Atom Add a new post titled:

ikiwiki-hosting 0.20180719 released with these changes

  • [ Joey Hess ]
    • ikisite: Deleting per-domain letsencrypt cert when a wildcard cert exists was too dangerous and buggy, including sometimes deleting the letsencrypt wildcard cert. Removed that behavior; any per-domain cert will be used in preference to the wildcard cert.
    • Further fix to IkiWiki::Hosting for syslog name change. (Fixes ikidns)
    • ikidns: Fix typo in letsencrypt command.
  • [ Simon McVittie ]
    • debian: Pass dpkg-buildflags CFLAGS to make
    • debian: Override dh_missing to detect any files that are installed by dh_auto_install but not packaged
Posted Thu Jul 19 14:13:07 2018

ikiwiki-hosting 0.20180610 released with these changes

  • [ Joey Hess ]
    • Renamed IkiWiki::Hosting::syslog to IkiWiki::Hosting::logger to avoid conflict with Sys::Syslog::syslog.
    • Prevent ikisite letsencrypt from unncessarily reloading apache when there is no configuration change. ikisite maintaincerts runs it once per site, and the resulting many reloads of apache close together tended to cause apache to fall over, due to bug #873115.
    • ikiwiki-hosting.conf: Removed wildcard_ssl_cert, wildcard_ssl_key, wildcard_ssl_chain, and in its place added wildcard_ssl_cert_dir.
    • ikidns: Added letsencrypt command, which generates wildcard certificates for the domains listed in ikiwiki-hosting.conf, using DNS verification. This needs the python3-certbot-dns-rfc2136 package to be installed, and ikidns to have already been used to configure the dns server.
    • ikisite letsencrypt: Avoid getting a per-domain cert when a usable wildcard cert exists.
    • ikisite letsencrypt: When a per-domain cert was already obtained, and a wildcard cert now exists, the per-domain cert will be deleted, and the wildcard cert used.
  • [ Simon McVittie ]
    • build: Use set -e to trap failure in shell loops
    • build: Add a dist target to the Makefile
    • Move d/changelog to ./CHANGELOG
    • Separate upstream releases from Debian packaging
    • debian/control: Don't use autopkgtest-pkg-perl. Since 0.20160811 the autogenerated test list is not used.
    • ikiwiki-hosting-web: Depend on real package apache2-suexec-pristine in preference to virtual apache2-suexec
    • ikiwiki-hosting-web: Add missing dependency on lsb-base
    • debian/control: Declare compliance with Debian Policy 4.1.4
Posted Sun Jun 10 21:52:31 2018

ikiwiki-hosting 0.20170622 released with these changes

  • [ Joey Hess ]
    • remove, letsnotencrypt: Remove Lets Encrypt renewal file, to avoid the cron job trying to renew deleted sites.
    • Fix deletion of sites that use https over the web interface.
    • HTTP Strict Transport Security (HSTS) is enabled for all sites that have redirect_to_https set in their configuration. Thanks, Antoine Beaupré.
    • Improve ikisite backup to lock the wiki for a much shorter period of time.
    • Remove .ikiwiki/sessions.db from the ikisite backup, as the file can be rather large, and losing it only means users have to log back in sooner than would otherwise be the case.
    • ikisite-wrapper: Allow ikisite enable to be run via the wrapper. The CGI uses this to update the site config of an already enabled site when enabling eg redirect_to_https or adding a DNS alias.
  • [ Simon McVittie ]
    • debian/copyright: Use preferred https URL for Format
    • debian/control: Declare compliance with Debian Policy 4.0.0
    • debian: Update to debhelper compat level 10
Posted Thu Jun 22 09:49:10 2017

ikiwiki-hosting 0.20161219 released with these changes

  • [ Joey Hess ]
    • Initial support for Lets Encrypt.
    • The use_letsencrypt setting can be set for a site by running ikisite letsencrypt domain, and it will attempt to get the certificate for it using certbot.
    • ikisite domains: Update certificate using certbot when set of domains changes.
    • Added ikisite maintaincerts to request/renew Lets Encrypt certs as needed, and added it to the daily cron job.
    • The files /etc/ikiwiki-hosting/config/$username/domain.{crt,key,chain} are used, when they exist, in preference to the files /etc/ikiwiki-hosting/config/$username/ssl.{key,crt}. This allows a site with multiple domains to have different certificates for them. The Lets Encrypt support uses this.
Posted Mon Dec 19 21:25:18 2016

ikiwiki-hosting 0.20160811 released with these changes

  • Explicitly remove current working directory from Perl's library search path, mitigating CVE-2016-1238 (see Debian bug #588017)
  • Debian packaging:
    • Add a simple autopkgtest for creating and deleting a site
    • Standards-Version: 3.9.8 (no changes required)
    • debian/rules: enable compiler hardening
Posted Thu Aug 11 10:31:27 2016