]>
Commit | Line | Data |
---|---|---|
1780cc1f | 1 | Summary: letsencrypt/acme client implemented as a shell-script |
0b9f695c | 2 | Name: dehydrated |
f8aa239e AM |
3 | Version: 0.7.0 |
4 | Release: 1 | |
1780cc1f ER |
5 | License: MIT |
6 | Group: Applications/Networking | |
0b9f695c | 7 | Source0: https://github.com/lukas2511/dehydrated/archive/v%{version}/%{name}-%{version}.tar.gz |
f8aa239e | 8 | # Source0-md5: a23c9f7a475b9d690e788ee13dd8f14a |
eb6aa75d ER |
9 | Source1: apache.conf |
10 | Source2: lighttpd.conf | |
aebe760f | 11 | Source3: nginx.conf |
5765eca7 | 12 | Source5: hook.sh |
f60f554e ER |
13 | Source6: hook-dns-01.sh |
14 | Source7: crontab | |
e91f3230 | 15 | Source8: sudoers |
f5fc6721 | 16 | Patch0: pld.patch |
cf01ce1c | 17 | URL: https://dehydrated.io/ |
1780cc1f | 18 | BuildRequires: rpmbuild(macros) >= 1.713 |
90738cc0 | 19 | Requires: ca-certificates |
a0535a11 | 20 | Requires: crondaemon |
1780cc1f | 21 | Requires: curl |
b9ec4220 | 22 | Requires: diffutils |
1780cc1f ER |
23 | Requires: grep |
24 | Requires: mktemp | |
60120665 | 25 | Requires: openssl-tools |
1780cc1f | 26 | Requires: sed |
e91f3230 | 27 | Requires: sudo |
eb6aa75d | 28 | Requires: webapps |
e91f3230 MK |
29 | Requires(postun): /usr/sbin/groupdel |
30 | Requires(pre): /usr/bin/getgid | |
31 | Requires(pre): /usr/sbin/groupadd | |
9f9f4d8c ER |
32 | Suggests: webserver(access) |
33 | Suggests: webserver(alias) | |
414a1fa2 | 34 | Obsoletes: letsencrypt.sh |
1780cc1f ER |
35 | BuildArch: noarch |
36 | BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) | |
37 | ||
eb6aa75d ER |
38 | %define _webapps /etc/webapps |
39 | %define _webapp %{name} | |
40 | %define _sysconfdir %{_webapps}/%{_webapp} | |
41 | %define _appdir %{_datadir}/%{_webapp} | |
42 | ||
1780cc1f ER |
43 | %description |
44 | This is a client for signing certificates with an ACME-server | |
45 | (currently only provided by letsencrypt) implemented as a relatively | |
46 | simple bash-script. | |
47 | ||
48 | Current features: | |
49 | - Signing of a list of domains | |
50 | - Signing of a CSR | |
51 | - Renewal if a certificate is about to expire or SAN (subdomains) | |
52 | changed | |
53 | - Certificate revocation | |
54 | ||
55 | %prep | |
56 | %setup -q | |
f5fc6721 | 57 | %patch0 -p1 |
1780cc1f ER |
58 | |
59 | %install | |
60 | rm -rf $RPM_BUILD_ROOT | |
e91f3230 | 61 | install -d $RPM_BUILD_ROOT{%{_sbindir},%{_sysconfdir}/certs,/etc/{cron,sudoers}.d} \ |
e354c9b6 | 62 | $RPM_BUILD_ROOT/var/lib/%{name}/{accounts,acme-challenge,certs} |
eb6aa75d | 63 | |
0b9f695c | 64 | install -p %{name} $RPM_BUILD_ROOT%{_sbindir} |
eb6aa75d ER |
65 | cp -p %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/apache.conf |
66 | cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/lighttpd.conf | |
aebe760f | 67 | cp -p %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/nginx.conf |
3ec257e0 | 68 | cp -p docs/examples/config $RPM_BUILD_ROOT%{_sysconfdir} |
cf01ce1c | 69 | cp -p docs/examples/domains.txt $RPM_BUILD_ROOT%{_sysconfdir} |
f60f554e | 70 | cp -p %{SOURCE7} $RPM_BUILD_ROOT/etc/cron.d/%{name} |
e91f3230 | 71 | cp -p %{SOURCE8} $RPM_BUILD_ROOT/etc/sudoers.d/%{name} |
5765eca7 | 72 | install -p %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir} |
f60f554e | 73 | install -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir} |
eb6aa75d | 74 | cp -p $RPM_BUILD_ROOT%{_sysconfdir}/{apache,httpd}.conf |
1780cc1f | 75 | |
e91f3230 MK |
76 | %pre |
77 | %groupadd -g 184 dehydrated | |
78 | ||
79 | %postun | |
80 | if [ "$1" = "0" ]; then | |
81 | %groupremove dehydrated | |
82 | fi | |
83 | ||
1780cc1f ER |
84 | %clean |
85 | rm -rf $RPM_BUILD_ROOT | |
86 | ||
eb6aa75d ER |
87 | %triggerin -- apache1 < 1.3.37-3, apache1-base |
88 | %webapp_register apache %{_webapp} | |
89 | ||
90 | %triggerun -- apache1 < 1.3.37-3, apache1-base | |
91 | %webapp_unregister apache %{_webapp} | |
92 | ||
93 | %triggerin -- apache < 2.2.0, apache-base | |
94 | %webapp_register httpd %{_webapp} | |
95 | ||
96 | %triggerun -- apache < 2.2.0, apache-base | |
97 | %webapp_unregister httpd %{_webapp} | |
98 | ||
99 | %triggerin -- lighttpd | |
100 | %webapp_register lighttpd %{_webapp} | |
101 | ||
102 | %triggerun -- lighttpd | |
103 | %webapp_unregister lighttpd %{_webapp} | |
104 | ||
aebe760f ER |
105 | %triggerin -- nginx |
106 | %webapp_register nginx %{_webapp} | |
107 | ||
108 | %triggerun -- nginx | |
109 | %webapp_unregister nginx %{_webapp} | |
110 | ||
1780cc1f ER |
111 | %files |
112 | %defattr(644,root,root,755) | |
113 | %doc README.md CHANGELOG LICENSE | |
0b9f695c | 114 | %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/cron.d/%{name} |
e91f3230 | 115 | %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sudoers.d/%{name} |
7410a329 | 116 | %dir %attr(750,root,http) %{_sysconfdir} |
eb6aa75d ER |
117 | %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/apache.conf |
118 | %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/httpd.conf | |
119 | %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/lighttpd.conf | |
aebe760f | 120 | %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nginx.conf |
7693646e | 121 | %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/config |
8f670f9f | 122 | %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/domains.txt |
5765eca7 | 123 | %attr(750,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/hook.sh |
f60f554e | 124 | %attr(750,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/hook-dns-01.sh |
0b9f695c | 125 | %attr(755,root,root) %{_sbindir}/%{name} |
f19ccd97 ER |
126 | %dir %attr(751,root,root) /var/lib/%{name} |
127 | %dir %attr(700,root,root) /var/lib/%{name}/accounts | |
e91f3230 | 128 | %dir %attr(750,root,dehydrated) /var/lib/%{name}/certs |
2e509387 | 129 | # challenges written here, need to be readable by webserver |
b21cd0a3 | 130 | %dir %attr(751,root,dehydrated) /var/lib/%{name}/acme-challenge |