1.1.0 9 months ago

Pro Custodibus Broker 1.1.0

Requires Pro Custodibus API version 1.1 or newer.


* Use server challenge for signature authentication (insteading of
  signing an URL with a timestamp).
* Added timeout to Pro Custodibus API requests.
* Added additional hardening constraints to systemd service unit. This
  will not be upgraded automatically -- see the below "`Manually Upgrade
  Systemd Hardening`" section to apply.
* Require recent versions of package dependencies.
* Installer detect and recreate broken virtualenv.
* Installer upgrade pip and setuptools before install.


* Installer now detects and fixes conf files with wrong SELinux context
* Installer now ensures libffi headers and other necessary OS packages
  are installed on platforms where they are needed to build PyNaCl.

Manually Upgrade Systemd Hardening

The additional hardening constraints for the broker's systemd service
unit will only be installed automatically on fresh installs. It will not
be upgraded automatically. To apply the additional hardening manually,
copy the `etc/systemd.service` file from the broker tarball to the
`/etc/systemd/system/procustodibus-broker.service` file on the host,
reload the configuration, and restart the broker:

    $ sudo cp etc/systemd.service /etc/systemd/system/procustodibus-broker.service
    $ sudo systemctl daemon-reload
    $ sudo systemctl restart procustodibus-broker