1 |
Name: dehydrated |
2 |
Version: 0.3.0.20160914.gitcaeed7d |
3 |
Release: 4%{?dist} |
4 |
Summary: ACME client in bash |
5 |
|
6 |
Group: Application/System |
7 |
License: MIT |
8 |
URL: https://github.com/lukas2511/dehydrated |
9 |
Source0: dehydrated-master.zip |
10 |
Source1: dehydrated_hooks |
11 |
SOurce2: dehydrated_revoke |
12 |
Source3: httpd.sh.sample |
13 |
|
14 |
BuildArch: noarch |
15 |
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot |
16 |
|
17 |
BuildRequires: httpd |
18 |
Requires: openssl |
19 |
Requires: sed |
20 |
Requires: /bin/awk |
21 |
Requires: curl |
22 |
Requires: /bin/mktemp |
23 |
|
24 |
Conflicts: letsencrypt.sh |
25 |
Obsoletes: letsencrypt.sh |
26 |
|
27 |
%if 0%{?fedora} >= 11 || 0%{?rhel} >= 5 |
28 |
%global useselinux 1 |
29 |
%else |
30 |
%global useselinux 0 |
31 |
%endif |
32 |
|
33 |
%description |
34 |
This is a client for signing certificates with an ACME server |
35 |
(currently only provided by Let's Encrypt) implemented as a |
36 |
relatively simple bash-script. |
37 |
|
38 |
%prep |
39 |
%setup -q -n dehydrated-master |
40 |
|
41 |
%build |
42 |
sed -i -e "s|#BASEDIR=.*|BASEDIR=%{_localstatedir}/lib/%{name}/certificates|" \ |
43 |
-e "s|#WELLKNOWN=.*|WELLKNOWN=%{_localstatedir}/lib/%{name}/challenges|" \ |
44 |
-e "s|#HOOK=.*|HOOK=%{_bindir}/le_hooks.sh|" \ |
45 |
-e "s|#DOMAINS_TXT=.*|DOMAINS_TXT=%{_sysconfdir}/%{name}/domains.txt|" \ |
46 |
docs/examples/config |
47 |
|
48 |
%install |
49 |
install -d $RPM_BUILD_ROOT/%{_localstatedir}/lib/%{name}/challenges |
50 |
install -d $RPM_BUILD_ROOT/%{_localstatedir}/lib/%{name}/certificates |
51 |
install -D dehydrated $RPM_BUILD_ROOT/%{_bindir}/%{name} |
52 |
install %{SOURCE1} $RPM_BUILD_ROOT/%{_bindir}/dehydrated_hooks |
53 |
install %{SOURCE2} $RPM_BUILD_ROOT/%{_bindir}/dehydrated_revoke |
54 |
install -d $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/hooks_deploy_cert.d |
55 |
install -d $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/hooks_clean_challenge.d |
56 |
install -D -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/hooks_deploy_cert.d/10httpd.sh.sample |
57 |
install -D -m 0644 docs/examples/config $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/config |
58 |
install -D -m 0644 docs/examples/domains.txt $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/domains.txt |
59 |
install -d $RPM_BUILD_ROOT/%{_sysconfdir}/cron.daily/ |
60 |
cat <<"_EOF" > $RPM_BUILD_ROOT/%{_sysconfdir}/cron.daily/%{name} |
61 |
#!/bin/sh |
62 |
# Uncomment to enable auto-renewal |
63 |
# %{_bindir}/%{name} -c 2>&1 | awk '{ print strftime(), $0; fflush(); }' >> %{_localstatedir}/log/%{name}.log |
64 |
|
65 |
# Uncomment this to auto revoke old certs |
66 |
# %{_bindir}/dehydrated_revoke 2>&1 | awk '{ print strftime(), $0; fflush(); }' >> %{_localstatedir}/log/%{name}.log |
67 |
|
68 |
_EOF |
69 |
install -d $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d |
70 |
cat <<"_EOF" > $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/dehydrated.conf |
71 |
|
72 |
Alias /.well-known/acme-challenge/ %{_localstatedir}/lib/%{name}/challenges/ |
