Release 1.9.26.

Prepare 1.9.26 EOL release.
Improve communication link description.
2026-05-06 13:22:58 +00:00 · 2024-08-28 17:38:23 +02:00 · 2024-08-28 17:33:43 +02:00 · 2024-08-15 21:41:36 +02:00 · 2024-08-12 13:00:57 +02:00 · 2024-07-21 15:06:44 +02:00
40 changed files with 1184 additions and 970 deletions
--- a/.azure-pipelines/README.md
+++ b/.azure-pipelines/README.md
@@ -1,3 +0,0 @@
-## Azure Pipelines Configuration
-
-Please see the [Documentation](https://github.com/ansible/community/wiki/Testing:-Azure-Pipelines) for more information.
--- a/.azure-pipelines/azure-pipelines.yml
+++ b/.azure-pipelines/azure-pipelines.yml
@@ -1,134 +0,0 @@
-trigger:
-  batch: true
-  branches:
-    include:
-      - main
-      - stable-*
-
-pr:
-  autoCancel: true
-  branches:
-    include:
-      - main
-      - stable-*
-
-schedules:
-  - cron: 0 9 * * *
-    displayName: Nightly
-    always: true
-    branches:
-      include:
-        - main
-  - cron: 0 12 * * 0
-    displayName: Weekly (old stable branches)
-    always: true
-    branches:
-      include:
-        - stable-*
-
-variables:
-  - name: checkoutPath
-    value: ansible_collections/community/crypto
-  - name: coverageBranches
-    value: main
-  - name: pipelinesCoverage
-    value: coverage
-  - name: entryPoint
-    value: tests/utils/shippable/shippable.sh
-  - name: fetchDepth
-    value: 0
-
-resources:
-  containers:
-    - container: default
-      image: quay.io/ansible/azure-pipelines-test-container:4.0.1
-
-pool: Standard
-
-stages:
-### Sanity & units
-  - stage: Ansible_2_13
-    displayName: Sanity & Units 2.13
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          targets:
-            - name: Sanity
-              test: '2.13/sanity/1'
-            - name: Sanity Extra # Only on devel
-              test: '2.13/sanity/extra'
-            - name: Units
-              test: '2.13/units/1'
-### Docker
-  - stage: Docker_2_13
-    displayName: Docker 2.13
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: 2.13/linux/{0}/1
-          targets:
-            - name: CentOS 7
-              test: centos7
-            - name: Fedora 34
-              test: fedora34
-            - name: Fedora 35
-              test: fedora35
-            - name: openSUSE 15 py2
-              test: opensuse15py2
-            - name: openSUSE 15 py3
-              test: opensuse15
-            - name: Ubuntu 18.04
-              test: ubuntu1804
-            - name: Ubuntu 20.04
-              test: ubuntu2004
-
-### Remote
-  - stage: Remote_2_13
-    displayName: Remote 2.13
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: 2.13/{0}/1
-          targets:
-            - name: macOS 12.0
-              test: macos/12.0
-            - name: RHEL 7.9
-              test: rhel/7.9
-            - name: RHEL 8.5
-              test: rhel/8.5
-            # - name: FreeBSD 12.4
-            #   test: freebsd/12.4
-            # - name: FreeBSD 13.1
-            #   test: freebsd/13.1
-### cloud
-  - stage: Cloud_2_13
-    displayName: Cloud 2.13
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          nameFormat: Python {0}
-          testFormat: 2.13/cloud/{0}/1
-          targets:
-            - test: 2.7
-            - test: 3.5
-            - test: 3.6
-            - test: 3.7
-            # - test: 3.8
-            - test: 3.9
-            - test: "3.10"
-
-  ## Finally
-
-  - stage: Summary
-    condition: succeededOrFailed()
-    dependsOn:
-      - Ansible_2_13
-      - Remote_2_13
-      - Docker_2_13
-      - Cloud_2_13
-    jobs:
-      - template: templates/coverage.yml
--- a/.azure-pipelines/scripts/aggregate-coverage.sh
+++ b/.azure-pipelines/scripts/aggregate-coverage.sh
@@ -1,24 +0,0 @@
-#!/usr/bin/env bash
-# Aggregate code coverage results for later processing.
-
-set -o pipefail -eu
-
-agent_temp_directory="$1"
-
-PATH="${PWD}/bin:${PATH}"
-
-mkdir "${agent_temp_directory}/coverage/"
-
-if [[ "$(ansible --version)" =~ \ 2\.9\. ]]; then
-    exit
-fi
-
-options=(--venv --venv-system-site-packages --color -v)
-
-ansible-test coverage combine --group-by command --export "${agent_temp_directory}/coverage/" "${options[@]}"
-
-if ansible-test coverage analyze targets generate --help >/dev/null 2>&1; then
-    # Only analyze coverage if the installed version of ansible-test supports it.
-    # Doing so allows this script to work unmodified for multiple Ansible versions.
-    ansible-test coverage analyze targets generate "${agent_temp_directory}/coverage/coverage-analyze-targets.json" "${options[@]}"
-fi
--- a/.azure-pipelines/scripts/combine-coverage.py
+++ b/.azure-pipelines/scripts/combine-coverage.py
@@ -1,60 +0,0 @@
-#!/usr/bin/env python
-"""
-Combine coverage data from multiple jobs, keeping the data only from the most recent attempt from each job.
-Coverage artifacts must be named using the format: "Coverage $(System.JobAttempt) {StableUniqueNameForEachJob}"
-The recommended coverage artifact name format is: Coverage $(System.JobAttempt) $(System.StageDisplayName) $(System.JobDisplayName)
-Keep in mind that Azure Pipelines does not enforce unique job display names (only names).
-It is up to pipeline authors to avoid name collisions when deviating from the recommended format.
-"""
-
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
-
-import os
-import re
-import shutil
-import sys
-
-
-def main():
-    """Main program entry point."""
-    source_directory = sys.argv[1]
-
-    if '/ansible_collections/' in os.getcwd():
-        output_path = "tests/output"
-    else:
-        output_path = "test/results"
-
-    destination_directory = os.path.join(output_path, 'coverage')
-
-    if not os.path.exists(destination_directory):
-        os.makedirs(destination_directory)
-
-    jobs = {}
-    count = 0
-
-    for name in os.listdir(source_directory):
-        match = re.search('^Coverage (?P<attempt>[0-9]+) (?P<label>.+)$', name)
-        label = match.group('label')
-        attempt = int(match.group('attempt'))
-        jobs[label] = max(attempt, jobs.get(label, 0))
-
-    for label, attempt in jobs.items():
-        name = 'Coverage {attempt} {label}'.format(label=label, attempt=attempt)
-        source = os.path.join(source_directory, name)
-        source_files = os.listdir(source)
-
-        for source_file in source_files:
-            source_path = os.path.join(source, source_file)
-            destination_path = os.path.join(destination_directory, source_file + '.' + label)
-            print('"%s" -> "%s"' % (source_path, destination_path))
-            shutil.copyfile(source_path, destination_path)
-            count += 1
-
-    print('Coverage file count: %d' % count)
-    print('##vso[task.setVariable variable=coverageFileCount]%d' % count)
-    print('##vso[task.setVariable variable=outputPath]%s' % output_path)
-
-
-if __name__ == '__main__':
-    main()
--- a/.azure-pipelines/scripts/process-results.sh
+++ b/.azure-pipelines/scripts/process-results.sh
@@ -1,24 +0,0 @@
-#!/usr/bin/env bash
-# Check the test results and set variables for use in later steps.
-
-set -o pipefail -eu
-
-if [[ "$PWD" =~ /ansible_collections/ ]]; then
-    output_path="tests/output"
-else
-    output_path="test/results"
-fi
-
-echo "##vso[task.setVariable variable=outputPath]${output_path}"
-
-if compgen -G "${output_path}"'/junit/*.xml' > /dev/null; then
-    echo "##vso[task.setVariable variable=haveTestResults]true"
-fi
-
-if compgen -G "${output_path}"'/bot/ansible-test-*' > /dev/null; then
-    echo "##vso[task.setVariable variable=haveBotResults]true"
-fi
-
-if compgen -G "${output_path}"'/coverage/*' > /dev/null; then
-    echo "##vso[task.setVariable variable=haveCoverageData]true"
-fi
--- a/.azure-pipelines/scripts/publish-codecov.py
+++ b/.azure-pipelines/scripts/publish-codecov.py
@@ -1,101 +0,0 @@
-#!/usr/bin/env python
-"""
-Upload code coverage reports to codecov.io.
-Multiple coverage files from multiple languages are accepted and aggregated after upload.
-Python coverage, as well as PowerShell and Python stubs can all be uploaded.
-"""
-
-import argparse
-import dataclasses
-import pathlib
-import shutil
-import subprocess
-import tempfile
-import typing as t
-import urllib.request
-
-
-@dataclasses.dataclass(frozen=True)
-class CoverageFile:
-    name: str
-    path: pathlib.Path
-    flags: t.List[str]
-
-
-@dataclasses.dataclass(frozen=True)
-class Args:
-    dry_run: bool
-    path: pathlib.Path
-
-
-def parse_args() -> Args:
-    parser = argparse.ArgumentParser()
-    parser.add_argument('-n', '--dry-run', action='store_true')
-    parser.add_argument('path', type=pathlib.Path)
-
-    args = parser.parse_args()
-
-    # Store arguments in a typed dataclass
-    fields = dataclasses.fields(Args)
-    kwargs = {field.name: getattr(args, field.name) for field in fields}
-
-    return Args(**kwargs)
-
-
-def process_files(directory: pathlib.Path) -> t.Tuple[CoverageFile, ...]:
-    processed = []
-    for file in directory.joinpath('reports').glob('coverage*.xml'):
-        name = file.stem.replace('coverage=', '')
-
-        # Get flags from name
-        flags = name.replace('-powershell', '').split('=')  # Drop '-powershell' suffix
-        flags = [flag if not flag.startswith('stub') else flag.split('-')[0] for flag in flags]  # Remove "-01" from stub files
-
-        processed.append(CoverageFile(name, file, flags))
-
-    return tuple(processed)
-
-
-def upload_files(codecov_bin: pathlib.Path, files: t.Tuple[CoverageFile, ...], dry_run: bool = False) -> None:
-    for file in files:
-        cmd = [
-            str(codecov_bin),
-            '--name', file.name,
-            '--file', str(file.path),
-        ]
-        for flag in file.flags:
-            cmd.extend(['--flags', flag])
-
-        if dry_run:
-            print(f'DRY-RUN: Would run command: {cmd}')
-            continue
-
-        subprocess.run(cmd, check=True)
-
-
-def download_file(url: str, dest: pathlib.Path, flags: int, dry_run: bool = False) -> None:
-    if dry_run:
-        print(f'DRY-RUN: Would download {url} to {dest} and set mode to {flags:o}')
-        return
-
-    with urllib.request.urlopen(url) as resp:
-        with dest.open('w+b') as f:
-            # Read data in chunks rather than all at once
-            shutil.copyfileobj(resp, f, 64 * 1024)
-
-    dest.chmod(flags)
-
-
-def main():
-    args = parse_args()
-    url = 'https://ansible-ci-files.s3.amazonaws.com/codecov/linux/codecov'
-    with tempfile.TemporaryDirectory(prefix='codecov-') as tmpdir:
-        codecov_bin = pathlib.Path(tmpdir) / 'codecov'
-        download_file(url, codecov_bin, 0o755, args.dry_run)
-
-        files = process_files(args.path)
-        upload_files(codecov_bin, files, args.dry_run)
-
-
-if __name__ == '__main__':
-    main()
--- a/.azure-pipelines/scripts/report-coverage.sh
+++ b/.azure-pipelines/scripts/report-coverage.sh
@@ -1,19 +0,0 @@
-#!/usr/bin/env bash
-# Generate code coverage reports for uploading to Azure Pipelines and codecov.io.
-
-set -o pipefail -eu
-
-PATH="${PWD}/bin:${PATH}"
-
-if [[ "$(ansible --version)" =~ \ 2\.9\. ]]; then
-    exit
-fi
-
-if ! ansible-test --help >/dev/null 2>&1; then
-    # Install the devel version of ansible-test for generating code coverage reports.
-    # This is only used by Ansible Collections, which are typically tested against multiple Ansible versions (in separate jobs).
-    # Since a version of ansible-test is required that can work the output from multiple older releases, the devel version is used.
-    pip install https://github.com/ansible/ansible/archive/devel.tar.gz --disable-pip-version-check
-fi
-
-ansible-test coverage xml --group-by command --stub --venv --venv-system-site-packages --color -v
--- a/.azure-pipelines/scripts/run-tests.sh
+++ b/.azure-pipelines/scripts/run-tests.sh
@@ -1,34 +0,0 @@
-#!/usr/bin/env bash
-# Configure the test environment and run the tests.
-
-set -o pipefail -eu
-
-entry_point="$1"
-test="$2"
-read -r -a coverage_branches <<< "$3"  # space separated list of branches to run code coverage on for scheduled builds
-
-export COMMIT_MESSAGE
-export COMPLETE
-export COVERAGE
-export IS_PULL_REQUEST
-
-if [ "${SYSTEM_PULLREQUEST_TARGETBRANCH:-}" ]; then
-    IS_PULL_REQUEST=true
-    COMMIT_MESSAGE=$(git log --format=%B -n 1 HEAD^2)
-else
-    IS_PULL_REQUEST=
-    COMMIT_MESSAGE=$(git log --format=%B -n 1 HEAD)
-fi
-
-COMPLETE=
-COVERAGE=
-
-if [ "${BUILD_REASON}" = "Schedule" ]; then
-    COMPLETE=yes
-
-    if printf '%s\n' "${coverage_branches[@]}" | grep -q "^${BUILD_SOURCEBRANCHNAME}$"; then
-        COVERAGE=yes
-    fi
-fi
-
-"${entry_point}" "${test}" 2>&1 | "$(dirname "$0")/time-command.py"
--- a/.azure-pipelines/scripts/time-command.py
+++ b/.azure-pipelines/scripts/time-command.py
@@ -1,25 +0,0 @@
-#!/usr/bin/env python
-"""Prepends a relative timestamp to each input line from stdin and writes it to stdout."""
-
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
-
-import sys
-import time
-
-
-def main():
-    """Main program entry point."""
-    start = time.time()
-
-    sys.stdin.reconfigure(errors='surrogateescape')
-    sys.stdout.reconfigure(errors='surrogateescape')
-
-    for line in sys.stdin:
-        seconds = time.time() - start
-        sys.stdout.write('%02d:%02d %s' % (seconds // 60, seconds % 60, line))
-        sys.stdout.flush()
-
-
-if __name__ == '__main__':
-    main()
--- a/.azure-pipelines/templates/coverage.yml
+++ b/.azure-pipelines/templates/coverage.yml
@@ -1,39 +0,0 @@
-# This template adds a job for processing code coverage data.
-# It will upload results to Azure Pipelines and codecov.io.
-# Use it from a job stage that completes after all other jobs have completed.
-# This can be done by placing it in a separate summary stage that runs after the test stage(s) have completed.
-
-jobs:
-  - job: Coverage
-    displayName: Code Coverage
-    container: default
-    workspace:
-      clean: all
-    steps:
-      - checkout: self
-        fetchDepth: $(fetchDepth)
-        path: $(checkoutPath)
-      - task: DownloadPipelineArtifact@2
-        displayName: Download Coverage Data
-        inputs:
-          path: coverage/
-          patterns: "Coverage */*=coverage.combined"
-      - bash: .azure-pipelines/scripts/combine-coverage.py coverage/
-        displayName: Combine Coverage Data
-      - bash: .azure-pipelines/scripts/report-coverage.sh
-        displayName: Generate Coverage Report
-        condition: gt(variables.coverageFileCount, 0)
-      - task: PublishCodeCoverageResults@1
-        inputs:
-          codeCoverageTool: Cobertura
-          # Azure Pipelines only accepts a single coverage data file.
-          # That means only Python or PowerShell coverage can be uploaded, but not both.
-          # Set the "pipelinesCoverage" variable to determine which type is uploaded.
-          # Use "coverage" for Python and "coverage-powershell" for PowerShell.
-          summaryFileLocation: "$(outputPath)/reports/$(pipelinesCoverage).xml"
-        displayName: Publish to Azure Pipelines
-        condition: gt(variables.coverageFileCount, 0)
-      - bash: .azure-pipelines/scripts/publish-codecov.py "$(outputPath)"
-        displayName: Publish to codecov.io
-        condition: gt(variables.coverageFileCount, 0)
-        continueOnError: true
--- a/.azure-pipelines/templates/matrix.yml
+++ b/.azure-pipelines/templates/matrix.yml
@@ -1,55 +0,0 @@
-# This template uses the provided targets and optional groups to generate a matrix which is then passed to the test template.
-# If this matrix template does not provide the required functionality, consider using the test template directly instead.
-
-parameters:
-  # A required list of dictionaries, one per test target.
-  # Each item in the list must contain a "test" or "name" key.
-  # Both may be provided. If one is omitted, the other will be used.
-  - name: targets
-    type: object
-
-  # An optional list of values which will be used to multiply the targets list into a matrix.
-  # Values can be strings or numbers.
-  - name: groups
-    type: object
-    default: []
-
-  # An optional format string used to generate the job name.
-  # - {0} is the name of an item in the targets list.
-  - name: nameFormat
-    type: string
-    default: "{0}"
-
-  # An optional format string used to generate the test name.
-  # - {0} is the name of an item in the targets list.
-  - name: testFormat
-    type: string
-    default: "{0}"
-
-  # An optional format string used to add the group to the job name.
-  # {0} is the formatted name of an item in the targets list.
-  # {{1}} is the group -- be sure to include the double "{{" and "}}".
-  - name: nameGroupFormat
-    type: string
-    default: "{0} - {{1}}"
-
-  # An optional format string used to add the group to the test name.
-  # {0} is the formatted test of an item in the targets list.
-  # {{1}} is the group -- be sure to include the double "{{" and "}}".
-  - name: testGroupFormat
-    type: string
-    default: "{0}/{{1}}"
-
-jobs:
-  - template: test.yml
-    parameters:
-      jobs:
-        - ${{ if eq(length(parameters.groups), 0) }}:
-          - ${{ each target in parameters.targets }}:
-            - name: ${{ format(parameters.nameFormat, coalesce(target.name, target.test)) }}
-              test: ${{ format(parameters.testFormat, coalesce(target.test, target.name)) }}
-        - ${{ if not(eq(length(parameters.groups), 0)) }}:
-          - ${{ each group in parameters.groups }}:
-            - ${{ each target in parameters.targets }}:
-              - name: ${{ format(format(parameters.nameGroupFormat, parameters.nameFormat), coalesce(target.name, target.test), group) }}
-                test: ${{ format(format(parameters.testGroupFormat, parameters.testFormat), coalesce(target.test, target.name), group) }}
--- a/.azure-pipelines/templates/test.yml
+++ b/.azure-pipelines/templates/test.yml
@@ -1,45 +0,0 @@
-# This template uses the provided list of jobs to create test one or more test jobs.
-# It can be used directly if needed, or through the matrix template.
-
-parameters:
-  # A required list of dictionaries, one per test job.
-  # Each item in the list must contain a "job" and "name" key.
-  - name: jobs
-    type: object
-
-jobs:
-  - ${{ each job in parameters.jobs }}:
-    - job: test_${{ replace(replace(replace(job.test, '/', '_'), '.', '_'), '-', '_') }}
-      displayName: ${{ job.name }}
-      container: default
-      workspace:
-        clean: all
-      steps:
-        - checkout: self
-          fetchDepth: $(fetchDepth)
-          path: $(checkoutPath)
-        - bash: .azure-pipelines/scripts/run-tests.sh "$(entryPoint)" "${{ job.test }}" "$(coverageBranches)"
-          displayName: Run Tests
-        - bash: .azure-pipelines/scripts/process-results.sh
-          condition: succeededOrFailed()
-          displayName: Process Results
-        - bash: .azure-pipelines/scripts/aggregate-coverage.sh "$(Agent.TempDirectory)"
-          condition: eq(variables.haveCoverageData, 'true')
-          displayName: Aggregate Coverage Data
-        - task: PublishTestResults@2
-          condition: eq(variables.haveTestResults, 'true')
-          inputs:
-            testResultsFiles: "$(outputPath)/junit/*.xml"
-          displayName: Publish Test Results
-        - task: PublishPipelineArtifact@1
-          condition: eq(variables.haveBotResults, 'true')
-          displayName: Publish Bot Results
-          inputs:
-            targetPath: "$(outputPath)/bot/"
-            artifactName: "Bot $(System.JobAttempt) $(System.StageDisplayName) $(System.JobDisplayName)"
-        - task: PublishPipelineArtifact@1
-          condition: eq(variables.haveCoverageData, 'true')
-          displayName: Publish Coverage Data
-          inputs:
-            targetPath: "$(Agent.TempDirectory)/coverage/"
-            artifactName: "Coverage $(System.JobAttempt) $(System.StageDisplayName) $(System.JobDisplayName)"
--- a/.github/workflows/ansible-test.yml
+++ b/.github/workflows/ansible-test.yml
@@ -26,6 +26,7 @@ jobs:
          - '2.10'
          - '2.11'
          - '2.12'
+          - '2.13'
    # Ansible-test on various stable branches does not yet work well with cgroups v2.
    # Since ubuntu-latest now uses Ubuntu 22.04, we need to fall back to the ubuntu-20.04
    # image for these stable branches. The list of branches where this is necessary will
@@ -39,8 +40,9 @@ jobs:
      - name: Perform sanity testing
        uses: felixfontein/ansible-test-gh-action@main
        with:
-          ansible-core-github-repository-slug: ${{ contains(fromJson('["2.10", "2.11"]'), matrix.ansible) && 'felixfontein/ansible' || 'ansible/ansible' }}
+          ansible-core-github-repository-slug: ${{ contains(fromJson('["2.9", "2.10", "2.11"]'), matrix.ansible) && 'ansible-community/eol-ansible' || 'ansible/ansible' }}
          ansible-core-version: stable-${{ matrix.ansible }}
+          codecov-token: ${{ secrets.CODECOV_TOKEN }}
          coverage: ${{ github.event_name == 'schedule' && 'always' || 'never' }}
          pull-request-change-detection: 'true'
          testing-type: sanity
@@ -65,6 +67,7 @@ jobs:
          - '2.10'
          - '2.11'
          - '2.12'
+          - '2.13'

    steps:
      - name: >-
@@ -72,22 +75,15 @@ jobs:
          Ansible version ${{ matrix.ansible }}
        uses: felixfontein/ansible-test-gh-action@main
        with:
-          ansible-core-github-repository-slug: ${{ contains(fromJson('["2.10", "2.11"]'), matrix.ansible) && 'felixfontein/ansible' || 'ansible/ansible' }}
+          ansible-core-github-repository-slug: ${{ contains(fromJson('["2.9", "2.10", "2.11"]'), matrix.ansible) && 'ansible-community/eol-ansible' || 'ansible/ansible' }}
          ansible-core-version: stable-${{ matrix.ansible }}
+          codecov-token: ${{ secrets.CODECOV_TOKEN }}
          coverage: ${{ github.event_name == 'schedule' && 'always' || 'never' }}
          pull-request-change-detection: 'true'
          testing-type: units

  integration:
-    # Ansible-test on various stable branches does not yet work well with cgroups v2.
-    # Since ubuntu-latest now uses Ubuntu 22.04, we need to fall back to the ubuntu-20.04
-    # image for these stable branches. The list of branches where this is necessary will
-    # shrink over time, check out https://github.com/ansible-collections/news-for-maintainers/issues/28
-    # for the latest list.
-    runs-on: >-
-      ${{ contains(fromJson(
-          '["2.9", "2.10", "2.11"]'
-      ), matrix.ansible) && 'ubuntu-20.04' || 'ubuntu-latest' }}
+    runs-on: ${{ matrix.runs_on }}
    name: EOL I (Ⓐ${{ matrix.ansible }}+${{ matrix.docker }}+py${{ matrix.python }}:${{ matrix.target }})
    strategy:
      fail-fast: false
@@ -100,6 +96,8 @@ jobs:
          - ''
        target:
          - ''
+        runs_on:
+          - ubuntu-latest
        exclude:
          - ansible: ''
        include:
@@ -108,89 +106,161 @@ jobs:
            docker: centos6
            python: ''
            target: shippable/posix/group1/
-          - ansible: '2.9'
-            docker: centos7
-            python: ''
-            target: shippable/posix/group1/
-          - ansible: '2.9'
-            docker: fedora31
-            python: ''
-            target: shippable/posix/group1/
+            runs_on: ubuntu-20.04
+          #- ansible: '2.9'
+          #  docker: centos7
+          #  python: ''
+          #  target: shippable/posix/group1/
+          #  runs_on: ubuntu-20.04
          - ansible: '2.9'
            docker: ubuntu1604
            python: ''
            target: shippable/posix/group1/
+            runs_on: ubuntu-20.04
          - ansible: '2.9'
            docker: ubuntu1804
            python: ''
            target: shippable/posix/group1/
+            runs_on: ubuntu-20.04
          - ansible: '2.9'
            docker: default
            python: '2.7'
            target: shippable/cloud/group1/
+            runs_on: ubuntu-20.04
          # 2.10
          - ansible: '2.10'
            docker: centos6
            python: ''
            target: shippable/posix/group1/
-          - ansible: '2.10'
-            docker: fedora31
-            python: ''
-            target: shippable/posix/group1/
+            runs_on: ubuntu-20.04
          - ansible: '2.10'
            docker: ubuntu1604
            python: ''
            target: shippable/posix/group1/
+            runs_on: ubuntu-20.04
          - ansible: '2.10'
            docker: default
            python: '3.6'
            target: shippable/cloud/group1/
+            runs_on: ubuntu-20.04
          # 2.11
-          - ansible: '2.11'
-            docker: centos7
-            python: ''
-            target: shippable/posix/group1/
-          - ansible: '2.11'
-            docker: fedora32
-            python: ''
-            target: shippable/posix/group1/
+          #- ansible: '2.11'
+          #  docker: centos7
+          #  python: ''
+          #  target: shippable/posix/group1/
+          #  runs_on: ubuntu-20.04
          - ansible: '2.11'
            docker: opensuse15py2
            python: ''
            target: shippable/posix/group1/
+            runs_on: ubuntu-20.04
          - ansible: '2.11'
            docker: ubuntu1804
            python: ''
            target: shippable/posix/group1/
+            runs_on: ubuntu-20.04
          - ansible: '2.11'
            docker: default
            python: '3.8'
            target: shippable/cloud/group1/
+            runs_on: ubuntu-20.04
          # 2.12
          - ansible: '2.12'
            docker: centos6
            python: ''
            target: shippable/posix/group1/
+            runs_on: ubuntu-latest
          - ansible: '2.12'
            docker: fedora33
            python: ''
            target: shippable/posix/group1/
+            runs_on: ubuntu-latest
          - ansible: '2.12'
            docker: opensuse15
            python: ''
            target: shippable/posix/group1/
+            runs_on: ubuntu-latest
          - ansible: '2.12'
            docker: ubuntu2004
            python: ''
            target: shippable/posix/group1/
+            runs_on: ubuntu-latest
          - ansible: '2.12'
            docker: default
            python: '2.6'
            target: shippable/cloud/group1/
+            runs_on: ubuntu-latest
          - ansible: '2.12'
            docker: default
            python: '3.9'
            target: shippable/cloud/group1/
+            runs_on: ubuntu-latest
+          # 2.13
+          - ansible: '2.13'
+            docker: centos7
+            python: ''
+            target: shippable/posix/group1/
+            runs_on: ubuntu-20.04
+          - ansible: '2.13'
+            docker: fedora34
+            python: ''
+            target: shippable/posix/group1/
+            runs_on: ubuntu-latest
+          - ansible: '2.13'
+            docker: fedora35
+            python: ''
+            target: shippable/posix/group1/
+            runs_on: ubuntu-latest
+          - ansible: '2.13'
+            docker: opensuse15py2
+            python: ''
+            target: shippable/posix/group1/
+            runs_on: ubuntu-latest
+          - ansible: '2.13'
+            docker: opensuse15
+            python: ''
+            target: shippable/posix/group1/
+            runs_on: ubuntu-latest
+          - ansible: '2.13'
+            docker: ubuntu1804
+            python: ''
+            target: shippable/posix/group1/
+            runs_on: ubuntu-latest
+          - ansible: '2.13'
+            docker: ubuntu2004
+            python: ''
+            target: shippable/posix/group1/
+            runs_on: ubuntu-latest
+          - ansible: '2.13'
+            docker: default
+            python: '2.7'
+            target: shippable/cloud/group1/
+            runs_on: ubuntu-latest
+          - ansible: '2.13'
+            docker: default
+            python: '3.5'
+            target: shippable/cloud/group1/
+            runs_on: ubuntu-latest
+          - ansible: '2.13'
+            docker: default
+            python: '3.6'
+            target: shippable/cloud/group1/
+            runs_on: ubuntu-latest
+          - ansible: '2.13'
+            docker: default
+            python: '3.7'
+            target: shippable/cloud/group1/
+            runs_on: ubuntu-latest
+          - ansible: '2.13'
+            docker: default
+            python: '3.9'
+            target: shippable/cloud/group1/
+            runs_on: ubuntu-latest
+          - ansible: '2.13'
+            docker: default
+            python: '3.10'
+            target: shippable/cloud/group1/
+            runs_on: ubuntu-latest
    steps:
      - name: >-
          Perform integration testing against
@@ -198,8 +268,9 @@ jobs:
          under Python ${{ matrix.python }}
        uses: felixfontein/ansible-test-gh-action@main
        with:
-          ansible-core-github-repository-slug: ${{ contains(fromJson('["2.10", "2.11"]'), matrix.ansible) && 'felixfontein/ansible' || 'ansible/ansible' }}
+          ansible-core-github-repository-slug: ${{ contains(fromJson('["2.9", "2.10", "2.11"]'), matrix.ansible) && 'ansible-community/eol-ansible' || 'ansible/ansible' }}
          ansible-core-version: stable-${{ matrix.ansible }}
+          codecov-token: ${{ secrets.CODECOV_TOKEN }}
          coverage: ${{ github.event_name == 'schedule' && 'always' || 'never' }}
          docker-image: ${{ matrix.docker }}
          integration-continue-on-error: 'false'
@@ -213,3 +284,30 @@ jobs:
          target: ${{ matrix.target }}
          target-python-version: ${{ matrix.python }}
          testing-type: integration
+
+  extra-sanity:
+    name: Extra Sanity
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          path: ansible_collections/community/crypto
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+
+      - name: Install ansible-core
+        run: pip install https://github.com/ansible/ansible/archive/stable-2.13.tar.gz --disable-pip-version-check
+
+      - name: Install collection dependencies
+        run: >-
+          ansible-galaxy collection install -p .
+          git+https://github.com/ansible-collections/community.internal_test_tools.git,main
+
+      - name: Run sanity tests
+        run: ../../community/internal_test_tools/tools/run.py --color
+        working-directory: ./ansible_collections/community/crypto
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -0,0 +1,885 @@
+# Community Crypto Release Notes
+
+**Topics**
+
+- <a href="#v1-9-26">v1\.9\.26</a>
+    - <a href="#release-summary">Release Summary</a>
+    - <a href="#major-changes">Major Changes</a>
+- <a href="#v1-9-25">v1\.9\.25</a>
+    - <a href="#release-summary-1">Release Summary</a>
+    - <a href="#bugfixes">Bugfixes</a>
+- <a href="#v1-9-24">v1\.9\.24</a>
+    - <a href="#release-summary-2">Release Summary</a>
+    - <a href="#bugfixes-1">Bugfixes</a>
+- <a href="#v1-9-23">v1\.9\.23</a>
+    - <a href="#release-summary-3">Release Summary</a>
+    - <a href="#bugfixes-2">Bugfixes</a>
+- <a href="#v1-9-22">v1\.9\.22</a>
+    - <a href="#release-summary-4">Release Summary</a>
+    - <a href="#bugfixes-3">Bugfixes</a>
+- <a href="#v1-9-21">v1\.9\.21</a>
+    - <a href="#release-summary-5">Release Summary</a>
+    - <a href="#bugfixes-4">Bugfixes</a>
+- <a href="#v1-9-20">v1\.9\.20</a>
+    - <a href="#release-summary-6">Release Summary</a>
+    - <a href="#bugfixes-5">Bugfixes</a>
+- <a href="#v1-9-19">v1\.9\.19</a>
+    - <a href="#release-summary-7">Release Summary</a>
+    - <a href="#bugfixes-6">Bugfixes</a>
+- <a href="#v1-9-18">v1\.9\.18</a>
+    - <a href="#release-summary-8">Release Summary</a>
+    - <a href="#bugfixes-7">Bugfixes</a>
+- <a href="#v1-9-17">v1\.9\.17</a>
+    - <a href="#release-summary-9">Release Summary</a>
+    - <a href="#bugfixes-8">Bugfixes</a>
+- <a href="#v1-9-16">v1\.9\.16</a>
+    - <a href="#release-summary-10">Release Summary</a>
+    - <a href="#bugfixes-9">Bugfixes</a>
+- <a href="#v1-9-15">v1\.9\.15</a>
+    - <a href="#release-summary-11">Release Summary</a>
+    - <a href="#bugfixes-10">Bugfixes</a>
+- <a href="#v1-9-14">v1\.9\.14</a>
+    - <a href="#release-summary-12">Release Summary</a>
+    - <a href="#bugfixes-11">Bugfixes</a>
+- <a href="#v1-9-13">v1\.9\.13</a>
+    - <a href="#release-summary-13">Release Summary</a>
+    - <a href="#bugfixes-12">Bugfixes</a>
+- <a href="#v1-9-12">v1\.9\.12</a>
+    - <a href="#release-summary-14">Release Summary</a>
+    - <a href="#bugfixes-13">Bugfixes</a>
+    - <a href="#known-issues">Known Issues</a>
+- <a href="#v1-9-11">v1\.9\.11</a>
+    - <a href="#release-summary-15">Release Summary</a>
+    - <a href="#bugfixes-14">Bugfixes</a>
+- <a href="#v1-9-10">v1\.9\.10</a>
+    - <a href="#release-summary-16">Release Summary</a>
+    - <a href="#bugfixes-15">Bugfixes</a>
+- <a href="#v1-9-9">v1\.9\.9</a>
+    - <a href="#bugfixes-16">Bugfixes</a>
+- <a href="#v1-9-8">v1\.9\.8</a>
+    - <a href="#release-summary-17">Release Summary</a>
+- <a href="#v1-9-7">v1\.9\.7</a>
+    - <a href="#release-summary-18">Release Summary</a>
+    - <a href="#minor-changes">Minor Changes</a>
+    - <a href="#bugfixes-17">Bugfixes</a>
+- <a href="#v1-9-6">v1\.9\.6</a>
+    - <a href="#release-summary-19">Release Summary</a>
+    - <a href="#bugfixes-18">Bugfixes</a>
+- <a href="#v1-9-5">v1\.9\.5</a>
+    - <a href="#release-summary-20">Release Summary</a>
+    - <a href="#bugfixes-19">Bugfixes</a>
+- <a href="#v1-9-4">v1\.9\.4</a>
+    - <a href="#release-summary-21">Release Summary</a>
+    - <a href="#bugfixes-20">Bugfixes</a>
+- <a href="#v1-9-3">v1\.9\.3</a>
+    - <a href="#release-summary-22">Release Summary</a>
+    - <a href="#bugfixes-21">Bugfixes</a>
+- <a href="#v1-9-2">v1\.9\.2</a>
+    - <a href="#release-summary-23">Release Summary</a>
+- <a href="#v1-9-1">v1\.9\.1</a>
+    - <a href="#release-summary-24">Release Summary</a>
+- <a href="#v1-9-0">v1\.9\.0</a>
+    - <a href="#release-summary-25">Release Summary</a>
+    - <a href="#minor-changes-1">Minor Changes</a>
+    - <a href="#bugfixes-22">Bugfixes</a>
+- <a href="#v1-8-0">v1\.8\.0</a>
+    - <a href="#release-summary-26">Release Summary</a>
+    - <a href="#minor-changes-2">Minor Changes</a>
+    - <a href="#bugfixes-23">Bugfixes</a>
+- <a href="#v1-7-1">v1\.7\.1</a>
+    - <a href="#release-summary-27">Release Summary</a>
+    - <a href="#bugfixes-24">Bugfixes</a>
+- <a href="#v1-7-0">v1\.7\.0</a>
+    - <a href="#release-summary-28">Release Summary</a>
+    - <a href="#minor-changes-3">Minor Changes</a>
+    - <a href="#bugfixes-25">Bugfixes</a>
+    - <a href="#new-modules">New Modules</a>
+- <a href="#v1-6-2">v1\.6\.2</a>
+    - <a href="#release-summary-29">Release Summary</a>
+    - <a href="#bugfixes-26">Bugfixes</a>
+- <a href="#v1-6-1">v1\.6\.1</a>
+    - <a href="#release-summary-30">Release Summary</a>
+    - <a href="#bugfixes-27">Bugfixes</a>
+- <a href="#v1-6-0">v1\.6\.0</a>
+    - <a href="#release-summary-31">Release Summary</a>
+    - <a href="#minor-changes-4">Minor Changes</a>
+    - <a href="#deprecated-features">Deprecated Features</a>
+    - <a href="#bugfixes-28">Bugfixes</a>
+- <a href="#v1-5-0">v1\.5\.0</a>
+    - <a href="#release-summary-32">Release Summary</a>
+    - <a href="#minor-changes-5">Minor Changes</a>
+    - <a href="#deprecated-features-1">Deprecated Features</a>
+    - <a href="#bugfixes-29">Bugfixes</a>
+- <a href="#v1-4-0">v1\.4\.0</a>
+    - <a href="#release-summary-33">Release Summary</a>
+    - <a href="#minor-changes-6">Minor Changes</a>
+    - <a href="#bugfixes-30">Bugfixes</a>
+- <a href="#v1-3-0">v1\.3\.0</a>
+    - <a href="#release-summary-34">Release Summary</a>
+    - <a href="#minor-changes-7">Minor Changes</a>
+    - <a href="#bugfixes-31">Bugfixes</a>
+    - <a href="#new-modules-1">New Modules</a>
+- <a href="#v1-2-0">v1\.2\.0</a>
+    - <a href="#release-summary-35">Release Summary</a>
+    - <a href="#minor-changes-8">Minor Changes</a>
+    - <a href="#security-fixes">Security Fixes</a>
+    - <a href="#bugfixes-32">Bugfixes</a>
+- <a href="#v1-1-1">v1\.1\.1</a>
+    - <a href="#release-summary-36">Release Summary</a>
+    - <a href="#bugfixes-33">Bugfixes</a>
+- <a href="#v1-1-0">v1\.1\.0</a>
+    - <a href="#release-summary-37">Release Summary</a>
+    - <a href="#minor-changes-9">Minor Changes</a>
+    - <a href="#bugfixes-34">Bugfixes</a>
+    - <a href="#new-modules-2">New Modules</a>
+- <a href="#v1-0-0">v1\.0\.0</a>
+    - <a href="#release-summary-38">Release Summary</a>
+    - <a href="#minor-changes-10">Minor Changes</a>
+    - <a href="#deprecated-features-2">Deprecated Features</a>
+    - <a href="#removed-features-previously-deprecated">Removed Features \(previously deprecated\)</a>
+    - <a href="#bugfixes-35">Bugfixes</a>
+    - <a href="#new-modules-3">New Modules</a>
+
+<a id="v1-9-26"></a>
+## v1\.9\.26
+
+<a id="release-summary"></a>
+### Release Summary
+
+Last release\.
+
+<a id="major-changes"></a>
+### Major Changes
+
+* The 1\.x\.y release train of community\.crypto is <strong>End of Life</strong>\. There will be no further community\.crypto 1\.x\.y releases\.
+  Please upgrade to community\.crypto 2\.x\.y\.
+
+  Thanks to everyone who contributed to community\.crypto 1\.x\.y\!
+
+<a id="v1-9-25"></a>
+## v1\.9\.25
+
+<a id="release-summary-1"></a>
+### Release Summary
+
+Bugfix release\.
+
+<a id="bugfixes"></a>
+### Bugfixes
+
+* crypto\.math module utils \- change return values for <code>quick\_is\_not\_prime\(\)</code> for special cases that do not appear when using the collection \([https\://github\.com/ansible\-collections/community\.crypto/pull/733](https\://github\.com/ansible\-collections/community\.crypto/pull/733)\)\.
+* ecs\_certificate \- fixed <code>csr</code> option to be empty and allow renewal of a specific certificate according to the Renewal Information specification \([https\://github\.com/ansible\-collections/community\.crypto/pull/740](https\://github\.com/ansible\-collections/community\.crypto/pull/740)\)\.
+
+<a id="v1-9-24"></a>
+## v1\.9\.24
+
+<a id="release-summary-2"></a>
+### Release Summary
+
+Bugfix release\.
+
+<a id="bugfixes-1"></a>
+### Bugfixes
+
+* openssl\_dhparam \- was using an internal function instead of the public API to load DH param files when using the <code>cryptography</code> backend\. The internal function was removed in cryptography 42\.0\.0\. The module now uses the public API\, which has been available since support for DH params was added to cryptography \([https\://github\.com/ansible\-collections/community\.crypto/pull/698](https\://github\.com/ansible\-collections/community\.crypto/pull/698)\)\.
+* openssl\_privatekey\_info \- <code>check\_consistency\=true</code> no longer works for RSA keys with cryptography 42\.0\.0\+ \([https\://github\.com/ansible\-collections/community\.crypto/pull/701](https\://github\.com/ansible\-collections/community\.crypto/pull/701)\)\.
+* x509\_certificate \- when using the PyOpenSSL backend with <code>provider\=assertonly</code>\, better handle unexpected errors when validating private keys \([https\://github\.com/ansible\-collections/community\.crypto/pull/704](https\://github\.com/ansible\-collections/community\.crypto/pull/704)\)\.
+
+<a id="v1-9-23"></a>
+## v1\.9\.23
+
+<a id="release-summary-3"></a>
+### Release Summary
+
+Bugfix release\.
+
+<a id="bugfixes-2"></a>
+### Bugfixes
+
+* openssl\_pkcs12 \- modify autodetect to not detect pyOpenSSL \>\= 23\.3\.0\, which removed PKCS\#12 support \([https\://github\.com/ansible\-collections/community\.crypto/pull/666](https\://github\.com/ansible\-collections/community\.crypto/pull/666)\)\.
+
+<a id="v1-9-22"></a>
+## v1\.9\.22
+
+<a id="release-summary-4"></a>
+### Release Summary
+
+Bugfix release\.
+
+<a id="bugfixes-3"></a>
+### Bugfixes
+
