* Fix an issue where subprocess was not killed successfully
* Stop emitting unrecognized init system supervisord if the watchdog daemon has already been launched by supervisor
* Support Fedora
* Change version format to Major-Minor.ReleaseId

* Officially support debian10
* Ignore libwrap efs_config for CentOS8

This reverts commit b033add3.

I renamed the file to mangle-shebangs.sh, since it is no longer
specific to RHEL8.  I also changed Makefile to call mangle-shebangs.sh
instead of rhel8-support.sh

Enable region sourcing from efs-utils configuration file and fix stunnel exec path issue in openSUSE

* Support new option: netns, enable file system to mount in given network namespace
* Support new option: awscredsuri, enable sourcing iam authorization from aws credentials relative uri
* List openssl and util-linux as package dependency for IAM/AP authorization and command nsenter to mount file system to given network namespace

* Support retrieving metadata using IMDSv2
* Allow specification of interval for certificate renewal in the config file
* Fix retrieval of instance metadata on ECS

* Ensure that certificate renewals always use the original credentials source
* Include file system ID in all client TLS certificates
* Updates to man page and README

Fixes the mount issue with full DNS name in the AWS China Regions; Upgrades unit test coverage version dependency to enable accurate python3.8 coverage test

Added region localization, Integrate repository with CircleCI to enable package build visualization, Unit tests bug fixes for python3.5

This reverts the commits:
880da73a
b6b0d993

The default stunnel idle timeout is many hours. By setting it to a value based
on the NFS lease length we can recover from network partitions sooner.

- Fixes Python shebangs to work on systems without a default "python" version.
- Fixes watchdog process not being properly started on systemd systems.

To use OCSP, the client accessing EFS must be able to reach the Amazon Certificate
Authority (CA). To maximize file system availability in the event that the CA is
not reachable from your VPC, the EFS mount helper no longer enables OCSP by default.

See here for more info:

https://aws.amazon.com/about-aws/whats-new/2019/07/configuration-update-for-amazon-efs-encryption-data-in-transit/

While a bit exotic there can exist mounts of locally exported nfs
shares that aren't related to EFS. In this case the watchdog fails,
because it tries to access the port option that is not present in these
unrelated mount entries.

To fix this discard entries from /proc/mounts that don't carry a port
option.

This function only closes the socket on success, i.e. for each
unsuccessful bind attempt a socket "leaks". It does not actually leak,
because the Python interface implements reference counting. Still it is
unclean, because after successful bind the socket is explicitly closed.
So either the application is responsible for closing the socket, or not.
Since it is better not to rely on the implementation of the Python
interpreter and the socket module it should be prefered to always
explicitly close the socket.

Also this function opens a new socket for each port to try. This is
inefficient, since the same socket can be reused for testing. Therefore
only open and close a single socket.

`os.makedirs()` uses default mode 0777 in Python2. Therefore the
protection level of the state_file_dir depends on the inherited umask. A
default mode of 0750 is a good conservative default for this. To allow
admins and system integrators to tune this setting it is configurable
via the new config file setting 'state_file_dir_mode'.

This also requires to adjust test_bootstrap_tls to cover the new config
option.

In python2 the default for `close_fds` is still False, therefore it is
possible that open file descriptors like the logfile are inherited to
child processes. This is prevented by explicitly passing this parameter
to all subprocess invocations.

Fix for additional unexpected arguments

add test for additional unexpected arguments

increment version number

This prevents waiting for a close_notify when shutting down a connection.

Make "delay = yes" a default stunnel option. Also permit non-root users to view
the help text again.