v1.4.4 - Move source to archive and use cmake

2022-05-19 00:42:08 +02:00
parent e82685fc21
commit 9eb48bfa97
15 changed files with 12 additions and 475 deletions
--- a/example.cert
+++ b/example.cert
@@ -1,20 +0,0 @@
 #
 # CERT_FILE     - Destination of cert file
 # KEY_FILE      - Destination of key file. If empty appended to CERT_FILE
 # *_OWNER       - Owner (default: root)
 # *_GROUP       - Group (default: root)
 # *_MODE        - Mode (default: 0600)
 #
 CERT_FILE=/etc/pki/tls/certs/example.com.pem
 CERT_OWNER=root
 CERT_GROUP=root
 CERT_MODE=0644
 KEY_FILE=/etc/pki/tls/private/example.com.pem
 KEY_OWNER=root
 KEY_GROUP=root
 KEY_MODE=0600
 SERVICE=someservice
 ACTION=reload
--- a/example.service
+++ b/example.service
@@ -1,5 +0,0 @@
 # systemd service
 SERVICE=someservice
 # ACTION defaults to restart
 ACTION=reload
--- a/example.sh
+++ b/example.sh
@@ -1,5 +0,0 @@
 #!/bin/bash
 DOMAIN=$1
 echo "$DOMAIN certificate renewed!"
--- a/76
+++ b/76
@@ -1,76 +0,0 @@
 #!/bin/bash
 MOD_MD_DIR=/var/lib/httpd/md
 MD_RENEWED_DIR=/var/lib/httpd/md-renewed
 if [[ -f /etc/md-renewed/md-renewed.conf ]]; then
    . /etc/md-renewed/md-renewed.conf
 fi
 MSG="$1"
 DOMAIN="$2"
 mkdir -p $MD_RENEWED_DIR
 mkdir -p $MD_RENEWED_DIR/{errored,expiring,installed,installing,renewing,renewed,ocsp-renewed,oscp-errored}
 if [[ ! -z $MD_RENEWED_HOST_DIR ]]; then
    mkdir -p $MD_RENEWED_DIR/{installed/$MD_RENEWED_HOST_DIR,installing/$MD_RENEWED_HOST_DIR,renewed/$MD_RENEWED_HOST_DIR}
 fi
 case $1 in
    renewing)
      if [[ -f $MD_RENEWED_DIR/renewing/$DOMAIN ]]; then
        exit 1
      fi
      echo $(date) $(hostname) > $MD_RENEWED_DIR/renewing/$DOMAIN
      ;;
    renewed)
      if [[ -f $MD_RENEWED_DIR/renewing/$DOMAIN ]]; then
        rm -f $MD_RENEWED_DIR/renewing/$DOMAIN
      fi
      if [[ -z $MD_RENEWED_HOST_DIR ]]; then
        echo $(date) $(hostname) > $MD_RENEWED_DIR/renewed/$DOMAIN
        rm -f $MD_RENEWED_DIR/installed/$DOMAIN
      else
        for f in $MD_RENEWED_DIR/renewed/*/; do
          if [[ ! -d "$f" ]]; then
            continue
          fi
          echo $(date) $(hostname) > ${f}${DOMAIN}
        done
        for f in $MD_RENEWED_DIR/installed/*/; do
          if [[ ! -d "$f" ]]; then
            continue
          fi
              rm -f ${f}${DOMAIN}
        done
      fi
      ;;
    installed)
      if [[ -z $MD_RENEWED_HOST_DIR ]]; then
        echo $(date) $(hostname) > $MD_RENEWED_DIR/installing/$DOMAIN
      else
        for f in $MD_RENEWED_DIR/installing/*/; do
          if [[ ! -d "$f" ]]; then
            continue
          fi
          echo $(date) $(hostname) > ${f}${DOMAIN}
        done
      fi
      ;;
    expiring)
      echo $(date) $(hostname) > $MD_RENEWED_DIR/expiring/$DOMAIN
      ;;
    errored)
      rm -f $MD_RENEWED_DIR/renewing/$DOMAIN
