1 |
%define name smeserver-letsencrypt |
2 |
%define version 0.5 |
3 |
%define release 20 |
4 |
Summary: Plugin to enable letsencrypt certificates |
5 |
Name: %{name} |
6 |
Version: %{version} |
7 |
Release: %{release} |
8 |
License: GNU GPL version 2 |
9 |
URL: https://letsencrypt.org/ |
10 |
Group: SMEserver/addon |
11 |
Source: %{name}-%{version}.tar.gz |
12 |
Patch0: smeserver-letsencrypt-remove-debug-lines.patch |
13 |
Patch1: smeserver-letsencrypt-remove-licence.patch |
14 |
Patch2: smeserver-letsencrypt-log-to-file.patch |
15 |
Patch3: smeserver-letsencrypt-API1-URL-change.patch |
16 |
Patch4: smeserver-letsencrypt-fix-logging.patch |
17 |
Patch5: smeserver-letsencrypt-fix-logging-reverse.patch |
18 |
Patch6: smeserver-letsencrypt-fix-acme-v01-url.patch |
19 |
Patch7: smeserver-letsencrypt-fix-hook-entry.patch |
20 |
Patch8: smeserver-letsencrypt-change-cron-entry.patch |
21 |
Patch9: smeserver-letsencrypt-0.5-change-API-default-to-v2.patch |
22 |
Patch10: smeserver-letsencrypt-0.5-bz11773.patch |
23 |
Patch11: smeserver-letsencrypt-0.5-bz10637-alias.patch |
24 |
Patch12: smeserver-letsencrypt-0.5-bz11990-timer.patch |
25 |
|
26 |
BuildRoot: /var/tmp/%{name}-%{version} |
27 |
BuildArchitectures: noarch |
28 |
BuildRequires: e-smith-devtools |
29 |
Requires: e-smith-release >= 9.0 |
30 |
Requires: dehydrated >= 0.6.5 |
31 |
AutoReqProv: no |
32 |
|
33 |
%description |
34 |
Lets Encrypt is a free, automated, and open certificate authority |
35 |
https://letsencrypt.org/ |
36 |
|
37 |
%changelog |
38 |
* Fri Jun 10 2022 Brian Read <brianr@bjsystems.co.uk> 0.5-20.sme |
39 |
- Stop systemd timer runnning as well as cron [SME: 11990] |
40 |
|
41 |
* Wed Mar 23 2022 Jean-Philippe Pialasse <tests@pialasse.com> 0.5-19.sme |
42 |
- use a general Alias for acme path and a proxypass [SME: 10637] |
43 |
|
44 |
* Tue Nov 23 2021 Jean-Philippe Pialasse <tests@pialasse.com> 0.5-18.sme |
45 |
- force RSA as algorithm [SME: 11773] |
46 |
- populate smeserver-letsencrypt-update event and create letsencrypt-config event |
47 |
|
48 |
* Thu Apr 01 2021 Brian Read <brianr@bjsystems.co.uk> 0.5-17.sme |
49 |
- Add in mkdir in spec file for smeserver-letsencrypt-update event [SME: 11514] |
50 |
|
51 |
* Tue Oct 06 2020 Brian Read <brianr@bjsystems.co.uk> 0.5-16.sme |
52 |
- Move to SME10 and set default to API v2 [SME: 11022] |
53 |
|
54 |
* Thu Mar 12 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-15.sme |
55 |
- take 3: remove dangling cron.daily dir missed in 0.5-12 [SME: 10862] |
56 |
|
57 |
* Wed Mar 11 2020 Jean-Philipe Pialasse <tests@pialasse.com> 0.5-14.sme |
58 |
- take 2: remove dangling cron.daily dir missed in 0.5-12 [SME: 10862] |
59 |
|
60 |
* Mon Mar 09 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-13.sme |
61 |
- remove dangling cron.daily dir missed in 0.5-12 [SME: 10862] |
62 |
|
63 |
* Sat Jan 18 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-12.sme |
64 |
- forgot to remove template-begin and cron.daily dir [SME: 10862] |
65 |
|
66 |
* Fri Jan 17 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-11.sme |
67 |
- force required version to 0.6.5 for EPEL version |
68 |
- Add new cron template for EPEL version of dehydrated [SME: 10862] |
69 |
|
70 |
* Fri Jan 17 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-10.sme |
71 |
- Fix incorrect HOOK entry in config [SME: 10861] |
72 |
|
73 |
* Fri Jan 04 2019 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-9.sme |
74 |
- Fix incorrect CA line in config [SME: 10688] |
75 |
|
76 |
* Mon Dec 31 2018 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-8.sme |
77 |
- Reverse my previous error [SME: 10681] |
78 |
|
79 |
* Mon Dec 31 2018 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-7.sme |
