1 |
unnilennium |
1.1 |
Name: dehydrated |
2 |
jpp |
1.6 |
%define version 0.5.0 |
3 |
jpp |
1.7 |
%define release 3 |
4 |
jpp |
1.6 |
Version: %{version} |
5 |
unnilennium |
1.4 |
Release: %{release}%{?dist} |
6 |
unnilennium |
1.1 |
Summary: ACME client in bash |
7 |
|
|
|
8 |
|
|
Group: Application/System |
9 |
|
|
License: MIT |
10 |
|
|
URL: https://github.com/lukas2511/dehydrated |
11 |
unnilennium |
1.4 |
#download released zip and prepend dehydrated- to name |
12 |
jpp |
1.6 |
Source0: dehydrated-v%{version}.tar.gz |
13 |
unnilennium |
1.4 |
Source1: integration.tgz |
14 |
jpp |
1.6 |
Patch0: dehydrated-0.5.0-bz10521-7a0e71c6c2ccc6e98abca5ea1c7de28053e90c02.patch |
15 |
unnilennium |
1.1 |
|
16 |
|
|
BuildArch: noarch |
17 |
|
|
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot |
18 |
|
|
|
19 |
|
|
BuildRequires: httpd |
20 |
|
|
Requires: openssl |
21 |
|
|
Requires: sed |
22 |
|
|
Requires: /bin/awk |
23 |
|
|
Requires: curl |
24 |
|
|
Requires: /bin/mktemp |
25 |
|
|
|
26 |
|
|
Conflicts: letsencrypt.sh |
27 |
|
|
Obsoletes: letsencrypt.sh |
28 |
|
|
|
29 |
|
|
%if 0%{?fedora} >= 11 || 0%{?rhel} >= 5 |
30 |
|
|
%global useselinux 1 |
31 |
|
|
%else |
32 |
|
|
%global useselinux 0 |
33 |
|
|
%endif |
34 |
|
|
|
35 |
|
|
%description |
36 |
|
|
This is a client for signing certificates with an ACME server |
37 |
|
|
(currently only provided by Let's Encrypt) implemented as a |
38 |
|
|
relatively simple bash-script. |
39 |
|
|
|
40 |
|
|
%prep |
41 |
unnilennium |
1.4 |
#unpack source 1 |
42 |
|
|
%setup -n dehydrated-%{version} |
43 |
jpp |
1.6 |
%patch0 -p1 |
44 |
unnilennium |
1.4 |
# unpack integration package aka source 1; do not delete previous -D, and disable default unpacking -T |
45 |
|
|
# this wil unpack the integration file in the previous unpacked dehydrated folder |
46 |
|
|
%setup -T -D -a 1 |
47 |
unnilennium |
1.1 |
|
48 |
|
|
%build |
49 |
|
|
sed -i -e "s|#BASEDIR=.*|BASEDIR=%{_localstatedir}/lib/%{name}/certificates|" \ |
50 |
|
|
-e "s|#WELLKNOWN=.*|WELLKNOWN=%{_localstatedir}/lib/%{name}/challenges|" \ |
51 |
|
|
-e "s|#HOOK=.*|HOOK=%{_bindir}/le_hooks.sh|" \ |
52 |
|
|
-e "s|#DOMAINS_TXT=.*|DOMAINS_TXT=%{_sysconfdir}/%{name}/domains.txt|" \ |
53 |
|
|
docs/examples/config |
54 |
|
|
|
55 |
|
|
%install |
56 |
|
|
install -d $RPM_BUILD_ROOT/%{_localstatedir}/lib/%{name}/challenges |
57 |
|
|
install -d $RPM_BUILD_ROOT/%{_localstatedir}/lib/%{name}/certificates |
58 |
|
|
install -D dehydrated $RPM_BUILD_ROOT/%{_bindir}/%{name} |
59 |
unnilennium |
1.4 |
install integration/dehydrated_hooks $RPM_BUILD_ROOT/%{_bindir}/dehydrated_hooks |
60 |
|
|
install integration/dehydrated_revoke $RPM_BUILD_ROOT/%{_bindir}/dehydrated_revoke |
61 |
unnilennium |
1.1 |
install -d $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/hooks_deploy_cert.d |
62 |
|
|
install -d $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/hooks_clean_challenge.d |
63 |
unnilennium |
1.4 |