      echo $(date) $(hostname) > $MD_RENEWED_DIR/errored/$DOMAIN
      ;;
    ocsp-renewed)
      echo $(date) $(hostname) > $MD_RENEWED_DIR/ocsp-renewed/$DOMAIN
      ;;
    ocsp-errored)
      echo $(date) $(hostname) > $MD_RENEWED_DIR/ocsp-errored/$DOMAIN
      ;;
 esac
 exit 0
--- a/57
+++ b/57
@@ -1,57 +0,0 @@
 #!/bin/bash
 MOD_MD_DIR=/var/lib/httpd/md
 MD_RENEWED_DIR=/var/lib/httpd/md-renewed
 if [[ -f /etc/md-renewed/md-renewed.conf ]]; then
    . /etc/md-renewed/md-renewed.conf
 fi
 MYDOMAINS=$(curl -s http://127.0.0.1/md-renewed-status | tail -n +1 | jq -r '."managed-domains"[].name' 2>/dev/null)
 HTTP_RELOAD=n
 if [ -z $MD_RENEWED_HOST_DIR ]; then
  MD_RENEWED_RENEWED_TARGET=${MD_RENEWED_DIR}/renewed
  MD_RENEWED_INSTALLING_TARGET=${MD_RENEWED_DIR}/installing
  MD_RENEWED_INSTALLED_TARGET=${MD_RENEWED_DIR}/installed
 else
  MD_RENEWED_RENEWED_TARGET=${MD_RENEWED_DIR}/renewed/${MD_RENEWED_HOST_DIR}
  MD_RENEWED_INSTALLING_TARGET=${MD_RENEWED_DIR}/installing/${MD_RENEWED_HOST_DIR}
  MD_RENEWED_INSTALLED_TARGET=${MD_RENEWED_DIR}/installed/${MD_RENEWED_HOST_DIR}
 fi
 if [[ ! -d $MD_RENEWED_INSTALLING_TARGET ]]; then
  mkdir -p $MD_RENEWED_INSTALLING_TARGET
  chown ${MD_USER}.${MD_GROUP} $MD_RENEWED_INSTALLING_TARGET
 fi
 if [[ ! -d $MD_RENEWED_INSTALLED_TARGET ]]; then
  mkdir -p $MD_RENEWED_INSTALLED_TARGET
  chown ${MD_USER}.${MD_GROUP} $MD_RENEWED_INSTALLED_TARGET
 fi
 echo "md-renewed.service Looking for our domains: ${MYDOMAINS[*]}"
 for f in ${MD_RENEWED_RENEWED_TARGET}/*; do
  if [[ ! -f $f ]]; then
    continue
  fi
  DOMAIN=$(basename $f)
  rm -f $f
  echo "md-renewed.service Checking domain $DOMAIN"
  for i in ${MYDOMAINS[@]}; do
    if [[ $DOMAIN == $i ]]; then
      echo "md-renewed.service $DOMAIN is our."
      HTTPD_RELOAD=y
    fi
  done
 done
 if [[ $HTTPD_RELOAD == y ]]; then
  echo "md-renewed.service Restarting apache."
  /usr/bin/systemctl reload httpd
 fi
 exit 0
--- a/md-renewed-1.4.4.tar.gz
+++ b/md-renewed-1.4.4.tar.gz
--- a/md-renewed-httpd.conf
+++ b/md-renewed-httpd.conf
@@ -1,8 +0,0 @@
 MDMessageCmd /usr/libexec/md-renewed/md-message
 <Location "/md-renewed-status">
  <If "%{HTTP_HOST} == '127.0.0.1'">
    SetHandler md-status
    Require local
  </If>
 </Location>
--- a/191
+++ b/191
@@ -1,191 +0,0 @@
 #!/bin/bash
 MOD_MD_DIR=/var/lib/httpd/md
 MD_RENEWED_DIR=/var/lib/httpd/md-renewed
 if [[ -f /etc/md-renewed/md-renewed.conf ]]; then
    . /etc/md-renewed/md-renewed.conf
 fi
 MYDOMAINS=$(curl -s http://127.0.0.1/md-renewed-status | tail -n +1 | jq -r '."managed-domains"[].name' 2>/dev/null)
 function set_permissions
 {
  local FILE="$1"
  local OWNER="$2"
  local GROUP="$3"
  local MODE="$4"
  if [[ -z $OWNER ]]; then
    chown root $FILE
  else
    chown $OWNER $FILE
  fi
  if [[ -z $GROUP ]]; then
    chgrp root $FILE
  else
    chgrp $GROUP $FILE
  fi
  if [[ -z $MODE ]]; then
    chmod 0600 $FILE
  else
    chmod $MODE $FILE
  fi
 }
 function run_copy
 {
  local DOMAIN="$1"
  local CONFIG="$2"
  CERT_OWNER="root"
  CERT_GROUP="root"
  CERT_MODE="0700"
  CERT_FILE=""
  KEY_OWNER="root"
  KEY_GROUP="root"
  KEY_MODE="0700"
  KEY_FILE=""
  SERVICE=""
  ACRION="restart"
  . $CONFIG
  [[ -z $CERT_FILE ]] && exit 0;
  TEMP_CERT_FILE=$(mktemp)
  if [[ ! -z $KEY_FILE ]]; then
    TEMP_KEY_FILE=$(mktemp)
  fi
  OLD_UMASK=$(umask)
  umask 0077
  DO_ACTION=n
  if [[ ! -z $KEY_FILE && $KEY_FILE != $CERT_FILE ]]; then
    cat ${MOD_MD_DIR}/domains/$DOMAIN/pubcert.pem > $TEMP_CERT_FILE
    cat ${MOD_MD_DIR}/domains/$DOMAIN/privkey.pem > $TEMP_KEY_FILE
    if [[ $(md5sum $TEMP_CERT_FILE) != $(md5sum $CERT_FILE) ]]; then
      cp -f $TEMP_CERT_FILE $CERT_FILE
      set_permissions "$CERT_FILE" "$CERT_OWNER" "$CERT_GROUP" "$CERT_MODE"
      DO_ACTION=y
    fi
    rm -f $TEMP_CERT_FILE
    if [[ $(md5sum $TEMP_KEY_FILE) != $(md5sum $KEY_FILE) ]]; then
      cp -f $TEMP_KEY_FILE $KEY_FILE
      set_permissions "$KEY_FILE" "$KEY_OWNER" "$KEY_GROUP" "$KEY_MODE"
      DO_ACTION=y
    fi
    rm -f $TEMP_KEY_FILE
  else
    cat ${MOD_MD_DIR}/domains/$DOMAIN/pubcert.pem > $TEMP_CERT_FILE
    cat ${MOD_MD_DIR}/domains/$DOMAIN/privkey.pem >> $TEMP_CERT_FILE
    if [[ $(md5sum $TEMP_CERT_FILE) != $(md5sum $CERT_FILE) ]]; then
      cp -f $TEMP_CERT_FILE $CERT_FILE
      set_permissions "$CERT_FILE" "$CERT_OWNER" "$CERT_GROUP" "$CERT_MODE"
      DO_ACTION=y
    fi
    rm -f $TEMP_CERT_FILE
  fi
  umask $OLD_UMASK
  if [[ $DO_ACTION == y && ! -z $SERVICE ]]; then
    ACTION=${ACTION:-restart}
    /usr/bin/systemctl $ACTION $SERVICE > /dev/null 2>&1
  fi
 }
 function run_service
 {
  local DOMAIN="$1"
  local CONFIG="$2"
  SERVICE=""
  ACTION=""
  . $CONFIG
  [[ -z $SERVICE ]] && exit 0;
  ACTION=${ACTION:-restart}
  /usr/bin/systemctl $ACTION $SERVICE > /dev/null 2>&1
 }
 function domain_renew
 {
  local DOMAIN="$1"
  for scr in /etc/md-renewed/$DOMAIN/*.cert; do
    run_copy "$1" "$scr"
  done
  for scr in /etc/md-renewed/$DOMAIN/*.service; do
    run_service "$1" "$scr"
  done
  for scr in /etc/md-renewed/$DOMAIN/*.sh; do
    $scr "$1"
  done
 }
 if [ -z $MD_RENEWED_HOST_DIR ]; then
  MD_RENEWED_INSTALLING_TARGET=${MD_RENEWED_DIR}/installing
  MD_RENEWED_INSTALLED_TARGET=${MD_RENEWED_DIR}/installed
 else
  MD_RENEWED_INSTALLING_TARGET=${MD_RENEWED_DIR}/installing/${MD_RENEWED_HOST_DIR}
  MD_RENEWED_INSTALLED_TARGET=${MD_RENEWED_DIR}/installed/${MD_RENEWED_HOST_DIR}
 fi
 if [[ ! -d $MD_RENEWED_INSTALLING_TARGET ]]; then
  mkdir -p $MD_RENEWED_INSTALLING_TARGET
  chown ${MD_USER}.${MD_GROUP} $MD_RENEWED_INSTALLING_TARGET
 fi
 if [[ ! -d $MD_RENEWED_INSTALLED_TARGET ]]; then
  mkdir -p $MD_RENEWED_INSTALLED_TARGET
  chown ${MD_USER}.${MD_GROUP} $MD_RENEWED_INSTALLED_TARGET
 fi
 echo "md-renewed-install.service Looking for our domains: ${MYDOMAINS[*]}"
 for f in ${MD_RENEWED_INSTALLING_TARGET}/*; do
  if [[ ! -f $f ]]; then
    continue
  fi
  DOMAIN=$(basename $f)
  rm -f $f
  echo "md-renewed-install.service Checking domain $DOMAIN"
  echo "md-renewed-install.service Installing domain $DOMAIN"
  touch $MD_RENEWED_INSTALLED_TARGET/$DOMAIN
  if [[ -d /etc/md-renewed/$DOMAIN ]]; then
    domain_renew "$DOMAIN"
  fi
 done
 if [[ $1 == "force" ]]; then
  echo "md-renewed-install.service Looking for our already installed domains: ${MYDOMAINS[*]}"
  for f in ${MOD_MD_DIR}/domains/*; do
    if [[ ! -d $f ]]; then
      continue
    fi
    DOMAIN=$(basename $f)
    echo "md-renewed-install.service Checking already installed domain $DOMAIN"
    if [[ ! -f $MD_RENEWED_INSTALLED_TARGET/$DOMAIN ]]; then
      touch $MD_RENEWED_INSTALLED_TARGET/$DOMAIN
    fi
    if [[ -d /etc/md-renewed/$DOMAIN ]]; then
      domain_renew "$DOMAIN"
    fi
  done
 fi
 exit 0
--- a/md-renewed-install.service
+++ b/md-renewed-install.service
@@ -1,12 +0,0 @@
 [Unit]
 Description=The Apache HTTP Server reloader
 After=network.target
 Wants=md-renewed-install.timer
 [Service]
 Type=oneshot
 EnvironmentFile=/etc/md-renewed/md-renewed.conf
 ExecStart=/usr/libexec/md-renewed/md-renewed-install
 [Install]
 WantedBy=multi-user.target
--- a/md-renewed-install.timer
+++ b/md-renewed-install.timer
@@ -1,11 +0,0 @@
 [Unit]
 BindsTo=httpd.service
 After=httpd.service
 [Timer]
 Unit=md-renewed-install.service
 OnUnitActiveSec=5min
 [Install]
 WantedBy=timers.target
--- a/md-renewed.conf
+++ b/md-renewed.conf
@@ -1,7 +0,0 @@
 MOD_MD_DIR=/var/lib/httpd/md
 MD_RENEWED_DIR=/var/lib/httpd/md-renewed
 MD_RENEWED_HOST_DIR=
 MD_USER=apache
 MD_GROUP=apache
--- a/md-renewed.path
+++ b/md-renewed.path
@@ -1,13 +0,0 @@
 [Path]
 PathExistsGlob=/var/lib/httpd/md-renewed/renewed/*
 Unit=md-renewed.service
 MakeDirectory=true
 DirectoryMode=0777
 [Unit]
 BindsTo=httpd.service
 After=httpd.service
 [Install]
 WantedBy=multi-user.target
--- a/md-renewed.service
+++ b/md-renewed.service
@@ -1,11 +0,0 @@
 [Unit]
 Description=The Apache HTTP Server reloader
 After=network.target
 [Service]
 Type=oneshot
 EnvironmentFile=/etc/md-renewed/md-renewed.conf
 ExecStart=/usr/libexec/md-renewed/md-renewed
 [Install]
 WantedBy=multi-user.target
--- a/md-renewed.spec
+++ b/md-renewed.spec
@@ -1,5 +1,5 @@
 Name:           md-renewed
-Version:        1.4.3
+Version:        1.4.4
 Release:        1%{?dist}
 Summary:        Restart service on Apache module mod_md certificate renewal
 License:        MIT
@@ -7,23 +7,9 @@ Group:          System Environment/Base
 URL:            http://netst.org/pub/fedora/st/
 BuildArch:      noarch
-Source0:        md-renewed
+Source0:        md-renewed-%{version}.tar.gz
 Source1:        md-message
-Source2:        md-renewed.path
+BuildRequires:  cmake
 Source3:        md-renewed.service
 Source4:        md-renewed.timer
 Source5:        md-renewed-install
 Source6:        md-renewed-install.timer
 Source7:        md-renewed-install.service
 Source10:       md-renewed-httpd.conf
 Source11:       md-renewed.conf
 Source20:       example.service
 Source21:       example.cert
 Source22:       example.sh
 Requires:       httpd
 Requires:       mod_md
@@ -34,40 +20,18 @@ BuildRequires:      systemd-rpm-macros
 %description
 Restart service on Apache module mod_md certificate renewal
 %prep
 %autosetup
 %build
 %cmake
 %cmake_build
 %install
 %{__rm} -rf %{buildroot}
 %cmake_install
 %{__install} -d -m 0755 %{buildroot}%{_libexecdir}/md-renewed
 %{__install} -m 0755 %{SOURCE0} %{buildroot}%{_libexecdir}/md-renewed/md-renewed
 %{__install} -m 0755 %{SOURCE1} %{buildroot}%{_libexecdir}/md-renewed/md-message
 %{__install} -m 0755 %{SOURCE5} %{buildroot}%{_libexecdir}/md-renewed/md-renewed-install
 %{__install} -d -m 0755 %{buildroot}%{_unitdir}
 %{__install} -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/
 %{__install} -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/
 %{__install} -m 0644 %{SOURCE4} %{buildroot}%{_unitdir}/
 %{__install} -m 0644 %{SOURCE6} %{buildroot}%{_unitdir}/
 %{__install} -m 0644 %{SOURCE7} %{buildroot}%{_unitdir}/
 %{__install} -d -m 0755 %{buildroot}%{_sysconfdir}/httpd/conf.d
 %{__install} -m 0644 %{SOURCE10} %{buildroot}%{_sysconfdir}/httpd/conf.d/md-renewed.conf
 %{__install} -d -m 0755 %{buildroot}%{_sysconfdir}/md-renewed
 %{__install} -m 0644 %{SOURCE11} %{buildroot}%{_sysconfdir}/md-renewed/
 %{__install} -d -m 0755 %{buildroot}%{_sysconfdir}/md-renewed/example.com
 %{__install} -m 0644 %{SOURCE20} %{buildroot}%{_sysconfdir}/md-renewed/example.com/
 %{__install} -m 0644 %{SOURCE21} %{buildroot}%{_sysconfdir}/md-renewed/example.com/
 %{__install} -m 0755 %{SOURCE22} %{buildroot}%{_sysconfdir}/md-renewed/example.com/
 %{__install} -d -m 0775 %{buildroot}%{_sharedstatedir}/httpd/md-renewed/
 %{__install} -d -m 0775 %{buildroot}%{_sharedstatedir}/httpd/md-renewed/errored
 %{__install} -d -m 0775 %{buildroot}%{_sharedstatedir}/httpd/md-renewed/installed
 %{__install} -d -m 0775 %{buildroot}%{_sharedstatedir}/httpd/md-renewed/installing
 %{__install} -d -m 0775 %{buildroot}%{_sharedstatedir}/httpd/md-renewed/renewed
 %{__install} -d -m 0775 %{buildroot}%{_sharedstatedir}/httpd/md-renewed/renewing
 %{__install} -d -m 0775 %{buildroot}%{_sharedstatedir}/httpd/md-renewed/ocsp-renewed
 %{__install} -d -m 0775 %{buildroot}%{_sharedstatedir}/httpd/md-renewed/ocsp-errored
 %post
 %systemd_post md-renewed.path
--- a/md-renewed.timer
+++ b/md-renewed.timer
@@ -1,11 +0,0 @@
 [Unit]
 BindsTo=httpd.service
 After=httpd.service
 [Timer]
 Unit=md-renewed.service
 OnUnitActiveSec=5min
 [Install]
 WantedBy=timers.target