forked from pool/dehydrated
Accepting request 565804 from security:dehydrated
(forwarded request 565803 from dmolkentin) OBS-URL: https://build.opensuse.org/request/show/565804 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dehydrated?expand=0&rev=6
This commit is contained in:
commit
78cb80e11a
@ -1,85 +0,0 @@
|
|||||||
From b2b7e6b0801dc50388ec7ed29d91b8e98ec4e57c Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daniel Molkentin <dmolkentin@suse.com>
|
|
||||||
Date: Thu, 21 Sep 2017 19:07:54 +0200
|
|
||||||
Subject: [PATCH] Add optional user and group configuration
|
|
||||||
|
|
||||||
when DEHYDRATED_USER is set, dehydrated will refuse to run as root,
|
|
||||||
and instead launch itself as the user in DEHYDRATED_USER (and
|
|
||||||
DEHYDRATED_GROUP if set).
|
|
||||||
|
|
||||||
Using sudo has a few practical advantages over su:
|
|
||||||
- it doesn't require to specify a login shell when no login shell is set
|
|
||||||
for the target user
|
|
||||||
- it allows (safe) handling of arguments.
|
|
||||||
---
|
|
||||||
dehydrated | 22 ++++++++++++++++++++++
|
|
||||||
docs/examples/config | 6 ++++++
|
|
||||||
2 files changed, 28 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/dehydrated b/dehydrated
|
|
||||||
index 8b31ee1..acca1d0 100755
|
|
||||||
--- a/dehydrated
|
|
||||||
+++ b/dehydrated
|
|
||||||
@@ -22,6 +22,8 @@ SCRIPTDIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
|
|
||||||
|
|
||||||
BASEDIR="${SCRIPTDIR}"
|
|
||||||
|
|
||||||
+ORIGARGS="$@"
|
|
||||||
+
|
|
||||||
# Create (identifiable) temporary files
|
|
||||||
_mktemp() {
|
|
||||||
# shellcheck disable=SC2068
|
|
||||||
@@ -126,6 +128,8 @@ load_config() {
|
|
||||||
LOCKFILE=
|
|
||||||
OCSP_MUST_STAPLE="no"
|
|
||||||
IP_VERSION=
|
|
||||||
+ DEHYDRATED_USER=
|
|
||||||
+ DEHYDRATED_GROUP=
|
|
||||||
|
|
||||||
if [[ -z "${CONFIG:-}" ]]; then
|
|
||||||
echo "#" >&2
|
|
||||||
@@ -159,6 +163,24 @@ load_config() {
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
|
|
||||||
+ # Check if we are running & are allowed to run as root
|
|
||||||
+ if [[ ! -z "$DEHYDRATED_USER" && $EUID == 0 ]]; then
|
|
||||||
+ sudo=`command -v sudo`
|
|
||||||
+ if [ -z $sudo ]; then
|
|
||||||
+ echo "DEHYDRATED_USER set but sudo not available. Please install sudo."
|
|
||||||
+ exit
|
|
||||||
+ fi
|
|
||||||
+ if [ ! -z "$DEHYDRATED_GROUP" ]; then
|
|
||||||
+ group="-g $DEHYDRATED_GROUP"
|
|
||||||
+ fi
|
|
||||||
+ echo "# INFO: Running $0 as $DEHYDRATED_USER"
