v1.21

This backports some of the fixes from 2.0 for situations where it's too much work to make the transition to the new packaging system.

• Fix the httokensh background process's check for its parent process. That is only a backup in case only the parent process is hard-killed, because normally the parent process kills the background process when the parent exits.
• Use newer sts secrets API for token exchanges.
• Fix the -o/--outfile option to work with relative paths.
• Change the --nobearertoken option to always get and save a vault token.

v2.0-2

• Fix broken httokendecode symlink.
• Use python wheels to build/install on el9. It didn't work on el8 so the use of wheels was removed at the last minute before the 2.0-1 release (without removing it from the changelog like it should have).

v2.0

• Replace use of m2crypto and pyOpenSSL with urllib3
• Replace use of pykerberos with gssapi
• Use standard Requires for Python modules instead of PyInstaller
• Add --vaultcertname option to specify an alternative certificate name. That used to be an additional optional meaning of the --vaultalias option, but urllib3 requires only one name to match.
• Add setuptools build infrastructure
• Refactor htgettoken script into module with entry point. This enables invoking htgettoken as htgettoken.main() from Python.
• Use wheels to build/install Python package, which simplified the entry points and improves (slightly) the metadata
• Fix the httokensh background process's check for its parent process. That is only a backup in case only the parent process is hard-killed, because normally the parent process kills the background process when the parent exits.
• Use newer sts secrets API for token exchanges.
• Fix the -o/--outfile option to work with relative paths.
• Change the --nobearertoken option to always get and save a vault token.

v1.20

• Update httokensh to by default set the minimum vault token time to live to 6 days, and to make sure that the background refresh never gets a new vault token.
• Changed the preferred name of httokendecode to htdecodetoken, keeping links in the opposite direction.
• Add man pages for httokensh, htdestroytoken, and htdecodetoken.

v1.19

• Add httokensh command

v1.18

• Fix crash introduced in 1.17 when using --nobearertoken while the credkey is not known.
• Make source rpm buildable on el9.

v1.18-1

This release does not change the main htgettoken package, it only changes make-downloads to avoid using --no-deps when it can. That re-enables building without network access for example on OSG koji.

v1.17

• Fix the usage of getaddrinfo, which caused a fatal error on python3.9 on Mac.
• Make --showbearerurl work properly in combination with --nobearertoken.
• Change the httokendecode error message for a missing token file to stderr instead of stdin.

v1.16

• Fix httokendecode -H functionality to only attempt to convert a parsed word if it is entirely numeric, not if it just contains one digit. At the same time, rewrite the functionality in native bash instead of using grep and sed.
• Add htdestroytoken command.
• Add a symlink htdecodetoken pointing to httokendecode.

v1.15

• Revert to prior method for allowing --vaultalias as an alternate name for matching the host cert. It doesn't support wildcard certs, but it permits allowing either the original host name or the alias and avoids needing separate alias options for kerberos and https.