Release 0.14.0-1
Faidon Liambotis
1 year, 4 months ago
| 0 | certspotter (0.14.0-1) unstable; urgency=medium | |
| 1 | ||
| 2 | * New upstream release. | |
| 3 | - Drop Build-Depends on golang-github-mreiferson-go-httpclient-dev, as | |
| 4 | this has been dropped upstream. | |
| 5 | - Update d/control with adjusted upstream description. | |
| 6 | * Restore uscan functionality, by updating d/watch to track upstream tags, | |
| 7 | rather than GitHub releases, which are seemingly non-existent. | |
| 8 | * Golang packaging updates: | |
| 9 | - Switch Build-Depends from dh-golang to dh-sequence-golang. | |
| 10 | - Switch from Built-Using to the newer Static-Built-Using. | |
| 11 | * Add a dependency on ca-certificates, necessary because all CT logs are | |
| 12 | accessible (only) over HTTPS. | |
| 13 | * Add certspotter(8) and certspotter-script(8) manpages, based on existing | |
| 14 | documentation in README, --help, as well as some amount of own work, | |
| 15 | through looking at the code. Written in Markdown, and converted using | |
| 16 | lowdown (a new build dependency), unless the "nodoc" profile or build | |
| 17 | option is configured. | |
| 18 | * Provide a better out of the box experience for certspotter, by shipping a | |
| 19 | systemd service and timer. This includes: | |
| 20 | - Adding a new system user and group, _certspotter, through | |
| 21 | sysusers.d. | |
| 22 | - Placing certspotter configuration files in LSB locations, namely | |
| 23 | /etc/certspotter and /var/cache/certspotter. | |
| 24 | - Creating a new /usr/libexec/certspotter-script helper, which calls | |
| 25 | run-parts on /etc/certspotter/hooks.d, as to be able to provide a | |
| 26 | polished way for users to run scripts. (Especially given systemd | |
| 27 | timers, unlike cron, do not email by default). | |
| 28 | - Provisioning a fairly contained (but not too-contained) systemd | |
| 29 | service, and a timer to run certspotter on an hourly basis. | |
| 30 | - Documenting some of the gotchas in README files and comments on the | |
| 31 | watchlist, and taking special care as to NOT enable the service unless | |
| 32 | the user has explicitly configured domains to be monitored. | |
| 33 | * Drop the submitct binary from the package. It's undocumented in both | |
| 34 | documentation and in its --help, and only potentially useful in certain | |
| 35 | niche application, none of which I'm aware. If this is useful to anyone, | |
| 36 | please file a bug report so that we can document it and ship it again. | |
| 37 | * Switch to the "net" Section, as it is more appropriate than "devel". | |
| 38 | * Add a couple of autopkgtests: one superficial and offline, just to ensure | |
| 39 | the binary runs, and another that is online and tests against the | |
| 40 | production CT logs. | |
| 41 | * Bump Standards-Version to 4.6.1, no further changes needed. | |
| 42 | ||
| 43 | -- Faidon Liambotis <paravoid@debian.org> Sun, 08 Jan 2023 19:38:06 +0200 | |
| 44 | ||
| 0 | 45 | certspotter (0.10-1) unstable; urgency=medium |
| 1 | 46 | |
| 2 | 47 | * New upstream release. |