rpms / acme-tiny

Clone
Source Code
GIT

Blame acme-tiny.spec

el6 epel7 epel8 epel8-playground epel9 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 main rawhide
  1.   epel7
  2.   acme-tiny.spec
Blob History Raw
9ddfc06
ebceebf 
%if 0%{?fedora} || 0%{?rhel} > 7
9ddfc06 
# Explicity require python3 on Fedora to help track which packages
9ddfc06 
# no longer need python2.
9ddfc06 
%global use_python3 1
9ddfc06 
%else
9ddfc06 
%global use_python3 0
9ddfc06 
%endif
9ddfc06
9ddfc06 
Name:		acme-tiny
4c3d613 
Version:	5.0.1
63da791 
Release:	2%{?dist}
9ddfc06 
Summary:	Tiny auditable script to issue, renew Let's Encrypt certificates
9ddfc06
9ddfc06 
License:	MIT
50fcf9d 
URL:		https://github.com/diafygi/%{name}
50fcf9d 
Source0:	https://github.com/diafygi/%{name}/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
9ddfc06 
Source1:	acme-tiny-sign.sh
9ddfc06 
Source2:	cert-check.py
9ddfc06 
Source3:	acme.conf
9ddfc06 
Source6:	acme-tiny.timer
9ddfc06 
Source7:	acme-tiny.service
9ddfc06 
Source8:	README-fedora.md
2ea4b87 
# simple script hook to kick services when cert is updated
2ea4b87 
Source9:	notify.sh
766eae2 
Source10:	acme-tiny-notify.service
e847943 
Source11:	acme-tiny.conf
9ddfc06
9ddfc06 
Requires(pre): shadow-utils
9ddfc06 
# systemd macros are not defined unless systemd is present
9ddfc06 
BuildRequires: systemd
9ddfc06 
%{?systemd_requires}
7f90430 
Requires: %{name}-core = %{version}-%{release}
9ddfc06 
BuildArch:	noarch
80c0679 
%if 0%{?fedora}
9ddfc06 
Suggests: httpd, mod_ssl, nginx
9ddfc06 
Enhances: httpd, mod_ssl, nginx
9ddfc06 
%endif
9ddfc06
9ddfc06 
%description
9ddfc06 
This is a tiny, auditable script that you can throw on your server to issue and
9ddfc06 
renew Let's Encrypt certificates. Since it has to be run on your server and
9ddfc06 
have access to your private Let's Encrypt account key, I tried to make it as
9ddfc06 
tiny as possible (currently less than 200 lines). The only prerequisites are
9ddfc06 
python and openssl.
9ddfc06
9ddfc06 
Well, that and a web server - but then you only need this with a web server.
9ddfc06 
This package adds a simple directory layout and timer service that runs
9ddfc06 
acme_tiny on installed CSRs as the acme user for privilege separation.
9ddfc06
7f90430 
%package core
766eae2 
Summary: Core python module of acme-tiny
63da791 
Requires:	openssl python3
7f90430 
%if 0%{?rhel} >= 5 && 0%{?rhel} < 7
7f90430 
# EL6 uses python2.6, which does not include argparse
7f90430 
Requires:	python-argparse
7f90430 
%endif
7f90430 
BuildArch: noarch
7f90430
7f90430 
%description core
7f90430 
Includes only the core acme_tiny.py script and its dependencies.
7f90430 
Alternate frameworks that use acme_tiny.py can install this to avoid pulling in
7f90430 
unneeded packages.
7f90430
9ddfc06 
%prep
7f90430 
%setup -q -n %{name}-%{version}
9ddfc06 
cp -p %{SOURCE1} %{SOURCE2} %{SOURCE8} .
