[packages/dehydrated] move acme-challenge and accounts to /var/lib

Tue Nov 22 19:01:36 CET 2016

commit f19ccd973862fc9a910698aba90763026205bff0
Author: Elan Ruusamäe <glen at delfi.ee>
Date:   Tue Nov 22 20:00:52 2016 +0200

    move acme-challenge and accounts to /var/lib
    
    /etc is not the real place for this kind of files

 apache.conf     |  4 ++--
 dehydrated.spec | 10 ++++++----
 lighttpd.conf   |  2 +-
 nginx.conf      |  2 +-
 pld.patch       | 17 +++++++++++++----
 5 files changed, 23 insertions(+), 12 deletions(-)
---

diff --git a/dehydrated.spec b/dehydrated.spec
index 5d653dc..ac2b9ae 100644
--- a/dehydrated.spec
+++ b/dehydrated.spec
@@ -1,7 +1,7 @@
 Summary:	letsencrypt/acme client implemented as a shell-script
 Name:		dehydrated
 Version:	0.3.1
-Release:	0.1
+Release:	0.4
 License:	MIT
 Group:		Applications/Networking
 Source0:	https://github.com/lukas2511/dehydrated/archive/v%{version}/%{name}-%{version}.tar.gz
@@ -32,7 +32,6 @@ BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 %define		_webapp		%{name}
 %define		_sysconfdir	%{_webapps}/%{_webapp}
 %define		_appdir		%{_datadir}/%{_webapp}
-%define		challengedir	/var/lib/%{name}
 
 %description
 This is a client for signing certificates with an ACME-server
@@ -52,7 +51,8 @@ Current features:
 
 %install
 rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT{%{_sbindir},%{_sysconfdir}/certs,/etc/cron.d,%{challengedir}}
+install -d $RPM_BUILD_ROOT{%{_sbindir},%{_sysconfdir}/certs,/etc/cron.d} \
+	$RPM_BUILD_ROOT/var/lib/%{name}/{accounts,acme-challenge}
 
 install -p %{name} $RPM_BUILD_ROOT%{_sbindir}
 cp -p %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/apache.conf
@@ -97,5 +97,7 @@ rm -rf $RPM_BUILD_ROOT
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/domains.txt
 %attr(750,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/hook.sh
 %attr(755,root,root) %{_sbindir}/%{name}
+%dir %attr(751,root,root) /var/lib/%{name}
+%dir %attr(700,root,root) /var/lib/%{name}/accounts
 # challenges written here, need to be readable by webserver
-%dir %attr(751,root,root) %{challengedir}
+%dir %attr(751,root,root) /var/lib/%{name}/acme-challenge
diff --git a/apache.conf b/apache.conf
index 1aa893e..259f9e8 100644
--- a/apache.conf
+++ b/apache.conf
@@ -1,5 +1,5 @@
-Alias /.well-known/acme-challenge /var/lib/dehydrated
-<Directory /var/lib/dehydrated>
+Alias /.well-known/acme-challenge /var/lib/dehydrated/acme-challenge
+<Directory /var/lib/dehydrated/acme-challenge>
 	# Apache 2.x
 	<IfModule !mod_authz_core.c>
 		Order allow,deny
diff --git a/lighttpd.conf b/lighttpd.conf
index ce965aa..498336b 100644
--- a/lighttpd.conf
+++ b/lighttpd.conf
@@ -1,3 +1,3 @@
 alias.url += (
-	"/.well-known/acme-challenge" => "/var/lib/dehydrated",
+	"/.well-known/acme-challenge" => "/var/lib/dehydrated/acme-challenge",
 )
diff --git a/nginx.conf b/nginx.conf
index cecb2ba..b8060db 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -1,3 +1,3 @@
 location /.well-known/acme-challenge {
-	alias /etc/webapps/letsencrypt.sh/acme-challenges;
+	alias /var/lib/dehydrated/acme-challenge;
 }
diff --git a/pld.patch b/pld.patch
index cb9d7da..1244848 100644
--- a/pld.patch
+++ b/pld.patch
@@ -1,5 +1,5 @@
---- dehydrated-0.3.1/dehydrated	2016-05-14 15:51:55.000000000 +0300
-+++ dehydrated-0.3.1/dehydrated	2016-10-17 22:03:54.184281322 +0300
+--- dehydrated-0.3.1/dehydrated	2016-10-17 22:03:54.184281322 +0300
++++ dehydrated-0.3.1/dehydrated	2016-11-22 19:57:26.978516490 +0200
 @@ -1,4 +1,4 @@
 -#!/usr/bin/env bash
 +#!/bin/bash
@@ -15,12 +15,21 @@
        if [[ -f "${check_config}/config" ]]; then
          BASEDIR="${check_config}"
          CONFIG="${check_config}/config"
+@@ -164,7 +164,7 @@
+   [[ -d "${BASEDIR}" ]] || _exiterr "BASEDIR does not exist: ${BASEDIR}"
+ 
+   CAHASH="$(echo "${CA}" | urlbase64)"
+-  [[ -z "${ACCOUNTDIR}" ]] && ACCOUNTDIR="${BASEDIR}/accounts"
++  [[ -z "${ACCOUNTDIR}" ]] && ACCOUNTDIR="/var/lib/dehydrated/accounts"
+   mkdir -p "${ACCOUNTDIR}/${CAHASH}"
+   [[ -f "${ACCOUNTDIR}/${CAHASH}/config" ]] && . "${ACCOUNTDIR}/${CAHASH}/config"
+   ACCOUNT_KEY="${ACCOUNTDIR}/${CAHASH}/account_key.pem"
 @@ -181,7 +181,7 @@
  
    [[ -z "${CERTDIR}" ]] && CERTDIR="${BASEDIR}/certs"
    [[ -z "${DOMAINS_TXT}" ]] && DOMAINS_TXT="${BASEDIR}/domains.txt"
 -  [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/www/dehydrated"
-+  [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/lib/dehydrated"
++  [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/lib/dehydrated/acme-challenge"
    [[ -z "${LOCKFILE}" ]] && LOCKFILE="${BASEDIR}/lock"
    [[ -n "${PARAM_NO_LOCK:-}" ]] && LOCKFILE=""
  
@@ -31,7 +40,7 @@
  
  # Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: /var/www/dehydrated)
 -#WELLKNOWN="/var/www/dehydrated"
-+#WELLKNOWN="/var/lib/dehydrated"
++#WELLKNOWN="/var/lib/dehydrated/acme-challenge"
  
  # Default keysize for private keys (default: 4096)
  #KEYSIZE="4096"
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/dehydrated.git/commitdiff/f19ccd973862fc9a910698aba90763026205bff0

