/[smeserver]/rpms/dehydrated/sme9/dehydrated.spec
ViewVC logotype

Annotation of /rpms/dehydrated/sme9/dehydrated.spec

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.9 - (hide annotations) (download)
Sat Nov 23 00:03:39 2019 UTC (4 years, 11 months ago) by jcrisp
Branch: MAIN
CVS Tags: dehydrated-0_6_2-14_el6_sme, HEAD
Changes since 1.8: +10 -1 lines
* Fri Nov 22 2019 John Crisp <jcrisp@safeandsoundit.co.uk> 0.6.2-14.sme
- fix Malformed account ID error [SME: 10828]

1 unnilennium 1.1 Name: dehydrated
2 jpp 1.8 %define version 0.6.2
3 jcrisp 1.9 %define release 14
4 jpp 1.3 Version: %{version}
5     Release: %{release}%{?dist}
6 unnilennium 1.1 Summary: ACME client in bash
7    
8     Group: Application/System
9     License: MIT
10     URL: https://github.com/lukas2511/dehydrated
11 jpp 1.6 Source0: dehydrated-%{version}.tar.gz
12 jpp 1.3 Source1: integration.tgz
13 unnilennium 1.1
14 jcrisp 1.9 Patch1: dehydrated-fix-missing-id.patch
15    
16 unnilennium 1.1 BuildArch: noarch
17     BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
18    
19     BuildRequires: httpd
20     Requires: openssl
21     Requires: sed
22     Requires: /bin/awk
23     Requires: curl
24     Requires: /bin/mktemp
25    
26     Conflicts: letsencrypt.sh
27     Obsoletes: letsencrypt.sh
28    
29     %if 0%{?fedora} >= 11 || 0%{?rhel} >= 5
30     %global useselinux 1
31     %else
32     %global useselinux 0
33     %endif
34    
35     %description
36     This is a client for signing certificates with an ACME server
37     (currently only provided by Let's Encrypt) implemented as a
38     relatively simple bash-script.
39    
40     %prep
41 jpp 1.3 #unpack source 1
42     %setup -n dehydrated-%{version}
43     # unpack integration package aka source 1; do not delete previous -D, and disable default unpacking -T
44     # this wil unpack the integration file in the previous unpacked dehydrated folder
45     %setup -T -D -a 1
46 unnilennium 1.1
47 jcrisp 1.9 %patch1 -p1
48    
49 unnilennium 1.1 %build
50     sed -i -e "s|#BASEDIR=.*|BASEDIR=%{_localstatedir}/lib/%{name}/certificates|" \
51     -e "s|#WELLKNOWN=.*|WELLKNOWN=%{_localstatedir}/lib/%{name}/challenges|" \
52     -e "s|#HOOK=.*|HOOK=%{_bindir}/le_hooks.sh|" \
53     -e "s|#DOMAINS_TXT=.*|DOMAINS_TXT=%{_sysconfdir}/%{name}/domains.txt|" \
54     docs/examples/config
55    
56     %install
57     install -d $RPM_BUILD_ROOT/%{_localstatedir}/lib/%{name}/challenges
58     install -d $RPM_BUILD_ROOT/%{_localstatedir}/lib/%{name}/certificates
59     install -D dehydrated $RPM_BUILD_ROOT/%{_bindir}/%{name}
60 jpp 1.4 install integration/dehydrated_hooks $RPM_BUILD_ROOT/%{_bindir}/dehydrated_hooks
61     install integration/dehydrated_revoke $RPM_BUILD_ROOT/%{_bindir}/dehydrated_revoke
62 unnilennium 1.1 install -d $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/hooks_deploy_cert.d
63     install -d $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/hooks_clean_challenge.d
64 jpp 1.4 install -D -m 0644 integration/httpd.sh.sample $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/hooks_deploy_cert.d/10httpd.sh.sample
65 unnilennium 1.1 install -D -m 0644 docs/examples/config $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/config
66     install -D -m 0644 docs/examples/domains.txt $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/domains.txt
67     install -d $RPM_BUILD_ROOT/%{_sysconfdir}/cron.daily/
68     cat <<"_EOF" > $RPM_BUILD_ROOT/%{_sysconfdir}/cron.daily/%{name}
69 jpp 1.4
70 unnilennium 1.1 #!/bin/sh
71     # Uncomment to enable auto-renewal
72     # %{_bindir}/%{name} -c 2>&1 | awk '{ print strftime(), $0; fflush(); }' >> %{_localstatedir}/log/%{name}.log
73    
74     # Uncomment this to auto revoke old certs
75     # %{_bindir}/dehydrated_revoke 2>&1 | awk '{ print strftime(), $0; fflush(); }' >> %{_localstatedir}/log/%{name}.log
76    
77     _EOF
78     install -d $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d
79     cat <<"_EOF" > $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/dehydrated.conf
80    
81     Alias /.well-known/acme-challenge/ %{_localstatedir}/lib/%{name}/challenges/
82    
83     <Directory %{_localstatedir}/lib/%{name}/challenges>
84     Options None
85     AllowOverride None
86     Header set Content-Type "application/jose+json"
87     <IfModule mod_authz_core.c>
88     # Apache 2.4
89     Require all granted
90     </IfModule>
91     <IfModule !mod_authz_core.c>
92     # Apache 2.2
93     Order deny,allow
94     Allow from all
95     </IfModule>
96     </Directory>
97     _EOF
98     install -d -m 750 $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d
99     cat <<"_EOF" > $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/%{name}
100     /var/log/%{name}.log {
101     missingok
102     copytruncate
103     rotate 12
104     compress
105     weekly
106     create 0660 root root
107     }
108     _EOF
109    
110     %post
111     %if %{useselinux}
112     (
113     # New File context
114     semanage fcontext -a -t var_lib_t "%{_localstatedir}/lib/dehydrated(/.*)?"
115     # files created by app
116     restorecon -R %{_localstatedir}/lib/dehydrated
117     ) &>/dev/null || :
118     %endif
119    
120     # Migrate from letsencrypt.sh
121     if [ -e %{_sysconfdir}/letsencrypt.sh/config ]; then
122     sed -e 's/letsencrypt.sh/dehydrated/g' \
123     -e 's/le_hooks.sh/dehydrated_hooks/g' \
124     %{_sysconfdir}/letsencrypt.sh/config > %{_sysconfdir}/%{name}/config
125     fi
126     if [ -e %{_sysconfdir}/letsencrypt.sh/domains.txt ]; then
127     cat %{_sysconfdir}/letsencrypt.sh/domains.txt > %{_sysconfdir}/%{name}/domains.txt
128     fi
129     if [ -d %{_localstatedir}/lib/letsencrypt.sh/certificates/certs ]; then
130     mv %{_localstatedir}/lib/letsencrypt.sh/certificates/* %{_localstatedir}/lib/%{name}/certificates/
131     fi
132     sed -i -e 's|%{_localstatedir}/lib/letsencrypt.sh|%{_localstatedir}/lib/%{name}|g' %{_sysconfdir}/httpd/conf.d/ssl.conf
133     if [ -d %{_sysconfdir}/letsencrypt.sh/hooks_deploy_cert.d/ ]; then
134     find %{_sysconfdir}/letsencrypt.sh/hooks_deploy_cert.d/ -type f -perm /111 -exec mv "{}" %{_sysconfdir}/%{name}/hooks_deploy_cert.d/ \;
135     fi
136     if [ -d %{_sysconfdir}/letsencrypt.sh/hooks_clean_challenge.d/ ]; then
137     find %{_sysconfdir}/letsencrypt.sh/hooks_clean_challenge.d/ -type f -perm /111 -exec mv "{}" %{_sysconfdir}/%{name}/hooks_clean_challenge.d/ \;
138     fi
139    
140     %postun
141     %if %{useselinux}
142     if [ "$1" -eq "0" ]; then
143     # Remove the File Context
144     (
145     semanage fcontext -d "%{_localstatedir}/lib/dehydrated(/.*)?"
