Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

dehydrated-0.6.5-lp152.2.1 RPM for noarch

From OpenSuSE Leap 15.2 for noarch

Name: dehydrated Distribution: openSUSE Leap 15.2
Version: 0.6.5 Vendor: openSUSE
Release: lp152.2.1 Build date: Thu Apr 30 20:38:45 2020
Group: Unspecified Build host: build81
Size: 162566 Source RPM: dehydrated-0.6.5-lp152.2.1.src.rpm
Summary: A client for signing certificates with an ACME server
This is a client for signing certificates with an ACME server
(currently only provided by letsencrypt) implemented as a relatively
simple bash-script.

It uses the openssl utility for everything related to actually
handling keys and certificates, so you need to have that installed.

Other dependencies are: curl, sed, grep, mktemp (all found on almost
any system, curl being the only exception)

Current features:

* Signing of a list of domains
* Signing of a CSR
* Renewal if a certificate is about to expire or SAN (subdomains) changed
* Certificate revocation






* Mon Apr 20 2020 Daniel Molkentin <>
  - Fix lighttpd config file (boo#1169834)
  - Provide nginx subpackage for SLE 15+ (jsc#SLE-11727)
* Mon Feb 03 2020 Dominique Leuenberger <>
  - Drop systemd BuildRequires: pkgconfig(systemd) is already in
    place and is synonymous.
* Thu Oct 17 2019 Richard Brown <>
  - Remove obsolete Groups tag (fate#326485)
* Sat Aug 10 2019 Daniel Molkentin <>
  - Behavioral change: Use cron only for older RHEL/CentOS versions
    (along with SLE < 12.0). Everything else now uses systemd.
    Please adopt accordingly! Refer to for
* Wed Jun 26 2019 Daniel Molkentin <>
  - Update to dehydrated 0.6.5
    * Fixed broken APIv1 compatibility from last update
* Tue Jun 25 2019 Daniel Molkentin <>
  - Update to dehydrated 0.6.4
    * Fetch account ID from Location header instead of account json (bsc#1139408)
  - Update to dehydrated 0.6.3
    * OCSP refresh interval is now configurable
    * Implemented POST-as-GET
    * Call exit_hook on errors (with error-message as first parameter)
    * Initial support for tls-alpn-01 validation
    * New hook: sync_cert (for syncing certificate files to disk, see example
      hook description)
    * Fetch account information after registration to avoid missing account id
* Tue Jan 22 2019 Daniel Molkentin <>
  - Remove RandomizedDelaySec attribute for distros with older systemd
* Fri Apr 27 2018
  - Update to dehydrated 0.6.2
    * removes 0001-fixed-CA-url-in-example-config.patch
    * removes 0002-don-t-walk-certificate-chain-for-ACMEv2-certificate-.patch
    * New deploy_ocsp hook
    * Allow account registration with custom key
    * Don't walk certificate chain for ACMEv2 (certificate contains chain by default)
    * Improved documentation on wildcards
    * Added workaround for compatibility with filesystem ACLs
    * Close unwanted external file-descriptors
    * Fixed JSON parsing on force-renewal (bsc#1091216)
    * Fixed cleanup of challenge files/dns-entries on validation errors
    * A few more minor fixes
* Thu Mar 15 2018
  - Don't add intermediate certificates twice when using ACMEv2 (bsc#1085305)
    * Adds 0002-don-t-walk-certificate-chain-for-ACMEv2-certificate-.patch
* Wed Mar 14 2018
  - Fix issues introduced by 0.6.1 (bsc#1085305)
    * bring back man page
    * reflect new endpoint in (commented out) config file section
      (adds 0001-fixed-CA-url-in-example-config.patch, backported
      from upstream's master branch)
* Tue Mar 13 2018
  - Updated dehydrated to 0.6.1 (bsc#1084854)
    * Use new ACME v2 endpoint by default
* Mon Mar 12 2018
  - Updated dehydrated to 0.6.0 (bsc#1084854)
    * Challenge validation loop has been modified to loop over authorization identifiers instead of altnames (ACMEv2 + wildcard support)
    * Removed LICENSE parameter from config (terms of service is now acquired directly from the CA directory)
    * Support for ACME v02 (including wildcard certificates!)
    * New hook: generate_csr (see example hook script for more information)
    * Calling random hook on startup to make it clear to hook script authors that unknown hooks should just be ignored...
* Mon Jan 15 2018
  - Remove redundant noarch entries. They cause an error in RPM 4.14.
* Mon Jan 15 2018
  - Updated dehydrated to 0.5.0
    This removes the following patches and files, which are now part of the
    upstream package:
    * 0001-Add-optional-user-and-group-configuration.patch
    * 0002-use-nullglob-disable-warning-on-empty-CONFIG_D-direc.patch
    * dehydrated.1: the man page has been adopted by upstream
    Starting with this version, upstream introduced signed releases, which
    is now being used for source validation.
    Upstream changes:
    * Certificate chain is now cached (CHAINCACHE)
    * OpenSSL binary path is now configurable (OPENSSL)
    * Cleanup now also moves revoked certificates
    * New feature for updating contact information (--account)
    * Allow automatic cleanup on exit (AUTO_CLEANUP)
    * Initial support for fetching OCSP status to be used for OCSP stapling
    * Certificates can now have aliases to create multiple certificates with
      identical set of domains (see --alias and domains.txt documentation)
    * Allow dehydrated to run as specified user (/group). This was already
      available previously as a patch to this package.
* Fri Oct 20 2017
  - revert accidental change to the service file
* Fri Oct 20 2017
  - actually try to find the real path to bash and don't hardcode
* Thu Oct 19 2017
  - Use /usr/bin/bash directly, rather than via env
* Wed Oct 18 2017
  - Use sudo instead of su to allow for argument handling, also
    works in all cases when no login shell is assigned to the
    dehydrated user
    * updates 0001-Add-optional-user-and-group-configuration.patch
* Tue Oct 17 2017
  - Commands in service files need some escaping after all. Fix ExecStartPost.
* Mon Oct 16 2017
  - In the timer service, execute root post run hooks in ExecStartPost
* Mon Oct 16 2017
  - Fix run of root hooks
  - Simplify root hook execution, this is also more robust
* Thu Oct 05 2017
  - Remove unused hooks directory
  - Introduced a directory for custom post-run hooks executed as root,
    see README.SUSE for details. (not to be confused with the native hooks
    run as dehyrated user)
* Fri Sep 29 2017
  - Clarify necessity of enabling dehydrated.timer in README.SUSE
  - Submit to SLE15 as per fate#323377
  - Add optional post run hook directory, executed by cron/systemd
    after dehydrated --cron has run
  - Remove hook directory intended for packaging other native hooks.
    Will be approach differently
* Wed Sep 27 2017
  - No longer require nginx or lighttpd for SLE
  - Never go as far as to require acmeresponder, it might not be available
  - Drop -update from dehydrated-update.{timer,socket} for consistency
  - Add distro specific README.SUSE / README.Fedora
  - Ran spec-cleaner
* Fri Sep 22 2017
  - Add man page
  - Ensure dehydrated is always run as designated user
    * adds 0001-Add-optional-user-and-group-configuration.patch
  - Introduce config.d directory for user configuration
  - Avoid warning about empty config.d directory
    * adds 0002-use-nullglob-disable-warning-on-empty-CONFIG_D-direc.patch
  - Fix sed warning about unescaped curly braces in regex
* Tue Sep 19 2017
  - Swap statements in post: installing services requires tmp.d
* Tue Sep 19 2017
  - (Weak) dependency on dehydrated-acmeresponder.
* Thu Sep 14 2017
  - systemd update service: ConditionPathExists goes into [Unit] section
* Wed Sep 13 2017
  - Use timer instead of cron for systemd-enabled distros
    Note: Timer must be explicitly enabled!
* Tue Feb 21 2017
  - Drop the (undocumented) dependeny for mod_headers
* Sat Feb 18 2017
  - Unify configuration file source names
* Sat Feb 18 2017
  - Bump to 0.4.0
* Thu Feb 02 2017
  - More dependency fixes
* Thu Feb 02 2017
  - Make nginx and lighttpd packages into features
    Default-disable them on distros where we cannot provide a dependency.
* Thu Feb 02 2017
  - Fix build on Fedora
* Thu Feb 02 2017
  - make permissions of the lighty and nginx config files tighter
* Thu Feb 02 2017
  - only own the configuration files and not the whole directory tree
    - add BR for nginx, lighttpd, apache2 to handle directory
* Thu Jan 12 2017
  - with making the permissions more tight ... dehydrated can not
    write its lock file anymore to /etc/dehydrated. To fix this we
    now create /var/run/dehydrated (sysvinit) or /run/dehydrated
    (systemd) and point the lock file in the default config to that
    Please adapt your local config files accordingly.
* Thu Jan 12 2017
  - change permissions of /etc/dehydrated to:
    root:dehydrated u=rwx,g=rx,o=
  - create the subdirs that dehydrated would create later anyway:
    dehydrated::dehydrated u=rwx,go=
  - tighten up permissions on
    root:root u=rw,go=r -> root:dehydrated u=rw,g=r,o=
    root:root u=rw,go=r -> root:dehydrated u=rwx,g=rx,o=
* Wed Nov 23 2016
  - Add lighttpd configuration via dehydrated-lighttpd
* Mon Nov 14 2016
  - Test for user/group before adding them and don't suppress errors
* Thu Nov 10 2016
  - Fix MIN HOUR order in crontab (boo#1009452)
* Tue Sep 13 2016
  - Bump to v0.3.1
  - Rename to dehydrated
* Sun May 22 2016
  - Bump to v0.2.0
  - This version fixes a json-parsing bug which made
    incompatible with up-to-date ACME servers.
  - PRIVATE_KEY config parameter has been renamed to ACCOUNT_KEY to avoid
    confusion with certificate keys
  - deploy_cert hook now also has the certificates timestamp as standalone
  - Temporary files are now identifiable (template:
  - Private keys are now regenerated by default
  - Added documentation to repository
  - Fixed bug with uppercase names in domains.txt (script now converts everything
    to lowercase)
  - mktemp no longer uses the deprecated -t parameter.
  - Compatibility with "pretty" json
* Wed Apr 20 2016
  - Explicitly add group and license, required for SLES 11
* Wed Apr 20 2016
  - Add nginx integration package
  - Proper dir permissions for apache package (755, not 644)
* Mon Apr 18 2016
  - fix build requirement for shadow (>=openSUSE-12.3) and pwdutils
    (before 12.3).
  - missing changelog for last change by danimo: do not require mod_ssl for
    suse distrbutions.
* Mon Mar 28 2016
  - Add alias to /.well-known/acme-challenge by default
* Sat Mar 26 2016
  - Add cron, do not remove letsencrypt user, adjust permissions
* Fri Mar 25 2016
  - Initial commit



Generated by rpm2html 1.8.1

Fabrice Bellet, Mon May 9 12:54:53 2022