[packages/letsencrypt.sh.git] / letsencrypt.sh.spec

Summary:	letsencrypt/acme client implemented as a shell-script
Name:		letsencrypt.sh
Version:	0.2.0
Release:	5
License:	MIT
Group:		Applications/Networking
Source0:	https://github.com/lukas2511/letsencrypt.sh/archive/v%{version}/%{name}-%{version}.tar.gz
# Source0-md5:	74974ab79d6879b92ba353bbf3d1257e
Source1:	apache.conf
Source2:	lighttpd.conf
Source3:	config.sh
Source4:	domains.txt
Source5:	hook.sh
Source6:	crontab
Patch0:		pld.patch
Patch1:		letsencrypt.sh-agrurl.patch
Patch2:		curl1.1.patch
URL:		https://github.com/lukas2511/letsencrypt.sh
BuildRequires:	rpmbuild(macros) >= 1.713
Requires:	crondaemon
Requires:	curl
Requires:	grep
Requires:	mktemp
Requires:	openssl-tools
Requires:	sed
Requires:	webapps
Suggests:	webserver(access)
Suggests:	webserver(alias)
BuildArch:	noarch
BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)

%define		_webapps	/etc/webapps
%define		_webapp		%{name}
%define		_sysconfdir	%{_webapps}/%{_webapp}
%define		_appdir		%{_datadir}/%{_webapp}

%description
This is a client for signing certificates with an ACME-server
(currently only provided by letsencrypt) implemented as a relatively
simple bash-script.

Current features:
- Signing of a list of domains
- Signing of a CSR
- Renewal if a certificate is about to expire or SAN (subdomains)
  changed
- Certificate revocation

%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1

%install
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT{%{_sbindir},%{_sysconfdir}/{acme-challenges,certs},/etc/cron.d}

install -p letsencrypt.sh $RPM_BUILD_ROOT%{_sbindir}
cp -p %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/apache.conf
cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/lighttpd.conf
cp -p %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}
cp -p %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}
cp -p %{SOURCE6} $RPM_BUILD_ROOT/etc/cron.d/letsencrypt
install -p %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}
cp -p $RPM_BUILD_ROOT%{_sysconfdir}/{apache,httpd}.conf

%clean
rm -rf $RPM_BUILD_ROOT

%triggerin -- apache1 < 1.3.37-3, apache1-base
%webapp_register apache %{_webapp}

%triggerun -- apache1 < 1.3.37-3, apache1-base
%webapp_unregister apache %{_webapp}

%triggerin -- apache < 2.2.0, apache-base
%webapp_register httpd %{_webapp}

%triggerun -- apache < 2.2.0, apache-base
%webapp_unregister httpd %{_webapp}

%triggerin -- lighttpd
%webapp_register lighttpd %{_webapp}

%triggerun -- lighttpd
%webapp_unregister lighttpd %{_webapp}

%files
%defattr(644,root,root,755)
%doc README.md CHANGELOG LICENSE
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/cron.d/letsencrypt
%dir %attr(750,root,http) %{_sysconfdir}
%dir %attr(700,root,root) %{_sysconfdir}/certs
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/apache.conf
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/httpd.conf
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/lighttpd.conf
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/config.sh
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/domains.txt
%attr(750,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/hook.sh
# challenges written here from letsencrypt.sh, need to be readable by webserver
%dir %attr(751,root,root) %{_sysconfdir}/acme-challenges

