diff --git a/.gitignore b/.gitignore index a63dccd..a82d686 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1 @@ /dehydrated-*.tar.gz -/dehydrated-*.tar.gz.asc diff --git a/3C2F2605E078A1E18F4793909C4DBE6CF438F333 b/3C2F2605E078A1E18F4793909C4DBE6CF438F333 deleted file mode 100644 index 9737767..0000000 --- a/3C2F2605E078A1E18F4793909C4DBE6CF438F333 +++ /dev/null @@ -1,149 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Comment: 3C2F 2605 E078 A1E1 8F47 9390 9C4D BE6C F438 F333 -Comment: Lukas Schauer -Comment: Lukas Schauer -Comment: Lukas Schauer -Comment: Lukas Schauer -Comment: Lukas Schauer -Comment: Lukas Schauer - -xsBNBFFfGhMBCADuxAL1vqC7J1AmxMrFGxobyPaY9tmUEueRF+JuUJlk48qSbcWg -zAMEprSgw3HY/15Galu/7g8KxXnlN4WO2vgA6eu1CYx3CoukJ8dc/m6hEMxqwsIW -H/1sI7P2hLGB/6YC3MqgpyZxrXzS3coe/JLLkeOtcnBgeT1VpGnodSEKsK4unkfV -cmheLuF+zMb0t1DFtd//Ka99XtoF7HXW6p/n8NjiAXKkEkTWf+0qsOIzar3Hl7QE -dnEMK1EjDbrqNufTe+TyvM9hVMyDTptvA0EDOj+5Jmt29pWpriOgUgm2D1JgZi9b -YmGnTo149q5bUzfLvsTDI0IS7ClxXIES/dfXABEBAAHNJkx1a2FzIFNjaGF1ZXIg -PGx1a2FzLnNjaGF1ZXJAaC1icnMuZGU+wsCOBBMBCgA4FiEEPC8mBeB4oeGPR5OQ -nE2+bPQ48zMFAmGLB7ECGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQnE2+ -bPQ48zOiHAf9EaE/FleDKNicSlYc2tazUVx+qXiks6ADi40T8bLycu1rtXQCa5wC -G3Ucnx5sWqOOHRwgruWpr5ksl9rFImozQaP6IvVzmWl7o5+7Bki8Bf8a5OU/D4IP -EUdPO+UEoxr54KrSV9Cuk0K2tiENT8WLy+57rMSx49f4AF1svG/FUbMgkENR90Gi -8YxyEGfm2K8yNoPcg9XukUfcL48cI2OH52GMaRpJVDhRG6bNKCJbUoczY249a8Ar -4wWsZMN/ajeA5hFj3J8Ol2rl6h4x4kBVRrgW3nbx2Pu8SRVKwIW3mnNv1PovqDuP -kxDiBLRHIdojyrn0ZDXLkJAavYReQXo2Kc0qTHVrYXMgU2NoYXVlciA8bHVrYXMu -c2NoYXVlckBpbmYuaC1icnMuZGU+wsCOBBMBCgA4FiEEPC8mBeB4oeGPR5OQnE2+ -bPQ48zMFAlqZuscCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQnE2+bPQ4 -8zMsQAgA5ZbXLDtr4di+spbmykqKKvC+7teyaG/5VOTlwjlWBu9Vq5ijdKskogUu -i49e3xC9Pnu3TTYeIDKQ/8GVBojMhQfEzPEWwAupK07dwL4N/VIEIowaYmTIggZb -C0IkyHBG1esg//tFmyC2WGTdKDaCPB0Y+reB+DVkYCcSycSpjxDS3SpDqmyeEm7+ -BFgCsNIPJaj+YEscvJF7S+Bzga3uPitlNdIp4hBW7SpdNi3sx3PguOyHuSkqJm+t -qblgA7p2RVcc4uHpXS77xUw3lI2KMmWkd+yL7Mrfspc+cDscU4mXEjk8bqM70F4y -C2BnE8hPGURYIsnNbPOCzWXKqNIrRs0mTHVrYXMgU2NoYXVlciA8bHVrYXMyNTEx -QGtvZWxuLmNjYy5kZT7CwI4EEwEKADgWIQQ8LyYF4Hih4Y9Hk5CcTb5s9DjzMwUC -ZHIzXwIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRCcTb5s9DjzMxOKCADr -S9SUhsh7e+pyQ2+8dof41moWsJOyNygFZLCgJVHqhaSG/k83C0/UIjxsPKzJS/RO -6pBMTns02tGh7UVx+4X/frMOH5LHtUIX91qRRMFyq+ulbNQpGCJ05JGyxwgAZ7N0 -eWrSTR5CTeCR3imxeN4pqQTMrn+u5Zvwo0BtrUnZuS0m1cBwMuocrdvl3hZFwlL/ -fOYLObqzrVsygRQerZqt7WxFIeJCqslHdrxrI05UNU+rhO5ECHAWWtSp8iC71F7r -QerDeX8Bbw7zVFxxL/+XdkXSrVkA3TcKwyHizlnrBEDaZLbRri5SR6x3wF3L4D35 -QsxEUtDDR4sPIhF1sJDQzR5MdWthcyBTY2hhdWVyIDxsdWthc0Bmc2xhYi5kZT7C -wI4EEwEKADgWIQQ8LyYF4Hih4Y9Hk5CcTb5s9DjzMwUCWsTl3gIbAwULCQgHAwUV -CgkICwUWAgMBAAIeAQIXgAAKCRCcTb5s9DjzM0TrB/0YkMpsYbcyk5Ly+nhFKi3E -U3Q20XBTFTBDG957+djPhjHO6brnKBCXi87F6eGKTmCmAtN9GSciwVQ9J23Qc8dI -b3/gNT4WtqwFqzBoVzeyk/fBoda5kRpdczwu/4fc61U/4UUPmR9JuRoCDgRKjYQ0 -MDAv92tDfIPbK4yVE6PsU0/7aPuaa9u4V+g3J1V5ILazhrsAyGTh3AFDGmGICcAt -rwsPOyYEHC8bzGch4AqOFCLEsPJBOuGZdueryBtIcIpt9dMwz0dNVwuDldoUWzuE -vGGf0N2gRqMnRcXYrkIKOKqoqSQZb/uwTCagk9oRP6LOuVaR7N6Nwaul9NwyOXV0 -zSFMdWthcyBTY2hhdWVyIDxsdWthc0BzY2hhdWVyLmRldj7CwI4EEwEKADgWIQQ8 -LyYF4Hih4Y9Hk5CcTb5s9DjzMwUCYYsIrgIbAwULCQgHAwUVCgkICwUWAgMBAAIe -AQIXgAAKCRCcTb5s9DjzM0xYCACpqhuKTb7Dcy/5SwmWCdFtMMeaORd321+IV0lY -3JG55blOsBgIZujaLWK9sVlE5FS3x6EaQYHEUUu1cEBJlUT9T1Ko5qo/6zz7Y2ic -NK5LPfCPYDirGLYsSK08R/ts2E6IL09u3cFWaiZbvDepjnEakgyNpVcJYlhXayie -DH7t3Om6FPte3ihyT5J5fP6tW1PD0s7HjIFSErmQ1CpgrL5MkGoShcWpYt9IDcmo -7Q8LQE/M/CNCULEnEXXvdtdWL9HsbXlKwIok2ReJ8N4XlcKdaucgP3oTSqtX0/yC -TrytyhTemHgIaXRb3rYcXntQcJHFDlU6K/iWL5ib5bUb53AEwsCOBBMBCgA4FiEE -PC8mBeB4oeGPR5OQnE2+bPQ48zMFAl+9ZiQCGwMFCwkIBwMFFQoJCAsFFgIDAQAC -HgECF4AACgkQnE2+bPQ48zPzJgf/TUZJLdwue6xbI6nz9QynyHn8dM6F5nEz4zEx -Go+lEqR9prXvKVG7xecEMGYuydtS/vzYkLy6pnXDGzkUBgues7CWATz05MezjH+6 -k49EKm0nOubANpCeBVw+hBvtxqBWcdxY2gS7Nl4Qt33hXmAl0A/sn4Yt4bXC3m1e -8nQthj/hMsKiw5gXT3nGZc62fyZPLY6qTDO8L+9j8JhzNoE7dhh5vK5STYpFPY3k -sjUuiAIRqiH+rMshBMaCSWAuTBh0Kv2rzFbtVBhoarSmyaZ+LsFVEV+MXaUN2sv/ -gEta75uKlOYSGwTvecGjm4xtjHjor9DJ16+gJBHwcjnsV6e6+c0gTHVrYXMgU2No -YXVlciA8bHVrYXNAc2NoYXVlci5zbz7CwJMEEwEKACYCGwMHCwkIBwMCAQYVCAIJ -CgsEFgIDAQIeAQIXgAUCVczrqQIZAQAhCRCcTb5s9DjzMxYhBDwvJgXgeKHhj0eT -kJxNvmz0OPMzdycIANghzH+bFgEhJdfIwOX6D4Id3B746XdZmRNbWLToIbJbJflD -TjgZUGNLtmbH8Hv57ss8ssNmkp0nB+c2fb6Ar/Tl3sEheJM49PWbI96ERqSDhr+f -mKKhOEjptwQTAy1prBAvTZ1LbyN9ChJwf00nU3tjBfvS19z8ZFGATY6yBGvnbxHn -qz+n06COcBXsz8dsAtDzvxCMMhfSmgL+PAere8pJCLi3WklazbkzjuKqsfd02GJC -CH/OeLmrtyBG8fkQzVpg4zDFgdetiqvc2bJeYYGmvPhBYtqgTWm8iZvfVRIyN2fF -br04b3hx6eXVjRHSp2+d10so2fVD6Cf3gidBX4LCwJAEEwECACMFAlIeIN8CGwMH -CwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAhCRCcTb5s9DjzMxYhBDwvJgXgeKHh -j0eTkJxNvmz0OPMz0cYH/2NaSfR+rgeq5gmt1R6MYby5Fa7lEqSPiVzVIcKVFlCj -RNcpO/I5o0YTDGX+1DGIn8hpLiv9P3BK5La+Y/JKidq+tITp5pAt4xKuR9ISnxs4 -aLHp1L80fXBDWM4J5v+ATVls9SNeo5FkXBBo3gvMtN91N0467XOn9Iy3u0ei86LK -VAlis6fFlFoE4KqQMoyWOiOOGOkKU45kRerdTc9skccX9jQGzkFpEk7nrrIC1WMr -6i2edbt37LgycW0IgZzbdGRmEgwSq7OfUb4NF49XAb9be0q8x7sMoogkLBGizL2A -soJO6kZmQWejygNIBPKGCK+X9dCsdDI6p67PMJqXoIjOwE0EUV8aEwEIAM1d0x6B -/PUlXfUzkTlYtFmfm67OOPW2EImld+53RgVc/HGY9RyYP0YwxNs1mjWalzJYV6/a -Q9xke/Dz0pLYwIl2c1TCzwinqgymkR17krDJ/+hj2GZBsiEHlMDbWskgwIc7Wldh -cmxsOvsvRrHSCcw7ZFD+iA9l6XJoUrtP9QhJLaj6WoX0fU377t3me6hji5387pzY -oDKiq8cfJu4q/K6oB42kmo+LPVub+DvBBZPDakDnE46v0LfbgvPqjaVxM2KHjqll -epk1CIOAbUbtyC9kVuavDgnIOMe1couHsy0+7fXeQE0xMLPjGGZAXt6OVI8o/1Ib -gA2EbiVR225Tu2cAEQEAAcLAdgQYAQIACQUCUV8aEwIbDAAhCRCcTb5s9DjzMxYh -BDwvJgXgeKHhj0eTkJxNvmz0OPMzT1wIAIZ0Q23vWXHnoSPMfpbmj8U5gcdObh7B -x+AZIdaZ1JyryA4jjXiQGQ6D12z0gxC3mGnrSFe15LEbWXSrERdsxftw7kU2eN6v -+KRzA8NLp5nZrkaeL+H9QVGdVhzDZz7tQACCi6zCHCpuRVStEwOh0bYNPTl9Ah2B -9tAtQFbmoVOhL8Jc3O8bjuOoERRL+YUy1mAXb6bJTZu4yUheZqtOLQoRgy3SB4Ze -GlLYM32JCtDNDyCNXP8QGB0dsRk6wdbgkxBrJxi+i48VWoIhxmg3Szxz0CKWoS71 -XxcstYDTNFULwWnqb9mkxfy3aRVB0EowdvU1TPRv64fKcA0JFBQYoiDOwU0EWpna -/QEQAJqV4HrVPY3MiFYjBbxVl9isBIRG73ySOcOFLKILe1PUre2gz5cIvFzoM+jQ -vtZH5lxndUaC6NEAxFLZVICLIkXF0mv0DreLrjbN+bZiqh1FQ6qJvKKvMSwSTZAh -e/2Fe5frKImEEKlpxB/JdMMTbESHeGs1523Yndmcd6DsgpjfTdoX2b9MmwtBZipE -2ybyzoFo7QDjioIsPTerAvZLf/EsfC8X5XG6uGDE7u/k0i/EnefBmqErXeV3hziq -+YLN0Ja7ltGsl6B0ZLb86HMSj2ZpuGkzWrDzX3JyZVGDMrBie/wKXCxWAOaAwOfJ -F3BTp3LA5Bajg6VzJMGxoQUGiXcoJxAixwC9jUlIj48K3nnS9Wz3mAa3N/UXIr81 -wEKhGpSW+/KuQdLjLXW9W1BF+cJWze0yA6eJzLiQYt6R64p9jIKTWUaPnVg6yrB6 -vbAeecFLZPqjXnzVcb51GvuTWrKK7PyvNIyic59XZaNujC+Cc4L5AS1svA7VcOAW -Hepl3F5JwNhYcKxgpY7J5FCq24B3/xQ4UQb52hh6Rfhv4s9KoeaqDGhObBZ6cBz9 -SVqGGipnyQq6vg7h5Az3hcrC6/blf/IibtkXJzf8Z3N/Jk3zg3AQszy79oqz5K/S -H9Da7Q8drpMWABFldro5eqZ83Agvnje31it/pHJ+ZBYn+dXBABEBAAHCwHYEGAEK -ACAWIQQ8LyYF4Hih4Y9Hk5CcTb5s9DjzMwUCWpna/QIbIAAKCRCcTb5s9DjzM2rH -CADYzgi9AQdCbbjCmrrXqY1dom2zz34tZrIvFnm0IMzmXv8mXxwBnWbVC+K6m/nk -sidv9F9HkErEkc8JVDchnFwVxTEISPQZlg7WHKZri2ILL0NMOzqCpQbJZH1ZkSIh -sizlD/fJ9Dl/nyzJoJN9TUXe10m7zGURaR9+BB/I5UqaeXI1zJDbFg36vDh1NUNJ -YUMl+WFjhbOsMcC9FZbQ3IuBzWrWzljtFNwYj3L5JINu+SiBhknJpRAF4Y2lQYEA -6rQkFR6/k2N9FpetK6hmSo0m/lGC4OvffFEDHKZ8uD5LenRgl8JQSgjHTKViZxCL -pOgUUMWJjqJmuOp9orbdFSXKzsFNBFqZxdUBEAC13KtkbRv6sBOgqFW3RuGRq0MJ -82j3HLbWla8FuvnzEM8ekK7Zb7a3q4aLT/P0hKyIrYunKgpKo4mYR5hX8uMQ84Ux -A/wW9vhM55iDfNxMS7tC3bLICNddz3Xn3do6nwWh3u5hU6ISm3Te/w2ofZtIT2H2 -Y+O9avLfZLQ5SHVL0wwNNXOpJa3VmCn5CeZ7MADnlRMK+vRE20et8mjEkRZMVqwA -jDnQCQi9Qh/EQAl82yI4P6a2HZuDb4iVi/U1rGtZnAS11eIrjp2+WPuECcMkSg3i -fA2gk1Qt1CFQSurTPQfDJEB/nf7atdRajAjF27fgSWAppKbBNn7zjH8HOpxWt0QS -0Lj371eDJmKV0F5r+kZRLaiCT8kksVNR6P5wEQgYvDIUQbWskSbMFzu8oMGt+AKS -fm2341itRNoyjwMGPTTuFkjMRcaLuygheZIbWa3sSny955qNxiujBYdJrYHMn/ja -WYKQA0F6LYyuFgwmUJGc3qdibZ3/Mj8MU/f7uodC23IJTGuFHNJFy9uYzCmTkptG -0yVsSs8fPSjToxdiEb2dgp7XT37qQDrWMIzgFg2WOcyFR6mSwjre2VogPXog2o+i -2l/7ze9Lx+9gF9wZcOvP3pJMS8b9ALIJT48w0mricBcblUWD5IJ4X3NgGn9fJMcH -NtSS4dCyOhAxPYB5wQARAQABwsB2BCgBCgAgFiEEPC8mBeB4oeGPR5OQnE2+bPQ4 -8zMFAlqZ2uACHQMACgkQnE2+bPQ48zPlhQgA4tu4Wey8dT/NTDZZiihT77wxdcXP -w5wO6Bg/lr9BRVJh73kiTIRzQbH3LDnP7y2ZIAH192k6wmM1PFrl9ivaKVocq5Iu -AuJmUQ47vRj0o4zHGss0G6js1K9P2oqt0v2evDK1VRNunOQNA7fubwYL1Mb0J4pl -dfOBKpFzUpo6MKhSKiU4rcNrBYAlbM5m7z6h6PNal/bXWhjJv5HnJD73CqNpinuz -RwefjQqtrjz3kjm8Ss8DhVuVYi3damDiIvQFuOabBWtuGPtnHX0QgH5qS+kIDPYp -zPJTabKAFLuZwZWFRM7WZilELrZfAZrcXFaPdTYCyfPdiLM5BmIHA7r7gcLAdgQY -AQoAIBYhBDwvJgXgeKHhj0eTkJxNvmz0OPMzBQJamcXVAhsgAAoJEJxNvmz0OPMz -T2oIAI56dTjge+TgsloxgGu+Ajlu/eH+oOhyqulqMasWYUemTlQKwGEtrHRNFMB2 -dWOmSWAcJgQ2w3nLmpugFquusZ1zZO7Dkgzw8Krz8a93OXdR08qew8xDSbHGNT6W -20bnP3fGIKt/FwT3Sus5WfWpAjVxsDF7LPy4p4DYGJchi+VSIjwSKR+4cAVP/xBi -evicQSEdZpc2idCEmJtBTDo75dALiEt5vYzCvteFJagI18PzCCdIT+YhONrf8w8j -4CAlh1ZpYqjCb1Vp774YDPqZxn1MBXa8+tCO5rw8F6P6kOE291mblSMQ/3ED6kx/ -yLl3pAvi+WLjSZiq64goYOxF2PjOwU0EW5UcwgEQAM9Hn/9qevhbi6CRF7DBhqDR -KCG/+vWMsyercQgFqd10n4DmRJy3ZBe2035UrnOANJ/l+y8c/wAAPTeSJHhXHZqh -Kd968H118UMe6o9xb7gjDCUmUoEnDEmvM3sygbd76jBeS/6CWfLviRj4eeHuifUw -y9uljVtcqvo2ZiOxuVPKlh2MZU8CCil3WHU+8ZsypSl/sXgljk+QajTm5lFVOS37 -7s72hkekGs9XE+nZqY72v3PD1oev9f1ARwsStFm4WajJ4eWjlmp5NshGowd5Cb6F -0m7iDanqqNNnsJZS6IMEqw8rFJLihtpqkYHRJ9yYq1nofP2wzJraPYAp2zV6hmw8 -45mfkkGYybfSyUtoV21REq6C/0sV7khAzjIa+a7V/6fks6+xlpR9yck97Hgo+iSU -WchacxjSVlvcibf9CadiYYSaN/8JlxM/QSx39AxTrfBI7NZMnR5wmYKCUhskb+rR -QjKWXmkuyaDuVA4dmahZL3OawqSGbt91mpdZIh3tvEP1vGPKnHqt+9WcTQSuPYDY -bM1nXwN5+ZzYlCg92rk8nzdGjPyBT4BkCeGVsjYoY3OcyY/mfyqkfFoqi+4p8/VJ -Il560v3SJW7ZwMRiAWV4WTwsxk0Z4nnQuNy9zbD7wNWUywK3oOkaTBZS7s/bCKWH -dDs0ED0OcdzThAH1aS3vABEBAAHCwHYEGAEKACAWIQQ8LyYF4Hih4Y9Hk5CcTb5s -9DjzMwUCW5UcwgIbIAAKCRCcTb5s9DjzMxJGB/9vTHH4v1GQho6QDVUrn7qd9DWN -4L+OECYIMc0WS4v1OLiFdJvNXQUuldQUqttF5Fb211RFNnXE8F8GyBWbIkyFV+Kr -Sj7uncbmoijnFEsFUh8NSWF9XGDMlvRxV7njGIBNXu0Zks5rydOT9LStuQO9lYYR -Cvzfyi/ZT/Qu6VKcIcoDazU/PqyAmWbbsncdAibvhjumEHCVw0MNdl6h9XhCI69b -dssYonLOao4NX8Kf1+vu1q39oVI5E2DEAOG6/FOXGa1Y73iBcccd7c26HnCY4CkJ -ekb/rlxYhCOaoqRGiSmODvfl6IkQdGhiEjXrgJmT9SWmA8SFMikCen8Tvfdg -=rFgw ------END PGP PUBLIC KEY BLOCK----- diff --git a/50-dehydrated.preset b/50-dehydrated.preset deleted file mode 100644 index ea5c6ad..0000000 --- a/50-dehydrated.preset +++ /dev/null @@ -1 +0,0 @@ -enable dehydrated.timer diff --git a/dehydrated-autowash.patch b/dehydrated-autowash.patch deleted file mode 100644 index 22b9e31..0000000 --- a/dehydrated-autowash.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up dehydrated-0.7.0/dehydrated.autowash dehydrated-0.7.0/dehydrated ---- dehydrated-0.7.0/dehydrated.autowash 2021-01-22 13:11:47.018517599 +0200 -+++ dehydrated-0.7.0/dehydrated 2021-01-22 13:12:44.673042823 +0200 -@@ -1734,7 +1734,7 @@ command_sign_domains() { - - [[ -n "${HOOK}" ]] && ("${HOOK}" "exit_hook" || echo 'exit_hook returned with non-zero exit code!' >&2) - if [[ "${AUTO_CLEANUP}" == "yes" ]]; then -- echo "+ Running automatic cleanup" -+ echo " + Running automatic cleanup" - command_cleanup noinit - fi - diff --git a/dehydrated-cron b/dehydrated-cron deleted file mode 100644 index 75c9976..0000000 --- a/dehydrated-cron +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -# Run dehydrated if there is configured domains -if [ -s /etc/dehydrated/domains.txt ]; then - tempfile=$(mktemp -p /run/dehydrated) - if [ $? -gt 0 ]; then - echo "ERROR, could not create tempfile" >&2 - exit 1 - else - # clean up tempfile on exit - trap "rm -f ${tempfile}" EXIT TERM - fi - set -o pipefail - /usr/bin/dehydrated --cron 2>&1 | tee -a ${tempfile} - RC=$? - if [ ${RC} -gt 0 ]; then - cat ${tempfile} | mailx -S sendwait -s "dehydrated --cron returned error" ${NOTIFY_EMAIL:=root} - fi - exit ${RC} -else - echo "No domains configured" >&2 -fi diff --git a/dehydrated-hook.sh-defaults.patch b/dehydrated-hook.sh-defaults.patch deleted file mode 100644 index 495fa3c..0000000 --- a/dehydrated-hook.sh-defaults.patch +++ /dev/null @@ -1,52 +0,0 @@ -diff -up dehydrated-0.7.1/docs/examples/hook.sh.orig dehydrated-0.7.1/docs/examples/hook.sh ---- dehydrated-0.7.1/docs/examples/hook.sh.orig 2022-10-31 15:12:38.000000000 +0100 -+++ dehydrated-0.7.1/docs/examples/hook.sh 2023-05-31 03:12:35.312025334 +0200 -@@ -21,7 +21,7 @@ deploy_challenge() { - # be found in the $TOKEN_FILENAME file. - - # Simple example: Use nsupdate with local named -- # printf 'server 127.0.0.1\nupdate add _acme-challenge.%s 300 IN TXT "%s"\nsend\n' "${DOMAIN}" "${TOKEN_VALUE}" | nsupdate -k /var/run/named/session.key -+ # printf 'server 127.0.0.1\nupdate add _acme-challenge.