From 680e540955a96cf4dd5ea7ef899e89e4ebaf3fc4 Mon Sep 17 00:00:00 2001 From: Marcin Krol Date: Fri, 1 Jan 2021 19:02:56 +0100 Subject: [PATCH] - updated to 0.7.0 --- 01-ca-path.sh | 9 ++++----- 02-challenge-type.sh | 2 +- 03-keys.sh | 2 +- 05-ocsp.sh | 6 ++++++ 08-curl.sh | 2 ++ dehydrated.spec | 27 ++++++++++++++------------- tld.patch | 30 +++++++++++++++--------------- 7 files changed, 43 insertions(+), 35 deletions(-) create mode 100644 08-curl.sh diff --git a/01-ca-path.sh b/01-ca-path.sh index cd6f030..85594ee 100644 --- a/01-ca-path.sh +++ b/01-ca-path.sh @@ -1,5 +1,4 @@ -# Path to certificate authority (default: https://acme-v02.api.letsencrypt.org/directory) -#CA="https://acme-v02.api.letsencrypt.org/directory" - -# Path to staging certificate authority (for testing purposes) -#CA="https://acme-staging-v02.api.letsencrypt.org/directory" +# URL to certificate authority or internal preset +# Presets: letsencrypt, letsencrypt-test, zerossl, buypass, buypass-test +# default: letsencrypt +#CA="letsencrypt" diff --git a/02-challenge-type.sh b/02-challenge-type.sh index 5416ba9..ec10240 100644 --- a/02-challenge-type.sh +++ b/02-challenge-type.sh @@ -1,2 +1,2 @@ -# Which challenge should be used? Currently http-01 and dns-01 are supported +# Which challenge should be used? Currently http-01, dns-01 and tls-alpn-01 are supported #CHALLENGETYPE="http-01" diff --git a/03-keys.sh b/03-keys.sh index e10db0f..20e615d 100644 --- a/03-keys.sh +++ b/03-keys.sh @@ -5,4 +5,4 @@ #PRIVATE_KEY_ROLLOVER="no" # Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1 -#KEY_ALGO=rsa +#KEY_ALGO=secp384r1 diff --git a/05-ocsp.sh b/05-ocsp.sh index 42cab30..dcdc20a 100644 --- a/05-ocsp.sh +++ b/05-ocsp.sh @@ -1,2 +1,8 @@ # Option to add CSR-flag indicating OCSP stapling to be mandatory (default: no) #OCSP_MUST_STAPLE="no" + +# Fetch OCSP responses (default: no) +#OCSP_FETCH="no" + +# OCSP refresh interval (default: 5 days) +#OCSP_DAYS=5 diff --git a/08-curl.sh b/08-curl.sh new file mode 100644 index 0000000..d4d8ae2 --- /dev/null +++ b/08-curl.sh @@ -0,0 +1,2 @@ +# Extra options passed to the curl binary (default: ) +#CURL_OPTS= diff --git a/dehydrated.spec b/dehydrated.spec index 21c1103..6b57dfe 100644 --- a/dehydrated.spec +++ b/dehydrated.spec @@ -1,11 +1,11 @@ Summary: letsencrypt/acme client implemented as a shell-script Name: dehydrated -Version: 0.6.5 +Version: 0.7.0 Release: 1 License: MIT Group: Applications/Networking Source0: https://github.com/lukas2511/dehydrated/archive/v%{version}/%{name}-%{version}.tar.gz -# Source0-md5: cedf07369517c317c4e1075540b94699 +# Source0-md5: a23c9f7a475b9d690e788ee13dd8f14a Source1: httpd.conf Source2: lighttpd.conf Source3: nginx.conf @@ -19,11 +19,12 @@ Source10: 04-renew.sh Source11: 05-ocsp.sh Source12: 06-hook.sh Source13: 07-contact.sh -Source14: hook.sh -Source15: hook.functions -Source16: hook.custom_functions -Source17: hook.global -Source18: sudoers +Source14: 08-curl.sh +Source30: hook.sh +Source31: hook.functions +Source32: hook.custom_functions +Source33: hook.global +Source34: sudoers Patch0: tld.patch URL: https://github.com/lukas2511/dehydrated BuildRequires: rpmbuild(macros) >= 1.713 @@ -76,13 +77,13 @@ cp -p %{SOURCE4} $RPM_BUILD_ROOT/etc/%{name}/domains.txt cp -p %{SOURCE5} $RPM_BUILD_ROOT/etc/cron.d/%{name} cp -p %{SOURCE6} $RPM_BUILD_ROOT/etc/%{name}/config cp -p %{SOURCE7} %{SOURCE8} %{SOURCE9} %{SOURCE10} \ - %{SOURCE11} %{SOURCE12} %{SOURCE13} \ + %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} \ $RPM_BUILD_ROOT/etc/%{name}/conf.d/ -install -p %{SOURCE14} $RPM_BUILD_ROOT/etc/%{name}/hooks/hook.sh -cp -p %{SOURCE15} $RPM_BUILD_ROOT/etc/%{name}/hooks/functions -cp -p %{SOURCE16} $RPM_BUILD_ROOT/etc/%{name}/hooks/custom_functions -cp -p %{SOURCE17} $RPM_BUILD_ROOT/etc/%{name}/hooks.d/global -cp -p %{SOURCE18} $RPM_BUILD_ROOT/etc/sudoers.d/%{name} +install -p %{SOURCE30} $RPM_BUILD_ROOT/etc/%{name}/hooks/hook.sh +cp -p %{SOURCE31} $RPM_BUILD_ROOT/etc/%{name}/hooks/functions +cp -p %{SOURCE32} $RPM_BUILD_ROOT/etc/%{name}/hooks/custom_functions +cp -p %{SOURCE33} $RPM_BUILD_ROOT/etc/%{name}/hooks.d/global +cp -p %{SOURCE34} $RPM_BUILD_ROOT/etc/sudoers.d/%{name} %pre %groupadd -g 184 dehydrated diff --git a/tld.patch b/tld.patch index 9c8e779..96819c7 100644 --- a/tld.patch +++ b/tld.patch @@ -1,6 +1,6 @@ -diff -ur dehydrated-0.6.5.orig/dehydrated dehydrated-0.6.5/dehydrated ---- dehydrated-0.6.5.orig/dehydrated 2019-06-26 12:33:35.000000000 +0200 -+++ dehydrated-0.6.5/dehydrated 2020-08-16 15:17:01.872293508 +0200 +diff -ur dehydrated-0.7.0.orig/dehydrated dehydrated-0.7.0/dehydrated +--- dehydrated-0.7.0.orig/dehydrated 2020-12-10 16:54:26.000000000 +0100 ++++ dehydrated-0.7.0/dehydrated 2021-01-01 18:41:50.608417166 +0100 @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/bash @@ -22,19 +22,19 @@ diff -ur dehydrated-0.6.5.orig/dehydrated dehydrated-0.6.5/dehydrated -BASEDIR="${SCRIPTDIR}" +BASEDIR="/var/lib/dehydrated" - ORIGARGS="$@" + ORIGARGS=("${@}") - # Create (identifiable) temporary files -@@ -135,7 +135,7 @@ - DOMAINS_TXT= + # Generate json.sh path matching string +@@ -340,7 +340,7 @@ HOOK= + PREFERRED_CHAIN= HOOK_CHAIN="no" - RENEW_DAYS="30" + RENEW_DAYS="10" KEYSIZE="4096" WELLKNOWN= PRIVATE_KEY_RENEW="yes" -@@ -151,8 +151,8 @@ +@@ -356,8 +356,8 @@ IP_VERSION= CHAINCACHE= AUTO_CLEANUP="no" @@ -45,7 +45,7 @@ diff -ur dehydrated-0.6.5.orig/dehydrated dehydrated-0.6.5/dehydrated API="auto" if [[ -z "${CONFIG:-}" ]]; then -@@ -260,8 +260,8 @@ +@@ -495,8 +495,8 @@ [[ -z "${CERTDIR}" ]] && CERTDIR="${BASEDIR}/certs" [[ -z "${ALPNCERTDIR}" ]] && ALPNCERTDIR="${BASEDIR}/alpn-certs" [[ -z "${CHAINCACHE}" ]] && CHAINCACHE="${BASEDIR}/chains" @@ -56,10 +56,10 @@ diff -ur dehydrated-0.6.5.orig/dehydrated dehydrated-0.6.5/dehydrated [[ -z "${LOCKFILE}" ]] && LOCKFILE="${BASEDIR}/lock" [[ -z "${OPENSSL_CNF}" ]] && OPENSSL_CNF="$("${OPENSSL}" version -d | cut -d\" -f2)/openssl.cnf" [[ -n "${PARAM_LOCKFILE_SUFFIX:-}" ]] && LOCKFILE="${LOCKFILE}-${PARAM_LOCKFILE_SUFFIX}" -diff -ur dehydrated-0.6.5.orig/docs/examples/config dehydrated-0.6.5/docs/examples/config ---- dehydrated-0.6.5.orig/docs/examples/config 2019-06-26 12:33:35.000000000 +0200 -+++ dehydrated-0.6.5/docs/examples/config 2020-08-16 15:17:01.872293508 +0200 -@@ -45,11 +45,11 @@ +diff -ur dehydrated-0.7.0.orig/docs/examples/config dehydrated-0.7.0/docs/examples/config +--- dehydrated-0.7.0.orig/docs/examples/config 2020-12-10 16:54:26.000000000 +0100 ++++ dehydrated-0.7.0/docs/examples/config 2021-01-01 18:41:13.934417166 +0100 +@@ -47,11 +47,11 @@ # default: #DOMAINS_D= @@ -74,7 +74,7 @@ diff -ur dehydrated-0.6.5.orig/docs/examples/config dehydrated-0.6.5/docs/exampl # Output directory for generated certificates #CERTDIR="${BASEDIR}/certs" -@@ -61,7 +61,7 @@ +@@ -63,7 +63,7 @@ #ACCOUNTDIR="${BASEDIR}/accounts" # Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: /var/www/dehydrated) @@ -83,7 +83,7 @@ diff -ur dehydrated-0.6.5.orig/docs/examples/config dehydrated-0.6.5/docs/exampl # Default keysize for private keys (default: 4096) #KEYSIZE="4096" -@@ -85,13 +85,13 @@ +@@ -87,13 +87,13 @@ # # BASEDIR and WELLKNOWN variables are exported and can be used in an external program # default: -- 2.44.0