|
|
||||||
+ $sudo -u $DEHYDRATED_USER $group "$0" $ORIGARGS
|
|
||||||
+ exit
|
|
||||||
+ fi
|
|
||||||
+
|
|
||||||
+ # Check for missing dependencies
|
|
||||||
+ check_dependencies
|
|
||||||
+
|
|
||||||
# Remove slash from end of BASEDIR. Mostly for cleaner outputs, doesn't change functionality.
|
|
||||||
BASEDIR="${BASEDIR%%/}"
|
|
||||||
|
|
||||||
diff --git a/docs/examples/config b/docs/examples/config
|
|
||||||
index 1b1b3d8..9a890f4 100644
|
|
||||||
--- a/docs/examples/config
|
|
||||||
+++ b/docs/examples/config
|
|
||||||
@@ -10,6 +10,12 @@
|
|
||||||
# Default values of this config are in comments #
|
|
||||||
########################################################
|
|
||||||
|
|
||||||
+# Which user should dehydrated run as? This will be implictly enforced when running as root
|
|
||||||
+#DEHYDRATED_USER=
|
|
||||||
+
|
|
||||||
+# Which group should dehydrated run as? This will be implictly enforced when running as root
|
|
||||||
+#DEHYDRATED_GROUP=
|
|
||||||
+
|
|
||||||
# Resolve names to addresses of IP version only. (curl)
|
|
||||||
# supported values: 4, 6
|
|
||||||
# default: <unset>
|
|
||||||
--
|
|
||||||
2.14.1
|
|
||||||
|
|
@ -1,49 +0,0 @@
|
|||||||
From 5214632c55c70c6c1f0dabce204a9fb8529c8ca8 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Lukas Schauer <lukas@schauer.so>
|
|
||||||
Date: Thu, 21 Sep 2017 18:10:01 +0200
|
|
||||||
Subject: [PATCH] use nullglob, disable warning on empty CONFIG_D directory
|
|
||||||
|
|
||||||
---
|
|
||||||
dehydrated | 12 ++++--------
|
|
||||||
1 file changed, 4 insertions(+), 8 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/dehydrated b/dehydrated
|
|
||||||
index 8b31ee1..a62b858 100755
|
|
||||||
--- a/dehydrated
|
|
||||||
+++ b/dehydrated
|
|
||||||
@@ -8,7 +8,9 @@
|
|
||||||
set -e
|
|
||||||
set -u
|
|
||||||
set -o pipefail
|
|
||||||
-[[ -n "${ZSH_VERSION:-}" ]] && set -o SH_WORD_SPLIT && set +o FUNCTION_ARGZERO
|
|
||||||
+[[ -n "${ZSH_VERSION:-}" ]] && set -o SH_WORD_SPLIT && set +o FUNCTION_ARGZERO && set -o NULL_GLOB
|
|
||||||
+[[ -z "${ZSH_VERSION:-}" ]] && shopt -s nullglob
|
|
||||||
+
|
|
||||||
umask 077 # paranoid umask, we're creating private keys
|
|
||||||
|
|
||||||
# Find directory in which this script is stored by traversing all symbolic links
|
|
||||||
@@ -146,10 +148,7 @@ load_config() {
|
|
||||||
fi
|
|
||||||
|
|
||||||
for check_config_d in "${CONFIG_D}"/*.sh; do
|
|
||||||
- if [[ ! -e "${check_config_d}" ]]; then
|
|
||||||
- echo "# !! WARNING !! Extra configuration directory ${CONFIG_D} exists, but no configuration found in it." >&2
|
|
||||||
- break
|
|
||||||
- elif [[ -f "${check_config_d}" ]] && [[ -r "${check_config_d}" ]]; then
|
|
||||||
+ if [[ -f "${check_config_d}" ]] && [[ -r "${check_config_d}" ]]; then
|
|
||||||
echo "# INFO: Using additional config file ${check_config_d}"
|
|
||||||
# shellcheck disable=SC1090
|
|
||||||
. "${check_config_d}"
|
|
||||||
@@ -1020,9 +1019,6 @@ command_cleanup() {
|
|
||||||
|
|
||||||
# Loop over all files of this type
|
|
||||||
for file in "${certdir}/${filebase}-"*".${fileext}"; do
|
|
||||||
- # Handle case where no files match the wildcard
|
|
||||||
- [[ -f "${file}" ]] || break
|
|
||||||
-
|
|
||||||
# Check if current file is in use, if unused move to archive directory
|
|
||||||
filename="$(basename "${file}")"
|
|
||||||
if [[ ! "${filename}" = "${current}" ]]; then
|
|
||||||
--
|
|
||||||
2.12.3
|
|
||||||
|
|
@ -110,7 +110,7 @@ activated manually:
|
|||||||
Aqcuisition through DNS (dns-01)
|
Aqcuisition through DNS (dns-01)
