changelog

symbiosis-common (2015:1215) stable; urgency=medium

  * Rejigged the conditions that trigger generation and rollover of
    certificates.
  * The next certificate name is now based on the contents of the ssl/sets/
    directory rather than the sets that are available for use.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Fri, 22 Jan 2016 15:22:48 +0000

symbiosis-common (2015:1214) stable; urgency=medium

  * Retry (up to 5 times) if LetsEncrypt return a bad nonce error.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Thu, 21 Jan 2016 15:43:55 +0000

symbiosis-common (2015:1213) stable; urgency=medium

  * Don't give duff emails (with newlines) to letsencrypt.
  * More output is given when the letsencrypt verification step fails.
  * The first named domain will be used as the CN now.
  * Added --force flag to re-request certificates.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Thu, 21 Jan 2016 12:03:30 +0000

symbiosis-common (2015:1212) stable; urgency=medium

  * Only poll the LetsEncrypt servers whilst the certificate request is still
    pending, rather than waiting until it is verified.
  * Fixed up --help opion to commands to output help.
  * Fixed "!! Failed: Error creating new authz :: DNS name was empty" error.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Tue, 19 Jan 2016 11:40:35 +0000

symbiosis-common (2015:1211) stable; urgency=medium

  * Added ruby-test-unit as an explicit depends.
  * Removed ruby-mocha, ruby-webmock and ruby-acme-client from build-deps, and
    added them to the dependencies for the package itself for testing.
  * Utils#get_param now returns nil if the file is missing/unreadable.
  * Added Utils#get_param_from_dir_stack.
  * Refactored SSL code to use "certificate sets", allowing SSL certificate
    rollover.
  * Added "letsencrypt" as an SSL provider.
  * Added a "selfsigned" provider to mirror the letsencrypt class.
  * Introduced new symbiosis-ssl command to handle all this. This gets run on
    a weekly basis to do rollover.
  * The DKIM selector code has been tidied to work if the hostname doesn't
    match the selector regex.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Thu, 14 Jan 2016 16:47:43 +0000

symbiosis-common (2015:1106) stable; urgency=medium

  * Added dependency on make.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Fri, 06 Nov 2015 15:08:22 +0000

symbiosis-common (2015:1105) stable; urgency=medium

  * Added Makefile in /etc/ssl to generate certificate, key, and combined form
    of certificate, bundle, and key, which is required for the FTP and email
    servers.  Any files that don't verify in the existing set up are moved out
    of the way.
  * The makefile can also generate certificate requests.
  * Keys generated by the makefile will be owned by the ssl-cert group if the
    makefile is run as root.  This is for Exim to be able to open them.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Thu, 05 Nov 2015 22:54:20 +0000

symbiosis-common (2015:1027) stable; urgency=medium

  * Added Symbiosis::Host#fqdn method.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Tue, 27 Oct 2015 22:53:44 +0000

symbiosis-common (2015:1012) stable; urgency=medium

  * Tidied up password hashing code to remove unused variable.
  * Removed unused variable in the DKIM code.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Mon, 12 Oct 2015 14:18:24 +0100

symbiosis-common (2015:0825) stable; urgency=medium

  * Rationalised how manpages were generated for all scripts.
  * Added Symbiosis::Domain#crypt_password method.
  * Set default crypt algorithm to SHA-512.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Tue, 25 Aug 2015 12:38:05 +0100

symbiosis-common (2015:0713) stable; urgency=medium

  * Depend upon `cracklib-runtime` package so password testing works.

 -- Steve Kemp <steve@bytemark.co.uk>  Mon, 13 Jul 2015 09:33:09 +0000

symbiosis-common (2015:0618) stable; urgency=medium

  * Added 5.28.56.0/21 to the Bytemark ranges.
  * Updated DKIM code to do what the documentation says it should do.
  * Changed File#exists? to File#exist? everywhere.
  * Updated maintainers + uploaders.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Wed, 17 Jun 2015 10:32:34 +0100

symbiosis-common (2015:0128) stable; urgency=low

  * Updated Debian standards.
  * Added dependency on "adduser"

 -- Steve Kemp <steve@bytemark.co.uk>  Wed, 28 Jan 2015 10:00:01 +0000

symbiosis-common (2014:1111) stable; urgency=low

  [ Patrick J Cherry]
  * Added Symbiosis::ConfigFile#mananaged? test to check for files Symbiosis
    might have managed at one point in time.
  * The default DKIM selector is now the first part of the hostname of the
    box, rather than the whole thing.
  * Added in new Swordfish range to the list of Bytemark ranges.

  [ James Carter ]
  * Fixed commands with paths in the maintainer scripts

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Tue, 31 Mar 2015 13:01:11 +0100

symbiosis-common (2014:1110) stable; urgency=low

  * Postinst now generates a 4096 bit key.
  * Updated makefile to specify library paths when testing.
  * Updated domain config to accept the "ips" file.
  * Quieten postinst when adding admin to adm group.
  * Prefer newest SSL certificate.
  * Clean up /etc/sudoers on purge.

