[packages/letsencrypt.sh] webserver integration

Sat May 14 14:51:34 CEST 2016

commit eb6aa75d03d4e4daf5891b68839ce77ac303d522
Author: Elan Ruusamäe <glen at delfi.ee>
Date:   Sat May 14 15:43:10 2016 +0300

    webserver integration

 apache.conf         | 12 ++++++++++++
 letsencrypt.sh.spec | 43 ++++++++++++++++++++++++++++++++++++++++++-
 lighttpd.conf       |  3 +++
 3 files changed, 57 insertions(+), 1 deletion(-)
---

diff --git a/letsencrypt.sh.spec b/letsencrypt.sh.spec
index 697bc34..5cdfca5 100644
--- a/letsencrypt.sh.spec
+++ b/letsencrypt.sh.spec
@@ -5,7 +5,9 @@ Release:	0.1
 License:	MIT
 Group:		Applications/Networking
 Source0:	https://github.com/lukas2511/letsencrypt.sh/archive/v%{version}/%{name}-%{version}.tar.gz
-# Source0-md5:	eb1208bcf5c33a6f030da9419718bf6b
+# Source0-md5:	eadd134cc5365753c03929dd70db341d
+Source1:	apache.conf
+Source2:	lighttpd.conf
 URL:		https://github.com/lukas2511/letsencrypt.sh
 BuildRequires:	rpmbuild(macros) >= 1.713
 Requires:	curl
@@ -13,9 +15,17 @@ Requires:	grep
 Requires:	mktemp
 Requires:	openssl
 Requires:	sed
+Requires:	webapps
+Requires:	webserver(access)
+Requires:	webserver(alias)
 BuildArch:	noarch
 BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
+%define		_webapps	/etc/webapps
+%define		_webapp		%{name}
+%define		_sysconfdir	%{_webapps}/%{_webapp}
+%define		_appdir		%{_datadir}/%{_webapp}
+
 %description
 This is a client for signing certificates with an ACME-server
 (currently only provided by letsencrypt) implemented as a relatively
@@ -33,10 +43,41 @@ Current features:
 
 %install
 rm -rf $RPM_BUILD_ROOT
+install -d $RPM_BUILD_ROOT{%{_sbindir},%{_sysconfdir}/acme-challenges}
+
+install -p letsencrypt.sh $RPM_BUILD_ROOT%{_sbindir}
+
+cp -p %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/apache.conf
+cp -p %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/lighttpd.conf
+cp -p $RPM_BUILD_ROOT%{_sysconfdir}/{apache,httpd}.conf
 
 %clean
 rm -rf $RPM_BUILD_ROOT
 
+%triggerin -- apache1 < 1.3.37-3, apache1-base
+%webapp_register apache %{_webapp}
+
+%triggerun -- apache1 < 1.3.37-3, apache1-base
+%webapp_unregister apache %{_webapp}
+
+%triggerin -- apache < 2.2.0, apache-base
+%webapp_register httpd %{_webapp}
+
+%triggerun -- apache < 2.2.0, apache-base
+%webapp_unregister httpd %{_webapp}
+
+%triggerin -- lighttpd
+%webapp_register lighttpd %{_webapp}
+
+%triggerun -- lighttpd
+%webapp_unregister lighttpd %{_webapp}
+
 %files
 %defattr(644,root,root,755)
 %doc README.md CHANGELOG LICENSE
+%attr(755,root,root) %{_sbindir}/letsencrypt.sh
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/apache.conf
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/httpd.conf
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/lighttpd.conf
+# challenges written here from letsencrypt.sh, need to be readable by webserver
+%dir %attr(751,root,root) %{_sysconfdir}/acme-challenges
diff --git a/apache.conf b/apache.conf
new file mode 100644
index 0000000..5f207b5
--- /dev/null
+++ b/apache.conf
@@ -0,0 +1,12 @@
+Alias /.well-known/acme-challenge /etc/webapps/letsencrypt.sh/acme-challenges
+<Directory /etc/webapps/letsencrypt.sh/acme-challenges>
+	# Apache 2.x
+	<IfModule !mod_authz_core.c>
+		Order allow,deny
+		Allow from all
+	</IfModule>
+	# Apache 2.4
+	<IfModule mod_authz_core.c>
+		Require all granted
+	</IfModule>
+</Directory>
diff --git a/lighttpd.conf b/lighttpd.conf
new file mode 100644
index 0000000..5b51255
--- /dev/null
+++ b/lighttpd.conf
@@ -0,0 +1,3 @@
+alias.url += (
+	"/.well-known/acme-challenge" => "/etc/webapps/letsencrypt.sh/acme-challenges",
+)
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/letsencrypt.sh.git/commitdiff/3c33d40b996b1e72bf7d66bf0609f2cf723f8763

