From patchwork Fri Nov 18 22:51:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 6137 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4NDX8G6M3Lz3wgd for ; Fri, 18 Nov 2022 22:51:26 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4NDX8G2y6lz19J; Fri, 18 Nov 2022 22:51:26 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4NDX8G2KlXz2xqt; Fri, 18 Nov 2022 22:51:26 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4NDX8F055Bz2xRr for ; Fri, 18 Nov 2022 22:51:25 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4NDX8D2Pz9zdN; Fri, 18 Nov 2022 22:51:24 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1668811884; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=/wovrdZe4o2U6UEJNncyLay8w0Uue5T/mrMADBy+ioA=; b=nROYrlWMIly6QFT3JFfmCjAI5T3rDqMQJuNCq7/7Bd2ZOR6nXA8Qhl/lWYQrPmRExQf6sR rTfb/ITfVnXkssCw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1668811884; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=/wovrdZe4o2U6UEJNncyLay8w0Uue5T/mrMADBy+ioA=; b=nFDtBLyBVIFxJbg9o4rzvXlofUxzXjrwMxuilVWJfa7bMOLxzySeV4u7smgAqaO8MKOjSM Q/GNsm2CRXlwfmRSeeGioK/btU5xGnsT4lMXKxefurDnzIF5n7ZtU1P+ZzwJuAnwUmes27 pLPUUsEGSyMAePef4iDYMf5ObhNnCtVlFWyVwv2olLFfNRfzFXnKxpEcjmZjdkzG7IEONX MMLRTXBhaHtQVunKFSlImOjQd/ZFcQdlJPhYrbq2o3DLVz43yVX+Pa4GbbXIJRcQsXy5zP 1E29dbcxEKpj0Bcb2TdRgVc0AmXhv6RCYA46wuaFi+QIjJlJqQ/9vegJ3KYT9Q== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] dehydrated: Update to version 0.7.1 Date: Fri, 18 Nov 2022 23:51:21 +0100 Message-Id: <20221118225121.1361904-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - Update from version 0.7.0 to 0.7.1 - Update of rootfile not required - Changelog ## [0.7.1] - 2022-10-31 ## Changed - `--force` no longer forces domain name revalidation by default, a new argument `--force-validation` has been added for that - Added support for EC secp521r1 algorithm (works with e.g. zerossl) - `EC PARAMETERS` are no longer written to privkey.pem (didn't seem necessary and was causing issues with various software) ## Fixed - Requests resulting in `badNonce` errors are now automatically retried (fixes operation with LE staging servers) - Deprecated `egrep` usage has been removed ## Added - Implemented EC for account keys - Domain list now also read from domains.txt.d subdirectory (behaviour might change, see docs) - Implemented RFC 8738 (validating/signing certificates for IP addresses instead of domain names) support (this will not work with most public CAs, if any!) Signed-off-by: Adolf Belka Reviewed-by: Michael Tremer --- lfs/dehydrated | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/dehydrated b/lfs/dehydrated index b6ad9949a..7cd92076b 100644 --- a/lfs/dehydrated +++ b/lfs/dehydrated @@ -26,7 +26,7 @@ include Config SUMMARY = A client for signing certificates with an ACME server -VER = 0.7.0 +VER = 0.7.1 THISAPP = dehydrated-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = dehydrated -PAK_VER = 4 +PAK_VER = 5 DEPS = @@ -48,7 +48,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 35a3b0b7592126ca65003a6c9eb8934a76584710d028057e5add7f77bb2fa3799e89a060306da3b98a62d291229a2a78f23e0f95f19e033796aee31e97b94488 +$(DL_FILE)_BLAKE2 = 0b287537206936ceff33bde8bbb8ab7b13f28bf58cd29c898348db0cf5a83157fed4535da218ac48a810a93b99474e96334a27c062c157e2f164b0e516b47111 install : $(TARGET)