 -- James Carter <jcarter@bytemark.co.uk>  Mon, 10 Nov 2014 10:50:53 +0000

symbiosis-common (2014:0217) stable; urgency=low

  * Added dependency on sudo.
  * Altered the way symbiosis manages sudo access for the admin user.
  * Added double check for stat-override in postinst.
  * Updated dpkg-statoverride commands to have checks before exec.
  * Updated config file class to use custom erubis parse.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Tue, 25 Feb 2014 16:54:47 +0000

symbiosis-common (2014:0214) stable; urgency=low

  * Added bug control.
  * Updated postinst to make fewer assumptions about hostnames.
  * Santised Symbiosis::Domain around uid/gids.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Fri, 14 Feb 2014 12:57:15 +0000

symbiosis-common (2014:0117) stable; urgency=low

  * Updated symbiosis-password-test to check all FTP user passwords.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Fri, 17 Jan 2014 12:16:59 +0000

symbiosis-common (2014:0113) stable; urgency=low

  * Updated maintainer and uploaders information.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Mon, 13 Jan 2014 16:45:59 +0000

symbiosis-common (2013:1025) stable; urgency=low

  * Rationalised how help and man pages were generated
  * Changed ruby interpreter to /usr/bin/ruby everywhere
  * Lack of bundle is now a warning rather than an outright fail during SSL
    validation.
  * Added DKIM support.
  * Changed ERB interpreter to Erubis for configuration files.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Fri, 25 Oct 2013 10:10:40 +0100

symbiosis-common (2013:0712) stable; urgency=low

  * Removed ruby-openssl dependency.

 -- John Hackett <jhackett@maker.sh.bytemark.co.uk>  Fri, 12 Jul 2013 10:13:53 +0100

symbiosis-common (2013:0709) stable; urgency=low

  * Repackaged for wheezy.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Tue, 09 Jul 2013 09:30:37 +0100

symbiosis-common (2013:0611) oldstable; urgency=low

  * Postinst now uses /etc/hostname or $(hostname) to determine what the
    hostname is, not a mixture of both.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Tue, 11 Jun 2013 16:36:16 +0100

symbiosis-common (2013:0606) oldstable; urgency=low

  * Updated is-bytemark-ip to work properly.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Thu, 06 Jun 2013 17:21:19 +0100

symbiosis-common (2012:1109) oldstable; urgency=low

  * Fixed tests to use sane test domains.
  * Updated to require openssl (as it is needed by the he postinst)
  * Domains that don't match a sane regexp are no longer returned as domains
    at all.  Fixes #3796.
  * Updated tc_utils test to use the process egid if there are no process
    groups.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Fri, 09 Nov 2012 16:05:13 +0000

symbiosis-common (2012:1031) stable; urgency=low

  * Symbiois::Utils#set_param now passes paramters given on to safe_open.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Wed, 31 Oct 2012 14:47:25 +0000

symbiosis-common (2012:0926) stable; urgency=low

  * Updated Symbiosis::Domain to have a public_dir method to specify its
    public directory.
  * Removed the automatic creation of public/cgi-bin in the postinst for the
    default domain, as it is not strictly needed.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Wed, 26 Sep 2012 11:40:19 +0100

symbiosis-common (2012:0911) stable; urgency=low

  * Fixed SSL certificate subject checking for a domain.  The primary name is
    now also checked, not just the aliases.
  * Added strict SSL checking which raises exceptions more often in the
    ssl_verify method.
  * Added tests to prove certificates with SNI / wildcard subjects work.
  * Fixed failing password test.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Tue, 11 Sep 2012 16:00:04 +0100

symbiosis-common (2012:0606) stable; urgency=low

  * Updated the configuration file handling not to break on empty files.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Wed, 06 Jun 2012 12:19:53 +0100

symbiosis-common (2012:0510) stable; urgency=low

  * The {CRYPT} prefix for passwords doesn't need to be upper case now, for
    backwards compatibility.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Thu, 10 May 2012 08:35:20 +0100

symbiosis-common (2012:0418) stable; urgency=low

  * Updated the utils test to wait for the correct PID when checking locking.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Wed, 18 Apr 2012 10:37:42 +0100

symbiosis-common (2012:0301) stable; urgency=low

  * Added file locking functions to Symbiosis::Utils.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Thu, 01 Mar 2012 13:36:28 +0000

symbiosis-common (2012:0223) stable; urgency=low

  * Fixed typo in symbiosis-password-test which caused the hourly flag not to
    work.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Wed, 22 Feb 2012 22:42:08 +0000

symbiosis-common (2012:0222) stable; urgency=low

  * Updated copyright and documentation links.
  * Fixed tc_utils to work with pam-tmpdir is around.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Wed, 22 Feb 2012 15:32:19 +0000

symbiosis-common (2012:0221) stable; urgency=low

  * Use safe_open to read params as well as write.
  * get_param, set_param now have options that they can pass to safe_open

