Changes in 1.4:
- Install the new sigul_server_add_pkcs11_token script
- Install the database migrations

Changes in version 1.3:
- Add AuthorityKeyIdentifier extension if missing from certificates
- Switch Koji authentication from krb_login to gssapi_login
- Add a timeout of 60 seconds to HTTP requests
- Add a default timeout to socket objects
- Configure an alarm on the server to kill requests that hang
- Ensure password files passed to pesign end in a newline
- Add the ability to sign PE applications via PKCS#11
- Add a database migration for PKCS11 key types

Changes in version 1.2:
- Implemented the RSA keytype
- Implemented RPM Head Signing
- Implemented x.509 Certificate signing
- Implemented import for ECC and RSA keys

Changes in version 1.1:
- Added keytype abstraction
- Implemented the ECC keytype
- Implemented RPM file signing
- Implement keyring bind method

Changes in version 1.0:
- Added support for GPGv2
- Added support for Python3
- Added support for files larged than 4GB
- Bumped the protocol version to Sigul protocol v1

Changes in version 0.207:
- Removed workaround for koji proxyuser inconsistency

Changes in version 0.206:
- Removed requirement for koji serverca option
- Added version to generated container signature
- Use python-requests streaming for RPM downloads
- Typecast koji RPM sizes to int
- Added workaround for koji proxyuser inconsistency
- Fixed using koji krb_rdns option

Changes in version 0.205:
- Fix with PKCS11 PIN reading
- Added method to change key expiration date

Changes in version 0.204:
- Implemented PKCS11 tokens with public-only.
- Implemented Either-Or passphrase binding.

Changes in version 0.203:
- Added support for Koji Kerberos authmethod.

Changes in version 0.202:
- Batched signing errors are now properly reported.
- Bugfixes regarding binding configuration parsing.
- TPM SRK can now be provided on start.
- PKCS11 PINs can now be provided on start.
- NSS password is checked on start.
- Support for python-nss 0.4 removed
- Docker container signing implemented.

Changes in version 0.201:
- PKCS11 passphrase binding implemented.
- Allow changing binding arguments later.
- Add sign-git-tag command.

Changes in version 0.200:
- Passphrase binding framework implemented, allowing admins to bind specific
  passphrases to hardware on the client and server.
- Add TPM passphrase binding method.
- Armoring can now be requested for sign-data.
- Crypto configuration upgraded to more recent values, SSL2/3 disabled, TLS
  by default TLS1.2-TLS1.2, configurable.
- Add support for signing ostree commits.
- Fix signing on more recent versions of RPM/gnupg1.
- Strict checking that certificate Common Name matches with the provided
  username if not configured to be lenient.

Changes in version 0.102:
- If a worker thread within sign-rpms terminates, make sure that threads
  producing work for the terminated thread do not block indefinitely.
- Similarly, if a processing of sign-replies within the bridge fails, terminate
  processing of incoming requests.
- Include thread name when logging worker thread-specific exceptions, and only
  log them once.

Changes in version 0.101:
- If a worker thread within sign-rpms terminates with an exception, log it
  immediately instead of logging it only after all preceding threads in the
  processing chain terminate (which may never happen).
- In sign-rpms, split the Koji-interacting thread on the bridge into a separate
  thread for getting information about incoming RPMs and a separate thread for
  storing signatures into Koji, to fix a deadlock (when processing replies
  in the bridge depends on being able to send more requests to the server, while
  the server needs replies to be processed in order to accept more requests).
- Fail a signing operation if a signature cannot be recorded in Koji as requested
  instead of just logging a warning.

Changes in version 0.100:
- The bridge authenticates users to Koji based on the CN of their certificate,
  not based on the user name defined on the server.
- Use 'topurl' instead of 'pkgurl' from Koji configuration, following the change
  in Koji 1.7.
- Add support for restricting access to individual Koji instances to specific
  FAS groups.
- Changes to connection termination: end request processing even if something
  (a firewall) swallows FIN packets.
- Reject the nonsensical combination of (sigul sign-rpm{,s} --koji-only -o ...),
  and reject signing of empty RPM files.
- Log RPM output on signing failure.
- Make sure to always close sockets in the bridge.
- Miscellaneous cleanups.

Changes in version 0.99:
- Support for multiple koji instances in the client and bridge: new client
  parameter --koji-instance, client and bridge option koji-instances.

Changes in version 0.98:
- Now uses sqlalchemy 0.5 (e.g. RHEL6)
- New operation 'sign-rpms', up to 50% faster.
  New bridge and server options max-rpms-payloads-size.
- Server option gnupg-key-usage has changed default to "sign" (removing
  "encrypt"), to work with DSA keys.  sigul does not provide decryption, so
  signing is all that is necessary anyway.
- New client parameter --user-name
- New brige option koji-config, patch by Dan Horák.
- New server option signing-timeout
- New sigul_server_add_admin parameters --batch , --name
- In sigul_setup_client, no longer ask for a known password, recognize attempts
  to overwrite an existing certificate.
- Fixed closing of sockets, in particular to avoid random "connection reset"
  errors
- Other minor bug fixes
- Added a basic test suite (not testing FAS/koji integration)
- Work with post-RHEL5 URLGrabber

Changes in version 0.97:
- Proxy authenticate clients in the bridge.
- Log the client's identity in the server as well.
- Don't cache RPM information between signing requests.
- Fix signing of source RPMs.
- Fix signing of RPMs with non-null epoch.
- Various minor bug fixes.

Changes in version 0.96:
- Add support storing for RSA and PGPv4 signatures into Koji.
- Fix pid file removal in the bridge.
- Fix waiting on clients in the bridge when forwarding the inner stream.
- Make sure a RPM is written to a file before attempting to parse the file.
- Various error handling bug fixes and enhancements.

Changes in version 0.95:
- Fix authentication failures on connections with some mixed Python versions.
- Allow running with modified python-nss-0.1 in addition to unmodified 0.4.

Changes in version 0.94:
- Update to run with python-nss 0.4 (local modifications are no longer required,
  won't work with older versions of python-nss).

Changes in version 0.93:
- New command "sigul import-key".
- Fixed FAS authentication support with new python-fedora.

Changes in version 0.92:
- Added --v3-signature to "sigul sign-rpm", rpm doesn't recognize v4 RSA
  signatures.
- SIGTERM no longer causes a backtrace.

Changes in version 0.91:
- Modified sigul to run on RHEL5.
- Enhanced handling of unexpected EOF in the client.
- Modified README not to recommend copying the CA private key around.
