]>
WPIA git - gigi.git/log
Benny Baumann [Tue, 21 Feb 2017 22:46:13 +0000 (23:46 +0100)]
fix: Typo in field to exempt domains from pinging
Change-Id: Ia7c77aa1750324170dac71c17a888016ecfdceb9
Benny Baumann [Tue, 21 Feb 2017 22:45:22 +0000 (23:45 +0100)]
chg: Reuse code in template merging/append
Change-Id: Ibcddd77c8915a9797431adf8ecd2bf94202c46b0
Felix Dörre [Tue, 21 Feb 2017 00:10:10 +0000 (01:10 +0100)]
fix: typo in challenge
Change-Id: I758d9d610b05a111381121e0bf46bd14febf5e4e
Felix Dörre [Tue, 21 Feb 2017 00:07:38 +0000 (01:07 +0100)]
upd: cleanup more references
Change-Id: I132ad32bfe54e6714128ffea9cf2619a09c85885
Felix Dörre [Mon, 20 Feb 2017 23:58:32 +0000 (00:58 +0100)]
upd: remove old policies
Change-Id: I68df9fa720bf654d04308a76fb9652405ecc7ace
Felix Dörre [Sun, 19 Feb 2017 13:22:28 +0000 (14:22 +0100)]
upd: keep host names scalable and configurable
Change-Id: Ib942444b0fb525d94011dcf20ac656665f23a2bd
Felix Dörre [Sat, 18 Feb 2017 00:39:57 +0000 (01:39 +0100)]
upd: document variables in SprintfCommand more clearly
Change-Id: I4227c3f38cf811c5efddf0e5ff31775df16fe861
Felix Dörre [Fri, 17 Feb 2017 20:14:44 +0000 (21:14 +0100)]
upd: use a link-redirector for all external links.
Change-Id: I4403040fb94e7b6779c14c64bc9398c8f81546b6
Felix Dörre [Wed, 15 Feb 2017 20:49:02 +0000 (21:49 +0100)]
upd: rename package name and all references to it
Change-Id: Ie1e938a864ad93732201643f42a83148dd2f137d
Felix Dörre [Wed, 8 Feb 2017 19:50:28 +0000 (20:50 +0100)]
fix: ResultSet.getDate is often wrong as it fetches day-precision times
Change-Id: Id9394b12663e78de96a3610590587d3f15096e15
INOPIAE [Wed, 8 Feb 2017 08:27:58 +0000 (09:27 +0100)]
Add a hint what the "Request reping" is used for on the email page
fixes issue #56
Change-Id: I518082eb4c95beed01b846690264d174757790dd
INOPIAE [Wed, 8 Feb 2017 15:18:54 +0000 (16:18 +0100)]
Highlight expired nucleus bonus verifications in points overview
fixes issue #123
Change-Id: I796e0e2f81897c35307fcdc64255127f058696a2
Benny Baumann [Wed, 8 Feb 2017 09:20:17 +0000 (10:20 +0100)]
Merge "Temporarily disable SystemCallFilter"
Felix Dörre [Wed, 8 Feb 2017 08:02:48 +0000 (09:02 +0100)]
fix: empty-variable "version" in development runs.
Change-Id: Ia0cdebab2e2b8f7733c59280086db8a72ab73941
Lucas Werkmeister [Tue, 7 Feb 2017 23:36:51 +0000 (00:36 +0100)]
Temporarily disable SystemCallFilter
systemd applies drop-ins in lexicographical order (to be documented by
systemd/systemd#5262), hence the Z- prefix.
Change-Id: I589b9a4fae5cd5dd107f58f734558bfa31517f4b
Felix Dörre [Tue, 7 Feb 2017 09:17:38 +0000 (10:17 +0100)]
upd: enhance "CSRF-missing" test case exception for better debuging
Change-Id: I3dce9fb7da31987044b23dcf8310af44f64855fb
Felix Dörre [Mon, 6 Feb 2017 22:46:29 +0000 (23:46 +0100)]
upd: move external keywords to own class
Change-Id: Iad887cf134103ed6d26aa32d1358c23de0eeebae
Felix Dörre [Mon, 6 Feb 2017 22:45:13 +0000 (23:45 +0100)]
fix: display verify information only when verification token is known.
