lacme 0.6-1 source package in Ubuntu

Changelog

lacme (0.6-1) unstable; urgency=medium

  * New upstream release.
  * d/control: Bump Standards-Version to 4.4.0 (no changes necessary).
  * d/compat, d/control: Bump debhelper compatibility level to 12.

 -- Guilhem Moulin <email address hidden>  Wed, 21 Aug 2019 23:50:15 +0200

Upload details

Uploaded by:
Guilhem Moulin on 2019-08-22
Uploaded to:
Sid
Original maintainer:
Guilhem Moulin
Architectures:
all
Section:
misc
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Eoan release on 2019-08-22 universe misc

Builds

Eoan: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
lacme_0.6-1.dsc 1.8 KiB 6846e13daacb847200cdeb888086dc263e0aac2b5b1a60acd0fd819de7f5377f
lacme_0.6.orig.tar.gz 44.6 KiB 3b791b53a44d442ce40da5d782d007d10d5cf25a5dfc271e13b596786d8c8425
lacme_0.6-1.debian.tar.xz 3.2 KiB 702ff523cb77774ff8541f1090271eef7d76debdea0c515ffc25857c733a011b

Available diffs

No changes file available.

Binary packages built by this source

lacme: ACME client written with process isolation and minimal privileges in mind

 lacme is divided into four components, each with its own executable:
 .
  * A process to manage the account key and issue SHA-256 signatures needed for
    each ACME command. (This process binds to a UNIX-domain socket to reply to
    signature requests from the ACME client.) One can use the UNIX-domain
    socket forwarding facility of OpenSSH 6.7 and later to run this process on
    a different host.
 .
  * A "master" process, which runs as root and is the only component
    with access to the private key material of the server keys. It is used to
    fork the ACME client (and optionally the ACME webserver) after dropping
    root privileges. For certificate issuances, it also generates Certificate
    Signing Requests, then verifies the validity of the issued certificate, and
    optionally reloads or restarts services.
 .
  * An actual ACME client, which builds ACME commands and dialogues with
    the remote ACME server. Since ACME commands need to be signed with the
    account key, the "master" process passes the UNIX-domain socket of the
    account key manager to the ACME client: data signatures are requested by
    writing the data to be signed to the socket.
 .
  * For certificate issuances, an optional webserver, which is spawned
    by the "master" process when no service is listening on the HTTP port.
    (The only challenge type currently supported is "http-01", which requires a
    webserver to answer challenges.) That webserver only processes GET and
    HEAD requests under the "/.well-known/acme-challenge/" URI. By default
    some iptables(8) rules are automatically installed to open the HTTP port,
    and removed afterwards.

lacme-accountd: lacme account key manager

 lacme is an ACME client written with process isolation and minimal privileges
 in mind. It is divided into four components, each with its own executable:
 .
  * A process to manage the account key and issue SHA-256 signatures needed for
    each ACME command. (This process binds to a UNIX-domain socket to reply to
    signature requests from the ACME client.) One can use the UNIX-domain
    socket forwarding facility of OpenSSH 6.7 and later to run this process on
    a different host.
 .
  * A "master" process, which runs as root and is the only component
    with access to the private key material of the server keys. It is used to
    fork the ACME client (and optionally the ACME webserver) after dropping
    root privileges. For certificate issuances, it also generates Certificate
    Signing Requests, then verifies the validity of the issued certificate, and
    optionally reloads or restarts services.
 .
  * An actual ACME client, which builds ACME commands and dialogues with
    the remote ACME server. Since ACME commands need to be signed with the
    account key, the "master" process passes the UNIX-domain socket of the
    account key manager to the ACME client: data signatures are requested by
    writing the data to be signed to the socket.
 .
  * For certificate issuances, an optional webserver, which is spawned
    by the "master" process when no service is listening on the HTTP port.
    (The only challenge type currently supported is "http-01", which requires a
    webserver to answer challenges.) That webserver only processes GET and
    HEAD requests under the "/.well-known/acme-challenge/" URI. iptables(8)
    rules can optionally be installed to temporarily open the HTTP port.
 .
 lacme-accountd is the first (account key manager) component. It is the only
 component with access to the account key.