| 1 |
Name: dehydrated |
| 2 |
Version: 0.3.0.20160914.gitcaeed7d |
| 3 |
Release: 3%{?dist} |
| 4 |
Summary: ACME client in bash |
| 5 |
|
| 6 |
Group: Application/System |
| 7 |
License: MIT |
| 8 |
URL: https://github.com/lukas2511/dehydrated |
| 9 |
Source0: dehydrated-master.zip |
| 10 |
Source1: dehydrated_hooks |
| 11 |
SOurce2: dehydrated_revoke |
| 12 |
Source3: httpd.sh.sample |
| 13 |
|
| 14 |
BuildArch: noarch |
| 15 |
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot |
| 16 |
|
| 17 |
BuildRequires: httpd |
| 18 |
Requires: openssl |
| 19 |
Requires: sed |
| 20 |
Requires: /bin/awk |
| 21 |
Requires: curl |
| 22 |
Requires: /bin/mktemp |
| 23 |
|
| 24 |
Conflicts: letsencrypt.sh |
| 25 |
Obsoletes: letsencrypt.sh |
| 26 |
|
| 27 |
%if 0%{?fedora} >= 11 || 0%{?rhel} >= 5 |
| 28 |
%global useselinux 1 |
| 29 |
%else |
| 30 |
%global useselinux 0 |
| 31 |
%endif |
| 32 |
|
| 33 |
%description |
| 34 |
This is a client for signing certificates with an ACME server |
| 35 |
(currently only provided by Let's Encrypt) implemented as a |
| 36 |
relatively simple bash-script. |
| 37 |
|
| 38 |
%prep |
| 39 |
%setup -q -n dehydrated-master |
| 40 |
|
| 41 |
%build |
| 42 |
sed -i -e "s|#BASEDIR=.*|BASEDIR=%{_localstatedir}/lib/%{name}/certificates|" \ |
| 43 |
-e "s|#WELLKNOWN=.*|WELLKNOWN=%{_localstatedir}/lib/%{name}/challenges|" \ |
| 44 |
-e "s|#HOOK=.*|HOOK=%{_bindir}/le_hooks.sh|" \ |
| 45 |
-e "s|#DOMAINS_TXT=.*|DOMAINS_TXT=%{_sysconfdir}/%{name}/domains.txt|" \ |
| 46 |
docs/examples/config |
| 47 |
|
| 48 |
%install |
| 49 |
install -d $RPM_BUILD_ROOT/%{_localstatedir}/lib/%{name}/challenges |
| 50 |
install -d $RPM_BUILD_ROOT/%{_localstatedir}/lib/%{name}/certificates |
| 51 |
install -D dehydrated $RPM_BUILD_ROOT/%{_bindir}/%{name} |
| 52 |
install %{SOURCE1} $RPM_BUILD_ROOT/%{_bindir}/dehydrated_hooks |
| 53 |
install %{SOURCE2} $RPM_BUILD_ROOT/%{_bindir}/dehydrated_revoke |
| 54 |
install -d $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/hooks_deploy_cert.d |
| 55 |
install -d $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/hooks_clean_challenge.d |
| 56 |
install -D -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/hooks_deploy_cert.d/10httpd.sh.sample |
| 57 |
install -D -m 0644 docs/examples/config $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/config |
| 58 |
install -D -m 0644 docs/examples/domains.txt $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/domains.txt |
| 59 |
install -d $RPM_BUILD_ROOT/%{_sysconfdir}/cron.daily/ |
| 60 |
cat <<"_EOF" > $RPM_BUILD_ROOT/%{_sysconfdir}/cron.daily/%{name} |
| 61 |
#!/bin/sh |
| 62 |
# Uncomment to enable auto-renewal |
| 63 |
# %{_bindir}/%{name} -c 2>&1 | awk '{ print strftime(), $0; fflush(); }' >> %{_localstatedir}/log/%{name}.log |
| 64 |
|
| 65 |
# Uncomment this to auto revoke old certs |
| 66 |
# %{_bindir}/dehydrated_revoke 2>&1 | awk '{ print strftime(), $0; fflush(); }' >> %{_localstatedir}/log/%{name}.log |
| 67 |
|
| 68 |
_EOF |
| 69 |
install -d $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d |
| 70 |
cat <<"_EOF" > $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/dehydrated.conf |
| 71 |
|
| 72 |
Alias /.well-known/acme-challenge/ %{_localstatedir}/lib/%{name}/challenges/ |
| 73 |
|
| 74 |
<Directory %{_localstatedir}/lib/%{name}/challenges> |
| 75 |
Options None |
| 76 |
AllowOverride None |
| 77 |
Header set Content-Type "application/jose+json" |
| 78 |
<IfModule mod_authz_core.c> |
| 79 |
# Apache 2.4 |
| 80 |
Require all granted |
| 81 |
</IfModule> |
| 82 |
<IfModule !mod_authz_core.c> |
| 83 |
# Apache 2.2 |
| 84 |
Order deny,allow |
| 85 |
Allow from all |
| 86 |
</IfModule> |
| 87 |
</Directory> |
| 88 |
_EOF |
| 89 |
install -d -m 750 $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d |
| 90 |
cat <<"_EOF" > $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/%{name} |
| 91 |
/var/log/%{name}.log { |
| 92 |
missingok |
| 93 |
copytruncate |
| 94 |
rotate 12 |
| 95 |
compress |
| 96 |
weekly |
| 97 |
create 0660 root root |
| 98 |
} |
| 99 |
_EOF |
| 100 |
|
| 101 |
%post |
| 102 |
%if %{useselinux} |
| 103 |
( |
| 104 |
# New File context |
| 105 |
semanage fcontext -a -t var_lib_t "%{_localstatedir}/lib/dehydrated(/.*)?" |
| 106 |
# files created by app |
| 107 |
restorecon -R %{_localstatedir}/lib/dehydrated |
| 108 |
) &>/dev/null || : |
| 109 |
%endif |
| 110 |
|
| 111 |
# Migrate from letsencrypt.sh |
| 112 |
if [ -e %{_sysconfdir}/letsencrypt.sh/config ]; then |
| 113 |
sed -e 's/letsencrypt.sh/dehydrated/g' \ |
| 114 |
-e 's/le_hooks.sh/dehydrated_hooks/g' \ |
| 115 |
%{_sysconfdir}/letsencrypt.sh/config > %{_sysconfdir}/%{name}/config |
| 116 |
fi |
| 117 |
if [ -e %{_sysconfdir}/letsencrypt.sh/domains.txt ]; then |
| 118 |
cat %{_sysconfdir}/letsencrypt.sh/domains.txt > %{_sysconfdir}/%{name}/domains.txt |
| 119 |
fi |
| 120 |
if [ -d %{_localstatedir}/lib/letsencrypt.sh/certificates/certs ]; then |
| 121 |
mv %{_localstatedir}/lib/letsencrypt.sh/certificates/* %{_localstatedir}/lib/%{name}/certificates/ |
| 122 |
fi |
| 123 |
sed -i -e 's|%{_localstatedir}/lib/letsencrypt.sh|%{_localstatedir}/lib/%{name}|g' %{_sysconfdir}/httpd/conf.d/ssl.conf |
| 124 |
if [ -d %{_sysconfdir}/letsencrypt.sh/hooks_deploy_cert.d/ ]; then |
| 125 |
find %{_sysconfdir}/letsencrypt.sh/hooks_deploy_cert.d/ -type f -perm /111 -exec mv "{}" %{_sysconfdir}/%{name}/hooks_deploy_cert.d/ \; |
| 126 |
fi |
| 127 |
if [ -d %{_sysconfdir}/letsencrypt.sh/hooks_clean_challenge.d/ ]; then |
| 128 |
find %{_sysconfdir}/letsencrypt.sh/hooks_clean_challenge.d/ -type f -perm /111 -exec mv "{}" %{_sysconfdir}/%{name}/hooks_clean_challenge.d/ \; |
| 129 |
fi |
| 130 |
|
| 131 |
%postun |
| 132 |
%if %{useselinux} |
| 133 |
if [ "$1" -eq "0" ]; then |
| 134 |
# Remove the File Context |
| 135 |
( |
| 136 |
semanage fcontext -d "%{_localstatedir}/lib/dehydrated(/.*)?" |
| 137 |
) &>/dev/null || : |
| 138 |
fi |
| 139 |
%endif |
| 140 |
|
| 141 |
%files |
| 142 |
%doc LICENSE README.md docs/examples/hook.sh |
| 143 |
%config(noreplace) %{_sysconfdir}/%{name}/* |
| 144 |
%config(noreplace) %attr(0755,root,root) %{_sysconfdir}/cron.daily/%{name} |
| 145 |
%config(noreplace) %{_sysconfdir}/httpd/conf.d/%{name}.conf |
| 146 |
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name} |
| 147 |
%attr(0644, root,root) %{_sysconfdir}/%{name}/hooks_deploy_cert.d/* |
