changelog 15 KB
Newer Older
Patrick J Cherry's avatar
Patrick J Cherry committed
1
2
3
4
5
6
7
8
9
symbiosis-common (2015:1215) stable; urgency=medium

  * Rejigged the conditions that trigger generation and rollover of
    certificates.
  * The next certificate name is now based on the contents of the ssl/sets/
    directory rather than the sets that are available for use.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Fri, 22 Jan 2016 15:22:48 +0000

Patrick J Cherry's avatar
Patrick J Cherry committed
10
11
12
13
14
15
symbiosis-common (2015:1214) stable; urgency=medium

  * Retry (up to 5 times) if LetsEncrypt return a bad nonce error.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Thu, 21 Jan 2016 15:43:55 +0000

Patrick J Cherry's avatar
Patrick J Cherry committed
16
17
18
19
20
21
22
23
24
symbiosis-common (2015:1213) stable; urgency=medium

  * Don't give duff emails (with newlines) to letsencrypt.
  * More output is given when the letsencrypt verification step fails.
  * The first named domain will be used as the CN now.
  * Added --force flag to re-request certificates.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Thu, 21 Jan 2016 12:03:30 +0000

Patrick J Cherry's avatar
Patrick J Cherry committed
25
26
27
28
29
30
31
32
33
symbiosis-common (2015:1212) stable; urgency=medium

  * Only poll the LetsEncrypt servers whilst the certificate request is still
    pending, rather than waiting until it is verified.
  * Fixed up --help opion to commands to output help.
  * Fixed "!! Failed: Error creating new authz :: DNS name was empty" error.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Tue, 19 Jan 2016 11:40:35 +0000

Patrick J Cherry's avatar
Patrick J Cherry committed
34
symbiosis-common (2015:1211) stable; urgency=medium
Patrick J Cherry's avatar
Patrick J Cherry committed
35
36

  * Added ruby-test-unit as an explicit depends.
Patrick J Cherry's avatar
Patrick J Cherry committed
37
38
  * Removed ruby-mocha, ruby-webmock and ruby-acme-client from build-deps, and
    added them to the dependencies for the package itself for testing.
Patrick J Cherry's avatar
Patrick J Cherry committed
39
40
  * Utils#get_param now returns nil if the file is missing/unreadable.
  * Added Utils#get_param_from_dir_stack.
Patrick J Cherry's avatar
Patrick J Cherry committed
41
42
43
44
  * Refactored SSL code to use "certificate sets", allowing SSL certificate
    rollover.
  * Added "letsencrypt" as an SSL provider.
  * Added a "selfsigned" provider to mirror the letsencrypt class.
Patrick J Cherry's avatar
Patrick J Cherry committed
45
46
47
48
  * Introduced new symbiosis-ssl command to handle all this. This gets run on
    a weekly basis to do rollover.
  * The DKIM selector code has been tidied to work if the hostname doesn't
    match the selector regex.
Patrick J Cherry's avatar
Patrick J Cherry committed
49

Patrick J Cherry's avatar
Patrick J Cherry committed
50
 -- Patrick J Cherry <patrick@bytemark.co.uk>  Thu, 14 Jan 2016 16:47:43 +0000
Patrick J Cherry's avatar
Patrick J Cherry committed
51

Patrick J Cherry's avatar
Patrick J Cherry committed
52
53
54
55
56
57
symbiosis-common (2015:1106) stable; urgency=medium

  * Added dependency on make.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Fri, 06 Nov 2015 15:08:22 +0000

Patrick J Cherry's avatar
Patrick J Cherry committed
58
symbiosis-common (2015:1105) stable; urgency=medium
59
60

  * Added Makefile in /etc/ssl to generate certificate, key, and combined form
Patrick J Cherry's avatar
Patrick J Cherry committed
61
    of certificate, bundle, and key, which is required for the FTP and email
Patrick J Cherry's avatar
Patrick J Cherry committed
62
63
    servers.  Any files that don't verify in the existing set up are moved out
    of the way.
Patrick J Cherry's avatar
Patrick J Cherry committed
64
  * The makefile can also generate certificate requests.
Patrick J Cherry's avatar
Patrick J Cherry committed
65
66
  * Keys generated by the makefile will be owned by the ssl-cert group if the
    makefile is run as root.  This is for Exim to be able to open them.
67

Patrick J Cherry's avatar
Patrick J Cherry committed
68
 -- Patrick J Cherry <patrick@bytemark.co.uk>  Thu, 05 Nov 2015 22:54:20 +0000
69

Patrick J Cherry's avatar
Patrick J Cherry committed
70
71
72
73
74
75
symbiosis-common (2015:1027) stable; urgency=medium

  * Added Symbiosis::Host#fqdn method.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Tue, 27 Oct 2015 22:53:44 +0000

Patrick J Cherry's avatar
Patrick J Cherry committed
76
77
78
symbiosis-common (2015:1012) stable; urgency=medium

  * Tidied up password hashing code to remove unused variable.
79
  * Removed unused variable in the DKIM code.
Patrick J Cherry's avatar
Patrick J Cherry committed
80
81
82

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Mon, 12 Oct 2015 14:18:24 +0100

Patrick J Cherry's avatar
Patrick J Cherry committed
83
84
85
86
87
88
89
90
symbiosis-common (2015:0825) stable; urgency=medium

  * Rationalised how manpages were generated for all scripts.
  * Added Symbiosis::Domain#crypt_password method.
  * Set default crypt algorithm to SHA-512.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Tue, 25 Aug 2015 12:38:05 +0100

91
92
93
94
95
96
symbiosis-common (2015:0713) stable; urgency=medium

  * Depend upon `cracklib-runtime` package so password testing works.

 -- Steve Kemp <steve@bytemark.co.uk>  Mon, 13 Jul 2015 09:33:09 +0000

Patrick J Cherry's avatar
Patrick J Cherry committed
97
98
99
100
101
102
103
104
105
symbiosis-common (2015:0618) stable; urgency=medium

  * Added 5.28.56.0/21 to the Bytemark ranges.
  * Updated DKIM code to do what the documentation says it should do.
  * Changed File#exists? to File#exist? everywhere.
  * Updated maintainers + uploaders.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Wed, 17 Jun 2015 10:32:34 +0100

Steve Kemp's avatar
Steve Kemp committed
106
107
108
109
110
111
112
symbiosis-common (2015:0128) stable; urgency=low

  * Updated Debian standards.
  * Added dependency on "adduser"

 -- Steve Kemp <steve@bytemark.co.uk>  Wed, 28 Jan 2015 10:00:01 +0000

James Carter's avatar
James Carter committed
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
symbiosis-common (2014:1111) stable; urgency=low

  [ Patrick J Cherry]
  * Added Symbiosis::ConfigFile#mananaged? test to check for files Symbiosis
    might have managed at one point in time.
  * The default DKIM selector is now the first part of the hostname of the
    box, rather than the whole thing.
  * Added in new Swordfish range to the list of Bytemark ranges.

  [ James Carter ]
  * Fixed commands with paths in the maintainer scripts

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Tue, 31 Mar 2015 13:01:11 +0100

symbiosis-common (2014:1110) stable; urgency=low

  * Postinst now generates a 4096 bit key.
  * Updated makefile to specify library paths when testing.
  * Updated domain config to accept the "ips" file.
  * Quieten postinst when adding admin to adm group.
  * Prefer newest SSL certificate.
  * Clean up /etc/sudoers on purge.

 -- James Carter <jcarter@bytemark.co.uk>  Mon, 10 Nov 2014 10:50:53 +0000

Patrick J Cherry's avatar
Patrick J Cherry committed
138
139
140
141
symbiosis-common (2014:0217) stable; urgency=low

  * Added dependency on sudo.
  * Altered the way symbiosis manages sudo access for the admin user.
Patrick J Cherry's avatar
Patrick J Cherry committed
142
  * Added double check for stat-override in postinst.
Patrick J Cherry's avatar
Patrick J Cherry committed
143
  * Updated dpkg-statoverride commands to have checks before exec.
Patrick J Cherry's avatar
Patrick J Cherry committed
144
  * Updated config file class to use custom erubis parse.
Patrick J Cherry's avatar
Patrick J Cherry committed
145

Patrick J Cherry's avatar
Patrick J Cherry committed
146
 -- Patrick J Cherry <patrick@bytemark.co.uk>  Tue, 25 Feb 2014 16:54:47 +0000
Patrick J Cherry's avatar
Patrick J Cherry committed
147

Patrick J Cherry's avatar
Patrick J Cherry committed
148
149
150
151
152
153
154
155
symbiosis-common (2014:0214) stable; urgency=low

  * Added bug control.
  * Updated postinst to make fewer assumptions about hostnames.
  * Santised Symbiosis::Domain around uid/gids.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Fri, 14 Feb 2014 12:57:15 +0000

Patrick J Cherry's avatar
Patrick J Cherry committed
156
symbiosis-common (2014:0117) stable; urgency=low
157
158
159

  * Updated symbiosis-password-test to check all FTP user passwords.

