/[smeserver]/rpms/dehydrated/sme10/dehydrated.spec
ViewVC logotype

Contents of /rpms/dehydrated/sme10/dehydrated.spec

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (show annotations) (download)
Fri Jan 6 23:00:25 2017 UTC (7 years, 9 months ago) by unnilennium
Branch: MAIN
CVS Tags: dehydrated-0_3_0_20160914_gitcaeed7d-4_el7_sme
Changes since 1.1: +4 -1 lines
* Fri Jan 06 2017 Jean-Philipe Pialasse <tests@pialasse.com> - 0.3.0.20160914.gitcaeed7d-4.sme
- Initial import in SME Server Buildsys

1 Name: dehydrated
2 Version: 0.3.0.20160914.gitcaeed7d
3 Release: 4%{?dist}
4 Summary: ACME client in bash
5
6 Group: Application/System
7 License: MIT
8 URL: https://github.com/lukas2511/dehydrated
9 Source0: dehydrated-master.zip
10 Source1: dehydrated_hooks
11 SOurce2: dehydrated_revoke
12 Source3: httpd.sh.sample
13
14 BuildArch: noarch
15 BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
16
17 BuildRequires: httpd
18 Requires: openssl
19 Requires: sed
20 Requires: /bin/awk
21 Requires: curl
22 Requires: /bin/mktemp
23
24 Conflicts: letsencrypt.sh
25 Obsoletes: letsencrypt.sh
26
27 %if 0%{?fedora} >= 11 || 0%{?rhel} >= 5
28 %global useselinux 1
29 %else
30 %global useselinux 0
31 %endif
32
33 %description
34 This is a client for signing certificates with an ACME server
35 (currently only provided by Let's Encrypt) implemented as a
36 relatively simple bash-script.
37
38 %prep
39 %setup -q -n dehydrated-master
40
41 %build
42 sed -i -e "s|#BASEDIR=.*|BASEDIR=%{_localstatedir}/lib/%{name}/certificates|" \
43 -e "s|#WELLKNOWN=.*|WELLKNOWN=%{_localstatedir}/lib/%{name}/challenges|" \
44 -e "s|#HOOK=.*|HOOK=%{_bindir}/le_hooks.sh|" \
45 -e "s|#DOMAINS_TXT=.*|DOMAINS_TXT=%{_sysconfdir}/%{name}/domains.txt|" \
46 docs/examples/config
47
48 %install
49 install -d $RPM_BUILD_ROOT/%{_localstatedir}/lib/%{name}/challenges
50 install -d $RPM_BUILD_ROOT/%{_localstatedir}/lib/%{name}/certificates
51 install -D dehydrated $RPM_BUILD_ROOT/%{_bindir}/%{name}
52 install %{SOURCE1} $RPM_BUILD_ROOT/%{_bindir}/dehydrated_hooks
53 install %{SOURCE2} $RPM_BUILD_ROOT/%{_bindir}/dehydrated_revoke
54 install -d $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/hooks_deploy_cert.d
55 install -d $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/hooks_clean_challenge.d
56 install -D -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/hooks_deploy_cert.d/10httpd.sh.sample
57 install -D -m 0644 docs/examples/config $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/config
58 install -D -m 0644 docs/examples/domains.txt $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/domains.txt
59 install -d $RPM_BUILD_ROOT/%{_sysconfdir}/cron.daily/
60 cat <<"_EOF" > $RPM_BUILD_ROOT/%{_sysconfdir}/cron.daily/%{name}
61 #!/bin/sh
62 # Uncomment to enable auto-renewal
63 # %{_bindir}/%{name} -c 2>&1 | awk '{ print strftime(), $0; fflush(); }' >> %{_localstatedir}/log/%{name}.log
64
65 # Uncomment this to auto revoke old certs
66 # %{_bindir}/dehydrated_revoke 2>&1 | awk '{ print strftime(), $0; fflush(); }' >> %{_localstatedir}/log/%{name}.log
67
68 _EOF
69 install -d $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d
70 cat <<"_EOF" > $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/dehydrated.conf
71
72 Alias /.well-known/acme-challenge/ %{_localstatedir}/lib/%{name}/challenges/
73
74 <Directory %{_localstatedir}/lib/%{name}/challenges>
75 Options None
76 AllowOverride None
77 Header set Content-Type "application/jose+json"
78 <IfModule mod_authz_core.c>
79 # Apache 2.4
80 Require all granted
81 </IfModule>
82 <IfModule !mod_authz_core.c>
83 # Apache 2.2
84 Order deny,allow
85 Allow from all
86 </IfModule>
87 </Directory>
88 _EOF
89 install -d -m 750 $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d
90 cat <<"_EOF" > $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/%{name}
91 /var/log/%{name}.log {
92 missingok
93 copytruncate
94 rotate 12
95 compress
96 weekly
97 create 0660 root root
98 }
99 _EOF
100
101 %post
102 %if %{useselinux}
103 (
104 # New File context
105 semanage fcontext -a -t var_lib_t "%{_localstatedir}/lib/dehydrated(/.*)?"
106 # files created by app
107 restorecon -R %{_localstatedir}/lib/dehydrated
108 ) &>/dev/null || :
109 %endif
110
111 # Migrate from letsencrypt.sh
112 if [ -e %{_sysconfdir}/letsencrypt.sh/config ]; then
113 sed -e 's/letsencrypt.sh/dehydrated/g' \
114 -e 's/le_hooks.sh/dehydrated_hooks/g' \
115 %{_sysconfdir}/letsencrypt.sh/config > %{_sysconfdir}/%{name}/config
