95626abdd3
Make mostly reuse conformant ( #502 )
...
* Add .license files.
* Update README.
* Normalize licenses test.
* Add reuse GHA.
* Add blanket rule for changelog fragments.
* Add .license file for vendored third-party certificates.
* Fix workflow's permissions.
* Revert "Add .license file for vendored third-party certificates."
This reverts commit 35e106867c
2022-09-13 19:13:04 +00:00
4428daa411
Release 2.5.0.
2022-08-04 23:06:49 +02:00
f821fa0f2d
Prepare 2.5.0 release.
2022-08-04 22:47:16 +02:00
6bf3ef47e1
Move licenses to LICENSES/, use SPDX-License-Identifier, mention all licenses in galaxy.yml ( #491 )
...
* Add SPDX license identifiers, mention all licenses in galaxy.yml.
* Add default copyright headers.
* Add headers for documents.
* Fix/add more copyright statements.
* Add copyright / license info for vendored code.
* Add extra sanity test.
* Add changelog fragment.
* Comment PSF-2.0 license out in galaxy.yml for now.
* Remove colon after 'Copyright'.
* Avoid colon after 'Copyright' in lint script.
* Mention correct filename.
* Add BSD-3-Clause.
* Improve lint script.
* Update README.
* Symlinks...
2022-07-21 07:27:26 +02:00
4dcbbfba5b
Release 2.4.0.
2022-07-09 13:20:28 +02:00
036c4c8e6f
Prepare 2.4.0.
2022-07-09 13:19:48 +02:00
9ed4526fee
openssl_pkcs12: fix crash when trying to get non-existing other certificates ( #487 )
...
* Fix crash when trying to get non-existing other certificates.
* Add test.
2022-07-07 22:30:22 +02:00
d60d3fe1cb
Revert "Revert "Revert "Revert "Revert "Revert "Deprecate Ansible 2.9 and ansible-base 2.10 support. ( #460 )""""""
...
This reverts commit 4a1842c004
2022-06-21 12:21:46 +02:00
a554a588c9
Release 2.3.4.
2022-06-21 12:11:22 +02:00
4a1842c004
Revert "Revert "Revert "Revert "Revert "Deprecate Ansible 2.9 and ansible-base 2.10 support. ( #460 )"""""
...
This reverts commit 39ec208171
2022-06-21 12:09:00 +02:00
39ec208171
Revert "Revert "Revert "Revert "Deprecate Ansible 2.9 and ansible-base 2.10 support. ( #460 )""""
...
This reverts commit f5ccc1516b
2022-06-17 09:26:38 +02:00
5af4a16e57
Release 2.3.3.
2022-06-17 08:25:13 +02:00
fc07de73e3
Prepare 2.3.3 release.
2022-06-17 08:24:47 +02:00
f5ccc1516b
Revert "Revert "Revert "Deprecate Ansible 2.9 and ansible-base 2.10 support. ( #460 )"""
...
(So we can do yet another bugfix release.)
This reverts commit cb77d81f8d
2022-06-17 08:24:03 +02:00
de0ec1f739
Add Apache 2.0 license; simplify and standardize license headers ( #478 )
...
* Add Apache 2.0 license for Apache 2.0 licensed parts.
* Unify license headers.
* Move additional licenses to licenses/.
* Revert "Move additional licenses to licenses/."
This reverts commit c12b22de1c
2022-06-17 08:20:40 +02:00
b29f238083
Fix ValueError: excluded_subtrees must be a non-empty list or None ( #481 )
2022-06-17 07:53:07 +02:00
2941bb9bb8
Prepare 2.4.0 release.
2022-06-15 22:16:49 +02:00
297b44f24b
x509_crl: do not crash when signing with Ed25519 or Ed448 ( #475 )
...
* Do not crash when signing with Ed25519 or Ed448.
* Forgot replace.
2022-06-15 22:06:40 +02:00
cb77d81f8d
Revert "Revert "Deprecate Ansible 2.9 and ansible-base 2.10 support. ( #460 )""
...
This reverts commit 798d12b499
2022-06-02 12:52:58 +02:00
9289ce8534
Release 2.3.2.
2022-06-02 12:28:12 +02:00
798d12b499
Revert "Deprecate Ansible 2.9 and ansible-base 2.10 support. ( #460 )"
...
(This is so we can do a bugfix release now. Deprecations are not alloewd in bugfix releases.)
This reverts commit 74960eaeac
2022-06-02 07:49:28 +02:00
5146760def
Adjust release summary, since there are other fragments.
2022-06-02 07:49:16 +02:00
48649d50b5
Prepare 2.3.2 release.
2022-06-02 07:46:42 +02:00
ccd66419f4
Add simplified_bsd.txt license file ( #467 )
...
* Add simplified_bsd.txt and adjust references.
* Add changelog.
2022-06-02 07:45:50 +02:00
74960eaeac
Deprecate Ansible 2.9 and ansible-base 2.10 support. ( #460 )
2022-05-20 14:45:56 +02:00
c49102d688
certificate_complete_chain: do not stop execution on unsupported algorithm ( #457 )
...
* Do not stop execution on unsupported algorithm.
* Fix typo.
2022-05-20 07:22:35 +02:00
ffc0ab2d40
Release 2.3.1.
2022-05-16 12:27:29 +02:00
5664bfe4b6
Add PSF-license.txt file. ( #453 )
2022-05-16 07:40:04 +02:00
4074ff4132
Prepare 2.3.1 release.
2022-05-16 07:13:15 +02:00
5641e2ac9b
Release 2.3.0.
2022-05-09 20:53:39 +02:00
4cf951596f
Improve handling of IDNA/Unicode domains ( #436 )
...
* Prepare IDNA/Unicode conversion code. Use to normalize input.
* Use IDNA library first (IDNA2008) and Python's IDNA2003 implementation as a fallback.
* Make sure idna is installed.
* Add changelog fragment.
* 'punycode' → 'idna'.
* Add name_encoding options and tests.
* Avoid invalid character for IDNA2008.
* Linting.
* Forgot to upate value.
* Work around cryptography bug. Fix port handling for URIs.
* Forgot other place sensitive to cryptography bug.
* Forgot one. (Will likely still fail.)
* Decode IDNA in _compress_entry() to avoid comparison screw-ups.
* Work around Python 3.5 problem in Ansible 2.9's default test container.
* Update changelog fragment.
* Fix error, add tests.
* Python 2 compatibility.
* Update requirements.
2022-05-09 19:57:14 +02:00
90efcc1ca7
Add privatekey_content option. ( #452 )
2022-05-09 19:56:08 +02:00
43665a3892
Prepare 2.3.0 release.
2022-05-03 19:24:20 +02:00
640bdbc066
Add EE support ( #440 )
...
* Add EE files.
* Install cryptography and PyOpenSSL from PyPi.
* Revert "Install cryptography and PyOpenSSL from PyPi."
This reverts commit 6b90a1efae
2022-05-03 19:22:55 +02:00
c16d9f78b8
Make request timeout configurable for all acme modules ( #448 )
...
* Make request timeout configurable for all acme modules
Fixes #447 .
* Log change made in #448
2022-05-03 17:29:38 +02:00
91f192ce5b
Fix main for new cryptography 37.0.0 release ( #445 )
...
* Fix empty check for openssl_pkcs12 tests.
* Remove unnecessary imports.
* Prevent crash if PyOpenSSL cannot be imported because of an AttributeError.
* Add changelog fragment.
* Fix constraints file.
* Use Python 2.7 instead of 3.5 for 2.9 cloud tests (pip module is broken).
* Prevent upgrading cryptography on ansible-core 2.12's default container with Python 3.9.
2022-04-26 22:18:37 +02:00
9d03178b00
Fix crash in x509_crl when certificate issuer is specified ( #441 )
...
* Fix x509_crl certificate issuer issue.
* Add tests.
* Add changelog fragment.
2022-04-18 08:17:27 +02:00
041fff5057
Add persistent and perf options to the luks_device ( #434 )
...
Read and write work queue significantly degrades performance on
SSD/NVME devices[1].
In Debian 11 crypttab does not support no-read-workqueue and
no-write-workqueue flags, so the persistent flag is workaround: once
opened with perf parameters persists forever.
