./security/dehydrated, Letsencrypt/acme client implemented as a shell-script

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 0.7.1, Package name: dehydrated-0.7.1, Maintainer: nils

This is a client for signing certificates with an ACME-server
(currently only provided by letsencrypt) implemented as a
relatively simple bash-script.

It uses the openssl utility for everything related to
actually handling keys and certificates,
so you need to have that installed.


Required to run:
[www/curl] [shells/bash]

Required to build:
[pkgtools/cwrappers]

Master sites:

Filesize: 117.749 KB

Version history: (Expand)


CVS history: (Expand)


   2023-04-23 19:45:42 by Nils Ratusznik | Files touched by this commit (3) | Package updated
Log message:
Update dehydrated to version 0.7.1.

Pkgsrc changes :
 * Project has a new home : updated distfile URL and homepage ;
 * Updated PLIST following the removal of a file ;
 * Updated checksums.

Upstream changes :
 * version 0.7.0 :
   - Support for external account bindings
   - Special support for ZeroSSL
   - Support presets for some CAs instead of requiring URLs
   - Allow requesting preferred chain (--preferred-chain)
   - Added method to show CAs current terms of service (--display-terms)
   - Allow setting path to domains.txt using cli arguments (--domains-txt)
   - Added new cli command --cleanupdelete which deletes old files instead of
     archiving them
   - No more silent failures on broken hook-scripts
   - Better error-handling with KEEP_GOING enabled
   - Check actual order status instead of assuming it's valid
   - Don't include keyAuthorization in challenge validation (RFC compliance)
   - Using EC secp384r1 as default certificate type
   - Use JSON.sh to parse JSON
   - Use account URL instead of account ID (RFC compliance)
   - Dehydrated now has a new home: https://github.com/dehydrated-io/dehydrated
   - Added OCSP_FETCH and OCSP_DAYS to per-certificate configurable options
   - Cleanup now also removes dangling symlinks

 * version 0.7.1 :
   - --force no longer forces domain name revalidation by default, a new
     argument --force-validation has been added for that
   - Added support for EC secp521r1 algorithm (works with e.g. zerossl)
   - EC PARAMETERS are no longer written to privkey.pem (didn't seem necessary
     and was causing issues with various software)
   - Requests resulting in badNonce errors are now automatically retried (fixes
     operation with LE staging servers)
   - Deprecated egrep usage has been removed
   - Implemented EC for account keys
   - Domain list now also read from domains.txt.d subdirectory (behaviour might
     change, see docs)
   - Implemented RFC 8738 (validating/signing certificates for IP addresses
     instead of domain names) support (this will not work with most
     public CAs, if any!)
   2021-10-26 13:18:07 by Nia Alarie | Files touched by this commit (605)
Log message:
security: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo \ 
cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
   2021-10-07 16:54:50 by Nia Alarie | Files touched by this commit (606)
Log message:
security: Remove SHA1 hashes for distfiles
   2020-05-22 07:47:52 by Roland Illig | Files touched by this commit (1)
Log message:
security/dehydrated: remove nonexistent file from REPLACE_BASH
   2019-08-20 23:50:56 by Nils Ratusznik | Files touched by this commit (3)
Log message:
Updated security/dehydrated to version 0.6.5.

Some of the upstream changes since 0.4.0 :
* OpenSSL binary path is now configurable
* Support for ACME v02
* Challenge validation loop has been modified to loop over authorization \ 
identifiers instead of altnames (ACMEv2 + wildcard support)
* Use new ACME v2 endpoint by default
* Initial support for tls-alpn-01 validation
* OCSP refresh interval is now configurable

Full changelog available here :
https://github.com/lukas2511/dehydrated/blob/v0.6.5/CHANGELOG
   2017-08-07 19:56:13 by Johnny C. Lam | Files touched by this commit (26)
Log message:
Fix packages that had INSTALLATION_DIRS+=$(PKG_SYSCONFDIR}.

Set PKG_SYSCONFSUBDIR where appropriate, and use {MAKE,OWN}_DIRS to
create the directory tree under ${PKG_SYSCONFDIR} instead of using
INSTALLATION_DIRS.

Bump the PKGREVISION of packages that changed due to changes in the
package install scripts.
   2017-03-11 11:24:58 by Nils Ratusznik | Files touched by this commit (1)
Log message:
DESCR was maybe a little too descriptive, pkgsrc handles the dependencies.
   2017-03-10 09:30:51 by Nils Ratusznik | Files touched by this commit (4)
Log message:
Import dehydrated-0.4.0 as security/dehydrated.

This is a client for signing certificates with an ACME-server
(currently only provided by letsencrypt) implemented as a
relatively simple bash-script.

It uses the openssl utility for everything related to
actually handling keys and certificates,
so you need to have that installed.

Other dependencies are: curl, sed, grep, mktemp
(all found on almost any system, curl being the only exception)