The haproxy hotplug script creates a 'combined' certificate bundle that
contains both the certificate chain and the private key. However, having a
daemon hotplug script write into CERT_DIR is not great; so let's provide
the bundle as part of the main acme framework, keeping it in $domain_dir
and just linking it into CERT_DIR. That way we can keep CERT_DIR as just a
collection of links for everything, that no consumers should need to write
into.
Also make sure to set the umask correctly so the combined file is not
world-readable (since it contains the private key).
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
The acme-acmesh package hardcoded the certificate path in its hook script.
Now that we export it as a variable we can avoid hard-coding and use the
variable version instead. Also factor out the linking of certificates into
a function so it's not repeated.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
The contract between the acme-common framework and consumers and hook
scripts is that certificates can be consumed from /etc/ssl/acme and that
web challenges are stored in /var/run/acme/challenge. Make this explicit by
exporting $CERT_DIR and $CHALLENGE_DIR as environment variables as well,
instead of having knowledge of those paths depend on out-of-band
information. We already exported $challenge_dir, but let's change it to
upper-case to make it clear that it's not a user configuration variable.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Perl threads seem to be supported and working for aarch64, and
including aarch64 here would allow packages like freeswitch-mod-perl
to become available from the standard OpwnWrt package repository for
popular routers such as the Linksys E8450 and Belkin RT3200.
Signed-off-by: Doug Thomson <dwt62f+github@gmail.com>
state_dir is actually a hardcoded value in conffiles. Allowing users to
customize it could result in losing certificates after upgrading if they
don't also specify the dir as being preserved. We shouldn't default to
this dangerous behavior.
With the new ACME package, certificates live in the standard location
/etc/ssl/acme, users who need to do certificate customizations should
look for them in that dir instead.
Signed-off-by: Glen Huang <i@glenhuang.com>
Replace my own patch with the upstream solution, which they issued
in response to my bug report.
(Two patches as they overlooked something on the first try.
Reference to https://savannah.gnu.org/bugs/index.php?63431 )
The nettle lib evaluation is now conditional to not having "--disable-ntlm".
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
- Improved logging
- Log the executed curl command to be able to rerun and test it manually
- Log the curl exit status
- Added 30 second timeout timeout for clear-cut detection of flaky connections.
Signed-off-by: Pyry Kontio <pyry.kontio@drasa.eu>
The implementation uses a GCP service account. The user is expected to
create and secure a service account and generate a private key. The
"password" field can contain the key inline or be a file path pointing
to the key file on the router.
The GCP project name and Cloud DNS ManagedZone must also be provided.
These are taken as form-urlencoded key-value pairs in param_enc. The TTL
can optionally be supplied in param_opt.
Signed-off-by: Chris Barrick <chrisbarrick@google.com>
update summary
* Add Javascript Node v12-v18 support, remove support prior to v6.
* Octave 6.0 to 6.4 support added.
* Add PHP 8 support.
* PHP wrapping is now done entirely via PHP's C API - no more .php wrapper.
* Perl 5.8.0 is now the oldest version SWIG supports.
* Python 3.3 is now the oldest Python 3 version SWIG supports.
* Python 3.9-3.11 support added.
* Various memory leak fixes in Python generated code.
* Scilab 5.5-6.1 support improved.
* Many improvements for each and every target language.
* Various preprocessor expression handling improvements.
* Improved C99, C++11, C++14, C++17 support. Start adding C++20 standard.
* Make SWIG much more move semantics friendly.
* Add C++ std::unique_ptr support.
* Few minor C++ template handling improvements.
* Various C++ using declaration fixes.
* Few fixes for handling Doxygen comments.
* GitHub Actions is now used instead of Travis CI for continuous integration.
* Add building SWIG using CMake as a secondary build system.
* Update optional SWIG build dependency for regex support from PCRE to PCRE2.
* Couple of stability fixes.
* Stability fix in ccache-swig when calculating hashes of inputs.
* Some template handling improvements.
* R - minor fixes plus deprecation for rtypecheck typemaps being optional.
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Fix the indentation of the preinst/postinst scripts for the privoxy
package.
Because these scripts didn't start with `#!/bin/sh`
(they instead started with the TAB character), `/bin/sh` was not used
to start them.
On x86_64 and i386_pentium-mmx, this seems to be fine, but on
arm_cortex-a15_neon-vfpv4 and aarch64_cortex-a53, running these
scripts fails with a:
```
Installing privoxy (3.0.33-3) to root...
Collected errors:
* pkg_run_script: package "privoxy" preinst script returned status 1.
* preinst_configure: Aborting installation of privoxy.
* opkg_install_cmd: Cannot install package privoxy.
```
Reported-by: Marius Dinu <m95d+git@psihoexpert.ro>
Signed-off-by: Alois Klink <alois@aloisklink.com>
