From 5b368e02a5599943222e5de3ae63fcb47f69479e455e7b9fef34cf433443fd86 Mon Sep 17 00:00:00 2001 From: Daniel Molkentin Date: Mon, 29 Mar 2021 16:26:11 +0000 Subject: [PATCH] Accepting request 882014 from home:darix:playground - Do not use the full path for config.d in the config files, which will simplify implementing multi instance support. - Added more-examples.patch: Explain how we can have per certificate key algorithms OBS-URL: https://build.opensuse.org/request/show/882014 OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=73 --- dehydrated.changes | 12 ++++++++++ dehydrated.spec | 4 +++- more-examples.patch | 55 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 70 insertions(+), 1 deletion(-) create mode 100644 more-examples.patch diff --git a/dehydrated.changes b/dehydrated.changes index 869e5d3..c755c5a 100644 --- a/dehydrated.changes +++ b/dehydrated.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Mon Mar 29 16:08:09 UTC 2021 - Marcus Rueckert + +- Do not use the full path for config.d in the config files, which + will simplify implementing multi instance support. + +------------------------------------------------------------------- +Mon Mar 29 16:07:44 UTC 2021 - Marcus Rueckert + +- Added more-examples.patch: + Explain how we can have per certificate key algorithms + ------------------------------------------------------------------- Sun Mar 14 22:29:06 UTC 2021 - Olav Reinert diff --git a/dehydrated.spec b/dehydrated.spec index ac53f9b..edfec66 100644 --- a/dehydrated.spec +++ b/dehydrated.spec @@ -63,6 +63,7 @@ Source11: README.hooks Source12: %{name}-%{version}.tar.gz.asc Source13: %{name}.keyring Source14: %{name}-rpmlintrc +Patch: more-examples.patch BuildRequires: %{_apache} Requires: coreutils Requires: curl @@ -157,6 +158,7 @@ systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf ||: %prep %setup -q +%patch -p1 cp %{SOURCE9} . cp %{SOURCE10} . @@ -215,7 +217,7 @@ install -m 0644 dehydrated.cron %{buildroot}%{_sysconfdir}/cron.d/dehydrated # Adjust config file perl -p -i -e 's|#LOCKFILE="\$\{BASEDIR\}/lock"|LOCKFILE="%{_lock_dir}/lock"|' %{buildroot}%{_home}/config -perl -p -i -e 's|#CONFIG_D=|CONFIG_D="%{_home}/config.d"|' %{buildroot}%{_home}/config +perl -p -i -e 's|#CONFIG_D=|CONFIG_D="\${BASEDIR}/config.d"|' %{buildroot}%{_home}/config perl -p -i -e 's|#DEHYDRATED_USER=|DEHYDRATED_USER="%{_user}"|' %{buildroot}%{_home}/config perl -p -i -e 's|#DEHYDRATED_GROUP=|DEHYDRATED_GROUP="%{_user}"|' %{buildroot}%{_home}/config diff --git a/more-examples.patch b/more-examples.patch new file mode 100644 index 0000000..4570724 --- /dev/null +++ b/more-examples.patch @@ -0,0 +1,55 @@ +Index: dehydrated-0.7.0/docs/domains_txt.md +=================================================================== +--- dehydrated-0.7.0.orig/docs/domains_txt.md ++++ dehydrated-0.7.0/docs/domains_txt.md +@@ -34,6 +34,30 @@ under your `CERTDIR`. + example.net www.example.net wiki.example.net > certalias + ``` + ++This allows to set per certificates options. The options you can change are ++explained in [Per Certificate Config](per-certificate-config.md). ++ ++If you want to create different certificate types for the same domain ++you can use: ++ ++```text ++*.service.example.org service.example.org > star_service_example_org_rsa ++*.service.example.org service.example.org > star_service_example_org_ecdsa ++``` ++ ++Then add a config file `certs/star_service_example_org_rsa/config` with ++the value ++ ++``` ++KEY_ALGO="rsa" ++``` ++ ++or respectively ++ ++``` ++KEY_ALGO="ecdsa" ++``` ++ + ### Wildcards + + Support for wildcards was added by the ACME v2 protocol. +Index: dehydrated-0.7.0/docs/examples/domains.txt +=================================================================== +--- dehydrated-0.7.0.orig/docs/examples/domains.txt ++++ dehydrated-0.7.0/docs/examples/domains.txt +@@ -24,6 +24,15 @@ example.net www.example.net > certalias + # NOTE: It is a certificate for 'service.example.org' + *.service.example.org service.example.org > star_service_example_org + ++# Optionally you can also append the certificate algorithm here to create ++# multiple certificate types for the same domain. ++# ++# This allows to set per certificates options. The options you can change are ++# explained in [domains.txt documentation](domains_txt.md). ++# ++*.service.example.org service.example.org > star_service_example_org_rsa ++*.service.example.org service.example.org > star_service_example_org_ecdsa ++ + # Create a certificate for 'service.example.net' with an alternative name of + # '*.service.example.net' (which is a wildcard domain) and store it in the + # directory ${CERTDIR}/service.example.net