dehydrated/sme10/dehydrated.spec

Name:           dehydrated
Version:        0.4.0
%define release 1
Release:        %{release}%{?dist}
Summary:        ACME client in bash

Group:          Application/System
License:        MIT
URL:            https://github.com/lukas2511/dehydrated
#download released zip and prepend dehydrated- to name
Source0:        dehydrated-v0.4.0.zip
Source1:        integration.tgz

BuildArch:      noarch
BuildRoot:      /var/tmp/%{name}-%{version}-%{release}-buildroot

BuildRequires:  httpd
Requires:       openssl
Requires:       sed
Requires:       /bin/awk
Requires:       curl
Requires:       /bin/mktemp

Conflicts:      letsencrypt.sh
Obsoletes:      letsencrypt.sh

%if 0%{?fedora} >= 11 || 0%{?rhel} >= 5
%global useselinux 1
%else
%global useselinux 0
%endif

%description
This is a client for signing certificates with an ACME server
(currently only provided by Let's Encrypt) implemented as a
relatively simple bash-script.

%prep
#unpack source 1
%setup  -n dehydrated-%{version}
# unpack integration package aka source 1; do not delete previous -D, and disable default unpacking -T
# this wil unpack the integration file in the previous unpacked dehydrated folder
%setup -T -D -a 1 

%build
sed -i -e "s|#BASEDIR=.*|BASEDIR=%{_localstatedir}/lib/%{name}/certificates|" \
       -e "s|#WELLKNOWN=.*|WELLKNOWN=%{_localstatedir}/lib/%{name}/challenges|" \
       -e "s|#HOOK=.*|HOOK=%{_bindir}/le_hooks.sh|" \
       -e "s|#DOMAINS_TXT=.*|DOMAINS_TXT=%{_sysconfdir}/%{name}/domains.txt|" \
        docs/examples/config

%install
install -d $RPM_BUILD_ROOT/%{_localstatedir}/lib/%{name}/challenges
install -d $RPM_BUILD_ROOT/%{_localstatedir}/lib/%{name}/certificates
install -D dehydrated $RPM_BUILD_ROOT/%{_bindir}/%{name}
install integration/dehydrated_hooks $RPM_BUILD_ROOT/%{_bindir}/dehydrated_hooks
install integration/dehydrated_revoke $RPM_BUILD_ROOT/%{_bindir}/dehydrated_revoke
install -d $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/hooks_deploy_cert.d
install -d $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/hooks_clean_challenge.d
install -D -m 0644 integration/httpd.sh.sample $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/hooks_deploy_cert.d/10httpd.sh.sample
install -D -m 0644 docs/examples/config $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/config
install -D -m 0644 docs/examples/domains.txt $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/domains.txt
install -d $RPM_BUILD_ROOT/%{_sysconfdir}/cron.daily/
cat <<"_EOF" > $RPM_BUILD_ROOT/%{_sysconfdir}/cron.daily/%{name}
#!/bin/sh
# Uncomment to enable auto-renewal
# %{_bindir}/%{name} -c 2>&1 | awk '{ print strftime(), $0; fflush(); }' >> %{_localstatedir}/log/%{name}.log

# Uncomment this to auto revoke old certs
# %{_bindir}/dehydrated_revoke 2>&1 | awk '{ print strftime(), $0; fflush(); }' >> %{_localstatedir}/log/%{name}.log

_EOF
install -d $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d
cat <<"_EOF" > $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/dehydrated.conf

Alias /.well-known/acme-challenge/ %{_localstatedir}/lib/%{name}/challenges/

<Directory %{_localstatedir}/lib/%{name}/challenges>
  Options None
  AllowOverride None
  Header set Content-Type "application/jose+json"
  <IfModule mod_authz_core.c>
    # Apache 2.4
    Require all granted
  </IfModule>
  <IfModule !mod_authz_core.c>
    # Apache 2.2
    Order deny,allow
    Allow from all
  </IfModule>
</Directory>
_EOF
install -d -m 750 $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d
cat <<"_EOF" > $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/%{name}
/var/log/%{name}.log {
  missingok
  copytruncate
  rotate 12
  compress
  weekly
  create 0660 root root
}
_EOF

%post
%if %{useselinux}
(
# New File context
semanage fcontext -a -t var_lib_t "%{_localstatedir}/lib/dehydrated(/.*)?"
# files created by app
restorecon -R %{_localstatedir}/lib/dehydrated
) &>/dev/null || :
%endif

# Migrate from letsencrypt.sh
if [ -e %{_sysconfdir}/letsencrypt.sh/config ]; then
  sed -e 's/letsencrypt.sh/dehydrated/g' \
      -e 's/le_hooks.sh/dehydrated_hooks/g' \
      %{_sysconfdir}/letsencrypt.sh/config > %{_sysconfdir}/%{name}/config
fi
if [ -e %{_sysconfdir}/letsencrypt.sh/domains.txt ]; then
  cat %{_sysconfdir}/letsencrypt.sh/domains.txt > %{_sysconfdir}/%{name}/domains.txt
fi
if [ -d %{_localstatedir}/lib/letsencrypt.sh/certificates/certs ]; then
  mv %{_localstatedir}/lib/letsencrypt.sh/certificates/* %{_localstatedir}/lib/%{name}/certificates/
fi
sed -i -e 's|%{_localstatedir}/lib/letsencrypt.sh|%{_localstatedir}/lib/%{name}|g' %{_sysconfdir}/httpd/conf.d/ssl.conf
if [ -d %{_sysconfdir}/letsencrypt.sh/hooks_deploy_cert.d/ ]; then
  find %{_sysconfdir}/letsencrypt.sh/hooks_deploy_cert.d/ -type f -perm /111 -exec mv "{}" %{_sysconfdir}/%{name}/hooks_deploy_cert.d/ \;
fi
if [ -d %{_sysconfdir}/letsencrypt.sh/hooks_clean_challenge.d/ ]; then
  find %{_sysconfdir}/letsencrypt.sh/hooks_clean_challenge.d/ -type f -perm /111 -exec mv "{}" %{_sysconfdir}/%{name}/hooks_clean_challenge.d/ \;
fi

%postun
%if %{useselinux}
if [ "$1" -eq "0" ]; then
    # Remove the File Context
    (
    semanage fcontext -d "%{_localstatedir}/lib/dehydrated(/.*)?"
    ) &>/dev/null || :
fi
%endif

%files
%doc LICENSE README.md docs/examples/hook.sh
%dir %attr(0755,root,root) %{_sysconfdir}/%{name}/hooks_clean_challenge.d/
%attr(0644, root,root) %{_sysconfdir}/%{name}/hooks_deploy_cert.d/*
%config(noreplace) %{_sysconfdir}/%{name}/domains.txt
%config(noreplace) %{_sysconfdir}/%{name}/config
%config(noreplace) %attr(0755,root,root) %{_sysconfdir}/cron.daily/%{name}
%config(noreplace) %{_sysconfdir}/httpd/conf.d/%{name}.conf
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%attr(0755,root,root) %{_bindir}/%{name}
%attr(0755,root,root) %{_bindir}/dehydrated_hooks
%attr(0755,root,root) %{_bindir}/dehydrated_revoke
%dir %attr(0750,root,apache) %{_localstatedir}/lib/%{name}/challenges
%dir %attr(0750,root,root) %{_localstatedir}/lib/%{name}/certificates

%changelog
* Fri Feb 10 2017 Jean-Philipe Pialasse <tests@pialasse.com> - 0.4.0-1.sme
- update architecture of sources and release/version number
- according to Charlie Brady recomendations
- see [SME 9901] 
* Mon Feb 06 2017 Jean-Philipe Pialasse <tests@pialasse.com> - 0.4.0.20170205.git1163864.sme
- update dehydrated to 0.4 [SME: 10080]
- see https://github.com/lukas2511/dehydrated/releases/tag/v0.4.0
- upstream release Version 0.4.0 commit 116386486b3749e4c5e1b4da35904f30f8b2749b

* Fri Jan 06 2017 Jean-Philipe Pialasse <tests@pialasse.com> - 0.3.0.20160914.gitcaeed7d-4.sme
- Initial import in SME Server Buildsys [SME: 9901]