Change-Id: I12ea06f13fddc3ad931751e9751f7d87fefd6c60
Felix Dörre [Thu, 19 Jan 2017 11:30:34 +0000 (12:30 +0100)]
fix: make the pinger daemon keep cool when missing database connection
Change-Id: Ic207edc3ab008ac765787146e9752bcd0f867f9b
Lucas Werkmeister [Fri, 27 Jan 2017 11:35:10 +0000 (12:35 +0100)]
fix: add ioctl to SystemCallFilter
Apparently Java needs this to read data from a socket, but only in some
circumstances (Felix says only HTTP domain check was broken, HTTPS check
worked fine).
Change-Id: Ia1b54ef364b282631b44a8313570dafae6b8c5d4
Lucas Werkmeister [Wed, 18 Jan 2017 13:06:39 +0000 (14:06 +0100)]
upd: add more sandboxing directives to gigi-proxy.service
Most notably, the set of permitted syscalls excludes fork and many file
system commands like unlink or rmdir.
Change-Id: I87827f6ed0025570288611cf257c6e3a01769593
Felix Dörre [Tue, 10 Jan 2017 21:44:36 +0000 (22:44 +0100)]
add: fix own host name on certificate issue page
Change-Id: I7fa0e2df8afbe78017067ef8e80c9ecf3a07ca68
Felix Dörre [Tue, 3 Jan 2017 10:35:19 +0000 (11:35 +0100)]
add: detect a quiz-admin directly in gigi
Change-Id: I21854cbafae2a676db624b46975624f31a49d549
Felix Dörre [Fri, 30 Dec 2016 12:01:43 +0000 (13:01 +0100)]
fix: restrict access to CATS-API even more
Change-Id: Idb32bf7e12e0f2704541108afb9a5fcc3e0762a7
Felix Dörre [Fri, 23 Dec 2016 10:45:21 +0000 (11:45 +0100)]
fix: greatly improve performance of often-executed ping-fetch-query
Change-Id: Ic574b193f65f1fd362bf7451fe343e0caa788910
Felix Dörre [Fri, 30 Dec 2016 10:13:37 +0000 (11:13 +0100)]
add: yet another nucleus test
Change-Id: I83cb4a944f8d9e26447535b0672f87a4344458e5
Felix Dörre [Fri, 30 Dec 2016 09:44:06 +0000 (10:44 +0100)]
fix: counting of nucleus verifications
Change-Id: I4a76e579049d822d3280ffc4570f5f2248cac9a4
Felix Dörre [Thu, 29 Dec 2016 16:50:51 +0000 (17:50 +0100)]
fix: send password reset emails to the correct user
Change-Id: I6e88d9fd742255a30a9572f446a3d2b35fb0fcf0
Felix Dörre [Fri, 23 Dec 2016 10:46:53 +0000 (11:46 +0100)]
add: Implement use of Cisco Umbrella 1 Million domain list
as source for high-financial-value-domains
Information about the list is available here:
http://s3-us-west-1.amazonaws.com/umbrella-static/index.html
Blogpost about it:
https://blog.opendns.com/2016/12/14/cisco-umbrella-1-million/
Change-Id: I5d8183f5dd09e3b033301cec59b3fa1e820f236c
Felix Dörre [Thu, 15 Dec 2016 09:20:39 +0000 (10:20 +0100)]
fix: Exception when using TestManager functionality
a constant date gets older than two years at some point in time
Change-Id: I804b06258d27f535a7e9af2dd75223f099170fd0
Felix Dörre [Thu, 8 Dec 2016 15:53:28 +0000 (16:53 +0100)]
fix: generate correct urls to static resources
Change-Id: Ibd337a102b6362fa601fc38aed68031677d3ad5d
Felix Dörre [Sun, 27 Nov 2016 15:10:34 +0000 (16:10 +0100)]
upd: enforce serverAuth EKU for SSL-pings
Change-Id: Ia98447b476eb1e6b60c7471208c7cf965e482aea
Felix Dörre [Sun, 27 Nov 2016 15:14:38 +0000 (16:14 +0100)]
upd: in SSLPinger move serverAuth EKU OID to a constant
Change-Id: Ic4714e6af8a00cc58e69de2def7e9dc1bbbaff05
Felix Dörre [Sun, 27 Nov 2016 00:06:41 +0000 (01:06 +0100)]
fix: allow SSLPinger to process certs without EKU
Change-Id: Ic4c8de9e4cf5ce617dcd5613296c473678596392
Felix Dörre [Tue, 22 Nov 2016 08:30:21 +0000 (09:30 +0100)]
fix: send unsigned mail correctly
Change-Id: I12c008ceab2e0bb7b97eb329141ef2ec82dc71f4
Felix Dörre [Mon, 31 Oct 2016 09:52:52 +0000 (10:52 +0100)]
upd: use try-with-resources to protect JDBC-Statement
Change-Id: I5084448dc134d47da6aaa0dd6ed53b4aacb1c994
Felix Dörre [Tue, 25 Oct 2016 10:26:12 +0000 (12:26 +0200)]
fix: correct SQL query for issuing repings.