|
||||||
================================
|
================================
|
||||||
|
|
||||||
Tnis is mostly useful under these conditions
|
This is mostly useful under these conditions
|
||||||
|
|
||||||
1. Your hosts are not directly exposed to the internet
|
1. Your hosts are not directly exposed to the internet
|
||||||
2. Your host names are part of a public DNS zone visible on the internet.
|
2. Your host names are part of a public DNS zone visible on the internet.
|
||||||
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:611da321330ffd43d1dc497990b486b2dec12c59149803ad7d156980c8527f48
|
|
||||||
size 74005
|
|
3
dehydrated-0.5.0.tar.gz
Normal file
3
dehydrated-0.5.0.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:3559de9c61f8cb9dda1d247fbb88d94eddcf2d9421941dad73b1d672cb933abe
|
||||||
|
size 79965
|
11
dehydrated-0.5.0.tar.gz.asc
Normal file
11
dehydrated-0.5.0.tar.gz.asc
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQEzBAABCgAdFiEEPC8mBeB4oeGPR5OQnE2+bPQ48zMFAlpaWfkACgkQnE2+bPQ4
|
||||||
|
8zOw+Af/YhJVNxDCFFe8uhIm5oFgMvJPyNXk1rMf60kwGINXUUwSHTVXvwFUF/qN
|
||||||
|
9ZAnt/zaL4KmK3v5pSP8fIDBwsF17x9G1J0Xv9s5IG9YQOgyV89lVo8Tu15g3Yla
|
||||||
|
7Z1OhB4OvzwVioWRNiedyLK916ut9+XJ8YNmUC6LsIHttL7un2Yyqy1nR86x/iDr
|
||||||
|
Oh/2DxWtYYGjnr3+DTqcLvdySIy6MBJsRez1zW1MJCCiBIBeq+7fBseT5h9vu55h
|
||||||
|
F1vR8KthfCJFqQfdtA7Io3ql8H2hJHn7VintPTnbq8bEIvpDS7CTE+ICP+fuxqzU
|
||||||
|
KeElNt7vu/UuoQBnYNBPw2gA/L8fGw==
|
||||||
|
=Edom
|
||||||
|
-----END PGP SIGNATURE-----
|
155
dehydrated.1
155
dehydrated.1
@ -1,155 +0,0 @@
|
|||||||
.TH DEHYDRATED 1 2017-09-20 "Dehydrated ACME Client"
|
|
||||||
.SH NAME
|
|
||||||
dehydrated \- ACME client implemented as a shell-script
|
|
||||||
.SH SYNOPSIS
|
|
||||||
.B dehydrated
|
|
||||||
[\fBcommand\fR [\fBargument\fR]]
|
|
||||||
[\fBargument\fR [\fBargument\fR]]
|
|
||||||
.IR ...
|
|
||||||
.SH DESCRIPTION
|
|
||||||
A client for ACME-based Certificate Authorities, such as LetsEncrypt. It
|
|
||||||
allows to request and obtain TLS certificates from an ACME-based
|
|
||||||
certificate authority.
|
|
||||||
|
|
||||||
Before any certificates can be requested, Dehydrated needs
|
|
||||||
to acquire an account with the Certificate Authorities. Optionally, an email
|
|
||||||
address can be provided. It will be used to e.g. notify about expiring
|
|
||||||
certificates. You will usually need to accept the Terms of Service of the CA.
|
|
||||||
Dehydrated will notify if no account is configured. Run with \fB--register
|
|
||||||
--accept-terms\fR to create a new account.
|
|
||||||
|
|
||||||
Next, all domain names must be provided in domains.txt. The format is line
|
|
||||||
based: If the file contains two lines "example.com" and "example.net",
|
|
||||||
Dehydrated will request two certificate, one for "example.com" and the other
|
|
||||||
for "example.net". A single line while "example.com example.net" will request a
|
|
||||||
single certificate valid for both "example.net" and "example.com" through the \fISubject
|
|
||||||
Alternative Name\fR (SAN) field.
|
|
||||||
|
|
||||||
For the next step, one way of verifying domain name ownership needs to be
|
|
||||||
configured. Dehydrated implements \fIhttp-01\fR and \fIdns-01\fR verification.
|
|
||||||
|
|
||||||
The \fIhttp-01\fR verification provides proof of ownership by providing a
|
|
||||||
challenge token. In order to do that, the directory referenced in the
|
|
||||||
\fIWELLKNOWN\fR config variable needs to be exposed at
|
|
||||||
\fIhttp://{domain}/.well-known/acme-challenge/\fR, where {domain} is every
|
|
||||||
domain name specified in \fIdomains.txt\fR. Dehydrated does not provide its
|
|
||||||
own challenge responder, but relies on an existing web server to provide the
|
|
||||||
challenge response. See \fIwellknown.md\fR for configuration examples of
|
|
||||||
popular web servers.
|
|
||||||
|
|
||||||
The \fIdns-01\fR verification works by providing a challenge token through DNS.
|
|
||||||
This is especially interesting for hosts that cannot be exposed to the public
|
|
||||||
Internet. Because adding records to DNS zones is oftentimes highly specific to
|
|
||||||
the software or the DNS provider at hand, there are many third party hooks
|
|
||||||
available for dehydrated. See \fIdns-verification.md\fR for hooks for popular
|
|
||||||
DNS servers and DNS hosters.
