/[smeserver]/rpms/dehydrated/sme9/dehydrated.spec
ViewVC logotype

Annotation of /rpms/dehydrated/sme9/dehydrated.spec

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.4 - (hide annotations) (download)
Fri Feb 16 22:58:47 2018 UTC (6 years, 9 months ago) by jpp
Branch: MAIN
CVS Tags: dehydrated-0_5_0-2_el6_sme
Changes since 1.3: +11 -4 lines
* Fri Feb 16 2018 Jean-Philipe Pialasse <tests@pialasse.com> 0.5.0-2.sme
- fix Dehydrated caused rate limits to be reached [SME: 10521] patch0

1 unnilennium 1.1 Name: dehydrated
2 jpp 1.3 %define version 0.5.0
3 jpp 1.4 %define release 2
4 jpp 1.3 Version: %{version}
5     Release: %{release}%{?dist}
6 unnilennium 1.1 Summary: ACME client in bash
7    
8     Group: Application/System
9     License: MIT
10     URL: https://github.com/lukas2511/dehydrated
11 jpp 1.3 Source0: dehydrated-v%{version}.tar.gz
12     Source1: integration.tgz
13 jpp 1.4 Patch0: dehydrated-0.5.0-bz10521-7a0e71c6c2ccc6e98abca5ea1c7de28053e90c02.patch
14 unnilennium 1.1
15     BuildArch: noarch
16     BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
17    
18     BuildRequires: httpd
19     Requires: openssl
20     Requires: sed
21     Requires: /bin/awk
22     Requires: curl
23     Requires: /bin/mktemp
24    
25     Conflicts: letsencrypt.sh
26     Obsoletes: letsencrypt.sh
27    
28     %if 0%{?fedora} >= 11 || 0%{?rhel} >= 5
29     %global useselinux 1
30     %else
31     %global useselinux 0
32     %endif
33    
34     %description
35     This is a client for signing certificates with an ACME server
36     (currently only provided by Let's Encrypt) implemented as a
37     relatively simple bash-script.
38    
39     %prep
40 jpp 1.3 #unpack source 1
41     %setup -n dehydrated-%{version}
42     %patch0 -p1
43     # unpack integration package aka source 1; do not delete previous -D, and disable default unpacking -T
44     # this wil unpack the integration file in the previous unpacked dehydrated folder
45     %setup -T -D -a 1
46 unnilennium 1.1
47     %build
48     sed -i -e "s|#BASEDIR=.*|BASEDIR=%{_localstatedir}/lib/%{name}/certificates|" \
49     -e "s|#WELLKNOWN=.*|WELLKNOWN=%{_localstatedir}/lib/%{name}/challenges|" \
50     -e "s|#HOOK=.*|HOOK=%{_bindir}/le_hooks.sh|" \
51     -e "s|#DOMAINS_TXT=.*|DOMAINS_TXT=%{_sysconfdir}/%{name}/domains.txt|" \
52     docs/examples/config
53    
54     %install
55     install -d $RPM_BUILD_ROOT/%{_localstatedir}/lib/%{name}/challenges
56     install -d $RPM_BUILD_ROOT/%{_localstatedir}/lib/%{name}/certificates
57     install -D dehydrated $RPM_BUILD_ROOT/%{_bindir}/%{name}
58 jpp 1.4 install integration/dehydrated_hooks $RPM_BUILD_ROOT/%{_bindir}/dehydrated_hooks
59     install integration/dehydrated_revoke $RPM_BUILD_ROOT/%{_bindir}/dehydrated_revoke
60 unnilennium 1.1 install -d $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/hooks_deploy_cert.d
61     install -d $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/hooks_clean_challenge.d
62 jpp 1.4 install -D -m 0644 integration/httpd.sh.sample $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/hooks_deploy_cert.d/10httpd.sh.sample
63 unnilennium 1.1 install -D -m 0644 docs/examples/config $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/config
64     install -D -m 0644 docs/examples/domains.txt $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/domains.txt
