Accepted certspotter 0.14.0-1 (source) into unstable
- To: debian-devel-changes@lists.debian.org
- Subject: Accepted certspotter 0.14.0-1 (source) into unstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Mon, 09 Jan 2023 15:20:01 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: certspotter_0.14.0-1_source.changes
- Debian-source: certspotter
- Debian-suite: unstable
- Debian-version: 0.14.0-1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=S2/PiX9oxEZAciJyzJm4+diTdPKnIMz6hEgvRLrWtj4=; b=paiTiSNkZfseG7UqYwbtUu1eMD KVFzWcPyXPEzrXY6mHLdJZrgIy3y6UHTB6Q9JYF6FGPIiCT+mCuM4abJkzInSElA2PrpCgc1stYYL Qf/AydbFxzCwYnHHDR7/TkgREjDgagdCoN6PhjkU4FMQjh5Q3gu0FMr6vWmtCPB5fMa8I2S6pcPpy Jt6f2mcV2epxvU1Q+h6e/t/nUs315xWINTbZg9c8lHkd2ZQiCIQ8BU1FY0BVBOWZNtO2fXaWFya3V KYp9sAwUxkOdjQABLT+HisVDzym7E0YjlVvYQCu2aqU1yMgoIvEDIB0kdQy5R6mh+Mq+23LaIqEtc qjkxDKIg==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1pEtwP-00DQTS-BN@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 08 Jan 2023 19:38:06 +0200
Source: certspotter
Architecture: source
Version: 0.14.0-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <pkg-go-maintainers@lists.alioth.debian.org>
Changed-By: Faidon Liambotis <paravoid@debian.org>
Changes:
certspotter (0.14.0-1) unstable; urgency=medium
.
* New upstream release.
- Drop Build-Depends on golang-github-mreiferson-go-httpclient-dev, as
this has been dropped upstream.
- Update d/control with adjusted upstream description.
* Restore uscan functionality, by updating d/watch to track upstream tags,
rather than GitHub releases, which are seemingly non-existent.
* Golang packaging updates:
- Switch Build-Depends from dh-golang to dh-sequence-golang.
- Switch from Built-Using to the newer Static-Built-Using.
* Add a dependency on ca-certificates, necessary because all CT logs are
accessible (only) over HTTPS.
* Add certspotter(8) and certspotter-script(8) manpages, based on existing
documentation in README, --help, as well as some amount of own work,
through looking at the code. Written in Markdown, and converted using
lowdown (a new build dependency), unless the "nodoc" profile or build
option is configured.
* Provide a better out of the box experience for certspotter, by shipping a
systemd service and timer. This includes:
- Adding a new system user and group, _certspotter, through
sysusers.d.
- Placing certspotter configuration files in LSB locations, namely
/etc/certspotter and /var/cache/certspotter.
- Creating a new /usr/libexec/certspotter-script helper, which calls
run-parts on /etc/certspotter/hooks.d, as to be able to provide a
polished way for users to run scripts. (Especially given systemd
timers, unlike cron, do not email by default).
- Provisioning a fairly contained (but not too-contained) systemd
service, and a timer to run certspotter on an hourly basis.
- Documenting some of the gotchas in README files and comments on the
watchlist, and taking special care as to NOT enable the service unless
the user has explicitly configured domains to be monitored.
* Drop the submitct binary from the package. It's undocumented in both
documentation and in its --help, and only potentially useful in certain
niche application, none of which I'm aware. If this is useful to anyone,
please file a bug report so that we can document it and ship it again.
* Switch to the "net" Section, as it is more appropriate than "devel".
* Add a couple of autopkgtests: one superficial and offline, just to ensure
the binary runs, and another that is online and tests against the
production CT logs.
* Bump Standards-Version to 4.6.1, no further changes needed.
Checksums-Sha1:
ddd0932846f9179a6646cef76f91d376cc83b710 2147 certspotter_0.14.0-1.dsc
9275cdec636101f8bbe0e727183916a70962ebd9 51800 certspotter_0.14.0.orig.tar.gz
db586645a77cc9a7883490c3910f0d61c7aa0c1f 9176 certspotter_0.14.0-1.debian.tar.xz
d94ca8fa9bb701ddd36aac8470288ad05d77e67e 6712 certspotter_0.14.0-1_source.buildinfo
Checksums-Sha256:
56cfa33c97329c3d6ede25dd086df33b01b414ece263455875c1b48d64619263 2147 certspotter_0.14.0-1.dsc
d797d8a29855c7ae7a410b09d879129814a3d9e848f06b961026faa0f0b61bd8 51800 certspotter_0.14.0.orig.tar.gz
6ca0e89d1e17c6b9f9fcd238188c682d2cb5ef18b722aeecbb7ea9e28e3ec915 9176 certspotter_0.14.0-1.debian.tar.xz
6955b62c99147c501b7c64a9322f98529cd287f8dfe2a913909e50b949b19da9 6712 certspotter_0.14.0-1_source.buildinfo
Files:
17d7666cbe36da98da0a06ba89abcbf4 2147 net optional certspotter_0.14.0-1.dsc
a08eb18111328a88e90f82916dc55029 51800 net optional certspotter_0.14.0.orig.tar.gz
5529e61ea3c4995ffa4f12fd5d8d57b1 9176 net optional certspotter_0.14.0-1.debian.tar.xz
64b380a6343247af4faa0886ae82fd53 6712 net optional certspotter_0.14.0-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEqVksUhy5BAd9ZZgAnQteWx7sjw4FAmO8KmEACgkQnQteWx7s
jw6yEg//Sc5X5xLPzmjVK/gk/a6QrOTs2YcE1QwVGp664oC7wZfXkSyk6bSHCQDi
Qz6YVKQVFj9L4jDeIXopb2Er7PFXPu9lp3t4TmaiTAztPAJRvY7EQe7OdzkWdHzl
WGT64wp7ItrqHmgnRTOVnGttHUiyE/YMfHahIxgOyL0StNLKZhJzk3b6GS65ITR9
NUPU+rqoAsfehH/QliO16gepqPgkvQXUgRbn4bLXYkjZTF6rSSLeDqTyBJ3FI6zb
el6pmjsDh1yRb4/Qr5qomyOXSfhvQMSExo0sGpRCh79d6NXFhuiHxYTYWmh8YIVF
LLA7edsDUc6RLWYxNoIxbOMJk7zWYdUItGfGBMHsOSIw/VkcT1uq62nuiSABiDw3
yQRM+F1y9CVG7PbfY9KZ4VGyc3R2VEa65QyP/TRfXxWntSSZ5TA0I2WJwLVeX9um
3O7Hj8dPGWue3NNNSi1onC662oAHsmyrNUIKOtQ9AiLIM6OdH8OiKaH+4cr/wXeW
+S0/uDD27AV8AVCzl2NKb66rCeZvO2ZdhyD5gudDbt5znMjZSyuMJrqeVbCmWdp5
P4fM0aImxquST8yvSAP3zJs7VDbOthtv/xinpblj3y0Ep1Zbp8zEoumix6JFbtKM
RByNddqhWgIijV9r1/oEz8wXQVI59Ouy2pcFiluCsQ7jl2qnhWw=
=6xPh
-----END PGP SIGNATURE-----