* Mon Oct 24 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.3.0.20160914.gitcaeed7d-3
- Fix warning when installing dehydrated without upgrading from letsencrypt.sh

* Mon Sep 19 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.3.0.20160914.gitcaeed7d-2
- Fix find command to work with older find versions (on el5), replace -executable with -perm /111

* Wed Sep 14 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.3.0.20160914.gitcaeed7d-1
- Renamed to dehydrated

* Wed Aug 24 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160803.gitafabfff-2
- Set var_lib_t context to files

* Wed Aug 3 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160803.gitafabfff-1
- Update to git afabfff

* Mon Jun 6 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-4
- Default to enable HOOK in config

* Fri Jun 3 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-3
- Add missing exec permission on daily cronjob script

* Wed Jun 1 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-2
- Fix le_revoke.sh script to use config instead of config.sh

* Tue May 31 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-1
- Update to git ec48906

* Fri May 13 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160513.gita286741-1
- Update to git a286741

* Wed Mar 30 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160330.gitdca25e8-1
- Update to git dca25e8
- Fix arg shifting in le_hooks script

* Tue Feb 23 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160223.git2099c77-1
- Update to GIT git2099c77

* Sat Jan 30 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160127.git79ff846-2
- Rename httpd.sh hook to 10httpd.sh
- Provide le_revoke.sh script to revoke old certificates
- Add timestamp to logs using awk

* Fri Jan 29 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160127.git79ff846-1
- Use date based version number

* Wed Jan 27 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.3.git79ff846-1
- Update to git 79ff846

* Mon Jan 25 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.2.git3432f60-1
- Add hooks directory

