Path to this page:
./
security/dehydrated,
Letsencrypt/acme client implemented as a shell-script
Branch: CURRENT,
Version: 0.7.1,
Package name: dehydrated-0.7.1,
Maintainer: nilsThis is a client for signing certificates with an ACME-server
(currently only provided by letsencrypt) implemented as a
relatively simple bash-script.
It uses the openssl utility for everything related to
actually handling keys and certificates,
so you need to have that installed.
Required to run:[
www/curl] [
shells/bash]
Required to build:[
pkgtools/cwrappers]
Master sites:
Filesize: 117.749 KB
Version history: (Expand)
- (2023-04-23) Updated to version: dehydrated-0.7.1
- (2019-08-21) Updated to version: dehydrated-0.6.5
- (2017-08-08) Updated to version: dehydrated-0.4.0nb1
- (2017-03-10) Package added to pkgsrc.se, version dehydrated-0.4.0 (created)
CVS history: (Expand)
2023-04-23 19:45:42 by Nils Ratusznik | Files touched by this commit (3) | |
Log message:
Update dehydrated to version 0.7.1.
Pkgsrc changes :
* Project has a new home : updated distfile URL and homepage ;
* Updated PLIST following the removal of a file ;
* Updated checksums.
Upstream changes :
* version 0.7.0 :
- Support for external account bindings
- Special support for ZeroSSL
- Support presets for some CAs instead of requiring URLs
- Allow requesting preferred chain (--preferred-chain)
- Added method to show CAs current terms of service (--display-terms)
- Allow setting path to domains.txt using cli arguments (--domains-txt)
- Added new cli command --cleanupdelete which deletes old files instead of
archiving them
- No more silent failures on broken hook-scripts
- Better error-handling with KEEP_GOING enabled
- Check actual order status instead of assuming it's valid
- Don't include keyAuthorization in challenge validation (RFC compliance)
- Using EC secp384r1 as default certificate type
- Use JSON.sh to parse JSON
- Use account URL instead of account ID (RFC compliance)
- Dehydrated now has a new home: https://github.com/dehydrated-io/dehydrated
- Added OCSP_FETCH and OCSP_DAYS to per-certificate configurable options
- Cleanup now also removes dangling symlinks
* version 0.7.1 :
- --force no longer forces domain name revalidation by default, a new
argument --force-validation has been added for that
- Added support for EC secp521r1 algorithm (works with e.g. zerossl)
- EC PARAMETERS are no longer written to privkey.pem (didn't seem necessary
and was causing issues with various software)
- Requests resulting in badNonce errors are now automatically retried (fixes
operation with LE staging servers)
- Deprecated egrep usage has been removed
- Implemented EC for account keys
- Domain list now also read from domains.txt.d subdirectory (behaviour might
change, see docs)
- Implemented RFC 8738 (validating/signing certificates for IP addresses
instead of domain names) support (this will not work with most
public CAs, if any!)
|
2021-10-26 13:18:07 by Nia Alarie | Files touched by this commit (605) |
Log message:
security: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo \
cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
|
2021-10-07 16:54:50 by Nia Alarie | Files touched by this commit (606) |
Log message:
security: Remove SHA1 hashes for distfiles
|
2020-05-22 07:47:52 by Roland Illig | Files touched by this commit (1) |
Log message:
security/dehydrated: remove nonexistent file from REPLACE_BASH
|
2019-08-20 23:50:56 by Nils Ratusznik | Files touched by this commit (3) |
Log message:
Updated security/dehydrated to version 0.6.5.
Some of the upstream changes since 0.4.0 :
* OpenSSL binary path is now configurable
* Support for ACME v02
* Challenge validation loop has been modified to loop over authorization \
identifiers instead of altnames (ACMEv2 + wildcard support)
* Use new ACME v2 endpoint by default
* Initial support for tls-alpn-01 validation
* OCSP refresh interval is now configurable
Full changelog available here :
https://github.com/lukas2511/dehydrated/blob/v0.6.5/CHANGELOG
|
2017-08-07 19:56:13 by Johnny C. Lam | Files touched by this commit (26) |
Log message:
Fix packages that had INSTALLATION_DIRS+=$(PKG_SYSCONFDIR}.
Set PKG_SYSCONFSUBDIR where appropriate, and use {MAKE,OWN}_DIRS to
create the directory tree under ${PKG_SYSCONFDIR} instead of using
INSTALLATION_DIRS.
Bump the PKGREVISION of packages that changed due to changes in the
package install scripts.
|
2017-03-11 11:24:58 by Nils Ratusznik | Files touched by this commit (1) |
Log message:
DESCR was maybe a little too descriptive, pkgsrc handles the dependencies.
|
2017-03-10 09:30:51 by Nils Ratusznik | Files touched by this commit (4) |
Log message:
Import dehydrated-0.4.0 as security/dehydrated.
This is a client for signing certificates with an ACME-server
(currently only provided by letsencrypt) implemented as a
relatively simple bash-script.
It uses the openssl utility for everything related to
actually handling keys and certificates,
so you need to have that installed.
Other dependencies are: curl, sed, grep, mktemp
(all found on almost any system, curl being the only exception)
|