|
|
||||||
|
|
||||||
Finally, the certificates need to be requested and updated on a regular basis.
|
|
||||||
This can happen through a cron job or a timer. Initially, you may enforce this
|
|
||||||
by invoking \fIdehydrated -c\fR manually.
|
|
||||||
|
|
||||||
After a successful run, certificates are stored in
|
|
||||||
\fI/etc/dehydrated/certs/{domain}\fR, where {domain} is the domain name in the
|
|
||||||
first column of \fIdomains.txt\fR.
|
|
||||||
|
|
||||||
.SH OPTIONS
|
|
||||||
|
|
||||||
.BR Commands
|
|
||||||
.TP
|
|
||||||
.BR \-\-version ", " \-v
|
|
||||||
Print version information
|
|
||||||
.TP
|
|
||||||
.BR \-\-register
|
|
||||||
Register account key
|
|
||||||
.TP
|
|
||||||
.BR \-\-account
|
|
||||||
Update account contact information
|
|
||||||
.TP
|
|
||||||
.BR \-\-cron ", " \-c
|
|
||||||
Sign/renew non\-existent/changed/expiring certificates.
|
|
||||||
.TP
|
|
||||||
.BR \-\-signcsr ", " \-s " " \fIpath/to/csr.pem\fR
|
|
||||||
Sign a given CSR, output CRT on stdout (advanced usage)
|
|
||||||
.TP
|
|
||||||
.BR \-\-revoke ", " \-r " " \fIpath/to/cert.pem\fR
|
|
||||||
Revoke specified certificate
|
|
||||||
.TP
|
|
||||||
.BR \-\-cleanup ", " \-gc
|
|
||||||
Move unused certificate files to archive directory
|
|
||||||
.TP
|
|
||||||
.BR \-\-help ", " \-h
|
|
||||||
Show help text
|
|
||||||
.TP
|
|
||||||
.BR \-\-env ", " \-e
|
|
||||||
Output configuration variables for use in other scripts
|
|
||||||
|
|
||||||
.PP
|
|
||||||
.BR Parameters
|
|
||||||
.TP
|
|
||||||
.BR \-\-accept\-terms
|
|
||||||
Accept CAs terms of service
|
|
||||||
.TP
|
|
||||||
.BR \-\-full\-chain ", " \-fc
|
|
||||||
Print full chain when using \fB\-\-signcsr\fR
|
|
||||||
.TP
|
|
||||||
.BR \-\-ipv4 ", " \-4
|
|
||||||
Resolve names to IPv4 addresses only
|
|
||||||
.TP
|
|
||||||
.BR \-\-ipv6 ", " \-6
|
|
||||||
Resolve names to IPv6 addresses only
|
|
||||||
.TP
|
|
||||||
.BR \-\-domain ", " \-d " " \fIdomain.tld\fR
|
|
||||||
Use specified domain name(s) instead of domains.txt entry (one certificate!)
|
|
||||||
.TP
|
|
||||||
.BR \-\-keep\-going ", " \-g
|
|
||||||
Keep going after encountering an error while creating/renewing multiple
|
|
||||||
certificates in cron mode
|
|
||||||
.TP
|
|
||||||
.BR \-\-force ", " \-x
|
|
||||||
Force renew of certificate even if it is longer valid than value in RENEW_DAYS
|
|
||||||
.TP
|
|
||||||
.BR \-\-no\-lock ", " \-n
|
|
||||||
Don't use lockfile (potentially dangerous!)
|
|
||||||
.TP
|
|
||||||
.BR \-\-lock\-suffix " " \fIexample.com\fR
|
|
||||||
Suffix lockfile name with a string (useful for use with \-d)
|
|
||||||
.TP
|
|
||||||
.BR \-\-ocsp
|
|
||||||
Sets option in CSR indicating OCSP stapling to be mandatory
|
|
||||||
.TP
|
|
||||||
.BR \-\-privkey ", " \-p " " \fIpath/to/key.pem\fR
|
|
||||||
Use specified private key instead of account key (useful for revocation)
|
|
||||||
.TP
|
|
||||||
.BR \-\-config ", " \-f " " \fIpath/to/config\fR
|
|
||||||
Use specified config file
|
|
||||||
.TP
|
|
||||||
.BR \-\-hook ", " \-k " " \fIpath/to/hook.sh\fR
|
|
||||||
Use specified script for hooks
|
|
||||||
.TP
|
|
||||||
.BR \-\-out ", " \-o " " \fIcerts/directory\fR
|
|
||||||
Output certificates into the specified directory
|
|
||||||
.TP
|
|
||||||
.BR \-\-challenge ", " \-t " " \fI[http\-01|dns\-01]\fR
|
|
||||||
Which challenge should be used? Currently http\-01 and dns\-01 are supported
|
|
||||||
.TP
|
|
||||||
.BR \-\-algo ", " \-a " " \fI[rsa|prime256v1|secp384r1]\fR
|
|
||||||
Which public key algorithm should be used? Supported: rsa, prime256v1 and
|
|
||||||
secp384r1
|
|
||||||
.SH DIAGNOSTICS
|
|
||||||
The program exits 0 if everything was fine, 1 if an error occurred.
|
|
||||||
.SH BUGS
|
|
||||||
Please report any bugs that you may encounter at the project web site
|
|
||||||
.UR https://github.com/lukas2511/dehydrated/issues
|
|
||||||
.UE .
|
|
||||||
.SH AUTHOR
|
|
||||||
Dehydrated was written by Lukas Schauer. This man page was contributed by
|
|
||||||
Daniel Molkentin.
|
|
||||||
.SH COPYRIGHT
|
|
||||||
Copyright 20015-2017 by Lukas Schauer and the respective contributors.
|
|
||||||
Provided under the MIT License. See the LICENSE file that accompanies the
|
|
||||||
distribution for licensing information.
|
|
||||||
.SH SEE ALSO
|
|
||||||
Full documentation along with configuration examples are provided in the \fIdocs\fR
|
|
||||||
directory of the distribution, or at
|
|
||||||
.UR https://github.com/lukas2511/dehydrated/tree/master/docs
|
|
||||||
.UE .
|
|
@ -1,3 +1,41 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jan 15 12:15:07 UTC 2018 - daniel.molkentin@suse.com
|
||||||
|
|
||||||
|
- Remove redundant noarch entries. They cause an error in RPM 4.14.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jan 15 11:29:11 UTC 2018 - daniel.molkentin@suse.com
|
||||||
|
|
||||||
|
- Updated dehydrated to 0.5.0
|
||||||
|
|
||||||
|
This removes the following patches and files, which are now part of the
|
||||||
|
upstream package:
|
||||||
|
* 0001-Add-optional-user-and-group-configuration.patch
|
||||||
|
* 0002-use-nullglob-disable-warning-on-empty-CONFIG_D-direc.patch
|
||||||
|
* dehydrated.1: the man page has been adopted by upstream
|
||||||
|
|
||||||
|
Starting with this version, upstream introduced signed releases, which
|
||||||
|
is now being used for source validation.
|
||||||
|
|
||||||
|
Upstream changes:
|
||||||
|
|
||||||
|
Changed
|
||||||
|
|
||||||
|
* Certificate chain is now cached (CHAINCACHE)
|
||||||
|
* OpenSSL binary path is now configurable (OPENSSL)
|
||||||
|
* Cleanup now also moves revoked certificates
|
||||||
|
|
||||||
|
Added
|
||||||
|
|
||||||
|
* New feature for updating contact information (--account)
|
||||||
|
* Allow automatic cleanup on exit (AUTO_CLEANUP)
|
||||||
|
* Initial support for fetching OCSP status to be used for OCSP stapling
|
||||||
|
(OCSP_FETCH)
|
||||||
|
* Certificates can now have aliases to create multiple certificates with
|
||||||
|
identical set of domains (see --alias and domains.txt documentation)
|
||||||
|
* Allow dehydrated to run as specified user (/group). This was already
|
||||||
|
available previously as a patch to this package.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Oct 20 11:02:24 UTC 2017 - mrueckert@suse.de
|
Fri Oct 20 11:02:24 UTC 2017 - mrueckert@suse.de
|
||||||
|
|
||||||
|
42
dehydrated.keyring
Normal file
42
dehydrated.keyring
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
pub 2048R/F438F333 2013-04-05
|
||||||
