rpm/dehydrated
SHA256
1
0
Fork 0
forked from pool/dehydrated
Code Pull Requests Activity

Accepting request 882014 from home:darix:playground

Browse Source 
- Do not use the full path for config.d in the config files, which
  will simplify implementing multi instance support.

- Added more-examples.patch:
  Explain how we can have per certificate key algorithms

OBS-URL: https://build.opensuse.org/request/show/882014
OBS-URL: https://build.opensuse.org/package/show/security:dehydrated/dehydrated?expand=0&rev=73
This commit is contained in:
Daniel Molkentin 2021-03-29 16:26:11 +00:00 committed by Git OBS Bridge
parent 1d0402a9b6
commit 5b368e02a5
3 changed files with 70 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
dehydrated.changes
View File

@ -1,3 +1,15 @@
-------------------------------------------------------------------
Mon Mar 29 16:08:09 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
- Do not use the full path for config.d in the config files, which
will simplify implementing multi instance support.
-------------------------------------------------------------------
Mon Mar 29 16:07:44 UTC 2021 - Marcus Rueckert <mrueckert@suse.de>
- Added more-examples.patch:
Explain how we can have per certificate key algorithms
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Mar 14 22:29:06 UTC 2021 - Olav Reinert <seroton10@gmail.com> Sun Mar 14 22:29:06 UTC 2021 - Olav Reinert <seroton10@gmail.com>

4
dehydrated.spec
View File

@ -63,6 +63,7 @@ Source11: README.hooks
Source12: %{name}-%{version}.tar.gz.asc Source12: %{name}-%{version}.tar.gz.asc
Source13: %{name}.keyring Source13: %{name}.keyring
Source14: %{name}-rpmlintrc Source14: %{name}-rpmlintrc
Patch: more-examples.patch
BuildRequires: %{_apache} BuildRequires: %{_apache}
Requires: coreutils Requires: coreutils
Requires: curl Requires: curl
@ -157,6 +158,7 @@ systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf ||:
%prep %prep
%setup -q %setup -q
%patch -p1
cp %{SOURCE9} . cp %{SOURCE9} .
cp %{SOURCE10} . cp %{SOURCE10} .
@ -215,7 +217,7 @@ install -m 0644 dehydrated.cron %{buildroot}%{_sysconfdir}/cron.d/dehydrated
# Adjust config file # Adjust config file
perl -p -i -e 's|#LOCKFILE="\$\{BASEDIR\}/lock"|LOCKFILE="%{_lock_dir}/lock"|' %{buildroot}%{_home}/config perl -p -i -e 's|#LOCKFILE="\$\{BASEDIR\}/lock"|LOCKFILE="%{_lock_dir}/lock"|' %{buildroot}%{_home}/config
perl -p -i -e 's|#CONFIG_D=|CONFIG_D="%{_home}/config.d"|' %{buildroot}%{_home}/config perl -p -i -e 's|#CONFIG_D=|CONFIG_D="\${BASEDIR}/config.d"|' %{buildroot}%{_home}/config
perl -p -i -e 's|#DEHYDRATED_USER=|DEHYDRATED_USER="%{_user}"|' %{buildroot}%{_home}/config perl -p -i -e 's|#DEHYDRATED_USER=|DEHYDRATED_USER="%{_user}"|' %{buildroot}%{_home}/config
perl -p -i -e 's|#DEHYDRATED_GROUP=|DEHYDRATED_GROUP="%{_user}"|' %{buildroot}%{_home}/config perl -p -i -e 's|#DEHYDRATED_GROUP=|DEHYDRATED_GROUP="%{_user}"|' %{buildroot}%{_home}/config

55
more-examples.patch Normal file
View File

@ -0,0 +1,55 @@
Index: dehydrated-0.7.0/docs/domains_txt.md
===================================================================
--- dehydrated-0.7.0.orig/docs/domains_txt.md
+++ dehydrated-0.7.0/docs/domains_txt.md
@@ -34,6 +34,30 @@ under your `CERTDIR`.
example.net www.example.net wiki.example.net > certalias
```
+This allows to set per certificates options. The options you can change are
+explained in [Per Certificate Config](per-certificate-config.md).
+
+If you want to create different certificate types for the same domain
+you can use:
+
+```text
+*.service.example.org service.example.org > star_service_example_org_rsa
+*.service.example.org service.example.org > star_service_example_org_ecdsa
+```
+
+Then add a config file `certs/star_service_example_org_rsa/config` with
+the value
+
+```
+KEY_ALGO="rsa"
+```
+
+or respectively
+
+```
+KEY_ALGO="ecdsa"
+```
+
### Wildcards
Support for wildcards was added by the ACME v2 protocol.
Index: dehydrated-0.7.0/docs/examples/domains.txt
===================================================================
--- dehydrated-0.7.0.orig/docs/examples/domains.txt
+++ dehydrated-0.7.0/docs/examples/domains.txt
@@ -24,6 +24,15 @@ example.net www.example.net > certalias
# NOTE: It is a certificate for 'service.example.org'
*.service.example.org service.example.org > star_service_example_org
+# Optionally you can also append the certificate algorithm here to create
+# multiple certificate types for the same domain.
+#
+# This allows to set per certificates options. The options you can change are
+# explained in [domains.txt documentation](domains_txt.md).
+#
+*.service.example.org service.example.org > star_service_example_org_rsa
+*.service.example.org service.example.org > star_service_example_org_ecdsa
+
# Create a certificate for 'service.example.net' with an alternative name of
# '*.service.example.net' (which is a wildcard domain) and store it in the
# directory ${CERTDIR}/service.example.net