diff --git a/example.cert b/example.cert deleted file mode 100644 index b9720cf..0000000 --- a/example.cert +++ /dev/null @@ -1,20 +0,0 @@ -# -# CERT_FILE - Destination of cert file -# KEY_FILE - Destination of key file. If empty appended to CERT_FILE -# *_OWNER - Owner (default: root) -# *_GROUP - Group (default: root) -# *_MODE - Mode (default: 0600) -# - -CERT_FILE=/etc/pki/tls/certs/example.com.pem -CERT_OWNER=root -CERT_GROUP=root -CERT_MODE=0644 - -KEY_FILE=/etc/pki/tls/private/example.com.pem -KEY_OWNER=root -KEY_GROUP=root -KEY_MODE=0600 - -SERVICE=someservice -ACTION=reload diff --git a/example.service b/example.service deleted file mode 100644 index 31bad38..0000000 --- a/example.service +++ /dev/null @@ -1,5 +0,0 @@ -# systemd service -SERVICE=someservice - -# ACTION defaults to restart -ACTION=reload diff --git a/example.sh b/example.sh deleted file mode 100755 index e3a1b90..0000000 --- a/example.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -DOMAIN=$1 - -echo "$DOMAIN certificate renewed!" \ No newline at end of file diff --git a/md-message b/md-message deleted file mode 100755 index ae58cd7..0000000 --- a/md-message +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash - -MOD_MD_DIR=/var/lib/httpd/md -MD_RENEWED_DIR=/var/lib/httpd/md-renewed - -if [[ -f /etc/md-renewed/md-renewed.conf ]]; then - . /etc/md-renewed/md-renewed.conf -fi - -MSG="$1" -DOMAIN="$2" - -mkdir -p $MD_RENEWED_DIR -mkdir -p $MD_RENEWED_DIR/{errored,expiring,installed,installing,renewing,renewed,ocsp-renewed,oscp-errored} - -if [[ ! -z $MD_RENEWED_HOST_DIR ]]; then - mkdir -p $MD_RENEWED_DIR/{installed/$MD_RENEWED_HOST_DIR,installing/$MD_RENEWED_HOST_DIR,renewed/$MD_RENEWED_HOST_DIR} -fi - -case $1 in - renewing) - if [[ -f $MD_RENEWED_DIR/renewing/$DOMAIN ]]; then - exit 1 - fi - echo $(date) $(hostname) > $MD_RENEWED_DIR/renewing/$DOMAIN - ;; - renewed) - if [[ -f $MD_RENEWED_DIR/renewing/$DOMAIN ]]; then - rm -f $MD_RENEWED_DIR/renewing/$DOMAIN - fi - if [[ -z $MD_RENEWED_HOST_DIR ]]; then - echo $(date) $(hostname) > $MD_RENEWED_DIR/renewed/$DOMAIN - rm -f $MD_RENEWED_DIR/installed/$DOMAIN - else - for f in $MD_RENEWED_DIR/renewed/*/; do - if [[ ! -d "$f" ]]; then - continue - fi - echo $(date) $(hostname) > ${f}${DOMAIN} - done - for f in $MD_RENEWED_DIR/installed/*/; do - if [[ ! -d "$f" ]]; then - continue - fi - rm -f ${f}${DOMAIN} - done - fi - ;; - installed) - if [[ -z $MD_RENEWED_HOST_DIR ]]; then - echo $(date) $(hostname) > $MD_RENEWED_DIR/installing/$DOMAIN - else - for f in $MD_RENEWED_DIR/installing/*/; do - if [[ ! -d "$f" ]]; then - continue - fi - echo $(date) $(hostname) > ${f}${DOMAIN} - done - fi - ;; - expiring) - echo $(date) $(hostname) > $MD_RENEWED_DIR/expiring/$DOMAIN - ;; - errored) - rm -f $MD_RENEWED_DIR/renewing/$DOMAIN - echo $(date) $(hostname) > $MD_RENEWED_DIR/errored/$DOMAIN - ;; - ocsp-renewed) - echo $(date) $(hostname) > $MD_RENEWED_DIR/ocsp-renewed/$DOMAIN - ;; - ocsp-errored) - echo $(date) $(hostname) > $MD_RENEWED_DIR/ocsp-errored/$DOMAIN - ;; -esac - -exit 0 diff --git a/md-renewed b/md-renewed deleted file mode 100755 index 073ef8b..0000000 --- a/md-renewed +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/bash - -MOD_MD_DIR=/var/lib/httpd/md -MD_RENEWED_DIR=/var/lib/httpd/md-renewed - -if [[ -f /etc/md-renewed/md-renewed.conf ]]; then - . /etc/md-renewed/md-renewed.conf -fi - -MYDOMAINS=$(curl -s http://127.0.0.1/md-renewed-status | tail -n +1 | jq -r '."managed-domains"[].name' 2>/dev/null) - -HTTP_RELOAD=n - -if [ -z $MD_RENEWED_HOST_DIR ]; then - MD_RENEWED_RENEWED_TARGET=${MD_RENEWED_DIR}/renewed - MD_RENEWED_INSTALLING_TARGET=${MD_RENEWED_DIR}/installing - MD_RENEWED_INSTALLED_TARGET=${MD_RENEWED_DIR}/installed -else - MD_RENEWED_RENEWED_TARGET=${MD_RENEWED_DIR}/renewed/${MD_RENEWED_HOST_DIR} - MD_RENEWED_INSTALLING_TARGET=${MD_RENEWED_DIR}/installing/${MD_RENEWED_HOST_DIR} - MD_RENEWED_INSTALLED_TARGET=${MD_RENEWED_DIR}/installed/${MD_RENEWED_HOST_DIR} -fi - -if [[ ! -d $MD_RENEWED_INSTALLING_TARGET ]]; then - mkdir -p $MD_RENEWED_INSTALLING_TARGET - chown ${MD_USER}.${MD_GROUP} $MD_RENEWED_INSTALLING_TARGET -fi - -if [[ ! -d $MD_RENEWED_INSTALLED_TARGET ]]; then - mkdir -p $MD_RENEWED_INSTALLED_TARGET - chown ${MD_USER}.${MD_GROUP} $MD_RENEWED_INSTALLED_TARGET -fi - -echo "md-renewed.service Looking for our domains: ${MYDOMAINS[*]}" -for f in ${MD_RENEWED_RENEWED_TARGET}/*; do - if [[ ! -f $f ]]; then - continue - fi - - DOMAIN=$(basename $f) - rm -f $f - echo "md-renewed.service Checking domain $DOMAIN" - - for i in ${MYDOMAINS[@]}; do - if [[ $DOMAIN == $i ]]; then - echo "md-renewed.service $DOMAIN is our." - HTTPD_RELOAD=y - fi - done -done - -if [[ $HTTPD_RELOAD == y ]]; then - echo "md-renewed.service Restarting apache." - /usr/bin/systemctl reload httpd -fi - -exit 0 \ No newline at end of file diff --git a/md-renewed-1.4.4.tar.gz b/md-renewed-1.4.4.tar.gz new file mode 100644 index 0000000..78d75a6 Binary files /dev/null and b/md-renewed-1.4.4.tar.gz differ diff --git a/md-renewed-httpd.conf b/md-renewed-httpd.conf deleted file mode 100644 index ddcf6b5..0000000 --- a/md-renewed-httpd.conf +++ /dev/null @@ -1,8 +0,0 @@ -MDMessageCmd /usr/libexec/md-renewed/md-message - - - - SetHandler md-status - Require local - - diff --git a/md-renewed-install b/md-renewed-install deleted file mode 100755 index ffaf175..0000000 --- a/md-renewed-install +++ /dev/null @@ -1,191 +0,0 @@ -#!/bin/bash - -MOD_MD_DIR=/var/lib/httpd/md -MD_RENEWED_DIR=/var/lib/httpd/md-renewed - -if [[ -f /etc/md-renewed/md-renewed.conf ]]; then - . /etc/md-renewed/md-renewed.conf -fi - -MYDOMAINS=$(curl -s http://127.0.0.1/md-renewed-status | tail -n +1 | jq -r '."managed-domains"[].name' 2>/dev/null) - -function set_permissions -{ - local FILE="$1" - local OWNER="$2" - local GROUP="$3" - local MODE="$4" - - if [[ -z $OWNER ]]; then - chown root $FILE - else - chown $OWNER $FILE - fi - - if [[ -z $GROUP ]]; then - chgrp root $FILE - else - chgrp $GROUP $FILE - fi - - if [[ -z $MODE ]]; then - chmod 0600 $FILE - else - chmod $MODE $FILE - fi -} - -function run_copy -{ - local DOMAIN="$1" - local CONFIG="$2" - - CERT_OWNER="root" - CERT_GROUP="root" - CERT_MODE="0700" - CERT_FILE="" - KEY_OWNER="root" - KEY_GROUP="root" - KEY_MODE="0700" - KEY_FILE="" - SERVICE="" - ACRION="restart" - - . $CONFIG - - [[ -z $CERT_FILE ]] && exit 0; - - TEMP_CERT_FILE=$(mktemp) - - if [[ ! -z $KEY_FILE ]]; then - TEMP_KEY_FILE=$(mktemp) - fi - - OLD_UMASK=$(umask) - umask 0077 - DO_ACTION=n - - if [[ ! -z $KEY_FILE && $KEY_FILE != $CERT_FILE ]]; then - cat ${MOD_MD_DIR}/domains/$DOMAIN/pubcert.pem > $TEMP_CERT_FILE - cat ${MOD_MD_DIR}/domains/$DOMAIN/privkey.pem > $TEMP_KEY_FILE - - if [[ $(md5sum $TEMP_CERT_FILE) != $(md5sum $CERT_FILE) ]]; then - cp -f $TEMP_CERT_FILE $CERT_FILE - set_permissions "$CERT_FILE" "$CERT_OWNER" "$CERT_GROUP" "$CERT_MODE" - DO_ACTION=y - fi - rm -f $TEMP_CERT_FILE - - if [[ $(md5sum $TEMP_KEY_FILE) != $(md5sum $KEY_FILE) ]]; then - cp -f $TEMP_KEY_FILE $KEY_FILE - set_permissions "$KEY_FILE" "$KEY_OWNER" "$KEY_GROUP" "$KEY_MODE" - DO_ACTION=y - fi - rm -f $TEMP_KEY_FILE - else - cat ${MOD_MD_DIR}/domains/$DOMAIN/pubcert.pem > $TEMP_CERT_FILE - cat ${MOD_MD_DIR}/domains/$DOMAIN/privkey.pem >> $TEMP_CERT_FILE - - if [[ $(md5sum $TEMP_CERT_FILE) != $(md5sum $CERT_FILE) ]]; then - cp -f $TEMP_CERT_FILE $CERT_FILE - set_permissions "$CERT_FILE" "$CERT_OWNER" "$CERT_GROUP" "$CERT_MODE" - DO_ACTION=y - fi - rm -f $TEMP_CERT_FILE - fi - umask $OLD_UMASK - - if [[ $DO_ACTION == y && ! -z $SERVICE ]]; then - ACTION=${ACTION:-restart} - /usr/bin/systemctl $ACTION $SERVICE > /dev/null 2>&1 - fi -} - -function run_service -{ - local DOMAIN="$1" - local CONFIG="$2" - SERVICE="" - ACTION="" - - . $CONFIG - - [[ -z $SERVICE ]] && exit 0; - - ACTION=${ACTION:-restart} - - /usr/bin/systemctl $ACTION $SERVICE > /dev/null 2>&1 -} - -function domain_renew -{ - local DOMAIN="$1" - for scr in /etc/md-renewed/$DOMAIN/*.cert; do - run_copy "$1" "$scr" - done - for scr in /etc/md-renewed/$DOMAIN/*.service; do - run_service "$1" "$scr" - done - for scr in /etc/md-renewed/$DOMAIN/*.sh; do - $scr "$1" - done -} - -if [ -z $MD_RENEWED_HOST_DIR ]; then - MD_RENEWED_INSTALLING_TARGET=${MD_RENEWED_DIR}/installing - MD_RENEWED_INSTALLED_TARGET=${MD_RENEWED_DIR}/installed -else - MD_RENEWED_INSTALLING_TARGET=${MD_RENEWED_DIR}/installing/${MD_RENEWED_HOST_DIR} - MD_RENEWED_INSTALLED_TARGET=${MD_RENEWED_DIR}/installed/${MD_RENEWED_HOST_DIR} -fi - -if [[ ! -d $MD_RENEWED_INSTALLING_TARGET ]]; then - mkdir -p $MD_RENEWED_INSTALLING_TARGET - chown ${MD_USER}.${MD_GROUP} $MD_RENEWED_INSTALLING_TARGET -fi - -if [[ ! -d $MD_RENEWED_INSTALLED_TARGET ]]; then - mkdir -p $MD_RENEWED_INSTALLED_TARGET - chown ${MD_USER}.