Change-Id: Ibabc4851514b1ebe353c6feb1e369353728f6bae
Felix Dörre [Thu, 10 Nov 2016 11:36:36 +0000 (12:36 +0100)]
upd: use "PartOf" relation in gigi-proxy.service
This enables puppet to simply manage gigi-proxy.socket
by ensuring that a restart of gigi-proxy.socket will
also restart gigi-proxy.service.
Change-Id: I96a51f38cfb4c0f5d6b5efd7a8425d90a17534b6
Felix Dörre [Thu, 10 Nov 2016 17:59:15 +0000 (18:59 +0100)]
fix: fixed date in testcases
Change-Id: I29fbf97a27309a54ed4d36463799b92ccf8a6edd
Lucas Werkmeister [Sun, 16 Oct 2016 16:22:30 +0000 (18:22 +0200)]
Merge "fix: resource leak in template fast-debug code"
Benny Baumann [Sun, 16 Oct 2016 16:22:28 +0000 (18:22 +0200)]
Merge "add: email-management-api"
Lucas Werkmeister [Sun, 16 Oct 2016 16:20:53 +0000 (18:20 +0200)]
Merge "upd: more realistic content-type for cert-downloads from API"
Felix Dörre [Fri, 7 Oct 2016 22:19:04 +0000 (00:19 +0200)]
fix: resource leak in template fast-debug code
Change-Id: I570f997bb3e61d916ccc2dfd0ad23c8225ee9020
Felix Dörre [Mon, 3 Oct 2016 12:03:38 +0000 (14:03 +0200)]
add: email-management-api
Change-Id: I4f7ca7b68e9222520738fb329ba390b07fd74b10
Felix Dörre [Mon, 3 Oct 2016 12:03:27 +0000 (14:03 +0200)]
upd: more realistic content-type for cert-downloads from API
Change-Id: I4ad6ee5c27d680cbf4750fe9d8c3a754c9a58590
Benny Baumann [Sun, 9 Oct 2016 16:20:16 +0000 (18:20 +0200)]
Merge "upd: improve digest explanation and make SHA512 default"
Lucas Werkmeister [Mon, 3 Oct 2016 16:15:22 +0000 (18:15 +0200)]
upd: improve digest explanation and make SHA512 default
See #119.
Change-Id: Ia481947c3dff9b6a9770462185c5a12f0f1d996b
Felix Dörre [Mon, 3 Oct 2016 12:02:01 +0000 (14:02 +0200)]
upd: use same-protocol-prefixes for static-links
Change-Id: I0e556b4dde914e0c8eeaccb9c6e5c703225a46ff
Felix Dörre [Thu, 29 Sep 2016 21:05:51 +0000 (23:05 +0200)]
upd: change mail footer so it is recognized by at least thunderbird.
note: significant whitespace at the end of line 5. This whitespace is
required for thunderbird to recognize the footer.
Change-Id: I3eff5903146a5b11ef522f0cb4dba1696dca2c9e
Felix Dörre [Tue, 4 Oct 2016 08:07:55 +0000 (10:07 +0200)]
Merge "fix: #112 use term “country”, not “state”"
Lucas Werkmeister [Tue, 27 Sep 2016 10:09:28 +0000 (12:09 +0200)]
fix: #112 use term “country”, not “state”
Continuation of
a1618d1 .
CertificateOwner.getById() has to be updated because users.country and
organisations.country now clash.
The User constructor is updated for consistency with the Organisation
constructor.
Change-Id: I0aeaf47fa8627ba5c4a5b35f15804e283e4a55b3
Lucas Werkmeister [Mon, 3 Oct 2016 12:35:15 +0000 (14:35 +0200)]
upd: add Also= directive to gigi-proxy.service
When the service is installed/deinstalled, install/deinstall the
accompanying socket as well. (But not the other way around: you can
install the socket alone, so that the service will only be started
on-demand.)
See systemd.unit(5).