+* openssh\_keypair \- always generate a new key pair if the private key does not exist\. Previously\, the module would fail when <code>regenerate\=fail</code> without an existing key\, contradicting the documentation \([https\://github\.com/ansible\-collections/community\.crypto/pull/598](https\://github\.com/ansible\-collections/community\.crypto/pull/598)\)\.
+
+<a id="v1-9-21"></a>
+## v1\.9\.21
+
+<a id="release-summary-5"></a>
+### Release Summary
+
+Bugfix release\.
+
+<a id="bugfixes-4"></a>
+### Bugfixes
+
+* action plugin helper \- fix handling of deprecations for ansible\-core 2\.14\.2 \([https\://github\.com/ansible\-collections/community\.crypto/pull/572](https\://github\.com/ansible\-collections/community\.crypto/pull/572)\)\.
+* openssl\_csr\, openssl\_csr\_pipe \- prevent invalid values for <code>crl\_distribution\_points</code> that do not have one of <code>full\_name</code>\, <code>relative\_name</code>\, and <code>crl\_issuer</code> \([https\://github\.com/ansible\-collections/community\.crypto/pull/560](https\://github\.com/ansible\-collections/community\.crypto/pull/560)\)\.
+
+<a id="v1-9-20"></a>
+## v1\.9\.20
+
+<a id="release-summary-6"></a>
+### Release Summary
+
+Bugfix release\.
+
+<a id="bugfixes-5"></a>
+### Bugfixes
+
+* openssl\_publickey\_info \- do not crash with internal error when public key cannot be parsed \([https\://github\.com/ansible\-collections/community\.crypto/pull/551](https\://github\.com/ansible\-collections/community\.crypto/pull/551)\)\.
+
+<a id="v1-9-19"></a>
+## v1\.9\.19
+
+<a id="release-summary-7"></a>
+### Release Summary
+
+Bugfix release\.
+
+<a id="bugfixes-6"></a>
+### Bugfixes
+
+* openssl\_privatekey\_pipe \- ensure compatibility with newer versions of ansible\-core \([https\://github\.com/ansible\-collections/community\.crypto/pull/515](https\://github\.com/ansible\-collections/community\.crypto/pull/515)\)\.
+
+<a id="v1-9-18"></a>
+## v1\.9\.18
+
+<a id="release-summary-8"></a>
+### Release Summary
+
+Bugfix release\.
+
+<a id="bugfixes-7"></a>
+### Bugfixes
+
+* openssl\_pkcs12 \- when using the pyOpenSSL backend\, do not crash when trying to read non\-existing other certificates \([https\://github\.com/ansible\-collections/community\.crypto/issues/486](https\://github\.com/ansible\-collections/community\.crypto/issues/486)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/487](https\://github\.com/ansible\-collections/community\.crypto/pull/487)\)\.
+
+<a id="v1-9-17"></a>
+## v1\.9\.17
+
+<a id="release-summary-9"></a>
+### Release Summary
+
+Bugfix release\.
+
+<a id="bugfixes-8"></a>
+### Bugfixes
+
+* Include <code>Apache\-2\.0\.txt</code> file for <code>plugins/module\_utils/crypto/\_obj2txt\.py</code> and <code>plugins/module\_utils/crypto/\_objects\_data\.py</code>\.
+* openssl\_csr \- the module no longer crashes with \'permitted\_subtrees/excluded\_subtrees must be a non\-empty list or None\' if only one of <code>name\_constraints\_permitted</code> and <code>name\_constraints\_excluded</code> is provided \([https\://github\.com/ansible\-collections/community\.crypto/issues/481](https\://github\.com/ansible\-collections/community\.crypto/issues/481)\)\.
+* x509\_crl \- do not crash when signing CRL with Ed25519 or Ed448 keys \([https\://github\.com/ansible\-collections/community\.crypto/issues/473](https\://github\.com/ansible\-collections/community\.crypto/issues/473)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/474](https\://github\.com/ansible\-collections/community\.crypto/pull/474)\)\.
+
+<a id="v1-9-16"></a>
+## v1\.9\.16
+
+<a id="release-summary-10"></a>
+### Release Summary
+
+Maintenance and bugfix release\.
+
+<a id="bugfixes-9"></a>
+### Bugfixes
+
+* Include <code>simplified\_bsd\.txt</code> license file for the ECS module utils\.
+* certificate\_complete\_chain \- do not stop execution if an unsupported signature algorithm is encountered\; warn instead \([https\://github\.com/ansible\-collections/community\.crypto/pull/457](https\://github\.com/ansible\-collections/community\.crypto/pull/457)\)\.
+
+<a id="v1-9-15"></a>
+## v1\.9\.15
+
+<a id="release-summary-11"></a>
+### Release Summary
+
+Maintenance release\.
+
+<a id="bugfixes-10"></a>
+### Bugfixes
+
+* Include <code>PSF\-license\.txt</code> file for <code>plugins/module\_utils/\_version\.py</code>\.
+
+<a id="v1-9-14"></a>
+## v1\.9\.14
+
+<a id="release-summary-12"></a>
+### Release Summary
+
+Regular bugfix release\.
+
+<a id="bugfixes-11"></a>
+### Bugfixes
+
+* Make collection more robust when PyOpenSSL is used with an incompatible cryptography version \([https\://github\.com/ansible\-collections/community\.crypto/pull/446](https\://github\.com/ansible\-collections/community\.crypto/pull/446)\)\.
+* openssh\_\* modules \- fix exception handling to report traceback to users for enhanced traceability \([https\://github\.com/ansible\-collections/community\.crypto/pull/417](https\://github\.com/ansible\-collections/community\.crypto/pull/417)\)\.
+* x509\_crl \- fix crash when <code>issuer</code> for a revoked certificate is specified \([https\://github\.com/ansible\-collections/community\.crypto/pull/441](https\://github\.com/ansible\-collections/community\.crypto/pull/441)\)\.
+
+<a id="v1-9-13"></a>
+## v1\.9\.13
+
+<a id="release-summary-13"></a>
+### Release Summary
+
+Regular bugfix release\.
+
+<a id="bugfixes-12"></a>
+### Bugfixes
+
+* luks\_device \- fix parsing of <code>lsblk</code> output when device name ends with <code>crypt</code> \([https\://github\.com/ansible\-collections/community\.crypto/issues/409](https\://github\.com/ansible\-collections/community\.crypto/issues/409)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/410](https\://github\.com/ansible\-collections/community\.crypto/pull/410)\)\.
+
+<a id="v1-9-12"></a>
+## v1\.9\.12
+
+<a id="release-summary-14"></a>
+### Release Summary
+
+Regular bugfix release\.
+
+<a id="bugfixes-13"></a>
+### Bugfixes
+
+* certificate\_complete\_chain \- allow multiple potential intermediate certificates to have the same subject \([https\://github\.com/ansible\-collections/community\.crypto/issues/399](https\://github\.com/ansible\-collections/community\.crypto/issues/399)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/403](https\://github\.com/ansible\-collections/community\.crypto/pull/403)\)\.
+* x509\_certificate \- for the <code>ownca</code> provider\, check whether the CA private key actually belongs to the CA certificate\. This fix only covers the <code>cryptography</code> backend\, not the <code>pyopenssl</code> backend \([https\://github\.com/ansible\-collections/community\.crypto/pull/407](https\://github\.com/ansible\-collections/community\.crypto/pull/407)\)\.
+* x509\_certificate \- regenerate certificate when the CA\'s public key changes for <code>provider\=ownca</code>\. This fix only covers the <code>cryptography</code> backend\, not the <code>pyopenssl</code> backend \([https\://github\.com/ansible\-collections/community\.crypto/pull/407](https\://github\.com/ansible\-collections/community\.crypto/pull/407)\)\.
+* x509\_certificate \- regenerate certificate when the CA\'s subject changes for <code>provider\=ownca</code> \([https\://github\.com/ansible\-collections/community\.crypto/issues/400](https\://github\.com/ansible\-collections/community\.crypto/issues/400)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/402](https\://github\.com/ansible\-collections/community\.crypto/pull/402)\)\.
+* x509\_certificate \- regenerate certificate when the private key changes for <code>provider\=selfsigned</code>\. This fix only covers the <code>cryptography</code> backend\, not the <code>pyopenssl</code> backend \([https\://github\.com/ansible\-collections/community\.crypto/pull/407](https\://github\.com/ansible\-collections/community\.crypto/pull/407)\)\.
+
+<a id="known-issues"></a>
+### Known Issues
+
+* x509\_certificate \- when using the <code>ownca</code> provider with the <code>pyopenssl</code> backend\, changing the CA\'s public key does not cause regeneration of the certificate \([https\://github\.com/ansible\-collections/community\.crypto/pull/407](https\://github\.com/ansible\-collections/community\.crypto/pull/407)\)\.
+* x509\_certificate \- when using the <code>ownca</code> provider with the <code>pyopenssl</code> backend\, it is possible to specify a CA private key which is not related to the CA certificate \([https\://github\.com/ansible\-collections/community\.crypto/pull/407](https\://github\.com/ansible\-collections/community\.crypto/pull/407)\)\.
+* x509\_certificate \- when using the <code>selfsigned</code> provider with the <code>pyopenssl</code> backend\, changing the private key does not cause regeneration of the certificate \([https\://github\.com/ansible\-collections/community\.crypto/pull/407](https\://github\.com/ansible\-collections/community\.crypto/pull/407)\)\.
+
+<a id="v1-9-11"></a>
+## v1\.9\.11
+
+<a id="release-summary-15"></a>
+### Release Summary
+
+Bugfix release\.
+
+<a id="bugfixes-14"></a>
+### Bugfixes
+
+* openssh\_cert \- fixed false <code>changed</code> status for <code>host</code> certificates when using <code>full\_idempotence</code> \([https\://github\.com/ansible\-collections/community\.crypto/issues/395](https\://github\.com/ansible\-collections/community\.crypto/issues/395)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/396](https\://github\.com/ansible\-collections/community\.crypto/pull/396)\)\.
+
+<a id="v1-9-10"></a>
+## v1\.9\.10
+
+<a id="release-summary-16"></a>
+### Release Summary
+
+Regular bugfix release\.
+
+<a id="bugfixes-15"></a>
+### Bugfixes
+
+* luks\_devices \- set <code>LANG</code> and similar environment variables to avoid translated output\, which can break some of the module\'s functionality like key management \([https\://github\.com/ansible\-collections/community\.crypto/pull/388](https\://github\.com/ansible\-collections/community\.crypto/pull/388)\, [https\://github\.com/ansible\-collections/community\.crypto/issues/385](https\://github\.com/ansible\-collections/community\.crypto/issues/385)\)\.
+
+<a id="v1-9-9"></a>
+## v1\.9\.9
+
+<a id="bugfixes-16"></a>
+### Bugfixes
+
+* Various modules and plugins \- use vendored version of <code>distutils\.version</code> instead of the deprecated Python standard library <code>distutils</code> \([https\://github\.com/ansible\-collections/community\.crypto/pull/353](https\://github\.com/ansible\-collections/community\.crypto/pull/353)\)\.
+* certificate\_complete\_chain \- do not append root twice if the chain already ends with a root certificate \([https\://github\.com/ansible\-collections/community\.crypto/pull/360](https\://github\.com/ansible\-collections/community\.crypto/pull/360)\)\.
+* certificate\_complete\_chain \- do not hang when infinite loop is found \([https\://github\.com/ansible\-collections/community\.crypto/issues/355](https\://github\.com/ansible\-collections/community\.crypto/issues/355)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/360](https\://github\.com/ansible\-collections/community\.crypto/pull/360)\)\.
+
+<a id="v1-9-8"></a>
+## v1\.9\.8
+
+<a id="release-summary-17"></a>
+### Release Summary
+
+Documentation fix release\. No actual code changes\.
+
+<a id="v1-9-7"></a>
+## v1\.9\.7
+
+<a id="release-summary-18"></a>
+### Release Summary
+
+Bugfix release with extra forward compatibility for newer versions of cryptography\.
+
+<a id="minor-changes"></a>
+### Minor Changes
+
+* acme\_\* modules \- fix usage of <code>fetch\_url</code> with changes in latest ansible\-core <code>devel</code> branch \([https\://github\.com/ansible\-collections/community\.crypto/pull/339](https\://github\.com/ansible\-collections/community\.crypto/pull/339)\)\.
+
+<a id="bugfixes-17"></a>
+### Bugfixes
+
+* acme\_certificate \- avoid passing multiple certificates to <code>cryptography</code>\'s X\.509 certificate loader when <code>fullchain\_dest</code> is used \([https\://github\.com/ansible\-collections/community\.crypto/pull/324](https\://github\.com/ansible\-collections/community\.crypto/pull/324)\)\.
+* get\_certificate\, openssl\_csr\_info\, x509\_certificate\_info \- add fallback code for extension parsing that works with cryptography 36\.0\.0 and newer\. This code re\-serializes de\-serialized extensions and thus can return slightly different values if the extension in the original CSR resp\. certificate was not canonicalized correctly\. This code is currently used as a fallback if the existing code stops working\, but we will switch it to be the main code in a future release \([https\://github\.com/ansible\-collections/community\.crypto/pull/331](https\://github\.com/ansible\-collections/community\.crypto/pull/331)\)\.
+* luks\_device \- now also runs a built\-in LUKS signature cleaner on <code>state\=absent</code> to make sure that also the secondary LUKS2 header is wiped when older versions of wipefs are used \([https\://github\.com/ansible\-collections/community\.crypto/issues/326](https\://github\.com/ansible\-collections/community\.crypto/issues/326)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/327](https\://github\.com/ansible\-collections/community\.crypto/pull/327)\)\.
+* openssl\_pkcs12 \- use new PKCS\#12 deserialization infrastructure from cryptography 36\.0\.0 if available \([https\://github\.com/ansible\-collections/community\.crypto/pull/302](https\://github\.com/ansible\-collections/community\.crypto/pull/302)\)\.
+
+<a id="v1-9-6"></a>
+## v1\.9\.6
+
+<a id="release-summary-19"></a>
+### Release Summary
+
+Regular bugfix release\.
+
+<a id="bugfixes-18"></a>
+### Bugfixes
+
+* cryptography backend \- improve Unicode handling for Python 2 \([https\://github\.com/ansible\-collections/community\.crypto/pull/313](https\://github\.com/ansible\-collections/community\.crypto/pull/313)\)\.
+
+<a id="v1-9-5"></a>
+## v1\.9\.5
+
+<a id="release-summary-20"></a>
+### Release Summary
+
+Bugfix release to fully support cryptography 35\.0\.0\.
+
+<a id="bugfixes-19"></a>
+### Bugfixes
+
+* get\_certificate \- fix compatibility with the cryptography 35\.0\.0 release \([https\://github\.com/ansible\-collections/community\.crypto/pull/294](https\://github\.com/ansible\-collections/community\.crypto/pull/294)\)\.
+* openssl\_csr\_info \- fix compatibility with the cryptography 35\.0\.0 release \([https\://github\.com/ansible\-collections/community\.crypto/pull/294](https\://github\.com/ansible\-collections/community\.crypto/pull/294)\)\.
+* openssl\_csr\_info \- fix compatibility with the cryptography 35\.0\.0 release in PyOpenSSL backend \([https\://github\.com/ansible\-collections/community\.crypto/pull/300](https\://github\.com/ansible\-collections/community\.crypto/pull/300)\)\.
+* openssl\_pkcs12 \- fix compatibility with the cryptography 35\.0\.0 release \([https\://github\.com/ansible\-collections/community\.crypto/pull/296](https\://github\.com/ansible\-collections/community\.crypto/pull/296)\)\.
+* x509\_certificate\_info \- fix compatibility with the cryptography 35\.0\.0 release \([https\://github\.com/ansible\-collections/community\.crypto/pull/294](https\://github\.com/ansible\-collections/community\.crypto/pull/294)\)\.
+* x509\_certificate\_info \- fix compatibility with the cryptography 35\.0\.0 release in PyOpenSSL backend \([https\://github\.com/ansible\-collections/community\.crypto/pull/300](https\://github\.com/ansible\-collections/community\.crypto/pull/300)\)\.
+
+<a id="v1-9-4"></a>
+## v1\.9\.4
+
+<a id="release-summary-21"></a>
+### Release Summary
+
+Regular bugfix release\.
+
+<a id="bugfixes-20"></a>
+### Bugfixes
+
+* acme\_\* modules \- fix commands composed for OpenSSL backend to retrieve information on CSRs and certificates from stdin to use <code>/dev/stdin</code> instead of <code>\-</code>\. This is needed for OpenSSL 1\.0\.1 and 1\.0\.2\, apparently \([https\://github\.com/ansible\-collections/community\.crypto/pull/279](https\://github\.com/ansible\-collections/community\.crypto/pull/279)\)\.
+* acme\_challenge\_cert\_helper \- only return exception when cryptography is not installed\, not when a too old version of it is installed\. This prevents Ansible\'s callback to crash \([https\://github\.com/ansible\-collections/community\.crypto/pull/281](https\://github\.com/ansible\-collections/community\.crypto/pull/281)\)\.
+
+<a id="v1-9-3"></a>
+## v1\.9\.3
+
+<a id="release-summary-22"></a>
+### Release Summary
+
+Regular bugfix release\.
+
+<a id="bugfixes-21"></a>
+### Bugfixes
+
+* openssl\_csr and openssl\_csr\_pipe \- make sure that Unicode strings are used to compare strings with the cryptography backend\. This fixes idempotency problems with non\-ASCII letters on Python 2 \([https\://github\.com/ansible\-collections/community\.crypto/issues/270](https\://github\.com/ansible\-collections/community\.crypto/issues/270)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/271](https\://github\.com/ansible\-collections/community\.crypto/pull/271)\)\.
+
+<a id="v1-9-2"></a>
+## v1\.9\.2
+
+<a id="release-summary-23"></a>
+### Release Summary
+
+Bugfix release to fix the changelog\. No other change compared to 1\.9\.0\.
+
+<a id="v1-9-1"></a>
+## v1\.9\.1
+
+<a id="release-summary-24"></a>
+### Release Summary
+
+Accidental 1\.9\.1 release\. Identical to 1\.9\.0\.
+
+<a id="v1-9-0"></a>
+## v1\.9\.0
+
+<a id="release-summary-25"></a>
+### Release Summary
+
+Regular feature release\.
+
+<a id="minor-changes-1"></a>
+### Minor Changes
+
+* get\_certificate \- added <code>starttls</code> option to retrieve certificates from servers which require clients to request an encrypted connection \([https\://github\.com/ansible\-collections/community\.crypto/pull/264](https\://github\.com/ansible\-collections/community\.crypto/pull/264)\)\.
+* openssh\_keypair \- added <code>diff</code> support \([https\://github\.com/ansible\-collections/community\.crypto/pull/260](https\://github\.com/ansible\-collections/community\.crypto/pull/260)\)\.
+
+<a id="bugfixes-22"></a>
+### Bugfixes
+
+* keypair\_backend module utils \- simplify code to pass sanity tests \([https\://github\.com/ansible\-collections/community\.crypto/pull/263](https\://github\.com/ansible\-collections/community\.crypto/pull/263)\)\.
+* openssh\_keypair \- fixed <code>cryptography</code> backend to preserve original file permissions when regenerating a keypair requires existing files to be overwritten \([https\://github\.com/ansible\-collections/community\.crypto/pull/260](https\://github\.com/ansible\-collections/community\.crypto/pull/260)\)\.
+* openssh\_keypair \- fixed error handling to restore original keypair if regeneration fails \([https\://github\.com/ansible\-collections/community\.crypto/pull/260](https\://github\.com/ansible\-collections/community\.crypto/pull/260)\)\.
+* x509\_crl \- restore inherited function signature to pass sanity tests \([https\://github\.com/ansible\-collections/community\.crypto/pull/263](https\://github\.com/ansible\-collections/community\.crypto/pull/263)\)\.
+
+<a id="v1-8-0"></a>
+## v1\.8\.0
+
+<a id="release-summary-26"></a>
+### Release Summary
+
+Regular bugfix and feature release\.
+
+<a id="minor-changes-2"></a>
+### Minor Changes
+
+* Avoid internal ansible\-core module\_utils in favor of equivalent public API available since at least Ansible 2\.9 \([https\://github\.com/ansible\-collections/community\.crypto/pull/253](https\://github\.com/ansible\-collections/community\.crypto/pull/253)\)\.
+* openssh certificate module utils \- new module\_utils for parsing OpenSSH certificates \([https\://github\.com/ansible\-collections/community\.crypto/pull/246](https\://github\.com/ansible\-collections/community\.crypto/pull/246)\)\.
+* openssh\_cert \- added <code>regenerate</code> option to validate additional certificate parameters which trigger regeneration of an existing certificate \([https\://github\.com/ansible\-collections/community\.crypto/pull/256](https\://github\.com/ansible\-collections/community\.crypto/pull/256)\)\.
+* openssh\_cert \- adding <code>diff</code> support \([https\://github\.com/ansible\-collections/community\.crypto/pull/255](https\://github\.com/ansible\-collections/community\.crypto/pull/255)\)\.
+
+<a id="bugfixes-23"></a>
+### Bugfixes
+
+* openssh\_cert \- fixed certificate generation to restore original certificate if an error is encountered \([https\://github\.com/ansible\-collections/community\.crypto/pull/255](https\://github\.com/ansible\-collections/community\.crypto/pull/255)\)\.
+* openssh\_keypair \- fixed a bug that prevented custom file attributes being applied to public keys \([https\://github\.com/ansible\-collections/community\.crypto/pull/257](https\://github\.com/ansible\-collections/community\.crypto/pull/257)\)\.
+
+<a id="v1-7-1"></a>
+## v1\.7\.1
+
+<a id="release-summary-27"></a>
+### Release Summary
+
+Bugfix release\.
+
+<a id="bugfixes-24"></a>
+### Bugfixes
+
+* openssl\_pkcs12 \- fix crash when loading passphrase\-protected PKCS\#12 files with <code>cryptography</code> backend \([https\://github\.com/ansible\-collections/community\.crypto/issues/247](https\://github\.com/ansible\-collections/community\.crypto/issues/247)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/248](https\://github\.com/ansible\-collections/community\.crypto/pull/248)\)\.
+
+<a id="v1-7-0"></a>
+## v1\.7\.0
+
+<a id="release-summary-28"></a>
+### Release Summary
+
+Regular feature and bugfix release\.
+
+<a id="minor-changes-3"></a>
+### Minor Changes
+
+* cryptography\_openssh module utils \- new module\_utils for managing asymmetric keypairs and OpenSSH formatted/encoded asymmetric keypairs \([https\://github\.com/ansible\-collections/community\.crypto/pull/213](https\://github\.com/ansible\-collections/community\.crypto/pull/213)\)\.
+* openssh\_keypair \- added <code>backend</code> parameter for selecting between the cryptography library or the OpenSSH binary for the execution of actions performed by <code>openssh\_keypair</code> \([https\://github\.com/ansible\-collections/community\.crypto/pull/236](https\://github\.com/ansible\-collections/community\.crypto/pull/236)\)\.
+* openssh\_keypair \- added <code>passphrase</code> parameter for encrypting/decrypting OpenSSH private keys \([https\://github\.com/ansible\-collections/community\.crypto/pull/225](https\://github\.com/ansible\-collections/community\.crypto/pull/225)\)\.
+* openssl\_csr \- add diff mode \([https\://github\.com/ansible\-collections/community\.crypto/issues/38](https\://github\.com/ansible\-collections/community\.crypto/issues/38)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/150](https\://github\.com/ansible\-collections/community\.crypto/pull/150)\)\.
+* openssl\_csr\_info \- now returns <code>public\_key\_type</code> and <code>public\_key\_data</code> \([https\://github\.com/ansible\-collections/community\.crypto/pull/233](https\://github\.com/ansible\-collections/community\.crypto/pull/233)\)\.
+* openssl\_csr\_info \- refactor module to allow code re\-use for diff mode \([https\://github\.com/ansible\-collections/community\.crypto/pull/204](https\://github\.com/ansible\-collections/community\.crypto/pull/204)\)\.
+* openssl\_csr\_pipe \- add diff mode \([https\://github\.com/ansible\-collections/community\.crypto/issues/38](https\://github\.com/ansible\-collections/community\.crypto/issues/38)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/150](https\://github\.com/ansible\-collections/community\.crypto/pull/150)\)\.
+* openssl\_pkcs12 \- added option <code>select\_crypto\_backend</code> and a <code>cryptography</code> backend\. This requires cryptography 3\.0 or newer\, and does not support the <code>iter\_size</code> and <code>maciter\_size</code> options \([https\://github\.com/ansible\-collections/community\.crypto/pull/234](https\://github\.com/ansible\-collections/community\.crypto/pull/234)\)\.
+* openssl\_privatekey \- add diff mode \([https\://github\.com/ansible\-collections/community\.crypto/issues/38](https\://github\.com/ansible\-collections/community\.crypto/issues/38)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/150](https\://github\.com/ansible\-collections/community\.crypto/pull/150)\)\.
+* openssl\_privatekey\_info \- refactor module to allow code re\-use for diff mode \([https\://github\.com/ansible\-collections/community\.crypto/pull/205](https\://github\.com/ansible\-collections/community\.crypto/pull/205)\)\.
+* openssl\_privatekey\_pipe \- add diff mode \([https\://github\.com/ansible\-collections/community\.crypto/issues/38](https\://github\.com/ansible\-collections/community\.crypto/issues/38)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/150](https\://github\.com/ansible\-collections/community\.crypto/pull/150)\)\.
+* openssl\_publickey \- add diff mode \([https\://github\.com/ansible\-collections/community\.crypto/issues/38](https\://github\.com/ansible\-collections/community\.crypto/issues/38)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/150](https\://github\.com/ansible\-collections/community\.crypto/pull/150)\)\.
+* x509\_certificate \- add diff mode \([https\://github\.com/ansible\-collections/community\.crypto/issues/38](https\://github\.com/ansible\-collections/community\.crypto/issues/38)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/150](https\://github\.com/ansible\-collections/community\.crypto/pull/150)\)\.
+* x509\_certificate\_info \- now returns <code>public\_key\_type</code> and <code>public\_key\_data</code> \([https\://github\.com/ansible\-collections/community\.crypto/pull/233](https\://github\.com/ansible\-collections/community\.crypto/pull/233)\)\.
+* x509\_certificate\_info \- refactor module to allow code re\-use for diff mode \([https\://github\.com/ansible\-collections/community\.crypto/pull/206](https\://github\.com/ansible\-collections/community\.crypto/pull/206)\)\.
+* x509\_certificate\_pipe \- add diff mode \([https\://github\.com/ansible\-collections/community\.crypto/issues/38](https\://github\.com/ansible\-collections/community\.crypto/issues/38)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/150](https\://github\.com/ansible\-collections/community\.crypto/pull/150)\)\.
+* x509\_crl \- add diff mode \([https\://github\.com/ansible\-collections/community\.crypto/issues/38](https\://github\.com/ansible\-collections/community\.crypto/issues/38)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/150](https\://github\.com/ansible\-collections/community\.crypto/pull/150)\)\.
+* x509\_crl\_info \- add <code>list\_revoked\_certificates</code> option to avoid enumerating all revoked certificates \([https\://github\.com/ansible\-collections/community\.crypto/pull/232](https\://github\.com/ansible\-collections/community\.crypto/pull/232)\)\.
+* x509\_crl\_info \- refactor module to allow code re\-use for diff mode \([https\://github\.com/ansible\-collections/community\.crypto/pull/203](https\://github\.com/ansible\-collections/community\.crypto/pull/203)\)\.
+
+<a id="bugfixes-25"></a>
+### Bugfixes
+
+* openssh\_keypair \- fix <code>check\_mode</code> to populate return values for existing keypairs \([https\://github\.com/ansible\-collections/community\.crypto/issues/113](https\://github\.com/ansible\-collections/community\.crypto/issues/113)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/230](https\://github\.com/ansible\-collections/community\.crypto/pull/230)\)\.
+* various modules \- prevent crashes when modules try to set attributes on not yet existing files in check mode\. This will be fixed in ansible\-core 2\.12\, but it is not backported to every Ansible version we support \([https\://github\.com/ansible\-collections/community\.crypto/issue/242](https\://github\.com/ansible\-collections/community\.crypto/issue/242)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/243](https\://github\.com/ansible\-collections/community\.crypto/pull/243)\)\.
+* x509\_certificate \- fix crash when <code>assertonly</code> provider is used and some error conditions should be reported \([https\://github\.com/ansible\-collections/community\.crypto/issues/240](https\://github\.com/ansible\-collections/community\.crypto/issues/240)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/241](https\://github\.com/ansible\-collections/community\.crypto/pull/241)\)\.
+
+<a id="new-modules"></a>
+### New Modules
+
+* openssl\_publickey\_info \- Provide information for OpenSSL public keys
+
+<a id="v1-6-2"></a>
+## v1\.6\.2
+
+<a id="release-summary-29"></a>
+### Release Summary
+
+Bugfix release\. Fixes compatibility issue of ACME modules with step\-ca\.
+
+<a id="bugfixes-26"></a>
+### Bugfixes
+
+* acme\_\* modules \- avoid crashing for ACME servers where the <code>meta</code> directory key is not present \([https\://github\.com/ansible\-collections/community\.crypto/issues/220](https\://github\.com/ansible\-collections/community\.crypto/issues/220)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/221](https\://github\.com/ansible\-collections/community\.crypto/pull/221)\)\.
+
+<a id="v1-6-1"></a>
+## v1\.6\.1
+
+<a id="release-summary-30"></a>
+### Release Summary
+
+Bugfix release\.
+
+<a id="bugfixes-27"></a>
+### Bugfixes
+
+* acme\_\* modules \- fix wrong usages of <code>ACMEProtocolException</code> \([https\://github\.com/ansible\-collections/community\.crypto/pull/216](https\://github\.com/ansible\-collections/community\.crypto/pull/216)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/217](https\://github\.com/ansible\-collections/community\.crypto/pull/217)\)\.
+
+<a id="v1-6-0"></a>
+## v1\.6\.0
+
+<a id="release-summary-31"></a>
+### Release Summary
+
+Fixes compatibility issues with the latest ansible\-core 2\.11 beta\, and contains a lot of internal refactoring for the ACME modules and support for private key passphrases for them\.
+
+<a id="minor-changes-4"></a>
+### Minor Changes
+
+* acme module\_utils \- the <code>acme</code> module\_utils has been split up into several Python modules \([https\://github\.com/ansible\-collections/community\.crypto/pull/184](https\://github\.com/ansible\-collections/community\.crypto/pull/184)\)\.
+* acme\_\* modules \- codebase refactor which should not be visible to end\-users \([https\://github\.com/ansible\-collections/community\.crypto/pull/184](https\://github\.com/ansible\-collections/community\.crypto/pull/184)\)\.
+* acme\_\* modules \- support account key passphrases for <code>cryptography</code> backend \([https\://github\.com/ansible\-collections/community\.crypto/issues/197](https\://github\.com/ansible\-collections/community\.crypto/issues/197)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/207](https\://github\.com/ansible\-collections/community\.crypto/pull/207)\)\.
+* acme\_certificate\_revoke \- support revoking by private keys that are passphrase protected for <code>cryptography</code> backend \([https\://github\.com/ansible\-collections/community\.crypto/pull/207](https\://github\.com/ansible\-collections/community\.crypto/pull/207)\)\.
+* acme\_challenge\_cert\_helper \- add <code>private\_key\_passphrase</code> parameter \([https\://github\.com/ansible\-collections/community\.crypto/pull/207](https\://github\.com/ansible\-collections/community\.crypto/pull/207)\)\.
+
+<a id="deprecated-features"></a>
+### Deprecated Features
+
+* acme module\_utils \- the <code>acme</code> module\_utils \(<code>ansible\_collections\.community\.crypto\.plugins\.module\_utils\.acme</code>\) is deprecated and will be removed in community\.crypto 2\.0\.0\. Use the new Python modules in the <code>acme</code> package instead \(<code>ansible\_collections\.community\.crypto\.plugins\.module\_utils\.acme\.xxx</code>\) \([https\://github\.com/ansible\-collections/community\.crypto/pull/184](https\://github\.com/ansible\-collections/community\.crypto/pull/184)\)\.
+
+<a id="bugfixes-28"></a>
+### Bugfixes
+
+* action\_module plugin helper \- make compatible with latest changes in ansible\-core 2\.11\.0b3 \([https\://github\.com/ansible\-collections/community\.crypto/pull/202](https\://github\.com/ansible\-collections/community\.crypto/pull/202)\)\.
+* openssl\_privatekey\_pipe \- make compatible with latest changes in ansible\-core 2\.11\.0b3 \([https\://github\.com/ansible\-collections/community\.crypto/pull/202](https\://github\.com/ansible\-collections/community\.crypto/pull/202)\)\.
+
+<a id="v1-5-0"></a>
+## v1\.5\.0
+
+<a id="release-summary-32"></a>
+### Release Summary
+
+Regular feature and bugfix release\. Deprecates a return value\.
+
+<a id="minor-changes-5"></a>
+### Minor Changes
+
+* acme\_account\_info \- when <code>retrieve\_orders</code> is not <code>ignore</code> and the ACME server allows to query orders\, the new return value <code>order\_uris</code> is always populated with a list of URIs \([https\://github\.com/ansible\-collections/community\.crypto/pull/178](https\://github\.com/ansible\-collections/community\.crypto/pull/178)\)\.
+* luks\_device \- allow to specify sector size for LUKS2 containers with new <code>sector\_size</code> parameter \([https\://github\.com/ansible\-collections/community\.crypto/pull/193](https\://github\.com/ansible\-collections/community\.crypto/pull/193)\)\.
+
+<a id="deprecated-features-1"></a>
+### Deprecated Features
+
+* acme\_account\_info \- when <code>retrieve\_orders\=url\_list</code>\, <code>orders</code> will no longer be returned in community\.crypto 2\.0\.0\. Use <code>order\_uris</code> instead \([https\://github\.com/ansible\-collections/community\.crypto/pull/178](https\://github\.com/ansible\-collections/community\.crypto/pull/178)\)\.
+
+<a id="bugfixes-29"></a>
+### Bugfixes
+
+* openssl\_csr \- no longer fails when comparing CSR without basic constraint when <code>basic\_constraints</code> is specified \([https\://github\.com/ansible\-collections/community\.crypto/issues/179](https\://github\.com/ansible\-collections/community\.crypto/issues/179)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/180](https\://github\.com/ansible\-collections/community\.crypto/pull/180)\)\.
+
+<a id="v1-4-0"></a>
+## v1\.4\.0
+
+<a id="release-summary-33"></a>
+### Release Summary
+
+Release with several new features and bugfixes\.
+
+<a id="minor-changes-6"></a>
+### Minor Changes
+
+* The ACME module\_utils has been relicensed back from the Simplified BSD License \([https\://opensource\.org/licenses/BSD\-2\-Clause](https\://opensource\.org/licenses/BSD\-2\-Clause)\) to the GPLv3\+ \(same license used by most other code in this collection\)\. This undoes a licensing change when the original GPLv3\+ licensed code was moved to module\_utils in [https\://github\.com/ansible/ansible/pull/40697](https\://github\.com/ansible/ansible/pull/40697) \([https\://github\.com/ansible\-collections/community\.crypto/pull/165](https\://github\.com/ansible\-collections/community\.crypto/pull/165)\)\.
+* The <code>crypto/identify\.py</code> module\_utils has been renamed to <code>crypto/pem\.py</code> \([https\://github\.com/ansible\-collections/community\.crypto/pull/166](https\://github\.com/ansible\-collections/community\.crypto/pull/166)\)\.
+* luks\_device \- <code>new\_keyfile</code>\, <code>new\_passphrase</code>\, <code>remove\_keyfile</code> and <code>remove\_passphrase</code> are now idempotent \([https\://github\.com/ansible\-collections/community\.crypto/issues/19](https\://github\.com/ansible\-collections/community\.crypto/issues/19)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/168](https\://github\.com/ansible\-collections/community\.crypto/pull/168)\)\.
+* luks\_device \- allow to configure PBKDF \([https\://github\.com/ansible\-collections/community\.crypto/pull/163](https\://github\.com/ansible\-collections/community\.crypto/pull/163)\)\.
+* openssl\_csr\, openssl\_csr\_pipe \- allow to specify CRL distribution endpoints with <code>crl\_distribution\_points</code> \([https\://github\.com/ansible\-collections/community\.crypto/issues/147](https\://github\.com/ansible\-collections/community\.crypto/issues/147)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/167](https\://github\.com/ansible\-collections/community\.crypto/pull/167)\)\.
+* openssl\_pkcs12 \- allow to specify certificate bundles in <code>other\_certificates</code> by using new option <code>other\_certificates\_parse\_all</code> \([https\://github\.com/ansible\-collections/community\.crypto/issues/149](https\://github\.com/ansible\-collections/community\.crypto/issues/149)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/166](https\://github\.com/ansible\-collections/community\.crypto/pull/166)\)\.
+
+<a id="bugfixes-30"></a>
+### Bugfixes
+
+* acme\_certificate \- error when requested challenge type is not found for non\-valid challenges\, instead of hanging on step 2 \([https\://github\.com/ansible\-collections/community\.crypto/issues/171](https\://github\.com/ansible\-collections/community\.crypto/issues/171)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/173](https\://github\.com/ansible\-collections/community\.crypto/pull/173)\)\.
+
+<a id="v1-3-0"></a>
+## v1\.3\.0
+
+<a id="release-summary-34"></a>
+### Release Summary
+
+Contains new modules <code>openssl\_privatekey\_pipe</code>\, <code>openssl\_csr\_pipe</code> and <code>x509\_certificate\_pipe</code> which allow to create or update private keys\, CSRs and X\.509 certificates without having to write them to disk\.
+
+<a id="minor-changes-7"></a>
+### Minor Changes
+
