Compare commits

...

No commits in common. 'git-annex' and 'master' have entirely different histories.

  1. 1
      .gitattributes
  2. 3
      .tito/packages/.readme
  3. 1
      .tito/packages/dehydrated
  4. 1
      .tito/releasers.conf
  5. 6
      .tito/tito.props
  6. 2
      6a3/9a1/SHA256E-s79965--3559de9c61f8cb9dda1d247fbb88d94eddcf2d9421941dad73b1d672cb933abe.tar.gz.log
  7. 1
      6a3/9a1/SHA256E-s79965--3559de9c61f8cb9dda1d247fbb88d94eddcf2d9421941dad73b1d672cb933abe.tar.gz.log.web
  8. 2
      cfb/042/SHA256E-s77819--163384479199f06f59382ceb6291a299567a2f4f0b963b9b61f2db65a407e80e.tar.gz.log
  9. 1
      cfb/042/SHA256E-s77819--163384479199f06f59382ceb6291a299567a2f4f0b963b9b61f2db65a407e80e.tar.gz.log.web
  10. BIN
      dehydrated-0.7.0.tar.gz
  11. 253
      dehydrated.spec
  12. 10
      dehydrated_hooks
  13. 18
      dehydrated_revoke
  14. 2
      e2e/3b2/SHA256E-s76693--441d89af4592e3eb5744eb177124b4d16ca78b416f634371e839db384012844a.tar.gz.log
  15. 1
      e2e/3b2/SHA256E-s76693--441d89af4592e3eb5744eb177124b4d16ca78b416f634371e839db384012844a.tar.gz.log.web
  16. 2
      ef5/365/SHA256E-s76650--2285a0691c13ec39b513ed5a2d49c4771d0bc0580a70ea585f06a35526123dbb.tar.gz.log
  17. 1
      ef5/365/SHA256E-s76650--2285a0691c13ec39b513ed5a2d49c4771d0bc0580a70ea585f06a35526123dbb.tar.gz.log.web
  18. 3
      httpd.sh.sample
  19. 1
      uuid.log

1
.gitattributes vendored

@ -0,0 +1 @@
*.tar.gz filter=lfs diff=lfs merge=lfs -text

@ -0,0 +1,3 @@
the .tito/packages directory contains metadata files
named after their packages. Each file has the latest tagged
version and the project's relative directory.

@ -0,0 +1 @@
../../tito_libs/releasers.conf

@ -0,0 +1,6 @@
[buildconfig]
builder = fws.builder.GitLfsBuilder
tagger = tito.tagger.ReleaseTagger
changelog_do_not_remove_cherrypick = 0
changelog_format = %s (%ae)
lib_dir = ../tito_libs

@ -1,2 +0,0 @@
1517480457.115163173s 1 00000000-0000-0000-0000-000000000001
1517480457.117574392s 1 2b20bc06-7b83-4976-9f8c-6ed3785308b4

@ -1 +0,0 @@
1517480457.113693732s 1 https://github.com/lukas2511/dehydrated/archive/v0.5.0.tar.gz

@ -1,2 +0,0 @@
1526547698.469155953s 1 00000000-0000-0000-0000-000000000001
1526547698.471010093s 1 2b20bc06-7b83-4976-9f8c-6ed3785308b4

@ -1 +0,0 @@
1526547698.468066998s 1 https://github.com/lukas2511/dehydrated/releases/download/v0.6.2/dehydrated-0.6.2.tar.gz

BIN
dehydrated-0.7.0.tar.gz (Stored with Git LFS)

Binary file not shown.

