Add-optional-user-and-group-configuration.patch
* Tue Oct 17 2017 daniel.molkentin@suse.com
- Commands in service files need some escaping after all. Fix ExecStartPost.
* Mon Oct 16 2017 daniel.molkentin@suse.com
- In the timer service, execute root post run hooks in ExecStartPost
* Mon Oct 16 2017 daniel.molkentin@suse.com
- Fix run of root hooks
- Simplify root hook execution, this is also more robust
* Thu Oct 05 2017 daniel.molkentin@suse.com
- Remove unused hooks directory
- Introduced a directory for custom post-run hooks executed as root,
  see README.SUSE for details. (not to be confused with the native hooks
  run as dehyrated user)
* Fri Sep 29 2017 daniel.molkentin@suse.com
- Clarify necessity of enabling dehydrated.timer in README.SUSE
- Submit to SLE15 as per fate#323377
- Add optional post run hook directory, executed by cron/systemd
  after dehydrated --cron has run
- Remove hook directory intended for packaging other native hooks.
  Will be approach differently
* Wed Sep 27 2017 daniel.molkentin@suse.com
- No longer require nginx or lighttpd for SLE
- Never go as far as to require acmeresponder, it might not be available
- Drop -update from dehydrated-update.{timer,socket} for consistency
- Add distro specific README.SUSE / README.Fedora
- Ran spec-cleaner
* Fri Sep 22 2017 daniel.molkentin@suse.com
- Add man page
- Ensure dehydrated is always run as designated user
  * adds 0001-Add-optional-user-and-group-configuration.patch
- Introduce config.d directory for user configuration
- Avoid warning about empty config.d directory
  * adds 0002-use-nullglob-disable-warning-on-empty-CONFIG_D-direc.patch
- Fix sed warning about unescaped curly braces in regex
* Tue Sep 19 2017 daniel.molkentin@suse.com
- Swap statements in post: installing services requires tmp.d
* Tue Sep 19 2017 daniel.molkentin@suse.com
- (Weak) dependency on dehydrated-acmeresponder.
* Thu Sep 14 2017 daniel.molkentin@suse.com
- systemd update service: ConditionPathExists goes into [Unit] section
Version: 0.6.5-5.1
* Mon Sep 14 2020 daniel.molkentin@suse.com
- Reenable nginx subpackage for factory
* Mon Jun 29 2020 daniel.molkentin@suse.com
- Update maintainer file and package description, remove features
  that are better described in the (upstream maintained) man page.
* Mon Jun 29 2020 daniel.molkentin@suse.com
- Remove potentially harmful scriptlet (bsc#1154167). Documented
  transition case in the maintainer README. Unlikely enough. The
  versions that have not transitioned yet would be broken for more
  than two years now.
* Wed May 06 2020 daniel.molkentin@suse.com
- Removed lighttpd 1.x integration package. If you still would like
  to use lighttpd with dehydrated, follow the instructions in the
  README.maintainers file.
* Mon Apr 20 2020 daniel.molkentin@suse.com
- Fix lighttpd config file (boo#1169834)
- Provide nginx subpackage for SLE 15+ (jsc#SLE-11727)
* Mon Feb 03 2020 dimstar@opensuse.org
- Drop systemd BuildRequires: pkgconfig(systemd) is already in
  place and is synonymous.
* Thu Oct 17 2019 rbrown@suse.com
- Remove obsolete Groups tag (fate#326485)
* Sat Aug 10 2019 daniel.molkentin@suse.com
- Behavioral change: Use cron only for older RHEL/CentOS versions
  (along with SLE < 12.0). Everything else now uses systemd.
  Please adopt accordingly! Refer to README.md for
* Wed Jun 26 2019 daniel.molkentin@suse.com
- Update to dehydrated 0.6.5
  * Fixed broken APIv1 compatibility from last update
* Tue Jun 25 2019 daniel.molkentin@suse.com
- Update to dehydrated 0.6.4
  * Fetch account ID from Location header instead of account json (bsc#1139408)
- Update to dehydrated 0.6.3
  * OCSP refresh interval is now configurable
  * Implemented POST-as-GET
  * Call exit_hook on errors (with error-message as first parameter)
  * Initial support for tls-alpn-01 validation
  * New hook: sync_cert (for syncing certificate files to disk, see example
    hook description)
  * Fetch account information after registration to avoid missing account id
* Tue Jan 22 2019 daniel.molkentin@suse.com
- Remove RandomizedDelaySec attribute for distros with older systemd
  (boo#1110697)
* Fri Apr 27 2018 daniel.molkentin@suse.com
- Update to dehydrated 0.6.2
  * removes 0001-fixed-CA-url-in-example-config.patch
  * removes 0002-don-t-walk-certificate-chain-for-ACMEv2-certificate-.patch
  Added
  * New deploy_ocsp hook
  * Allow account registration with custom key
  Changed
  * Don't walk certificate chain for ACMEv2 (certificate contains chain by default)
  * Improved documentation on wildcards
  Fixes
  * Added workaround for compatibility with filesystem ACLs
  * Close unwanted external file-descriptors
  * Fixed JSON parsing on force-renewal (bsc#1091216)
  * Fixed cleanup of challenge files/dns-entries on validation errors
  * A few more minor fixes
Version: 0.6.5-8.1
* Thu Nov 19 2020 daniel.molkentin@suse.com
- dehydrated-apache2: Check for mod_compat (bsc#1178927)