Change-Id: I3fd4af0617e1191c96af82ae1c6491feb9dfc654
Felix Dörre [Fri, 23 Sep 2016 16:57:16 +0000 (18:57 +0200)]
upd: make output of Find-Agent-info JSON-formatted
Change-Id: I773aaff596314e83b63e8555ff8e85fce1c2cf55
Felix Dörre [Tue, 27 Sep 2016 23:21:32 +0000 (01:21 +0200)]
Merge branch 'libs/json/local'
Change-Id: Ie68cd2871a8abba4386d089f25da628ba69335cc
Felix Dörre [Tue, 27 Sep 2016 23:15:10 +0000 (01:15 +0200)]
upd: remove json-pointer feature
Change-Id: I7c19cbfbf4de25ca7545ae93f574d597b7d723dd
Felix Dörre [Tue, 27 Sep 2016 14:12:24 +0000 (16:12 +0200)]
add: import org.json
Change-Id: Ia39786f4396e70551aac44ce99ebc664366b4b0a
Felix Dörre [Tue, 27 Sep 2016 14:08:26 +0000 (16:08 +0200)]
add: import script for json.org
Change-Id: I2d67e7ce167e2ddc5a4a5d439835a0bc33861a30
Benny Baumann [Tue, 27 Sep 2016 18:21:21 +0000 (20:21 +0200)]
Merge "Fix error message"
Lucas Werkmeister [Tue, 27 Sep 2016 14:27:53 +0000 (16:27 +0200)]
Fix error message
Change-Id: Ice3d62d7f75165df86c6dce60dbc6d3e9c769918
Felix Dörre [Thu, 22 Sep 2016 21:49:48 +0000 (23:49 +0200)]
upd: make verification processes more consistent on failure
Change-Id: I0a1dfd77fea5f9b365cc166196d0068607cc2b5d
Felix Dörre [Thu, 22 Sep 2016 21:47:58 +0000 (23:47 +0200)]
fix: content of mail footer
Change-Id: I866901be3862c3646ff7911ee698c1ad23f934a6
Felix Dörre [Wed, 21 Sep 2016 11:22:21 +0000 (13:22 +0200)]
fix: S/MIME signature
See https://tools.ietf.org/html/rfc5751#section-3.1.1 for reference.
Change-Id: I9fcd558182395ec83cadb42c0d2bc5c785d49864
Benny Baumann [Tue, 20 Sep 2016 19:23:41 +0000 (21:23 +0200)]
Merge "add: support configuring SetUID behavior"
Lucas Werkmeister [Wed, 7 Sep 2016 13:03:47 +0000 (15:03 +0200)]
add: support configuring SetUID behavior
- It is now possible to skip the setuid step altogether by setting both
UID and GID to the special value -1.
- The Java code now verifies that the values are in range for an
unsigned 16-bit ID.
- The C code now verifies that the cast from jint to uid_t/gid_t does
not overflow.
- The C code now skips setuid() or setgid() if the real and effective ID
are already the desired ID.
The 16-bit limit is somewhat arbitrary. Some old UNIX systems, such as
PWB/UNIX, supported only 8-bit IDs (see for example
/usr/man/man2/getuid.2 in Henry Spencer’s tarball); Wikipedia claims
that some other UNIX systems used 15-bit values, but does not specify
which systems; Linux originally supported 16-bit IDs but then added
support for 32-bit IDs with new syscalls in Linux 2.4. On Debian
systems, the nobody user (default setuid target) is 65534, so we need to
allow at least 16-bit IDs, otherwise the default value is invalid.