install -D -m 0644 integration/httpd.sh.sample $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/hooks_deploy_cert.d/10httpd.sh.sample |
64 |
unnilennium |
1.1 |
install -D -m 0644 docs/examples/config $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/config |
65 |
|
|
install -D -m 0644 docs/examples/domains.txt $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/domains.txt |
66 |
|
|
install -d $RPM_BUILD_ROOT/%{_sysconfdir}/cron.daily/ |
67 |
|
|
cat <<"_EOF" > $RPM_BUILD_ROOT/%{_sysconfdir}/cron.daily/%{name} |
68 |
|
|
#!/bin/sh |
69 |
|
|
# Uncomment to enable auto-renewal |
70 |
|
|
# %{_bindir}/%{name} -c 2>&1 | awk '{ print strftime(), $0; fflush(); }' >> %{_localstatedir}/log/%{name}.log |
71 |
|
|
|
72 |
|
|
# Uncomment this to auto revoke old certs |
73 |
|
|
# %{_bindir}/dehydrated_revoke 2>&1 | awk '{ print strftime(), $0; fflush(); }' >> %{_localstatedir}/log/%{name}.log |
74 |
|
|
|
75 |
|
|
_EOF |
76 |
|
|
install -d $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d |
77 |
|
|
cat <<"_EOF" > $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/dehydrated.conf |
78 |
|
|
|
79 |
|
|
Alias /.well-known/acme-challenge/ %{_localstatedir}/lib/%{name}/challenges/ |
80 |
|
|
|
81 |
|
|
<Directory %{_localstatedir}/lib/%{name}/challenges> |
82 |
|
|
Options None |
83 |
|
|
AllowOverride None |
84 |
|
|
Header set Content-Type "application/jose+json" |
85 |
|
|
<IfModule mod_authz_core.c> |
86 |
|
|
# Apache 2.4 |
87 |
|
|
Require all granted |
88 |
|
|
</IfModule> |
89 |
|
|
<IfModule !mod_authz_core.c> |
90 |
|
|
# Apache 2.2 |
91 |
|
|
Order deny,allow |
92 |
|
|
Allow from all |
93 |
|
|
</IfModule> |
94 |
|
|
</Directory> |
95 |
|
|
_EOF |
96 |
|
|
install -d -m 750 $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d |
97 |
|
|
cat <<"_EOF" > $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/%{name} |
98 |
|
|
/var/log/%{name}.log { |
99 |
|
|
missingok |
100 |
|
|
copytruncate |
101 |
|
|
rotate 12 |
102 |
|
|
compress |
103 |
|
|
weekly |
104 |
|
|
create 0660 root root |
105 |
|
|
} |
106 |
|
|
_EOF |
107 |
|
|
|
108 |
|
|
%post |
109 |
|
|
%if %{useselinux} |
110 |
|
|
( |
111 |
|
|
# New File context |
112 |
|
|
semanage fcontext -a -t var_lib_t "%{_localstatedir}/lib/dehydrated(/.*)?" |
113 |
|
|
# files created by app |
114 |
|
|
restorecon -R %{_localstatedir}/lib/dehydrated |
115 |
|
|
) &>/dev/null || : |
116 |
|
|
%endif |
117 |
|
|
|
118 |
|
|
# Migrate from letsencrypt.sh |
119 |
|
|
if [ -e %{_sysconfdir}/letsencrypt.sh/config ]; then |
120 |
|
|
sed -e 's/letsencrypt.sh/dehydrated/g' \ |
121 |
|
|
-e 's/le_hooks.sh/dehydrated_hooks/g' \ |
122 |
|
|
%{_sysconfdir}/letsencrypt.sh/config > %{_sysconfdir}/%{name}/config |
123 |
|
|
fi |
124 |
|
|
if [ -e %{_sysconfdir}/letsencrypt.sh/domains.txt ]; then |
125 |
|
|
cat %{_sysconfdir}/letsencrypt.sh/domains.txt > %{_sysconfdir}/%{name}/domains.txt |
126 |
|
|
fi |
127 |
|
|
if [ -d %{_localstatedir}/lib/letsencrypt.sh/certificates/certs ]; then |
128 |
|
|
mv %{_localstatedir}/lib/letsencrypt.sh/certificates/* %{_localstatedir}/lib/%{name}/certificates/ |
129 |
|
|
fi |
130 |
|
|
sed -i -e 's|%{_localstatedir}/lib/letsencrypt.sh|%{_localstatedir}/lib/%{name}|g' %{_sysconfdir}/httpd/conf.d/ssl.conf |
131 |
|
|
if [ -d %{_sysconfdir}/letsencrypt.sh/hooks_deploy_cert.d/ ]; then |
132 |
|
|
find %{_sysconfdir}/letsencrypt.sh/hooks_deploy_cert.d/ -type f -perm /111 -exec mv "{}" %{_sysconfdir}/%{name}/hooks_deploy_cert.d/ \; |
133 |
|
|
fi |
134 |
|
|
if [ -d %{_sysconfdir}/letsencrypt.sh/hooks_clean_challenge.d/ ]; then |
135 |
|
|
find %{_sysconfdir}/letsencrypt.sh/hooks_clean_challenge.d/ -type f -perm /111 -exec mv "{}" %{_sysconfdir}/%{name}/hooks_clean_challenge.d/ \; |
136 |
|
|
fi |
137 |
|
|
|
138 |
|
|
%postun |
139 |
|
|
%if %{useselinux} |
140 |
|
|
if [ "$1" -eq "0" ]; then |
141 |
|
|
# Remove the File Context |
142 |
|
|
( |
143 |
|
|
semanage fcontext -d "%{_localstatedir}/lib/dehydrated(/.*)?" |
144 |
|
|
) &>/dev/null || : |
145 |
|
|
fi |
146 |
|
|
%endif |
147 |
|
|
|
148 |
|
|
%files |
149 |
|
|
%doc LICENSE README.md docs/examples/hook.sh |
150 |
unnilennium |
1.3 |
%dir %attr(0755,root,root) %{_sysconfdir}/%{name}/hooks_clean_challenge.d/ |
151 |
|
|
%attr(0644, root,root) %{_sysconfdir}/%{name}/hooks_deploy_cert.d/* |
152 |
|
|
%config(noreplace) %{_sysconfdir}/%{name}/domains.txt |
153 |
|
|
%config(noreplace) %{_sysconfdir}/%{name}/config |
154 |
unnilennium |
1.1 |
%config(noreplace) %attr(0755,root,root) %{_sysconfdir}/cron.daily/%{name} |
155 |
|
|
%config(noreplace) %{_sysconfdir}/httpd/conf.d/%{name}.conf |
156 |
|
|
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name} |
157 |
|
|
%attr(0755,root,root) %{_bindir}/%{name} |
158 |
|
|
%attr(0755,root,root) %{_bindir}/dehydrated_hooks |
159 |
|
|
%attr(0755,root,root) %{_bindir}/dehydrated_revoke |
160 |
|
|
%dir %attr(0750,root,apache) %{_localstatedir}/lib/%{name}/challenges |
161 |
|
|
%dir %attr(0750,root,root) %{_localstatedir}/lib/%{name}/certificates |
162 |
|
|
|
163 |
|
|
%changelog |
164 |
jpp |
1.7 |
* Fri Feb 16 2018 Jean-Philipe Pialasse <tests@pialasse.com> Version: 0.5.0-3.sme |
165 |
jpp |
1.6 |
- fix Dehydrated caused rate limits to be reached [SME: 10521] |
166 |
|
|
|
167 |
jpp |
1.5 |
* Fri Feb 16 2018 Jean-Philipe Pialasse <tests@pialasse.com> 0.5.0-1.sme |
168 |
|
|
- upgrade to upstream version [SME: 10521] |
169 |
|
|
|
170 |
unnilennium |
1.4 |
* Fri Feb 10 2017 Jean-Philipe Pialasse <tests@pialasse.com> - 0.4.0-1.sme |
171 |
|
|
- update architecture of sources and release/version number |
172 |
|
|
- according to Charlie Brady recomendations |
173 |
|
|
- see [SME 9901] |
174 |
unnilennium |
1.3 |
* Mon Feb 06 2017 Jean-Philipe Pialasse <tests@pialasse.com> - 0.4.0.20170205.git1163864.sme |
175 |
|
|
- update dehydrated to 0.4 [SME: 10080] |
176 |
|
|
- see https://github.com/lukas2511/dehydrated/releases/tag/v0.4.0 |
177 |
unnilennium |
1.4 |
- upstream release Version 0.4.0 commit 116386486b3749e4c5e1b4da35904f30f8b2749b |
178 |
unnilennium |
1.3 |
|
179 |
unnilennium |
1.2 |