+* openssh\_cert \- add module parameter <code>use\_agent</code> to enable using signing keys stored in ssh\-agent \([https\://github\.com/ansible\-collections/community\.crypto/issues/116](https\://github\.com/ansible\-collections/community\.crypto/issues/116)\)\.
+* openssl\_csr \- refactor module to allow code re\-use by openssl\_csr\_pipe \([https\://github\.com/ansible\-collections/community\.crypto/pull/123](https\://github\.com/ansible\-collections/community\.crypto/pull/123)\)\.
+* openssl\_privatekey \- refactor module to allow code re\-use by openssl\_privatekey\_pipe \([https\://github\.com/ansible\-collections/community\.crypto/pull/119](https\://github\.com/ansible\-collections/community\.crypto/pull/119)\)\.
+* openssl\_privatekey \- the elliptic curve <code>secp192r1</code> now triggers a security warning\. Elliptic curves of at least 224 bits should be used for new keys\; see [here](https\://cryptography\.io/en/latest/hazmat/primitives/asymmetric/ec\.html\#elliptic\-curves) \([https\://github\.com/ansible\-collections/community\.crypto/pull/132](https\://github\.com/ansible\-collections/community\.crypto/pull/132)\)\.
+* x509\_certificate \- for the <code>selfsigned</code> provider\, a CSR is not required anymore\. If no CSR is provided\, the module behaves as if a minimal CSR which only contains the public key has been provided \([https\://github\.com/ansible\-collections/community\.crypto/issues/32](https\://github\.com/ansible\-collections/community\.crypto/issues/32)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/129](https\://github\.com/ansible\-collections/community\.crypto/pull/129)\)\.
+* x509\_certificate \- refactor module to allow code re\-use by x509\_certificate\_pipe \([https\://github\.com/ansible\-collections/community\.crypto/pull/135](https\://github\.com/ansible\-collections/community\.crypto/pull/135)\)\.
+
+<a id="bugfixes-31"></a>
+### Bugfixes
+
+* openssl\_pkcs12 \- report the correct state when <code>action</code> is <code>parse</code> \([https\://github\.com/ansible\-collections/community\.crypto/issues/143](https\://github\.com/ansible\-collections/community\.crypto/issues/143)\)\.
+* support code \- improve handling of certificate and certificate signing request \(CSR\) loading with the <code>cryptography</code> backend when errors occur \([https\://github\.com/ansible\-collections/community\.crypto/issues/138](https\://github\.com/ansible\-collections/community\.crypto/issues/138)\, [https\://github\.com/ansible\-collections/community\.crypto/pull/139](https\://github\.com/ansible\-collections/community\.crypto/pull/139)\)\.
+* x509\_certificate \- fix <code>entrust</code> provider\, which was broken since community\.crypto 0\.1\.0 due to a feature added before the collection move \([https\://github\.com/ansible\-collections/community\.crypto/pull/135](https\://github\.com/ansible\-collections/community\.crypto/pull/135)\)\.
+
+<a id="new-modules-1"></a>
+### New Modules
+
+* openssl\_csr\_pipe \- Generate OpenSSL Certificate Signing Request \(CSR\)
+* openssl\_privatekey\_pipe \- Generate OpenSSL private keys without disk access
+* x509\_certificate\_pipe \- Generate and/or check OpenSSL certificates
+
+<a id="v1-2-0"></a>
+## v1\.2\.0
+
+<a id="release-summary-35"></a>
+### Release Summary
+
+Please note that this release fixes a security issue \(CVE\-2020\-25646\)\.
+
+<a id="minor-changes-8"></a>
+### Minor Changes
+
+* acme\_certificate \- allow to pass CSR file as content with new option <code>csr\_content</code> \([https\://github\.com/ansible\-collections/community\.crypto/pull/115](https\://github\.com/ansible\-collections/community\.crypto/pull/115)\)\.
+* x509\_certificate\_info \- add <code>fingerprints</code> return value which returns certificate fingerprints \([https\://github\.com/ansible\-collections/community\.crypto/pull/121](https\://github\.com/ansible\-collections/community\.crypto/pull/121)\)\.
+
+<a id="security-fixes"></a>
+### Security Fixes
+
+* openssl\_csr \- the option <code>privatekey\_content</code> was not marked as <code>no\_log</code>\, resulting in it being dumped into the system log by default\, and returned in the registered results in the <code>invocation</code> field \(CVE\-2020\-25646\, [https\://github\.com/ansible\-collections/community\.crypto/pull/125](https\://github\.com/ansible\-collections/community\.crypto/pull/125)\)\.
+* openssl\_privatekey\_info \- the option <code>content</code> was not marked as <code>no\_log</code>\, resulting in it being dumped into the system log by default\, and returned in the registered results in the <code>invocation</code> field \(CVE\-2020\-25646\, [https\://github\.com/ansible\-collections/community\.crypto/pull/125](https\://github\.com/ansible\-collections/community\.crypto/pull/125)\)\.
+* openssl\_publickey \- the option <code>privatekey\_content</code> was not marked as <code>no\_log</code>\, resulting in it being dumped into the system log by default\, and returned in the registered results in the <code>invocation</code> field \(CVE\-2020\-25646\, [https\://github\.com/ansible\-collections/community\.crypto/pull/125](https\://github\.com/ansible\-collections/community\.crypto/pull/125)\)\.
+* openssl\_signature \- the option <code>privatekey\_content</code> was not marked as <code>no\_log</code>\, resulting in it being dumped into the system log by default\, and returned in the registered results in the <code>invocation</code> field \(CVE\-2020\-25646\, [https\://github\.com/ansible\-collections/community\.crypto/pull/125](https\://github\.com/ansible\-collections/community\.crypto/pull/125)\)\.
+* x509\_certificate \- the options <code>privatekey\_content</code> and <code>ownca\_privatekey\_content</code> were not marked as <code>no\_log</code>\, resulting in it being dumped into the system log by default\, and returned in the registered results in the <code>invocation</code> field \(CVE\-2020\-25646\, [https\://github\.com/ansible\-collections/community\.crypto/pull/125](https\://github\.com/ansible\-collections/community\.crypto/pull/125)\)\.
+* x509\_crl \- the option <code>privatekey\_content</code> was not marked as <code>no\_log</code>\, resulting in it being dumped into the system log by default\, and returned in the registered results in the <code>invocation</code> field \(CVE\-2020\-25646\, [https\://github\.com/ansible\-collections/community\.crypto/pull/125](https\://github\.com/ansible\-collections/community\.crypto/pull/125)\)\.
+
+<a id="bugfixes-32"></a>
+### Bugfixes
+
+* openssl\_pkcs12 \- do not crash when reading PKCS\#12 file which has no private key and/or no main certificate \([https\://github\.com/ansible\-collections/community\.crypto/issues/103](https\://github\.com/ansible\-collections/community\.crypto/issues/103)\)\.
+
+<a id="v1-1-1"></a>
+## v1\.1\.1
+
+<a id="release-summary-36"></a>
+### Release Summary
+
+Bugfixes for Ansible 2\.10\.0\.
+
+<a id="bugfixes-33"></a>
+### Bugfixes
+
+* meta/runtime\.yml \- convert Ansible version numbers for old names of modules to collection version numbers \([https\://github\.com/ansible\-collections/community\.crypto/pull/108](https\://github\.com/ansible\-collections/community\.crypto/pull/108)\)\.
+* openssl\_csr \- improve handling of IDNA errors \([https\://github\.com/ansible\-collections/community\.crypto/issues/105](https\://github\.com/ansible\-collections/community\.crypto/issues/105)\)\.
+
+<a id="v1-1-0"></a>
+## v1\.1\.0
+
+<a id="release-summary-37"></a>
+### Release Summary
+
+Release for Ansible 2\.10\.0\.
+
+<a id="minor-changes-9"></a>
+### Minor Changes
+
+* acme\_account \- add <code>external\_account\_binding</code> option to allow creation of ACME accounts with External Account Binding \([https\://github\.com/ansible\-collections/community\.crypto/issues/89](https\://github\.com/ansible\-collections/community\.crypto/issues/89)\)\.
+* acme\_certificate \- allow new selector <code>test\_certificates\: first</code> for <code>select\_chain</code> parameter \([https\://github\.com/ansible\-collections/community\.crypto/pull/102](https\://github\.com/ansible\-collections/community\.crypto/pull/102)\)\.
+* cryptography backends \- support arbitrary dotted OIDs \([https\://github\.com/ansible\-collections/community\.crypto/issues/39](https\://github\.com/ansible\-collections/community\.crypto/issues/39)\)\.
+* get\_certificate \- add support for SNI \([https\://github\.com/ansible\-collections/community\.crypto/issues/69](https\://github\.com/ansible\-collections/community\.crypto/issues/69)\)\.
+* luks\_device \- add support for encryption options on container creation \([https\://github\.com/ansible\-collections/community\.crypto/pull/97](https\://github\.com/ansible\-collections/community\.crypto/pull/97)\)\.
+* openssh\_cert \- add support for PKCS\#11 tokens \([https\://github\.com/ansible\-collections/community\.crypto/pull/95](https\://github\.com/ansible\-collections/community\.crypto/pull/95)\)\.
+* openssl\_certificate \- the PyOpenSSL backend now uses 160 bits of randomness for serial numbers\, instead of a random number between 1000 and 99999\. Please note that this is not a high quality random number \([https\://github\.com/ansible\-collections/community\.crypto/issues/76](https\://github\.com/ansible\-collections/community\.crypto/issues/76)\)\.
+* openssl\_csr \- add support for name constraints extension \([https\://github\.com/ansible\-collections/community\.crypto/issues/46](https\://github\.com/ansible\-collections/community\.crypto/issues/46)\)\.
+* openssl\_csr\_info \- add support for name constraints extension \([https\://github\.com/ansible\-collections/community\.crypto/issues/46](https\://github\.com/ansible\-collections/community\.crypto/issues/46)\)\.
+
+<a id="bugfixes-34"></a>
+### Bugfixes
+
+* acme\_inspect \- fix problem with Python 3\.5 that JSON was not decoded \([https\://github\.com/ansible\-collections/community\.crypto/issues/86](https\://github\.com/ansible\-collections/community\.crypto/issues/86)\)\.
+* get\_certificate \- fix <code>ca\_cert</code> option handling when <code>proxy\_host</code> is used \([https\://github\.com/ansible\-collections/community\.crypto/pull/84](https\://github\.com/ansible\-collections/community\.crypto/pull/84)\)\.
+* openssl\_\*\, x509\_\* modules \- fix handling of general names which refer to IP networks and not IP addresses \([https\://github\.com/ansible\-collections/community\.crypto/pull/92](https\://github\.com/ansible\-collections/community\.crypto/pull/92)\)\.
+
+<a id="new-modules-2"></a>
+### New Modules
+
+* openssl\_signature \- Sign data with openssl
+* openssl\_signature\_info \- Verify signatures with openssl
+
+<a id="v1-0-0"></a>
+## v1\.0\.0
+
+<a id="release-summary-38"></a>
+### Release Summary
+
+This is the first proper release of the <code>community\.crypto</code> collection\. This changelog contains all changes to the modules in this collection that were added after the release of Ansible 2\.9\.0\.
+
+<a id="minor-changes-10"></a>
+### Minor Changes
+
+* luks\_device \- accept <code>passphrase</code>\, <code>new\_passphrase</code> and <code>remove\_passphrase</code>\.
+* luks\_device \- add <code>keysize</code> parameter to set key size at LUKS container creation
+* luks\_device \- added support to use UUIDs\, and labels with LUKS2 containers
+* luks\_device \- added the <code>type</code> option that allows user explicit define the LUKS container format version
+* openssh\_keypair \- instead of regenerating some broken or password protected keys\, fail the module\. Keys can still be regenerated by calling the module with <code>force\=yes</code>\.
+* openssh\_keypair \- the <code>regenerate</code> option allows to configure the module\'s behavior when it should or needs to regenerate private keys\.
+* openssl\_\* modules \- the cryptography backend now properly supports <code>dirName</code>\, <code>otherName</code> and <code>RID</code> \(Registered ID\) names\.
+* openssl\_certificate \- Add option for changing which ACME directory to use with acme\-tiny\. Set the default ACME directory to Let\'s Encrypt instead of using acme\-tiny\'s default\. \(acme\-tiny also uses Let\'s Encrypt at the time being\, so no action should be neccessary\.\)
+* openssl\_certificate \- Change the required version of acme\-tiny to \>\= 4\.0\.0
+* openssl\_certificate \- allow to provide content of some input files via the <code>csr\_content</code>\, <code>privatekey\_content</code>\, <code>ownca\_privatekey\_content</code> and <code>ownca\_content</code> options\.
+* openssl\_certificate \- allow to return the existing/generated certificate directly as <code>certificate</code> by setting <code>return\_content</code> to <code>yes</code>\.
+* openssl\_certificate\_info \- allow to provide certificate content via <code>content</code> option \([https\://github\.com/ansible/ansible/issues/64776](https\://github\.com/ansible/ansible/issues/64776)\)\.
+* openssl\_csr \- Add support for specifying the SAN <code>otherName</code> value in the OpenSSL ASN\.1 UTF8 string format\, <code>otherName\:\<OID\>\;UTF8\:string value</code>\.
+* openssl\_csr \- allow to provide private key content via <code>private\_key\_content</code> option\.
+* openssl\_csr \- allow to return the existing/generated CSR directly as <code>csr</code> by setting <code>return\_content</code> to <code>yes</code>\.
+* openssl\_csr\_info \- allow to provide CSR content via <code>content</code> option\.
+* openssl\_dhparam \- allow to return the existing/generated DH params directly as <code>dhparams</code> by setting <code>return\_content</code> to <code>yes</code>\.
+* openssl\_dhparam \- now supports a <code>cryptography</code>\-based backend\. Auto\-detection can be overwritten with the <code>select\_crypto\_backend</code> option\.
+* openssl\_pkcs12 \- allow to return the existing/generated PKCS\#12 directly as <code>pkcs12</code> by setting <code>return\_content</code> to <code>yes</code>\.
+* openssl\_privatekey \- add <code>format</code> and <code>format\_mismatch</code> options\.
+* openssl\_privatekey \- allow to return the existing/generated private key directly as <code>privatekey</code> by setting <code>return\_content</code> to <code>yes</code>\.
+* openssl\_privatekey \- the <code>regenerate</code> option allows to configure the module\'s behavior when it should or needs to regenerate private keys\.
+* openssl\_privatekey\_info \- allow to provide private key content via <code>content</code> option\.
+* openssl\_publickey \- allow to provide private key content via <code>private\_key\_content</code> option\.
+* openssl\_publickey \- allow to return the existing/generated public key directly as <code>publickey</code> by setting <code>return\_content</code> to <code>yes</code>\.
+
+<a id="deprecated-features-2"></a>
+### Deprecated Features
+
+* openssl\_csr \- all values for the <code>version</code> option except <code>1</code> are deprecated\. The value 1 denotes the current only standardized CSR version\.
+
+<a id="removed-features-previously-deprecated"></a>
+### Removed Features \(previously deprecated\)
+
+* The <code>letsencrypt</code> module has been removed\. Use <code>acme\_certificate</code> instead\.
+
+<a id="bugfixes-35"></a>
+### Bugfixes
+
+* ACME modules\: fix bug in ACME v1 account update code
+* ACME modules\: make sure some connection errors are handled properly
+* ACME modules\: support Buypass\' ACME v1 endpoint
+* acme\_certificate \- fix crash when module is used with Python 2\.x\.
+* acme\_certificate \- fix misbehavior when ACME v1 is used with <code>modify\_account</code> set to <code>false</code>\.
+* ecs\_certificate \- Always specify header <code>connection\: keep\-alive</code> for ECS API connections\.
+* ecs\_certificate \- Fix formatting of contents of <code>full\_chain\_path</code>\.
+* get\_certificate \- Fix cryptography backend when pyopenssl is unavailable \([https\://github\.com/ansible/ansible/issues/67900](https\://github\.com/ansible/ansible/issues/67900)\)
+* openssh\_keypair \- add logic to avoid breaking password protected keys\.
+* openssh\_keypair \- fixes idempotence issue with public key \([https\://github\.com/ansible/ansible/issues/64969](https\://github\.com/ansible/ansible/issues/64969)\)\.
+* openssh\_keypair \- public key\'s file attributes \(permissions\, owner\, group\, etc\.\) are now set to the same values as the private key\.
+* openssl\_\* modules \- prevent crash on fingerprint determination in FIPS mode \([https\://github\.com/ansible/ansible/issues/67213](https\://github\.com/ansible/ansible/issues/67213)\)\.
+* openssl\_certificate \- When provider is <code>entrust</code>\, use a <code>connection\: keep\-alive</code> header for ECS API connections\.
+* openssl\_certificate \- <code>provider</code> option was documented as required\, but it was not checked whether it was provided\. It is now only required when <code>state</code> is <code>present</code>\.
+* openssl\_certificate \- fix <code>assertonly</code> provider certificate verification\, causing \'private key mismatch\' and \'subject mismatch\' errors\.
+* openssl\_certificate and openssl\_csr \- fix Ed25519 and Ed448 private key support for <code>cryptography</code> backend\. This probably needs at least cryptography 2\.8\, since older versions have problems with signing certificates or CSRs with such keys\. \([https\://github\.com/ansible/ansible/issues/59039](https\://github\.com/ansible/ansible/issues/59039)\, PR [https\://github\.com/ansible/ansible/pull/63984](https\://github\.com/ansible/ansible/pull/63984)\)
+* openssl\_csr \- a warning is issued if an unsupported value for <code>version</code> is used for the <code>cryptography</code> backend\.
+* openssl\_csr \- the module will now enforce that <code>privatekey\_path</code> is specified when <code>state\=present</code>\.
+* openssl\_publickey \- fix a module crash caused when pyOpenSSL is not installed \([https\://github\.com/ansible/ansible/issues/67035](https\://github\.com/ansible/ansible/issues/67035)\)\.
+
+<a id="new-modules-3"></a>
+### New Modules
+
+* ecs\_domain \- Request validation of a domain with the Entrust Certificate Services \(ECS\) API
+* x509\_crl \- Generate Certificate Revocation Lists \(CRLs\)
+* x509\_crl\_info \- Retrieve information on Certificate Revocation Lists \(CRLs\)
--- a/CHANGELOG.md.license
+++ b/CHANGELOG.md.license
@@ -0,0 +1,3 @@
+GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+SPDX-License-Identifier: GPL-3.0-or-later
+SPDX-FileCopyrightText: Ansible Project
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -4,6 +4,35 @@ Community Crypto Release Notes

