Hello community, here is the log from the commit of package dehydrated for openSUSE:Factory checked in at 2017-02-13 07:49:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/dehydrated (Old) and /work/SRC/openSUSE:Factory/.dehydrated.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "dehydrated" Changes: -------- --- /work/SRC/openSUSE:Factory/dehydrated/dehydrated.changes 2017-02-03 17:35:31.011250596 +0100 +++ /work/SRC/openSUSE:Factory/.dehydrated.new/dehydrated.changes 2017-02-13 07:49:05.430491137 +0100 @@ -1,0 +2,63 @@ +Thu Feb 2 15:04:16 UTC 2017 - daniel.molkentin@suse.com + +- More dependency fixes + +------------------------------------------------------------------- +Thu Feb 2 13:59:16 UTC 2017 - daniel.molkentin@suse.com + +- Make nginx and lighttpd packages into features + Default-disable them on distros where we cannot provide a dependency. + +------------------------------------------------------------------- +Thu Feb 2 12:32:20 UTC 2017 - daniel.molkentin@suse.com + +- Fix build on Fedora + +------------------------------------------------------------------- +Thu Feb 2 11:03:43 UTC 2017 - mrueckert@suse.de + +- make permissions of the lighty and nginx config files tighter + +------------------------------------------------------------------- +Thu Feb 2 10:56:58 UTC 2017 - mrueckert@suse.de + +- only own the configuration files and not the whole directory tree + - add BR for nginx, lighttpd, apache2 to handle directory + ownership + +------------------------------------------------------------------- +Thu Jan 12 10:24:20 UTC 2017 - mrueckert@suse.de + +- with making the permissions more tight ... dehydrated can not + write its lock file anymore to /etc/dehydrated. To fix this we + now create /var/run/dehydrated (sysvinit) or /run/dehydrated + (systemd) and point the lock file in the default config to that + directory. + + Please adapt your local config files accordingly. + +------------------------------------------------------------------- +Thu Jan 12 09:53:06 UTC 2017 - mrueckert@suse.de + +- change permissions of /etc/dehydrated to: + root:dehydrated u=rwx,g=rx,o= +- create the subdirs that dehydrated would create later anyway: + /etc/dehydrated/accounts + /etc/dehydrated/certs + dehydrated::dehydrated u=rwx,go= +- tighten up permissions on + /etc/dehydrated/config + /etc/dehydrated/domain.txt + + root:root u=rw,go=r -> root:dehydrated u=rw,g=r,o= + + /etc/dehydrated/hook.sh + + root:root u=rw,go=r -> root:dehydrated u=rwx,g=rx,o= + +------------------------------------------------------------------- +Wed Nov 23 02:20:53 UTC 2016 - daniel@molkentin.de + +- Add lighttpd configuration via dehydrated-lighttpd + +------------------------------------------------------------------- New: ---- acme-challenge.conf.lighttpd.in dehydrated.tmpfiles.d ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dehydrated.spec ++++++ --- /var/tmp/diff_new_pack.RyWNAI/_old 2017-02-13 07:49:06.450345524 +0100 +++ /var/tmp/diff_new_pack.RyWNAI/_new 2017-02-13 07:49:06.454344953 +0100 @@ -1,7 +1,7 @@ # # spec file for package dehydrated # -# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,6 +15,7 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # + # See also http://en.opensuse.org/openSUSE:Specfile_guidelines %if 0%{?suse_version} @@ -26,6 +27,24 @@ %define _user dehydrated %define _home /etc/dehydrated +%if 0%{?suse_version} > 1230 +%bcond_without systemd +%define _lock_dir /run/dehydrated +%else +%bcond_with systemd +%define _lock_dir /var/run/dehydrated +%endif + +%if (0%{?suse_version} < 1200 && !0%{?is_opensuse}) || 0%{?centos_version} || 0%{?rhel_version} +%bcond_with nginx +%bcond_with lighttpd +%else +%bcond_without nginx +%bcond_without lighttpd +%endif + +%{!?_tmpfilesdir: %global _tmpfilesdir /usr/lib/tmpfiles.d } + Name: dehydrated Version: 0.3.1 Release: 0 @@ -36,10 +55,23 @@ Source0: %{name}-%{version}.tar.gz Source1: acme-challenge.conf.in Source2: acme-challenge.in -Source3: dehydrated.cron.in +Source3: acme-challenge.conf.lighttpd.in +Source4: dehydrated.cron.in +Source5: dehydrated.tmpfiles.d +BuildRequires: %{_apache} +%if %{with lighttpd} +BuildRequires: lighttpd +%endif +%if %{with nginx} +BuildRequires: nginx +%endif +%if 0%{?fedora_version} +BuildRequires: generic-logos +BuildRequires: generic-logos-httpd +%endif +Requires: coreutils Requires: curl Requires: openssl -Requires: coreutils %if 0%{?suse_version} Requires: cron %endif @@ -50,6 +82,10 @@ %if 0%{?suse_version} >= 1230 BuildRequires: shadow %endif +%if %{with systemd} +BuildRequires: pkgconfig(systemd) +%{?systemd_requires} +%endif BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch @@ -75,31 +111,42 @@ * Certificate revocation %package %{_apache} -Group: Productivity/Networking/Security -License: MIT -Requires: %{name} Requires: %{_apache} +Requires: %{name} %if ! 0%{?suse_version} Requires: mod_ssl %endif Obsoletes: letsencrypt.sh-%{_apache} < %{version} Provides: letsencrypt.sh-%{_apache} = %{version} Summary: Apache Integration for dehydrated +Group: Productivity/Networking/Security %description %{_apache} This adds a configuration file for dehydrated's acme-challenge to Apache. +%if %{with nginx} %package nginx -Group: Productivity/Networking/Security -License: MIT Requires: %{name} Requires: nginx Obsoletes: letsencrypt.sh-nginx < %{version} Provides: letsencrypt.sh-nginx = %{version} Summary: Nginx Integration for dehydrated +Group: Productivity/Networking/Security %description nginx This adds a configuration file for dehydrated's acme-challenge to nginx. +%endif #with nginx + +%if %{with lighttpd} +%package lighttpd +Requires: %{name} +Requires: lighttpd +Summary: Lighttpd Integration for dehydrated +Group: Productivity/Networking/Security + +%description lighttpd +This adds a configuration file for dehydrated's acme-challenge to lighttpd. +%endif #with lighttpd %pre getent group %{_user} >/dev/null || /usr/sbin/groupadd -r %{_user} @@ -108,6 +155,11 @@ if [ -d /etc/letsencrypt.sh ]; then mv /etc/letsencrypt.sh /etc/dehydrated; chown -R %{_user} /etc/dehydrated; fi if [ -e /etc/dehydrated/config.sh ]; then mv /etc/dehydrated/config.sh /etc/dehydrated/config; fi +%if %{with systemd} +%post +systemd-tmpfiles --create %{_tmpfilesdir}/%{name}.conf ||: +%endif + %prep %setup -q @@ -115,7 +167,7 @@ %install # sensitive keys -mkdir -p %{buildroot}%{_home} +mkdir -p %{buildroot}%{_home}/{accounts,certs} sed -i "s,#WELLKNOWN=.*,WELLKNOWN=%{_challengedir},g" docs/examples/config install -m 0644 docs/examples/* %{buildroot}%{_home} @@ -126,30 +178,63 @@ install -m 0755 -d %{buildroot}/etc/%{_apache}/conf.d sed "s,@CHALLENGEDIR@,%{_challengedir},g" %{SOURCE1} > acme-challenge.conf install -m 0644 acme-challenge.conf %{buildroot}/etc/%{_apache}/conf.d + +%if %{with nginx} install -m 0755 -d %{buildroot}/etc/nginx sed "s,@CHALLENGEDIR@,%{_challengedir},g" %{SOURCE2} > acme-challenge install -m 0644 acme-challenge %{buildroot}/etc/nginx +%endif #with nginx + +%if %{with lighttpd} +install -m 0755 -d %{buildroot}/etc/lighttpd/conf.d +sed "s,@CHALLENGEDIR@,%{_challengedir},g" %{SOURCE3} > acme-challenge +install -m 0644 acme-challenge %{buildroot}/etc/lighttpd/conf.d +%endif #with lighttpd + install -m 0755 -d %{buildroot}/etc/cron.d -sed "s,@USER@,%{_user},g" %{SOURCE3} > dehydrated.cron +sed "s,@USER@,%{_user},g" %{SOURCE4} > dehydrated.cron install -m 0644 dehydrated.cron %{buildroot}/etc/cron.d/dehydrated +%if %{with systemd} +install -D -m 0644 %{S:5} %{buildroot}%{_tmpfilesdir}/%{name}.conf +%else +install -D -d -m 0750 %{buildroot}%{_lock_dir} +%endif +perl -p -i -e 's|#LOCKFILE="\${BASEDIR}/lock"|LOCKFILE="%{_lock_dir}/lock"|' %{buildroot}%{_home}/config +diff -urN docs/examples/config %{buildroot}%{_home}/config ||: %files %defattr(-,root,root) -%attr(750,%{_user},root) %dir %{_sysconfdir}/dehydrated -%config %{_sysconfdir}/dehydrated/config -%config %{_sysconfdir}/dehydrated/domains.txt -%config %{_sysconfdir}/dehydrated/hook.sh +%attr(750,root,%{_user}) %dir %{_sysconfdir}/dehydrated +%attr(700,%{_user},%{_user}) %dir %{_sysconfdir}/dehydrated/accounts +%attr(700,%{_user},%{_user}) %dir %{_sysconfdir}/dehydrated/certs +%config(noreplace) %attr(640,root,%{_user}) %{_sysconfdir}/dehydrated/config +%config(noreplace) %attr(640,root,%{_user}) %{_sysconfdir}/dehydrated/domains.txt +%config(noreplace) %attr(750,root,%{_user}) %{_sysconfdir}/dehydrated/hook.sh %config %{_sysconfdir}/cron.d/dehydrated %{_bindir}/dehydrated %attr(-,%{_user},root) %dir %{_localstatedir}/lib/acme-challenge %doc LICENSE README.md docs/*.md docs/*.jpg +%if %{with systemd} +%{_tmpfilesdir}/%{name}.conf +%ghost %attr(700,%{_user},%{_user}) %dir %{_lock_dir} +%else +%attr(700,%{_user},%{_user}) %dir %{_lock_dir} +%endif %files %{_apache} %defattr(-,root,root,-) -%config %{_sysconfdir}/%{_apache} +%config %{_sysconfdir}/%{_apache}/conf.d/acme-challenge.conf +%if %{with nginx} %files nginx %defattr(-,root,root,-) -%config %{_sysconfdir}/nginx +%config %attr(640,root,nginx) %{_sysconfdir}/nginx/acme-challenge +%endif #with nginx + +%if %{with lighttpd} +%files lighttpd +%defattr(-,root,root,-) +%config %attr(640,root,lighttpd) %{_sysconfdir}/lighttpd/conf.d/acme-challenge +%endif #with lighttpd %changelog ++++++ acme-challenge.conf.lighttpd.in ++++++ server.modules += ("alias") alias.url += ( "/.well-known/acme-challenge/" => "@CHALLENGEDIR@", ) ++++++ dehydrated.tmpfiles.d ++++++ # Type Path Mode UID GID Age Argument d /run/dehydrated 0700 dehydrated dehydrated - -