* Fri Jan 06 2017 Jean-Philipe Pialasse <tests@pialasse.com> - 0.3.0.20160914.gitcaeed7d-4.sme |
180 |
unnilennium |
1.4 |
- Initial import in SME Server Buildsys [SME: 9901] |
181 |
unnilennium |
1.2 |
|
182 |
unnilennium |
1.1 |
* Mon Oct 24 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.3.0.20160914.gitcaeed7d-3 |
183 |
|
|
- Fix warning when installing dehydrated without upgrading from letsencrypt.sh |
184 |
|
|
|
185 |
|
|
* Mon Sep 19 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.3.0.20160914.gitcaeed7d-2 |
186 |
|
|
- Fix find command to work with older find versions (on el5), replace -executable with -perm /111 |
187 |
|
|
|
188 |
|
|
* Wed Sep 14 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.3.0.20160914.gitcaeed7d-1 |
189 |
|
|
- Renamed to dehydrated |
190 |
|
|
|
191 |
|
|
* Wed Aug 24 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160803.gitafabfff-2 |
192 |
|
|
- Set var_lib_t context to files |
193 |
|
|
|
194 |
|
|
* Wed Aug 3 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160803.gitafabfff-1 |
195 |
|
|
- Update to git afabfff |
196 |
|
|
|
197 |
|
|
* Mon Jun 6 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-4 |
198 |
|
|
- Default to enable HOOK in config |
199 |
|
|
|
200 |
|
|
* Fri Jun 3 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-3 |
201 |
|
|
- Add missing exec permission on daily cronjob script |
202 |
|
|
|
203 |
|
|
* Wed Jun 1 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-2 |
204 |
|
|
- Fix le_revoke.sh script to use config instead of config.sh |
205 |
|
|
|
206 |
|
|
* Tue May 31 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-1 |
207 |
|
|
- Update to git ec48906 |
208 |
|
|
|
209 |
|
|
* Fri May 13 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160513.gita286741-1 |
210 |
|
|
- Update to git a286741 |
211 |
|
|
|
212 |
|
|
* Wed Mar 30 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160330.gitdca25e8-1 |
213 |
|
|
- Update to git dca25e8 |
214 |
|
|
- Fix arg shifting in le_hooks script |
215 |
|
|
|
216 |
|
|
* Tue Feb 23 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160223.git2099c77-1 |
217 |
|
|
- Update to GIT git2099c77 |
218 |
|
|
|
219 |
|
|
* Sat Jan 30 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160127.git79ff846-2 |
220 |
|
|
- Rename httpd.sh hook to 10httpd.sh |
221 |
|
|
- Provide le_revoke.sh script to revoke old certificates |
222 |
|
|
- Add timestamp to logs using awk |
223 |
|
|
|
224 |
|
|
* Fri Jan 29 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160127.git79ff846-1 |
225 |
|
|
- Use date based version number |
226 |
|
|
|
227 |
|
|
* Wed Jan 27 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.3.git79ff846-1 |
228 |
|
|
- Update to git 79ff846 |
229 |
|
|
|
230 |
|
|
* Mon Jan 25 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.2.git3432f60-1 |
231 |
|
|
- Add hooks directory |
232 |
|
|
|
233 |
|
|
* Mon Jan 25 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.1.git3432f60-1 |
234 |
|
|
- First package |