80 |
- fix spec file numbering |
81 |
|
82 |
* Mon Dec 31 2018 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-6.sme |
83 |
- Fix typo error in cron.daily [SME: 10681] |
84 |
|
85 |
* Sun Dec 23 2018 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-5.sme |
86 |
- Fix changed V1 staging URL [SME: 10595] |
87 |
- Thanks Terry Fage |
88 |
|
89 |
* Wed Dec 12 2018 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-4.sme |
90 |
- log to file rather than /dev/null [SME: 10412] |
91 |
|
92 |
* Sat Oct 13 2018 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-3.sme |
93 |
- remove Licence key from config template [SME:10636] |
94 |
|
95 |
* Tue Jun 19 2018 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-2.sme |
96 |
- remove debug print lines |
97 |
|
98 |
* Tue Jun 12 2018 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-1.sme |
99 |
- Update to v2 API [SME:10595] |
100 |
- Add key letsencrypt hostOverride to ignore 'Self' host check |
101 |
- This requires v0.6 of dehydrated |
102 |
|
103 |
* Wed Jun 06 2018 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-6.sme |
104 |
- Fix missing event actions [SME: 10315] |
105 |
|
106 |
* Thu May 31 2018 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-5.sme |
107 |
- Fix typo in Accept Terms |
108 |
- add domain-delete to createlinks [SME: 10315] |
109 |
- Update requires release to SME v9 |
110 |
- Update requires dehydrated to v0.5 |
111 |
|
112 |
* Fri Aug 18 2017 Jean-Philipe Pialasse <tests@pialasse.com> 0.4-4.sme |
113 |
- change ACCEPT_TERMS template position to appear after shebang in config file [SME: 10410] |
114 |
|
115 |
* Wed Jul 12 2017 Jean-Philipe Pialasse <tests@pialasse.com> 0.4-3.sme |
116 |
- remove workaround for curl dns resolution [SME: 10300] |
117 |
- should be corrected at dnscache level (djbdns-1.05-10) |
118 |
|
119 |
* Fri Apr 28 2017 Jean-Philipe Pialasse <tests@pialasse.com> 0.4-2.sme |
120 |
- help accept licence [SME: 10253] |
121 |
- workaround for curl issues |
122 |
- spec tidying |
123 |
|
124 |
* Sat Feb 04 2017 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-1 |
125 |
- first attempt at using stock letsencrypt script |
126 |
|
127 |
* Wed Sep 14 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.3-1 |
128 |
- Due to madness at letsencrypt the script had to be renamed for copyright reasons |
129 |
- move /etc/letsencrypt.sh to /etc/dehydrated |
130 |
- change references to letsencrypt.sh to dehydrated |
131 |
- Fix typos in readme |
132 |
|
133 |
* Wed Aug 3 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.2-10 |
134 |
- Some tweaks from JPP for the domains.txt file |
135 |
|
136 |
* Wed Aug 3 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.2-9 |
137 |
- Fix version differences with between v8 and v9 |
138 |
|
139 |
* Thu Jul 14 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.2-8 |
140 |
- Remove spaces in POSTIN [[]] |
141 |
|
142 |
* Mon Jun 27 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.2-7 |
143 |
- fix another typo in bash scripts |
144 |
- fix typo in Docs |
145 |
|
146 |
* Fri Jun 10 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.2-6 |
147 |
- Fix typo in domains.txt |
148 |
- Set configure default type none |
149 |
|
150 |
* Tue May 31 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.2-5 |
151 |
- update incorrect bash scripts in spec file |
152 |
|
153 |
* Tue May 31 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.2-4 |
154 |
- update letsencrypt requires |
155 |
|
156 |
* Mon May 30 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.2-3 |
157 |
- add support for letsencrypt.sh v0.2 |
158 |
- config.sh renamed to config |
159 |
- fix trailing / on urls in 40ACME |
