/[smeserver]/rpms/dehydrated/sme10/dehydrated.spec
ViewVC logotype

Contents of /rpms/dehydrated/sme10/dehydrated.spec

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.7 - (show annotations) (download)
Mon Feb 26 22:04:13 2018 UTC (6 years, 8 months ago) by jpp
Branch: MAIN
CVS Tags: dehydrated-0_5_0-3_el7_sme
Changes since 1.6: +2 -2 lines
* Fri Feb 16 2018 Jean-Philipe Pialasse <tests@pialasse.com> Version:	0.5.0-3.sme
- fix Dehydrated caused rate limits to be reached [SME: 10521]

1 Name: dehydrated
2 %define version 0.5.0
3 %define release 3
4 Version: %{version}
5 Release: %{release}%{?dist}
6 Summary: ACME client in bash
7
8 Group: Application/System
9 License: MIT
10 URL: https://github.com/lukas2511/dehydrated
11 #download released zip and prepend dehydrated- to name
12 Source0: dehydrated-v%{version}.tar.gz
13 Source1: integration.tgz
14 Patch0: dehydrated-0.5.0-bz10521-7a0e71c6c2ccc6e98abca5ea1c7de28053e90c02.patch
15
16 BuildArch: noarch
17 BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
18
19 BuildRequires: httpd
20 Requires: openssl
21 Requires: sed
22 Requires: /bin/awk
23 Requires: curl
24 Requires: /bin/mktemp
25
26 Conflicts: letsencrypt.sh
27 Obsoletes: letsencrypt.sh
28
29 %if 0%{?fedora} >= 11 || 0%{?rhel} >= 5
30 %global useselinux 1
31 %else
32 %global useselinux 0
33 %endif
34
35 %description
36 This is a client for signing certificates with an ACME server
37 (currently only provided by Let's Encrypt) implemented as a
38 relatively simple bash-script.
39
40 %prep
41 #unpack source 1
42 %setup -n dehydrated-%{version}
43 %patch0 -p1
44 # unpack integration package aka source 1; do not delete previous -D, and disable default unpacking -T
45 # this wil unpack the integration file in the previous unpacked dehydrated folder
46 %setup -T -D -a 1
47
48 %build
49 sed -i -e "s|#BASEDIR=.*|BASEDIR=%{_localstatedir}/lib/%{name}/certificates|" \
50 -e "s|#WELLKNOWN=.*|WELLKNOWN=%{_localstatedir}/lib/%{name}/challenges|" \
51 -e "s|#HOOK=.*|HOOK=%{_bindir}/le_hooks.sh|" \
52 -e "s|#DOMAINS_TXT=.*|DOMAINS_TXT=%{_sysconfdir}/%{name}/domains.txt|" \
53 docs/examples/config
54
55 %install
56 install -d $RPM_BUILD_ROOT/%{_localstatedir}/lib/%{name}/challenges
57 install -d $RPM_BUILD_ROOT/%{_localstatedir}/lib/%{name}/certificates
58 install -D dehydrated $RPM_BUILD_ROOT/%{_bindir}/%{name}
59 install integration/dehydrated_hooks $RPM_BUILD_ROOT/%{_bindir}/dehydrated_hooks
60 install integration/dehydrated_revoke $RPM_BUILD_ROOT/%{_bindir}/dehydrated_revoke
61 install -d $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/hooks_deploy_cert.d
62 install -d $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/hooks_clean_challenge.d
63 install -D -m 0644 integration/httpd.sh.sample $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/hooks_deploy_cert.d/10httpd.sh.sample
64 install -D -m 0644 docs/examples/config $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/config
65 install -D -m 0644 docs/examples/domains.txt $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/domains.txt
66 install -d $RPM_BUILD_ROOT/%{_sysconfdir}/cron.daily/
67 cat <<"_EOF" > $RPM_BUILD_ROOT/%{_sysconfdir}/cron.daily/%{name}
68 #!/bin/sh
69 # Uncomment to enable auto-renewal
70 # %{_bindir}/%{name} -c 2>&1 | awk '{ print strftime(), $0; fflush(); }' >> %{_localstatedir}/log/%{name}.log
71
72 # Uncomment this to auto revoke old certs
73 # %{_bindir}/dehydrated_revoke 2>&1 | awk '{ print strftime(), $0; fflush(); }' >> %{_localstatedir}/log/%{name}.log
74
75 _EOF
76 install -d $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d
77 cat <<"_EOF" > $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/dehydrated.conf
78
79 Alias /.well-known/acme-challenge/ %{_localstatedir}/lib/%{name}/challenges/
80
81 <Directory %{_localstatedir}/lib/%{name}/challenges>
82 Options None
83 AllowOverride None
84 Header set Content-Type "application/jose+json"
85 <IfModule mod_authz_core.c>
86 # Apache 2.4
87 Require all granted
88 </IfModule>
89 <IfModule !mod_authz_core.c>
90 # Apache 2.2
91 Order deny,allow
92 Allow from all
93 </IfModule>
94 </Directory>
95 _EOF
96 install -d -m 750 $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d
97 cat <<"_EOF" > $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/%{name}
98 /var/log/%{name}.log {
99 missingok
100 copytruncate
101 rotate 12
102 compress
103 weekly
104 create 0660 root root
105 }
106 _EOF
107
108 %post
109 %if %{useselinux}
110 (
111 # New File context
112 semanage fcontext -a -t var_lib_t "%{_localstatedir}/lib/dehydrated(/.*)?"
113 # files created by app
114 restorecon -R %{_localstatedir}/lib/dehydrated
115 ) &>/dev/null || :
116 %endif
117
118 # Migrate from letsencrypt.sh
119 if [ -e %{_sysconfdir}/letsencrypt.sh/config ]; then
120 sed -e 's/letsencrypt.sh/dehydrated/g' \
121 -e 's/le_hooks.sh/dehydrated_hooks/g' \
122 %{_sysconfdir}/letsencrypt.sh/config > %{_sysconfdir}/%{name}/config
123 fi
124 if [ -e %{_sysconfdir}/letsencrypt.sh/domains.txt ]; then
125 cat %{_sysconfdir}/letsencrypt.sh/domains.txt > %{_sysconfdir}/%{name}/domains.txt
126 fi
127 if [ -d %{_localstatedir}/lib/letsencrypt.sh/certificates/certs ]; then
128 mv %{_localstatedir}/lib/letsencrypt.sh/certificates/* %{_localstatedir}/lib/%{name}/certificates/
129 fi
130 sed -i -e 's|%{_localstatedir}/lib/letsencrypt.sh|%{_localstatedir}/lib/%{name}|g' %{_sysconfdir}/httpd/conf.d/ssl.conf
131 if [ -d %{_sysconfdir}/letsencrypt.sh/hooks_deploy_cert.d/ ]; then
132 find %{_sysconfdir}/letsencrypt.sh/hooks_deploy_cert.d/ -type f -perm /111 -exec mv "{}" %{_sysconfdir}/%{name}/hooks_deploy_cert.d/ \;
133 fi
134 if [ -d %{_sysconfdir}/letsencrypt.sh/hooks_clean_challenge.d/ ]; then
135 find %{_sysconfdir}/letsencrypt.sh/hooks_clean_challenge.d/ -type f -perm /111 -exec mv "{}" %{_sysconfdir}/%{name}/hooks_clean_challenge.d/ \;
136 fi
137
138 %postun
139 %if %{useselinux}
140 if [ "$1" -eq "0" ]; then
141 # Remove the File Context
142 (
143 semanage fcontext -d "%{_localstatedir}/lib/dehydrated(/.*)?"
144 ) &>/dev/null || :
145 fi
146 %endif
147
148 %files
149 %doc LICENSE README.md docs/examples/hook.sh
150 %dir %attr(0755,root,root) %{_sysconfdir}/%{name}/hooks_clean_challenge.d/
151 %attr(0644, root,root) %{_sysconfdir}/%{name}/hooks_deploy_cert.d/*
152 %config(noreplace) %{_sysconfdir}/%{name}/domains.txt
153 %config(noreplace) %{_sysconfdir}/%{name}/config
154 %config(noreplace) %attr(0755,root,root) %{_sysconfdir}/cron.daily/%{name}
155 %config(noreplace) %{_sysconfdir}/httpd/conf.d/%{name}.conf
156 %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
157 %attr(0755,root,root) %{_bindir}/%{name}
158 %attr(0755,root,root) %{_bindir}/dehydrated_hooks
159 %attr(0755,root,root) %{_bindir}/dehydrated_revoke
160 %dir %attr(0750,root,apache) %{_localstatedir}/lib/%{name}/challenges
161 %dir %attr(0750,root,root) %{_localstatedir}/lib/%{name}/certificates
162
163 %changelog
164 * Fri Feb 16 2018 Jean-Philipe Pialasse <tests@pialasse.com> Version: 0.5.0-3.sme
165 - fix Dehydrated caused rate limits to be reached [SME: 10521]
166
167 * Fri Feb 16 2018 Jean-Philipe Pialasse <tests@pialasse.com> 0.5.0-1.sme
168 - upgrade to upstream version [SME: 10521]
169
170 * Fri Feb 10 2017 Jean-Philipe Pialasse <tests@pialasse.com> - 0.4.0-1.sme
171 - update architecture of sources and release/version number
172 - according to Charlie Brady recomendations
173 - see [SME 9901]
174 * Mon Feb 06 2017 Jean-Philipe Pialasse <tests@pialasse.com> - 0.4.0.20170205.git1163864.sme
175 - update dehydrated to 0.4 [SME: 10080]
176 - see https://github.com/lukas2511/dehydrated/releases/tag/v0.4.0
177 - upstream release Version 0.4.0 commit 116386486b3749e4c5e1b4da35904f30f8b2749b
178
179 * Fri Jan 06 2017 Jean-Philipe Pialasse <tests@pialasse.com> - 0.3.0.20160914.gitcaeed7d-4.sme
180 - Initial import in SME Server Buildsys [SME: 9901]
181
182 * Mon Oct 24 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.3.0.20160914.gitcaeed7d-3
183 - Fix warning when installing dehydrated without upgrading from letsencrypt.sh
184
185 * Mon Sep 19 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.3.0.20160914.gitcaeed7d-2
186 - Fix find command to work with older find versions (on el5), replace -executable with -perm /111
187
188 * Wed Sep 14 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.3.0.20160914.gitcaeed7d-1
189 - Renamed to dehydrated
190
191 * Wed Aug 24 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160803.gitafabfff-2
192 - Set var_lib_t context to files
193
194 * Wed Aug 3 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160803.gitafabfff-1
195 - Update to git afabfff
196
197 * Mon Jun 6 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-4
198 - Default to enable HOOK in config
199
200 * Fri Jun 3 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-3
201 - Add missing exec permission on daily cronjob script
202
203 * Wed Jun 1 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-2
204 - Fix le_revoke.sh script to use config instead of config.sh
205
206 * Tue May 31 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-1
207 - Update to git ec48906
208
209 * Fri May 13 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160513.gita286741-1
210 - Update to git a286741
211
212 * Wed Mar 30 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160330.gitdca25e8-1
213 - Update to git dca25e8
214 - Fix arg shifting in le_hooks script
215
216 * Tue Feb 23 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160223.git2099c77-1
217 - Update to GIT git2099c77
218
219 * Sat Jan 30 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160127.git79ff846-2
220 - Rename httpd.sh hook to 10httpd.sh
221 - Provide le_revoke.sh script to revoke old certificates
222 - Add timestamp to logs using awk
223
224 * Fri Jan 29 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160127.git79ff846-1
225 - Use date based version number
226
227 * Wed Jan 27 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.3.git79ff846-1
228 - Update to git 79ff846
229
230 * Mon Jan 25 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.2.git3432f60-1
231 - Add hooks directory
232
233 * Mon Jan 25 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.1.git3432f60-1
234 - First package

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed