Summary: A client for signing certificates with an ACME server Name: dehydrated Version: 0.4.0 Release: 4%{?dist} License: MIT URL: https://github.com/lukas2511/dehydrated Source0: https://github.com/lukas2511/dehydrated/archive/v%{version}/%{name}-%{version}.tar.gz Source1: dehydrated.tmpfiles Requires: openssl Requires: curl BuildRequires: systemd BuildArch: noarch %description This is a client for signing certificates with an ACME-server (currently only provided by Let's Encrypt) implemented as a relatively simple bash-script. It uses the openssl utility for everything related to actually handling keys and certificates, so you need to have that installed. Current features: * Signing of a list of domains * Signing of a CSR * Renewal if a certificate is about to expire or SAN (subdomains) changed * Certificate revocation %prep %setup -q %build : nothing to do %install mkdir -p %{buildroot}%{_tmpfilesdir} mkdir -p %{buildroot}%{_sysconfdir}/dehydrated/accounts mkdir -p %{buildroot}%{_sysconfdir}/dehydrated/archive mkdir -p %{buildroot}%{_sysconfdir}/dehydrated/certs mkdir -p %{buildroot}%{_sysconfdir}/dehydrated/conf.d mkdir -p %{buildroot}%{_bindir} mkdir -p %{buildroot}%{_rundir}/dehydrated install -m 644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/dehydrated.conf sed \ -e 's|^#LOCKFILE="\${BASEDIR}/lock"|LOCKFILE="%{_rundir}/dehydrated/lock"|' \ -e 's|^#CONFIG_D=|CONFIG_D="\${BASEDIR}/conf.d"|' \ -e 's|^#HOOK=|HOOK="\${BASEDIR}/hook.sh"|' \ -e 's|^#PRIVATE_KEY_RENEW="yes"|PRIVATE_KEY_RENEW="no"|' \ docs/examples/config >%{buildroot}%{_sysconfdir}/dehydrated/config install docs/examples/hook.sh %{buildroot}%{_sysconfdir}/dehydrated/ install dehydrated %{buildroot}%{_bindir}/dehydrated %post if [ ! -f %{_sysconfdir}/cron.d/dehydrated ]; then echo "$(($RANDOM % 60)) $(($RANDOM % 6)) * * $(($RANDOM % 7)) root test -s %{_sysconfdir}/dehydrated/domains.txt && %{_bindir}/dehydrated --cron" \ >%{_sysconfdir}/cron.d/dehydrated fi umask=$(umask) umask 027 if [ -z "$(ls %{_sysconfdir}/dehydrated/conf.d/*.sh 2>/dev/null)" ]; then touch %{_sysconfdir}/dehydrated/conf.d/local.sh fi if [ ! -e %{_sysconfdir}/dehydrated/domains.txt ]; then touch %{_sysconfdir}/dehydrated/domains.txt fi umask ${umask} || : %files %doc README.md docs/* %attr(0644,root,root) %ghost %{_sysconfdir}/cron.d/dehydrated %attr(0750,root,root) %dir %{_sysconfdir}/dehydrated %attr(0640,root,root) %config(noreplace) %{_sysconfdir}/dehydrated/config %attr(0750,root,root) %config(noreplace) %{_sysconfdir}/dehydrated/hook.sh %attr(0750,root,root) %dir %{_sysconfdir}/dehydrated/accounts %attr(0750,root,root) %dir %{_sysconfdir}/dehydrated/archive %attr(0750,root,root) %dir %{_sysconfdir}/dehydrated/certs %attr(0750,root,root) %dir %{_sysconfdir}/dehydrated/conf.d %attr(0640,root,root) %ghost %{_sysconfdir}/dehydrated/conf.d/local.sh %attr(0640,root,root) %ghost %{_sysconfdir}/dehydrated/domains.txt %attr(0750,root,root) %dir %{_rundir}/dehydrated %{_tmpfilesdir}/dehydrated.conf %{_bindir}/dehydrated %changelog * Mon Mar 20 2017 Paul Wouters - 0.4.0-4 - Set PRIVATE_KEY_RENEW=no so pubkeys are re-used, allowing TLSA DNS records * Sat Mar 18 2017 Tuomo Soini - 0.4.0-3 - Fix file mode of crontab entry * Sat Mar 18 2017 Kim B. Heino - 0.4.0-2 - Add archive directory, cleanup * Sat Mar 18 2017 Tuomo Soini - 0.4.0-1 - Initial build