160 |
|
161 |
* Mon Apr 04 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.2-2 |
162 |
- letsencrypt.sh now calls deploy-cert with an argument for the chain file |
163 |
- thanks to Dan Brown |
164 |
|
165 |
* Tue Mar 29 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.2-1 |
166 |
- Remove letsencrypt.sh script and put in separate RPM |
167 |
|
168 |
* Tue Mar 29 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-21 |
169 |
- modify hook script templates as per Dan Browd contribution |
170 |
|
171 |
* Thu Mar 17 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-20 |
172 |
- updated letsencrypt.sh |
173 |
- https://github.com/lukas2511/letsencrypt.sh/commit/429c5250ede7ff4af3b6f37b39925cfa5afee278 |
174 |
- Add "" to wellknown path in config.sh |
175 |
|
176 |
* Fri Feb 05 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-19 |
177 |
- updated letsencrypt.sh |
178 |
- https://github.com/lukas2511/letsencrypt.sh/commit/21c18dd3b8c2572b894d9ec2e5c3fc2589f56f32 |
179 |
|
180 |
* Tue Jan 26 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-18 |
181 |
- updated letsencrypt.sh |
182 |
- https://github.com/lukas2511/letsencrypt.sh/commit/79ff846e267c30d85988f79f58b81bc7bd91790c |
183 |
|
184 |
* Sat Jan 23 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-17 |
185 |
- Fix typos in hook-script |
186 |
- Add latest letsencrypt.sh script |
187 |
|
188 |
* Wed Jan 20 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-16 |
189 |
- Minor fixes including typo in cron.daily |
190 |
|
191 |
* Tue Jan 19 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-15 |
192 |
- Missed a " |
193 |
- remove ' from Let's encrypt and add URL |
194 |
|
195 |
* Tue Jan 19 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-14 |
196 |
- Updated readme and install notes |
197 |
- Allow either domains or hosts |
198 |
|
199 |
* Mon Jan 18 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-13 |
200 |
- Add missing templates.metadata file |
201 |
- modify spec file wording |
202 |
|
203 |
* Mon Jan 18 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-12 |
204 |
- Set hookscript to always run unless letsencrypt is disabled |
205 |
- Add cron.daily script to console-save action and set perms |
206 |
|
207 |
* Sun Jan 17 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-11 |
208 |
- Fix hook-script.sh perms using templates.metadata |
209 |
|
210 |
* Sun Jan 17 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-10 |
211 |
- Add latest revision of letsencrypt.sh |
212 |
- add hookscript.sh templates and various fixes |
213 |
|
214 |
* Sat Jan 16 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-9 |
215 |
- Add latest revision of letsencrypt.sh |
216 |
|
217 |
* Fri Jan 15 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-8 |
218 |
- set +x on hook-script and correct file name in config |
219 |
|
220 |
* Fri Jan 15 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-7 |
221 |
- Add missing curly brace |
222 |
- Move Status check line up so we can generate empty file if disabled |
223 |
|
224 |
* Fri Jan 15 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-6 |
225 |
- Add hookScript key |
226 |
|
227 |
* Fri Jan 15 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-5 |
228 |
- Modify spec file to add paths and set permisssions |
229 |
|
230 |
* Thu Jan 14 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-4 |
231 |
- Modify file paths and cron script |
232 |
|
233 |
* Thu Jan 14 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-3 |
234 |
- updated bash script in spec file |
235 |
- updated file locations in README.MD |
236 |
|
237 |
* Wed Jan 13 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-2 |
238 |