65     install -d $RPM_BUILD_ROOT/%{_sysconfdir}/cron.daily/
66     cat <<"_EOF" > $RPM_BUILD_ROOT/%{_sysconfdir}/cron.daily/%{name}
67 jpp 1.4
68 unnilennium 1.1 #!/bin/sh
69     # Uncomment to enable auto-renewal
70     # %{_bindir}/%{name} -c 2>&1 | awk '{ print strftime(), $0; fflush(); }' >> %{_localstatedir}/log/%{name}.log
71    
72     # Uncomment this to auto revoke old certs
73     # %{_bindir}/dehydrated_revoke 2>&1 | awk '{ print strftime(), $0; fflush(); }' >> %{_localstatedir}/log/%{name}.log
74    
75     _EOF
76     install -d $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d
77     cat <<"_EOF" > $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/dehydrated.conf
78    
79     Alias /.well-known/acme-challenge/ %{_localstatedir}/lib/%{name}/challenges/
80    
81     <Directory %{_localstatedir}/lib/%{name}/challenges>
82     Options None
83     AllowOverride None
84     Header set Content-Type "application/jose+json"
85     <IfModule mod_authz_core.c>
86     # Apache 2.4
87     Require all granted
88     </IfModule>
89     <IfModule !mod_authz_core.c>
90     # Apache 2.2
91     Order deny,allow
92     Allow from all
93     </IfModule>
94     </Directory>
95     _EOF
96     install -d -m 750 $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d
97     cat <<"_EOF" > $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/%{name}
98     /var/log/%{name}.log {
99     missingok
100     copytruncate
101     rotate 12
102     compress
103     weekly
104     create 0660 root root
105     }
106     _EOF
107    
108     %post
109     %if %{useselinux}
110     (
111     # New File context
112     semanage fcontext -a -t var_lib_t "%{_localstatedir}/lib/dehydrated(/.*)?"
113     # files created by app
114     restorecon -R %{_localstatedir}/lib/dehydrated
115     ) &>/dev/null || :
116     %endif
117    
118     # Migrate from letsencrypt.sh
119     if [ -e %{_sysconfdir}/letsencrypt.sh/config ]; then
120     sed -e 's/letsencrypt.sh/dehydrated/g' \
121     -e 's/le_hooks.sh/dehydrated_hooks/g' \
122     %{_sysconfdir}/letsencrypt.sh/config > %{_sysconfdir}/%{name}/config
123     fi
124     if [ -e %{_sysconfdir}/letsencrypt.sh/domains.txt ]; then
125     cat %{_sysconfdir}/letsencrypt.sh/domains.txt > %{_sysconfdir}/%{name}/domains.txt
126     fi
127     if [ -d %{_localstatedir}/lib/letsencrypt.sh/certificates/certs ]; then
128     mv %{_localstatedir}/lib/letsencrypt.sh/certificates/* %{_localstatedir}/lib/%{name}/certificates/
129     fi
130     sed -i -e 's|%{_localstatedir}/lib/letsencrypt.sh|%{_localstatedir}/lib/%{name}|g' %{_sysconfdir}/httpd/conf.d/ssl.conf
131     if [ -d %{_sysconfdir}/letsencrypt.sh/hooks_deploy_cert.d/ ]; then
132     find %{_sysconfdir}/letsencrypt.sh/hooks_deploy_cert.d/ -type f -perm /111 -exec mv "{}" %{_sysconfdir}/%{name}/hooks_deploy_cert.d/ \;
133     fi
134     if [ -d %{_sysconfdir}/letsencrypt.sh/hooks_clean_challenge.d/ ]; then
135     find %{_sysconfdir}/letsencrypt.sh/hooks_clean_challenge.d/ -type f -perm /111 -exec mv "{}" %{_sysconfdir}/%{name}/hooks_clean_challenge.d/ \;
136     fi
137    
138     %postun
139     %if %{useselinux}
140     if [ "$1" -eq "0" ]; then
141     # Remove the File Context
142     (
143     semanage fcontext -d "%{_localstatedir}/lib/dehydrated(/.*)?"