73 |
|
74 |
<Directory %{_localstatedir}/lib/%{name}/challenges> |
75 |
Options None |
76 |
AllowOverride None |
77 |
Header set Content-Type "application/jose+json" |
78 |
<IfModule mod_authz_core.c> |
79 |
# Apache 2.4 |
80 |
Require all granted |
81 |
</IfModule> |
82 |
<IfModule !mod_authz_core.c> |
83 |
# Apache 2.2 |
84 |
Order deny,allow |
85 |
Allow from all |
86 |
</IfModule> |
87 |
</Directory> |
88 |
_EOF |
89 |
install -d -m 750 $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d |
90 |
cat <<"_EOF" > $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/%{name} |
91 |
/var/log/%{name}.log { |
92 |
missingok |
93 |
copytruncate |
94 |
rotate 12 |
95 |
compress |
96 |
weekly |
97 |
create 0660 root root |
98 |
} |
99 |
_EOF |
100 |
|
101 |
%post |
102 |
%if %{useselinux} |
103 |
( |
104 |
# New File context |
105 |
semanage fcontext -a -t var_lib_t "%{_localstatedir}/lib/dehydrated(/.*)?" |
106 |
# files created by app |
107 |
restorecon -R %{_localstatedir}/lib/dehydrated |
108 |
) &>/dev/null || : |
109 |
%endif |
110 |
|
111 |
# Migrate from letsencrypt.sh |
112 |
if [ -e %{_sysconfdir}/letsencrypt.sh/config ]; then |
113 |
sed -e 's/letsencrypt.sh/dehydrated/g' \ |
114 |
-e 's/le_hooks.sh/dehydrated_hooks/g' \ |
115 |
%{_sysconfdir}/letsencrypt.sh/config > %{_sysconfdir}/%{name}/config |
116 |
fi |
117 |
if [ -e %{_sysconfdir}/letsencrypt.sh/domains.txt ]; then |
118 |
cat %{_sysconfdir}/letsencrypt.sh/domains.txt > %{_sysconfdir}/%{name}/domains.txt |
119 |
fi |
120 |
if [ -d %{_localstatedir}/lib/letsencrypt.sh/certificates/certs ]; then |
121 |
mv %{_localstatedir}/lib/letsencrypt.sh/certificates/* %{_localstatedir}/lib/%{name}/certificates/ |
122 |
fi |
123 |
sed -i -e 's|%{_localstatedir}/lib/letsencrypt.sh|%{_localstatedir}/lib/%{name}|g' %{_sysconfdir}/httpd/conf.d/ssl.conf |
124 |
if [ -d %{_sysconfdir}/letsencrypt.sh/hooks_deploy_cert.d/ ]; then |
125 |
find %{_sysconfdir}/letsencrypt.sh/hooks_deploy_cert.d/ -type f -perm /111 -exec mv "{}" %{_sysconfdir}/%{name}/hooks_deploy_cert.d/ \; |
126 |
fi |
127 |
if [ -d %{_sysconfdir}/letsencrypt.sh/hooks_clean_challenge.d/ ]; then |
128 |
find %{_sysconfdir}/letsencrypt.sh/hooks_clean_challenge.d/ -type f -perm /111 -exec mv "{}" %{_sysconfdir}/%{name}/hooks_clean_challenge.d/ \; |
129 |
fi |
130 |
|
131 |
%postun |
132 |
%if %{useselinux} |
133 |
if [ "$1" -eq "0" ]; then |
134 |
# Remove the File Context |
135 |
( |
136 |
semanage fcontext -d "%{_localstatedir}/lib/dehydrated(/.*)?" |
137 |
) &>/dev/null || : |
138 |
fi |
139 |
%endif |
140 |
|
141 |
%files |
142 |
%doc LICENSE README.md docs/examples/hook.sh |
143 |
%config(noreplace) %{_sysconfdir}/%{name}/* |
144 |
%config(noreplace) %attr(0755,root,root) %{_sysconfdir}/cron.daily/%{name} |
145 |
%config(noreplace) %{_sysconfdir}/httpd/conf.d/%{name}.conf |
146 |
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name} |
147 |
%attr(0644, root,root) %{_sysconfdir}/%{name}/hooks_deploy_cert.d/* |
148 |
%dir %attr(0755,root,root) %{_sysconfdir}/%{name}/hooks_clean_challenge.d/ |
149 |