- Moved config.sh file location |
239 |
- added cron.daily template - only works if letsencrypt is enabled |
240 |
- added check to create /etc/letsencrypt.sh directory if it does not exist |
241 |
- added latest letsencrypt.sh script |
242 |
|
243 |
* Thu Jan 07 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-1 |
244 |
- initial release |
245 |
|
246 |
%prep |
247 |
%setup |
248 |
%patch0 -p1 |
249 |
%patch1 -p1 |
250 |
%patch2 -p1 |
251 |
%patch3 -p1 |
252 |
%patch4 -p1 |
253 |
%patch5 -p1 |
254 |
%patch6 -p1 |
255 |
%patch7 -p1 |
256 |
%patch8 -p1 |
257 |
%patch9 -p1 |
258 |
mkdir -p root/etc/e-smith/events/smeserver-letsencrypt-update |
259 |
# remove old template |
260 |
rm -rf root/etc/e-smith/templates/etc/cron.daily |
261 |
%patch10 -p1 |
262 |
%patch11 -p1 |
263 |
%patch12 -p1 |
264 |
|
265 |
|
266 |
%build |
267 |
perl createlinks |
268 |
|
269 |
%install |
270 |
rm -rf $RPM_BUILD_ROOT |
271 |
(cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT) |
272 |
rm -f %{name}-%{version}-filelist |
273 |
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT > %{name}-%{version}-filelist |
274 |
echo "%doc COPYING" >> %{name}-%{version}-filelist |
275 |
|
276 |
|
277 |
%clean |
278 |
cd .. |
279 |
rm -rf %{name}-%{version} |
280 |
|
281 |
%files -f %{name}-%{version}-filelist |
282 |
%defattr(-,root,root) |
283 |
|
284 |
%pre |
285 |
|
286 |
%preun |
287 |
|
288 |
%post |
289 |
# if previously installed letsencrypt.sh, but first migration to dehydrated |
290 |
if [[ -e /etc/letsencrypt.sh ]] && [[ ! -e /etc/dehydrated ]]; |
291 |
then |
292 |
# assume in production |
293 |
# CA="https://acme-v01.api.letsencrypt.org/directory" ; |
294 |
# CAHASH="$(echo "${CA}" | urlbase64)" |
295 |
# mkdir /etc/dehydrated; |
296 |
# mkdir -p /etc/dehydrated/accounts |
297 |
# cp -a /etc/letsencrypt.sh/private_key.json /etc/dehydrated/accounts/${CAHASH}/registration_info.json |
298 |
# cp -a /etc/letsencrypt.sh/private_key.pem /etc/dehydrated/accounts/${CAHASH}/account_key.pem |
299 |
# cp -a /etc/letsencrypt.sh/certs /etc/dehydrated/ |
300 |
mv -f /etc/letsencrypt.sh /etc/letsencrypt.sh.old; |
301 |
fi |
302 |
|
303 |
# if letsencrypt still there but already migrated to dehydrated |
304 |
if [[ -e /etc/letsencrypt.sh ]] && [[ -e /etc/dehydrated/certs ]]; |
305 |
then |
306 |
mv -f /etc/letsencrypt.sh /etc/letsencrypt.sh.old; |
307 |
fi |
308 |
|
309 |
# if first installation of dehydrated |
310 |
if [[ ! -e /etc/dehydrated ]]; |
311 |
then mkdir /etc/dehydrated; |
312 |
fi |
313 |
|
314 |
if [[ -f /usr/local/bin/config.sh ]]; |
315 |
then mv -f /usr/local/bin/config.sh /usr/local/bin/config.sh.orig; |
316 |
fi |
317 |
|
318 |
if [[ -f /usr/local/bin/config ]]; |
319 |
then mv -f /usr/local/bin/config /usr/local/bin/config.old; |
320 |
fi |
321 |
|
322 |
if [[ -f /usr/local/bin/domain.txt ]]; |
323 |
then mv -f /usr/local/bin/domains.txt /usr/local/bin/domains.txt.orig; |
324 |
fi |
325 |
|
326 |
if [[ -d /etc/cron.daily/letsencrypt ]]; |
327 |
then rm -rf /etc/cron.daily/letsencrypt; |
328 |
fi |
329 |
|
330 |
if [[ -d /etc/e-smith/templates/etc/cron.daily/letsencrypt ]]; |
331 |
then rm -rf /root/etc/e-smith/templates/etc/cron.daily/letsencrypt |
332 |
fi |
333 |
|
334 |
if [[ ! -e /home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge ]]; |
335 |
then mkdir -p /home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge; |
336 |
fi |
337 |
|
338 |
chmod -R 0775 /home/e-smith/files/ibays/Primary/html/.well-known |
339 |
chown -R apache:shared /home/e-smith/files/ibays/Primary/html/.well-known |
340 |
|
341 |
# remove old template file |
342 |
if [[ -e /etc/cron.daily/letsencrypt ]]; |
343 |
then rm -rf /etc/cron.daily/letsencrypt |
344 |
fi |
345 |
%postun |