[1] https://blog.cloudflare.com/speeding-up-linux-disk-encryption/
Signed-off-by: Yauhen Artsiukhou <jsirex@gmail.com>
2022-04-10 14:30:10 +02:00
025091c3fb
Release 2.2.4
2022-03-22 13:17:36 +01:00
b0cede8231
Prepare 2.2.4 release.
2022-03-22 07:31:54 +01:00
033bab7db1
openssh_* - catch and report top-level exceptions via `fail_json` ( #417 )
...
* ensure exceptions are properly reported
* adding changelog fragment
* applying review suggestions
* typo
* adding back exception msg
2022-03-08 13:23:09 +01:00
f82dcbea21
Release 2.2.3.
2022-03-04 07:38:44 +01:00
67f511b5ad
Prepare 2.2.3 release.
2022-03-03 21:18:07 +01:00
0d4b3ed991
Fix parsing of lsblk output. ( #410 )
2022-03-02 13:48:38 +01:00
b952b103e2
Releasing 2.2.2.
2022-02-21 22:11:55 +01:00
c85659ebfc
Prepare 2.2.2 release.
2022-02-19 18:55:41 +01:00
28729657ac
x509_certificate: check existing certificate's signature for selfsigned and ownca provider ( #407 )
...
* Verify whether signature matches.
* Add changelog fragment.
* Forgot imports.
* Fix wrong name.
* Check whether the CA private key fits to the CA certificate. Use correct key in tests.
* Refactor code.
2022-02-16 07:38:11 +01:00
3ebc132c03
Regenerate certificate on CA's subject change. ( #402 )
2022-02-14 18:04:29 +01:00
11a14543c8
certificate_complete_chain: handle duplicate intermediate subjects ( #403 )
...
* Allow multiple intermediate CAs to have same subject.
* Add tests.
* Fix test name.
* Don't use CN for SAN.
* Make a bit more compatible.
* Include jinja2 compat for CentOS 6.
2022-02-14 13:29:19 +01:00
8a74b3e259
Release 2.2.1.
2022-02-05 21:28:47 +01:00
a9fcd584e9
Prepare 2.2.1 release.
2022-02-05 20:18:32 +01:00
a307618872
openssh_cert - fix full_idempotence for host certificates ( #396 )
...
* fixing host cert idempotence
* adding changelog fragment
2022-02-04 20:53:50 +01:00
90da233341
Release 2.2.0.
2022-02-01 05:49:27 +01:00
9faed1dad0
Prepare 2.2.0 release.
2022-01-31 06:02:48 +01:00
ea2e45d63f
Set LANG and similar env variables to prevent translated cryptsetup output. ( #388 )
2022-01-30 21:30:56 +01:00
b339e71973
Added 'ignore_timestamps' parameter ( #381 )
...
* Added 'ignore_timestamps' parameter
* Update plugins/modules/openssh_cert.py
Co-authored-by: Andrew Pantuso <ajpantuso@gmail.com>
* Update plugins/modules/openssh_cert.py
Co-authored-by: Andrew Pantuso <ajpantuso@gmail.com>
* Update plugins/modules/openssh_cert.py
Co-authored-by: Andrew Pantuso <ajpantuso@gmail.com>
* Added fragment
* Update plugins/modules/openssh_cert.py
Co-authored-by: Andrew Pantuso <ajpantuso@gmail.com>
* added ignore_timestamps to example
* corrected styling
* fixed styling (again)
* Update changelogs/fragments/381_openssh_cert_add_ignore_timestamps.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* splitted description as suggested by felixfontein
* fixed linebreak
* Mentioned ignore_timestamps in regenerate
Co-authored-by: Andrew Pantuso <ajpantuso@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
2022-01-20 16:15:50 +01:00
950d1d072f
Release 2.1.0.
2022-01-10 22:48:03 +01:00
cb14e73c61
Prepare 2.1.0 release.
2022-01-10 21:03:19 +01:00
62272296da
Small docs improvements ( #374 )
...
* Small improvements.
* Document behavior changes.
2022-01-10 12:05:09 +00:00
46f39efc43
Use vendored copy of distutils.version. ( #369 )
2022-01-05 21:30:11 +01:00
6ee238d961
certificate_complete_chain: avoid infinite loops, and double roots when root certificate was already part of chain ( #360 )
...
* Avoid infinite loops, and double roots when root certificate was already part of chain.