${MD_GROUP} $MD_RENEWED_INSTALLED_TARGET -fi - -echo "md-renewed-install.service Looking for our domains: ${MYDOMAINS[*]}" -for f in ${MD_RENEWED_INSTALLING_TARGET}/*; do - if [[ ! -f $f ]]; then - continue - fi - - DOMAIN=$(basename $f) - rm -f $f - echo "md-renewed-install.service Checking domain $DOMAIN" - - echo "md-renewed-install.service Installing domain $DOMAIN" - touch $MD_RENEWED_INSTALLED_TARGET/$DOMAIN - - if [[ -d /etc/md-renewed/$DOMAIN ]]; then - domain_renew "$DOMAIN" - fi -done - -if [[ $1 == "force" ]]; then - echo "md-renewed-install.service Looking for our already installed domains: ${MYDOMAINS[*]}" - for f in ${MOD_MD_DIR}/domains/*; do - if [[ ! -d $f ]]; then - continue - fi - - DOMAIN=$(basename $f) - - echo "md-renewed-install.service Checking already installed domain $DOMAIN" - - if [[ ! -f $MD_RENEWED_INSTALLED_TARGET/$DOMAIN ]]; then - touch $MD_RENEWED_INSTALLED_TARGET/$DOMAIN - fi - - if [[ -d /etc/md-renewed/$DOMAIN ]]; then - domain_renew "$DOMAIN" - fi - done -fi - -exit 0 \ No newline at end of file diff --git a/md-renewed-install.service b/md-renewed-install.service deleted file mode 100644 index 4df894c..0000000 --- a/md-renewed-install.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=The Apache HTTP Server reloader -After=network.target -Wants=md-renewed-install.timer - -[Service] -Type=oneshot -EnvironmentFile=/etc/md-renewed/md-renewed.conf -ExecStart=/usr/libexec/md-renewed/md-renewed-install - -[Install] -WantedBy=multi-user.target diff --git a/md-renewed-install.timer b/md-renewed-install.timer deleted file mode 100644 index 3d94399..0000000 --- a/md-renewed-install.timer +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -BindsTo=httpd.service -After=httpd.service - -[Timer] -Unit=md-renewed-install.service -OnUnitActiveSec=5min - -[Install] -WantedBy=timers.target - diff --git a/md-renewed.conf b/md-renewed.conf deleted file mode 100644 index 6c1acae..0000000 --- a/md-renewed.conf +++ /dev/null @@ -1,7 +0,0 @@ -MOD_MD_DIR=/var/lib/httpd/md -MD_RENEWED_DIR=/var/lib/httpd/md-renewed -MD_RENEWED_HOST_DIR= -MD_USER=apache -MD_GROUP=apache - - diff --git a/md-renewed.path b/md-renewed.path deleted file mode 100644 index 25f9208..0000000 --- a/md-renewed.path +++ /dev/null @@ -1,13 +0,0 @@ -[Path] -PathExistsGlob=/var/lib/httpd/md-renewed/renewed/* -Unit=md-renewed.service -MakeDirectory=true -DirectoryMode=0777 - -[Unit] -BindsTo=httpd.service -After=httpd.service - -[Install] -WantedBy=multi-user.target - diff --git a/md-renewed.service b/md-renewed.service deleted file mode 100644 index 080674e..0000000 --- a/md-renewed.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=The Apache HTTP Server reloader -After=network.target - -[Service] -Type=oneshot -EnvironmentFile=/etc/md-renewed/md-renewed.conf -ExecStart=/usr/libexec/md-renewed/md-renewed - -[Install] -WantedBy=multi-user.target diff --git a/md-renewed.spec b/md-renewed.spec index 56d8c03..ef4de1a 100644 --- a/md-renewed.spec +++ b/md-renewed.spec @@ -1,5 +1,5 @@ Name: md-renewed -Version: 1.4.3 +Version: 1.4.4 Release: 1%{?dist} Summary: Restart service on Apache module mod_md certificate renewal License: MIT @@ -7,23 +7,9 @@ Group: System Environment/Base URL: http://netst.org/pub/fedora/st/ BuildArch: noarch -Source0: md-renewed -Source1: md-message +Source0: md-renewed-%{version}.tar.gz -Source2: md-renewed.path -Source3: md-renewed.service -Source4: md-renewed.timer - -Source5: md-renewed-install -Source6: md-renewed-install.timer -Source7: md-renewed-install.service - -Source10: md-renewed-httpd.conf -Source11: md-renewed.conf - -Source20: example.service -Source21: example.cert -Source22: example.sh +BuildRequires: cmake Requires: httpd Requires: mod_md @@ -34,40 +20,18 @@ BuildRequires: systemd-rpm-macros %description Restart service on Apache module mod_md certificate renewal +%prep +%autosetup + +%build + +%cmake +%cmake_build + %install %{__rm} -rf %{buildroot} +%cmake_install -%{__install} -d -m 0755 %{buildroot}%{_libexecdir}/md-renewed -%{__install} -m 0755 %{SOURCE0} %{buildroot}%{_libexecdir}/md-renewed/md-renewed -%{__install} -m 0755 %{SOURCE1} %{buildroot}%{_libexecdir}/md-renewed/md-message -%{__install} -m 0755 %{SOURCE5} %{buildroot}%{_libexecdir}/md-renewed/md-renewed-install - -%{__install} -d -m 0755 %{buildroot}%{_unitdir} -%{__install} -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/ -%{__install} -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/ -%{__install} -m 0644 %{SOURCE4} %{buildroot}%{_unitdir}/ -%{__install} -m 0644 %{SOURCE6} %{buildroot}%{_unitdir}/ -%{__install} -m 0644 %{SOURCE7} %{buildroot}%{_unitdir}/ - -%{__install} -d -m 0755 %{buildroot}%{_sysconfdir}/httpd/conf.d -%{__install} -m 0644 %{SOURCE10} %{buildroot}%{_sysconfdir}/httpd/conf.d/md-renewed.conf - -%{__install} -d -m 0755 %{buildroot}%{_sysconfdir}/md-renewed -%{__install} -m 0644 %{SOURCE11} %{buildroot}%{_sysconfdir}/md-renewed/ - -%{__install} -d -m 0755 %{buildroot}%{_sysconfdir}/md-renewed/example.com -%{__install} -m 0644 %{SOURCE20} %{buildroot}%{_sysconfdir}/md-renewed/example.com/ -%{__install} -m 0644 %{SOURCE21} %{buildroot}%{_sysconfdir}/md-renewed/example.com/ -%{__install} -m 0755 %{SOURCE22} %{buildroot}%{_sysconfdir}/md-renewed/example.com/ - -%{__install} -d -m 0775 %{buildroot}%{_sharedstatedir}/httpd/md-renewed/ -%{__install} -d -m 0775 %{buildroot}%{_sharedstatedir}/httpd/md-renewed/errored -%{__install} -d -m 0775 %{buildroot}%{_sharedstatedir}/httpd/md-renewed/installed -%{__install} -d -m 0775 %{buildroot}%{_sharedstatedir}/httpd/md-renewed/installing -%{__install} -d -m 0775 %{buildroot}%{_sharedstatedir}/httpd/md-renewed/renewed -%{__install} -d -m 0775 %{buildroot}%{_sharedstatedir}/httpd/md-renewed/renewing -%{__install} -d -m 0775 %{buildroot}%{_sharedstatedir}/httpd/md-renewed/ocsp-renewed -%{__install} -d -m 0775 %{buildroot}%{_sharedstatedir}/httpd/md-renewed/ocsp-errored %post %systemd_post md-renewed.path diff --git a/md-renewed.timer b/md-renewed.timer deleted file mode 100644 index 7f79cc4..0000000 --- a/md-renewed.timer +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -BindsTo=httpd.service -After=httpd.service - -[Timer] -Unit=md-renewed.service -OnUnitActiveSec=5min - -[Install] -WantedBy=timers.target -