~arx10/procustodibus-broker

1.1.0 2 months ago

.tar.gz browse
procustodibus-broker-1.1.0.tar.gz.sha256
sha256:35cb559351940acb53c95fcb619ae74a618119c233eab7c78d9fbaaf92891665
procustodibus-broker-1.1.0.tar.gz.sig
sha256:819406dd5829fa4969ace408dae641a084e167871c88153b2d09aadaa39e1a13 
Pro Custodibus Broker 1.1.0

Requires Pro Custodibus API version 1.1 or newer.

Changed
-------

* Use server challenge for signature authentication (insteading of
  signing an URL with a timestamp).
* Added timeout to Pro Custodibus API requests.
* Added additional hardening constraints to systemd service unit. This
  will not be upgraded automatically -- see the below "`Manually Upgrade
  Systemd Hardening`" section to apply.
* Require recent versions of package dependencies.
* Installer detect and recreate broken virtualenv.
* Installer upgrade pip and setuptools before install.

Fixed
-----

* Installer now detects and fixes conf files with wrong SELinux context
  labels.
* Installer now ensures libffi headers and other necessary OS packages
  are installed on platforms where they are needed to build PyNaCl.

Manually Upgrade Systemd Hardening
----------------------------------

The additional hardening constraints for the broker's systemd service
unit will only be installed automatically on fresh installs. It will not
be upgraded automatically. To apply the additional hardening manually,
copy the `etc/systemd.service` file from the broker tarball to the
`/etc/systemd/system/procustodibus-broker.service` file on the host,
reload the configuration, and restart the broker:

    $ sudo cp etc/systemd.service /etc/systemd/system/procustodibus-broker.service
    $ sudo systemctl daemon-reload
    $ sudo systemctl restart procustodibus-broker