 .. contents:: Topics

+v1.9.26
+=======
+
+Release Summary
+---------------
+
+Last release.
+
+Major Changes
+-------------
+
+- The 1.x.y release train of community.crypto is **End of Life**. There will be no further community.crypto 1.x.y releases.
+  Please upgrade to community.crypto 2.x.y.
+
+  Thanks to everyone who contributed to community.crypto 1.x.y!
+
+v1.9.25
+=======
+
+Release Summary
+---------------
+
+Bugfix release.
+
+Bugfixes
+--------
+
+- crypto.math module utils - change return values for ``quick_is_not_prime()`` for special cases that do not appear when using the collection (https://github.com/ansible-collections/community.crypto/pull/733).
+- ecs_certificate - fixed ``csr`` option to be empty and allow renewal of a specific certificate according to the Renewal Information specification (https://github.com/ansible-collections/community.crypto/pull/740).

 v1.9.24
 =======
@@ -541,7 +570,6 @@ Release Summary

 Contains new modules ``openssl_privatekey_pipe``, ``openssl_csr_pipe`` and ``x509_certificate_pipe`` which allow to create or update private keys, CSRs and X.509 certificates without having to write them to disk.

-
 Minor Changes
 -------------

@@ -617,7 +645,6 @@ Release Summary

 Release for Ansible 2.10.0.

-
 Minor Changes
 -------------

@@ -652,7 +679,6 @@ Release Summary

 This is the first proper release of the ``community.crypto`` collection. This changelog contains all changes to the modules in this collection that were added after the release of Ansible 2.9.0.

-
 Minor Changes
 -------------

--- a/README.md
+++ b/README.md
@@ -1,6 +1,5 @@
 # Ansible Community Crypto Collection

-[![Build Status](https://dev.azure.com/ansible/community.crypto/_apis/build/status/CI?branchName=main)](https://dev.azure.com/ansible/community.crypto/_build?definitionId=21)
 [![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/community.crypto)](https://codecov.io/gh/ansible-collections/community.crypto)

 Provides modules for [Ansible](https://www.ansible.com/community) for various cryptographic operations.
@@ -9,6 +8,19 @@ You can find [documentation for this collection on the Ansible docs site](https:

 Please note that this collection does **not** support Windows targets.

+## Communication
+
+* Join the Ansible forum:
+  * [Get Help](https://forum.ansible.com/c/help/6): get help or help others. Please add appropriate tags if you start new discussions, for example the `crypto` or `acme` tags.
+  * [Posts tagged with 'crypto'](https://forum.ansible.com/tag/crypto): subscribe to participate in cryptography related conversations.
+  * [Posts tagged with 'acme'](https://forum.ansible.com/tag/acme): subscribe to participate in ACME (RFC 8555) related conversations.
+  * [Social Spaces](https://forum.ansible.com/c/chat/4): gather and interact with fellow enthusiasts.
+  * [News & Announcements](https://forum.ansible.com/c/news/5): track project-wide announcements including social events.
+
+* The Ansible [Bullhorn newsletter](https://docs.ansible.com/ansible/devel/community/communication.html#the-bullhorn): used to announce releases and important changes.
+
+For more information about communication, see the [Ansible communication guide](https://docs.ansible.com/ansible/devel/community/communication.html).
+
 ## Tested with Ansible

 Tested with the current Ansible 2.9, ansible-base 2.10, ansible-core 2.11, ansible-core 2.12 and ansible-core 2.13 releases. Ansible versions before 2.9.10 are not supported.
@@ -85,7 +97,7 @@ See [Ansible's dev guide](https://docs.ansible.com/ansible/devel/dev_guide/devel

 ## Release notes

-See the [changelog](https://github.com/ansible-collections/community.crypto/blob/main/CHANGELOG.rst).
+See the [changelog](https://github.com/ansible-collections/community.crypto/blob/stable-1/CHANGELOG.md).

