1 Summary: letsencrypt/acme client implemented as a shell-script
6 Group: Applications/Networking
7 Source0: https://github.com/lukas2511/dehydrated/archive/v%{version}/%{name}-%{version}.tar.gz
8 # Source0-md5: cedf07369517c317c4e1075540b94699
10 Source2: lighttpd.conf
13 Source6: hook-dns-01.sh
17 URL: https://dehydrated.io/
18 BuildRequires: rpmbuild(macros) >= 1.713
19 Requires: ca-certificates
25 Requires: openssl-tools
29 Requires(postun): /usr/sbin/groupdel
30 Requires(pre): /usr/bin/getgid
31 Requires(pre): /usr/sbin/groupadd
32 Suggests: webserver(access)
33 Suggests: webserver(alias)
34 Obsoletes: letsencrypt.sh
36 BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
38 %define _webapps /etc/webapps
39 %define _webapp %{name}
40 %define _sysconfdir %{_webapps}/%{_webapp}
41 %define _appdir %{_datadir}/%{_webapp}
44 This is a client for signing certificates with an ACME-server
45 (currently only provided by letsencrypt) implemented as a relatively
49 - Signing of a list of domains
51 - Renewal if a certificate is about to expire or SAN (subdomains)
53 - Certificate revocation
60 rm -rf $RPM_BUILD_ROOT
61 install -d $RPM_BUILD_ROOT{%{_sbindir},%{_sysconfdir}/certs,/etc/{cron,sudoers}.d} \
62 $RPM_BUILD_ROOT/var/lib/%{name}/{accounts,acme-challenge,certs}
64 install -p %{name} $RPM_BUILD_ROOT%{_sbindir}
65 cp -p %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/apache.conf
66 cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/lighttpd.conf
67 cp -p %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/nginx.conf
68 cp -p docs/examples/config $RPM_BUILD_ROOT%{_sysconfdir}
69 cp -p docs/examples/domains.txt $RPM_BUILD_ROOT%{_sysconfdir}
70 cp -p %{SOURCE7} $RPM_BUILD_ROOT/etc/cron.d/%{name}
71 cp -p %{SOURCE8} $RPM_BUILD_ROOT/etc/sudoers.d/%{name}
72 install -p %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}
73 install -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
74 cp -p $RPM_BUILD_ROOT%{_sysconfdir}/{apache,httpd}.conf
77 %groupadd -g 184 dehydrated
80 if [ "$1" = "0" ]; then
81 %groupremove dehydrated
85 rm -rf $RPM_BUILD_ROOT
87 %triggerin -- apache1 < 1.3.37-3, apache1-base
88 %webapp_register apache %{_webapp}
90 %triggerun -- apache1 < 1.3.37-3, apache1-base
91 %webapp_unregister apache %{_webapp}
93 %triggerin -- apache < 2.2.0, apache-base
94 %webapp_register httpd %{_webapp}
96 %triggerun -- apache < 2.2.0, apache-base
97 %webapp_unregister httpd %{_webapp}
99 %triggerin -- lighttpd
100 %webapp_register lighttpd %{_webapp}
102 %triggerun -- lighttpd
103 %webapp_unregister lighttpd %{_webapp}
106 %webapp_register nginx %{_webapp}
109 %webapp_unregister nginx %{_webapp}
112 %defattr(644,root,root,755)
113 %doc README.md CHANGELOG LICENSE
114 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/cron.d/%{name}
115 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sudoers.d/%{name}
116 %dir %attr(750,root,http) %{_sysconfdir}
117 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/apache.conf
118 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/httpd.conf
119 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/lighttpd.conf
120 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/nginx.conf
121 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/config
122 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/domains.txt
123 %attr(750,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/hook.sh
124 %attr(750,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/hook-dns-01.sh
125 %attr(755,root,root) %{_sbindir}/%{name}
126 %dir %attr(751,root,root) /var/lib/%{name}
127 %dir %attr(700,root,root) /var/lib/%{name}/accounts
128 %dir %attr(750,root,dehydrated) /var/lib/%{name}/certs
129 # challenges written here, need to be readable by webserver
130 %dir %attr(751,root,dehydrated) /var/lib/%{name}/acme-challenge