@ -0,0 +1,253 @@
Name: dehydrated
Version: 0.7.0
Release: 2%{?dist}
Summary: ACME client in bash
Group: Application/System
License: MIT
URL: https://github.com/lukas2511/dehydrated
Source0: %{name}-%{version}.tar.gz
Source1: dehydrated_hooks
SOurce2: dehydrated_revoke
Source3: httpd.sh.sample
BuildArch: noarch
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
BuildRequires: httpd
Requires: openssl
Requires: sed
Requires: /bin/awk
Requires: curl
Requires: /bin/mktemp
Conflicts: letsencrypt.sh
Obsoletes: letsencrypt.sh
%if 0%{?fedora} >= 11 || 0%{?rhel} >= 5
%global useselinux 1
%else
%global useselinux 0
%endif
%description
This is a client for signing certificates with an ACME server
(currently only provided by Let's Encrypt) implemented as a
relatively simple bash-script.
%prep
%setup -q -n %{name}-%{version}
%build
sed -i -e "s|#BASEDIR=.*|BASEDIR=%{_localstatedir}/lib/%{name}/certificates|" \
-e "s|#WELLKNOWN=.*|WELLKNOWN=%{_localstatedir}/lib/%{name}/challenges|" \
-e "s|#HOOK=.*|HOOK=%{_bindir}/dehydrated_hooks|" \
-e "s|#DOMAINS_TXT=.*|DOMAINS_TXT=%{_sysconfdir}/%{name}/domains.txt|" \
docs/examples/config
%install
install -d $RPM_BUILD_ROOT/%{_localstatedir}/lib/%{name}/challenges
install -d $RPM_BUILD_ROOT/%{_localstatedir}/lib/%{name}/certificates
install -D dehydrated $RPM_BUILD_ROOT/%{_bindir}/%{name}
install %{SOURCE1} $RPM_BUILD_ROOT/%{_bindir}/dehydrated_hooks
install %{SOURCE2} $RPM_BUILD_ROOT/%{_bindir}/dehydrated_revoke
install -d $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/hooks_deploy_cert.d
install -d $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/hooks_clean_challenge.d
install -D -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/hooks_deploy_cert.d/10httpd.sh.sample
install -D -m 0644 docs/examples/config $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/config
install -D -m 0644 docs/examples/domains.txt $RPM_BUILD_ROOT/%{_sysconfdir}/%{name}/domains.txt
install -d $RPM_BUILD_ROOT/%{_sysconfdir}/cron.daily/
cat <<"_EOF" > $RPM_BUILD_ROOT/%{_sysconfdir}/cron.daily/%{name}
#!/bin/sh
# Uncomment to enable auto-renewal
# %{_bindir}/%{name} -c 2>&1 | awk '{ print strftime(), $0; fflush(); }' >> %{_localstatedir}/log/%{name}.log
# Uncomment this to auto revoke old certs
# %{_bindir}/dehydrated_revoke 2>&1 | awk '{ print strftime(), $0; fflush(); }' >> %{_localstatedir}/log/%{name}.log
_EOF
install -d $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d
cat <<"_EOF" > $RPM_BUILD_ROOT/%{_sysconfdir}/httpd/conf.d/dehydrated.conf
Alias /.well-known/acme-challenge/ %{_localstatedir}/lib/%{name}/challenges/
<Directory %{_localstatedir}/lib/%{name}/challenges>
Options None
AllowOverride None
Header set Content-Type "application/jose+json"
<IfModule mod_authz_core.c>
# Apache 2.4
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order deny,allow
Allow from all
</IfModule>
</Directory>
_EOF
install -d -m 750 $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d
cat <<"_EOF" > $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/%{name}
/var/log/%{name}.log {
missingok
copytruncate
rotate 12
compress
weekly
create 0660 root root
}
_EOF
%post
%if %{useselinux}
(
# New File context
semanage fcontext -a -t cert_t "%{_localstatedir}/lib/dehydrated(/.*)?"
# files created by app
restorecon -R %{_localstatedir}/lib/dehydrated
) &>/dev/null || :
%endif
# Migrate from letsencrypt.sh
if [ -e %{_sysconfdir}/letsencrypt.sh/config ]; then
sed -e 's/letsencrypt.sh/dehydrated/g' \
-e 's/le_hooks.sh/dehydrated_hooks/g' \
%{_sysconfdir}/letsencrypt.sh/config > %{_sysconfdir}/%{name}/config
fi
if [ -e %{_sysconfdir}/letsencrypt.sh/domains.txt ]; then
cat %{_sysconfdir}/letsencrypt.sh/domains.txt > %{_sysconfdir}/%{name}/domains.txt
fi
if [ -d %{_localstatedir}/lib/letsencrypt.sh/certificates/certs ]; then
mv %{_localstatedir}/lib/letsencrypt.sh/certificates/* %{_localstatedir}/lib/%{name}/certificates/
fi
if [ -e %{_sysconfdir}/httpd/conf.d/ssl.conf ]; then
sed -i -e 's|%{_localstatedir}/lib/letsencrypt.sh|%{_localstatedir}/lib/%{name}|g' %{_sysconfdir}/httpd/conf.d/ssl.conf
fi
if [ -d %{_sysconfdir}/letsencrypt.sh/hooks_deploy_cert.d/ ]; then
find %{_sysconfdir}/letsencrypt.sh/hooks_deploy_cert.d/ -type f -perm /111 -exec mv "{}" %{_sysconfdir}/%{name}/hooks_deploy_cert.d/ \;
fi
if [ -d %{_sysconfdir}/letsencrypt.sh/hooks_clean_challenge.d/ ]; then
find %{_sysconfdir}/letsencrypt.sh/hooks_clean_challenge.d/ -type f -perm /111 -exec mv "{}" %{_sysconfdir}/%{name}/hooks_clean_challenge.d/ \;
fi
%postun
%if %{useselinux}
if [ "$1" -eq "0" ]; then
# Remove the File Context
(
semanage fcontext -d "%{_localstatedir}/lib/dehydrated(/.*)?"
) &>/dev/null || :
fi
%endif
%files
%doc LICENSE README.md docs/examples/hook.sh
%config(noreplace) %{_sysconfdir}/%{name}/*
%config(noreplace) %attr(0755,root,root) %{_sysconfdir}/cron.daily/%{name}
%config(noreplace) %{_sysconfdir}/httpd/conf.d/%{name}.conf
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%attr(0644, root,root) %{_sysconfdir}/%{name}/hooks_deploy_cert.d/*
%dir %attr(0755,root,root) %{_sysconfdir}/%{name}/hooks_clean_challenge.d/
%attr(0755,root,root) %{_bindir}/%{name}
%attr(0755,root,root) %{_bindir}/dehydrated_hooks
%attr(0755,root,root) %{_bindir}/dehydrated_revoke
%dir %attr(0755,root,root) %{_localstatedir}/lib/%{name}/challenges
%dir %attr(0750,root,root) %{_localstatedir}/lib/%{name}/certificates
%changelog
* Wed May 26 2021 Daniel Berteaud <daniel@firewall-services.com> 0.7.0-2
- Update to 0.7.0 (daniel@firewall-services.com)
* Thu Apr 09 2020 Daniel Berteaud <daniel@firewall-services.com> 0.6.5-13
- Don't call hook scripts with exec (daniel@firewall-services.com)
* Wed Jul 24 2019 Daniel Berteaud <daniel@firewall-services.com> 0.6.5-12
- Update to 0.6.5 (daniel@firewall-services.com)
- Switch to LFS to track tarballs (daniel@firewall-services.com)
* Tue Nov 06 2018 Daniel Berteaud <daniel@firewall-services.com> 0.6.2-11
- No reason to restrict read access to the challenge dir And now it can work
with nginx too (daniel@firewall-services.com)
* Thu May 17 2018 Daniel Berteaud <daniel@firewall-services.com> 0.6.2-10
- Update to 0.6.2
* Thu Mar 15 2018 Daniel Berteaud <daniel@firewall-services.com> 0.6.1-10
- Update to 0.6.1
* Tue Mar 13 2018 Daniel Berteaud <daniel@firewall-services.com> 0.6.0-0.beta1
- Update to 0.6.0
* Mon Feb 26 2018 Daniel Berteaud <daniel@firewall-services.com> 0.5.0-11
- Only update ssl.conf if it exists (daniel@firewall-services.com)
* Thu Feb 01 2018 Daniel Berteaud <daniel@firewall-services.com> 0.5.0-10
- Configure correct tito builder (daniel@firewall-services.com)
* Thu Feb 01 2018 Daniel Berteaud <daniel@firewall-services.com> 0.5.0-10.beta1
- new package built with tito
* Thu Feb 1 2018 Daniel Berteaud <daniel@firewall-services.com> - 0.5.0-1
- Update to 0.5.0
* Wed May 31 2017 Daniel Berteaud <daniel@firewall-services.com> - 0.4.0-10
- Bump release (priority vs EPEL)
* Tue Mar 14 2017 Daniel Berteaud <daniel@firewall-services.com> - 0.4.0-1
- Update to 0.4.0
* Thu Jan 19 2017 Daniel Berteaud <daniel@firewall-services.com> - 0.3.1.20170119.gitb36d638-1
- Set context to cert_t so it isn't changed to cron_var_lib_t when exec via cron
- Update to git b36d638
* Mon Oct 24 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.3.0.20160914.gitcaeed7d-3
- Fix warning when installing dehydrated without upgrading from letsencrypt.sh
- Update the default hook to use dehydrated_hooks
* Mon Sep 19 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.3.0.20160914.gitcaeed7d-2
- Fix find command to work with older find versions (on el5), replace -executable with -perm /111
* Wed Sep 14 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.3.0.20160914.gitcaeed7d-1
- Renamed to dehydrated
* Wed Aug 24 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160803.gitafabfff-2
- Set var_lib_t context to files
* Wed Aug 3 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160803.gitafabfff-1
- Update to git afabfff
* Mon Jun 6 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-4
- Default to enable HOOK in config
* Fri Jun 3 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-3
- Add missing exec permission on daily cronjob script
* Wed Jun 1 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-2
- Fix le_revoke.sh script to use config instead of config.sh
* Tue May 31 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160531.gitec48906-1
- Update to git ec48906
* Fri May 13 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160513.gita286741-1
- Update to git a286741
* Wed Mar 30 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160330.gitdca25e8-1
- Update to git dca25e8
- Fix arg shifting in le_hooks script
* Tue Feb 23 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160223.git2099c77-1
- Update to GIT git2099c77
* Sat Jan 30 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160127.git79ff846-2
- Rename httpd.sh hook to 10httpd.sh
- Provide le_revoke.sh script to revoke old certificates
- Add timestamp to logs using awk
* Fri Jan 29 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.20160127.git79ff846-1
- Use date based version number
* Wed Jan 27 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.3.git79ff846-1
- Update to git 79ff846
* Mon Jan 25 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.2.git3432f60-1
- Add hooks directory
* Mon Jan 25 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.0.1.git3432f60-1
- First package

@ -0,0 +1,10 @@
#!/bin/sh
ACTION=${1}
if [ -d "/etc/dehydrated/hooks_"$ACTION".d" ]; then
shift
for H in $(find /etc/dehydrated/hooks_"$ACTION".d/ -type f -o -type l | sort); do
[ -x $H ] && $H $@
done
fi

@ -0,0 +1,18 @@
#!/bin/sh
. /etc/dehydrated/config
for DOM in $(find $BASEDIR/certs/ -mindepth 1 -maxdepth 1 -type d); do
CUR_ID=$(readlink $DOM/cert.pem | perl -pe 's/cert-(\d+)\.pem/$1/')
for ID in $(find $DOM/ -type f -name cert\*.csr -exec basename "{}" \; | perl -pe 's/cert-(\d+)\.csr/$1/'); do
if [[ "$ID" != "$CUR_ID" ]]; then
# Is the cert signed ?
if /usr/bin/openssl x509 -in $DOM/cert-"$ID".pem -noout > /dev/null 2>&1; then
/usr/bin/dehydrated -r $DOM/cert-"$ID".pem
else
# Cert not signed, probably a failed challenge
rm -f $DOM/cert-"$ID".{pem,csr}
fi
fi
done
done

@ -1,2 +0,0 @@
1521105799.61034815s 1 00000000-0000-0000-0000-000000000001
1521105799.61258449s 1 2b20bc06-7b83-4976-9f8c-6ed3785308b4

@ -1 +0,0 @@
1521105799.609106807s 1 https://github.com/lukas2511/dehydrated/releases/download/v0.6.1/dehydrated-0.6.1.tar.gz

@ -1,2 +0,0 @@
1520928158.015045826s 1 00000000-0000-0000-0000-000000000001
1520928158.018000301s 1 2b20bc06-7b83-4976-9f8c-6ed3785308b4

@ -1 +0,0 @@
1520928158.013875633s 1 https://github.com/lukas2511/dehydrated/releases/download/v0.6.0/dehydrated-0.6.0.tar.gz

@ -0,0 +1,3 @@
#!/bin/sh
/sbin/service httpd reload

@ -1 +0,0 @@
2b20bc06-7b83-4976-9f8c-6ed3785308b4 dani@germaine.lapiole.org:~/big/e-smith/files/users/dani/src/dehydrated timestamp=1517480449.940464279s
Loading…
Cancel
Save