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Tue, 21 Feb 2012 10:14:57 +0000

symbiosis-common (2012:0215) stable; urgency=low

  * Symbiosis::Domains#find now works for wildcarded domains.
  * SSL tests now work if run as a non-root user.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Mon, 20 Feb 2012 21:13:04 +0000

symbiosis-common (2012:0208) stable; urgency=low

  * Symbiosis::Domains now searches for www.domain as well as just domain.
  * Added Symbiosis::Utils#safe_open to use for opening files as root.
  * Rewrote Symbiosis::Utils#mkdir_p to be safer.
  * Removed test task from rules
  * Updated debian control files to use relationships properly, as per section
    7.6 of the Debian Policy Manual.
  * Updated config file generation to make use of the opts arg for Utils#safe_open
  * Domains which are just symlinks have their directory set correctly, i.e
    not the symlinked one, but the resolved one.
  * Domain aliases (symlinks) can be listed.
  * SSL checks relaxed.  Execeptions only raised when SSL config is actually
    broken.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Wed, 08 Feb 2012 16:28:19 +0000

symbiosis-common (2012:0201) stable; urgency=low

  * Fixed IP address detection on machines with point-to-point links.  Closes
    #2971.
  * Updated ConfigFile#outdated? to return true if no checksum could be found
    in the file.
  * Fixed symbiosis-configure-ips to work on single-stack hosts.
  * Updated all scripts to specify ruby1.8.
  * Changed ERB parsing to accept "%" in the first column as a marking.
  * Use the primary IPs for a domain if nothing was specified.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Wed, 01 Feb 2012 15:53:40 +0000

symbiosis-common (2012:0124) stable; urgency=low

  * Removed chown -R of doom in postinst.
  * Removed references to symbiosis-range and symbiosis-test in
    Provides/Requires lines.
  * Moved common tests to test.d
  * Removed old test libraries
  * Moved tc_httpd into apache tree. Fixed tests to work.
  * Fixed symbiosis-common prerm to work.
  * Fixed Symbiosis::ConfigFile#outdated to return the correct answer
  * Added make rule for symbiosis-configre-ips manpage
  * Fixed symbiosis-test to create a manpage in build environments
  * Moved tc_checkpassword to email package, where it belongs and fixed it up.
  * Added ability to specify a prefix directory (for testing) in
    Symbiosis::Domains
  * Fixed up symbiosis-test as a ruby script with a manpage.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Tue, 24 Jan 2012 13:14:53 +0000

symbiosis-common (2012:0118) stable; urgency=low

  * Moved http test into symbiosis-httpd packages

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Wed, 18 Jan 2012 16:31:38 +0000

symbiosis-common (2012:0117) stable; urgency=low

  * Added ipv4/6 flags to symbiosis-ip to determine the primary IP of a
    system.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Tue, 17 Jan 2012 15:56:23 +0000

symbiosis-common (2011:1214) stable; urgency=low

  * Added dependency on liblinux-netlink-ruby
  * Added IP configuration script to automatically add IP addresses.
  * Better determination of the primary interface / IP addresses
  * Lots of misc bugfixes

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Wed, 14 Dec 2011 21:16:23 +0000

symbiosis-common (2011:1209) stable; urgency=low

  * Updated standards version.
    - Avoid hardcoding 'shadowconfig' path in the postinstall script.
    - Depend upon "${misc:Depends}".
    - Test for errors in commands

 -- Steve Kemp <steve@bytemark.co.uk>  Fri, 09 Dec 2011 14:44:41 +0000

symbiosis-common (2011:1201) stable; urgency=low

  * Moved SSL certificate generation into this package.
  * Merged symbiosis-range package

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Thu, 01 Dec 2011 09:30:14 +0000

symbiosis-common (2010:1124) stable; urgency=low

  * Add the "admin" user to the "adm" group - such that it may read
    apache logfiles, etc.

 -- Steve Kemp <steve@bytemark.co.uk>  Wed, 24 Nov 2010 14:33:41 +0000

symbiosis-common (2010:0914) stable; urgency=low

  * Added test suite
  * Fixed password check to work

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Tue, 14 Sep 2010 21:43:37 +0100

symbiosis-common (2010:0830) stable; urgency=low

  * Install a small library of Perl functions.

 -- Steve Kemp <steve@bytemark.co.uk>  Mon, 30 Aug 2010 09:44:09 +0000

symbiosis-common (2010:0817) stable; urgency=low

  * Updated the post-installation script to make /etc/symbiosis if
    it isn't present.

 -- Steve Kemp <steve@bytemark.co.uk>  Tue, 17 Aug 2010 11:11:11 +0000

symbiosis-common (2010:0727) stable; urgency=low

  * Install lib/symbiosis/domains.rb

 -- Steve Kemp <steve@bytemark.co.uk>  Tue, 27 Jul 2010 12:40:00 +0000

symbiosis-common (2010:0625) stable; urgency=low

  * New package

 -- Steve Kemp <steve@bytemark.co.uk>  Thu, 24 Jun 2010 17:15:43 +0100