[packages/lighttpd] add ssl dir where to keep ssl related files

Mon Oct 30 21:03:10 CET 2017

commit 4cfd64960ebbaa7bf0b270c5ec87fb6a18fc3bb8
Author: Elan Ruusamäe <glen at pld-linux.org>
Date:   Sun Oct 29 02:35:23 2017 +0300

    add ssl dir where to keep ssl related files
    
    secure permission, to ensure files with weak permissions aren't
    accessible

 lighttpd.spec | 3 ++-
 ssl.conf      | 6 +++---
 2 files changed, 5 insertions(+), 4 deletions(-)
---

diff --git a/lighttpd.spec b/lighttpd.spec
index 92b27d8..1d3fe35 100644
--- a/lighttpd.spec
+++ b/lighttpd.spec
@@ -1005,7 +1005,7 @@ export LIGHTTPD_TEST_PORT=$((2048 + RANDOM % 10))
 %install
 rm -rf $RPM_BUILD_ROOT
 install -d $RPM_BUILD_ROOT{%{_lighttpddir}/{cgi-bin,html},/etc/{logrotate.d,rc.d/init.d,sysconfig,monit}} \
-	$RPM_BUILD_ROOT%{_sysconfdir}/{conf,vhosts,webapps}.d \
+	$RPM_BUILD_ROOT%{_sysconfdir}/{{conf,vhosts,webapps}.d,ssl} \
 	$RPM_BUILD_ROOT{/var/log/{%{name},archive/%{name}},/var/run/%{name}} \
 	$RPM_BUILD_ROOT%{_datadir}/lighttpd/errordocs \
 	$RPM_BUILD_ROOT/var/lib/lighttpd \
@@ -1245,6 +1245,7 @@ fi
 %dir %attr(750,root,root) %{_sysconfdir}/conf.d
 %dir %attr(750,root,root) %{_sysconfdir}/vhosts.d
 %dir %attr(750,root,root) %{_sysconfdir}/webapps.d
+%dir %attr(700,root,root) %{_sysconfdir}/ssl
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/%{name}.conf
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/mime.types.conf
 %attr(640,root,lighttpd) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/*.user
diff --git a/ssl.conf b/ssl.conf
index 41564f5..c63822b 100644
--- a/ssl.conf
+++ b/ssl.conf
@@ -15,12 +15,12 @@ $SERVER["socket"] == ":443" {
 	# (Should contain both the private key and the certificate)
 	## If you have a .crt and a .key file, cat them together into a single PEM file:
 	## $ cat lighttpd.key lighttpd.crt > lighttpd.pem
-	ssl.pemfile = "/etc/lighttpd/server.pem"
+	ssl.pemfile = "/etc/lighttpd/ssl/server.pem"
 	# ssl.ca-file: path to the CA file for support of chained certificates
-#	ssl.ca-file = "/etc/certs/ca-certificates.crt"
+#	ssl.ca-file = "/etc/lighttpd/ssl/chain.pem"
 
 	# for DH/DHE ciphers, dhparam should be >= 2048-bit
-#	ssl.dh-file = "/path/to/dhparam.pem"
+#	ssl.dh-file = "/etc/lighttpd/ssl/dhparam.pem"
 	# ECDH/ECDHE ciphers curve strength (see `openssl ecparam -list_curves`)
 #	ssl.ec-curve = "secp384r1"
 	# Compression is by default off at compile-time, but use if needed
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/lighttpd.git/commitdiff/85a9ac3063e1b572e172696db5c7586feea11581

