[packages/dehydrated.git] / dehydrated.spec

Summary:	letsencrypt/acme client implemented as a shell-script
Name:		dehydrated
Version:	0.7.0
Release:	1
License:	MIT
Group:		Applications/Networking
Source0:	https://github.com/lukas2511/dehydrated/archive/v%{version}/%{name}-%{version}.tar.gz
# Source0-md5:	a23c9f7a475b9d690e788ee13dd8f14a
Source1:	apache.conf
Source2:	lighttpd.conf
Source3:	nginx.conf
Source5:	hook.sh
Source6:	hook-dns-01.sh
Source7:	crontab
Source8:	sudoers
Patch0:		pld.patch
URL:		https://dehydrated.io/
BuildRequires:	rpmbuild(macros) >= 1.713
Requires:	ca-certificates
Requires:	crondaemon
Requires:	curl
Requires:	diffutils
Requires:	grep
Requires:	mktemp
Requires:	openssl-tools
Requires:	sed
Requires:	sudo
Requires:	webapps
Requires(postun):	/usr/sbin/groupdel
Requires(pre):	/usr/bin/getgid
Requires(pre):	/usr/sbin/groupadd
Suggests:	webserver(access)
Suggests:	webserver(alias)
Obsoletes:	letsencrypt.sh
BuildArch:	noarch
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%define		_webapps	/etc/webapps
%define		_webapp		%{name}
%define		_sysconfdir	%{_webapps}/%{_webapp}
%define		_appdir		%{_datadir}/%{_webapp}

%description
This is a client for signing certificates with an ACME-server
(currently only provided by letsencrypt) implemented as a relatively
simple bash-script.

Current features:
- Signing of a list of domains
- Signing of a CSR
- Renewal if a certificate is about to expire or SAN (subdomains)
  changed
- Certificate revocation

%prep
%setup -q
%patch0 -p1

%install
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT{%{_sbindir},%{_sysconfdir}/certs,/etc/{cron,sudoers}.d} \
	$RPM_BUILD_ROOT/var/lib/%{name}/{accounts,acme-challenge,certs}

install -p %{name} $RPM_BUILD_ROOT%{_sbindir}
cp -p %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/apache.conf
cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/lighttpd.conf
cp -p %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/nginx.conf
cp -p docs/examples/config $RPM_BUILD_ROOT%{_sysconfdir}
cp -p docs/examples/domains.txt $RPM_BUILD_ROOT%{_sysconfdir}
cp -p %{SOURCE7} $RPM_BUILD_ROOT/etc/cron.d/%{name}
cp -p %{SOURCE8} $RPM_BUILD_ROOT/etc/sudoers.d/%{name}
install -p %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}
install -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
cp -p $RPM_BUILD_ROOT%{_sysconfdir}/{apache,httpd}.conf

%pre
%groupadd -g 184 dehydrated

%postun
if [ "$1" = "0" ]; then
	%groupremove dehydrated
fi

%clean
rm -rf $RPM_BUILD_ROOT

%triggerin -- apache1 < 1.3.37-3, apache1-base
%webapp_register apache %{_webapp}

%triggerun -- apache1 < 1.3.37-3, apache1-base
%webapp_unregister apache %{_webapp}