%attr(0755,root,root) %{_bindir}/%{name} |
150 |
%attr(0755,root,root) %{_bindir}/dehydrated_hooks |
151 |
%attr(0755,root,root) %{_bindir}/dehydrated_revoke |
152 |
%dir %attr(0750,root,apache) %{_localstatedir}/lib/%{name}/challenges |
153 |
%dir %attr(0750,root,root) %{_localstatedir}/lib/%{name}/certificates |
154 |
|
155 |
%changelog |
156 |
* Fri Jan 06 2017 Jean-Philipe Pialasse <tests@pialasse.com> - 0.3.0.20160914.gitcaeed7d-4.sme |
157 |
- Initial import in SME Server Buildsys |
158 |
|
159 |
* Mon Oct 24 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.3.0.20160914.gitcaeed7d-3 |
160 |
- Fix warning when installing dehydrated without upgrading from letsencrypt.sh |
161 |
|
162 |
* Mon Sep 19 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.3.0.20160914.gitcaeed7d-2 |
163 |
- Fix find command to work with older find versions (on el5), replace -executable with -perm /111 |
164 |
|
165 |
* Wed Sep 14 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.3.0.20160914.gitcaeed7d-1 |
166 |
- Renamed to dehydrated |
167 |
|
168 |
* Wed Aug 24 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160803.gitafabfff-2 |
169 |
- Set var_lib_t context to files |
170 |
|
171 |
* Wed Aug 3 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160803.gitafabfff-1 |
172 |
- Update to git afabfff |
173 |
|
174 |
* Mon Jun 6 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-4 |
175 |
- Default to enable HOOK in config |
176 |
|
177 |
* Fri Jun 3 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-3 |
178 |
- Add missing exec permission on daily cronjob script |
179 |
|
180 |
* Wed Jun 1 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-2 |
181 |
- Fix le_revoke.sh script to use config instead of config.sh |
182 |
|
183 |
* Tue May 31 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-1 |
184 |
- Update to git ec48906 |
185 |
|
186 |
* Fri May 13 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160513.gita286741-1 |
187 |
- Update to git a286741 |
188 |
|
189 |
* Wed Mar 30 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160330.gitdca25e8-1 |
190 |
- Update to git dca25e8 |
191 |
- Fix arg shifting in le_hooks script |
192 |
|
193 |
* Tue Feb 23 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160223.git2099c77-1 |
194 |
- Update to GIT git2099c77 |
195 |
|
196 |
* Sat Jan 30 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160127.git79ff846-2 |
197 |
- Rename httpd.sh hook to 10httpd.sh |
198 |
- Provide le_revoke.sh script to revoke old certificates |
199 |
- Add timestamp to logs using awk |
200 |
|
201 |
* Fri Jan 29 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160127.git79ff846-1 |
202 |
- Use date based version number |
203 |
|
204 |
* Wed Jan 27 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.3.git79ff846-1 |
205 |
- Update to git 79ff846 |
206 |
|
207 |
* Mon Jan 25 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.2.git3432f60-1 |
208 |
- Add hooks directory |
209 |
|
210 |
* Mon Jan 25 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.1.git3432f60-1 |
211 |
- First package |