Patrick J Cherry's avatar
Patrick J Cherry committed
160
 -- Patrick J Cherry <patrick@bytemark.co.uk>  Fri, 17 Jan 2014 12:16:59 +0000
161

162
163
164
165
166
167
symbiosis-common (2014:0113) stable; urgency=low

  * Updated maintainer and uploaders information.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Mon, 13 Jan 2014 16:45:59 +0000

Patrick J Cherry's avatar
Patrick J Cherry committed
168
169
170
171
172
173
174
175
176
177
178
symbiosis-common (2013:1025) stable; urgency=low

  * Rationalised how help and man pages were generated
  * Changed ruby interpreter to /usr/bin/ruby everywhere
  * Lack of bundle is now a warning rather than an outright fail during SSL
    validation.
  * Added DKIM support.
  * Changed ERB interpreter to Erubis for configuration files.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Fri, 25 Oct 2013 10:10:40 +0100

179
180
181
182
183
184
symbiosis-common (2013:0712) stable; urgency=low

  * Removed ruby-openssl dependency.

 -- John Hackett <jhackett@maker.sh.bytemark.co.uk>  Fri, 12 Jul 2013 10:13:53 +0100

185
186
187
188
189
190
symbiosis-common (2013:0709) stable; urgency=low

  * Repackaged for wheezy.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Tue, 09 Jul 2013 09:30:37 +0100

Patrick J Cherry's avatar
Patrick J Cherry committed
191
192
193
194
195
196
197
symbiosis-common (2013:0611) oldstable; urgency=low

  * Postinst now uses /etc/hostname or $(hostname) to determine what the
    hostname is, not a mixture of both.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Tue, 11 Jun 2013 16:36:16 +0100

Patrick J Cherry's avatar
Patrick J Cherry committed
198
199
200
201
202
203
symbiosis-common (2013:0606) oldstable; urgency=low

  * Updated is-bytemark-ip to work properly.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Thu, 06 Jun 2013 17:21:19 +0100

204
symbiosis-common (2012:1109) oldstable; urgency=low
Patrick J Cherry's avatar
Patrick J Cherry committed
205
206
207
208
209
210
211
212
213
214

  * Fixed tests to use sane test domains.
  * Updated to require openssl (as it is needed by the he postinst)
  * Domains that don't match a sane regexp are no longer returned as domains
    at all.  Fixes #3796.
  * Updated tc_utils test to use the process egid if there are no process
    groups.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Fri, 09 Nov 2012 16:05:13 +0000

215
symbiosis-common (2012:1031) stable; urgency=low
Patrick J Cherry's avatar
Patrick J Cherry committed
216
217
218
219
220

  * Symbiois::Utils#set_param now passes paramters given on to safe_open.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Wed, 31 Oct 2012 14:47:25 +0000

221
222
223
224
225
226
227
228
229
symbiosis-common (2012:0926) stable; urgency=low

  * Updated Symbiosis::Domain to have a public_dir method to specify its
    public directory.
  * Removed the automatic creation of public/cgi-bin in the postinst for the
    default domain, as it is not strictly needed.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Wed, 26 Sep 2012 11:40:19 +0100

230
231
232
233
234
235
236
symbiosis-common (2012:0911) stable; urgency=low

  * Fixed SSL certificate subject checking for a domain.  The primary name is
    now also checked, not just the aliases.
  * Added strict SSL checking which raises exceptions more often in the
    ssl_verify method.
  * Added tests to prove certificates with SNI / wildcard subjects work.
237
  * Fixed failing password test.
238

239
 -- Patrick J Cherry <patrick@bytemark.co.uk>  Tue, 11 Sep 2012 16:00:04 +0100
240

Patrick J Cherry's avatar
Patrick J Cherry committed
241
242
243
244
245
246
symbiosis-common (2012:0606) stable; urgency=low