116 fi
117 if [ -e %{_sysconfdir}/letsencrypt.sh/domains.txt ]; then
118 cat %{_sysconfdir}/letsencrypt.sh/domains.txt > %{_sysconfdir}/%{name}/domains.txt
119 fi
120 if [ -d %{_localstatedir}/lib/letsencrypt.sh/certificates/certs ]; then
121 mv %{_localstatedir}/lib/letsencrypt.sh/certificates/* %{_localstatedir}/lib/%{name}/certificates/
122 fi
123 sed -i -e 's|%{_localstatedir}/lib/letsencrypt.sh|%{_localstatedir}/lib/%{name}|g' %{_sysconfdir}/httpd/conf.d/ssl.conf
124 if [ -d %{_sysconfdir}/letsencrypt.sh/hooks_deploy_cert.d/ ]; then
125 find %{_sysconfdir}/letsencrypt.sh/hooks_deploy_cert.d/ -type f -perm /111 -exec mv "{}" %{_sysconfdir}/%{name}/hooks_deploy_cert.d/ \;
126 fi
127 if [ -d %{_sysconfdir}/letsencrypt.sh/hooks_clean_challenge.d/ ]; then
128 find %{_sysconfdir}/letsencrypt.sh/hooks_clean_challenge.d/ -type f -perm /111 -exec mv "{}" %{_sysconfdir}/%{name}/hooks_clean_challenge.d/ \;
129 fi
130
131 %postun
132 %if %{useselinux}
133 if [ "$1" -eq "0" ]; then
134 # Remove the File Context
135 (
136 semanage fcontext -d "%{_localstatedir}/lib/dehydrated(/.*)?"
137 ) &>/dev/null || :
138 fi
139 %endif
140
141 %files
142 %doc LICENSE README.md docs/examples/hook.sh
143 %config(noreplace) %{_sysconfdir}/%{name}/*
144 %config(noreplace) %attr(0755,root,root) %{_sysconfdir}/cron.daily/%{name}
145 %config(noreplace) %{_sysconfdir}/httpd/conf.d/%{name}.conf
146 %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
147 %attr(0644, root,root) %{_sysconfdir}/%{name}/hooks_deploy_cert.d/*
148 %dir %attr(0755,root,root) %{_sysconfdir}/%{name}/hooks_clean_challenge.d/
149 %attr(0755,root,root) %{_bindir}/%{name}
150 %attr(0755,root,root) %{_bindir}/dehydrated_hooks
151 %attr(0755,root,root) %{_bindir}/dehydrated_revoke
152 %dir %attr(0750,root,apache) %{_localstatedir}/lib/%{name}/challenges
153 %dir %attr(0750,root,root) %{_localstatedir}/lib/%{name}/certificates
154
155 %changelog
156 * Fri Jan 06 2017 Jean-Philipe Pialasse <tests@pialasse.com> - 0.3.0.20160914.gitcaeed7d-4.sme
157 - Initial import in SME Server Buildsys
158
159 * Mon Oct 24 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.3.0.20160914.gitcaeed7d-3
160 - Fix warning when installing dehydrated without upgrading from letsencrypt.sh
161
162 * Mon Sep 19 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.3.0.20160914.gitcaeed7d-2
163 - Fix find command to work with older find versions (on el5), replace -executable with -perm /111
164
165 * Wed Sep 14 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.3.0.20160914.gitcaeed7d-1
166 - Renamed to dehydrated
167
168 * Wed Aug 24 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160803.gitafabfff-2
169 - Set var_lib_t context to files
170
171 * Wed Aug 3 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160803.gitafabfff-1
172 - Update to git afabfff
173
174 * Mon Jun 6 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-4
175 - Default to enable HOOK in config
176
177 * Fri Jun 3 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-3
178 - Add missing exec permission on daily cronjob script
179
180 * Wed Jun 1 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-2
181 - Fix le_revoke.sh script to use config instead of config.sh
182
183 * Tue May 31 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-1
184 - Update to git ec48906
185
186 * Fri May 13 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160513.gita286741-1
187 - Update to git a286741
188
189 * Wed Mar 30 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160330.gitdca25e8-1
190 - Update to git dca25e8
191 - Fix arg shifting in le_hooks script
192
193 * Tue Feb 23 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160223.git2099c77-1
194 - Update to GIT git2099c77
195
196 * Sat Jan 30 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160127.git79ff846-2
197 - Rename httpd.sh hook to 10httpd.sh
198 - Provide le_revoke.sh script to revoke old certificates
199 - Add timestamp to logs using awk
200
201 * Fri Jan 29 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160127.git79ff846-1
202 - Use date based version number
203
204 * Wed Jan 27 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.3.git79ff846-1
205 - Update to git 79ff846
206
207 * Mon Jan 25 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.2.git3432f60-1
208 - Add hooks directory
209
210 * Mon Jan 25 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.1.git3432f60-1
211 - First package

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed