Release 0.14.0-1
Faidon Liambotis
1 year, 4 months ago
0 | certspotter (0.14.0-1) unstable; urgency=medium | |
1 | ||
2 | * New upstream release. | |
3 | - Drop Build-Depends on golang-github-mreiferson-go-httpclient-dev, as | |
4 | this has been dropped upstream. | |
5 | - Update d/control with adjusted upstream description. | |
6 | * Restore uscan functionality, by updating d/watch to track upstream tags, | |
7 | rather than GitHub releases, which are seemingly non-existent. | |
8 | * Golang packaging updates: | |
9 | - Switch Build-Depends from dh-golang to dh-sequence-golang. | |
10 | - Switch from Built-Using to the newer Static-Built-Using. | |
11 | * Add a dependency on ca-certificates, necessary because all CT logs are | |
12 | accessible (only) over HTTPS. | |
13 | * Add certspotter(8) and certspotter-script(8) manpages, based on existing | |
14 | documentation in README, --help, as well as some amount of own work, | |
15 | through looking at the code. Written in Markdown, and converted using | |
16 | lowdown (a new build dependency), unless the "nodoc" profile or build | |
17 | option is configured. | |
18 | * Provide a better out of the box experience for certspotter, by shipping a | |
19 | systemd service and timer. This includes: | |
20 | - Adding a new system user and group, _certspotter, through | |
21 | sysusers.d. | |
22 | - Placing certspotter configuration files in LSB locations, namely | |
23 | /etc/certspotter and /var/cache/certspotter. | |
24 | - Creating a new /usr/libexec/certspotter-script helper, which calls | |
25 | run-parts on /etc/certspotter/hooks.d, as to be able to provide a | |
26 | polished way for users to run scripts. (Especially given systemd | |
27 | timers, unlike cron, do not email by default). | |
28 | - Provisioning a fairly contained (but not too-contained) systemd | |
29 | service, and a timer to run certspotter on an hourly basis. | |
30 | - Documenting some of the gotchas in README files and comments on the | |
31 | watchlist, and taking special care as to NOT enable the service unless | |
32 | the user has explicitly configured domains to be monitored. | |
33 | * Drop the submitct binary from the package. It's undocumented in both | |
34 | documentation and in its --help, and only potentially useful in certain | |
35 | niche application, none of which I'm aware. If this is useful to anyone, | |
36 | please file a bug report so that we can document it and ship it again. | |
37 | * Switch to the "net" Section, as it is more appropriate than "devel". | |
38 | * Add a couple of autopkgtests: one superficial and offline, just to ensure | |
39 | the binary runs, and another that is online and tests against the | |
40 | production CT logs. | |
41 | * Bump Standards-Version to 4.6.1, no further changes needed. | |
42 | ||
43 | -- Faidon Liambotis <paravoid@debian.org> Sun, 08 Jan 2023 19:38:06 +0200 | |
44 | ||
0 | 45 | certspotter (0.10-1) unstable; urgency=medium |
1 | 46 | |
2 | 47 | * New upstream release. |