* Refactor tests for readability.
2022-01-04 07:00:09 +01:00
a539cd6939
Prepare for distutils.version being removed in Python 3.12 ( #353 )
...
* Prepare for distutils.version being removed in Python 2.12.
* Fix copy'n'paste error.
* Re-add Loose prefix.
* Fix Python version typo.
* Improve formulation.
* Move message into own line.
* Fix casing, now that the object is no longer called Version.
2021-12-24 11:28:14 +01:00
605cf2631e
Release 2.0.2.
2021-12-20 20:20:32 +01:00
ee196fd8a3
Prepare 2.0.2 release.
2021-12-20 20:15:27 +01:00
bd2270fb05
Release 2.0.1.
2021-11-22 11:41:56 +01:00
3f40795a98
Extension parsing: add new fallback code which uses the new cryptography API ( #331 )
...
* Add new code as fallback which re-serializes de-serialized extensions using the new cryptography API.
* Forgot Base64 encoding.
* Add extension by OID tests.
* There's one value which is different with the new code.
* Differences in CI.
* Working around older Jinjas.
* Value depends on which SAN was included.
* Force complete CI run now since cryptography 36.0.0 is out.
ci_complete
2021-11-22 07:42:49 +01:00
73bc0f5de7
Use new PKCS#12 deserialization code from cryptography 36.0.0 if available ( #302 )
...
* Use new PKCS#12 deserialization code from cryptography 36.0.0 if available.
* Refactor into smaller functions.
* Force complete CI run now since cryptography 36.0.0 is out.
ci_complete
2021-11-22 07:41:54 +01:00
f832c0a4ac
Fix missing s.
2021-11-22 07:41:39 +01:00
10579c8834
Prepare 2.0.1 release.
2021-11-22 07:40:23 +01:00
5de50b9f91
Fix compatibility to fetch_url change in ansible-core devel ( #339 )
...
* Fix compatibility to fetch_url change in ansible-core devel.
* Adjust tests.
2021-11-17 21:26:49 +01:00
2d388bf8d0
This is no longer a problem with the dev version of cryptography. ( #335 )
2021-11-13 17:59:17 +01:00
ebbfd7c56f
luks_device: add built-in signature wiper to work around older wipefs versions with LUKS2 containers ( #327 )
...
* Use 'cryptsetup erase' to kill LUKS signature.
* Adjust unit test.
* Use own wiper for LUKS headers.
* Add comments.
* Fix tests.
* Update changelog.
* Remove 'cryptsetup erase'.
* Improve error messages.
2021-11-11 06:59:35 +01:00
51b6bb210d
acme_certificate: fix crash when using fullchain_dest ( #324 )
...
* Fix crash when using fullchain_dest.
* Adjust changelog.
* Update plugins/module_utils/acme/backend_cryptography.py
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
2021-11-05 08:51:43 +01:00
e5acd27c9b
Release 2.0.0.
2021-11-01 19:18:03 +01:00
e6cd66df53
Add release summary. ( #319 )
2021-11-01 18:53:46 +01:00
589e7c72ef
Allow to specify subject (for CSRs) and issuer (for CRLs) ordered ( #316 )
...
* Allow to specify subject (for CSRs) and issuer (for CRLs) ordered.
* Forgot import.
* Apply suggestions from code review
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Apply suggestions from code review
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Fix typo.
* Simplify error handling, reject empty values outright.
* Document d497231e1c
2021-10-31 15:05:04 +01:00
ecbd44df22
Add warning for ASN.1 encoded extension values returned by some modules ( #318 )
...
* Add warning that ASN.1 encoded extension values returned by some modules might not reflect the exact byte sequence in the source file anymore depending on the cryptography version.
* Apply suggestions from code review
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
2021-10-31 14:34:33 +01:00
4ab2ed8b77
Add ignore_timestamps option. ( #317 )
2021-10-30 16:34:27 +02:00
eb8dabce84
Improve Python 2 Unicode handling. ( #313 )
2021-10-22 07:15:20 +02:00
c5df302faa
openssl_privatekey_info: disable private key consistency checks by default ( #309 )
...
* Disable private key consistency checks by default.
* Improve formulations, mention side-channel attacks.