Change-Id: I66600572016b18d5ff550560048cdf691dec85e8
Felix Dörre [Sat, 17 Sep 2016 20:49:13 +0000 (22:49 +0200)]
add: javadoc to "Certificate"'s constructor
Change-Id: I7f35343fde31b7eb3edf41a133d3600dd56338d9
Felix Dörre [Fri, 16 Sep 2016 12:58:05 +0000 (14:58 +0200)]
upd: factor out default client certificate profile
Change-Id: Ief1459b17cd820d0d635e89230904d2c46cd69b2
Felix Dörre [Fri, 16 Sep 2016 11:05:18 +0000 (13:05 +0200)]
add: constant for "secure." server name
Change-Id: I7cfac77e65cf965d9d7f04622e6c6322880b506e
Felix Dörre [Thu, 15 Sep 2016 18:34:49 +0000 (20:34 +0200)]
add: test redirect after login
Change-Id: I3caf0a1641a1673e13d68a5c8b9ec4885729811b
Felix Dörre [Thu, 15 Sep 2016 18:34:36 +0000 (20:34 +0200)]
fix: redirect-back after login
Change-Id: Ib416aed3f5c64909593172dcaa378fbcbd59c183
Felix Dörre [Thu, 15 Sep 2016 09:36:16 +0000 (11:36 +0200)]
add: testcase for successful certificate login
Change-Id: Ie6efe2d2a5ab6e14ca3eee95db9c5e99e498b2ce
Felix Dörre [Thu, 15 Sep 2016 07:50:53 +0000 (09:50 +0200)]
fix: deadlock possibility in "DatabaseConnection"
Change-Id: I987cd3d9a0940f1fe3cf9289ec7512b785eca5df
Felix Dörre [Thu, 15 Sep 2016 07:50:37 +0000 (09:50 +0200)]
fix: certlogin. There was a "toLower" needed instead of an "toUpper"
Change-Id: Ie233b6e920ec486a7e59d100681e86856bc7485c
INOPIAE [Thu, 15 Sep 2016 05:53:19 +0000 (07:53 +0200)]
fix: broken hyperlink formatting
Change-Id: I8209324d6fc9dbb8d5e1f0098155a3b3f3e60591
Felix Dörre [Wed, 14 Sep 2016 19:45:01 +0000 (21:45 +0200)]
Merge "upd: native Makefile improvements"
Felix Dörre [Wed, 14 Sep 2016 19:44:56 +0000 (21:44 +0200)]
Merge "upd: modified text displayed during certificate creation process"
Felix Dörre [Sat, 10 Sep 2016 14:18:48 +0000 (16:18 +0200)]
add: js-managed default values for certificate-issue-form
Change-Id: I73713d708f5fdbd505f408b6b19a7a0f7fab813b
INOPIAE [Sat, 10 Sep 2016 11:11:15 +0000 (13:11 +0200)]
upd: modified text displayed during certificate creation process
Change-Id: Ic3038b764e213e6d904ff25c115818d9b4496f7a
Felix Dörre [Sun, 11 Sep 2016 18:44:25 +0000 (20:44 +0200)]
fix: translation strings in "VerificationAgentEntered.templ"
no need to start a translation string when there is nothing
to translate
Change-Id: I2922810f617f1d9e3ec451574134dbb947c474a3
Felix Dörre [Sun, 11 Sep 2016 08:46:54 +0000 (10:46 +0200)]
upd: use serials lowercase-only
Change-Id: Ia30c803c25f6b593086df614ce1d711c1be84ebf
Felix Dörre [Sat, 10 Sep 2016 14:22:37 +0000 (16:22 +0200)]
fix: postgres conditional expression in SimpleSigner error query.
Change-Id: Ia55d3c3c5baf251c7f748153dc727a131502fe87
Felix Dörre [Sat, 10 Sep 2016 14:02:10 +0000 (16:02 +0200)]
fix: simple signer correctly parse profile-EKUs
Change-Id: Iec644be800d86fe687acccf779383e90a68bd780
Felix Dörre [Fri, 9 Sep 2016 23:37:33 +0000 (01:37 +0200)]
upd: enforce a more strict Form call pattern.
form management is now split into:
- initial generation (typically in doGet)
- actual submitting (typically in beforePost) resulting in
- an error (permament or non-permament)
- a submission result
- redirect
- success message
- custom
- re-emitting if needed (typically in doPost)
Change-Id: Ic226bb886a513b6dfbd844294d2092b653c5df5b
Lucas Werkmeister [Fri, 9 Sep 2016 20:19:31 +0000 (22:19 +0200)]
upd: native Makefile improvements
- Remove optimization. We don't need it, and -O3 in particular can
introduce bugs.
- Move -I directives to preprocessor flags.
- Add a separate goal for the header file instead of using shell &&.
- Use the special variable $(RM) to remove files, and ignore failures if
some files don't exist.
Change-Id: Icb7bd684bae6bdb860712a4e24d880b265db292a
Felix Dörre [Mon, 5 Sep 2016 17:05:17 +0000 (19:05 +0200)]
upd: use a more strict pattern for handling forms
Change-Id: I55e1087868820e652fccc7454c9ae290b6947119
Felix Dörre [Fri, 9 Sep 2016 12:07:05 +0000 (14:07 +0200)]
fix: make simple signer select CA certificate better.
