diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2021-02-18 21:07:01 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2021-02-20 22:13:41 +0100 |
commit | 0ef94d85e58497dcb2c4c954cadcac918032467a (patch) | |
tree | 9ff32832dc06f0c8b17ae19c9e9fbcd46e48d2ba /Changelog | |
parent | 4a502836164821b9faa56d363c8fb116ce032321 (diff) |
Add %-specifiers support.
lacme(8): for --config=, --socket=, --config-certs= (and ‘socket’/
‘config-certs’/‘challenge-directory’ configuration options *before*
privilege drop; and for the [accountd] section ‘command’/‘config’
configuration options *after* privilege drop).
lacme-accountd(1): for --config=, --socket= and --privkey= (and
‘socket’/‘privkey’ configuration options).
This also changes the default configuration file location. lacme(8) and
lacme-accountd(1) now respectively use /etc/lacme/lacme.conf resp.
/etc/lacme/lacme-accountd.conf when running as root, and
$XDG_CONFIG_HOME/lacme/lacme.conf resp. $XDG_CONFIG_HOME/lacme/lacme-accountd.conf
when running as a normal user. There is no fallback to /etc anymore.
Diffstat (limited to 'Changelog')
-rw-r--r-- | Changelog | 23 |
1 files changed, 18 insertions, 5 deletions
@@ -19,9 +19,16 @@ lacme (0.7.1) upstream; validate provided X.509 chains using that self-contained bundle, regardless of which CAs is marqued as trusted under /etc/ssl/certs. This change bumps the minimum OpenSSL version to 1.1.0. - * Breaking change: lacme(8) resp. lacme-accountd(1) no longer consider - ./lacme.conf resp. ./lacme-accountd.conf as default location for the - configuration file. + * Breaking change: lacme(8) and lacme-accountd(1) respectively load + their configuration file from /etc/lacme/lacme.conf resp. + /etc/lacme/lacme-accountd.conf when running as root, and + $XDG_CONFIG_HOME/lacme/lacme.conf resp. + $XDG_CONFIG_HOME/lacme/lacme-accountd.conf when running as a normal + user. There is no fallback to /etc anymore, and the lookup in the + current directory as prefered choice is removed too. However + lacme-accountd(1) can be used without configuration file under + ~/.config/lacme as it treats a non-existent default location as an + empty file. * The client, webserver, and accountd commands are now split on whitespace. This doesn't change the default behavior but allows using `ssh -T lacme@account.example.net lacme-accountd` to spawn a @@ -30,11 +37,17 @@ lacme (0.7.1) upstream; https://letsencrypt.org/docs/staging-environment/ . * lacme(8)'s 'config' option in the [accountd] section no longer have a default value. The previous default /etc/lacme/lacme-accountd.conf - is still honored when there is the user running lacme doesn't have a - ~/.config/lacme/lacme-account.conf configuration file. + is still honored when root privileges are preserved (the default). * Deprecate setting 'privkey' in [accountd] section of the lacme(8) configuration file. One need to use the lacme-accountd(1) configuration file for that instead. + * lacme(8): add %-specifiers support for --config=, --socket=, + --config-certs= (and 'socket'/'config-certs'/'challenge-directory' + configuration options *before* privilege drop; and for the [accountd] + section 'command'/'config' configuration options *after* privilege + drop). + * lacme-accountd(1): add %-specifiers support for --config=, --socket= + and --privkey= (and 'socket'/'privkey' configuration options). + Improve nginx/apache2 snippets for direct serving of challenge files (with the new 'challenge-directory' logic symlinks can be disabled). + Split Nginx and Apapche2 static configuration snippets into seperate |