No longer able to build to resolve multiple CVEs, see https://lists.fedoraproject.org/archives/list/epel-announce@lists.fedoraproject.org/thread/AA6FOO54RPO4FUH3X7J7OEGHR7YTPDDV/

- Update bundled gopkg.in/yaml.v2 to 2.2.4 to fix CVE-2022-3064, resolves rhbz#2163539
- Rebuild with golang 1.19.10 to fix CVE-2022-41717, resolves rhbz#2163603

.gitignore

@@ -1 +0,0 @@
-caddy-*.tar.gz

0001-Disable-commands-that-can-alter-the-binary.patch

@@ -1,96 +0,0 @@
-From 41711beb6776923a84c06fad76964e5932333bd7 Mon Sep 17 00:00:00 2001
-From: Carl George <carl@george.computer>
-Date: Wed, 16 Feb 2022 11:45:03 -0600
-Subject: [PATCH] Disable commands that can alter the binary
-
----
- cmd/commands.go      | 45 --------------------------------------------
- cmd/commands_test.go |  8 ++++----
- 2 files changed, 4 insertions(+), 49 deletions(-)
-
-diff --git a/cmd/commands.go b/cmd/commands.go
-index c9ea636b..791ddf6d 100644
---- a/cmd/commands.go
-+++ b/cmd/commands.go
-@@ -404,51 +404,6 @@ is always printed to stdout.
- 		},
- 	})
- 
--	RegisterCommand(Command{
--		Name:  "upgrade",
--		Short: "Upgrade Caddy (EXPERIMENTAL)",
--		Long: `
--Downloads an updated Caddy binary with the same modules/plugins at the
--latest versions. EXPERIMENTAL: May be changed or removed.
--`,
--		CobraFunc: func(cmd *cobra.Command) {
--			cmd.Flags().BoolP("keep-backup", "k", false, "Keep the backed up binary, instead of deleting it")
--			cmd.RunE = WrapCommandFuncForCobra(cmdUpgrade)
--		},
--	})
--
--	RegisterCommand(Command{
--		Name:  "add-package",
--		Usage: "<package[@version]...>",
--		Short: "Adds Caddy packages (EXPERIMENTAL)",
--		Long: `
--Downloads an updated Caddy binary with the specified packages (module/plugin)
--added, with an optional version specified (e.g., "package@version"). Retains
--existing packages. Returns an error if any of the specified packages are already
--included. EXPERIMENTAL: May be changed or removed.
--`,
--		CobraFunc: func(cmd *cobra.Command) {
--			cmd.Flags().BoolP("keep-backup", "k", false, "Keep the backed up binary, instead of deleting it")
--			cmd.RunE = WrapCommandFuncForCobra(cmdAddPackage)
--		},
--	})
--
--	RegisterCommand(Command{
--		Name:  "remove-package",
--		Func:  cmdRemovePackage,
--		Usage: "<packages...>",
--		Short: "Removes Caddy packages (EXPERIMENTAL)",
--		Long: `
--Downloads an updated Caddy binaries without the specified packages (module/plugin).
--Returns an error if any of the packages are not included.
--EXPERIMENTAL: May be changed or removed.
--`,
--		CobraFunc: func(cmd *cobra.Command) {
--			cmd.Flags().BoolP("keep-backup", "k", false, "Keep the backed up binary, instead of deleting it")
--			cmd.RunE = WrapCommandFuncForCobra(cmdRemovePackage)
--		},
--	})
--
- 	defaultFactory.Use(func(rootCmd *cobra.Command) {
- 		manpageCommand := Command{
- 			Name:  "manpage",
-diff --git a/cmd/commands_test.go b/cmd/commands_test.go
-index 085a9d78..f6d01fa3 100644
---- a/cmd/commands_test.go
-+++ b/cmd/commands_test.go
-@@ -19,7 +19,7 @@ func TestCommandsAreAvailable(t *testing.T) {
- 	// include the commands registered through calls to init in
- 	// other packages
- 	cmds := Commands()
--	if len(cmds) != 17 {
-+	if len(cmds) != 14 {
- 		t.Errorf("expected 17 commands, got %d", len(cmds))
- 	}
- 
-@@ -27,10 +27,10 @@ func TestCommandsAreAvailable(t *testing.T) {
- 	slices.Sort(commandNames)
- 
- 	expectedCommandNames := []string{
--		"adapt", "add-package", "build-info", "completion",
-+		"adapt", "build-info", "completion",
- 		"environ", "fmt", "list-modules", "manpage",
--		"reload", "remove-package", "run", "start",
--		"stop", "storage", "upgrade", "validate", "version",
-+		"reload", "run", "start",
-+		"stop", "storage", "validate", "version",
- 	}
- 
- 	if !reflect.DeepEqual(expectedCommandNames, commandNames) {
--- 
-2.50.1
-

Caddyfile

@@ -1,36 +0,0 @@
-# The Caddyfile is an easy way to configure your Caddy web server.
-#
-# https://caddyserver.com/docs/caddyfile
-
-
-# The configuration below serves a welcome page over HTTP on port 80.  To use
-# your own domain name with automatic HTTPS, ensure your A/AAAA DNS record is
-# pointing to this machine's public IP, then replace `http://` with your domain
-# name.  Refer to the documentation for full instructions on the address
-# specification.
-#
-# https://caddyserver.com/docs/caddyfile/concepts#addresses
-http:// {
-
-    # Set this path to your site's directory.
-    root * /usr/share/caddy
-
-    # Enable the static file server.
-    file_server
-
-    # Another common task is to set up a reverse proxy:
-    # reverse_proxy localhost:8080
-
-    # Or serve a PHP site through php-fpm:
-    # php_fastcgi localhost:9000
-
-    # Refer to the directive documentation for more options.
-    # https://caddyserver.com/docs/caddyfile/directives
-
-}
-
-
-# As an alternative to editing the above site block, you can add your own site
-# block files in the Caddyfile.d directory, and they will be included as long
-# as they use the .caddyfile extension.
-import Caddyfile.d/*.caddyfile

caddy-api.service

@@ -1,28 +0,0 @@
-# caddy-api.service
-#
-# For using Caddy with its API.
-#
-# This unit is "durable" in that it will automatically resume
-# the last active configuration if the service is restarted.
-#
-# See https://caddyserver.com/docs/install for instructions.
-
-[Unit]
-Description=Caddy web server
-Documentation=https://caddyserver.com/docs/
-After=network.target
-
-[Service]
-Type=notify
-User=caddy
-Group=caddy
-ExecStart=/usr/bin/caddy run --environ --resume
-TimeoutStopSec=5s
-LimitNOFILE=1048576
-PrivateTmp=true
-ProtectHome=true
-ProtectSystem=full
-AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
-
-[Install]
-WantedBy=multi-user.target

caddy.service

@@ -1,31 +0,0 @@
-# caddy.service
-#
-# For using Caddy with a config file.
-#
-# WARNING: This service does not use the --resume flag, so if you
-# use the API to make changes, they will be overwritten by the
-# Caddyfile next time the service is restarted. If you intend to
-# use Caddy's API to configure it, add the --resume flag to the
-# `caddy run` command or use the caddy-api.service file instead.
-
-[Unit]
-Description=Caddy web server
-Documentation=https://caddyserver.com/docs/
-After=network.target
-
-[Service]
-Type=notify
-User=caddy
-Group=caddy
-ExecStartPre=/usr/bin/caddy validate --config /etc/caddy/Caddyfile
-ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
-ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
-TimeoutStopSec=5s
-LimitNOFILE=1048576
-PrivateTmp=true
-ProtectHome=true
-ProtectSystem=full
-AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
-
-[Install]
-WantedBy=multi-user.target

caddy.spec

@@ -1,387 +0,0 @@
-%global goipath         github.com/caddyserver/caddy
-
-%if %{defined el8}
-%global gotest() go test -short -compiler gc -ldflags "${LDFLAGS:-}" %{?**};
-%else
-%global gotestflags %{gocompilerflags} -short
-%endif
-
-Name:           caddy
-Version:        2.10.2
-Release:        %autorelease
-Summary:        Web server with automatic HTTPS
-URL:            https://caddyserver.com
-
-# main source code is Apache-2.0
-# see comments above bundled provides for a breakdown of the rest
-License:        Apache-2.0 AND BSD-1-Clause AND BSD-2-Clause AND BSD-2-Clause-Views AND BSD-3-Clause AND CC0-1.0 AND ISC AND MIT AND MPL-2.0
-
-Source0:        https://%{goipath}/archive/v%{version}/caddy-%{version}.tar.gz
-Source1:        caddy-%{version}-vendor.tar.gz
-Source2:        create-vendor-tarball.sh
-
-# based on reference files upstream
-# https://github.com/caddyserver/dist
-Source10:       Caddyfile
-Source20:       caddy.service
-Source21:       caddy-api.service
-Source22:       caddy.sysusers
-Source30:       poweredby-white.png
-Source31:       poweredby-black.png
-
-# downstream only patch to disable commands that can alter the binary
-Patch1:         0001-Disable-commands-that-can-alter-the-binary.patch
-
-%if %{defined el8}
-ExclusiveArch:  %{golang_arches}
-%else
-BuildRequires:  go-rpm-macros
-ExclusiveArch:  %{golang_arches_future}
-%endif
-
-BuildRequires:  systemd-rpm-macros
-%{?systemd_requires}
-%{?sysusers_requires_compat}
-
-Requires:       system-logos-httpd
-Provides:       webserver
-
-# https://github.com/caddyserver/caddy/commit/05acc5131ed5c80acbd28ed8d907b166cd15b72c
-BuildRequires:  golang >= 1.25
-
-# Apache-2.0:
-Provides:       bundled(golang(cel.dev/expr)) = 0.24.0
-Provides:       bundled(golang(cloud.google.com/go/auth)) = 0.16.2
-Provides:       bundled(golang(cloud.google.com/go/auth/oauth2adapt)) = 0.2.8
-Provides:       bundled(golang(cloud.google.com/go/compute/metadata)) = 0.7.0
-Provides:       bundled(golang(github.com/Masterminds/goutils)) = 1.1.1
-Provides:       bundled(golang(github.com/caddyserver/certmagic)) = 0.24.0
-Provides:       bundled(golang(github.com/coreos/go-oidc/v3)) = 3.14.1
-Provides:       bundled(golang(github.com/dgraph-io/badger)) = 1.6.2
-Provides:       bundled(golang(github.com/dgraph-io/badger/v2)) = 2.2007.4
-Provides:       bundled(golang(github.com/go-logr/logr)) = 1.4.3
-Provides:       bundled(golang(github.com/go-logr/stdr)) = 1.2.2
-Provides:       bundled(golang(github.com/google/cel-go)) = 0.26.0
-Provides:       bundled(golang(github.com/google/certificate-transparency-go)) = 74a5dd3
-Provides:       bundled(golang(github.com/google/go-tpm)) = 0.9.5
-Provides:       bundled(golang(github.com/google/go-tspi)) = 0.3.0
-Provides:       bundled(golang(github.com/google/s2a-go)) = 0.1.9
-Provides:       bundled(golang(github.com/googleapis/enterprise-certificate-proxy)) = 0.3.6
-Provides:       bundled(golang(github.com/inconshreveable/mousetrap)) = 1.1.0
-Provides:       bundled(golang(github.com/kylelemons/godebug)) = 1.1.0
-Provides:       bundled(golang(github.com/pires/go-proxyproto)) = 0.8.1
-Provides:       bundled(golang(github.com/prometheus/client_model)) = 0.6.2
-Provides:       bundled(golang(github.com/prometheus/common)) = 0.65.0
-Provides:       bundled(golang(github.com/prometheus/procfs)) = 0.16.1
-Provides:       bundled(golang(github.com/smallstep/go-attestation)) = 2306d5b
-Provides:       bundled(golang(github.com/smallstep/linkedca)) = 0.23.0
-Provides:       bundled(golang(github.com/smallstep/nosql)) = 0.7.0
-Provides:       bundled(golang(github.com/smallstep/truststore)) = 0.13.0
-Provides:       bundled(golang(github.com/spf13/cobra)) = 1.9.1
-Provides:       bundled(golang(go.opentelemetry.io/auto/sdk)) = 1.1.0
-Provides:       bundled(golang(go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp)) = 0.61.0
-Provides:       bundled(golang(go.opentelemetry.io/contrib/propagators/autoprop)) = 0.62.0
-Provides:       bundled(golang(go.opentelemetry.io/contrib/propagators/aws)) = 1.37.0
-Provides:       bundled(golang(go.opentelemetry.io/contrib/propagators/b3)) = 1.37.0
-Provides:       bundled(golang(go.opentelemetry.io/contrib/propagators/jaeger)) = 1.37.0
-Provides:       bundled(golang(go.opentelemetry.io/contrib/propagators/ot)) = 1.37.0
-Provides:       bundled(golang(go.opentelemetry.io/otel)) = 1.37.0
-Provides:       bundled(golang(go.opentelemetry.io/otel/exporters/otlp/otlptrace)) = 1.37.0
-Provides:       bundled(golang(go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc)) = 1.37.0
-Provides:       bundled(golang(go.opentelemetry.io/otel/metric)) = 1.37.0
-Provides:       bundled(golang(go.opentelemetry.io/otel/sdk)) = 1.37.0
-Provides:       bundled(golang(go.opentelemetry.io/otel/trace)) = 1.37.0
-Provides:       bundled(golang(go.opentelemetry.io/proto/otlp)) = 1.7.0
-Provides:       bundled(golang(go.uber.org/mock)) = 0.5.2
-Provides:       bundled(golang(google.golang.org/genproto/googleapis/api)) = 513f239
-Provides:       bundled(golang(google.golang.org/genproto/googleapis/rpc)) = 513f239
-Provides:       bundled(golang(google.golang.org/grpc)) = 1.73.0
-Provides:       bundled(golang(google.golang.org/grpc/cmd/protoc-gen-go-grpc)) = 1.5.1
-
-# BSD-2-Clause:
-Provides:       bundled(golang(github.com/pkg/errors)) = 0.9.1
-Provides:       bundled(golang(github.com/russross/blackfriday/v2)) = 2.1.0
-
-# BSD-3-Clause:
-Provides:       bundled(golang(dario.cat/mergo)) = 1.0.1
-Provides:       bundled(golang(github.com/antlr4-go/antlr/v4)) = 4.13.0
-Provides:       bundled(golang(github.com/cloudflare/circl)) = 1.6.1
-Provides:       bundled(golang(github.com/golang/protobuf)) = 1.5.4
-Provides:       bundled(golang(github.com/golang/snappy)) = 0.0.4
-Provides:       bundled(golang(github.com/google/uuid)) = 1.6.0
-Provides:       bundled(golang(github.com/grpc-ecosystem/grpc-gateway/v2)) = 2.27.1
-Provides:       bundled(golang(github.com/manifoldco/promptui)) = 0.9.0
-Provides:       bundled(golang(github.com/miekg/dns)) = 1.1.63
-Provides:       bundled(golang(github.com/munnerz/goautoneg)) = a7dc8b6
-Provides:       bundled(golang(github.com/pbnjay/memory)) = 7b4eea6
-Provides:       bundled(golang(github.com/pmezard/go-difflib)) = 1.0.0
-Provides:       bundled(golang(github.com/spf13/pflag)) = 1.0.7
-Provides:       bundled(golang(github.com/tailscale/tscert)) = d3f8340
-Provides:       bundled(golang(golang.org/x/crypto)) = 0.40.0
-Provides:       bundled(golang(golang.org/x/crypto/x509roots/fallback)) = 49bf5b8
-Provides:       bundled(golang(golang.org/x/exp)) = 7e4ce0a
-Provides:       bundled(golang(golang.org/x/mod)) = 0.25.0
-Provides:       bundled(golang(golang.org/x/net)) = 0.42.0
-Provides:       bundled(golang(golang.org/x/oauth2)) = 0.30.0
-Provides:       bundled(golang(golang.org/x/sync)) = 0.16.0
-Provides:       bundled(golang(golang.org/x/sys)) = 0.34.0
-Provides:       bundled(golang(golang.org/x/term)) = 0.33.0
-Provides:       bundled(golang(golang.org/x/text)) = 0.27.0
-Provides:       bundled(golang(golang.org/x/time)) = 0.12.0
-Provides:       bundled(golang(golang.org/x/tools)) = 0.34.0
-Provides:       bundled(golang(google.golang.org/api)) = 0.240.0
-Provides:       bundled(golang(google.golang.org/protobuf)) = 1.36.6
-
-# CC0-1.0:
-Provides:       bundled(golang(github.com/zeebo/blake3)) = 0.2.4
-
-# ISC:
-Provides:       bundled(golang(github.com/davecgh/go-spew)) = 1.1.1
-
-# MIT:
-Provides:       bundled(golang(github.com/BurntSushi/toml)) = 1.5.0
-Provides:       bundled(golang(github.com/KimMachineGun/automemlimit)) = 0.7.4
-Provides:       bundled(golang(github.com/Masterminds/semver/v3)) = 3.3.0
-Provides:       bundled(golang(github.com/Masterminds/sprig/v3)) = 3.3.0
-Provides:       bundled(golang(github.com/Microsoft/go-winio)) = 0.6.0
-Provides:       bundled(golang(github.com/alecthomas/chroma/v2)) = 2.20.0
-Provides:       bundled(golang(github.com/aryann/difflib)) = ff5ff6d
-Provides:       bundled(golang(github.com/beorn7/perks)) = 1.0.1
-Provides:       bundled(golang(github.com/caddyserver/zerossl)) = 0.1.3
-Provides:       bundled(golang(github.com/ccoveille/go-safecast)) = 1.6.1
-Provides:       bundled(golang(github.com/cenkalti/backoff/v5)) = 5.0.2
-Provides:       bundled(golang(github.com/cespare/xxhash)) = 1.1.0
-Provides:       bundled(golang(github.com/cespare/xxhash/v2)) = 2.3.0
-Provides:       bundled(golang(github.com/chzyer/readline)) = 1.5.1
-Provides:       bundled(golang(github.com/cpuguy83/go-md2man/v2)) = 2.0.7
-Provides:       bundled(golang(github.com/dgryski/go-farm)) = a6ae236
-Provides:       bundled(golang(github.com/dlclark/regexp2)) = 1.11.5
-Provides:       bundled(golang(github.com/dustin/go-humanize)) = 1.0.1
-Provides:       bundled(golang(github.com/felixge/httpsnoop)) = 1.0.4
-Provides:       bundled(golang(github.com/francoispqt/gojay)) = 1.2.13
-Provides:       bundled(golang(github.com/fxamacker/cbor/v2)) = 2.8.0
-Provides:       bundled(golang(github.com/go-chi/chi/v5)) = 5.2.2
-Provides:       bundled(golang(github.com/huandu/xstrings)) = 1.5.0
-Provides:       bundled(golang(github.com/jackc/pgpassfile)) = 1.0.0
-Provides:       bundled(golang(github.com/jackc/pgservicefile)) = 091c0ba
-Provides:       bundled(golang(github.com/jackc/pgx/v5)) = 5.6.0
-Provides:       bundled(golang(github.com/jackc/puddle/v2)) = 2.2.1
-Provides:       bundled(golang(github.com/klauspost/cpuid/v2)) = 2.3.0
-Provides:       bundled(golang(github.com/libdns/libdns)) = 1.1.0
-Provides:       bundled(golang(github.com/mattn/go-colorable)) = 0.1.13
-Provides:       bundled(golang(github.com/mattn/go-isatty)) = 0.0.20
-Provides:       bundled(golang(github.com/mgutz/ansi)) = d51e80e
-Provides:       bundled(golang(github.com/mitchellh/copystructure)) = 1.2.0
-Provides:       bundled(golang(github.com/mitchellh/go-ps)) = 1.0.0
-Provides:       bundled(golang(github.com/mitchellh/reflectwalk)) = 1.0.2
-Provides:       bundled(golang(github.com/quic-go/qpack)) = 0.5.1
-Provides:       bundled(golang(github.com/quic-go/quic-go)) = 0.54.0
-Provides:       bundled(golang(github.com/rs/xid)) = 1.6.0
-Provides:       bundled(golang(github.com/shopspring/decimal)) = 1.4.0
-Provides:       bundled(golang(github.com/shurcooL/sanitized_anchor_name)) = 1.0.0
-Provides:       bundled(golang(github.com/sirupsen/logrus)) = 1.9.3
-Provides:       bundled(golang(github.com/slackhq/nebula)) = 1.9.5
-Provides:       bundled(golang(github.com/smallstep/pkcs7)) = 0.2.1
-Provides:       bundled(golang(github.com/spf13/cast)) = 1.7.0
-Provides:       bundled(golang(github.com/stoewer/go-strcase)) = 1.2.0
-Provides:       bundled(golang(github.com/stretchr/testify)) = 1.10.0
-Provides:       bundled(golang(github.com/urfave/cli)) = 1.22.17
-Provides:       bundled(golang(github.com/x448/float16)) = 0.8.4
-Provides:       bundled(golang(github.com/yuin/goldmark)) = 1.7.13
-Provides:       bundled(golang(github.com/yuin/goldmark-highlighting/v2)) = 37449ab
-Provides:       bundled(golang(go.etcd.io/bbolt)) = 1.3.10
-Provides:       bundled(golang(go.uber.org/automaxprocs)) = 1.6.0
-Provides:       bundled(golang(go.uber.org/multierr)) = 1.11.0
-Provides:       bundled(golang(go.uber.org/zap)) = 1.27.0
-Provides:       bundled(golang(go.uber.org/zap/exp)) = 0.3.0
-Provides:       bundled(golang(gopkg.in/natefinch/lumberjack.v2)) = 2.2.1
-
-# MPL-2.0:
-Provides:       bundled(golang(github.com/go-sql-driver/mysql)) = 1.8.1
-
-# Apache-2.0 AND BSD-2-Clause:
-Provides:       bundled(golang(go.step.sm/crypto)) = 0.67.0
-Provides:       bundled(golang(github.com/smallstep/cli-utils)) = 0.12.1
-
-# Apache-2.0 AND BSD-3-Clause:
-Provides:       bundled(golang(github.com/go-jose/go-jose/v3)) = 3.0.4
-Provides:       bundled(golang(github.com/go-jose/go-jose/v4)) = 4.0.5
-Provides:       bundled(golang(github.com/googleapis/gax-go/v2)) = 2.14.2
-Provides:       bundled(golang(github.com/mholt/acmez/v3)) = 3.1.2
-Provides:       bundled(golang(github.com/smallstep/certificates)) = 0.28.4
-
-# Apache-2.0 AND MIT:
-Provides:       bundled(golang(github.com/dgraph-io/ristretto)) = 0.2.0
-Provides:       bundled(golang(gopkg.in/yaml.v3)) = 3.0.1
-
-# BSD-1-Clause AND BSD-3-Clause:
-Provides:       bundled(golang(filippo.io/edwards25519)) = 1.1.0
-
-# BSD-2-Clause-Views AND BSD-3-Clause:
-Provides:       bundled(golang(howett.net/plist)) = 1.0.0
-
-# BSD-3-Clause AND MIT:
-Provides:       bundled(golang(github.com/smallstep/scep)) = 8cf1ca4
-
-# CC0-1.0 AND MIT:
-Provides:       bundled(golang(github.com/AndreasBriese/bbloom)) = 46b345b
-
-# Apache-2.0 AND BSD-3-Clause AND MIT:
-Provides:       bundled(golang(github.com/klauspost/compress)) = 1.18.0
-Provides:       bundled(golang(github.com/prometheus/client_golang)) = 1.23.0
-
-
-%description
-Caddy is an extensible server platform that uses TLS by default.
-
-
-%prep
-%autosetup -p 1 -a 1
-mkdir -p src/$(dirname %{goipath})
-ln -s $PWD src/%{goipath}
-
-
-%build
-%if %{defined el8}
-export GO111MODULE=off
-%endif
-export GOPATH=$PWD
-export LDFLAGS="-X %{goipath}.CustomVersion=v%{version}"
-%gobuild -o bin/caddy %{goipath}/cmd/caddy
-
-
-%install
-# command
-install -D -p -m 0755 -t %{buildroot}%{_bindir} bin/caddy
-
-# man pages
-./bin/caddy manpage --directory %{buildroot}%{_mandir}/man8
-
-# config
-install -D -p -m 0644 -t %{buildroot}%{_sysconfdir}/caddy %{S:10}
-install -d -m 0755 %{buildroot}%{_sysconfdir}/caddy/Caddyfile.d
-
-# systemd units
-install -D -p -m 0644 -t %{buildroot}%{_unitdir} %{S:20} %{S:21}
-
-# sysusers
-install -D -p -m 0644 %{S:22} %{buildroot}%{_sysusersdir}/caddy.conf
-
-# data directory
-install -d -m 0750 %{buildroot}%{_sharedstatedir}/caddy
-
-# welcome page
-%if %{defined fedora}
-install -D -p -m 0644 %{S:30} %{buildroot}%{_datadir}/caddy/poweredby.png
-ln -s ../fedora-testpage/index.html %{buildroot}%{_datadir}/caddy/index.html
-%else
-install -D -p -m 0644 %{S:31} %{buildroot}%{_datadir}/caddy/poweredby.png
-ln -s ../testpage/index.html %{buildroot}%{_datadir}/caddy/index.html
-%endif
-install -d -m 0755 %{buildroot}%{_datadir}/caddy/icons
-ln -s ../../pixmaps/poweredby.png %{buildroot}%{_datadir}/caddy/icons/poweredby.png
-%if %{defined rhel} && 0%{?rhel} >= 9
-ln -s ../pixmaps/system-noindex-logo.png %{buildroot}%{_datadir}/caddy/system_noindex_logo.png
-%endif
-
-# shell completions
-install -d -m 0755 %{buildroot}%{bash_completions_dir}
-./bin/caddy completion bash > %{buildroot}%{bash_completions_dir}/caddy
-install -d -m 0755 %{buildroot}%{zsh_completions_dir}
-./bin/caddy completion zsh > %{buildroot}%{zsh_completions_dir}/_caddy
-install -d -m 0755 %{buildroot}%{fish_completions_dir}
-./bin/caddy completion fish > %{buildroot}%{fish_completions_dir}/caddy.fish
-
-
-%check
-# ensure that the version was embedded correctly
-[[ "$(./bin/caddy version)" == "v%{version}" ]] || exit 1
-
-# run the upstream tests
-export GOPATH=$PWD
-cd src/%{goipath}
-%gotest ./...
-
-
-%pre
-%sysusers_create_compat %{S:22}
-
-
-%post
-%systemd_post caddy.service
-
-if [ -x /usr/sbin/getsebool ]; then
-    # connect to ACME endpoint to request certificates
-    setsebool -P httpd_can_network_connect on
-fi
-if [ -x /usr/sbin/semanage -a -x /usr/sbin/restorecon ]; then
-    # file contexts
-    semanage fcontext --add --type httpd_exec_t        '%{_bindir}/caddy'               2> /dev/null || :
-    semanage fcontext --add --type httpd_sys_content_t '%{_datadir}/caddy(/.*)?'        2> /dev/null || :
-    semanage fcontext --add --type httpd_config_t      '%{_sysconfdir}/caddy(/.*)?'     2> /dev/null || :
-    semanage fcontext --add --type httpd_var_lib_t     '%{_sharedstatedir}/caddy(/.*)?' 2> /dev/null || :
-    restorecon -r %{_bindir}/caddy %{_datadir}/caddy %{_sysconfdir}/caddy %{_sharedstatedir}/caddy || :
-fi
-if [ -x /usr/sbin/semanage ]; then
-    # QUIC
-    semanage port --add --type http_port_t --proto udp 80   2> /dev/null || :
-    semanage port --add --type http_port_t --proto udp 443  2> /dev/null || :
-    # admin endpoint
-    semanage port --add --type http_port_t --proto tcp 2019 2> /dev/null || :
-fi
-
-
-%preun
-%systemd_preun caddy.service
-
-
-%postun
-%systemd_postun_with_restart caddy.service
-
-if [ $1 -eq 0 ]; then
-    if [ -x /usr/sbin/getsebool ]; then
-        # connect to ACME endpoint to request certificates
-        setsebool -P httpd_can_network_connect off
-    fi
-    if [ -x /usr/sbin/semanage ]; then
-        # file contexts
-        semanage fcontext --delete --type httpd_exec_t        '%{_bindir}/caddy'               2> /dev/null || :
-        semanage fcontext --delete --type httpd_sys_content_t '%{_datadir}/caddy(/.*)?'        2> /dev/null || :
-        semanage fcontext --delete --type httpd_config_t      '%{_sysconfdir}/caddy(/.*)?'     2> /dev/null || :
-        semanage fcontext --delete --type httpd_var_lib_t     '%{_sharedstatedir}/caddy(/.*)?' 2> /dev/null || :
-        # QUIC
-        semanage port     --delete --type http_port_t --proto udp 80   2> /dev/null || :
-        semanage port     --delete --type http_port_t --proto udp 443  2> /dev/null || :
-        # admin endpoint
-        semanage port     --delete --type http_port_t --proto tcp 2019 2> /dev/null || :
-    fi
-fi
-
-
-%files
-%license LICENSE
-%doc README.md AUTHORS
-%{_bindir}/caddy
-%{_mandir}/man8/caddy*.8*
-%{_datadir}/caddy
-%{_unitdir}/caddy.service
-%{_unitdir}/caddy-api.service
-%{_sysusersdir}/caddy.conf
-%dir %{_sysconfdir}/caddy
-%config(noreplace) %{_sysconfdir}/caddy/Caddyfile
-%dir %{_sysconfdir}/caddy/Caddyfile.d
-%attr(0750,caddy,caddy) %dir %{_sharedstatedir}/caddy
-%if %{defined el8}
-# this is normally owned by filesystem
-%dir %{_datadir}/zsh
-%dir %{_datadir}/zsh/site-functions
-%dir %{_datadir}/fish
-%dir %{_datadir}/fish/vendor_completions.d
-%endif
-%{bash_completions_dir}/caddy
-%{zsh_completions_dir}/_caddy
-%{fish_completions_dir}/caddy.fish
-
-
-%changelog
-%autochangelog

caddy.sysusers

@@ -1 +0,0 @@
-u caddy - "Caddy web server" /var/lib/caddy /usr/sbin/nologin

changelog

@@ -1,285 +0,0 @@
-* Wed Jan 22 2025 Carl George <carlwgeorge@fedoraproject.org> - 2.9.1-3
-- Run tests with -short flag like upstream to avoid test failures
-- Resolves FTBFS rhbz#2339573 rhbz#2339954
-
-* Thu Jan 16 2025 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.1-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
-
-* Wed Jan 08 2025 Carl George <carlwgeorge@fedoraproject.org> - 2.9.1-1
-- Update to version 2.9.1 rhbz#2336409
-
-* Wed Jan 01 2025 Carl George <carlwgeorge@fedoraproject.org> - 2.9.0-1
-- Update to version 2.9.0 rhbz#2316289
-
-* Wed Jul 17 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.8.4-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
-
-* Fri Jul 05 2024 Carl George <carlwgeorge@fedoraproject.org> - 2.8.4-1
-- Update to version 2.8.4 rhbz#2278549
-- Resolves CVE-2023-49295 rhbz#2257829
-- Resolves CVE-2024-27304 rhbz#2268278
-- Resolves CVE-2024-27289 rhbz#2268468
-- Resolves CVE-2024-28180 rhbz#2268877
-- Resolves CVE-2024-22189 rhbz#2273517
-- Remove LimitNPROC from systemd unit files
-
-* Sun Feb 11 2024 Maxwell G <maxwell@gtmx.me> - 2.7.6-2
-- Rebuild for golang 1.22.0
-
-* Fri Feb 09 2024 Carl George <carlwgeorge@fedoraproject.org> - 2.7.6-1
-- Update to version 2.7.6 rhbz#2253698
-- Includes fix for CVE-2023-45142 rhbz#2246587
-
-* Tue Jan 23 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.5-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-
-* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.5-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-
-* Mon Oct 30 2023 Carl George <carlwgeorge@fedoraproject.org> - 2.7.5-1
-- Update to version 2.7.5
-- Update poweredby logos
-- Add symlink for system_noindex_logo.png on EL9
-- Symlink directly to fedora-testpage directory on Fedora
-
-* Thu Aug 17 2023 Carl George <carlwgeorge@fedoraproject.org> - 2.7.4-1
-- Update to version 2.7.4, resolves rhbz#2232696
-- Fix CVE-2023-3978, resolves rhbz#2229582
-
-* Tue Aug 08 2023 Carl George <carl@george.computer> - 2.7.3-1
-- Update to version 2.7.3, resolves rhbz#2229638
-
-* Thu Aug 03 2023 Carl George <carl@george.computer> - 2.7.2-1
-- Update to version 2.7.2, resolves rhbz#2228776
-
-* Thu Jul 27 2023 Carl George <carl@george.computer> - 2.7.0~beta2-1
-- Update to version 2.7.0~beta2, resolves rhbz#2225732 rhbz#2124366
-- Resolves CVE-2022-41717 rhbz#2164315
-- Resolves CVE-2022-41723 rhbz#2178412
-- Add man pages
-- Use generated shell completion files instead of static ones
-- Add fish shell completions
-- Switch to systemd sysusers
-
-* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.2-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
-
-* Tue Jan 24 2023 Carl George <carl@george.computer> - 2.5.2-3
-- Rebuild for CVE-2022-41717 in golang
-
-* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.2-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
-
-* Tue Aug 09 2022 Carl George <carl@george.computer> - 2.5.2-1
-- Latest upstream, resolves rhbz#2062499 rhbz#2113136
-
-* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.6-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
-
-* Tue Jul 19 2022 Maxwell G <gotmax@e.email> - 2.4.6-4
-- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in
-  golang
-
-* Fri Jun 17 2022 Robert-André Mauchin <zebob.m@gmail.com> - 2.4.6-3
-- Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191,
-  CVE-2022-29526, CVE-2022-30629
-
-* Fri Feb 25 2022 Carl George <carl@george.computer> - 2.4.6-2
-- Update welcome page symlink and image to work on both Fedora and EPEL
-
-* Wed Feb 16 2022 Carl George <carl@george.computer> - 2.4.6-1
-- Latest upstream rhbz#1984163
-
-* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
-
-* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
-
-* Wed Mar 03 2021 Carl George <carl@george.computer> - 2.3.0-1
-- Latest upstream
-- Fix vendored license handling
-- Switch to white logo rhbz#1934864
-
-* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.2.1-3
-- Rebuilt for updated systemd-rpm-macros
-  See https://pagure.io/fesco/issue/2583.
-
-* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.1-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-
-* Fri Oct 30 2020 Carl George <carl@george.computer> - 2.2.1-1
-- Latest upstream
-
-* Sat Sep 26 2020 Carl George <carl@george.computer> - 2.2.0-1
-- Latest upstream
-
-* Sat Sep 19 2020 Carl George <carl@george.computer> - 2.2.0~rc3-1
-- Latest upstream
-
-* Fri Aug 14 2020 Carl George <carl@george.computer> - 2.1.1-2
-- Add bash and zsh completion support
-
-* Sun Aug 09 2020 Carl George <carl@george.computer> - 2.1.1-1
-- Update to Caddy v2
-- Remove all v1 plugins
-- Use vendored dependencies
-- Remove devel subpackage
-- Rename config file per upstream request
-- Use webserver test page from system-logos-httpd
-
-* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.4-3
-- Second attempt - Rebuilt for
-  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.4-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Tue Jul 07 20:56:10 CEST 2020 Robert-André Mauchin <zebob.m@gmail.com> - 1.0.4-1
-- Update to 1.0.4 (#1803691)
-
-* Mon Feb 17 2020 Elliott Sales de Andrade <quantum.analyst@gmail.com> - 1.0.3-3
-- Rebuilt for GHSA-jf24-p9p9-4rjh
-
-* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.3-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Sat Sep 07 2019 Carl George <carl@george.computer> - 1.0.3-1
-- Latest upstream
-- Remove bundled lego and plugins
-- Remove dyn, gandi, namecheap, and rfc2136 dns providers
-- Add patch0 to fix `-version` flag
-- Add patch1 to adjust blackfriday import path
-- Add devel subpackages
-- Run test suite
-
-* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.4-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Thu May 09 2019 Carl George <carl@george.computer> - 0.11.4-2
-- Switch unit file from ProtectSystem strict to full rhbz#1706651
-
-* Wed Mar 06 2019 Carl George <carl@george.computer> - 0.11.4-1
-- Latest upstream
-- Update bundled dnsproviders to 0.1.3
-- Update bundled lego to 2.2.0
-- Enable googlecloud, route53, and azure dns providers on epel7
-- Allow custom http port with default config file rhbz#1685446
-
-* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.1-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Wed Nov 14 2018 Carl George <carl@george.computer> - 0.11.1-2
-- Buildrequires at least golang 1.10
-
-* Tue Nov 13 2018 Carl George <carl@george.computer> - 0.11.1-1
-- Latest upstream
-- Update bundled geoip
-
-* Fri Oct 19 2018 Carl George <carl@george.computer> - 0.11.0-3
-- Enable httpd_can_network_connect selinux boolean to connect to ACME endpoint rhbz#1641158
-- Define UDP 80/443 as selinux http_port_t for QUIC rhbz#1608548
-- Define TCP 5033 as selinux http_port_t for HTTP challenge rhbz#1641160
-
-* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.11.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Sat May 12 2018 Carl George <carl@george.computer> - 0.11.0-1
-- Latest upstream
-
-* Sat Apr 21 2018 Carl George <carl@george.computer> - 0.10.14-1
-- Latest upstream
-- Overhaul %%prep to extract everything with %%setup
-- Edit lego providers to require acmev2 instead of acme
-- Add provides for specific providers from %%import_path_dnsproviders and %%import_path_lego
-- Add azure dns provider on f28+
-
-* Fri Apr 20 2018 Carl George <carl@george.computer> - 0.10.11-6
-- Enable geoip plugin on EL7
-- Only provide bundled geoip/realip/dnsproviders/lego when the respective plugin is enabled
-
-* Wed Apr 18 2018 Carl George <carl@george.computer> - 0.10.11-5
-- Add geoip plugin
-
-* Tue Apr 17 2018 Carl George <carl@george.computer> - 0.10.11-4
-- Correct ExclusiveArch fallback
-
-* Mon Apr 16 2018 Carl George <carl@george.computer> - 0.10.11-3
-- Enable s390x
-- Disable googlecloud and route53 dns providers on EL7 due to dependency issues
-
-* Fri Mar 30 2018 Carl George <carl@george.computer> - 0.10.11-2
-- Add googlecloud dns provider
-- Add route53 dns provider
-- Set minimum golang version to 1.9
-- Set selinux labels in scriptlets
-
-* Sat Feb 24 2018 Carl George <carl@george.computer> - 0.10.11-1
-- Latest upstream
-
-* Sat Feb 24 2018 Carl George <carl@george.computer> - 0.10.10-4
-- Change ProtectSystem from strict to full in unit file on RHEL
-
-* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.10.10-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
-* Thu Jan 11 2018 Carl George <carl@george.computer> - 0.10.10-2
-- Add powerdns provider
-
-* Mon Oct 09 2017 Carl George <carl@george.computer> - 0.10.10-1
-- Latest upstream
-
-* Mon Oct 02 2017 Carl George <carl@george.computer> - 0.10.9-6
-- Add provides for bundled libraries
-
-* Mon Oct 02 2017 Carl George <carl@george.computer> - 0.10.9-5
-- Enable rfc2136 dns provider
-- List plugins in description
-
-* Mon Sep 18 2017 Carl George <carl@george.computer> - 0.10.9-4
-- Exclude s390x
-
-* Sun Sep 17 2017 Carl George <carl@george.computer> - 0.10.9-3
-- Add realip plugin
-- Add conditionals for plugins
-
-* Sat Sep 16 2017 Carl George <carl@george.computer> - 0.10.9-2
-- Add sources for caddyserver/dnsproviders and xenolf/lego
-- Disable all dns providers that require additional libraries (dnsimple, dnspod, googlecloud, linode, ovh, route53, vultr)
-- Rewrite default index.html
-
-* Tue Sep 12 2017 Carl George <carl@george.computer> - 0.10.9-1
-- Latest upstream
-- Add config validation to unit file
-- Disable exoscale dns provider https://github.com/xenolf/lego/issues/429
-
-* Fri Sep 08 2017 Carl George <carl@george.computer> - 0.10.8-1
-- Latest upstream
-- Build with %%gobuild macro
-- Move config subdirectory from /etc/caddy/caddy.conf.d to /etc/caddy/conf.d
-
-* Tue Aug 29 2017 Carl George <carl@george.computer> - 0.10.7-1
-- Latest upstream
-
-* Fri Aug 25 2017 Carl George <carl@george.computer> - 0.10.6-2
-- Use SIQQUIT to stop service
-- Increase the process limit from 64 to 512
-- Only `go get` in caddy/caddymain
-
-* Fri Aug 11 2017 Carl George <carl@george.computer> - 0.10.6-1
-- Latest upstream
-- Add webserver virtual provides
-- Drop tmpfiles and just own /var/lib/caddy directly
-- Remove PrivateDevices setting from unit file, it prevents selinux process transitions
-- Disable rfc2136 dns provider https://github.com/caddyserver/dnsproviders/issues/11
-
-* Sat Jun 03 2017 Carl George <carl.george@rackspace.com> - 0.10.3-2
-- Rename Envfile to envfile
-- Rename Caddyfile to caddy.conf
-- Include additional configs from caddy.conf.d directory
-
-* Fri May 19 2017 Carl George <carl.george@rackspace.com> - 0.10.3-1
-- Latest upstream
-
-* Mon May 15 2017 Carl George <carl.george@rackspace.com> - 0.10.2-1
-- Initial package

create-vendor-tarball.sh

@@ -1,40 +0,0 @@
-#!/usr/bin/bash
-
-tag=$1
-
-if [[ -z $tag ]]; then
-    echo "This script requires the tag as an argument."
-    exit 1
-fi
-
-set -euo pipefail
-
-PKG="caddy"
-REPO="https://github.com/caddyserver/$PKG"
-
-# transform tag into version
-case $tag in
-    *beta*)
-        # v2.0.0-beta.1 -> 2.0.0~beta1
-        temp=${tag#v}
-        version=${temp/-beta./~beta}
-        ;;
-    *rc*)
-        # v2.0.0-rc.1 -> 2.0.0~rc1
-        temp=${tag#v}
-        version=${temp/-rc./~rc}
-        ;;
-    *)
-        # v2.0.0 -> 2.0.0
-        version=${tag#v}
-        ;;
-esac
-
-echo "Using tag: $tag"
-echo "Using version: $version"
-
-git -c advice.detachedHead=false clone --branch $tag --depth 1 $REPO.git $PKG-$version
-pushd $PKG-$version
-GOPROXY='https://proxy.golang.org,direct' go mod vendor
-popd
-tar -C $PKG-$version -czf $PKG-$version-vendor.tar.gz vendor

dead.package

@@ -0,0 +1 @@
+No longer able to build to resolve multiple CVEs, see https://lists.fedoraproject.org/archives/list/epel-announce@lists.fedoraproject.org/thread/AA6FOO54RPO4FUH3X7J7OEGHR7YTPDDV/

sources

@@ -1,2 +0,0 @@
-SHA512 (caddy-2.10.2.tar.gz) = 986b11e26cdaa4fbe554cf7b6bb333404fc33190945ef995122518a3fe2fe582a4cf4d2a8ab463e045857650e9deb88123f8d86a93dbdc465635755b00356205
-SHA512 (caddy-2.10.2-vendor.tar.gz) = 8b4b63f5b8ba4b29ec01da55820214f4c63a1c545756815e26d73bdcc3b3ac5aada863ef32ab6db898b90a9501c0ed6e03ed44e53612cdb8d872ab89480d466d