v2.0.0

v1.5.0
v1.4.9
2024-05-25 00:04:23 +02:00 · 2023-01-30 20:39:57 +01:00 · 2022-12-09 14:57:52 +01:00 · 2022-05-19 00:42:08 +02:00
15 changed files with 28 additions and 476 deletions
--- a/example.cert
+++ b/example.cert
@@ -1,20 +0,0 @@
-#
-# CERT_FILE     - Destination of cert file
-# KEY_FILE      - Destination of key file. If empty appended to CERT_FILE
-# *_OWNER       - Owner (default: root)
-# *_GROUP       - Group (default: root)
-# *_MODE        - Mode (default: 0600)
-#
-
-CERT_FILE=/etc/pki/tls/certs/example.com.pem
-CERT_OWNER=root
-CERT_GROUP=root
-CERT_MODE=0644
-
-KEY_FILE=/etc/pki/tls/private/example.com.pem
-KEY_OWNER=root
-KEY_GROUP=root
-KEY_MODE=0600
-
-SERVICE=someservice
-ACTION=reload
--- a/example.service
+++ b/example.service
@@ -1,5 +0,0 @@
-# systemd service
-SERVICE=someservice
-
-# ACTION defaults to restart
-ACTION=reload
--- a/example.sh
+++ b/example.sh
@@ -1,5 +0,0 @@
-#!/bin/bash
-
-DOMAIN=$1
-
-echo "$DOMAIN certificate renewed!"
--- a/76
+++ b/76
@@ -1,76 +0,0 @@
-#!/bin/bash
-
-MOD_MD_DIR=/var/lib/httpd/md
-MD_RENEWED_DIR=/var/lib/httpd/md-renewed
-
-if [[ -f /etc/md-renewed/md-renewed.conf ]]; then
-    . /etc/md-renewed/md-renewed.conf
-fi
-
-MSG="$1"
-DOMAIN="$2"
-
-mkdir -p $MD_RENEWED_DIR
-mkdir -p $MD_RENEWED_DIR/{errored,expiring,installed,installing,renewing,renewed,ocsp-renewed,oscp-errored}
-
-if [[ ! -z $MD_RENEWED_HOST_DIR ]]; then
-    mkdir -p $MD_RENEWED_DIR/{installed/$MD_RENEWED_HOST_DIR,installing/$MD_RENEWED_HOST_DIR,renewed/$MD_RENEWED_HOST_DIR}
-fi
-
-case $1 in
-    renewing)
-      if [[ -f $MD_RENEWED_DIR/renewing/$DOMAIN ]]; then
-        exit 1
-      fi
-      echo $(date) $(hostname) > $MD_RENEWED_DIR/renewing/$DOMAIN
-      ;;
-    renewed)
-      if [[ -f $MD_RENEWED_DIR/renewing/$DOMAIN ]]; then
-        rm -f $MD_RENEWED_DIR/renewing/$DOMAIN
-      fi
-      if [[ -z $MD_RENEWED_HOST_DIR ]]; then
-        echo $(date) $(hostname) > $MD_RENEWED_DIR/renewed/$DOMAIN
-        rm -f $MD_RENEWED_DIR/installed/$DOMAIN
-      else
-        for f in $MD_RENEWED_DIR/renewed/*/; do
-          if [[ ! -d "$f" ]]; then
-            continue
-          fi
-          echo $(date) $(hostname) > ${f}${DOMAIN}
-        done
-        for f in $MD_RENEWED_DIR/installed/*/; do
-          if [[ ! -d "$f" ]]; then
-            continue
-          fi
-              rm -f ${f}${DOMAIN}
-        done
-      fi
-      ;;
-    installed)
-      if [[ -z $MD_RENEWED_HOST_DIR ]]; then
-        echo $(date) $(hostname) > $MD_RENEWED_DIR/installing/$DOMAIN
-      else
-        for f in $MD_RENEWED_DIR/installing/*/; do
-          if [[ ! -d "$f" ]]; then
-            continue
-          fi
-          echo $(date) $(hostname) > ${f}${DOMAIN}
-        done
-      fi
-      ;;
-    expiring)
-      echo $(date) $(hostname) > $MD_RENEWED_DIR/expiring/$DOMAIN
-      ;;
-    errored)
-      rm -f $MD_RENEWED_DIR/renewing/$DOMAIN
-      echo $(date) $(hostname) > $MD_RENEWED_DIR/errored/$DOMAIN
-      ;;
-    ocsp-renewed)
-      echo $(date) $(hostname) > $MD_RENEWED_DIR/ocsp-renewed/$DOMAIN
-      ;;
-    ocsp-errored)
-      echo $(date) $(hostname) > $MD_RENEWED_DIR/ocsp-errored/$DOMAIN
-      ;;
-esac
-
-exit 0
--- a/57
+++ b/57
@@ -1,57 +0,0 @@
-#!/bin/bash
-
-MOD_MD_DIR=/var/lib/httpd/md
-MD_RENEWED_DIR=/var/lib/httpd/md-renewed
-
-if [[ -f /etc/md-renewed/md-renewed.conf ]]; then
-    . /etc/md-renewed/md-renewed.conf
-fi
-
-MYDOMAINS=$(curl -s http://127.0.0.1/md-renewed-status | tail -n +1 | jq -r '."managed-domains"[].name' 2>/dev/null)
-
-HTTP_RELOAD=n
-
-if [ -z $MD_RENEWED_HOST_DIR ]; then
-  MD_RENEWED_RENEWED_TARGET=${MD_RENEWED_DIR}/renewed
-  MD_RENEWED_INSTALLING_TARGET=${MD_RENEWED_DIR}/installing
-  MD_RENEWED_INSTALLED_TARGET=${MD_RENEWED_DIR}/installed
-else
-  MD_RENEWED_RENEWED_TARGET=${MD_RENEWED_DIR}/renewed/${MD_RENEWED_HOST_DIR}
-  MD_RENEWED_INSTALLING_TARGET=${MD_RENEWED_DIR}/installing/${MD_RENEWED_HOST_DIR}
-  MD_RENEWED_INSTALLED_TARGET=${MD_RENEWED_DIR}/installed/${MD_RENEWED_HOST_DIR}
-fi
-
-if [[ ! -d $MD_RENEWED_INSTALLING_TARGET ]]; then
-  mkdir -p $MD_RENEWED_INSTALLING_TARGET
-  chown ${MD_USER}.${MD_GROUP} $MD_RENEWED_INSTALLING_TARGET
-fi
-
-if [[ ! -d $MD_RENEWED_INSTALLED_TARGET ]]; then
-  mkdir -p $MD_RENEWED_INSTALLED_TARGET
-  chown ${MD_USER}.${MD_GROUP} $MD_RENEWED_INSTALLED_TARGET
-fi
-
-echo "md-renewed.service Looking for our domains: ${MYDOMAINS[*]}"
-for f in ${MD_RENEWED_RENEWED_TARGET}/*; do
-  if [[ ! -f $f ]]; then
-    continue
-  fi
-
-  DOMAIN=$(basename $f)
-  rm -f $f
-  echo "md-renewed.service Checking domain $DOMAIN"
-
-  for i in ${MYDOMAINS[@]}; do
-    if [[ $DOMAIN == $i ]]; then
-      echo "md-renewed.service $DOMAIN is our."
-      HTTPD_RELOAD=y
-    fi
-  done
-done
-
-if [[ $HTTPD_RELOAD == y ]]; then
-  echo "md-renewed.service Restarting apache."
-  /usr/bin/systemctl reload httpd
-fi
-
-exit 0
--- a/md-renewed-2.0.0.tar.gz
+++ b/md-renewed-2.0.0.tar.gz
--- a/md-renewed-httpd.conf
+++ b/md-renewed-httpd.conf
@@ -1,8 +0,0 @@
-MDMessageCmd /usr/libexec/md-renewed/md-message
-
-<Location "/md-renewed-status">
-  <If "%{HTTP_HOST} == '127.0.0.1'">
-    SetHandler md-status
-    Require local
-  </If>
-</Location>
--- a/191
+++ b/191
@@ -1,191 +0,0 @@
-#!/bin/bash
-
-MOD_MD_DIR=/var/lib/httpd/md
-MD_RENEWED_DIR=/var/lib/httpd/md-renewed
-
-if [[ -f /etc/md-renewed/md-renewed.conf ]]; then
-    . /etc/md-renewed/md-renewed.conf
-fi
-
-MYDOMAINS=$(curl -s http://127.0.0.1/md-renewed-status | tail -n +1 | jq -r '."managed-domains"[].name' 2>/dev/null)
-
-function set_permissions
-{
-  local FILE="$1"
-  local OWNER="$2"
-  local GROUP="$3"
-  local MODE="$4"
-
-  if [[ -z $OWNER ]]; then
-    chown root $FILE
-  else
-    chown $OWNER $FILE
-  fi
-
-  if [[ -z $GROUP ]]; then
-    chgrp root $FILE
-  else
-    chgrp $GROUP $FILE
-  fi
-
-  if [[ -z $MODE ]]; then
-    chmod 0600 $FILE
-  else
-    chmod $MODE $FILE
-  fi
-}
-
-function run_copy
-{
-  local DOMAIN="$1"
-  local CONFIG="$2"
-
-  CERT_OWNER="root"
-  CERT_GROUP="root"
-  CERT_MODE="0700"
-  CERT_FILE=""
-  KEY_OWNER="root"
-  KEY_GROUP="root"
-  KEY_MODE="0700"
-  KEY_FILE=""
-  SERVICE=""
-  ACRION="restart"
-
-  . $CONFIG
-
-  [[ -z $CERT_FILE ]] && exit 0;
-
-  TEMP_CERT_FILE=$(mktemp)
-
-  if [[ ! -z $KEY_FILE ]]; then
-    TEMP_KEY_FILE=$(mktemp)
-  fi
-
-  OLD_UMASK=$(umask)
-  umask 0077
-  DO_ACTION=n
-
-  if [[ ! -z $KEY_FILE && $KEY_FILE != $CERT_FILE ]]; then
-    cat ${MOD_MD_DIR}/domains/$DOMAIN/pubcert.pem > $TEMP_CERT_FILE
-    cat ${MOD_MD_DIR}/domains/$DOMAIN/privkey.pem > $TEMP_KEY_FILE
-
-    if [[ $(md5sum $TEMP_CERT_FILE) != $(md5sum $CERT_FILE) ]]; then
-      cp -f $TEMP_CERT_FILE $CERT_FILE
-      set_permissions "$CERT_FILE" "$CERT_OWNER" "$CERT_GROUP" "$CERT_MODE"
-      DO_ACTION=y
-    fi
-    rm -f $TEMP_CERT_FILE
-
-    if [[ $(md5sum $TEMP_KEY_FILE) != $(md5sum $KEY_FILE) ]]; then
-      cp -f $TEMP_KEY_FILE $KEY_FILE
-      set_permissions "$KEY_FILE" "$KEY_OWNER" "$KEY_GROUP" "$KEY_MODE"
-      DO_ACTION=y
-    fi
-    rm -f $TEMP_KEY_FILE
-  else
-    cat ${MOD_MD_DIR}/domains/$DOMAIN/pubcert.pem > $TEMP_CERT_FILE
-    cat ${MOD_MD_DIR}/domains/$DOMAIN/privkey.pem >> $TEMP_CERT_FILE
-
-    if [[ $(md5sum $TEMP_CERT_FILE) != $(md5sum $CERT_FILE) ]]; then
-      cp -f $TEMP_CERT_FILE $CERT_FILE
-      set_permissions "$CERT_FILE" "$CERT_OWNER" "$CERT_GROUP" "$CERT_MODE"
-      DO_ACTION=y
-    fi
-    rm -f $TEMP_CERT_FILE
-  fi
-  umask $OLD_UMASK
-
-  if [[ $DO_ACTION == y && ! -z $SERVICE ]]; then
-    ACTION=${ACTION:-restart}
-    /usr/bin/systemctl $ACTION $SERVICE > /dev/null 2>&1
-  fi
-}
-
-function run_service
-{
-  local DOMAIN="$1"
-  local CONFIG="$2"
-  SERVICE=""
-  ACTION=""
-
-  . $CONFIG
-
-  [[ -z $SERVICE ]] && exit 0;
-
-  ACTION=${ACTION:-restart}
-
-  /usr/bin/systemctl $ACTION $SERVICE > /dev/null 2>&1
-}
-
-function domain_renew
-{
-  local DOMAIN="$1"
-  for scr in /etc/md-renewed/$DOMAIN/*.cert; do
-    run_copy "$1" "$scr"
-  done
-  for scr in /etc/md-renewed/$DOMAIN/*.service; do
-    run_service "$1" "$scr"
-  done
-  for scr in /etc/md-renewed/$DOMAIN/*.sh; do
-    $scr "$1"
-  done
-}
-
-if [ -z $MD_RENEWED_HOST_DIR ]; then
-  MD_RENEWED_INSTALLING_TARGET=${MD_RENEWED_DIR}/installing
-  MD_RENEWED_INSTALLED_TARGET=${MD_RENEWED_DIR}/installed
-else
-  MD_RENEWED_INSTALLING_TARGET=${MD_RENEWED_DIR}/installing/${MD_RENEWED_HOST_DIR}
-  MD_RENEWED_INSTALLED_TARGET=${MD_RENEWED_DIR}/installed/${MD_RENEWED_HOST_DIR}
-fi
-
-if [[ ! -d $MD_RENEWED_INSTALLING_TARGET ]]; then
-  mkdir -p $MD_RENEWED_INSTALLING_TARGET
-  chown ${MD_USER}.${MD_GROUP} $MD_RENEWED_INSTALLING_TARGET
-fi
-
-if [[ ! -d $MD_RENEWED_INSTALLED_TARGET ]]; then
-  mkdir -p $MD_RENEWED_INSTALLED_TARGET
-  chown ${MD_USER}.${MD_GROUP} $MD_RENEWED_INSTALLED_TARGET
-fi
-
-echo "md-renewed-install.service Looking for our domains: ${MYDOMAINS[*]}"
-for f in ${MD_RENEWED_INSTALLING_TARGET}/*; do
-  if [[ ! -f $f ]]; then
-    continue
-  fi
-
-  DOMAIN=$(basename $f)
-  rm -f $f
-  echo "md-renewed-install.service Checking domain $DOMAIN"
-
-  echo "md-renewed-install.service Installing domain $DOMAIN"
-  touch $MD_RENEWED_INSTALLED_TARGET/$DOMAIN
-
-  if [[ -d /etc/md-renewed/$DOMAIN ]]; then
-    domain_renew "$DOMAIN"
-  fi
-done
-
-if [[ $1 == "force" ]]; then
-  echo "md-renewed-install.service Looking for our already installed domains: ${MYDOMAINS[*]}"
-  for f in ${MOD_MD_DIR}/domains/*; do
-    if [[ ! -d $f ]]; then
-      continue
-    fi
-
-    DOMAIN=$(basename $f)
-
-    echo "md-renewed-install.service Checking already installed domain $DOMAIN"
-
-    if [[ ! -f $MD_RENEWED_INSTALLED_TARGET/$DOMAIN ]]; then
-      touch $MD_RENEWED_INSTALLED_TARGET/$DOMAIN
-    fi
-
-    if [[ -d /etc/md-renewed/$DOMAIN ]]; then
-      domain_renew "$DOMAIN"
-    fi
-  done
-fi
-
-exit 0
--- a/md-renewed-install.service
+++ b/md-renewed-install.service
@@ -1,12 +0,0 @@
-[Unit]
-Description=The Apache HTTP Server reloader
-After=network.target
-Wants=md-renewed-install.timer
-
-[Service]
-Type=oneshot
-EnvironmentFile=/etc/md-renewed/md-renewed.conf
-ExecStart=/usr/libexec/md-renewed/md-renewed-install
-
-[Install]
-WantedBy=multi-user.target
--- a/md-renewed-install.timer
+++ b/md-renewed-install.timer
@@ -1,11 +0,0 @@
-[Unit]
-BindsTo=httpd.service
-After=httpd.service
-
-[Timer]
-Unit=md-renewed-install.service
-OnUnitActiveSec=5min
-
-[Install]
-WantedBy=timers.target
-
--- a/md-renewed.conf
+++ b/md-renewed.conf
@@ -1,7 +0,0 @@
-MOD_MD_DIR=/var/lib/httpd/md
-MD_RENEWED_DIR=/var/lib/httpd/md-renewed
-MD_RENEWED_HOST_DIR=
-MD_USER=apache
-MD_GROUP=apache
-
-
--- a/md-renewed.path
+++ b/md-renewed.path
@@ -1,13 +0,0 @@
-[Path]
-PathExistsGlob=/var/lib/httpd/md-renewed/renewed/*
-Unit=md-renewed.service
-MakeDirectory=true
-DirectoryMode=0777
-
-[Unit]
-BindsTo=httpd.service
-After=httpd.service
-
-[Install]
-WantedBy=multi-user.target
-
--- a/md-renewed.service
+++ b/md-renewed.service
@@ -1,11 +0,0 @@
-[Unit]
-Description=The Apache HTTP Server reloader
-After=network.target
-
-[Service]
-Type=oneshot
-EnvironmentFile=/etc/md-renewed/md-renewed.conf
-ExecStart=/usr/libexec/md-renewed/md-renewed
-
-[Install]
-WantedBy=multi-user.target
--- a/md-renewed.spec
+++ b/md-renewed.spec
@@ -1,29 +1,15 @@
 Name:           md-renewed
-Version:        1.4.3
-Release:        1%{?dist}
+Version:        2.0.0
+Release:        4%{?dist}
 Summary:        Restart service on Apache module mod_md certificate renewal
 License:        MIT
 Group:          System Environment/Base
 URL:            http://netst.org/pub/fedora/st/
 BuildArch:      noarch

-Source0:        md-renewed
-Source1:        md-message
+Source0:        md-renewed-%{version}.tar.gz

-Source2:        md-renewed.path
-Source3:        md-renewed.service
-Source4:        md-renewed.timer
-
-Source5:        md-renewed-install
-Source6:        md-renewed-install.timer
-Source7:        md-renewed-install.service
-
-Source10:       md-renewed-httpd.conf
-Source11:       md-renewed.conf
-
-Source20:       example.service
-Source21:       example.cert
-Source22:       example.sh
+BuildRequires:  cmake

 Requires:       httpd
 Requires:       mod_md
@@ -34,40 +20,28 @@ BuildRequires:      systemd-rpm-macros
 %description
 Restart service on Apache module mod_md certificate renewal

+%package ipa-dns
+Summary:        FreeIPA DNS challange plugin
+Requires:       python3-ipalib
+Requires:       %name = %version-%release
+
+
+%description ipa-dns
+FreeIPA DNS challange plugin
+
+
+%prep
+%autosetup
+
+%build
+
+%cmake
+%cmake_build
+
 %install
 %{__rm} -rf %{buildroot}
+%cmake_install

-%{__install} -d -m 0755 %{buildroot}%{_libexecdir}/md-renewed
-%{__install} -m 0755 %{SOURCE0} %{buildroot}%{_libexecdir}/md-renewed/md-renewed
-%{__install} -m 0755 %{SOURCE1} %{buildroot}%{_libexecdir}/md-renewed/md-message
-%{__install} -m 0755 %{SOURCE5} %{buildroot}%{_libexecdir}/md-renewed/md-renewed-install
-
-%{__install} -d -m 0755 %{buildroot}%{_unitdir}
-%{__install} -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}/
-%{__install} -m 0644 %{SOURCE3} %{buildroot}%{_unitdir}/
-%{__install} -m 0644 %{SOURCE4} %{buildroot}%{_unitdir}/
-%{__install} -m 0644 %{SOURCE6} %{buildroot}%{_unitdir}/
-%{__install} -m 0644 %{SOURCE7} %{buildroot}%{_unitdir}/
-
-%{__install} -d -m 0755 %{buildroot}%{_sysconfdir}/httpd/conf.d
-%{__install} -m 0644 %{SOURCE10} %{buildroot}%{_sysconfdir}/httpd/conf.d/md-renewed.conf
-
-%{__install} -d -m 0755 %{buildroot}%{_sysconfdir}/md-renewed
-%{__install} -m 0644 %{SOURCE11} %{buildroot}%{_sysconfdir}/md-renewed/
-
-%{__install} -d -m 0755 %{buildroot}%{_sysconfdir}/md-renewed/example.com
-%{__install} -m 0644 %{SOURCE20} %{buildroot}%{_sysconfdir}/md-renewed/example.com/
-%{__install} -m 0644 %{SOURCE21} %{buildroot}%{_sysconfdir}/md-renewed/example.com/
-%{__install} -m 0755 %{SOURCE22} %{buildroot}%{_sysconfdir}/md-renewed/example.com/
-
-%{__install} -d -m 0775 %{buildroot}%{_sharedstatedir}/httpd/md-renewed/
-%{__install} -d -m 0775 %{buildroot}%{_sharedstatedir}/httpd/md-renewed/errored
-%{__install} -d -m 0775 %{buildroot}%{_sharedstatedir}/httpd/md-renewed/installed
-%{__install} -d -m 0775 %{buildroot}%{_sharedstatedir}/httpd/md-renewed/installing
-%{__install} -d -m 0775 %{buildroot}%{_sharedstatedir}/httpd/md-renewed/renewed
-%{__install} -d -m 0775 %{buildroot}%{_sharedstatedir}/httpd/md-renewed/renewing
-%{__install} -d -m 0775 %{buildroot}%{_sharedstatedir}/httpd/md-renewed/ocsp-renewed
-%{__install} -d -m 0775 %{buildroot}%{_sharedstatedir}/httpd/md-renewed/ocsp-errored

 %post
 %systemd_post md-renewed.path
@@ -113,6 +87,11 @@ Restart service on Apache module mod_md certificate renewal
 %dir %attr(-, root, apache) %{_sharedstatedir}/httpd/md-renewed/ocsp-renewed
 %dir %attr(-, root, apache) %{_sharedstatedir}/httpd/md-renewed/ocsp-errored

+%files ipa-dns
+%{_libexecdir}/md-renewed/md-ipa-dns
+%config(noreplace) %{_sysconfdir}/httpd/conf.d/md-renewed-ipa-dns.conf
+%config(noreplace) %{_sysconfdir}/gssproxy/20-mod_md.conf
+
 %changelog
 * Tue Nov  30 2021 Zoran Pericic <zpericic@netst.org> - 1.0.0-1
 Initial release
--- a/md-renewed.timer
+++ b/md-renewed.timer
@@ -1,11 +0,0 @@
-[Unit]
-BindsTo=httpd.service
-After=httpd.service
-
-[Timer]
-Unit=md-renewed.service
-OnUnitActiveSec=5min
-
-[Install]
-WantedBy=timers.target
-
Author	SHA1	Message	Date
Zoran Peričić	ff91a0cc99	v2.0.0	2024-05-25 00:04:23 +02:00
Zoran Peričić	25b20aaeae	v1.5.0	2023-01-30 20:39:57 +01:00
Zoran Peričić	5c9dbf4fcc	v1.4.9	2022-12-09 14:57:52 +01:00
Zoran Peričić	9eb48bfa97	v1.4.4 - Move source to archive and use cmake	2022-05-19 00:42:08 +02:00