* Mon Jan 25 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.1.git3432f60-1
- First package
1	Name: dehydrated
2	Version: 0.4.0
3	%define release 1
4	Release: %{release}%{?dist}
5	Summary: ACME client in bash
6
7	Group: Application/System
8	License: MIT
9	URL: https://github.com/lukas2511/dehydrated
10	#download released zip and prepend dehydrated- to name
11	Source0: dehydrated-v0.4.0.zip
12	Source1: integration.tgz
13
14	BuildArch: noarch
15	BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
16
17	BuildRequires: httpd
18	Requires: openssl
19	Requires: sed
20	Requires: /bin/awk
21	Requires: curl
22	Requires: /bin/mktemp
23
24	Conflicts: letsencrypt.sh
25	Obsoletes: letsencrypt.sh
26
27	%if 0%{?fedora} >= 11 \|\| 0%{?rhel} >= 5
28	%global useselinux 1
29	%else
30	%global useselinux 0
31	%endif
32
33	%description
34	This is a client for signing certificates with an ACME server
35	(currently only provided by Let's Encrypt) implemented as a
36	relatively simple bash-script.
37
38	%prep
39	#unpack source 1
40	%setup -n dehydrated-%{version}
41	# unpack integration package aka source 1; do not delete previous -D, and disable default unpacking -T
42	# this wil unpack the integration file in the previous unpacked dehydrated folder
43	%setup -T -D -a 1
44
45	%build
46	sed -i -e "s\|#BASEDIR=.*\|BASEDIR=%{_localstatedir}/lib/%{name}/certificates\|" \
47	-e "s\|#WELLKNOWN=.*\|WELLKNOWN=%{_localstatedir}/lib/%{name}/challenges\|" \
48	-e "s\|#HOOK=.*\|HOOK=%{_bindir}/le_hooks.sh\|" \
49	-e "s\|#DOMAINS_TXT=.*\|DOMAINS_TXT=%{_sysconfdir}/%{name}/domains.txt\|" \
50	docs/examples/config
51
52	%install
53	install -d $RPM_BUILD_ROOT/%{_localstatedir}/lib/%{name}/challenges
54	install -d $RPM_BUILD_ROOT/%{_localstatedir}/lib/%{name}/certificates
55	install -D dehydrated $RPM_BUILD_ROOT/%{_bindir}/%{name}
56	install integration/dehydrated_hooks $RPM_BUILD_ROOT/%{_bindir}/dehydrated_hooks
57	install integration/dehydrated_revoke $RPM_BUILD_ROOT/%{_bindir}/dehydrated_revoke
58	install -d $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/hooks_deploy_cert.d
59	install -d $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/hooks_clean_challenge.d
60	install -D -m 0644 integration/httpd.sh.sample $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/hooks_deploy_cert.d/10httpd.sh.sample
61	install -D -m 0644 docs/examples/config $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/config
62	install -D -m 0644 docs/examples/domains.txt $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/domains.txt
63	install -d $RPM_BUILD_ROOT/%{_sysconfdir}/cron.daily/
64	cat <<"_EOF" > $RPM_BUILD_ROOT/%{_sysconfdir}/cron.daily/%{name}
65	#!/bin/sh
66	# Uncomment to enable auto-renewal
67	# %{_bindir}/%{name} -c 2>&1 \| awk '{ print strftime(), $0; fflush(); }' >> %{_localstatedir}/log/%{name}.log
68
69	# Uncomment this to auto revoke old certs
70	# %{_bindir}/dehydrated_revoke 2>&1 \| awk '{ print strftime(), $0; fflush(); }' >> %{_localstatedir}/log/%{name}.log
71
72	_EOF
73	install -d $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d
74	cat <<"_EOF" > $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/dehydrated.conf
75
76	Alias /.well-known/acme-challenge/ %{_localstatedir}/lib/%{name}/challenges/
77
78	<Directory %{_localstatedir}/lib/%{name}/challenges>
79	Options None
80	AllowOverride None
81	Header set Content-Type "application/jose+json"
82	<IfModule mod_authz_core.c>
83	# Apache 2.4
84	Require all granted
85	</IfModule>
86	<IfModule !mod_authz_core.c>
87	# Apache 2.2
88	Order deny,allow
89	Allow from all
90	</IfModule>
91	</Directory>
92	_EOF
93	install -d -m 750 $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d
94	cat <<"_EOF" > $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/%{name}
95	/var/log/%{name}.log {
96	missingok
97	copytruncate
98	rotate 12
99	compress
100	weekly
101	create 0660 root root
102	}
103	_EOF
104
105	%post
106	%if %{useselinux}
107	(
108	# New File context
109	semanage fcontext -a -t var_lib_t "%{_localstatedir}/lib/dehydrated(/.*)?"
110	# files created by app
111	restorecon -R %{_localstatedir}/lib/dehydrated
112	) &>/dev/null \|\| :
113	%endif
114
115	# Migrate from letsencrypt.sh
116	if [ -e %{_sysconfdir}/letsencrypt.sh/config ]; then
117	sed -e 's/letsencrypt.sh/dehydrated/g' \
118	-e 's/le_hooks.sh/dehydrated_hooks/g' \
119	%{_sysconfdir}/letsencrypt.sh/config > %{_sysconfdir}/%{name}/config
120	fi
121	if [ -e %{_sysconfdir}/letsencrypt.sh/domains.txt ]; then
122	cat %{_sysconfdir}/letsencrypt.sh/domains.txt > %{_sysconfdir}/%{name}/domains.txt
123	fi
124	if [ -d %{_localstatedir}/lib/letsencrypt.sh/certificates/certs ]; then
125	mv %{_localstatedir}/lib/letsencrypt.sh/certificates/* %{_localstatedir}/lib/%{name}/certificates/
