diff --git a/.gitignore b/.gitignore index ab0b2fe..c48d8bb 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,5 @@ /.build-* /acme-tiny-4.1.0.tar.gz /results_acme-tiny +/acme-tiny-4.1.1.tar.gz +/acme-tiny-5.0.1.tar.gz diff --git a/acme-tiny-sign.sh b/acme-tiny-sign.sh index d2f1799..9999005 100755 --- a/acme-tiny-sign.sh +++ b/acme-tiny-sign.sh @@ -5,8 +5,11 @@ if test "$(id -u)" -eq 0; then exit 2 fi -DAYS="${1:-7}" +. /etc/sysconfig/acme-tiny +DAYS="${1:-$DAYS}" +test -n "$DAYS" || DAYS="7" if [[ "$DAYS" =~ ^[0-9]+$ ]]; then + echo "Days before expiration: $DAYS" secs=$(( $DAYS * 24 * 60 * 60 )) else echo "Invalid number of days: $DAYS" diff --git a/acme-tiny.conf b/acme-tiny.conf new file mode 100644 index 0000000..28e81fe --- /dev/null +++ b/acme-tiny.conf @@ -0,0 +1,4 @@ +# Default settings for acme-tiny wrapper script + +# Number of days before expiration to renew a certificate +DAYS=7 diff --git a/acme-tiny.service b/acme-tiny.service index 7b3f21b..c00fc5d 100644 --- a/acme-tiny.service +++ b/acme-tiny.service @@ -11,7 +11,7 @@ ProtectSystem=true User=acme Group=acme SyslogIdentifier=acme-tiny -ExecStart=/usr/libexec/acme-tiny/sign 7 +ExecStart=/usr/libexec/acme-tiny/sign [Install] Also=acme-tiny.timer diff --git a/acme-tiny.spec b/acme-tiny.spec index a5b1825..c4e4387 100644 --- a/acme-tiny.spec +++ b/acme-tiny.spec @@ -8,8 +8,8 @@ %endif Name: acme-tiny -Version: 4.1.0 -Release: 7%{?dist} +Version: 5.0.1 +Release: 13%{?dist} Summary: Tiny auditable script to issue, renew Let's Encrypt certificates License: MIT @@ -24,10 +24,10 @@ Source8: README-fedora.md # simple script hook to kick services when cert is updated Source9: notify.sh Source10: acme-tiny-notify.service +Source11: acme-tiny.conf Requires(pre): shadow-utils -# systemd macros are not defined unless systemd is present -BuildRequires: systemd +BuildRequires: systemd-rpm-macros %{?systemd_requires} Requires: %{name}-core = %{version}-%{release} BuildArch: noarch @@ -69,6 +69,8 @@ sed -i.orig -e '1,1 s,^.*python$,#!/usr/bin/python,' acme_tiny.py sed -i.old -e '1,1 s/python$/python3/' *.py %endif +echo 'u acme - "Tiny Auditable ACME Client" %{_sharedstatedir}/acme' >acme.sysusers.conf + %build %install @@ -78,6 +80,7 @@ mkdir -p %{buildroot}%{_sbindir} mkdir -p %{buildroot}%{_libexecdir}/%{name} mkdir -p %{buildroot}%{_sharedstatedir}/acme/{private,csr,certs,.notify} mkdir -p %{buildroot}%{_sysconfdir}/%{name}/notify.d +mkdir -p %{buildroot}%{_sysconfdir}/sysconfig chmod 0700 %{buildroot}%{_sharedstatedir}/acme/private install -m 0755 acme-tiny-sign.sh %{buildroot}%{_libexecdir}/%{name}/sign @@ -92,6 +95,8 @@ mkdir -p %{buildroot}%{_unitdir} install -pm 644 %{SOURCE6} %{buildroot}%{_unitdir} install -pm 644 %{SOURCE7} %{buildroot}%{_unitdir} install -pm 644 %{SOURCE10} %{buildroot}%{_unitdir} +install -m 0644 %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/%{name} +install -m 0644 -D acme.sysusers.conf %{buildroot}%{_sysusersdir}/acme.conf %pre getent group acme > /dev/null || groupadd -r acme @@ -117,11 +122,13 @@ exit 0 %attr(-,acme,acme) %{_sharedstatedir}/acme %{_libexecdir}/%{name} %config(noreplace) %{_sysconfdir}/httpd/conf.d/acme.conf +%config(noreplace) %{_sysconfdir}/sysconfig/%{name} %{_unitdir}/* %{_sbindir}/acme-tiny-sign %{_sbindir}/cert-check %{_sbindir}/%{name} %{_sysconfdir}/%{name} +%{_sysusersdir}/acme.conf %files core %license LICENSE @@ -129,6 +136,55 @@ exit 0 %{_sbindir}/acme_tiny %changelog +* Fri Jan 16 2026 Fedora Release Engineering - 5.0.1-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild + +* Wed Jul 23 2025 Fedora Release Engineering - 5.0.1-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + +* Thu Jan 16 2025 Zbigniew Jędrzejewski-Szmek - 5.0.1-11 +- Add sysusers.d config file + +* Thu Jan 16 2025 Fedora Release Engineering - 5.0.1-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + +* Wed Jul 17 2024 Fedora Release Engineering - 5.0.1-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Mon Jan 22 2024 Fedora Release Engineering - 5.0.1-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Fri Jan 19 2024 Fedora Release Engineering - 5.0.1-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Wed Jul 19 2023 Fedora Release Engineering - 5.0.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Tue Mar 28 2023 Stuart D. Gathman - 5.0.1-5 +- Verified SPDX license + +* Wed Jan 18 2023 Fedora Release Engineering - 5.0.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Wed Jul 20 2022 Fedora Release Engineering - 5.0.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Wed Jan 19 2022 Fedora Release Engineering - 5.0.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Thu Oct 28 2021 Stuart D. Gathman 5.0.1-1 +- New upstream release + +* Wed Sep 8 2021 Stuart D. Gathman 4.1.1-2 +- Remove CLI override in acme-tiny.service (uses /etc/sysconfig/acme-tiny now) + +* Tue Sep 7 2021 Stuart D. Gathman 4.1.1-1 +- New upstream release +- Set days before expiration in /etc/sysconfig + +* Wed Jul 21 2021 Fedora Release Engineering - 4.1.0-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + * Thu May 27 2021 Stuart D. Gathman 4.1.0-7 - Fix BZ#1839904 - enhance notify after cert update, incrond no longer needed diff --git a/notify.sh b/notify.sh index 9c58838..f3ca76b 100755 --- a/notify.sh +++ b/notify.sh @@ -52,6 +52,7 @@ for cert in "$@"; do # run any dropin extension if test -x "$script"; then - "$script" "$cert" + [ "$verbose" = "y" ] && echo "Running $script $cert" + ACMEDIR="$acmedir" NOTIFY="$notify" VERBOSE="$verbose" "$script" "$cert" fi done diff --git a/sources b/sources index a5fdfcf..f4629f8 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ -SHA512 (acme-tiny-4.1.0.tar.gz) = 31d69a5031c019acbc23b3f06041eae8e261766396d4a7420fd70a71cfa16de953bea4c0c2ad0c6a6e793ed61ab5331f40145352ffce69f4f062f35dd0db7519 +SHA512 (acme-tiny-4.1.1.tar.gz) = 9e1aac03f3aa744061b8b03bb7bb6ede52ccf1a72d729775f106eb0fef786ee495dedd4f44c672e4ee2a8fc385477366bf164ab5e78d85e0a031558cde68f4b1 +SHA512 (acme-tiny-5.0.1.tar.gz) = 6e0619917b31a5795c2c7d8aa811b46231b81fc6b57227f611f7f4b9f73eb3de669676482563c33d935a4a0812498677bcbe974663a561af61abb441a880947e