  * Updated the configuration file handling not to break on empty files.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Wed, 06 Jun 2012 12:19:53 +0100

Patrick J Cherry's avatar
Patrick J Cherry committed
247
248
249
250
251
252
253
symbiosis-common (2012:0510) stable; urgency=low

  * The {CRYPT} prefix for passwords doesn't need to be upper case now, for
    backwards compatibility.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Thu, 10 May 2012 08:35:20 +0100

254
255
256
257
258
259
symbiosis-common (2012:0418) stable; urgency=low

  * Updated the utils test to wait for the correct PID when checking locking.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Wed, 18 Apr 2012 10:37:42 +0100

260
261
262
263
264
265
symbiosis-common (2012:0301) stable; urgency=low

  * Added file locking functions to Symbiosis::Utils.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Thu, 01 Mar 2012 13:36:28 +0000

266
267
268
269
270
271
272
symbiosis-common (2012:0223) stable; urgency=low

  * Fixed typo in symbiosis-password-test which caused the hourly flag not to
    work.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Wed, 22 Feb 2012 22:42:08 +0000

273
274
275
symbiosis-common (2012:0222) stable; urgency=low

  * Updated copyright and documentation links.
276
  * Fixed tc_utils to work with pam-tmpdir is around.
277

278
 -- Patrick J Cherry <patrick@bytemark.co.uk>  Wed, 22 Feb 2012 15:32:19 +0000
279

Patrick J Cherry's avatar
Patrick J Cherry committed
280
281
282
283
284
285
286
symbiosis-common (2012:0221) stable; urgency=low

  * Use safe_open to read params as well as write.
  * get_param, set_param now have options that they can pass to safe_open

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Tue, 21 Feb 2012 10:14:57 +0000

287
288
289
290
291
symbiosis-common (2012:0215) stable; urgency=low

  * Symbiosis::Domains#find now works for wildcarded domains.
  * SSL tests now work if run as a non-root user.

292
 -- Patrick J Cherry <patrick@bytemark.co.uk>  Mon, 20 Feb 2012 21:13:04 +0000
293

294
295
296
symbiosis-common (2012:0208) stable; urgency=low

  * Symbiosis::Domains now searches for www.domain as well as just domain.
Patrick J Cherry's avatar
Patrick J Cherry committed
297
  * Added Symbiosis::Utils#safe_open to use for opening files as root.
Steve Kemp's avatar
Steve Kemp committed
298
  * Rewrote Symbiosis::Utils#mkdir_p to be safer.
Patrick J Cherry's avatar
Patrick J Cherry committed
299
300
  * Removed test task from rules
  * Updated debian control files to use relationships properly, as per section
Steve Kemp's avatar
Steve Kemp committed
301
302
    7.6 of the Debian Policy Manual.
  * Updated config file generation to make use of the opts arg for Utils#safe_open
303
304
305
  * Domains which are just symlinks have their directory set correctly, i.e
    not the symlinked one, but the resolved one.
  * Domain aliases (symlinks) can be listed.
Patrick J Cherry's avatar
Patrick J Cherry committed
306
  * SSL checks relaxed.  Execeptions only raised when SSL config is actually
Steve Kemp's avatar
Steve Kemp committed
307
    broken.
308

Patrick J Cherry's avatar
Patrick J Cherry committed
309
 -- Patrick J Cherry <patrick@bytemark.co.uk>  Wed, 08 Feb 2012 16:28:19 +0000
310

311
symbiosis-common (2012:0201) stable; urgency=low
312
313
314

  * Fixed IP address detection on machines with point-to-point links.  Closes
    #2971.
315
316
  * Updated ConfigFile#outdated? to return true if no checksum could be found
    in the file.
Patrick J Cherry's avatar
Patrick J Cherry committed
317
  * Fixed symbiosis-configure-ips to work on single-stack hosts.
318
  * Updated all scripts to specify ruby1.8.
319
  * Changed ERB parsing to accept "%" in the first column as a marking.
320
  * Use the primary IPs for a domain if nothing was specified.
321

322
 -- Patrick J Cherry <patrick@bytemark.co.uk>  Wed, 01 Feb 2012 15:53:40 +0000
323

324
325
symbiosis-common (2012:0124) stable; urgency=low

Steve Kemp's avatar
Steve Kemp committed
326
  * Removed chown -R of doom in postinst.
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
  * Removed references to symbiosis-range and symbiosis-test in
    Provides/Requires lines.
  * Moved common tests to test.d
  * Removed old test libraries
  * Moved tc_httpd into apache tree. Fixed tests to work.
  * Fixed symbiosis-common prerm to work.
  * Fixed Symbiosis::ConfigFile#outdated to return the correct answer
  * Added make rule for symbiosis-configre-ips manpage
  * Fixed symbiosis-test to create a manpage in build environments
  * Moved tc_checkpassword to email package, where it belongs and fixed it up.
  * Added ability to specify a prefix directory (for testing) in
    Symbiosis::Domains
  * Fixed up symbiosis-test as a ruby script with a manpage.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Tue, 24 Jan 2012 13:14:53 +0000

343
344
345
346
347
348
symbiosis-common (2012:0118) stable; urgency=low

  * Moved http test into symbiosis-httpd packages

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Wed, 18 Jan 2012 16:31:38 +0000

349
350
351
352
353
354
355
symbiosis-common (2012:0117) stable; urgency=low

  * Added ipv4/6 flags to symbiosis-ip to determine the primary IP of a
    system.

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Tue, 17 Jan 2012 15:56:23 +0000

Patrick J Cherry's avatar
Patrick J Cherry committed
356
357
358
359
360
symbiosis-common (2011:1214) stable; urgency=low

  * Added dependency on liblinux-netlink-ruby
  * Added IP configuration script to automatically add IP addresses.
  * Better determination of the primary interface / IP addresses
Steve Kemp's avatar
Steve Kemp committed
361
  * Lots of misc bugfixes
Patrick J Cherry's avatar
Patrick J Cherry committed
362
363
364

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Wed, 14 Dec 2011 21:16:23 +0000

365
366
367
368
369
symbiosis-common (2011:1209) stable; urgency=low

  * Updated standards version.
    - Avoid hardcoding 'shadowconfig' path in the postinstall script.
    - Depend upon "${misc:Depends}".
Patrick J Cherry's avatar
Patrick J Cherry committed
370
    - Test for errors in commands
371
372
373

 -- Steve Kemp <steve@bytemark.co.uk>  Fri, 09 Dec 2011 14:44:41 +0000

374
375
376
symbiosis-common (2011:1201) stable; urgency=low

  * Moved SSL certificate generation into this package.
377
  * Merged symbiosis-range package
378
379
380

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Thu, 01 Dec 2011 09:30:14 +0000

381
382
383
384
385
386
387
symbiosis-common (2010:1124) stable; urgency=low

  * Add the "admin" user to the "adm" group - such that it may read
    apache logfiles, etc.

 -- Steve Kemp <steve@bytemark.co.uk>  Wed, 24 Nov 2010 14:33:41 +0000

388
389
390
391
392
393
394
symbiosis-common (2010:0914) stable; urgency=low

  * Added test suite
  * Fixed password check to work

 -- Patrick J Cherry <patrick@bytemark.co.uk>  Tue, 14 Sep 2010 21:43:37 +0100

395
396
397
398
399
400
symbiosis-common (2010:0830) stable; urgency=low

  * Install a small library of Perl functions.

 -- Steve Kemp <steve@bytemark.co.uk>  Mon, 30 Aug 2010 09:44:09 +0000

401
402
403
404
405
406
407
symbiosis-common (2010:0817) stable; urgency=low

  * Updated the post-installation script to make /etc/symbiosis if
    it isn't present.

 -- Steve Kemp <steve@bytemark.co.uk>  Tue, 17 Aug 2010 11:11:11 +0000

Steve Kemp's avatar
Steve Kemp committed
408
409
410
411
412
413
symbiosis-common (2010:0727) stable; urgency=low

  * Install lib/symbiosis/domains.rb

 -- Steve Kemp <steve@bytemark.co.uk>  Tue, 27 Jul 2010 12:40:00 +0000

Steve Kemp's avatar
Steve Kemp committed
414
symbiosis-common (2010:0625) stable; urgency=low
Patrick J Cherry's avatar
Patrick J Cherry committed
415
416
417
418

  * New package

 -- Steve Kemp <steve@bytemark.co.uk>  Thu, 24 Jun 2010 17:15:43 +0100