146     ) &>/dev/null || :
147     fi
148     %endif
149    
150     %files
151     %doc LICENSE README.md docs/examples/hook.sh
152 unnilennium 1.2 %dir %attr(0755,root,root) %{_sysconfdir}/%{name}/hooks_clean_challenge.d/
153     %attr(0644, root,root) %{_sysconfdir}/%{name}/hooks_deploy_cert.d/*
154     %config(noreplace) %{_sysconfdir}/%{name}/domains.txt
155     %config(noreplace) %{_sysconfdir}/%{name}/config
156 unnilennium 1.1 %config(noreplace) %attr(0755,root,root) %{_sysconfdir}/cron.daily/%{name}
157     %config(noreplace) %{_sysconfdir}/httpd/conf.d/%{name}.conf
158     %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
159     %attr(0755,root,root) %{_bindir}/%{name}
160     %attr(0755,root,root) %{_bindir}/dehydrated_hooks
161     %attr(0755,root,root) %{_bindir}/dehydrated_revoke
162     %dir %attr(0750,root,apache) %{_localstatedir}/lib/%{name}/challenges
163     %dir %attr(0750,root,root) %{_localstatedir}/lib/%{name}/certificates
164    
165     %changelog
166 jcrisp 1.9 * Fri Nov 22 2019 John Crisp <jcrisp@safeandsoundit.co.uk> 0.6.2-14.sme
167     - fix Malformed account ID error [SME: 10828]
168    
169 jpp 1.8 * Thu May 03 2018 Jean-Philipe Pialasse <tests@pialasse.com> 0.6.2-13.sme
170     - upgrade to upstream version [SME: 10577]
171    
172 jpp 1.7 * Wed Apr 11 2018 Jean-Philipe Pialasse <tests@pialasse.com> 0.6.1-12.sme
173 jpp 1.6 - upgrade to upstream version [SME: 10565]
174    
175 jpp 1.5 * Fri Feb 16 2018 Jean-Philipe Pialasse <tests@pialasse.com> 0.5.0-3.sme
176 jpp 1.4 - fix Dehydrated caused rate limits to be reached [SME: 10521] patch0
177    
178 jpp 1.3 * Fri Feb 16 2018 Jean-Philipe Pialasse <tests@pialasse.com> 0.5.0-1.sme
179     - upgrade to upstream version [SME: 10521]
180 jpp 1.4 - update architecture of sources and release/version number
181     according to Charlie Brady recomendations see [SME 9901]
182 jpp 1.3
183 unnilennium 1.2 * Mon Feb 06 2017 Jean-Philipe Pialasse <tests@pialasse.com> - 0.4.0.20170205.git1163864.sme
184     - update dehydrated to 0.4 [SME: 10080]
185     - see https://github.com/lukas2511/dehydrated/releases/tag/v0.4.0
186    
187 unnilennium 1.1 * Fri Jan 06 2017 Jean-Philipe Pialasse <tests@pialasse.com> - 0.3.0.20160914.gitcaeed7d-4.sme
188     - Initial import in SME Server Buildsys
189    
190     * Mon Oct 24 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.3.0.20160914.gitcaeed7d-3
191     - Fix warning when installing dehydrated without upgrading from letsencrypt.sh
192    
193     * Mon Sep 19 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.3.0.20160914.gitcaeed7d-2
194     - Fix find command to work with older find versions (on el5), replace -executable with -perm /111
195    
196     * Wed Sep 14 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.3.0.20160914.gitcaeed7d-1
197     - Renamed to dehydrated
198    
199     * Wed Aug 24 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160803.gitafabfff-2
200     - Set var_lib_t context to files
201    
202     * Wed Aug 3 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160803.gitafabfff-1
203     - Update to git afabfff
204    
205     * Mon Jun 6 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-4
206     - Default to enable HOOK in config
207    
208     * Fri Jun 3 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-3
209     - Add missing exec permission on daily cronjob script
210    
211     * Wed Jun 1 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-2
212     - Fix le_revoke.sh script to use config instead of config.sh
213    
214     * Tue May 31 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-1
215     - Update to git ec48906
216    
217     * Fri May 13 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160513.gita286741-1
218     - Update to git a286741
219    
220     * Wed Mar 30 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160330.gitdca25e8-1
221     - Update to git dca25e8
222     - Fix arg shifting in le_hooks script
223    
224     * Tue Feb 23 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160223.git2099c77-1
225     - Update to GIT git2099c77
226    
227     * Sat Jan 30 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160127.git79ff846-2
228     - Rename httpd.sh hook to 10httpd.sh
229     - Provide le_revoke.sh script to revoke old certificates
230     - Add timestamp to logs using awk
231    
232     * Fri Jan 29 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160127.git79ff846-1
233     - Use date based version number
234    
235     * Wed Jan 27 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.3.git79ff846-1
236     - Update to git 79ff846
237    
238     * Mon Jan 25 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.2.git3432f60-1
239     - Add hooks directory
240    
241     * Mon Jan 25 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.1.git3432f60-1
242     - First package
243 jcrisp 1.9
244     %patch

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed