head 1.42; access; symbols pkgsrc-2023Q4:1.41.0.2 pkgsrc-2023Q4-base:1.41 pkgsrc-2023Q3:1.37.0.4 pkgsrc-2023Q3-base:1.37 pkgsrc-2023Q2:1.37.0.2 pkgsrc-2023Q2-base:1.37 pkgsrc-2023Q1:1.36.0.4 pkgsrc-2023Q1-base:1.36 pkgsrc-2022Q4:1.36.0.2 pkgsrc-2022Q4-base:1.36 pkgsrc-2022Q3:1.34.0.6 pkgsrc-2022Q3-base:1.34 pkgsrc-2022Q2:1.34.0.4 pkgsrc-2022Q2-base:1.34 pkgsrc-2022Q1:1.34.0.2 pkgsrc-2022Q1-base:1.34 pkgsrc-2021Q4:1.30.0.4 pkgsrc-2021Q4-base:1.30 pkgsrc-2021Q3:1.30.0.2 pkgsrc-2021Q3-base:1.30 pkgsrc-2021Q2:1.29.0.4 pkgsrc-2021Q2-base:1.29 pkgsrc-2021Q1:1.29.0.2 pkgsrc-2021Q1-base:1.29 pkgsrc-2020Q4:1.28.0.2 pkgsrc-2020Q4-base:1.28 pkgsrc-2020Q3:1.26.0.2 pkgsrc-2020Q3-base:1.26 pkgsrc-2020Q2:1.25.0.2 pkgsrc-2020Q2-base:1.25 pkgsrc-2020Q1:1.23.0.2 pkgsrc-2020Q1-base:1.23 pkgsrc-2019Q4:1.22.0.4 pkgsrc-2019Q4-base:1.22 pkgsrc-2019Q3:1.16.0.4 pkgsrc-2019Q3-base:1.16 pkgsrc-2019Q2:1.16.0.2 pkgsrc-2019Q2-base:1.16 pkgsrc-2019Q1:1.11.0.2 pkgsrc-2019Q1-base:1.11 pkgsrc-2018Q4:1.9.0.2 pkgsrc-2018Q4-base:1.9 pkgsrc-2018Q3:1.8.0.6 pkgsrc-2018Q3-base:1.8 pkgsrc-2018Q2:1.8.0.4 pkgsrc-2018Q2-base:1.8 pkgsrc-2018Q1:1.8.0.2 pkgsrc-2018Q1-base:1.8 pkgsrc-2017Q4:1.6.0.2 pkgsrc-2017Q4-base:1.6 pkgsrc-2017Q3:1.5.0.6 pkgsrc-2017Q3-base:1.5 pkgsrc-2017Q2:1.5.0.2 pkgsrc-2017Q2-base:1.5 pkgsrc-2017Q1:1.3.0.2 pkgsrc-2017Q1-base:1.3 pkgsrc-2016Q4:1.2.0.2 pkgsrc-2016Q4-base:1.2 pkgsrc-2016Q3:1.1.0.4 pkgsrc-2016Q3-base:1.1 pkgsrc-2016Q2:1.1.0.2 pkgsrc-2016Q2-base:1.1; locks; strict; comment @# @; 1.42 date 2024.02.10.07.15.22; author adam; state Exp; branches; next 1.41; commitid eMwcC9xLoLlh9RXE; 1.41 date 2023.12.12.16.39.34; author adam; state Exp; branches; next 1.40; commitid Bt5uu9XM5UmxccQE; 1.40 date 2023.10.26.09.32.25; author adam; state Exp; branches; next 1.39; commitid PSZfa6TaBuSLl7KE; 1.39 date 2023.10.23.06.37.51; author wiz; state Exp; branches; next 1.38; commitid 4YdPmMYgk9hutIJE; 1.38 date 2023.10.11.18.27.03; author adam; state Exp; branches; next 1.37; commitid PFbB8jYBuic9NeIE; 1.37 date 2023.04.17.09.22.04; author adam; state Exp; branches; next 1.36; commitid VZadJyjVoHpNsrlE; 1.36 date 2022.11.26.18.01.35; author adam; state Exp; branches; next 1.35; commitid UH9XWwAEBT55Ue3E; 1.35 date 2022.10.19.13.56.32; author nia; state Exp; branches; next 1.34; commitid SJILZksUbr0GLkYD; 1.34 date 2022.03.17.12.23.31; author adam; state Exp; branches; next 1.33; commitid 5AWTouazUZ8eczwD; 1.33 date 2022.02.10.21.23.32; author adam; state Exp; branches; next 1.32; commitid B716Vt4AFRqcj7sD; 1.32 date 2022.01.05.15.41.19; author wiz; state Exp; branches; next 1.31; commitid FQ77UruBIUsgzsnD; 1.31 date 2022.01.04.20.54.38; author wiz; state Exp; branches; next 1.30; commitid CYyhdK9qtoffkmnD; 1.30 date 2021.08.05.10.52.00; author adam; state Exp; branches; next 1.29; commitid yhqfUjWV7iacTL3D; 1.29 date 2021.02.09.10.06.41; author adam; state Exp; branches; next 1.28; commitid hxbR7NMuWCOok1HC; 1.28 date 2020.10.18.18.45.03; author adam; state Exp; branches; next 1.27; commitid hsbhbJotYBiyRpsC; 1.27 date 2020.09.30.09.03.45; author adam; state Exp; branches; next 1.26; commitid 2Ze4o3CopScZd3qC; 1.26 date 2020.08.31.23.07.04; author wiz; state Exp; branches; next 1.25; commitid 9yf8HHEtVF21RgmC; 1.25 date 2020.05.17.19.34.12; author adam; state Exp; branches; next 1.24; commitid bTxyopGVhy8s5D8C; 1.24 date 2020.05.07.10.53.44; author adam; state Exp; branches; next 1.23; commitid LYSs6vEelpsEwi7C; 1.23 date 2020.03.22.22.32.29; author rillig; state Exp; branches; next 1.22; commitid xB5vxmJrS1G9Sr1C; 1.22 date 2019.12.15.09.48.37; author adam; state Exp; branches; next 1.21; commitid w6iifigKI326NMOB; 1.21 date 2019.10.02.17.36.43; author adam; state Exp; branches; next 1.20; commitid xfzgCW1mv4DpLjFB; 1.20 date 2019.10.02.10.40.56; author triaxx; state Exp; branches; next 1.19; commitid 67u4pkNWNBoIqhFB; 1.19 date 2019.10.02.08.38.42; author wiz; state Exp; branches; next 1.18; commitid IjlgH2rJgYhVMgFB; 1.18 date 2019.10.01.13.53.45; author wiz; state Exp; branches; next 1.17; commitid Aj5ynHbt2982zaFB; 1.17 date 2019.10.01.13.29.58; author triaxx; state Exp; branches; next 1.16; commitid Nn8cfycyDVYDpaFB; 1.16 date 2019.06.12.10.27.37; author adam; state Exp; branches 1.16.4.1; next 1.15; commitid jnrglSdtscPiZSqB; 1.15 date 2019.06.11.14.22.01; author triaxx; state Exp; branches; next 1.14; commitid gvA8l7kfNfEVjMqB; 1.14 date 2019.05.17.06.46.30; author adam; state Exp; branches; next 1.13; commitid UyYvMWIY3lllBwnB; 1.13 date 2019.05.07.08.50.36; author adam; state Exp; branches; next 1.12; commitid V5zGNUrHJvNKBfmB; 1.12 date 2019.04.08.15.48.31; author adam; state Exp; branches; next 1.11; commitid fahgeNTztrQRQyiB; 1.11 date 2019.03.10.15.23.50; author adam; state Exp; branches; next 1.10; commitid 0yukXCHqU30fEPeB; 1.10 date 2019.02.12.12.56.31; author adam; state Exp; branches; next 1.9; commitid X6iOLw71H3ZtFtbB; 1.9 date 2018.12.15.21.12.23; author wiz; state Exp; branches; next 1.8; commitid MNezDhBeO99pjW3B; 1.8 date 2018.03.13.10.08.51; author fhajny; state Exp; branches; next 1.7; commitid wmcABrJ0gjEOxhuA; 1.7 date 2018.01.22.13.37.25; author fhajny; state Exp; branches; next 1.6; commitid m6bhjeiEcb9MiSnA; 1.6 date 2017.12.09.16.39.03; author fhajny; state Exp; branches; next 1.5; commitid QtAabJlaqtwUIeiA; 1.5 date 2017.05.11.08.23.35; author fhajny; state Exp; branches; next 1.4; commitid 1yNqsCIOGgo9NWQz; 1.4 date 2017.04.10.10.29.38; author fhajny; state Exp; branches; next 1.3; commitid 9tMx0LKlJKftuYMz; 1.3 date 2017.01.12.16.02.44; author fhajny; state Exp; branches 1.3.2.1; next 1.2; commitid 0wY02w7dBrx0aHBz; 1.2 date 2016.10.11.09.23.35; author fhajny; state Exp; branches; next 1.1; commitid T2ZukvpdBJ5hWHpz; 1.1 date 2016.05.25.18.18.16; author fhajny; state Exp; branches; next ; commitid O5xOTgkM9ryMmT7z; 1.16.4.1 date 2019.10.18.14.31.38; author bsiegert; state Exp; branches; next ; commitid 9oRSR0UHmwC9emHB; 1.3.2.1 date 2017.04.16.15.28.16; author bsiegert; state Exp; branches; next ; commitid 8sANZMKKfo55XLNz; desc @@ 1.42 log @py-acme py-certbot*: updated to 2.9.0 Certbot 2.9.0 Added Support for Python 3.12 was added. Fixed Updates joinpath syntax to only use one addition per call, because the multiple inputs version was causing mypy errors on Python 3.10. Makes the reconfigure verb actually use the staging server for the dry run to check the new configuration. @ text @# $NetBSD: Makefile,v 1.41 2023/12/12 16:39:34 adam Exp $ .include "../../security/py-certbot/Makefile.common" DISTNAME= certbot-${CERTBOT_VERSION} MASTER_SITES= ${MASTER_SITE_PYPI:=c/certbot/} COMMENT= Client for the Let's Encrypt CA DEPENDS+= ${PYPKGPREFIX}-acme>=${CERTBOT_VERSION}:../../security/py-acme DEPENDS+= ${PYPKGPREFIX}-configargparse>=1.5.3:../../devel/py-configargparse DEPENDS+= ${PYPKGPREFIX}-configobj>=5.0.6:../../devel/py-configobj DEPENDS+= ${PYPKGPREFIX}-distro>=1.0.1:../../devel/py-distro DEPENDS+= ${PYPKGPREFIX}-josepy>=1.13.0:../../security/py-josepy DEPENDS+= ${PYPKGPREFIX}-parsedatetime>=2.4:../../time/py-parsedatetime DEPENDS+= ${PYPKGPREFIX}-pytz>=2019.3:../../time/py-pytz DEPENDS+= ${PYPKGPREFIX}-rfc3339-[0-9]*:../../time/py-rfc3339 # Needed for the test target # https://github.com/certbot/certbot/issues/2956 TEST_DEPENDS+= ${PYPKGPREFIX}-test-cov-[0-9]*:../../devel/py-test-cov TEST_DEPENDS+= ${PYPKGPREFIX}-test-xdist-[0-9]*:../../devel/py-test-xdist .include "../../lang/python/pyversion.mk" .if ${PYTHON_VERSION} < 309 DEPENDS+= ${PYPKGPREFIX}-importlib-resources>=1.3.1:../../devel/py-importlib-resources .endif .if ${PYTHON_VERSION} < 310 DEPENDS+= ${PYPKGPREFIX}-importlib-metadata>=4.6:../../devel/py-importlib-metadata .endif BUILD_DEFS+= VARBASE PKG_SYSCONFSUBDIR= letsencrypt SUBST_CLASSES+= path SUBST_STAGE.path= pre-build SUBST_MESSAGE.path= Fixing default paths SUBST_FILES.path= certbot/compat/misc.py SUBST_FILES.path+= certbot/_internal/tests/cli_test.py SUBST_SED.path= -e 's,/etc/letsencrypt,${PKG_SYSCONFDIR},g' SUBST_SED.path+= -e 's,/var/lib/letsencrypt,${VARBASE}/letsencrypt,g' SUBST_SED.path+= -e 's,/var/log/letsencrypt,${VARBASE}/letsencrypt/log,g' MAKE_DIRS+= ${VARBASE}/letsencrypt/log INSTALLATION_DIRS+= share/examples/certbot-${PYVERSSUFFIX} post-install: cd ${DESTDIR}${PREFIX}/bin && \ ${MV} certbot certbot-${PYVERSSUFFIX} || ${TRUE} ${INSTALL_DATA} ${WRKSRC}/examples/cli.ini \ ${DESTDIR}${PREFIX}/share/examples/certbot-${PYVERSSUFFIX} .include "../../lang/python/batteries-included.mk" .include "../../lang/python/wheel.mk" PYTHON_VERSIONED_DEPENDENCIES+= cryptography .include "../../lang/python/versioned_dependencies.mk" .include "../../mk/bsd.pkg.mk" @ 1.41 log @py-acme py-certbot*: updated to 2.8.0 Certbot 2.8.0 Added Added support for Alpine Linux distribution when is used the apache plugin Changed Support for Python 3.7 was removed. Fixed Stop using the deprecated pkg_resources API included in setuptools. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.40 2023/10/26 09:32:25 adam Exp $ d22 8 a29 1 TEST_DEPENDS+= ${PYPKGPREFIX}-typing-extensions-[0-9]*:../../devel/py-typing-extensions a47 2 USE_PKG_RESOURCES= yes @ 1.40 log @py-acme py-certbot*: updated to 2.7.3 Certbot 2.7.3 Fixed Fixed a bug where arguments with contained spaces weren't being handled correctly Fixed a bug that caused the ACME account to not be properly restored on renewal causing problems in setups where the user had multiple accounts with the same ACME server. Certbot 2.7.2 Fixed certbot-dns-ovh plugin now requires lexicon>=3.15.1 to ensure a consistent behavior with OVH APIs. Fixed a bug where argument sources weren't correctly detected in abbreviated arguments, short arguments, and some other circumstances @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.39 2023/10/23 06:37:51 wiz Exp $ a19 1 TEST_DEPENDS+= ${PYPKGPREFIX}-test-[0-9]*:../../devel/py-test d50 1 a50 1 .include "../../lang/python/egg.mk" @ 1.39 log @*: update for Python base package change Instead of depending on one of the removed packages (that are now included in the base Python packages), include batteries-included.mk to require a Python version that supplies them. Remove now included packages. Bump PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.38 2023/10/11 18:27:03 adam Exp $ a5 1 PKGREVISION= 1 @ 1.38 log @py-acme py-certbot*: updated to 2.7.1 Certbot 2.7.1 Fixed a bug that broke the DNS plugin for DNSimple that was introduced in version 2.7.0 of the plugin. Correctly specified the new minimum version of the ConfigArgParse package that Certbot requires which is 1.5.3. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.37 2023/04/17 09:22:04 adam Exp $ d6 1 a20 1 TEST_DEPENDS+= ${PYPKGPREFIX}-readline-[0-9]*:../../devel/py-readline d51 1 @ 1.37 log @py-acme py-certbot*: updated to 2.5.0 Certbot 2.5.0 Added acme.messages.OrderResource now supports being round-tripped through JSON acme.client.ClientV2 now provides separate begin_finalization and poll_finalization methods, in addition to the existing finalize_order method. Changed --dns-route53-propagation-seconds is now deprecated. The Route53 plugin relies on the GetChange API to determine if a DNS update is complete. The flag has never had any effect and will be removed in a future version of Certbot. Packaged tests for all Certbot components besides josepy were moved inside the _internal/tests module. Fixed Fixed renew sometimes not preserving the key type of RSA certificates. Users who upgraded from Certbot =v2.0.0 may have had their RSA certificates inadvertently changed to ECDSA certificates. If desired, the key type may be changed back to RSA. See the User Guide. Deprecated flags were inadvertently not printing warnings since v1.16.0. This is now fixed. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.36 2022/11/26 18:01:35 adam Exp $ d11 1 a11 1 DEPENDS+= ${PYPKGPREFIX}-configargparse>=0.9.3:../../devel/py-configargparse @ 1.36 log @py-acme py-certbot*: updated to 2.0.0 Certbot 2.0.0 Added Support for Python 3.11 was added to Certbot and all of its components. acme.challenges.HTTP01Response.simple_verify now accepts a timeout argument which defaults to 30 that causes the verification request to timeout after that many seconds. Changed The default key type for new certificates is now ECDSA secp256r1 (P-256). It was previously RSA 2048-bit. Existing certificates are not affected. The Apache plugin no longer supports Apache 2.2. acme and Certbot no longer support versions of ACME from before the RFC 8555 standard. acme and Certbot no longer support the old urn:acme:error: ACME error prefix. Removed the deprecated certbot-dns-cloudxns plugin. Certbot will now error if a certificate has --reuse-key set and a conflicting --key-type, --key-size or --elliptic-curve is requested on the CLI. Use --new-key to change the key while preserving --reuse-key. 3rd party plugins no longer support the dist_name:plugin_name format on the CLI and in configuration files. Use the shorter plugin_name format. acme.client.Client, acme.client.ClientBase, acme.client.BackwardsCompatibleClientV2, acme.mixins, acme.client.DER_CONTENT_TYPE, acme.fields.Resource, acme.fields.resource, acme.magic_typing, acme.messages.OLD_ERROR_PREFIX, acme.messages.Directory.register, acme.messages.Authorization.resolved_combinations, acme.messages.Authorization.combinations have been removed. acme.messages.Directory now only supports lookups by the exact resource name string in the ACME directory (e.g. directory['newOrder']). Removed the deprecated source_address argument for acme.client.ClientNetwork. The zope based interfaces in certbot.interfaces have been removed in favor of the abc based interfaces found in the same module. Certbot no longer depends on zope. Removed deprecated function certbot.util.get_strict_version. Removed deprecated functions certbot.crypto_util.init_save_csr, certbot.crypto_util.init_save_key, and certbot.compat.misc.execute_command The attributes FileDisplay, NoninteractiveDisplay, SIDE_FRAME, input_with_timeout, separate_list_input, summarize_domain_list, HELP, and ESC from certbot.display.util have been removed. Removed deprecated functions certbot.tests.util.patch_get_utility*. Plugins should now patch certbot.display.util themselves in their tests or use certbot.tests.util.patch_display_util as a temporary workaround. Certbot's test API under certbot.tests now uses unittest.mock instead of the 3rd party mock library. Fixed Fixes a bug where the certbot working directory has unusably restrictive permissions on systems with stricter default umasks. Requests to subscribe to the EFF mailing list now time out after 60 seconds. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.35 2022/10/19 13:56:32 nia Exp $ d34 1 a34 1 SUBST_FILES.path+= tests/cli_test.py @ 1.35 log @fighting a losing battle against py-cryptography rustification, part 2 Switch users to versioned_dependencies.mk. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.34 2022/03/17 12:23:31 adam Exp $ a17 2 DEPENDS+= ${PYPKGPREFIX}-ZopeComponent-[0-9]*:../../devel/py-ZopeComponent DEPENDS+= ${PYPKGPREFIX}-ZopeInterface-[0-9]*:../../devel/py-ZopeInterface @ 1.34 log @py-acme py-certbot: updated to 1.25.0 Certbot 1.25.0 Changed Dropped 32 bit support for the Windows beta installer Windows beta installer is now distributed as "certbot-beta-installer-win_amd64.exe". Users of the Windows beta should uninstall the old version before running this. Added a check whether OCSP stapling is supported by the installer when requesting a certificate with the run subcommand in combination with the --must-staple option. If the installer does not support OCSP and the --must-staple option is used, Certbot will raise an error and quit. Certbot and its acme module now depend on josepy>=1.13.0 due to better type annotation support. Fixed Updated dependencies to use new version of cryptography that uses OpenSSL 1.1.1n, in response to https://www.openssl.org/news/secadv/20220315.txt. Certbot 1.24.0 Added When the --debug-challenges option is used in combination with -v, Certbot now displays the challenge URLs (for http-01 challenges) or FQDNs (for dns-01 challenges) and their expected return values. Changed Support for Python 3.6 was removed. All Certbot components now require setuptools>=41.6.0. The acme library now requires requests>=2.20.0. Certbot and its acme library now require pytz>=2019.3. certbot-nginx now requires pyparsing>=2.2.1. certbot-dns-route53 now requires boto3>=1.15.15. Fixed Nginx plugin now checks included files for the singleton server_names_hash_bucket_size directive. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.33 2022/02/10 21:23:32 adam Exp $ a12 1 DEPENDS+= ${PYPKGPREFIX}-cryptography>=2.5.0:../../security/py-cryptography d54 2 @ 1.33 log @py-acme py-certbot*: updated to 1.23.0 Certbot 1.23.0 Added Added show_account subcommand, which will fetch the account information from the ACME server and show the account details (account URL and, if applicable, email address or addresses) We deprecated support for Python 3.6 in Certbot and its ACME library. Support for Python 3.6 will be removed in the next major release of Certbot. Fixed GCP Permission list for certbot-dns-google in plugin documentation dns-digitalocean used the SOA TTL for newly created records, rather than 30 seconds. Revoking a certificate based on an ECDSA key can now be done with --key-path. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.32 2022/01/05 15:41:19 wiz Exp $ d15 1 a15 1 DEPENDS+= ${PYPKGPREFIX}-josepy>=1.9.0:../../security/py-josepy d17 1 a17 1 DEPENDS+= ${PYPKGPREFIX}-pytz-[0-9]*:../../time/py-pytz a18 1 DEPENDS+= ${PYPKGPREFIX}-setuptools>=39.0.1:../../devel/py-setuptools @ 1.32 log @python: egg.mk: add USE_PKG_RESOURCES flag This flag should be set for packages that import pkg_resources and thus need setuptools after the build step. Set this flag for packages that need it and bump PKGREVISION. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.31 2022/01/04 20:54:38 wiz Exp $ a2 1 PKGREVISION= 2 d13 1 a13 1 DEPENDS+= ${PYPKGPREFIX}-cryptography>=2.1.4:../../security/py-cryptography d15 1 a15 1 DEPENDS+= ${PYPKGPREFIX}-josepy>=1.1.0:../../security/py-josepy d28 1 @ 1.31 log @*: bump PKGREVISION for egg.mk users They now have a tool dependency on py-setuptools instead of a DEPENDS @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.30 2021/08/05 10:52:00 adam Exp $ d3 1 a3 1 PKGREVISION= 1 d47 2 @ 1.30 log @py-acme py-certbot*: updated to 1.18.0 1.18.0 Added New functions that Certbot plugins can use to interact with the user have been added to certbot.display.util. We plan to deprecate using IDisplay with zope in favor of these new functions in the future. The Plugin, Authenticator and Installer classes are added to certbot.interfaces module as alternatives to Certbot's current zope based plugin interfaces. The API of these interfaces is identical, but they are based on Python's abc module instead of zope. Certbot will continue to detect plugins that implement either interface, but we plan to drop support for zope based interfaces in a future version of Certbot. The class certbot.configuration.NamespaceConfig is added to the Certbot's public API. Changed When self-validating HTTP-01 challenges using acme.challenges.HTTP01Response.simple_verify, we now assume that the response is composed of only ASCII characters. Previously we were relying on the default behavior of the requests library which tries to guess the encoding of the response which was error prone. acme: the .client.Client and .client.BackwardsCompatibleClientV2 classes are now deprecated in favor of .client.ClientV2. The certbot.tests.patch_get_utility* functions have been deprecated. Plugins should now patch certbot.display.util themselves in their tests or use certbot.tests.util.patch_display_util as a temporary workaround. In order to simplify the transition to Certbot's new plugin interfaces, the classes Plugin and Installer in certbot.plugins.common module and certbot.plugins.dns_common.DNSAuthenticator now implement Certbot's new plugin interfaces. The Certbot plugins based on these classes are now automatically detected as implementing these interfaces. We added a dependency on chardet to our acme library so that it will be used over charset_normalizer in newer versions of requests. Fixed The Apache authenticator no longer crashes with "Unable to insert label" when encountering a completely empty vhost. This issue affected Certbot 1.17.0. Users of the Certbot snap on Debian 9 (Stretch) should no longer encounter an "access denied" error when installing DNS plugins. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.29 2021/02/09 10:06:41 adam Exp $ d3 1 @ 1.29 log @py-acme py-certbot*: updated to 1.12.0 1.12.0 Changed The --preferred-chain flag now only checks the Issuer Common Name of the topmost (closest to the root) certificate in the chain, instead of checking every certificate in the chain. Support for Python 2 has been removed. In previous releases, we caused certbot-auto to stop updating its Certbot installation. In this release, we are beginning to disable updates to the certbot-auto script itself. This release includes Amazon Linux users, and all other systems that are not based on Debian or RHEL. We plan to make this change to the certbot-auto script for all users in the coming months. Fixed Fixed the apache component on openSUSE Tumbleweed which no longer provides an apache2ctl symlink and uses apachectl instead. Fixed a typo in certbot/crypto_util.py causing an error upon attempting secp521r1 key generation @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.28 2020/10/18 18:45:03 adam Exp $ d10 1 a10 1 DEPENDS+= ${PYPKGPREFIX}-acme>=1.8.0:../../security/py-acme @ 1.28 log @py-acme py-certbot: updated to 1.9.0 Certbot 1.9.0 Added --preconfigured-renewal flag, for packager use only. See the packaging guide. Changed certbot-auto was deprecated on all systems except for those based on Debian or RHEL. Update the packaging instructions to promote usage of python -m pytest to test Certbot instead of the deprecated python setup.py test setuptools approach. Reduced CLI logging when reloading nginx, if it is not running. Reduced CLI logging when handling some kinds of errors. Fixed Fixed server_name case-sensitivity in the nginx plugin. The minimum version of the acme library required by Certbot was corrected. In the previous release, Certbot said it required acme>=1.6.0 when it actually required acme>=1.8.0 to properly support removing contact information from an ACME account. Upgraded the version of httplib2 used in our snaps and Docker images to add support for proxy environment variables and fix the plugin for Google Cloud DNS. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.27 2020/09/30 09:03:45 adam Exp $ d12 2 a13 2 DEPENDS+= ${PYPKGPREFIX}-configobj-[0-9]*:../../devel/py-configobj DEPENDS+= ${PYPKGPREFIX}-cryptography>=1.2.3:../../security/py-cryptography d16 1 a16 1 DEPENDS+= ${PYPKGPREFIX}-parsedatetime>=1.3:../../time/py-parsedatetime d19 1 a19 1 DEPENDS+= ${PYPKGPREFIX}-setuptools-[0-9]*:../../devel/py-setuptools a23 1 TEST_DEPENDS+= ${PYPKGPREFIX}-mock-[0-9]*:../../devel/py-mock @ 1.27 log @py-acme py-certbot*: updated to 1.8.0 Certbot 1.8.0 Added Added the ability to remove email and phone contact information from an account using update_account --register-unsafely-without-email Changed Support for Python 3.5 has been removed. Fixed The problem causing the Apache plugin in the Certbot snap on ARM systems to fail to load the Augeas library it depends on has been fixed. The acme library can now tell the ACME server to clear contact information by passing an empty tuple to the contact field of a Registration message. Fixed the *** stack smashing detected *** error in the Certbot snap on some systems. More details about these changes can be found on our GitHub repo. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.26 2020/08/31 23:07:04 wiz Exp $ d10 1 a10 1 DEPENDS+= ${PYPKGPREFIX}-acme>=1.6.0:../../security/py-acme @ 1.26 log @*: switch to versioned_dependencies.mk for py-setuptools @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.25 2020/05/17 19:34:12 adam Exp $ d10 1 a10 1 DEPENDS+= ${PYPKGPREFIX}-acme>=1.4.0:../../security/py-acme a15 1 DEPENDS+= ${PYPKGPREFIX}-mock-[0-9]*:../../devel/py-mock d19 1 d24 1 d26 1 a29 3 PYTHON_VERSIONED_DEPENDENCIES+= test:test PYTHON_VERSIONED_DEPENDENCIES+= setuptools d38 1 a53 1 .include "../../lang/python/versioned_dependencies.mk" @ 1.25 log @pytest from versioned depends @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.24 2020/05/07 10:53:44 adam Exp $ a19 1 DEPENDS+= ${PYPKGPREFIX}-setuptools-[0-9]*:../../devel/py-setuptools d28 2 a29 1 PYTHON_VERSIONED_DEPENDENCIES= test:test @ 1.24 log @py-acme/py-certbot*: updated to 1.4.0 1.4.0: Added * Turn off session tickets for apache plugin by default when appropriate. * Added serial number of certificate to the output of `certbot certificates` * Expose two new environment variables in the authenticator and cleanup scripts used by the `manual` plugin: `CERTBOT_REMAINING_CHALLENGES` is equal to the number of challenges remaining after the current challenge, `CERTBOT_ALL_DOMAINS` is a comma-separated list of all domains challenged for the current certificate. * Added TLS-ALPN-01 challenge support in the `acme` library. Support of this challenge in the Certbot client is planned to be added in a future release. * Added minimal proxy support for OCSP verification. * On Windows, hooks are now executed in a Powershell shell instead of a CMD shell, allowing both `*.ps1` and `*.bat` as valid scripts for Certbot. Changed * Reorganized error message when a user entered an invalid email address. * Stop asking interactively if the user would like to add a redirect. * `mock` dependency is now conditional on Python 2 in all of our packages. * Deprecate certbot-auto on Gentoo, macOS, and FreeBSD. Fixed * When using an RFC 8555 compliant endpoint, the `acme` library no longer sends the `resource` field in any requests or the `type` field when responding to challenges. * Fix nginx plugin crash when non-ASCII configuration file is being read (instead, the user will be warned that UTF-8 must be used). * Fix hanging OCSP queries during revocation checking - added a 10 second timeout. * Standalone servers now have a default socket timeout of 30 seconds, fixing cases where an idle connection can cause the standalone plugin to hang. * Parsing of the RFC 8555 application/pem-certificate-chain now tolerates CRLF line endings. This should fix interoperability with Buypass' services. More details about these changes can be found on our GitHub repo. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.23 2020/03/22 22:32:29 rillig Exp $ a25 1 TEST_DEPENDS+= ${PYPKGPREFIX}-test-[0-9]*:../../devel/py-test d29 2 d54 1 @ 1.23 log @security/py-certbot: remove nonexistent files from SUBST block @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.22 2019/12/15 09:48:37 adam Exp $ d10 1 a10 1 DEPENDS+= ${PYPKGPREFIX}-acme>=0.40.0:../../security/py-acme @ 1.22 log @py-acme/py-cerbot-*: updated to 1.0.0 Certbot 1.0.0 Removed: * The docs extras for the certbot-apache and certbot-nginx packages have been removed. Changed: * certbot-auto has deprecated support for systems using OpenSSL 1.0.1 that are not running on x86-64. This primarily affects RHEL 6 based systems. * Certbot's config_changes subcommand has been removed * certbot.plugins.common.TLSSNI01 has been removed. * Deprecated attributes related to the TLS-SNI-01 challenge in acme.challenges and acme.standalone have been removed. * The functions certbot.client.view_config_changes, certbot.main.config_changes, certbot.plugins.common.Installer.view_config_changes, certbot.reverter.Reverter.view_config_changes, and certbot.util.get_systemd_os_info have been removed * Certbot's register --update-registration subcommand has been removed * When possible, default to automatically configuring the webserver so all requests redirect to secure HTTPS access. This is mostly relevant when running Certbot in non-interactive mode. Previously, the default was to not redirect all requests. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.21 2019/10/02 17:36:43 adam Exp $ d37 2 a38 5 SUBST_FILES.path+= certbot/cert_manager.py SUBST_FILES.path+= certbot/cli.py SUBST_FILES.path+= certbot/compat/misc.py SUBST_FILES.path+= certbot/tests/cli_test.py SUBST_SED.path+= -e 's,/etc/letsencrypt,${PKG_SYSCONFDIR},g' @ 1.21 log @py-acme/py-certbot: updated to 0.39.0 0.39.0: Added Support for Python 3.8 was added to Certbot and all of its components. Support for CentOS 8 was added to certbot-auto. Changed Don't send OCSP requests for expired certificates Return to using platform.linux_distribution instead of distro.linux_distribution in OS fingerprinting for Python < 3.8 Updated the Nginx plugin's TLS configuration to keep support for some versions of IE11. Fixed Fixed OS detection in the Apache plugin on RHEL 6. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.20 2019/10/02 10:40:56 triaxx Exp $ d10 1 a10 1 DEPENDS+= ${PYPKGPREFIX}-acme>=0.29.0:../../security/py-acme @ 1.20 log @py-certbot: update to 0.38nb3 pkgsrc changes -------------- * s/wip/devel/ for py-distro dependency (wip was for test only but committed by inattention) @ text @d1 3 a3 1 # $NetBSD: Makefile,v 1.19 2019/10/02 08:38:42 wiz Exp $ a5 1 PKGREVISION= 3 a7 1 MAINTAINER= fhajny@@NetBSD.org a9 4 .include "../../security/py-certbot/Makefile.common" #EGG_NAME= ${DISTNAME} d14 1 a14 1 DEPENDS+= ${PYPKGPREFIX}-distro>=1.2.0:../../devel/py-distro d17 1 a17 1 DEPENDS+= ${PYPKGPREFIX}-parsedatetime>=2.0:../../time/py-parsedatetime @ 1.19 log @py-certbot: wip dependencies are not allowed in main pkgsrc @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.18 2019/10/01 13:53:45 wiz Exp $ d4 1 a4 1 PKGREVISION= 2 d18 1 a18 1 #DEPENDS+= ${PYPKGPREFIX}-distro>=1.2.0:../../wip/py-distro @ 1.18 log @py-certbot: bump PKGREVISION for added dependency @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.17 2019/10/01 13:29:58 triaxx Exp $ d4 1 a4 1 PKGREVISION= 1 d18 1 a18 1 DEPENDS+= ${PYPKGPREFIX}-distro>=1.2.0:../../wip/py-distro @ 1.17 log @py-certbot: fix PR pkg/54588 pkgsrc changes: --------------- * Add devel/py-distro as a runtime dependency. Certbot claims >=1.0.1 but non-linux distribution are supported only from 1.2.0. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.16 2019/06/12 10:27:37 adam Exp $ d4 1 @ 1.16 log @py-acme,py-certbot*: updated to 0.35.1 0.35.1: Fixed Support for specifying an authoritative base domain in our dns-rfc2136 plugin has been removed. This feature was added in our last release but had a bug which caused the plugin to fail so the feature has been removed until it can be added properly. Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only package with changes other than its version number was: certbot-dns-rfc2136 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.15 2019/06/11 14:22:01 triaxx Exp $ d17 1 @ 1.16.4.1 log @Pullup ticket #6071 - requested by taca devel/py-distro: dependent addition security/py-certbot: bugfix Revisions pulled up: - devel/Makefile 1.2921 - devel/py-distro/ALTERNATIVES 1.1 - devel/py-distro/DESCR 1.1 - devel/py-distro/Makefile 1.1-1.2 - devel/py-distro/PLIST 1.1 - devel/py-distro/distinfo 1.1 - security/py-certbot/Makefile 1.17-1.20 --- Module Name: pkgsrc Committed By: triaxx Date: Tue Oct 1 13:22:55 UTC 2019 Added Files: pkgsrc/devel/py-distro: DESCR Makefile PLIST distinfo Log Message: py-distro: import to version 1.4.0 Thanks to Aleksej for importing 1.1.0 in wip. --- Module Name: pkgsrc Committed By: triaxx Date: Tue Oct 1 13:24:35 UTC 2019 Modified Files: pkgsrc/devel: Makefile Log Message: Import py-distro to version 1.4.0 --- Module Name: pkgsrc Committed By: triaxx Date: Tue Oct 1 13:29:58 UTC 2019 Modified Files: pkgsrc/security/py-certbot: Makefile Log Message: py-certbot: fix PR pkg/54588 pkgsrc changes: --------------- * Add devel/py-distro as a runtime dependency. Certbot claims >=3D1.0.1= but non-linux distribution are supported only from 1.2.0. --- Module Name: pkgsrc Committed By: adam Date: Wed Oct 2 10:04:59 UTC 2019 Modified Files: pkgsrc/devel/py-distro: Makefile Added Files: pkgsrc/devel/py-distro: ALTERNATIVES Log Message: py-distro: cleanup --- Module Name: pkgsrc Committed By: wiz Date: Tue Oct 1 13:53:45 UTC 2019 Modified Files: pkgsrc/security/py-certbot: Makefile Log Message: py-certbot: bump PKGREVISION for added dependency --- Module Name: pkgsrc Committed By: wiz Date: Wed Oct 2 08:38:42 UTC 2019 Modified Files: pkgsrc/security/py-certbot: Makefile Log Message: py-certbot: wip dependencies are not allowed in main pkgsrc --- Module Name: pkgsrc Committed By: triaxx Date: Wed Oct 2 10:40:56 UTC 2019 Modified Files: pkgsrc/security/py-certbot: Makefile Log Message: py-certbot: update to 0.38nb3 pkgsrc changes -------------- * s/wip/devel/ for py-distro dependency (wip was for test only but committed by inattention) @ text @d1 1 a1 1 # $NetBSD$ a3 1 PKGREVISION= 3 a16 1 DEPENDS+= ${PYPKGPREFIX}-distro>=1.2.0:../../devel/py-distro @ 1.15 log @py-acme: update to 0.35.0 py-certbot: update to 0.35.0 py-certbot-apache: update to 0.35.0 py-certbot-dns-luadns: update to 0.35.0 py-certbot-dns-nsone: update to 0.35.0 py-certbot-dns-ovh: update to 0.35.0 py-certbot-dns-rfc2136: update to 0.35.0 py-certbot-dns-route53: update to 0.35.0 py-certbot-dns-sakuracloud: update to 0.35.0 py-certbot-nginx: update to 0.35.0 pkgsrc changes: --------------- * Add py-certbot/Makefile.common to make version number coherent upstream changes: ----------------- - Added o dns_rfc2136 plugin now supports explicitly specifing an authorative base domain for cases when the automatic method does not work (e.g. Split horizon DNS) - Fixed o Renewal parameter webroot_path is always saved, avoiding some regressions when webroot authenticator plugin is invoked with no challenge to perform. o Certbot now accepts OCSP responses when an explicit authorized responder, different from the issuer, is used to sign OCSP responses. o Scripts in Certbot hook directories are no longer executed when their filenames end in a tilde. - Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only package with changes other than its version number was: o certbot o certbot-dns-rfc2136 @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.14 2019/05/17 06:46:30 adam Exp $ d11 1 a11 1 EGG_NAME= ${DISTNAME} @ 1.14 log @py-acme py-certbot*: updated to 0.34.2 0.34.2: Fixed certbot-auto no longer writes a check_permissions.py script at the root of the filesystem. Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only changes in this release were to certbot-auto. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.13 2019/05/07 08:50:36 adam Exp $ d3 1 a3 3 DISTNAME= certbot-0.34.2 PKGNAME= ${PYPKGPREFIX}-${DISTNAME} CATEGORIES= security python a6 1 HOMEPAGE= https://github.com/certbot/certbot d8 2 a9 1 LICENSE= apache-2.0 a31 2 USE_LANGUAGES= # none @ 1.13 log @py-acme,py-cerbot*: updated to 0.34.1 0.34.1: Fixed certbot-auto no longer prints a blank line when there are no permissions problems. Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only changes in this release were to certbot-auto. More details about these changes can be found on our GitHub repo. 0.34.0: Changed Apache plugin now tries to restart httpd on Fedora using systemctl if a configuration test error is detected. This has to be done due to the way Fedora now generates the self signed certificate files upon first restart. Updated Certbot and its plugins to improve the handling of file system permissions on Windows as a step towards adding proper Windows support to Certbot. Updated urllib3 to 1.24.2 in certbot-auto. Removed the fallback introduced with 0.32.0 in acme to retry a challenge response with a keyAuthorization if sending the response without this field caused a malformed error to be received from the ACME server. Linode DNS plugin now supports api keys created from their new panel at cloud.linode.com Adding a warning noting that future versions of Certbot will automatically configure the webserver so that all requests redirect to secure HTTPS access. You can control this behavior and disable this warning with the --redirect and --no-redirect flags. certbot-auto now prints warnings when run as root with insecure file system permissions. If you see these messages, you should fix the problem by following the instructions at https://community.letsencrypt.org/t/certbot-auto-deployment-best-practices/91979/, however, these warnings can be disabled as necessary with the flag --no-permissions-check. acme module uses now a POST-as-GET request to retrieve the registration from an ACME v2 server Convert the tsig algorithm specified in the certbot_dns_rfc2136 configuration file to all uppercase letters before validating. This makes the value in the config case insensitive. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.12 2019/04/08 15:48:31 adam Exp $ d3 1 a3 1 DISTNAME= certbot-0.34.1 @ 1.12 log @py-acme,py-certbot*: updated to 0.33.1 0.33.1: Fixed A bug causing certbot-auto to print warnings or crash on some RHEL based systems has been resolved. Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only changes in this release were to certbot-auto. 0.33.0: Added Fedora 29+ is now supported by certbot-auto. Since Python 2.x is on a deprecation path in Fedora, certbot-auto will install and use Python 3.x on Fedora 29+. CLI flag --https-port has been added for Nginx plugin exclusively, and replaces --tls-sni-01-port. It defines the HTTPS port the Nginx plugin will use while setting up a new SSL vhost. By default the HTTPS port is 443. Changed Support for TLS-SNI-01 has been removed from all official Certbot plugins. Attributes related to the TLS-SNI-01 challenge in acme.challenges and acme.standalone modules are deprecated and will be removed soon. CLI flags --tls-sni-01-port and --tls-sni-01-address are now no-op, will generate a deprecation warning if used, and will be removed soon. Options tls-sni and tls-sni-01 in --preferred-challenges flag are now no-op, will generate a deprecation warning if used, and will be removed soon. CLI flag --standalone-supported-challenges has been removed. Fixed Certbot uses the Python library cryptography for OCSP when cryptography>=2.5 is installed. We fixed a bug in Certbot causing it to interpret timestamps in the OCSP response as being in the local timezone rather than UTC. Issue causing the default CentOS 6 TLS configuration to ignore some of the HTTPS VirtualHosts created by Certbot. mod_ssl loading is now moved to main http.conf for this environment where possible. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.11 2019/03/10 15:23:50 adam Exp $ d3 1 a3 1 DISTNAME= certbot-0.33.1 d45 1 a45 1 SUBST_FILES.path+= certbot/compat.py @ 1.11 log @py-certbot: updated to 0.32.0 Added If possible, Certbot uses built-in support for OCSP from recent cryptography versions instead of the OpenSSL binary: as a consequence Certbot does not need the OpenSSL binary to be installed anymore if cryptography>=2.5 is installed. Changed Certbot and its acme module now depend on josepy>=1.1.0 to avoid printing the warnings described at https://github.com/certbot/josepy/issues/13. Apache plugin now respects CERTBOT_DOCS environment variable when adding command line defaults. The running of manual plugin hooks is now always included in Certbot's log output. Tests execution for certbot, certbot-apache and certbot-nginx packages now relies on pytest. An ACME CA server may return a "Retry-After" HTTP header on authorization polling, as specified in the ACME protocol, to indicate when the next polling should occur. Certbot now reads this header if set and respect its value. The acme module avoids sending the keyAuthorization field in the JWS payload when responding to a challenge as the field is not included in the current ACME protocol. To ease the migration path for ACME CA servers, Certbot and its acme module will first try the request without the keyAuthorization field but will temporarily retry the request with the field included if a malformed error is received. This fallback will be removed in version 0.34.0. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.10 2019/02/12 12:56:31 adam Exp $ d3 1 a3 1 DISTNAME= certbot-0.32.0 @ 1.10 log @py-acme,py-certbot*: updated to 0.31.0 0.31.0: Added Avoid reprocessing challenges that are already validated when a certificate is issued. Support for initiating (but not solving end-to-end) TLS-ALPN-01 challenges with the acme module. Changed Certbot's official Docker images are now based on Alpine Linux 3.9 rather than 3.7. The new version comes with OpenSSL 1.1.1. Lexicon-based DNS plugins are now fully compatible with Lexicon 3.x (support on 2.x branch is maintained). Apache plugin now attempts to configure all VirtualHosts matching requested domain name instead of only a single one when answering the HTTP-01 challenge. Fixed Fixed accessing josepy contents through acme.jose when the full acme.jose path is used. Clarify behavior for deleting certs as part of revocation. Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only package with changes other than its version number was: acme certbot certbot-apache certbot-dns-cloudxns certbot-dns-dnsimple certbot-dns-dnsmadeeasy certbot-dns-gehirn certbot-dns-linode certbot-dns-luadns certbot-dns-nsone certbot-dns-ovh certbot-dns-sakuracloud More details about these changes can be found on our GitHub repo. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.9 2018/12/15 21:12:23 wiz Exp $ d3 1 a3 1 DISTNAME= certbot-0.31.0 d19 1 a19 1 DEPENDS+= ${PYPKGPREFIX}-josepy-[0-9]*:../../security/py-josepy @ 1.9 log @*: update email for fhajny @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.8 2018/03/13 10:08:51 fhajny Exp $ d3 1 d5 2 a6 1 CATEGORIES= security d8 2 a10 1 MAINTAINER= fhajny@@NetBSD.org d15 1 a15 3 .include "Makefile.common" DEPENDS+= ${PYPKGPREFIX}-acme-${PKGVERSION_NOREV}{nb*,}:../../security/py-acme d18 1 a18 1 DEPENDS+= ${PYPKGPREFIX}-cryptography>=1.2:../../security/py-cryptography d24 1 a24 1 DEPENDS+= ${PYPKGPREFIX}-six-[0-9]*:../../lang/py-six a26 1 d29 6 a34 1 BUILD_DEPENDS+= ${PYPKGPREFIX}-readline-[0-9]*:../../devel/py-readline d43 4 a46 2 SUBST_FILES.path+= certbot/constants.py certbot/display/ops.py SUBST_FILES.path+= certbot/plugins/*.py certbot/tests/*.py d53 1 a53 1 INSTALLATION_DIRS+= share/examples/certbot d56 2 a57 2 ${MV} ${DESTDIR}${PREFIX}/bin/certbot \ ${DESTDIR}${PREFIX}/bin/certbot${PYVERSSUFFIX} d59 1 a59 1 ${DESTDIR}${PREFIX}/share/examples/certbot @ 1.8 log @security/py-certbot: Update to 0.22.0 ### Added - Support for obtaining wildcard certificates and a newer version of the ACME protocol such as the one implemented by Let's Encrypt's upcoming ACMEv2 endpoint was added to Certbot and its ACME library. Certbot still works with older ACME versions and will automatically change the version of the protocol used based on the version the ACME CA implements. - The Apache and Nginx plugins are now able to automatically install a wildcard certificate to multiple virtual hosts that you select from your server configuration. - The `certbot install` command now accepts the `--cert-name` flag for selecting a certificate. - `acme.client.BackwardsCompatibleClientV2` was added to Certbot's ACME library which automatically handles most of the differences between new and old ACME versions. `acme.client.ClientV2` is also available for people who only want to support one version of the protocol or want to handle the differences between versions themselves. - certbot-auto now supports the flag --install-only which has the script install Certbot and its dependencies and exit without invoking Certbot. - Support for issuing a single certificate for a wildcard and base domain was added to our Google Cloud DNS plugin. To do this, we now require your API credentials have additional permissions, however, your credentials will already have these permissions unless you defined a custom role with fewer permissions than the standard DNS administrator role provided by Google. These permissions are also only needed for the case described above so it will continue to work for existing users. For more information about the permissions changes, see the documentation in the plugin. ### Changed - We have broken lockstep between our ACME library, Certbot, and its plugins. This means that the different components do not need to be the same version to work together like they did previously. This makes packaging easier because not every piece of Certbot needs to be repackaged to ship a change to a subset of its components. - Support for Python 2.6 and Python 3.3 has been removed from ACME, Certbot, Certbot's plugins, and certbot-auto. If you are using certbot-auto on a RHEL 6 based system, it will walk you through the process of installing Certbot with Python 3 and refuse to upgrade to a newer version of Certbot until you have done so. - Certbot's components now work with older versions of setuptools to simplify packaging for EPEL 7. ### Fixed - Issues caused by Certbot's Nginx plugin adding multiple ipv6only directives has been resolved. - A problem where Certbot's Apache plugin would add redundant include directives for the TLS configuration managed by Certbot has been fixed. - Certbot's webroot plugin now properly deletes any directories it creates. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.7 2018/01/22 13:37:25 fhajny Exp $ d7 1 a7 1 MAINTAINER= filip@@joyent.com @ 1.7 log @Update security/py-{acme,certbot} to 0.21.0. ### Added - Support for the HTTP-01 challenge type was added to our Apache and Nginx plugins. - IPv6 support was added to the Nginx plugin. - Support for automatically creating server blocks based on the default server block was added to the Nginx plugin. - The flags --delete-after-revoke and --no-delete-after-revoke were added allowing users to control whether the revoke subcommand also deletes the certificates it is revoking. ### Changed - We deprecated support for Python 2.6 and Python 3.3 in Certbot and its ACME library. - We split our implementation of JOSE (Javascript Object Signing and Encryption) out of our ACME library and into a separate package named josepy. - We updated the ciphersuites used in Apache to the new values recommended by Mozilla ### Fixed - An issue with our Apache plugin on Gentoo due to differences in their apache2ctl command have been resolved. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.6 2017/12/09 16:39:03 fhajny Exp $ d18 1 @ 1.6 log @Update security/py-{acme,certbot} to 0.20.0. 0.20.0 - 2017-12-06 - Certbot's ACME library now recognizes URL fields in challenge objects in preparation for Let's Encrypt's new ACME endpoint. - The Apache plugin now parses some distro specific Apache configuration files on non-Debian systems allowing it to get a clearer picture on the running configuration. - Certbot better reports network failures by removing information about connection retries from the error output. - An unnecessary question when using Certbot's webroot plugin interactively has been removed. - Certbot's NGINX plugin no longer sometimes incorrectly reports that it was unable to deploy a HTTP->HTTPS redirect when requesting Certbot to enable a redirect for multiple domains. - Problems where the Apache plugin was failing to find directives and duplicating existing directives on openSUSE have been resolved. - An issue running the test shipped with Certbot and some our DNS plugins with older versions of mock have been resolved. - On some systems, users reported strangely interleaved output depending on when stdout and stderr were flushed. 0.19.0 - 2017-10-04 - Certbot now has renewal hook directories where executable files can be placed for Certbot to run with the renew subcommand. - After revoking a certificate with the revoke subcommand, Certbot will offer to delete the lineage associated with the certificate. - When using Certbot's Google Cloud DNS plugin on Google Compute Engine, you no longer have to provide a credential file to Certbot if you have configured sufficient permissions for the instance which Certbot can automatically obtain using Google's metadata service. - When deleting certificates interactively using the delete subcommand, Certbot will now allow you to select multiple lineages to be deleted at once. - Certbot's Apache plugin no longer always parses Apache's sites-available on Debian based systems and instead only parses virtual hosts included in your Apache configuration. - The plugins subcommand can now be run without root access. - certbot-auto now includes a timeout when updating itself so it no longer hangs indefinitely when it is unable to connect to the external server. - An issue where Certbot's Apache plugin would sometimes fail to deploy a certificate on Debian based systems if mod_ssl wasn't already enabled has been resolved. - A bug in our Docker image where the certificates subcommand could not report if certificates maintained by Certbot had been revoked has been fixed. - Certbot's RFC 2136 DNS plugin (for use with software like BIND) now properly performs DNS challenges when the domain being verified contains a CNAME record. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.5 2017/05/11 08:23:35 fhajny Exp $ a18 1 DEPENDS+= ${PYPKGPREFIX}-OpenSSL-[0-9]*:../../security/py-OpenSSL @ 1.5 log @Update py-certbot and py-acme to 0.14.0. Use ALTERNATIVES to handle different Python versions better. 0.14.0 - 2017-05-04 Added - Python 3.3+ support for all Certbot packages. certbot-auto still currently only supports Python 2, but the acme, certbot, certbot-apache, and certbot-nginx packages on PyPI now fully support Python 2.6, 2.7, and 3.3+. - Certbot's Apache plugin now handles multiple virtual hosts per file. - Lockfiles to prevent multiple versions of Certbot running simultaneously. Changed - When converting an HTTP virtual host to HTTPS in Apache, Certbot only copies the virtual host rather than the entire contents of the file it's contained in. - The Nginx plugin now includes SSL/TLS directives in a separate file located in Certbot's configuration directory rather than copying the contents of the file into every modified server block. Fixed - Ensure logging is configured before parts of Certbot attempt to log any messages. - Support for the --quiet flag in certbot-auto. - Reverted a change made in a previous release to make the acme and certbot packages always depend on argparse. This dependency is conditional again on the user's Python version. - Small bugs in the Nginx plugin such as properly handling empty server blocks and setting server_names_hash_bucket_size during challenges. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.4 2017/04/10 10:29:38 fhajny Exp $ d17 1 a17 1 DEPENDS+= ${PYPKGPREFIX}-cryptography>=0.7:../../security/py-cryptography @ 1.4 log @Fix stale and missing dependencies in py-acme and py-certbot. PKGREVISION++ @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.3 2017/01/12 16:02:44 fhajny Exp $ a3 1 PKGREVISION= 1 a11 4 # Only supports Python 2.6 and 2.7 so far # https://github.com/certbot/certbot#system-requirements PYTHON_VERSIONS_ACCEPTED= 27 a14 1 DEPENDS+= ${PYPKGPREFIX}-argparse-[0-9]*:../../devel/py-argparse d49 2 @ 1.3 log @Update security/py-{acme,certbot} to 0.10.0. No changelog released, commits closed for 0.10.0: - Stop IDisplay AssertionErrors - Add update_symlinks to "--help manage" - Hide rename command for 0.10.0 - Disable rename command for 0.10.0 - Break on failure to deploy cert - Incorrect success condition in nginx - certbot delete and rename evoke IDisplay - Put update_symlinks in certbot --help manage - Fix Error Message for invalid FQDNs - pyopenssl inject workaround - pyparsing.restOfLine is not a function, don't call it - Add information on updating [certbot|letsencrypt]-auto - Remove quotes so tilde is expanded - Correctly report when we skip hooks during renewal - Add line number to Augeas syntax error message - Mention line in (Apache) conf file in case of Augeas parse/syntax error - Fixes #3954 and adds a test to prevent regressions - Further OCSP improvements - `-n` doesn't like `force_interactive`? - Save allow_subset_of_names in renewal conf files - I promise checklists are OK (fixes #3934) - Return domains for _find_domains_or_certname - --cert-name causes explosions when trying to use "run" as an installer - Interactivity glitch in git master - Document some particularities of the revoke subcommand - test using os.path.sep not hardcoded / - Save --pre and --post hooks in renewal conf files, and run them in a sophisticated way - Don't add ServerAlias directives when the domain is already covered by a wildcard - Mitigate problems for people who run without -n - Use relative paths for livedir symlinks - Implement delete command - Use isatty checks before asking new questions - Ensure apt-cache is always running in English if we're going to grep - Sort the names by domain (then subdomain) before showing them - Merge the manual and script plugins - --allow-subset-of-names should probably be a renewalparam - Fix certbox-nginx address equality check - Implement our fancy new --help output - Make renew command respect the --cert-name flag - Error when using non-english locale on Debian - Document defaults - Improve simple --help output - Add pyasn1 back to le-auto - Mark Nginx vhosts as ssl when any vhost is on ssl at that address - Fully check for Nginx address equality - Preserve --must-staple in configuration for renewal (#3844) - Git master certbot is making executable renewal conf files? - Improve the "certbot certificates" output - Renewal: Preserve 'OCSP Must Staple' (option --must-staple) - Security enhancement cleanup - Parallalelise nosetests from tox - "certbot certificates" is API-like, so make it future-proof - Fix LE_AUTO_SUDO usage - Remove the sphinxcontrib.programout [docs]dependency - No more relative path connection from live-crt to archive-crt files - Ensure tests pass with openssl 1.1 - Output success message for revoke command - acme module fails tests with openssl 1.1 - Pin pyopenssl 16.2.0 in certbot-auto - Fixed output of `certbot-auto --version`(#3637). - Take advantage of urllib3 pyopenssl rewrite - Busybox support - Fix --http-01-port typo at source - Implement the --cert-name flag to select a lineage by its name. - Fix reinstall message - Changed plugin interface return types (#3748). - Remove letshelp-letsencrypt - Bump pyopenssl version - Bump python-cryptography to 1.5.3 - Remove get_all_certs_keys() from Apache and Nginx - Further merge --script-* with --*-hook - Certbot opens curses sessions for informational notices, breaking automation - Fix writing pem files with Python3 - Strange reinstallation errors - Don't re-add redirects if one exists - Use subprocess.Popen.terminate instead of os.killpg - Generalize return types for plugin interfaces - Don't re-append Nginx redirect directive - Cli help is sometimes wrong about what the default for something is - [certbot-auto] Bump cryptography version to 1.5.2 - python-cryptography build failure on sid - Remove sphinxcontrib-programoutput dependency? - Allow notification interface to not wrap text - Fix non-ASCII domain check. - Add renew_hook to options stored in the renewal config, #3394 - Where oh where has sphinxcontrib-programoutput gone? - Remove some domain name checks. - Allowing modification check to run using "tox" - How to modify *-auto - Don't crash when U-label IDN provided on command line - Add README file to each live directory explaining its contents. - Allow user to select all domains by typing empty string at checklist - Fix issue with suggest_unsafe undeclared - Update docs/contributing.rst to match display behavior during release. - Referencing unbound variable in certbot.display.ops.get_email - Add list-certs command - Remove the curses dialog, thereby deprecating the --help and --dialog command line options - Remove the curses dialog, thereby deprecating the --help and --dialog command line options - Specify archive directory in renewal configuration file - 0.9.1 fails in non-interactive use (pythondialog, error opening terminal) - Allow certbot to get a cert for default_servers - [nginx] Cert for two domains in one virtaulhost fails - [nginx] --hsts and --uir flags not working? - `certbot-auto --version` still says `letsencrypt 0.9.3` (should say `certbot 0.9.3`?) - Add a cli option for "all domains my installer sees" - Stop rejecting punycode domain names - Standalone vs. Apache for available ports - nginx-compatibility-weirdness - Support requesting IDNA2008 Punycode domains - Cert Management Improvement Project (C-MIP) - Add --lineage command line option for nicer SAN management. - Fix requirements.txt surgery in response to shipping certbot-nginx - Use correct Content-Types in headers. - Missing Content-Type 'application/json' in POST requests - Script plugin - Inconsistent error placement - Server alias [revision requested] - When getopts is called multiple time we need to reset OPTIND. - certbot-auto: Print link to doc on debugging pip install error [revision requested] - Update ACME error namespace to match the new draft. - Update errors to match latest ACME version. - Testing the output of build.py against lea-source/lea - Make return type of certbot.interfaces.IInstaller.get_all_keys_certs() an iterator - Fix requirements file surgery for 0.10.0 release - Update Where Are My Certs section. - Hooks do not get stored in renewal config file - Multiple vhosts - Bind to IPv6, fix the problem of ipv6 site cannot generate / renew certificate [revision requested] - Warning message for low memory servers - Run simple certbot-auto tests with `tox` - letsencrypt-auto-source/letsencrypt-auto should be the output of build.py - DialogError should come with --text instructions - Support correct error namespace - Verification URL after successful certificate configuration can't be opened from terminal - Use appropriate caution when handling configurations that have complex rewrite logic - `revoke` doesn't output any status - adding -delete option to remove the cert files - Stop using simple_verify in manual plugin - Ways of specifying what to renew - Allow removing SAN from multidomain certificate when renewing - Dialog is sometimes ugly - Allow user to override sudo as root authorization method [minor revision requested] - Add a README file to each live directory explaining its contents - ExecutableNotFound @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.2 2016/10/11 09:23:35 fhajny Exp $ d4 1 d20 1 a23 1 DEPENDS+= ${PYPKGPREFIX}-dialog>=3.2.2rc1:../../devel/py-dialog2 @ 1.3.2.1 log @Pullup ticket #5262 - requested by sevan security/py-acme: build fix security/py-certbot: build fix Revisions pulled up: - security/py-acme/Makefile 1.5-1.6 - security/py-certbot/Makefile 1.4 --- Module Name: pkgsrc Committed By: fhajny Date: Mon Apr 10 10:29:38 UTC 2017 Modified Files: pkgsrc/security/py-acme: Makefile pkgsrc/security/py-certbot: Makefile Log Message: Fix stale and missing dependencies in py-acme and py-certbot. PKGREVISION++ --- Module Name: pkgsrc Committed By: fhajny Date: Tue Apr 11 06:32:32 UTC 2017 Modified Files: pkgsrc/security/py-acme: Makefile Log Message: Fix py-requests dependency version @ text @d1 1 a1 1 # $NetBSD$ a3 1 PKGREVISION= 1 a18 1 DEPENDS+= ${PYPKGPREFIX}-argparse-[0-9]*:../../devel/py-argparse d22 1 @ 1.2 log @Update py-certbot and py-acme to 0.9.1. No changelog available, issues closed since 0.8.1: certbot 0.9.1 - Make --quiet reduce the logging level certbot 0.9.0 - Allow tests to pass without dnspython - Remove psutil dep - Renew symlink safety - Update Nginx redirect enhancement process to modify appropriate blocks - If lineages are in an inconsistent (non-deployed) state, deploy them - Restructure how Nginx parser re-finds vhosts, and disable creating new server blocks. - Remove pointless question - Tie Nginx OCSP stapling to enhancements system - Nginx server block selection: Handle non-80/443 ports - Include log retention count to 1000. - Make parser.py: add_server_directives documentation consistent with functionality - Fix Nginx prompt - Make Nginx error out if no matching server block is found - Only suggest names LE will accept - Implement Nginx server block selection - should_autorenew ignores symlinks - Fixes cffi errors in Travis during oldest tests - DNS challenge support in the manual plugin and general purpose --preferred-challenges flag - Fixed hash_bucket_size detection for nginx - Support both invalidEmail and invalidContact errors - Removes duplication between README.rst and resources.rst - Psutil tests - Allow tests to run when psutil isn't available - Tests fail on Certbot package due to missing psutil dependency - Hide the Nginx plugin - Add the Nginx plugin to certbot-auto - OCSP stapling in Nginx - Nginx plugin selection - Add certbot-nginx to certbot-auto - Missing links in README - clarify invalid email error in non-interactive - Replace '-' with '_' before filtering plugin settings - Fix extra or lack of spacing between words in help for renew flags - Fix Travis tests - Avoid importing conflicting security policy directives - Change log rotation scheme - Plugins with hyphens do not receive their args during renewal - Handle dns01 challenge into the manual plugin [see #3466] - Enable unit tests of certbot core on Python 3 - Add os-release ID_LIKE parsing if original distribution mapping not found in constants - Fix README typo - Nginx plugin domain selection - Fix spacing of nginx redirect blocks - Rationalise challenge and port selection flags - Remove psutil from requirements.txt - prevent Github commits from modifying certbot-auto and letsencrypt-auto - Gradually remove psutil dependency, bugfix [URGENT] - psutil fails to install because hash is missing when running certbot-auto - Failure to start Nginx after configuring redirect - Prepare docs to turn off the wiki - Certbot apache plugin fails with TypeError: 'NoneType' object has no attribute '__getitem__' - Change fatal warning to a fatal message - Fatal warnings - Apache default default - Deprecation fixes - New docs structure and introduction - Nginx charset_map and ${VARIABLE_SUBSTITUTION} parsing - Unclear error about invalid email in non-interactive mode - Use simple socket test for port availability if psutil not found - Python 3 support for certonly - Set dialog widgets to use autowidgetsize - Errors when run without root - Apache plugin PATH fallback - Automatically enable EPEL after prompting users - Multi-topic help listings - Installer error - Explain why Apache [appears] not to be installed - ErrorHandler causing errors - Update FreeBSD package name - Comment out corresponding RewriteConds for filtered RewriteRule - Permissive parsing of nginx map blocks - add nginx round-trip tests to tox/travis - Fix Unix signal handling in certbot.error_handler.ErrorHandler - Resuming error handling functions after a signal - Only write nginx config files if they've been modified - If the user picks "cancel" from the Apache vhost selection menu, Certbot doesn't exit - certbot removes http->https rules corrupts ruleset - Fix typo - Better document plugins and reversion - Nginx parser apparently can't parse "map" - Nginx plugin shouldn't write files it hasn't changed - Fix Nginx reversion - Merge Augeas fix for comment line continuations - Remove warning about nginx options file - Explain the most likely cause of a missing replay nonce error - Bump pyca package versions - Don't add wildcard listen if user has more specific configuration - Remove unused nosexcover dependency - Cleanup dev setup - Nginx space preservation - Set dialog widgets to use autowidgetsize - Printing pip output to terminal when -v is used - Log new cert and cert renewal - Log whether renewing or obtaining a new certificate - Added the argument --quiet and -q so then when used with a regular user there is no output to the screen. - certbot-auto not quiet when used with regular user - Adding sensible UI logging for typical user - Replace psutils dependency - Display DialogError details correctly - -v implies --text - Fix FQDN checks, closes #3057 and #3056 - Bug in FQDN detection: installer wrongly interprets _ - Installer thinks bare TLD is not a valid FQDN - Limiting tox envlist to really needed tests - trouble with Listen directives in CentOS 7 / ssl.conf - Remove dangling footnote - certbot-apache fails to parse files with comma in the filename - pip and verbosity - Dialog error messages - NcursesDisplay.menu: treat ESC as cancel - More useful error when running as non-root? - -v should imply --text - Update tox/instructions - Error that results when run without root is unclear - Enable EPEL in RPM bootstrapper - Add dns-01 challenge support to the ACME client - Apache plugin fails to parse OWASP's ModSecurity ruleset - Audit nginx plugin for guaranteed config reversion in case of error - NoInstallationError() from Apache plugin within renewal cron jobs due to /usr/sbin not being in the PATH - nginx http redirect - "No installers" error message not clear - HelpfulArgumentParser should know about flags that are relevant to several topics - Nginx configurator should preserve whitespace on output - server blocks added to nginx.conf - Nginx fails if ssl_session_cache already defined - nginx leaves dirty/modified config files - Sensible UI logging for typical user - nginx plugin issue with server block containing multiple servernames @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.1 2016/05/25 18:18:16 fhajny Exp $ d32 4 @ 1.1 log @Import certbot 0.6.0 as security/py-certbot. Certbot, previously the Let's Encrypt Client, is EFF's tool to obtain certs from Let's Encrypt, and (optionally) autoenable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol. @ text @d1 1 a1 1 # $NetBSD$ a25 1 DEPENDS+= ${PYPKGPREFIX}-psutil>=2.1.0:../../sysutils/py-psutil a26 1 DEPENDS+= ${PYPKGPREFIX}-requests-[0-9]*:../../devel/py-requests @