2021-10-20 18:28:22 +02:00
a581f1ebcd
Remove other deprecations ( #290 )
...
* Remove deprecated redirects.
* Remove deprecations.
* Add changelog fragment.
* Add some forgotten pieces.
* Bump version to 2.0.0.
* Fix formulation.
2021-10-16 21:00:48 +02:00
5f1efb6f7e
Remove assertonly ( #289 )
...
* Remove assertonly backend.
* Remove assertonly tests.
* The expired test is basically a test of assertonly.
* Replace assertonly verification by _info + assert.
2021-10-10 10:24:00 +02:00
871a185ecb
Remove vendored copy of ipaddress ( #287 )
...
* Remove vendored copy of ipaddress.
* Forgot an import.
* Remove sanity ignores and checks related to ipaddress.
* Remove octal IPv4 address.
Such IPs are no longer accepted by ipaddress in Python's standard library (CVE-2021-29921).
* Remove unused import.
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
2021-10-06 14:53:40 +02:00
d6c0d53442
Fix PKCS#12 friendly name extraction for cryptography 35.0.0. ( #296 )
2021-10-03 20:25:24 +02:00
a2a7d94055
Support cryptography 35.0.0 for all modules except openssl_pkcs12 ( #294 )
...
* Add some workarounds for cryptography 35.0.0.
* Make fix work with very old cryptography versions as well (which supported multiple backends).
* [TEMP] Disable openssl_pkcs12 tests to see whether everything else works.
* Revert "[TEMP] Disable openssl_pkcs12 tests to see whether everything else works."
This reverts commit 3f905bc795fdb210528e
2021-10-03 16:53:22 +02:00
04958ece31
Deprecate ACME v1 ( #288 )
...
* Deprecate ACME v1.
* Fix syntax error.
2021-09-29 06:44:31 +02:00
838bdd711b
Make Dirname (de)serialization conformant to RFC 4514 ( #274 )
...
* Adjust dirName serialization to RFC 4514.
* Adjust deserialization to RFC 4514.
* Add changelog fragment.
* Use Unicode strings, and work around Python 2 and Python 3 differences and problems with old cryptography versions.
* Work with bytes, not Unicode strings, to handle escaping of Unicode endpoints correctly.
2021-09-28 18:15:38 +02:00
f644db3c79
Remove PyOpenSSL backends (except for openssl_pkcs12) ( #273 )
...
* Remove Ubuntu 16.04 (Xenial Xerus) from CI.
* Removing PyOpenSSL backend from everywhere but openssl_pkcs12.
* Remove PyOpenSSL support from module_utils that's not needed for openssl_pkcs12.
* Add changelog fragment.
2021-09-28 17:46:35 +02:00
d784e0a52b
Release 1.9.4.
2021-09-28 17:17:41 +02:00
d73a2942a2
Prepare 1.9.4 release.
2021-09-28 16:53:56 +02:00
63f4598737
acme_challenge_cert_helper: fail better to avoid crashes in Ansible ( #282 )
...
* Prevent acme_challenge_cert_helper triggering a bug in Ansible.
* Add changelog fragment.
2021-09-17 19:35:43 +02:00
598cdf0a21
Older openssl versions (1.0.1/1.0.2) do not seem to support '-' for /dev/stdin. ( #279 )
2021-09-15 20:42:52 +02:00
d90cc5142b
Release 1.9.3.
2021-09-14 08:15:32 +02:00
37aab65396
Prepare 1.9.3 release.
2021-09-14 07:14:03 +02:00
baff003ea8
Fix changelog from last time.
2021-09-14 07:13:25 +02:00
03427e35a7
Fix idempotency for non-ASCII string comparisons. ( #271 )
2021-09-14 07:06:35 +02:00
a9e358ea57
Bugfix release 1.9.2.
2021-08-30 22:01:16 +02:00
ffcdbc5d0c
Add non-existing 1.9.1 release.
2021-08-30 22:00:39 +02:00
915379459d
Release 1.9.0.
2021-08-30 20:12:47 +02:00
a4a12bae27
Prepare 1.9.0 release.
2021-08-27 05:54:45 +02:00
Felix Fontein
Songmin Li
Jonas Verhofsté
Yauhen
Andrew Pantuso
JochenKorge