 ## Roadmap

--- a/changelogs/changelog.yaml
+++ b/changelogs/changelog.yaml
@@ -741,6 +741,36 @@ releases:
    - 701-private_key_info-consistency.yml
    - 704-x509_certificate-assertonly-privatekey.yml
    release_date: '2024-01-27'
+  1.9.25:
+    changes:
+      bugfixes:
+      - crypto.math module utils - change return values for ``quick_is_not_prime()``
+        for special cases that do not appear when using the collection (https://github.com/ansible-collections/community.crypto/pull/733).
+      - ecs_certificate - fixed ``csr`` option to be empty and allow renewal of a
+        specific certificate according to the Renewal Information specification (https://github.com/ansible-collections/community.crypto/pull/740).
+      release_summary: Bugfix release.
+    fragments:
+    - 1.9.25.yml
+    - 733-math-prime.yml
+    - 740-ecs_certificate-renewal-without-csr.yml
+    release_date: '2024-05-20'
+  1.9.26:
+    changes:
+      major_changes:
+      - 'The 1.x.y release train of community.crypto is **End of Life**. There will
+        be no further community.crypto 1.x.y releases.
+
+        Please upgrade to community.crypto 2.x.y.
+
+
+        Thanks to everyone who contributed to community.crypto 1.x.y!
+
+        '
+      release_summary: Last release.
+    fragments:
+    - 0-readme.yml
+    - eol.yml
+    release_date: '2024-08-28'
  1.9.3:
    changes:
      bugfixes:
--- a/changelogs/config.yaml
+++ b/changelogs/config.yaml
@@ -6,6 +6,9 @@ keep_fragments: false
 mention_ancestor: true
 new_plugins_after_name: removed_features
 notesdir: fragments
+output_formats:
+  - md
+  - rst
 prelude_section_name: release_summary
 prelude_section_title: Release Summary
 sections:
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -1,6 +1,6 @@
 namespace: community
 name: crypto
-version: 1.9.24
+version: 1.9.26
 readme: README.md
 authors:
  - Ansible (github.com/ansible)
--- a/plugins/module_utils/crypto/math.py
+++ b/plugins/module_utils/crypto/math.py
@@ -53,9 +53,18 @@ def quick_is_not_prime(n):
    that we couldn't detect quickly whether it is not prime.
    '''
    if n <= 2:
-        return True
+        return n < 2
    # The constant in the next line is the product of all primes < 200
-    if simple_gcd(n, 7799922041683461553249199106329813876687996789903550945093032474868511536164700810) > 1:
+    prime_product = 7799922041683461553249199106329813876687996789903550945093032474868511536164700810
+    gcd = simple_gcd(n, prime_product)
+    if gcd > 1:
+        if n < 200 and gcd == n:
+            # Explicitly check for all primes < 200
+            return n not in (
+                2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83,
+                89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, 167, 173, 179,
+                181, 191, 193, 197, 199,
+            )
        return True
    # TODO: maybe do some iterations of Miller-Rabin to increase confidence
    # (https://en.wikipedia.org/wiki/Miller%E2%80%93Rabin_primality_test)
--- a/plugins/modules/ecs_certificate.py
+++ b/plugins/modules/ecs_certificate.py
@@ -922,8 +922,8 @@ def main():
            module.fail_json(msg='The cert_expiry field is invalid when request_type="reissue".')
        elif module.params['cert_lifetime']:
            module.fail_json(msg='The cert_lifetime field is invalid when request_type="reissue".')
-    # Only a reissued request can omit the CSR
-    else:
+    # Reissued or renew request can omit the CSR
+    elif module.params['request_type'] != 'renew':
        module_params_csr = module.params['csr']
        if module_params_csr is None:
            module.fail_json(msg='The csr field is required when request_type={0}'.format(module.params['request_type']))
--- a/tests/integration/targets/openssl_pkcs12/tests/validate.yml
+++ b/tests/integration/targets/openssl_pkcs12/tests/validate.yml
@@ -16,7 +16,8 @@
    that:
      - p12_standard_check is changed
      - p12_standard is changed
-      - p12.stdout_lines[2].split(':')[-1].strip() == 'abracadabra'
+      - p12.stdout_lines[2].split(':')[-1].strip() == 'abracadabra' or
+        p12.stdout_lines[1].split(':')[-1].strip() == 'abracadabra'
      - p12_standard.mode == '0400'
      - p12_no_pkey is changed
      - p12_validate_no_pkey.stdout_lines[-1] == '-----END CERTIFICATE-----'
--- a/tests/integration/targets/setup_pkg_mgr/tasks/main.yml
+++ b/tests/integration/targets/setup_pkg_mgr/tasks/main.yml
@@ -15,3 +15,9 @@
    ansible_pkg_mgr: community.general.zypper
    cacheable: yes
  when: ansible_os_family == 'Suse' and ansible_version.string is version('2.10', '>=')
+
+- shell:
+    cmd: |
+      sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/*.repo
+      sed -i 's%#baseurl=http://mirror.centos.org/%baseurl=https://vault.centos.org/%g' /etc/yum.repos.d/*.repo
+  when: ansible_distribution in 'CentOS' and ansible_distribution_major_version == '7'
--- a/tests/sanity/ignore-2.10.txt
+++ b/tests/sanity/ignore-2.10.txt
@@ -1,9 +1,3 @@
-.azure-pipelines/scripts/publish-codecov.py replace-urlopen
-.azure-pipelines/scripts/publish-codecov.py compile-2.6!skip # Uses Python 3.6+ syntax
-.azure-pipelines/scripts/publish-codecov.py compile-2.7!skip # Uses Python 3.6+ syntax
-.azure-pipelines/scripts/publish-codecov.py compile-3.5!skip # Uses Python 3.6+ syntax
-.azure-pipelines/scripts/publish-codecov.py future-import-boilerplate
-.azure-pipelines/scripts/publish-codecov.py metaclass-boilerplate
 plugins/module_utils/acme/__init__.py empty-init
 plugins/module_utils/compat/ipaddress.py future-import-boilerplate
 plugins/module_utils/compat/ipaddress.py metaclass-boilerplate
--- a/tests/sanity/ignore-2.11.txt
+++ b/tests/sanity/ignore-2.11.txt
@@ -1,9 +1,3 @@
-.azure-pipelines/scripts/publish-codecov.py replace-urlopen
-.azure-pipelines/scripts/publish-codecov.py compile-2.6!skip # Uses Python 3.6+ syntax
-.azure-pipelines/scripts/publish-codecov.py compile-2.7!skip # Uses Python 3.6+ syntax
-.azure-pipelines/scripts/publish-codecov.py compile-3.5!skip # Uses Python 3.6+ syntax
-.azure-pipelines/scripts/publish-codecov.py future-import-boilerplate
-.azure-pipelines/scripts/publish-codecov.py metaclass-boilerplate
 plugins/module_utils/acme/__init__.py empty-init
 plugins/module_utils/compat/ipaddress.py future-import-boilerplate
 plugins/module_utils/compat/ipaddress.py metaclass-boilerplate
--- a/tests/sanity/ignore-2.12.txt
+++ b/tests/sanity/ignore-2.12.txt
@@ -1,4 +1,3 @@
-.azure-pipelines/scripts/publish-codecov.py replace-urlopen
 plugins/module_utils/acme/__init__.py empty-init
 plugins/module_utils/compat/ipaddress.py future-import-boilerplate
 plugins/module_utils/compat/ipaddress.py metaclass-boilerplate
--- a/tests/sanity/ignore-2.13.txt
+++ b/tests/sanity/ignore-2.13.txt
@@ -1,4 +1,3 @@
-.azure-pipelines/scripts/publish-codecov.py replace-urlopen
 plugins/module_utils/acme/__init__.py empty-init
 plugins/module_utils/compat/ipaddress.py future-import-boilerplate
 plugins/module_utils/compat/ipaddress.py metaclass-boilerplate
--- a/tests/sanity/ignore-2.9.txt
+++ b/tests/sanity/ignore-2.9.txt
@@ -1,9 +1,3 @@
-.azure-pipelines/scripts/publish-codecov.py replace-urlopen
-.azure-pipelines/scripts/publish-codecov.py compile-2.6!skip # Uses Python 3.6+ syntax
-.azure-pipelines/scripts/publish-codecov.py compile-2.7!skip # Uses Python 3.6+ syntax
-.azure-pipelines/scripts/publish-codecov.py compile-3.5!skip # Uses Python 3.6+ syntax
-.azure-pipelines/scripts/publish-codecov.py future-import-boilerplate
-.azure-pipelines/scripts/publish-codecov.py metaclass-boilerplate
 plugins/module_utils/acme/__init__.py empty-init
 plugins/module_utils/compat/ipaddress.py future-import-boilerplate
 plugins/module_utils/compat/ipaddress.py metaclass-boilerplate
--- a/tests/unit/plugins/module_utils/crypto/test_math.py
+++ b/tests/unit/plugins/module_utils/crypto/test_math.py
@@ -0,0 +1,68 @@
+# -*- coding: utf-8 -*-
+
+# Copyright (c) 2024, Felix Fontein <felix@fontein.de>
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+import pytest
+
+from ansible_collections.community.crypto.plugins.module_utils.crypto.math import (
+    binary_exp_mod,
+    simple_gcd,
+    quick_is_not_prime,
+)
+
+
+@pytest.mark.parametrize('f, e, m, result', [
+    (0, 0, 5, 1),
+    (0, 1, 5, 0),
+    (2, 1, 5, 2),
+    (2, 2, 5, 4),
+    (2, 3, 5, 3),
+    (2, 10, 5, 4),
+])
+def test_binary_exp_mod(f, e, m, result):
+    value = binary_exp_mod(f, e, m)
+    print(value)
+    assert value == result
+
+
+@pytest.mark.parametrize('a, b, result', [
+    (0, -123, -123),
+    (0, 123, 123),
+    (-123, 0, -123),
+    (123, 0, 123),
+    (-123, 1, 1),
+    (123, 1, 1),
+    (1, -123, -1),
+    (1, 123, 1),
+    (1024, 10, 2),
+])
+def test_simple_gcd(a, b, result):
+    value = simple_gcd(a, b)
+    print(value)
+    assert value == result
+
+
+@pytest.mark.parametrize('n, result', [
+    (-2, True),
+    (0, True),
+    (1, True),
+    (2, False),
+    (3, False),
+    (4, True),
+    (5, False),
+    (6, True),
+    (7, False),
+    (8, True),
+    (9, True),
+    (10, True),
+    (211, False),  # the smallest prime number >= 200
+])
+def test_quick_is_not_prime(n, result):
+    value = quick_is_not_prime(n)
+    print(value)
+    assert value == result
--- a/tests/utils/shippable/cloud.sh
+++ b/tests/utils/shippable/cloud.sh
@@ -1,20 +0,0 @@
-#!/usr/bin/env bash
-
-set -o pipefail -eux
-
-declare -a args
-IFS='/:' read -ra args <<< "$1"
-
-cloud="${args[0]}"
-python="${args[1]}"
-group="${args[2]}"
-
-target="shippable/${cloud}/group${group}/"
-
-stage="${S:-prod}"
-
-# shellcheck disable=SC2086
-export ANSIBLE_ACME_CONTAINER=quay.io/ansible/acme-test-container:2.0.0  # use new container until
-ansible-test integration --color -v --retry-on-error "${target}" ${COVERAGE:+"$COVERAGE"} ${CHANGED:+"$CHANGED"} ${UNSTABLE:+"$UNSTABLE"} \
-    --remote-terminate always --remote-stage "${stage}" \
-    --docker --python "${python}"
--- a/tests/utils/shippable/freebsd.sh
+++ b/tests/utils/shippable/freebsd.sh
@@ -1 +0,0 @@
-remote.sh
--- a/tests/utils/shippable/linux.sh
+++ b/tests/utils/shippable/linux.sh
@@ -1,18 +0,0 @@
-#!/usr/bin/env bash
-
-set -o pipefail -eux
-
-declare -a args
-IFS='/:' read -ra args <<< "$1"
-
-image="${args[1]}"
-
-if [ "${#args[@]}" -gt 2 ]; then
-    target="shippable/posix/group${args[2]}/"
-else
-    target="shippable/posix/"
-fi
-
-# shellcheck disable=SC2086
-ansible-test integration --color -v --retry-on-error "${target}" ${COVERAGE:+"$COVERAGE"} ${CHANGED:+"$CHANGED"} ${UNSTABLE:+"$UNSTABLE"} \
-    --docker "${image}"
--- a/tests/utils/shippable/macos.sh
+++ b/tests/utils/shippable/macos.sh
@@ -1 +0,0 @@
-remote.sh
--- a/tests/utils/shippable/osx.sh
+++ b/tests/utils/shippable/osx.sh
@@ -1 +0,0 @@
-remote.sh
--- a/tests/utils/shippable/remote.sh
+++ b/tests/utils/shippable/remote.sh
@@ -1,28 +0,0 @@
-#!/usr/bin/env bash
-
-set -o pipefail -eux
-
-declare -a args
-IFS='/:' read -ra args <<< "$1"
-
-platform="${args[0]}"
-version="${args[1]}"
-
-if [ "${#args[@]}" -gt 2 ]; then
-    target="shippable/posix/group${args[2]}/"
-else
-    target="shippable/posix/"
-fi
-
-stage="${S:-prod}"
-provider="${P:-default}"
-
-if [ "${platform}/${version}" == "freebsd/13.0" ]; then
-    # On FreeBSD 13.0, installing PyOpenSSL 22.0.0 tries to upgrade cryptography, which
-    # will fail due to missing Rust compiler.
-    echo "pyopenssl < 22.0.0 ; python_version >= '3.8'" >> tests/utils/constraints.txt
-fi
-
-# shellcheck disable=SC2086
-ansible-test integration --color -v --retry-on-error "${target}" ${COVERAGE:+"$COVERAGE"} ${CHANGED:+"$CHANGED"} ${UNSTABLE:+"$UNSTABLE"} \
-    --remote "${platform}/${version}" --remote-terminate always --remote-stage "${stage}" --remote-provider "${provider}"
--- a/tests/utils/shippable/rhel.sh
+++ b/tests/utils/shippable/rhel.sh
@@ -1 +0,0 @@
-remote.sh
--- a/tests/utils/shippable/sanity.sh
+++ b/tests/utils/shippable/sanity.sh
@@ -1,24 +0,0 @@
-#!/usr/bin/env bash
-
-set -o pipefail -eux
-
-declare -a args
-IFS='/:' read -ra args <<< "$1"
-
-group="${args[1]}"
-
-if [ "${BASE_BRANCH:-}" ]; then
-    base_branch="origin/${BASE_BRANCH}"
-else
-    base_branch=""
-fi
-
-if [ "${group}" == "extra" ]; then
-    ../internal_test_tools/tools/run.py --color --bot --junit
-    exit
-fi
-
-# shellcheck disable=SC2086
-ansible-test sanity --color -v --junit ${COVERAGE:+"$COVERAGE"} ${CHANGED:+"$CHANGED"} \
-    --docker --base-branch "${base_branch}" \
-    --allow-disabled
--- a/tests/utils/shippable/shippable.sh
+++ b/tests/utils/shippable/shippable.sh
@@ -1,236 +0,0 @@
-#!/usr/bin/env bash
-
-set -o pipefail -eux
-
-declare -a args
-IFS='/:' read -ra args <<< "$1"
-
-ansible_version="${args[0]}"
-script="${args[1]}"
-
-function join {
-    local IFS="$1";
-    shift;
-    echo "$*";
-}
-
-# Ensure we can write other collections to this dir