%triggerin -- apache < 2.2.0, apache-base
%webapp_register httpd %{_webapp}

%triggerun -- apache < 2.2.0, apache-base
%webapp_unregister httpd %{_webapp}

%triggerin -- lighttpd
%webapp_register lighttpd %{_webapp}

%triggerun -- lighttpd
%webapp_unregister lighttpd %{_webapp}

%triggerin -- nginx
%webapp_register nginx %{_webapp}

%triggerun -- nginx
%webapp_unregister nginx %{_webapp}

%files
%defattr(644,root,root,755)
%doc README.md CHANGELOG LICENSE
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/cron.d/%{name}
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sudoers.d/%{name}
%dir %attr(750,root,http) %{_sysconfdir}
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/apache.conf
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/httpd.conf
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/lighttpd.conf
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nginx.conf
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/config
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/domains.txt
%attr(750,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/hook.sh
%attr(750,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/hook-dns-01.sh
%attr(755,root,root) %{_sbindir}/%{name}
%dir %attr(751,root,root) /var/lib/%{name}
%dir %attr(700,root,root) /var/lib/%{name}/accounts
%dir %attr(750,root,dehydrated) /var/lib/%{name}/certs
# challenges written here, need to be readable by webserver
%dir %attr(751,root,dehydrated) /var/lib/%{name}/acme-challenge
Commit	Line	Data
1780cc1f	1	Summary: letsencrypt/acme client implemented as a shell-script
0b9f695c	2	Name: dehydrated
f8aa239e AM	3	Version: 0.7.0
f8aa239e AM	4	Release: 1
1780cc1f ER	5	License: MIT
1780cc1f ER	6	Group: Applications/Networking
0b9f695c	7	Source0: https://github.com/lukas2511/dehydrated/archive/v%{version}/%{name}-%{version}.tar.gz
f8aa239e	8	# Source0-md5: a23c9f7a475b9d690e788ee13dd8f14a
eb6aa75d ER	9	Source1: apache.conf
eb6aa75d ER	10	Source2: lighttpd.conf
aebe760f	11	Source3: nginx.conf
5765eca7	12	Source5: hook.sh
f60f554e ER	13	Source6: hook-dns-01.sh
f60f554e ER	14	Source7: crontab
e91f3230	15	Source8: sudoers
f5fc6721	16	Patch0: pld.patch
cf01ce1c	17	URL: https://dehydrated.io/
1780cc1f	18	BuildRequires: rpmbuild(macros) >= 1.713
90738cc0	19	Requires: ca-certificates
a0535a11	20	Requires: crondaemon
1780cc1f	21	Requires: curl
b9ec4220	22	Requires: diffutils
1780cc1f ER	23	Requires: grep
1780cc1f ER	24	Requires: mktemp
60120665	25	Requires: openssl-tools
1780cc1f	26	Requires: sed
e91f3230	27	Requires: sudo
eb6aa75d	28	Requires: webapps
e91f3230 MK	29	Requires(postun): /usr/sbin/groupdel
	30	Requires(pre): /usr/bin/getgid
	31	Requires(pre): /usr/sbin/groupadd
9f9f4d8c ER	32	Suggests: webserver(access)
9f9f4d8c ER	33	Suggests: webserver(alias)
414a1fa2	34	Obsoletes: letsencrypt.sh
1780cc1f ER	35	BuildArch: noarch
	36	BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
	37
eb6aa75d ER	38	%define _webapps /etc/webapps
	39	%define _webapp %{name}
	40	%define _sysconfdir %{_webapps}/%{_webapp}
	41	%define _appdir %{_datadir}/%{_webapp}
	42
1780cc1f ER	43	%description
	44	This is a client for signing certificates with an ACME-server
	45	(currently only provided by letsencrypt) implemented as a relatively
	46	simple bash-script.
	47
	48	Current features:
	49	- Signing of a list of domains
	50	- Signing of a CSR
	51	- Renewal if a certificate is about to expire or SAN (subdomains)
	52	changed
	53	- Certificate revocation
	54
	55	%prep
	56	%setup -q
f5fc6721	57	%patch0 -p1
1780cc1f ER	58
	59	%install
	60	rm -rf $RPM_BUILD_ROOT
e91f3230	61	install -d $RPM_BUILD_ROOT{%{_sbindir},%{_sysconfdir}/certs,/etc/{cron,sudoers}.d} \
e354c9b6	62	$RPM_BUILD_ROOT/var/lib/%{name}/{accounts,acme-challenge,certs}
eb6aa75d	63
0b9f695c	64	install -p %{name} $RPM_BUILD_ROOT%{_sbindir}
eb6aa75d ER	65	cp -p %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/apache.conf
eb6aa75d ER	66	cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/lighttpd.conf
aebe760f	67	cp -p %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/nginx.conf
3ec257e0	68	cp -p docs/examples/config $RPM_BUILD_ROOT%{_sysconfdir}
cf01ce1c	69	cp -p docs/examples/domains.txt $RPM_BUILD_ROOT%{_sysconfdir}
f60f554e	70	cp -p %{SOURCE7} $RPM_BUILD_ROOT/etc/cron.d/%{name}
e91f3230	71	cp -p %{SOURCE8} $RPM_BUILD_ROOT/etc/sudoers.d/%{name}
5765eca7	72	install -p %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}
f60f554e	73	install -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
eb6aa75d	74	cp -p $RPM_BUILD_ROOT%{_sysconfdir}/{apache,httpd}.conf
1780cc1f	75
e91f3230 MK	76	%pre
	77	%groupadd -g 184 dehydrated
	78
	79	%postun
	80	if [ "$1" = "0" ]; then
	81	%groupremove dehydrated
	82	fi
	83
1780cc1f ER	84	%clean
	85	rm -rf $RPM_BUILD_ROOT
	86
eb6aa75d ER	87	%triggerin -- apache1 < 1.3.37-3, apache1-base
	88	%webapp_register apache %{_webapp}
	89
	90	%triggerun -- apache1 < 1.3.37-3, apache1-base
	91	%webapp_unregister apache %{_webapp}
	92
	93	%triggerin -- apache < 2.2.0, apache-base
	94	%webapp_register httpd %{_webapp}
	95
	96	%triggerun -- apache < 2.2.0, apache-base
	97	%webapp_unregister httpd %{_webapp}
	98
	99	%triggerin -- lighttpd
	100	%webapp_register lighttpd %{_webapp}
	101
	102	%triggerun -- lighttpd
	103	%webapp_unregister lighttpd %{_webapp}
	104
aebe760f ER	105	%triggerin -- nginx
	106	%webapp_register nginx %{_webapp}
	107
	108	%triggerun -- nginx
	109	%webapp_unregister nginx %{_webapp}
	110
1780cc1f ER	111	%files
	112	%defattr(644,root,root,755)
	113	%doc README.md CHANGELOG LICENSE
0b9f695c	114	%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/cron.d/%{name}
e91f3230	115	%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sudoers.d/%{name}
7410a329	116	%dir %attr(750,root,http) %{_sysconfdir}
eb6aa75d ER	117	%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/apache.conf
	118	%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/httpd.conf
	119	%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/lighttpd.conf
aebe760f	120	%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nginx.conf
7693646e	121	%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/config
8f670f9f	122	%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/domains.txt
5765eca7	123	%attr(750,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/hook.sh
f60f554e	124	%attr(750,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/hook-dns-01.sh
0b9f695c	125	%attr(755,root,root) %{_sbindir}/%{name}
f19ccd97 ER	126	%dir %attr(751,root,root) /var/lib/%{name}
f19ccd97 ER	127	%dir %attr(700,root,root) /var/lib/%{name}/accounts
e91f3230	128	%dir %attr(750,root,dehydrated) /var/lib/%{name}/certs
2e509387	129	# challenges written here, need to be readable by webserver
b21cd0a3	130	%dir %attr(751,root,dehydrated) /var/lib/%{name}/acme-challenge