From b54d248515357297d84a01cf45a42a6787c21240 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Fri, 12 Feb 2021 22:06:43 +0100 Subject: Replace Types::Serialiser::true with JSON::true. This removes the dependency on Types::Serialiser. --- INSTALL | 1 - 1 file changed, 1 deletion(-) (limited to 'INSTALL') diff --git a/INSTALL b/INSTALL index 155c7aa..4780989 100644 --- a/INSTALL +++ b/INSTALL @@ -32,7 +32,6 @@ lacme depends on OpenSSL and the following Perl modules: - MIME::Base64 (core module) - Net::SSLeay - POSIX (core module) - - Types::Serialiser - Socket (core module) On Debian GNU/Linux systems, these dependencies can be installed with -- cgit v1.2.3 From 1005c094839b76dffde6a10138af978cb8d83375 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sun, 14 Feb 2021 11:39:33 +0100 Subject: Rename debian branch to debian/latest. For DEP-14 compliance. --- INSTALL | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'INSTALL') diff --git a/INSTALL b/INSTALL index 4780989..a0fcb72 100644 --- a/INSTALL +++ b/INSTALL @@ -49,11 +49,11 @@ the following command: However Debian GNU/Linux users can also use gbp(1) from git-buildpackage to build their own package: - $ git checkout debian + $ git checkout debian/latest $ AUTO_DEBSIGN=no gbp buildpackage Alternatively, for the development version: - $ git checkout debian + $ git checkout debian/latest $ git merge master $ AUTO_DEBSIGN=no gbp buildpackage --git-force-create --git-upstream-tree=BRANCH -- cgit v1.2.3 From 2c1a396728a381685923f7b1c4dea53d225112fc Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sun, 14 Feb 2021 22:59:11 +0100 Subject: Add (self-signed) ISRG Roots to the CA bundle. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This allows us to fully validate provided X.509 chains using that self-contained bundle, regardless of which CAs is marqued as trusted under /etc/ssl/certs. Also, remove cross-signed intermediate CAs from the bundle as they're useless in a self-contained bundle. Also, remove decomissioned intermediate CAs Authority X3 and X4 from the bundle. This change bumps the minimum OpenSSL version to 1.1.0 (for verify(1ssl)'s ‘-trusted’ and ‘-show_chain’ options). --- INSTALL | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'INSTALL') diff --git a/INSTALL b/INSTALL index a0fcb72..9ecb1bf 100644 --- a/INSTALL +++ b/INSTALL @@ -16,7 +16,7 @@ the following command: apt-get install libconfig-tiny-perl libcrypt-openssl-rsa-perl libcrypt-openssl-bignum-perl libjson-perl -lacme depends on OpenSSL and the following Perl modules: +lacme depends on OpenSSL ≥1.1.0 and the following Perl modules: - Config::Tiny - Digest::SHA (core module) -- cgit v1.2.3 From baa7c25db322a9472c9155422057ec56aa93f439 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Fri, 19 Feb 2021 00:06:49 +0100 Subject: Use File::Basename::dirname(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit To correctly extract the parent directory of the socket path. The previous returned an empty string when the socket path didn't contain ‘/’. --- INSTALL | 2 ++ 1 file changed, 2 insertions(+) (limited to 'INSTALL') diff --git a/INSTALL b/INSTALL index 9ecb1bf..cb8d57f 100644 --- a/INSTALL +++ b/INSTALL @@ -4,6 +4,7 @@ lacme-accountd depends on the following Perl modules: - Crypt::OpenSSL::RSA (for PEM-encoded key material) - Crypt::OpenSSL::Bignum (for PEM-encoded key material) - Errno (core module) + - File::Basename (core module) - Getopt::Long (core module) - JSON (optionally C/XS-accelerated with JSON::XS) - List::Util (core module) @@ -23,6 +24,7 @@ lacme depends on OpenSSL ≥1.1.0 and the following Perl modules: - Date::Parse - Errno (core module) - Fcntl (core module) + - File::Basename (core module) - File::Temp (core module) - Getopt::Long (core module) - JSON (optionally C/XS-accelerated with JSON::XS) -- cgit v1.2.3 From 8de74ffb4a2008a61c05e9a24c8fa9b14858d2be Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Fri, 19 Feb 2021 18:31:20 +0100 Subject: Remove dependency on List::Util (core module). --- INSTALL | 1 - 1 file changed, 1 deletion(-) (limited to 'INSTALL') diff --git a/INSTALL b/INSTALL index cb8d57f..85bd0c2 100644 --- a/INSTALL +++ b/INSTALL @@ -28,7 +28,6 @@ lacme depends on OpenSSL ≥1.1.0 and the following Perl modules: - File::Temp (core module) - Getopt::Long (core module) - JSON (optionally C/XS-accelerated with JSON::XS) - - List::Util (core module) - LWP::UserAgent - LWP::Protocol::https (for https:// ACME directory URIs) - MIME::Base64 (core module) -- cgit v1.2.3 From 0ef94d85e58497dcb2c4c954cadcac918032467a Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 18 Feb 2021 21:07:01 +0100 Subject: Add %-specifiers support. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit lacme(8): for --config=, --socket=, --config-certs= (and ‘socket’/ ‘config-certs’/‘challenge-directory’ configuration options *before* privilege drop; and for the [accountd] section ‘command’/‘config’ configuration options *after* privilege drop). lacme-accountd(1): for --config=, --socket= and --privkey= (and ‘socket’/‘privkey’ configuration options). This also changes the default configuration file location. lacme(8) and lacme-accountd(1) now respectively use /etc/lacme/lacme.conf resp. /etc/lacme/lacme-accountd.conf when running as root, and $XDG_CONFIG_HOME/lacme/lacme.conf resp. $XDG_CONFIG_HOME/lacme/lacme-accountd.conf when running as a normal user. There is no fallback to /etc anymore. --- INSTALL | 1 - 1 file changed, 1 deletion(-) (limited to 'INSTALL') diff --git a/INSTALL b/INSTALL index 85bd0c2..092ef16 100644 --- a/INSTALL +++ b/INSTALL @@ -7,7 +7,6 @@ lacme-accountd depends on the following Perl modules: - File::Basename (core module) - Getopt::Long (core module) - JSON (optionally C/XS-accelerated with JSON::XS) - - List::Util (core module) - MIME::Base64 (core module) - Socket (core module) -- cgit v1.2.3