ecd867a 
sed -i.orig -e '1,1 s,^.*python$,#!/usr/bin/python,' acme_tiny.py
9ddfc06 
%if %{use_python3}
9ddfc06 
sed -i.old -e '1,1 s/python$/python3/' *.py
9ddfc06 
%endif
9ddfc06
9ddfc06 
%build
9ddfc06
9ddfc06 
%install
9ddfc06 
mkdir -p %{buildroot}/var/www/challenges
9ddfc06 
mkdir -p %{buildroot}%{_sysconfdir}/httpd/conf.d
9ddfc06 
mkdir -p %{buildroot}%{_sbindir}
9ddfc06 
mkdir -p %{buildroot}%{_libexecdir}/%{name}
766eae2 
mkdir -p %{buildroot}%{_sharedstatedir}/acme/{private,csr,certs,.notify}
50fcf9d 
mkdir -p %{buildroot}%{_sysconfdir}/%{name}/notify.d
e847943 
mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
9ddfc06 
chmod 0700 %{buildroot}%{_sharedstatedir}/acme/private
9ddfc06
9ddfc06 
install -m 0755 acme-tiny-sign.sh %{buildroot}%{_libexecdir}/%{name}/sign
766eae2 
install -m 0755 %{SOURCE9} %{buildroot}%{_libexecdir}/%{name}/notify
9ddfc06 
install -m 0755 acme_tiny.py %{buildroot}%{_sbindir}/acme_tiny
50fcf9d 
ln -sf acme_tiny %{buildroot}%{_sbindir}/%{name}
9ddfc06 
ln -sf %{_libexecdir}/%{name}/sign %{buildroot}%{_sbindir}/acme-tiny-sign
766eae2 
ln -sf %{_libexecdir}/%{name}/notify %{buildroot}%{_sysconfdir}/%{name}/notify.sh
9ddfc06 
install -m 0755 cert-check.py %{buildroot}%{_sbindir}/cert-check
9ddfc06 
install -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/httpd/conf.d
9ddfc06 
mkdir -p %{buildroot}%{_unitdir}
aed9609 
install -pm 644	 %{SOURCE6} %{buildroot}%{_unitdir}
aed9609 
install -pm 644	 %{SOURCE7} %{buildroot}%{_unitdir}
766eae2 
install -pm 644	 %{SOURCE10} %{buildroot}%{_unitdir}
e847943 
install -m 0644 %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
9ddfc06
9ddfc06 
%pre
9ddfc06 
getent group acme > /dev/null || groupadd -r acme
9ddfc06 
getent passwd acme > /dev/null || /usr/sbin/useradd -g acme \
9ddfc06 
	-c "Tiny Auditable ACME Client" \
9ddfc06 
	-r -d %{_sharedstatedir}/acme -s /sbin/nologin acme
9ddfc06 
exit 0
9ddfc06
9ddfc06 
%post
766eae2 
%systemd_post acme-tiny.service acme-tiny-notice.service acme-tiny.timer
9ddfc06
9ddfc06 
%postun
766eae2 
%systemd_postun_with_restart acme-tiny.service acme-tiny-notice.service acme-tiny.timer
9ddfc06
9ddfc06 
%preun
766eae2 
%systemd_preun acme-tiny.service acme-tiny-notice.service acme-tiny.timer
9ddfc06
9ddfc06 
%files
9ddfc06 
%{!?_licensedir:%global license %%doc}
9ddfc06 
%license LICENSE
7f90430 
%doc README-fedora.md
9ddfc06 
%attr(0755,acme,acme) /var/www/challenges
9ddfc06 
%attr(-,acme,acme) %{_sharedstatedir}/acme
9ddfc06 
%{_libexecdir}/%{name}
9ddfc06 
%config(noreplace) %{_sysconfdir}/httpd/conf.d/acme.conf
e847943 
%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
9ddfc06 
%{_unitdir}/*
7f90430 
%{_sbindir}/acme-tiny-sign
7f90430 
%{_sbindir}/cert-check
50fcf9d 
%{_sbindir}/%{name}
50fcf9d 
%{_sysconfdir}/%{name}
7f90430
7f90430 
%files core
7f90430 
%license LICENSE
7f90430 
%doc README.md
7f90430 
%{_sbindir}/acme_tiny
9ddfc06
9ddfc06 
%changelog
63da791 
* Tue May 17 2022 Stuart D. Gathman <stuart@gathman.org> 5.0.1-2
63da791 
- Add missing python3 dependency for new version
63da791
4c3d613 
* Thu Oct 28 2021 Stuart D. Gathman <stuart@gathman.org> 5.0.1-1
4c3d613 
- New upstream release
4c3d613
4ec0479 
* Tue Sep  8 2021 Stuart D. Gathman <stuart@gathman.org> 4.1.1-2
4ec0479 
- Remove CLI override in acme-tiny.service (uses /etc/sysconfig/acme-tiny now)
4ec0479
8ae6121 
* Tue Sep  7 2021 Stuart D. Gathman <stuart@gathman.org> 4.1.1-1
8ae6121 
- New upstream release
e847943 
- Set days before expiration in /etc/sysconfig
8ae6121
e96af0a 
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.0-8
e96af0a 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
e96af0a
766eae2 
* Thu May 27 2021 Stuart D. Gathman <stuart@gathman.org> 4.1.0-7
766eae2 
- Fix BZ#1839904
766eae2 
- enhance notify after cert update, incrond no longer needed
766eae2
6859d70 
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 4.1.0-6
6859d70 
- Rebuilt for updated systemd-rpm-macros
6859d70 
  See https://pagure.io/fesco/issue/2583.
6859d70
1d4a4aa 
* Mon Jan 25 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.0-5
1d4a4aa 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
1d4a4aa
e62eb52 
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.0-4
e62eb52 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
e62eb52
5c6956e 
* Thu Apr  9 2020 Stuart D. Gathman <stuart@gathman.org> 4.1.0-3
592fc09 
- Update README-fedora.md to describe notify.sh
640fa49 
- Apply selected changes from Marcel Metz <mmetz@adrian-broher.net>:
640fa49 
- Use openssl x509 -checkend parameter to determine certificate expiration
640fa49 
- Remove Let's Encrypt intermediate certificate
640fa49 
- Remove cron job used on non systemd systems
592fc09
28ca092 
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.0-2
28ca092 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
28ca092
640fa49 
* Fri Oct 11 2019 Tim Jackson <rpm@timj.co.uk> - 4.1.0-1
73d7264 
- Update to 4.1.0
73d7264
8531572 
* Fri Oct 11 2019 Stuart D. Gathman <stuart@gathman.org> 4.0.4-5
a9e8ec5 
- Add generic notify script for incron
a9e8ec5
b767ed5 
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.0.4-4
b767ed5 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
2ea4b87
04841bd 
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.0.4-3
04841bd 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
04841bd
1074567 
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.0.4-2
1074567 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
1074567
7f90430 
* Tue May 22 2018 Stuart D. Gathman <stuart@gathman.org> 4.0.4-1
0b10f97 
- Official upstream release! BZ#1560531
0b10f97 
- Move acme_tiny.py to acme-tiny-core subpackage BZ#1438181
7f90430
daf0c4b 
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.2-4.20170516gitaf025f5
daf0c4b 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
daf0c4b
880c508 
* Wed Nov 22 2017 Stuart D. Gathman <stuart@gathman.org> 0.2-3.20170616gitaf025f5
880c508 
- BZ#1507333 EL6 missing python-argparse dependency
880c508 
- BZ#1515781 Agreement updated.
880c508 
- BZ#1409345 Unwritable certs silently skipped
880c508
63d5d90 
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.2-2.20170516gitaf025f5
63d5d90 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
63d5d90
55e6566 
* Thu Jul  6 2017 Stuart D. Gathman <stuart@gathman.org> 0.2-1.20170616gitaf025f5
b8abc0a 
- BZ#1468045 Update to new upstream version
9b5f083 
- BZ#1409686 Message.getallmatchingheaders() is broken in python3.
9b5f083
d0dda28 
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.1-12.20160810git5a7b4e7
d0dda28 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
d0dda28
1eacdf0 
* Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com> - 0.1-11.20160810git5a7b4e7
1eacdf0 
- Rebuild for Python 3.6
1eacdf0
8d1d687 
* Mon Aug 22 2016 Stuart D. Gathman <stuart@gathman.org> 0.1-10.20160810git5a7b4e7
9ddfc06 
- Fix cert writable check in sign script
9ddfc06 
- More tips in README-fedora.md
9ddfc06
8d1d687 
* Mon Aug 22 2016 Stuart D. Gathman <stuart@gathman.org> 0.1-9.20160810git5a7b4e7
9ddfc06 
- Use %%{systemd_requires}
9ddfc06 
- Remove unneeded cronie, python dependencies
9ddfc06 
- Add acme-tiny.timer to systemd scriptlets
9ddfc06 
- Add README-fedora.md
9ddfc06 
- acme_tiny: Fix --chain patch for python2.6 (el6)
9ddfc06 
- acme_tiny: Suppress traceback on error
9ddfc06
9ddfc06 
* Sun Aug 21 2016 Stuart D. Gathman <stuart@gathman.org> 0.1-8
9ddfc06 
- Add use_systemd flag to use systemd timer and enable on Fedora and epel7
9ddfc06 
- Enable use_python3 flag for Fedora (but not epel7).
9ddfc06
9ddfc06 
* Sat Aug 20 2016 Stuart D. Gathman <stuart@gathman.org> 0.1-7
9ddfc06 
- sign: Actually use the new --chain flag
9ddfc06 
- cron: Make days to expiration explicit
9ddfc06 
- spec: Set file modes with install
9ddfc06 
- acme.conf: mark as config
9ddfc06
9ddfc06 
* Fri Aug 19 2016 Stuart D. Gathman <stuart@gathman.org> 0.1-6
9ddfc06 
- Python3 fixes for cert-check
9ddfc06 
- acme-tiny: Update patch to leave default behavior unchanged
9ddfc06 
- make /var/lib/acme readable by all except private
9ddfc06
9ddfc06 
* Thu Aug 11 2016 Stuart D. Gathman <stuart@gathman.org> 0.1-5
9ddfc06 
- sign: Use tmp output to avoid wiping existing cert on error
9ddfc06 
- acme_tiny: get intermediate cert from acme protocol
9ddfc06
9ddfc06 
* Thu Aug 11 2016 Stuart D. Gathman <stuart@gathman.org> 0.1-4
9ddfc06 
- Fix path of acme_tiny and make days explicit in sign script
9ddfc06 
- Add crontab
9ddfc06
9ddfc06 
* Wed Aug 10 2016 Stuart D. Gathman <stuart@gathman.org> 0.1-3
9ddfc06 
- Add global acme httpd conf
9ddfc06 
- Append intermediate certs, add current lets-encrypt intermediate cert
9ddfc06
9ddfc06 
* Tue Aug  9 2016 Stuart D. Gathman <stuart@gathman.org> 0.1-2
9ddfc06 
- add private, csr, certs directories
9ddfc06 
- add sign script suitable for cron
9ddfc06
9ddfc06 
* Mon Aug  8 2016 Stuart D. Gathman <stuart@gathman.org> 0.1-1
9ddfc06 
- Initial RPM
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.