|
uid [ unknown] Lukas Schauer <lukas@schauer.so>
|
||||||
|
uid [ unknown] Lukas Schauer <lukas2511@xxpro.net>
|
||||||
|
sub 2048R/57805524 2013-04-05
|
||||||
|
|
||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
Version: GnuPG v2
|
||||||
|
|
||||||
|
mQENBFFfGhMBCADuxAL1vqC7J1AmxMrFGxobyPaY9tmUEueRF+JuUJlk48qSbcWg
|
||||||
|
zAMEprSgw3HY/15Galu/7g8KxXnlN4WO2vgA6eu1CYx3CoukJ8dc/m6hEMxqwsIW
|
||||||
|
H/1sI7P2hLGB/6YC3MqgpyZxrXzS3coe/JLLkeOtcnBgeT1VpGnodSEKsK4unkfV
|
||||||
|
cmheLuF+zMb0t1DFtd//Ka99XtoF7HXW6p/n8NjiAXKkEkTWf+0qsOIzar3Hl7QE
|
||||||
|
dnEMK1EjDbrqNufTe+TyvM9hVMyDTptvA0EDOj+5Jmt29pWpriOgUgm2D1JgZi9b
|
||||||
|
YmGnTo149q5bUzfLvsTDI0IS7ClxXIES/dfXABEBAAG0IEx1a2FzIFNjaGF1ZXIg
|
||||||
|
PGx1a2FzQHNjaGF1ZXIuc28+iQE5BBMBAgAjBQJSHiDfAhsDBwsJCAcDAgEGFQgC
|
||||||
|
CQoLBBYCAwECHgECF4AACgkQnE2+bPQ48zPRxgf/Y1pJ9H6uB6rmCa3VHoxhvLkV
|
||||||
|
ruUSpI+JXNUhwpUWUKNE1yk78jmjRhMMZf7UMYifyGkuK/0/cErktr5j8kqJ2r60
|
||||||
|
hOnmkC3jEq5H0hKfGzhosenUvzR9cENYzgnm/4BNWWz1I16jkWRcEGjeC8y033U3
|
||||||
|
Tjrtc6f0jLe7R6LzospUCWKzp8WUWgTgqpAyjJY6I44Y6QpTjmRF6t1Nz2yRxxf2
|
||||||
|
NAbOQWkSTueusgLVYyvqLZ51u3fsuDJxbQiBnNt0ZGYSDBKrs59Rvg0Xj1cBv1t7
|
||||||
|
SrzHuwyiiCQsEaLMvYCygk7qRmZBZ6PKA0gE8oYIr5f10Kx0Mjqnrs8wmpegiLQj
|
||||||
|
THVrYXMgU2NoYXVlciA8bHVrYXMyNTExQHh4cHJvLm5ldD6JATgEEwECACIFAlFf
|
||||||
|
GhMCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEJxNvmz0OPMzHXoH/jCy
|
||||||
|
wwo+W3hy7WAzaKqgnIjRfMQD63OFSwrPI8P7mU0WWrxURwET4C/i+eYHIZYPVaP0
|
||||||
|
HvdMMcpgSbBZ0sAW+gtv2qMtL+kB4s+FGVchV4lfh4q5w4EDRknuCEpD5bj7NsOT
|
||||||
|
ROvGu0gSvGbGG/EFLJuhrkct5s7ESH5sWonxstk6Ea9L5STR4PGH6swTq0WggbMq
|
||||||
|
VFQuWOkjw6KpQOeFTp9koQl3R6P6I0uqe6tVLKJD/nSTKbMYPMZX9Q+TvzqRSRlH
|
||||||
|
wL509ZIZV4IzdDFXGM28xvC7KIifbxEzWHVci2afdqbVNH2MBhgHt/SIaW8xBab2
|
||||||
|
wnd45rkdHuoK2wBPlPu5AQ0EUV8aEwEIAM1d0x6B/PUlXfUzkTlYtFmfm67OOPW2
|
||||||
|
EImld+53RgVc/HGY9RyYP0YwxNs1mjWalzJYV6/aQ9xke/Dz0pLYwIl2c1TCzwin
|
||||||
|
qgymkR17krDJ/+hj2GZBsiEHlMDbWskgwIc7WldhcmxsOvsvRrHSCcw7ZFD+iA9l
|
||||||
|
6XJoUrtP9QhJLaj6WoX0fU377t3me6hji5387pzYoDKiq8cfJu4q/K6oB42kmo+L
|
||||||
|
PVub+DvBBZPDakDnE46v0LfbgvPqjaVxM2KHjqllepk1CIOAbUbtyC9kVuavDgnI
|
||||||
|
OMe1couHsy0+7fXeQE0xMLPjGGZAXt6OVI8o/1IbgA2EbiVR225Tu2cAEQEAAYkB
|
||||||
|
HwQYAQIACQUCUV8aEwIbDAAKCRCcTb5s9DjzM09cCACGdENt71lx56EjzH6W5o/F
|
||||||
|
OYHHTm4ewcfgGSHWmdScq8gOI414kBkOg9ds9IMQt5hp60hXteSxG1l0qxEXbMX7
|
||||||
|
cO5FNnjer/ikcwPDS6eZ2a5Gni/h/UFRnVYcw2c+7UAAgouswhwqbkVUrRMDodG2
|
||||||
|
DT05fQIdgfbQLUBW5qFToS/CXNzvG47jqBEUS/mFMtZgF2+myU2buMlIXmarTi0K
|
||||||
|
EYMt0geGXhpS2DN9iQrQzQ8gjVz/EBgdHbEZOsHW4JMQaycYvouPFVqCIcZoN0s8
|
||||||
|
c9AilqEu9V8XLLWA0zRVC8Fp6m/ZpMX8t2kVQdBKMHb1NUz0b+uHynANCRQUGKIg
|
||||||
|
=2fWi
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package dehydrated
|
# spec file for package dehydrated
|
