[packages/prosody] Simplify certificate setup and connect to default configuration

Sun Feb 9 05:19:59 CET 2014

commit f76d96a993a4af2d18095184b7f826123d7c0e34
Author: Aria Stewart <aredridel at nbtsc.org>
Date:   Sat Feb 8 21:16:06 2014 -0700

    Simplify certificate setup and connect to default configuration

 prosody-config.patch | 19 +++++++++++++++++++
 prosody.spec         | 26 ++++++++++----------------
 2 files changed, 29 insertions(+), 16 deletions(-)
---

diff --git a/prosody.spec b/prosody.spec
index 08895ea..beb0166 100644
--- a/prosody.spec
+++ b/prosody.spec
@@ -1,6 +1,5 @@
-# TODO
-# - bashism in %post
-# - undefined sslkey, sslcert macros
+%define sslkey /etc/prosody/certs/localhost.key
+%define sslcert /etc/prosody/certs/localhost.crt
 Summary:	Flexible communications server for Jabber/XMPP
 Name:		prosody
 Version:	0.9.2
@@ -12,6 +11,7 @@ Source0:	http://prosody.im/downloads/source/%{name}-%{version}.tar.gz
 Source1:	%{name}.init
 Source2:	%{name}.tmpfiles
 Source3:	%{name}.service
+Patch0:		%{name}-config.patch
 URL:		http://prosody.im/
 BuildRequires:	libidn-devel
 BuildRequires:	lua51-devel
@@ -37,6 +37,7 @@ rapidly develop added functionality, or prototype new protocols.
 
 %prep
 %setup -q
+%patch0 -p1
 sed -e 's|$(PREFIX)/lib|$(PREFIX)/%{_lib}|' -i Makefile
 # fix wrong end of line encoding
 sed -i -e 's|\r||g' doc/stanza.txt doc/session.txt doc/roster_format.txt
@@ -76,6 +77,8 @@ cp -p %{SOURCE2} $RPM_BUILD_ROOT%{systemdtmpfilesdir}/%{name}.conf
 install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
 install -p %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/%{name}
 
+rm $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/certs/*
+
 %clean
 rm -rf $RPM_BUILD_ROOT
 
@@ -93,7 +96,7 @@ fi
 %post
 umask 077
 if [ ! -f %{sslkey} ]; then
-	%{_bindir}/openssl genrsa 1024 > %{sslkey} 2> /dev/null
+	%{_bindir}/openssl genrsa 2048 > %{sslkey} 2> /dev/null
 	chown root:%{name} %{sslkey}
 	chmod 640 %{sslkey}
 fi
@@ -104,9 +107,8 @@ if [ ! -f %{sslcert} ]; then
 		FQDN=localhost.localdomain
 	fi
 
-	# FIXME: $RANDOM is bashism!
-	cat << -EOF | %{_bindir}/openssl req -new -key %{sslkey} \
-	 -x509 -days 365 -set_serial $RANDOM \
+	cat <<-CERT | %{_bindir}/openssl req -new -key %{sslkey} \
+	 -x509 -days 365 \
 	 -out %{sslcert} 2>/dev/null
 	--
 	SomeState
@@ -115,7 +117,7 @@ if [ ! -f %{sslcert} ]; then
 	SomeOrganizationalUnit
 	${FQDN}
 	root@${FQDN}
-	EOF
+	CERT
 	chmod 644 %{sslcert}
 fi
 
@@ -145,14 +147,6 @@ fi
 %{_libdir}/%{name}/prosody.version
 %dir %{_sysconfdir}/%{name}
 %dir %{_sysconfdir}/%{name}/certs
-%config(noreplace) %attr(640,root,prosody) %{_sysconfdir}/%{name}/certs/example.com.cnf
-%config(noreplace) %attr(640,root,prosody) %{_sysconfdir}/%{name}/certs/example.com.crt
-%config(noreplace) %attr(640,root,prosody) %{_sysconfdir}/%{name}/certs/example.com.key
-%config(noreplace) %attr(640,root,prosody) %{_sysconfdir}/%{name}/certs/localhost.cnf
-%config(noreplace) %attr(640,root,prosody) %{_sysconfdir}/%{name}/certs/localhost.crt
-%config(noreplace) %attr(640,root,prosody) %{_sysconfdir}/%{name}/certs/localhost.key
-%config(noreplace) %attr(640,root,prosody) %{_sysconfdir}/%{name}/certs/openssl.cnf
-%config(noreplace) %attr(640,root,prosody) %{_sysconfdir}/%{name}/certs/Makefile
 %config(noreplace) %attr(640,root,prosody) %{_sysconfdir}/%{name}/prosody.cfg.lua
 %{systemdtmpfilesdir}/prosody.conf
 %{systemdunitdir}/prosody.service
diff --git a/prosody-config.patch b/prosody-config.patch
new file mode 100644
index 0000000..37c09df
--- /dev/null
+++ b/prosody-config.patch
@@ -0,0 +1,19 @@
+diff -up prosody-0.8.0/prosody.cfg.lua.dist.patch prosody-0.8.0/prosody.cfg.lua.dist
+--- prosody-0.8.0/prosody.cfg.lua.dist.patch	2011-04-08 14:20:24.508974815 +0200
++++ prosody-0.8.0/prosody.cfg.lua.dist	2011-04-08 14:25:56.159877253 +0200
+@@ -123,11 +123,12 @@ authentication = "internal_plain"
+ -- Logging configuration
+ -- For advanced logging see http://prosody.im/doc/logging
+ log = {
+-	info = "prosody.log"; -- Change 'info' to 'debug' for verbose logging
+-	error = "prosody.err";
+-	-- "*syslog"; -- Uncomment this for logging to syslog
++	-- info = "prosody.log"; -- Change 'info' to 'debug' for verbose logging
++	-- error = "prosody.err";
++	"*syslog"; -- Uncomment this for logging to syslog
+ 	-- "*console"; -- Log to the console, useful for debugging with daemonize=false
+ }
++pidfile = "/var/run/prosody/prosody.pid";
+ 
+ ----------- Virtual hosts -----------
+ -- You need to add a VirtualHost entry for each domain you wish Prosody to serve.
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/prosody.git/commitdiff/e22dc6e663378a00578224b6a53c084f313d6265