144     ) &>/dev/null || :
145     fi
146     %endif
147    
148     %files
149     %doc LICENSE README.md docs/examples/hook.sh
150 unnilennium 1.2 %dir %attr(0755,root,root) %{_sysconfdir}/%{name}/hooks_clean_challenge.d/
151     %attr(0644, root,root) %{_sysconfdir}/%{name}/hooks_deploy_cert.d/*
152     %config(noreplace) %{_sysconfdir}/%{name}/domains.txt
153     %config(noreplace) %{_sysconfdir}/%{name}/config
154 unnilennium 1.1 %config(noreplace) %attr(0755,root,root) %{_sysconfdir}/cron.daily/%{name}
155     %config(noreplace) %{_sysconfdir}/httpd/conf.d/%{name}.conf
156     %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
157     %attr(0755,root,root) %{_bindir}/%{name}
158     %attr(0755,root,root) %{_bindir}/dehydrated_hooks
159     %attr(0755,root,root) %{_bindir}/dehydrated_revoke
160     %dir %attr(0750,root,apache) %{_localstatedir}/lib/%{name}/challenges
161     %dir %attr(0750,root,root) %{_localstatedir}/lib/%{name}/certificates
162    
163     %changelog
164 jpp 1.4 * Fri Feb 16 2018 Jean-Philipe Pialasse <tests@pialasse.com> 0.5.0-2.sme
165     - fix Dehydrated caused rate limits to be reached [SME: 10521] patch0
166    
167 jpp 1.3 * Fri Feb 16 2018 Jean-Philipe Pialasse <tests@pialasse.com> 0.5.0-1.sme
168     - upgrade to upstream version [SME: 10521]
169 jpp 1.4 - update architecture of sources and release/version number
170     according to Charlie Brady recomendations see [SME 9901]
171 jpp 1.3
172 unnilennium 1.2 * Mon Feb 06 2017 Jean-Philipe Pialasse <tests@pialasse.com> - 0.4.0.20170205.git1163864.sme
173     - update dehydrated to 0.4 [SME: 10080]
174     - see https://github.com/lukas2511/dehydrated/releases/tag/v0.4.0
175    
176 unnilennium 1.1 * Fri Jan 06 2017 Jean-Philipe Pialasse <tests@pialasse.com> - 0.3.0.20160914.gitcaeed7d-4.sme
177     - Initial import in SME Server Buildsys
178    
179     * Mon Oct 24 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.3.0.20160914.gitcaeed7d-3
180     - Fix warning when installing dehydrated without upgrading from letsencrypt.sh
181    
182     * Mon Sep 19 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.3.0.20160914.gitcaeed7d-2
183     - Fix find command to work with older find versions (on el5), replace -executable with -perm /111
184    
185     * Wed Sep 14 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.3.0.20160914.gitcaeed7d-1
186     - Renamed to dehydrated
187    
188     * Wed Aug 24 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160803.gitafabfff-2
189     - Set var_lib_t context to files
190    
191     * Wed Aug 3 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160803.gitafabfff-1
192     - Update to git afabfff
193    
194     * Mon Jun 6 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-4
195     - Default to enable HOOK in config
196    
197     * Fri Jun 3 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-3
198     - Add missing exec permission on daily cronjob script
199    
200     * Wed Jun 1 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-2
201     - Fix le_revoke.sh script to use config instead of config.sh
202    
203     * Tue May 31 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-1
204     - Update to git ec48906
205    
206     * Fri May 13 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160513.gita286741-1
207     - Update to git a286741
208    
209     * Wed Mar 30 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160330.gitdca25e8-1
210     - Update to git dca25e8
211     - Fix arg shifting in le_hooks script
212    
213     * Tue Feb 23 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160223.git2099c77-1
214     - Update to GIT git2099c77
215    
216     * Sat Jan 30 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160127.git79ff846-2
217     - Rename httpd.sh hook to 10httpd.sh
218     - Provide le_revoke.sh script to revoke old certificates
219     - Add timestamp to logs using awk
220    
221     * Fri Jan 29 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160127.git79ff846-1
222     - Use date based version number
223    
224     * Wed Jan 27 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.3.git79ff846-1
225     - Update to git 79ff846
226    
227     * Mon Jan 25 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.2.git3432f60-1
228     - Add hooks directory
229    
230     * Mon Jan 25 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.1.git3432f60-1
231     - First package

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed