Commit message (Collapse) | Author | Age | Files | |
---|---|---|---|---|
* | Update changelog for 0.8.2-1 releasedebian/0.8.2-1 | Guilhem Moulin | 2023-04-25 | 1 |
| | ||||
* | Merge tag 'v0.8.2' into debian/latest | Guilhem Moulin | 2023-04-25 | 5 |
|\ | | | | | | | Release version 0.8.2 | |||
| * | Prepare new release v0.8.2.v0.8.2 | Guilhem Moulin | 2023-04-25 | 4 |
| | | ||||
| * | tests: Point stretch's archive URL to archive.d.o. | Guilhem Moulin | 2023-04-25 | 1 |
| | | | | | | | | See https://lists.debian.org/msgid-search/87tty79lwo.fsf@43-1.org . | |||
| * | client: Handle "ready" → "processing" → "valid" status change during ↵ | Guilhem Moulin | 2023-04-25 | 1 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | newOrder. Instead of just "ready" → "valid", which may be what we observe when the server is fast enough, but according to RFC 8555 sec. 7.1.6 the state actually transitions via "processing" state and we need to account for that. It appears Let's Encrypt staging environment now has different timing conditions and lacme is unable to request certificates due to this issue. Thanks to Alexander Borkowski for the report! | |||
* | | Update changelog for 0.8.1-1 releasedebian/0.8.1-1 | Guilhem Moulin | 2023-01-25 | 1 |
| | | ||||
* | | Merge tag 'v0.8.1' into debian/latest | Guilhem Moulin | 2023-01-25 | 18 |
|\| | | | | | | | Release version 0.8.1 | |||
| * | Prepare new release v0.8.1.v0.8.1 | Guilhem Moulin | 2023-01-25 | 4 |
| | | ||||
| * | Adjust test suite against current Let's Encrypt staging environment. | Guilhem Moulin | 2023-01-25 | 7 |
| | | ||||
| * | Replace '$(dir $@)' with '$(@D)' in Makefile. | Guilhem Moulin | 2023-01-25 | 2 |
| | | ||||
| * | lacme: pass a temporary JSON file with the client configuration to the ↵ | Guilhem Moulin | 2021-02-25 | 4 |
| | | | | | | | | | | | | | | | | | | internal client. So it doesn't have to parse the INI file again. Also, while lacme.conf is world-readable by default, one might restrict permissions and add private information in there, not realizing that everything, including comments, will be readable by the client. | |||
| * | lacme: split certificates using Net::SSLeay::PEM_* instead of calling openssl. | Guilhem Moulin | 2021-02-25 | 2 |
| | | ||||
| * | lacme: improve install_cert()'s handling of temporary files. | Guilhem Moulin | 2021-02-24 | 1 |
| | | ||||
| * | lacme: Return an error when the 'mode'/'chown' isn't a number. | Guilhem Moulin | 2021-02-24 | 2 |
| | | | | | | | | oct("foobar") is 0, definitely not what we want. | |||
| * | lacme: Add 'owner' resp. 'mode' as (prefered) alias for 'chown' resp. 'chmod'. | Guilhem Moulin | 2021-02-24 | 5 |
| | | ||||
| * | lacme: Default mode for certificate(-chain) creation is 0644 minus umask ↵ | Guilhem Moulin | 2021-02-24 | 5 |
| | | | | | | | | | | | | | | | | restrictions. Also, always spawn the client with umask 0022 so a starting lacme(8) with a restrictive umask doesn't impede serving challenge response files. | |||
| * | lacme: Don't write certificate(-chain) file on chown/chmod failure. | Guilhem Moulin | 2021-02-24 | 3 |
| | | | | | | | | | | | | | | | | | | Otherwise we end up with files with mode 0644 owned by root:root, and subsequent lacme(8) invocations will likely not renew them for a while. This change also saves a chown(2) call. And the new logic (chown resp. chmod from root:root resp. 0600) is safe if we ever include private key material in there too. | |||
| * | If restricting access via umask() fails, don't include errno in the error ↵ | Guilhem Moulin | 2021-02-24 | 3 |
| | | | | | | | | | | | | | | message. errno is not set on umask failure, see https://perldoc.perl.org/functions/umask. | |||
| * | lacme: Ignore empty values in 'chown'/'chmod'/'certificate'/'certificate-chain'. | Guilhem Moulin | 2021-02-24 | 2 |
| | | ||||
| * | tests/cert-install: Include tests for failing chown(2). | Guilhem Moulin | 2021-02-24 | 2 |
| | | | | | | | | Due to unknown user/group name. | |||
| * | tab damage | Guilhem Moulin | 2021-02-24 | 1 |
| | | ||||
| * | typofix | Guilhem Moulin | 2021-02-24 | 1 |
| | | ||||
| * | tests/drop-privileges: Ensure failure to drop privileges yields an error. | Guilhem Moulin | 2021-02-24 | 2 |
| | | | | | | | | And doesn't retain root privileges. | |||
| * | lacme: When getpwnam()/getgrnam()'s errno is 0, exclude it from error messages. | Guilhem Moulin | 2021-02-24 | 2 |
| | | ||||
| * | lacme-accountd: Refactor logging logic. | Guilhem Moulin | 2021-02-23 | 2 |
| | | ||||
| * | lacme-accountd: don't log debug messages unless --debug is set. | Guilhem Moulin | 2021-02-23 | 2 |
| | | ||||
| * | Consolidate error messages. | Guilhem Moulin | 2021-02-23 | 2 |
| | | ||||
| * | lacme-accountd: panic() upon internal error of the signing routine. | Guilhem Moulin | 2021-02-22 | 1 |
| | | | | | | | | It might croak and we want to log that error also. | |||
| * | test suite: Avoid setting twice the ACME API server URL. | Guilhem Moulin | 2021-02-22 | 1 |
| | | ||||
| * | test: Allow prefixing test names with 'tests/'. | Guilhem Moulin | 2021-02-22 | 1 |
| | | | | | | | | It's handy to be able to run `./test tests/accountd*` or similar. | |||
| * | lacme-accountd: Refuse to sign JWS with an invalid Protected Header. | Guilhem Moulin | 2021-02-22 | 3 |
| | | | | | | | | | | | | | | | | | | | | | | “The JWS Protected Header is a JSON object” — RFC 7515 sec. 2. “The JWS Protected Header MUST include the following fields: - "alg" - "nonce" - "url" - either "jwk" or "kid"” — RFC 8555 sec. 6.2. | |||
| * | lacme-account: Improve log messages. | Guilhem Moulin | 2021-02-22 | 5 |
| | | | | | | | | Again… | |||
| * | accountd::conn(): Minor refactoring. | Guilhem Moulin | 2021-02-22 | 1 |
| | | ||||
| * | In lacme's the [accountd] config, let lacme-accountd(1) do the %-expansion ↵ | Guilhem Moulin | 2021-02-22 | 3 |
| | | | | | | | | | | | | | | | | for 'config'. This matches the arguably expected behavior that ‘config = %h/foo’ is passed as ‘--config=%h/foo’ and resolved by lacme-accountd(1) (possibly remote and with another passwd database). | |||
* | | Update standards version to 4.6.2, no changes needed. | Guilhem Moulin | 2022-12-20 | 1 |
| | | | | | | | | | | | | Changes-By: lintian-brush Fixes: lintian: out-of-date-standards-version See-also: https://lintian.debian.org/tags/out-of-date-standards-version.html | |||
* | | Set field Upstream-Name in debian/copyright. | Guilhem Moulin | 2022-12-20 | 1 |
| | | | | | | | | Changes-By: lintian-brush | |||
* | | Merge branch 'multiarch-fixes' into 'debian/latest' | Jelmer Vernooij | 2022-10-30 | 1 |
|\ \ | | | | | | | | | | | | | Apply hints suggested by the multi-arch hinter See merge request debian/lacme!1 | |||
| * | | Apply multi-arch hints. | Debian Janitor | 2022-10-27 | 1 |
|/ / | | | | | | | | | | | + lacme-accountd: Add Multi-Arch: foreign. Changes-By: apply-multiarch-hints | |||
* | | d/control: Improve long package descriptions. | Guilhem Moulin | 2022-08-16 | 1 |
| | | ||||
* | | Salsa CI: Remove default configuration file. | Guilhem Moulin | 2022-08-16 | 1 |
| | | | | | | | | | | | | Instead, set ‘recipes/debian.yml@salsa-ci-team/pipeline’ as CI/CD configuration file in the GitLab repository setting. Per recommendation from the Salsa CI maintainers: https://salsa.debian.org/salsa-ci-team/pipeline#debian-pipeline-for-developers . | |||
* | | Prepare new release.debian/0.8.0-2 | Guilhem Moulin | 2021-05-04 | 1 |
| | | ||||
* | | d/lacme.postrm: Don't delete system users on purge. | Guilhem Moulin | 2021-02-22 | 2 |
| | | | | | | | | | | | | | | _lacme-www shouldn't own any file or directories, but there might be files on disk owned by _lacme-client when 'challenge-directory' is used. See https://wiki.debian.org/AccountHandlingInMaintainerScripts#Reasons_for_not_deleting_accounts . | |||
* | | Prepare new release.debian/0.8.0-1 | Guilhem Moulin | 2021-02-22 | 3 |
| | | ||||
* | | d/lacme.install: include new configuration files and snippets. | Guilhem Moulin | 2021-02-22 | 2 |
| | | ||||
* | | d/lacme.links: Remove /etc/apache2/conf-available/lacme.conf. | Guilhem Moulin | 2021-02-22 | 2 |
| | | | | | | | | Now part of the upstream build system. | |||
* | | Add NEWS files with breaking changes. | Guilhem Moulin | 2021-02-22 | 2 |
| | | ||||
* | | d/control: Remove versioned Recommends: on lacme-accountd. | Guilhem Moulin | 2021-02-22 | 2 |
| | | | | | | | | | | lacme also works with earlier accountds, but might yield bad suprises when the 'keyid' setting is set. | |||
* | | d/copyright: Point Source: to the upstream repository. | Guilhem Moulin | 2021-02-22 | 2 |
| | | ||||
* | | d/copyright: Bump copyright years. | Guilhem Moulin | 2021-02-22 | 1 |
| | | ||||
* | | Bump copyright years. | Guilhem Moulin | 2021-02-22 | 1 |
| | |