Change-Id: I51d3a7849c1d5899a80c93c7222a2e97a3ff5dba
Lucas Werkmeister [Fri, 9 Sep 2016 12:47:57 +0000 (14:47 +0200)]
fix: add CAP_SETGID to gigi-standalone bounding set
I thought CAP_SETUID included CAP_SETGID, but that’s not the case, and
we need both.
Change-Id: I83adef1bec4baea2a4bd28aafe8c1686f2932014
INOPIAE [Mon, 22 Aug 2016 08:24:15 +0000 (10:24 +0200)]
add: test case for user opt-in notification for RA Agents
Change-Id: I896cb3d9f6c6f894001cb8d26f6a84f8b3fc8e6c
INOPIAE [Fri, 19 Aug 2016 13:22:27 +0000 (15:22 +0200)]
add: implement opt-in for notification of RA Agent
Sets the opt-in value for an RA Agent to receive a notification for
every Verification he enters and sends notification if value is given.
fixes issue #95
Change-Id: I4a544712831aa45b9b5ec252c79834c1f10fb179
Felix Dörre [Wed, 7 Sep 2016 20:58:55 +0000 (22:58 +0200)]
Merge changes Ia0c9d6da,I9e50cc2d
* changes:
add: tests for EditDistance
add: improvement of template parsing
Johannes Bechberger [Mon, 5 Sep 2016 20:38:18 +0000 (22:38 +0200)]
add: tests for EditDistance
Change-Id: Ia0c9d6da088cc4060ebd6b24d1d8a34eb99c4e6d
Johannes Bechberger [Mon, 5 Sep 2016 18:01:39 +0000 (20:01 +0200)]
add: improvement of template parsing
Change-Id: I9e50cc2d8d30b7b795dedb9dee02ade4d090d891
INOPIAE [Fri, 2 Sep 2016 03:52:39 +0000 (05:52 +0200)]
chg: replace CAcert Wot User by SomeCA User when creating certificates
Change-Id: I71bfb43f10ec7e4d39a4ccbb27305afb708df4e3
Felix Dörre [Sun, 4 Sep 2016 11:53:10 +0000 (13:53 +0200)]
fix: print error messages for translation extraction to stderr
Change-Id: I26c6294d93463575ce02a5a0752a37814eb47a0d
Felix Dörre [Sat, 3 Sep 2016 13:05:30 +0000 (15:05 +0200)]
add: fail build when translation extraction has a problem.
Change-Id: Ibeeb1f674ce09a131cac21fa6a5df3516b586e60
Felix Dörre [Sat, 3 Sep 2016 15:07:57 +0000 (17:07 +0200)]
upd: cleanup SQL statements to make them statically verifiable.
Change-Id: I4e7b773bf13a1c5a9b979a995bf72fe5ba45f9d0
Benny Baumann [Tue, 6 Sep 2016 06:55:10 +0000 (08:55 +0200)]
Merge "fix: language detection pattern for Group description"
Felix Dörre [Sun, 4 Sep 2016 11:47:56 +0000 (13:47 +0200)]
fix: language detection pattern for Group description
Change-Id: I15ead19d4a218b527eb25430659355d5e47029ad
Felix Dörre [Sat, 3 Sep 2016 14:12:57 +0000 (16:12 +0200)]
fix: SQL query was wrong
Change-Id: I3637c59944fdd5fc2e61a991b51781b3b9d746db
Felix Dörre [Sat, 3 Sep 2016 15:24:24 +0000 (17:24 +0200)]
Merge "Replace init scripts with systemd unit files"
Lucas Werkmeister [Tue, 30 Aug 2016 12:35:05 +0000 (14:35 +0200)]
Replace init scripts with systemd unit files
The package installs four unit files. gigi-standalone.service works just
like the old cacert-gigi service: gigi will start as root, manage its
own ports, then drop privileges. gigi-proxy.service and .socket let
systemd manage the port and start gigi as its dedicated user. These
services need different configuration for gigi: for the proxy version,
the configuration must contain proxy=true and http.bindPort=stdin, while
for the standalone version the configuration must have proxy=false and
specify real ports. For this reason, we also disable Debian's policy to
automatically start services upon package installation.
(gigi-simple-signer.service is a direct conversion of
cacert-gigi-signer.init.)
Very simple init scripts for gigi-standalone and gigi-simple-signer are
provided, so that running /etc/init.d/gigi-standalone start will still
work. The scripts simply redirect to systemctl; the LSB header is not
included, since the scripts are useless on their own.
Change-Id: I53f0c825880d1b8c082496106a018957d6128392