commit f19ccd973862fc9a910698aba90763026205bff0 Author: Elan Ruusamäe <g...@delfi.ee> Date: Tue Nov 22 20:00:52 2016 +0200
move acme-challenge and accounts to /var/lib /etc is not the real place for this kind of files apache.conf | 4 ++-- dehydrated.spec | 10 ++++++---- lighttpd.conf | 2 +- nginx.conf | 2 +- pld.patch | 17 +++++++++++++---- 5 files changed, 23 insertions(+), 12 deletions(-) --- diff --git a/dehydrated.spec b/dehydrated.spec index 5d653dc..ac2b9ae 100644 --- a/dehydrated.spec +++ b/dehydrated.spec @@ -1,7 +1,7 @@ Summary: letsencrypt/acme client implemented as a shell-script Name: dehydrated Version: 0.3.1 -Release: 0.1 +Release: 0.4 License: MIT Group: Applications/Networking Source0: https://github.com/lukas2511/dehydrated/archive/v%{version}/%{name}-%{version}.tar.gz @@ -32,7 +32,6 @@ BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n) %define _webapp %{name} %define _sysconfdir %{_webapps}/%{_webapp} %define _appdir %{_datadir}/%{_webapp} -%define challengedir /var/lib/%{name} %description This is a client for signing certificates with an ACME-server @@ -52,7 +51,8 @@ Current features: %install rm -rf $RPM_BUILD_ROOT -install -d $RPM_BUILD_ROOT{%{_sbindir},%{_sysconfdir}/certs,/etc/cron.d,%{challengedir}} +install -d $RPM_BUILD_ROOT{%{_sbindir},%{_sysconfdir}/certs,/etc/cron.d} \ + $RPM_BUILD_ROOT/var/lib/%{name}/{accounts,acme-challenge} install -p %{name} $RPM_BUILD_ROOT%{_sbindir} cp -p %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/apache.conf @@ -97,5 +97,7 @@ rm -rf $RPM_BUILD_ROOT %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/domains.txt %attr(750,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/hook.sh %attr(755,root,root) %{_sbindir}/%{name} +%dir %attr(751,root,root) /var/lib/%{name} +%dir %attr(700,root,root) /var/lib/%{name}/accounts # challenges written here, need to be readable by webserver -%dir %attr(751,root,root) %{challengedir} +%dir %attr(751,root,root) /var/lib/%{name}/acme-challenge diff --git a/apache.conf b/apache.conf index 1aa893e..259f9e8 100644 --- a/apache.conf +++ b/apache.conf @@ -1,5 +1,5 @@ -Alias /.well-known/acme-challenge /var/lib/dehydrated -<Directory /var/lib/dehydrated> +Alias /.well-known/acme-challenge /var/lib/dehydrated/acme-challenge +<Directory /var/lib/dehydrated/acme-challenge> # Apache 2.x <IfModule !mod_authz_core.c> Order allow,deny diff --git a/lighttpd.conf b/lighttpd.conf index ce965aa..498336b 100644 --- a/lighttpd.conf +++ b/lighttpd.conf @@ -1,3 +1,3 @@ alias.url += ( - "/.well-known/acme-challenge" => "/var/lib/dehydrated", + "/.well-known/acme-challenge" => "/var/lib/dehydrated/acme-challenge", ) diff --git a/nginx.conf b/nginx.conf index cecb2ba..b8060db 100644 --- a/nginx.conf +++ b/nginx.conf @@ -1,3 +1,3 @@ location /.well-known/acme-challenge { - alias /etc/webapps/letsencrypt.sh/acme-challenges; + alias /var/lib/dehydrated/acme-challenge; } diff --git a/pld.patch b/pld.patch index cb9d7da..1244848 100644 --- a/pld.patch +++ b/pld.patch @@ -1,5 +1,5 @@ ---- dehydrated-0.3.1/dehydrated 2016-05-14 15:51:55.000000000 +0300 -+++ dehydrated-0.3.1/dehydrated 2016-10-17 22:03:54.184281322 +0300 +--- dehydrated-0.3.1/dehydrated 2016-10-17 22:03:54.184281322 +0300 ++++ dehydrated-0.3.1/dehydrated 2016-11-22 19:57:26.978516490 +0200 @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/bash @@ -15,12 +15,21 @@ if [[ -f "${check_config}/config" ]]; then BASEDIR="${check_config}" CONFIG="${check_config}/config" +@@ -164,7 +164,7 @@ + [[ -d "${BASEDIR}" ]] || _exiterr "BASEDIR does not exist: ${BASEDIR}" + + CAHASH="$(echo "${CA}" | urlbase64)" +- [[ -z "${ACCOUNTDIR}" ]] && ACCOUNTDIR="${BASEDIR}/accounts" ++ [[ -z "${ACCOUNTDIR}" ]] && ACCOUNTDIR="/var/lib/dehydrated/accounts" + mkdir -p "${ACCOUNTDIR}/${CAHASH}" + [[ -f "${ACCOUNTDIR}/${CAHASH}/config" ]] && . "${ACCOUNTDIR}/${CAHASH}/config" + ACCOUNT_KEY="${ACCOUNTDIR}/${CAHASH}/account_key.pem" @@ -181,7 +181,7 @@ [[ -z "${CERTDIR}" ]] && CERTDIR="${BASEDIR}/certs" [[ -z "${DOMAINS_TXT}" ]] && DOMAINS_TXT="${BASEDIR}/domains.txt" - [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/www/dehydrated" -+ [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/lib/dehydrated" ++ [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/lib/dehydrated/acme-challenge" [[ -z "${LOCKFILE}" ]] && LOCKFILE="${BASEDIR}/lock" [[ -n "${PARAM_NO_LOCK:-}" ]] && LOCKFILE="" @@ -31,7 +40,7 @@ # Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: /var/www/dehydrated) -#WELLKNOWN="/var/www/dehydrated" -+#WELLKNOWN="/var/lib/dehydrated" ++#WELLKNOWN="/var/lib/dehydrated/acme-challenge" # Default keysize for private keys (default: 4096) #KEYSIZE="4096" ================================================================ ---- gitweb: http://git.pld-linux.org/gitweb.cgi/packages/dehydrated.git/commitdiff/f19ccd973862fc9a910698aba90763026205bff0 _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit