lacme/Changelog, branch debian/0.8.1-1

Prepare new release v0.8.1.

2023-01-25T02:23:51+00:00

Adjust test suite against current Let's Encrypt staging environment.

2023-01-25T02:23:45+00:00

Replace '$(dir $@)' with '$(@D)' in Makefile.

2023-01-25T02:11:22+00:00

lacme: pass a temporary JSON file with the client configuration to the internal client.

2021-02-25T09:30:22+00:00

So it doesn't have to parse the INI file again.  Also, while lacme.conf
is world-readable by default, one might restrict permissions and add
private information in there, not realizing that everything, including
comments, will be readable by the client.

lacme: split certificates using Net::SSLeay::PEM_* instead of calling openssl.

2021-02-24T23:37:17+00:00

lacme: Return an error when the 'mode'/'chown' isn't a number.

2021-02-24T20:32:06+00:00

oct("foobar") is 0, definitely not what we want.

lacme: Add 'owner' resp. 'mode' as (prefered) alias for 'chown' resp. 'chmod'.

2021-02-24T20:32:06+00:00

lacme: Default mode for certificate(-chain) creation is 0644 minus umask restrictions.

2021-02-24T20:32:01+00:00

Also, always spawn the client with umask 0022 so a starting lacme(8)
with a restrictive umask doesn't impede serving challenge response
files.

lacme: Don't write certificate(-chain) file on chown/chmod failure.

2021-02-24T20:09:02+00:00

Otherwise we end up with files with mode 0644 owned by root:root, and
subsequent lacme(8) invocations will likely not renew them for a while.

This change also saves a chown(2) call.  And the new logic (chown resp.
chmod from root:root resp. 0600) is safe if we ever include private key
material in there too.

If restricting access via umask() fails, don't include errno in the error message.

2021-02-24T20:08:28+00:00

errno is not set on umask failure, see
https://perldoc.perl.org/functions/umask.