%attr(755,root,root) %{_sbindir}/letsencrypt.sh
Commit	Line	Data
1780cc1f ER	1	Summary: letsencrypt/acme client implemented as a shell-script
1780cc1f ER	2	Name: letsencrypt.sh
eccbe1cf	3	Version: 0.2.0
8e85f472	4	Release: 5
1780cc1f ER	5	License: MIT
	6	Group: Applications/Networking
	7	Source0: https://github.com/lukas2511/letsencrypt.sh/archive/v%{version}/%{name}-%{version}.tar.gz
eccbe1cf	8	# Source0-md5: 74974ab79d6879b92ba353bbf3d1257e
eb6aa75d ER	9	Source1: apache.conf
eb6aa75d ER	10	Source2: lighttpd.conf
3c33d40b	11	Source3: config.sh
8f670f9f	12	Source4: domains.txt
5765eca7	13	Source5: hook.sh
a0535a11	14	Source6: crontab
f5fc6721	15	Patch0: pld.patch
f4d4983b	16	Patch1: letsencrypt.sh-agrurl.patch
8e85f472	17	Patch2: curl1.1.patch
1780cc1f ER	18	URL: https://github.com/lukas2511/letsencrypt.sh
1780cc1f ER	19	BuildRequires: rpmbuild(macros) >= 1.713
a0535a11	20	Requires: crondaemon
1780cc1f ER	21	Requires: curl
	22	Requires: grep
	23	Requires: mktemp
60120665	24	Requires: openssl-tools
1780cc1f	25	Requires: sed
eb6aa75d	26	Requires: webapps
9f9f4d8c ER	27	Suggests: webserver(access)
9f9f4d8c ER	28	Suggests: webserver(alias)
1780cc1f ER	29	BuildArch: noarch
	30	BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
	31
eb6aa75d ER	32	%define _webapps /etc/webapps
	33	%define _webapp %{name}
	34	%define _sysconfdir %{_webapps}/%{_webapp}
	35	%define _appdir %{_datadir}/%{_webapp}
	36
1780cc1f ER	37	%description
	38	This is a client for signing certificates with an ACME-server
	39	(currently only provided by letsencrypt) implemented as a relatively
	40	simple bash-script.
	41
	42	Current features:
	43	- Signing of a list of domains
	44	- Signing of a CSR
	45	- Renewal if a certificate is about to expire or SAN (subdomains)
	46	changed
	47	- Certificate revocation
	48
	49	%prep
	50	%setup -q
f5fc6721	51	%patch0 -p1
f4d4983b	52	%patch1 -p1
8e85f472	53	%patch2 -p1
1780cc1f ER	54
	55	%install
	56	rm -rf $RPM_BUILD_ROOT
a0535a11	57	install -d $RPM_BUILD_ROOT{%{_sbindir},%{_sysconfdir}/{acme-challenges,certs},/etc/cron.d}
eb6aa75d ER	58
eb6aa75d ER	59	install -p letsencrypt.sh $RPM_BUILD_ROOT%{_sbindir}
eb6aa75d ER	60	cp -p %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/apache.conf
eb6aa75d ER	61	cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/lighttpd.conf
3c33d40b	62	cp -p %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}
8f670f9f	63	cp -p %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}
a0535a11	64	cp -p %{SOURCE6} $RPM_BUILD_ROOT/etc/cron.d/letsencrypt
5765eca7	65	install -p %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}
eb6aa75d	66	cp -p $RPM_BUILD_ROOT%{_sysconfdir}/{apache,httpd}.conf
1780cc1f ER	67
	68	%clean
	69	rm -rf $RPM_BUILD_ROOT
	70
eb6aa75d ER	71	%triggerin -- apache1 < 1.3.37-3, apache1-base
	72	%webapp_register apache %{_webapp}
	73
	74	%triggerun -- apache1 < 1.3.37-3, apache1-base
	75	%webapp_unregister apache %{_webapp}
	76
	77	%triggerin -- apache < 2.2.0, apache-base
	78	%webapp_register httpd %{_webapp}
	79
	80	%triggerun -- apache < 2.2.0, apache-base
	81	%webapp_unregister httpd %{_webapp}
	82
	83	%triggerin -- lighttpd
	84	%webapp_register lighttpd %{_webapp}
	85
	86	%triggerun -- lighttpd
	87	%webapp_unregister lighttpd %{_webapp}
	88
1780cc1f ER	89	%files
	90	%defattr(644,root,root,755)
	91	%doc README.md CHANGELOG LICENSE
a0535a11	92	%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/cron.d/letsencrypt
7410a329	93	%dir %attr(750,root,http) %{_sysconfdir}
a113aaf6	94	%dir %attr(700,root,root) %{_sysconfdir}/certs
eb6aa75d ER	95	%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/apache.conf
	96	%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/httpd.conf
	97	%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/lighttpd.conf
3c33d40b	98	%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/config.sh
8f670f9f	99	%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/domains.txt
5765eca7	100	%attr(750,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/hook.sh
eb6aa75d ER	101	# challenges written here from letsencrypt.sh, need to be readable by webserver
eb6aa75d ER	102	%dir %attr(751,root,root) %{_sysconfdir}/acme-challenges
7410a329 ER	103
7410a329 ER	104	%attr(755,root,root) %{_sbindir}/letsencrypt.sh