#
# spec file for package dehydrated
#
# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#

# See also http://en.opensuse.org/openSUSE:Specfile_guidelines

%if 0%{?suse_version}
%define _apache apache2
%else
%define _apache httpd
%endif
%define _challengedir /var/lib/acme-challenge
%define _user         dehydrated
%define _home         /etc/dehydrated

Name:           dehydrated
Version:        0.3.1
Release:        0
Summary:        A client for signing certificates with an ACME server
License:        MIT
Group:          Productivity/Networking/Security
Url:            https://github.com/lukas2511/dehydrated
Source0:        %{name}-%{version}.tar.gz
Source1:        acme-challenge.conf.in
Source2:        acme-challenge.in
Source3:        dehydrated.cron.in
Requires:       curl
Requires:       openssl
Requires:       coreutils
%if 0%{?suse_version}
Requires:       cron
%endif
Requires(pre):  /usr/sbin/useradd
Requires(pre):  /usr/sbin/groupadd
Requires(pre):  /usr/bin/getent
# openSUSE >= 12.3 has shadow, pwdutils is provided but obsoleted.
%if 0%{?suse_version} >= 1230
BuildRequires:  shadow
%endif
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
BuildArch:      noarch

Obsoletes: letsencrypt.sh < %{version}
Provides: letsencrypt.sh = %{version}

%description
This is a client for signing certificates with an ACME server
(currently only provided by letsencrypt) implemented as a relatively
simple bash-script.

It uses the openssl utility for everything related to actually
handling keys and certificates, so you need to have that installed.

Other dependencies are: curl, sed, grep, mktemp (all found on almost
any system, curl being the only exception)

Current features:

* Signing of a list of domains
* Signing of a CSR
* Renewal if a certificate is about to expire or SAN (subdomains) changed
* Certificate revocation

%package %{_apache}
Group:    Productivity/Networking/Security
License:  MIT
Requires: %{name}
Requires: %{_apache}
%if ! 0%{?suse_version}
Requires: mod_ssl
%endif
Obsoletes: letsencrypt.sh-%{_apache} < %{version}
Provides: letsencrypt.sh-%{_apache} = %{version}
Summary: Apache Integration for dehydrated

%description %{_apache}
This adds a configuration file for dehydrated's acme-challenge to Apache.

%package nginx
Group:    Productivity/Networking/Security
License:  MIT
Requires: %{name}
Requires: nginx
Obsoletes: letsencrypt.sh-nginx < %{version}
Provides: letsencrypt.sh-nginx = %{version}
Summary: Nginx Integration for dehydrated

%description nginx
This adds a configuration file for dehydrated's acme-challenge to nginx.

%pre
getent group %{_user} >/dev/null || /usr/sbin/groupadd -r %{_user}
getent passwd %{_user} >/dev/null || /usr/sbin/useradd -g %{_user} \
	-s /bin/false -r -c "%{_user}" -d %{_home} %{_user}
if [ -d /etc/letsencrypt.sh ]; then mv /etc/letsencrypt.sh /etc/dehydrated; chown -R %{_user} /etc/dehydrated; fi
if [ -e /etc/dehydrated/config.sh ]; then mv /etc/dehydrated/config.sh /etc/dehydrated/config; fi

%prep
%setup -q

%build

%install
# sensitive keys
mkdir -p %{buildroot}%{_home}

sed -i "s,#WELLKNOWN=.*,WELLKNOWN=%{_challengedir},g" docs/examples/config
install -m 0644 docs/examples/* %{buildroot}%{_home}
install -m 0755 -d %{buildroot}/usr/bin
install -m 0755 dehydrated %{buildroot}/usr/bin
install -m 0755 -d %{buildroot}%{_challengedir}

install -m 0755 -d %{buildroot}/etc/%{_apache}/conf.d
sed "s,@CHALLENGEDIR@,%{_challengedir},g" %{SOURCE1} > acme-challenge.conf
install -m 0644 acme-challenge.conf %{buildroot}/etc/%{_apache}/conf.d
install -m 0755 -d %{buildroot}/etc/nginx
sed "s,@CHALLENGEDIR@,%{_challengedir},g" %{SOURCE2} > acme-challenge
install -m 0644 acme-challenge %{buildroot}/etc/nginx
install -m 0755 -d %{buildroot}/etc/cron.d
sed "s,@USER@,%{_user},g" %{SOURCE3} > dehydrated.cron
install -m 0644 dehydrated.cron %{buildroot}/etc/cron.d/dehydrated

%files
%defattr(-,root,root)
%attr(750,%{_user},root) %dir %{_sysconfdir}/dehydrated
%config %{_sysconfdir}/dehydrated/config
%config %{_sysconfdir}/dehydrated/domains.txt
%config %{_sysconfdir}/dehydrated/hook.sh
%config %{_sysconfdir}/cron.d/dehydrated
%{_bindir}/dehydrated
%attr(-,%{_user},root) %dir %{_localstatedir}/lib/acme-challenge
%doc LICENSE README.md docs/*.md docs/*.jpg

%files %{_apache}
%defattr(-,root,root,-)
%config %{_sysconfdir}/%{_apache}

%files nginx
%defattr(-,root,root,-)
%config %{_sysconfdir}/nginx

%changelog