[packages/dehydrated] move acme-challenge and accounts to /var/lib
glen
glen at pld-linux.org
Tue Nov 22 19:01:36 CET 2016
commit f19ccd973862fc9a910698aba90763026205bff0
Author: Elan Ruusamäe <glen at delfi.ee>
Date: Tue Nov 22 20:00:52 2016 +0200
move acme-challenge and accounts to /var/lib
/etc is not the real place for this kind of files
apache.conf | 4 ++--
dehydrated.spec | 10 ++++++----
lighttpd.conf | 2 +-
nginx.conf | 2 +-
pld.patch | 17 +++++++++++++----
5 files changed, 23 insertions(+), 12 deletions(-)
---
diff --git a/dehydrated.spec b/dehydrated.spec
index 5d653dc..ac2b9ae 100644
--- a/dehydrated.spec
+++ b/dehydrated.spec
@@ -1,7 +1,7 @@
Summary: letsencrypt/acme client implemented as a shell-script
Name: dehydrated
Version: 0.3.1
-Release: 0.1
+Release: 0.4
License: MIT
Group: Applications/Networking
Source0: https://github.com/lukas2511/dehydrated/archive/v%{version}/%{name}-%{version}.tar.gz
@@ -32,7 +32,6 @@ BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
%define _webapp %{name}
%define _sysconfdir %{_webapps}/%{_webapp}
%define _appdir %{_datadir}/%{_webapp}
-%define challengedir /var/lib/%{name}
%description
This is a client for signing certificates with an ACME-server
@@ -52,7 +51,8 @@ Current features:
%install
rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT{%{_sbindir},%{_sysconfdir}/certs,/etc/cron.d,%{challengedir}}
+install -d $RPM_BUILD_ROOT{%{_sbindir},%{_sysconfdir}/certs,/etc/cron.d} \
+ $RPM_BUILD_ROOT/var/lib/%{name}/{accounts,acme-challenge}
install -p %{name} $RPM_BUILD_ROOT%{_sbindir}
cp -p %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/apache.conf
@@ -97,5 +97,7 @@ rm -rf $RPM_BUILD_ROOT
%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/domains.txt
%attr(750,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/hook.sh
%attr(755,root,root) %{_sbindir}/%{name}
+%dir %attr(751,root,root) /var/lib/%{name}
+%dir %attr(700,root,root) /var/lib/%{name}/accounts
# challenges written here, need to be readable by webserver
-%dir %attr(751,root,root) %{challengedir}
+%dir %attr(751,root,root) /var/lib/%{name}/acme-challenge
diff --git a/apache.conf b/apache.conf
index 1aa893e..259f9e8 100644
--- a/apache.conf
+++ b/apache.conf
@@ -1,5 +1,5 @@
-Alias /.well-known/acme-challenge /var/lib/dehydrated
-<Directory /var/lib/dehydrated>
+Alias /.well-known/acme-challenge /var/lib/dehydrated/acme-challenge
+<Directory /var/lib/dehydrated/acme-challenge>
# Apache 2.x
<IfModule !mod_authz_core.c>
Order allow,deny
diff --git a/lighttpd.conf b/lighttpd.conf
index ce965aa..498336b 100644
--- a/lighttpd.conf
+++ b/lighttpd.conf
@@ -1,3 +1,3 @@
alias.url += (
- "/.well-known/acme-challenge" => "/var/lib/dehydrated",
+ "/.well-known/acme-challenge" => "/var/lib/dehydrated/acme-challenge",
)
diff --git a/nginx.conf b/nginx.conf
index cecb2ba..b8060db 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -1,3 +1,3 @@
location /.well-known/acme-challenge {
- alias /etc/webapps/letsencrypt.sh/acme-challenges;
+ alias /var/lib/dehydrated/acme-challenge;
}
diff --git a/pld.patch b/pld.patch
index cb9d7da..1244848 100644
--- a/pld.patch
+++ b/pld.patch
@@ -1,5 +1,5 @@
---- dehydrated-0.3.1/dehydrated 2016-05-14 15:51:55.000000000 +0300
-+++ dehydrated-0.3.1/dehydrated 2016-10-17 22:03:54.184281322 +0300
+--- dehydrated-0.3.1/dehydrated 2016-10-17 22:03:54.184281322 +0300
++++ dehydrated-0.3.1/dehydrated 2016-11-22 19:57:26.978516490 +0200
@@ -1,4 +1,4 @@
-#!/usr/bin/env bash
+#!/bin/bash
@@ -15,12 +15,21 @@
if [[ -f "${check_config}/config" ]]; then
BASEDIR="${check_config}"
CONFIG="${check_config}/config"
+@@ -164,7 +164,7 @@
+ [[ -d "${BASEDIR}" ]] || _exiterr "BASEDIR does not exist: ${BASEDIR}"
+
+ CAHASH="$(echo "${CA}" | urlbase64)"
+- [[ -z "${ACCOUNTDIR}" ]] && ACCOUNTDIR="${BASEDIR}/accounts"
++ [[ -z "${ACCOUNTDIR}" ]] && ACCOUNTDIR="/var/lib/dehydrated/accounts"
+ mkdir -p "${ACCOUNTDIR}/${CAHASH}"
+ [[ -f "${ACCOUNTDIR}/${CAHASH}/config" ]] && . "${ACCOUNTDIR}/${CAHASH}/config"
+ ACCOUNT_KEY="${ACCOUNTDIR}/${CAHASH}/account_key.pem"
@@ -181,7 +181,7 @@
[[ -z "${CERTDIR}" ]] && CERTDIR="${BASEDIR}/certs"
[[ -z "${DOMAINS_TXT}" ]] && DOMAINS_TXT="${BASEDIR}/domains.txt"
- [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/www/dehydrated"
-+ [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/lib/dehydrated"
++ [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/lib/dehydrated/acme-challenge"
[[ -z "${LOCKFILE}" ]] && LOCKFILE="${BASEDIR}/lock"
[[ -n "${PARAM_NO_LOCK:-}" ]] && LOCKFILE=""
@@ -31,7 +40,7 @@
# Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: /var/www/dehydrated)
-#WELLKNOWN="/var/www/dehydrated"
-+#WELLKNOWN="/var/lib/dehydrated"
++#WELLKNOWN="/var/lib/dehydrated/acme-challenge"
# Default keysize for private keys (default: 4096)
#KEYSIZE="4096"
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/dehydrated.git/commitdiff/f19ccd973862fc9a910698aba90763026205bff0
More information about the pld-cvs-commit
mailing list