--- rpms/smeserver-letsencrypt/contribs9/smeserver-letsencrypt.spec 2017/02/06 20:50:28 1.1 +++ rpms/smeserver-letsencrypt/contribs9/smeserver-letsencrypt.spec 2020/01/17 15:20:48 1.17 @@ -1,6 +1,6 @@ %define name smeserver-letsencrypt -%define version 0.4 -%define release 1 +%define version 0.5 +%define release 11 Summary: Plugin to enable letsencrypt certificates Name: %{name} Version: %{version} @@ -9,11 +9,21 @@ License: GNU GPL version 2 URL: https://letsencrypt.org/ Group: SMEserver/addon Source: %{name}-%{version}.tar.gz +Patch0: smeserver-letsencrypt-remove-debug-lines.patch +Patch1: smeserver-letsencrypt-remove-licence.patch +Patch2: smeserver-letsencrypt-log-to-file.patch +Patch3: smeserver-letsencrypt-API1-URL-change.patch +Patch4: smeserver-letsencrypt-fix-logging.patch +Patch5: smeserver-letsencrypt-fix-logging-reverse.patch +Patch6: smeserver-letsencrypt-fix-acme-v01-url.patch +Patch7: smeserver-letsencrypt-fix-hook-entry.patch +Patch8: smeserver-letsencrypt-change-cron-entry.patch + BuildRoot: /var/tmp/%{name}-%{version} BuildArchitectures: noarch BuildRequires: e-smith-devtools -Requires: e-smith-release >= 8.0 -Requires: dehydrated >= 0.3.1 +Requires: e-smith-release >= 9.0 +Requires: dehydrated >= 0.6.5 AutoReqProv: no %description @@ -21,6 +31,64 @@ Lets Encrypt is a free, automated, and o https://letsencrypt.org/ %changelog +* Fri Jan 17 2020 John Crisp 0.5-11.sme +- force required versioni to 0.6.5 for EPEL version +- Add new cron template for EPEL version of dehydrated [SME: 10862] + +* Fri Jan 17 2020 John Crisp 0.5-10.sme +- Fix incorrect HOOK entry in config [SME: 10861] + +* Fri Jan 04 2019 John Crisp 0.5-9.sme +- Fix incorrect CA line in config [SME: 10688] + +* Mon Dec 31 2018 John Crisp 0.5-8.sme +- Reverse my previous error [SME: 10681] + +* Mon Dec 31 2018 John Crisp 0.5-7.sme +- fix spec file numbering + +* Mon Dec 31 2018 John Crisp 0.5-6.sme +- Fix typo error in cron.daily [SME: 10681] + +* Sun Dec 23 2018 John Crisp 0.5-5.sme +- Fix changed V1 staging URL [SME: 10595] +- Thanks Terry Fage + +* Wed Dec 12 2018 John Crisp 0.5-4.sme +- log to file rather than /dev/null [SME: 10412] + +* Tue Oct 13 2018 John Crisp 0.5-3.sme +- remove Licence key from config template [SME:10636] + +* Tue Jun 19 2018 John Crisp 0.5-2.sme +- remove debug print lines + +* Tue Jun 12 2018 John Crisp 0.5-1.sme +- Update to v2 API [SME:10595] +- Add key letsencrypt hostOverride to ignore 'Self' host check +- This requires v0.6 of dehydrated + +* Wed Jun 06 2018 John Crisp 0.4-6.sme +- Fix missing event actions [SME: 10315] + +* Thu May 31 2018 John Crisp 0.4-5.sme +- Fix typo in Accept Terms +- add domain-delete to createlinks [SME: 10315] +- Update requires release to SME v9 +- Update requires dehydrated to v0.5 + +* Fri Aug 18 2017 Jean-Philipe Pialasse 0.4-4.sme +- change ACCEPT_TERMS template position to appear after shebang in config file [SME: 10410] + +* Wed Jul 12 2017 Jean-Philipe Pialasse 0.4-3.sme +- remove workaround for curl dns resolution [SME: 10300] +- should be corrected at dnscache level (djbdns-1.05-10) + +* Fri Apr 28 2017 Jean-Philipe Pialasse 0.4-2.sme +- help accept licence [SME: 10253] +- workaround for curl issues +- spec tidying + * Sat Feb 04 2017 John Crisp 0.4-1 - first attempt at using stock letsencrypt script @@ -145,6 +213,15 @@ https://letsencrypt.org/ %prep %setup +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 %build perl createlinks @@ -169,10 +246,27 @@ rm -rf %{name}-%{version} %preun %post -if [[ ! -e /etc/letsencrypt.sh ]]; -then mv -f /etc/letsencrypt.sh /etc/letsencrypt.sh.old; +# if previously installed letsencrypt.sh, but first migration to dehydrated +if [[ -e /etc/letsencrypt.sh ]] && [[ ! -e /etc/dehydrated ]]; +then + # assume in production +# CA="https://acme-v01.api.letsencrypt.org/directory" ; +# CAHASH="$(echo "${CA}" | urlbase64)" +# mkdir /etc/dehydrated; +# mkdir -p /etc/dehydrated/accounts +# cp -a /etc/letsencrypt.sh/private_key.json /etc/dehydrated/accounts/${CAHASH}/registration_info.json +# cp -a /etc/letsencrypt.sh/private_key.pem /etc/dehydrated/accounts/${CAHASH}/account_key.pem +# cp -a /etc/letsencrypt.sh/certs /etc/dehydrated/ + mv -f /etc/letsencrypt.sh /etc/letsencrypt.sh.old; +fi + +# if letsencrypt still there but already migrated to dehydrated +if [[ -e /etc/letsencrypt.sh ]] && [[ -e /etc/dehydrated/certs ]]; +then + mv -f /etc/letsencrypt.sh /etc/letsencrypt.sh.old; fi +# if first installation of dehydrated if [[ ! -e /etc/dehydrated ]]; then mkdir /etc/dehydrated; fi @@ -193,30 +287,13 @@ if [[ ! -e /home/e-smith/files/ibays/Pri then mkdir -p /home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge; fi +if [[ -f /etc/cron.daily/letsencrypt ]]; +then rm -f /etc/cron.daily/letsencrypt; +fi + chmod -R 0775 /home/e-smith/files/ibays/Primary/html/.well-known chown -R apache:shared /home/e-smith/files/ibays/Primary/html/.well-known -echo "###################################################################" -echo "" -echo "************************************************************" -echo " NOTE ! letsencrypt.sh has had to be renamed to 'dehydrated'" -echo "************************************************************" -echo "" -echo "# After install please set your db keys" -echo "# Make sure you set the letsencrypt status key to test" -echo "# Enable some domains or hosts" -echo "# Then run the following" -echo "# signal-event console-save" -echo "# dehydrated -c" -echo "# Once you are satisfied set the letsencrypt status key to enabled" -echo "# mv /etc/dehydrated/private_key.pem /etc/dehydrated/private_key.test" -echo "# Run the dehydrated file again to generate your keys" -echo "# signal-event console-save" -echo "# dehydrated -c -x" -echo "# Thereafter only use" -echo "# dehydrated -c" -echo "# If you make any key changes run console-save first" -echo "###################################################################" %postun