-sudo chown "$(whoami)" "${PWD}/../../"
-
-test="$(join / "${args[@]:1}")"
-docker images ansible/ansible
-docker images quay.io/ansible/*
-docker ps
-
-for container in $(docker ps --format '{{.Image}} {{.ID}}' | grep -v -e '^drydock/' -e '^quay.io/ansible/azure-pipelines-test-container:' | sed 's/^.* //'); do
-    docker rm -f "${container}" || true  # ignore errors
-done
-
-docker ps
-
-if [ -d /home/shippable/cache/ ]; then
-    ls -la /home/shippable/cache/
-fi
-
-command -v python
-python -V
-
-function retry
-{
-    # shellcheck disable=SC2034
-    for repetition in 1 2 3; do
-        set +e
-        "$@"
-        result=$?
-        set -e
-        if [ ${result} == 0 ]; then
-            return ${result}
-        fi
-        echo "@* -> ${result}"
-    done
-    echo "Command '@*' failed 3 times!"
-    exit 255
-}
-
-command -v pip
-pip --version
-pip list --disable-pip-version-check
-if [ "${ansible_version}" == "devel" ]; then
-    retry pip install https://github.com/ansible/ansible/archive/devel.tar.gz --disable-pip-version-check
-else
-    retry pip install "https://github.com/ansible/ansible/archive/stable-${ansible_version}.tar.gz" --disable-pip-version-check
-fi
-
-# START: HACK
-if [ "${script}" == "osx" ] && [ "${ansible_version}" == "2.9" ]; then
-    # Make sure that the latest versions of pyOpenSSL and cryptography will be installed on macOS before
-    # ansible-playbook is started. This is no longer necessary for devel (https://github.com/ansible/ansible/issues/68701
-    # is fixed), but 2.9 still needs this since the new collection loader probably won't get backported to stable-2.9.
-    sed -i -e 's/cryptography.*/cryptography >= 2.9.2/g' /root/venv/lib/python2.7/site-packages/ansible_test/_data/requirements/integration.txt
-    echo 'pyOpenSSL >= 19.1.0' >> /root/venv/lib/python2.7/site-packages/ansible_test/_data/requirements/integration.txt
-fi
-# END: HACK
-
-
-if [ "${SHIPPABLE_BUILD_ID:-}" ]; then
-    export ANSIBLE_COLLECTIONS_PATHS="${HOME}/.ansible"
-    SHIPPABLE_RESULT_DIR="$(pwd)/shippable"
-    TEST_DIR="${ANSIBLE_COLLECTIONS_PATHS}/ansible_collections/community/crypto"
-    mkdir -p "${TEST_DIR}"
-    cp -aT "${SHIPPABLE_BUILD_DIR}" "${TEST_DIR}"
-    cd "${TEST_DIR}"
-else
-    # AZP
-    export ANSIBLE_COLLECTIONS_PATHS="$PWD/../../../"
-fi
-
-if [ "${test}" == "sanity/extra" ]; then
-    retry pip install junit-xml --disable-pip-version-check
-fi
-
-# START: HACK install integration test dependencies
-if [ "${script}" != "units" ] && [ "${script}" != "sanity" ] || [ "${test}" == "sanity/extra" ]; then
-    # Nothing further should be added to this list.
-    # This is to prevent modules or plugins in this collection having a runtime dependency on other collections.
-    retry git clone --depth=1 --single-branch https://github.com/ansible-collections/community.internal_test_tools.git "${ANSIBLE_COLLECTIONS_PATHS}/ansible_collections/community/internal_test_tools"
-    # NOTE: we're installing with git to work around Galaxy being a huge PITA (https://github.com/ansible/galaxy/issues/2429)
-    # retry ansible-galaxy -vvv collection install community.internal_test_tools
-fi
-
-if [ "${script}" != "units" ] && [ "${script}" != "sanity" ] && [ "${test}" != "sanity/extra" ] && [ "${ansible_version}" != "2.9" ]; then
-    retry git clone --depth=1 --single-branch https://github.com/ansible-collections/community.general.git "${ANSIBLE_COLLECTIONS_PATHS}/ansible_collections/community/general"
-    # NOTE: we're installing with git to work around Galaxy being a huge PITA (https://github.com/ansible/galaxy/issues/2429)
-    # retry ansible-galaxy -vvv collection install community.general
-fi
-# END: HACK
-
-
-export PYTHONIOENCODING='utf-8'
-
-if [ "${JOB_TRIGGERED_BY_NAME:-}" == "nightly-trigger" ]; then
-    COVERAGE=yes
-    COMPLETE=yes
-fi
-
-if [ -n "${COVERAGE:-}" ]; then
-    # on-demand coverage reporting triggered by setting the COVERAGE environment variable to a non-empty value
-    export COVERAGE="--coverage"
-elif [[ "${COMMIT_MESSAGE}" =~ ci_coverage ]]; then
-    # on-demand coverage reporting triggered by having 'ci_coverage' in the latest commit message
-    export COVERAGE="--coverage"
-else
-    # on-demand coverage reporting disabled (default behavior, always-on coverage reporting remains enabled)
-    export COVERAGE="--coverage-check"
-fi
-
-if [ -n "${COMPLETE:-}" ]; then
-    # disable change detection triggered by setting the COMPLETE environment variable to a non-empty value
-    export CHANGED=""
-elif [[ "${COMMIT_MESSAGE}" =~ ci_complete ]]; then
-    # disable change detection triggered by having 'ci_complete' in the latest commit message
-    export CHANGED=""
-else
-    # enable change detection (default behavior)
-    export CHANGED="--changed"
-fi
-
-if [ "${IS_PULL_REQUEST:-}" == "true" ]; then
-    # run unstable tests which are targeted by focused changes on PRs
-    export UNSTABLE="--allow-unstable-changed"
-else
-    # do not run unstable tests outside PRs
-    export UNSTABLE=""
-fi
-
-# remove empty core/extras module directories from PRs created prior to the repo-merge
-find plugins -type d -empty -print -delete
-
-function cleanup
-{
-    # for complete on-demand coverage generate a report for all files with no coverage on the "sanity/5" job so we only have one copy
-    if [ "${COVERAGE}" == "--coverage" ] && [ "${CHANGED}" == "" ] && [ "${test}" == "sanity/5" ]; then
-        stub="--stub"
-        # trigger coverage reporting for stubs even if no other coverage data exists
-        mkdir -p tests/output/coverage/
-    else
-        stub=""
-    fi
-
-    if [ -d tests/output/coverage/ ]; then
-        if find tests/output/coverage/ -mindepth 1 -name '.*' -prune -o -print -quit | grep -q .; then
-            process_coverage='yes'  # process existing coverage files
-        elif [ "${stub}" ]; then
-            process_coverage='yes'  # process coverage when stubs are enabled
-        else
-            process_coverage=''
-        fi
-
-        if [ "${process_coverage}" ]; then
-            # use python 3.7 for coverage to avoid running out of memory during coverage xml processing
-            # only use it for coverage to avoid the additional overhead of setting up a virtual environment for a potential no-op job
-            virtualenv --python /usr/bin/python3.7 ~/ansible-venv
-            set +ux
-            . ~/ansible-venv/bin/activate
-            set -ux
-
-            # shellcheck disable=SC2086
-            ansible-test coverage xml --color -v --requirements --group-by command --group-by version ${stub:+"$stub"}
-            cp -a tests/output/reports/coverage=*.xml "$SHIPPABLE_RESULT_DIR/codecoverage/"
-
-            if [ "${ansible_version}" != "2.9" ]; then
-                # analyze and capture code coverage aggregated by integration test target
-                ansible-test coverage analyze targets generate -v "$SHIPPABLE_RESULT_DIR/testresults/coverage-analyze-targets.json"
-            fi
-
-            # upload coverage report to codecov.io only when using complete on-demand coverage
-            if [ "${COVERAGE}" == "--coverage" ] && [ "${CHANGED}" == "" ]; then
-                for file in tests/output/reports/coverage=*.xml; do
-                    flags="${file##*/coverage=}"
-                    flags="${flags%-powershell.xml}"
-                    flags="${flags%.xml}"
-                    # remove numbered component from stub files when converting to tags
-                    flags="${flags//stub-[0-9]*/stub}"
-                    flags="${flags//=/,}"
-                    flags="${flags//[^a-zA-Z0-9_,]/_}"
-
-                    bash <(curl -s https://ansible-ci-files.s3.us-east-1.amazonaws.com/codecov/codecov.sh) \
-                        -f "${file}" \
-                        -F "${flags}" \
-                        -n "${test}" \
-                        -t 31525df8-da26-4e61-b31f-05e3df48b091 \
-                        -X coveragepy \
-                        -X gcov \
-                        -X fix \
-                        -X search \
-                        -X xcode \
-                    || echo "Failed to upload code coverage report to codecov.io: ${file}"
-                done
-            fi
-        fi
-    fi
-
-    if [ -d  tests/output/junit/ ]; then
-      cp -aT tests/output/junit/ "$SHIPPABLE_RESULT_DIR/testresults/"
-    fi
-
-    if [ -d tests/output/data/ ]; then
-      cp -a tests/output/data/ "$SHIPPABLE_RESULT_DIR/testresults/"
-    fi
-
-    if [ -d  tests/output/bot/ ]; then
-      cp -aT tests/output/bot/ "$SHIPPABLE_RESULT_DIR/testresults/"
-    fi
-}
-
-if [ "${SHIPPABLE_BUILD_ID:-}" ]; then trap cleanup EXIT; fi
-
-if [[ "${COVERAGE:-}" == "--coverage" ]]; then
-    timeout=60
-else
-    timeout=50
-fi
-
-ansible-test env --dump --show --timeout "${timeout}" --color -v
-
-if [ "${SHIPPABLE_BUILD_ID:-}" ]; then "tests/utils/shippable/check_matrix.py"; fi
-"tests/utils/shippable/${script}.sh" "${test}"
--- a/tests/utils/shippable/units.sh
+++ b/tests/utils/shippable/units.sh
@@ -1,14 +0,0 @@
-#!/usr/bin/env bash
-
-set -o pipefail -eux
-
-if [[ "${COVERAGE:-}" == "--coverage" ]]; then
-    timeout=90
-else
-    timeout=30
-fi
-
-ansible-test env --timeout "${timeout}" --color -v
-
-# shellcheck disable=SC2086
-ansible-test units --color -v --docker default ${COVERAGE:+"$COVERAGE"} ${CHANGED:+"$CHANGED"} \
Author	SHA1	Message	Date
Felix Fontein	2f77ca1187	Release 1.9.26.	2024-08-28 17:38:23 +02:00
Felix Fontein	bda99f1d77	Prepare 1.9.26 EOL release.	2024-08-28 17:33:43 +02:00
Felix Fontein	bb76ea6412	Improve communication link description. (cherry picked from commit `f0b8073ea5`)	2024-08-15 21:41:36 +02:00
patchback[bot]	a8151e9c17	README: Add Communication section with Forum information (#790 ) (#791 ) * README: Add Communication section with Forum information * Insert tag, remove category. --------- Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit `dc49cc6e26`) Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>	2024-08-12 13:00:57 +02:00
patchback[bot]	6cd06848b5	Fix PKCS#12 tests. (#787 ) (#788 ) (cherry picked from commit `e1e60892a8`) Co-authored-by: Felix Fontein <felix@fontein.de>	2024-07-21 15:06:44 +02:00
patchback[bot]	0e3d5f7036	Fix CI for CentOS 7. (#774 ) (#775 ) (cherry picked from commit `aa30b4c803`) Co-authored-by: Felix Fontein <felix@fontein.de>	2024-07-01 14:28:09 +02:00
Felix Fontein	5cb53c0573	Removing Fedora 31 and 32 from CI. These images seem to no longer work.	2024-06-15 14:02:25 +02:00
patchback[bot]	7f2ebabc46	Use 2.9/2.10/2.11 from ansible-community/eol-ansible repo. (#769 ) (#770 ) (cherry picked from commit `e365ae3226`) Co-authored-by: Felix Fontein <felix@fontein.de>	2024-06-15 13:54:25 +02:00
Felix Fontein	f640774589	[stable-1] Remove AZP, move all non-remote tests to GHA (#766 ) * Remove AZP, move all non-remote tests to GHA. * Try to improve CI. * Another fix.	2024-06-10 22:13:55 +02:00
patchback[bot]	b832d3aecc	Remove usage of old ACME test container. (#760 ) (#761 ) (cherry picked from commit `7810e2c3bf`) Co-authored-by: Felix Fontein <felix@fontein.de>	2024-05-20 16:40:18 +02:00
Felix Fontein	2809bdc201	The next expected release is 1.9.26.	2024-05-20 11:59:35 +02:00
Felix Fontein	31579ed237	Release 1.9.25.	2024-05-20 11:30:53 +02:00
Felix Fontein	b7159e0979	Disable CentOS 7 tests on 2.9 and 2.11.	2024-05-11 22:27:08 +02:00
patchback[bot]	a92d900552	Pass codecov token to ansible-test-gh-action. (#755 ) (#756 ) (cherry picked from commit `65ea02a73d`) Co-authored-by: Felix Fontein <felix@fontein.de>	2024-05-11 21:47:33 +02:00
patchback[bot]	29ed12e7fd	ecs_certificate: allow to request renewal without csr (#740 ) (#752 ) * renew request CSR validation * Create 740-ecs_certificate-renewal-without-csr * Rename 740-ecs_certificate-renewal-without-csr to 740-ecs_certificate-renewal-without-csr.yml --------- Co-authored-by: flovecchio <flovecchio@sorint.com> (cherry picked from commit `29ac3cbe81`) Co-authored-by: francescolovecchio <francescolovecchio97@gmail.com>	2024-05-09 21:31:06 +02:00
Felix Fontein	0ef6494ad2	crypto.math module utils: add some tests, fix quick_is_not_prime() for small primes (#733 ) (#734 ) * Fix quick_is_not_prime() for small primes. Add some tests. * Fix return value of convert_int_to_bytes(0, 0) on Python 2. * Add some more test cases. * Simplify the changelog and point out that these errors only happen for cases not happening in regular use. (cherry picked from commit `0c62837296`)	2024-04-29 12:03:41 +02:00
Felix Fontein	ec7b6b4285	macOS 12.0 no longer seems to run in CI.	2024-02-11 13:43:54 +01:00
Felix Fontein	4f6f7410f2	Add MarkDown changelog and use it by default. (#709 )	2024-02-09 13:08:17 +01:00
Felix Fontein	ea34992f03	Next expected release is 1.9.25.	2024-01-27 12:30:29 +01:00