126	fi
127	sed -i -e 's\|%{_localstatedir}/lib/letsencrypt.sh\|%{_localstatedir}/lib/%{name}\|g' %{_sysconfdir}/httpd/conf.d/ssl.conf
128	if [ -d %{_sysconfdir}/letsencrypt.sh/hooks_deploy_cert.d/ ]; then
129	find %{_sysconfdir}/letsencrypt.sh/hooks_deploy_cert.d/ -type f -perm /111 -exec mv "{}" %{_sysconfdir}/%{name}/hooks_deploy_cert.d/ \;
130	fi
131	if [ -d %{_sysconfdir}/letsencrypt.sh/hooks_clean_challenge.d/ ]; then
132	find %{_sysconfdir}/letsencrypt.sh/hooks_clean_challenge.d/ -type f -perm /111 -exec mv "{}" %{_sysconfdir}/%{name}/hooks_clean_challenge.d/ \;
133	fi
134
135	%postun
136	%if %{useselinux}
137	if [ "$1" -eq "0" ]; then
138	# Remove the File Context
139	(
140	semanage fcontext -d "%{_localstatedir}/lib/dehydrated(/.*)?"
141	) &>/dev/null \|\| :
142	fi
143	%endif
144
145	%files
146	%doc LICENSE README.md docs/examples/hook.sh
147	%dir %attr(0755,root,root) %{_sysconfdir}/%{name}/hooks_clean_challenge.d/
148	%attr(0644, root,root) %{_sysconfdir}/%{name}/hooks_deploy_cert.d/*
149	%config(noreplace) %{_sysconfdir}/%{name}/domains.txt
150	%config(noreplace) %{_sysconfdir}/%{name}/config
151	%config(noreplace) %attr(0755,root,root) %{_sysconfdir}/cron.daily/%{name}
152	%config(noreplace) %{_sysconfdir}/httpd/conf.d/%{name}.conf
153	%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
154	%attr(0755,root,root) %{_bindir}/%{name}
155	%attr(0755,root,root) %{_bindir}/dehydrated_hooks
156	%attr(0755,root,root) %{_bindir}/dehydrated_revoke
157	%dir %attr(0750,root,apache) %{_localstatedir}/lib/%{name}/challenges
158	%dir %attr(0750,root,root) %{_localstatedir}/lib/%{name}/certificates
159
160	%changelog
161	* Fri Feb 10 2017 Jean-Philipe Pialasse <tests@pialasse.com> - 0.4.0-1.sme
162	- update architecture of sources and release/version number
163	- according to Charlie Brady recomendations
164	- see [SME 9901]
165	* Mon Feb 06 2017 Jean-Philipe Pialasse <tests@pialasse.com> - 0.4.0.20170205.git1163864.sme
166	- update dehydrated to 0.4 [SME: 10080]
167	- see https://github.com/lukas2511/dehydrated/releases/tag/v0.4.0
168	- upstream release Version 0.4.0 commit 116386486b3749e4c5e1b4da35904f30f8b2749b
169
170	* Fri Jan 06 2017 Jean-Philipe Pialasse <tests@pialasse.com> - 0.3.0.20160914.gitcaeed7d-4.sme
171	- Initial import in SME Server Buildsys [SME: 9901]
172
173	* Mon Oct 24 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.3.0.20160914.gitcaeed7d-3
174	- Fix warning when installing dehydrated without upgrading from letsencrypt.sh
175
176	* Mon Sep 19 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.3.0.20160914.gitcaeed7d-2
177	- Fix find command to work with older find versions (on el5), replace -executable with -perm /111
178
179	* Wed Sep 14 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.3.0.20160914.gitcaeed7d-1
180	- Renamed to dehydrated
181
182	* Wed Aug 24 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160803.gitafabfff-2
183	- Set var_lib_t context to files
184
185	* Wed Aug 3 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160803.gitafabfff-1
186	- Update to git afabfff
187
188	* Mon Jun 6 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-4
189	- Default to enable HOOK in config
190
191	* Fri Jun 3 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-3
192	- Add missing exec permission on daily cronjob script
193
194	* Wed Jun 1 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-2
195	- Fix le_revoke.sh script to use config instead of config.sh
196
197	* Tue May 31 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-1
198	- Update to git ec48906
199
200	* Fri May 13 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160513.gita286741-1
201	- Update to git a286741
202
203	* Wed Mar 30 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160330.gitdca25e8-1
204	- Update to git dca25e8
205	- Fix arg shifting in le_hooks script
206
207	* Tue Feb 23 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160223.git2099c77-1
208	- Update to GIT git2099c77
209
210	* Sat Jan 30 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160127.git79ff846-2
211	- Rename httpd.sh hook to 10httpd.sh
212	- Provide le_revoke.sh script to revoke old certificates
213	- Add timestamp to logs using awk
214
215	* Fri Jan 29 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160127.git79ff846-1
216	- Use date based version number
217
218	* Wed Jan 27 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.3.git79ff846-1
219	- Update to git 79ff846
220
221	* Mon Jan 25 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.2.git3432f60-1
222	- Add hooks directory
223
224	* Mon Jan 25 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.1.git3432f60-1
225	- First package