| 148 |
%dir %attr(0755,root,root) %{_sysconfdir}/%{name}/hooks_clean_challenge.d/ |
| 149 |
%attr(0755,root,root) %{_bindir}/%{name} |
| 150 |
%attr(0755,root,root) %{_bindir}/dehydrated_hooks |
| 151 |
%attr(0755,root,root) %{_bindir}/dehydrated_revoke |
| 152 |
%dir %attr(0750,root,apache) %{_localstatedir}/lib/%{name}/challenges |
| 153 |
%dir %attr(0750,root,root) %{_localstatedir}/lib/%{name}/certificates |
| 154 |
|
| 155 |
%changelog |
| 156 |
* Mon Oct 24 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.3.0.20160914.gitcaeed7d-3 |
| 157 |
- Fix warning when installing dehydrated without upgrading from letsencrypt.sh |
| 158 |
|
| 159 |
* Mon Sep 19 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.3.0.20160914.gitcaeed7d-2 |
| 160 |
- Fix find command to work with older find versions (on el5), replace -executable with -perm /111 |
| 161 |
|
| 162 |
* Wed Sep 14 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.3.0.20160914.gitcaeed7d-1 |
| 163 |
- Renamed to dehydrated |
| 164 |
|
| 165 |
* Wed Aug 24 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160803.gitafabfff-2 |
| 166 |
- Set var_lib_t context to files |
| 167 |
|
| 168 |
* Wed Aug 3 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160803.gitafabfff-1 |
| 169 |
- Update to git afabfff |
| 170 |
|
| 171 |
* Mon Jun 6 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-4 |
| 172 |
- Default to enable HOOK in config |
| 173 |
|
| 174 |
* Fri Jun 3 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-3 |
| 175 |
- Add missing exec permission on daily cronjob script |
| 176 |
|
| 177 |
* Wed Jun 1 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-2 |
| 178 |
- Fix le_revoke.sh script to use config instead of config.sh |
| 179 |
|
| 180 |
* Tue May 31 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-1 |
| 181 |
- Update to git ec48906 |
| 182 |
|
| 183 |
* Fri May 13 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160513.gita286741-1 |
| 184 |
- Update to git a286741 |
| 185 |
|
| 186 |
* Wed Mar 30 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160330.gitdca25e8-1 |
| 187 |
- Update to git dca25e8 |
| 188 |
- Fix arg shifting in le_hooks script |
| 189 |
|
| 190 |
* Tue Feb 23 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160223.git2099c77-1 |
| 191 |
- Update to GIT git2099c77 |
| 192 |
|
| 193 |
* Sat Jan 30 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160127.git79ff846-2 |
| 194 |
- Rename httpd.sh hook to 10httpd.sh |
| 195 |
- Provide le_revoke.sh script to revoke old certificates |
| 196 |
- Add timestamp to logs using awk |
| 197 |
|
| 198 |
* Fri Jan 29 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160127.git79ff846-1 |
| 199 |
- Use date based version number |
| 200 |
|
| 201 |
* Wed Jan 27 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.3.git79ff846-1 |
| 202 |
- Update to git 79ff846 |
| 203 |
|
| 204 |
* Mon Jan 25 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.2.git3432f60-1 |
| 205 |
- Add hooks directory |
| 206 |
|
| 207 |
* Mon Jan 25 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.1.git3432f60-1 |
| 208 |
- First package |
Parent Directory
| 
Revision Log
| 
Revision Graph