||||||
#
|
#
|
||||||
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
|
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -46,7 +46,7 @@
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
Name: dehydrated
|
Name: dehydrated
|
||||||
Version: 0.4.0
|
Version: 0.5.0
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: A client for signing certificates with an ACME server
|
Summary: A client for signing certificates with an ACME server
|
||||||
License: MIT
|
License: MIT
|
||||||
@ -60,14 +60,11 @@ Source4: dehydrated.cron.in
|
|||||||
Source5: dehydrated.tmpfiles.d
|
Source5: dehydrated.tmpfiles.d
|
||||||
Source6: dehydrated.service.in
|
Source6: dehydrated.service.in
|
||||||
Source7: dehydrated.timer
|
Source7: dehydrated.timer
|
||||||
Source8: dehydrated.1
|
|
||||||
Source9: README.SUSE
|
Source9: README.SUSE
|
||||||
Source10: README.Fedora
|
Source10: README.Fedora
|
||||||
Source11: README.hooks
|
Source11: README.hooks
|
||||||
# Patch submitted to upstream
|
Source12: %{name}-%{version}.tar.gz.asc
|
||||||
Patch1: 0001-Add-optional-user-and-group-configuration.patch
|
Source13: %{name}.keyring
|
||||||
# Patch from upstream
|
|
||||||
Patch2: 0002-use-nullglob-disable-warning-on-empty-CONFIG_D-direc.patch
|
|
||||||
BuildRequires: %{_apache}
|
BuildRequires: %{_apache}
|
||||||
Requires: coreutils
|
Requires: coreutils
|
||||||
Requires: curl
|
Requires: curl
|
||||||
@ -78,7 +75,6 @@ Requires(pre): %{_sbindir}/groupadd
|
|||||||
Requires(pre): %{_sbindir}/useradd
|
Requires(pre): %{_sbindir}/useradd
|
||||||
Obsoletes: letsencrypt.sh < %{version}
|
Obsoletes: letsencrypt.sh < %{version}
|
||||||
Provides: letsencrypt.sh = %{version}
|
Provides: letsencrypt.sh = %{version}
|
||||||
BuildArch: noarch
|
|
||||||
%if %{with lighttpd}
|
%if %{with lighttpd}
|
||||||
BuildRequires: lighttpd
|
BuildRequires: lighttpd
|
||||||
%endif
|
%endif
|
||||||
@ -135,7 +131,6 @@ Provides: letsencrypt.sh-%{_apache} = %{version}
|
|||||||
%if ! 0%{?suse_version}
|
%if ! 0%{?suse_version}
|
||||||
Requires: mod_ssl
|
Requires: mod_ssl
|
||||||
%endif
|
%endif
|
||||||
BuildArch: noarch
|
|
||||||
|
|
||||||
%description %{_apache}
|
%description %{_apache}
|
||||||
This adds a configuration file for dehydrated's acme-challenge to Apache.
|
This adds a configuration file for dehydrated's acme-challenge to Apache.
|
||||||
@ -148,7 +143,6 @@ Requires: %{name}
|
|||||||
Requires: nginx
|
Requires: nginx
|
||||||
Obsoletes: letsencrypt.sh-nginx < %{version}
|
Obsoletes: letsencrypt.sh-nginx < %{version}
|
||||||
Provides: letsencrypt.sh-nginx = %{version}
|
Provides: letsencrypt.sh-nginx = %{version}
|
||||||
BuildArch: noarch
|
|
||||||
|
|
||||||
%description nginx
|
%description nginx
|
||||||
This adds a configuration file for dehydrated's acme-challenge to nginx.
|
This adds a configuration file for dehydrated's acme-challenge to nginx.
|
||||||
@ -160,7 +154,6 @@ Summary: Lighttpd Integration for dehydrated
|
|||||||
Group: Productivity/Networking/Security
|
Group: Productivity/Networking/Security
|
||||||
Requires: %{name}
|
Requires: %{name}
|
||||||
Requires: lighttpd
|
Requires: lighttpd
|
||||||
BuildArch: noarch
|
|
||||||
|
|
||||||
%description lighttpd
|
%description lighttpd
|
||||||
This adds a configuration file for dehydrated's acme-challenge to lighttpd.
|
This adds a configuration file for dehydrated's acme-challenge to lighttpd.
|
||||||
@ -189,8 +182,6 @@ systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf ||:
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch1 -p1
|
|
||||||
%patch2 -p1
|
|
||||||
cp %{SOURCE9} .
|
cp %{SOURCE9} .
|
||||||
cp %{SOURCE10} .
|
cp %{SOURCE10} .
|
||||||
|
|
||||||
@ -198,13 +189,13 @@ cp %{SOURCE10} .
|
|||||||
|
|
||||||
%install
|
%install
|
||||||
# sensitive keys
|
# sensitive keys
|
||||||
mkdir -p %{buildroot}%{_home}/{accounts,certs}
|
mkdir -p %{buildroot}%{_home}/{accounts,certs,chains}
|
||||||
mkdir -p %{buildroot}%{_sbindir}
|
mkdir -p %{buildroot}%{_sbindir}
|
||||||
mkdir -p %{buildroot}%{_mandir}/man1
|
mkdir -p %{buildroot}%{_mandir}/man1
|
||||||
mkdir -p %{buildroot}%{_home}/config.d
|
mkdir -p %{buildroot}%{_home}/config.d
|
||||||
mkdir -p %{buildroot}%{_postrunhooks}
|
mkdir -p %{buildroot}%{_postrunhooks}
|
||||||
|
|
||||||
cat %{SOURCE8} | gzip > %{buildroot}%{_mandir}/man1/dehydrated.1.gz
|
cat dehydrated.1 | gzip > %{buildroot}%{_mandir}/man1/dehydrated.1.gz
|
||||||
|
|
||||||
# Silence E: env-script-interpreter
|
# Silence E: env-script-interpreter
|
||||||
find \( -name \*.sh -o -name dehydrated \) -exec sed -i "s,#!/usr/bin/env bash,#!$(command -v bash),g" {} \;
|
find \( -name \*.sh -o -name dehydrated \) -exec sed -i "s,#!/usr/bin/env bash,#!$(command -v bash),g" {} \;
|
||||||
@ -262,6 +253,7 @@ diff -urN docs/examples/config %{buildroot}%{_home}/config ||:
|
|||||||
%attr(750,root,%{_user}) %dir %{_sysconfdir}/dehydrated
|
%attr(750,root,%{_user}) %dir %{_sysconfdir}/dehydrated
|
||||||
%attr(700,%{_user},%{_user}) %dir %{_sysconfdir}/dehydrated/accounts
|
%attr(700,%{_user},%{_user}) %dir %{_sysconfdir}/dehydrated/accounts
|
||||||
%attr(700,%{_user},%{_user}) %dir %{_sysconfdir}/dehydrated/certs
|
%attr(700,%{_user},%{_user}) %dir %{_sysconfdir}/dehydrated/certs
|
||||||
|
%attr(700,%{_user},%{_user}) %dir %{_sysconfdir}/dehydrated/chains
|
||||||
%config(noreplace) %attr(640,root,%{_user}) %{_sysconfdir}/dehydrated/config
|
%config(noreplace) %attr(640,root,%{_user}) %{_sysconfdir}/dehydrated/config
|
||||||
%config(noreplace) %attr(750,root,%{_user}) %{_sysconfdir}/dehydrated/config.d
|
%config(noreplace) %attr(750,root,%{_user}) %{_sysconfdir}/dehydrated/config.d
|
||||||
%config(noreplace) %attr(640,root,%{_user}) %{_sysconfdir}/dehydrated/domains.txt
|
%config(noreplace) %attr(640,root,%{_user}) %{_sysconfdir}/dehydrated/domains.txt
|
||||||
|
Loading…
Reference in New Issue
Block a user