%s 30 IN TXT "%s"\nsend\n' "${DOMAIN}" "${TOKEN_VALUE}" | nsupdate -k /etc/named/session.key - } - - clean_challenge() { -@@ -34,7 +34,7 @@ clean_challenge() { - # The parameters are the same as for deploy_challenge. - - # Simple example: Use nsupdate with local named -- # printf 'server 127.0.0.1\nupdate delete _acme-challenge.%s TXT "%s"\nsend\n' "${DOMAIN}" "${TOKEN_VALUE}" | nsupdate -k /var/run/named/session.key -+ # printf 'server 127.0.0.1\nupdate delete _acme-challenge.%s TXT "%s"\nsend\n' "${DOMAIN}" "${TOKEN_VALUE}" | nsupdate -k /etc/named/session.key - } - - sync_cert() { -@@ -86,8 +86,14 @@ deploy_cert() { - # Timestamp when the specified certificate was created. - - # Simple example: Copy file to nginx config -- # cp "${KEYFILE}" "${FULLCHAINFILE}" /etc/nginx/ssl/; chown -R nginx: /etc/nginx/ssl -- # systemctl reload nginx -+ # umask=$(umask) # save original umask -+ # umask 077 # use secure umask for key file creation -+ # cat "${KEYFILE}" > /etc/pki/tls/private/${DOMAIN}.key -+ # touch --reference="${KEYFILE}" /etc/pki/tls/private/${DOMAIN}.key -+ # umask 022 # wider permission for certificates -+ # cat "${FULLCHAINFILE}" > /etc/pki/tls/certs/${DOMAIN}.crt -+ # umask ${umask} # restore umask -+ # systemctl reload nginx.service - } - - deploy_ocsp() { -@@ -214,6 +220,13 @@ exit_hook() { - # Contains error message if dehydrated exits with error - } - -+# Include local overrides for hook.sh functions -+if [ -d /etc/dehydrated/hook.d ]; then -+ for localhook in $(ls -1 /etc/dehydrated/hook.d/*.sh 2>/dev/null); do -+ . "${localhook}" -+ done -+fi -+ - HANDLER="$1"; shift - if [[ "${HANDLER}" =~ ^(deploy_challenge|clean_challenge|sync_cert|deploy_cert|deploy_ocsp|unchanged_cert|invalid_challenge|request_failure|generate_csr|startup_hook|exit_hook)$ ]]; then - "$HANDLER" "$@" diff --git a/dehydrated-improve-trap-handling.patch b/dehydrated-improve-trap-handling.patch deleted file mode 100644 index a4da047..0000000 --- a/dehydrated-improve-trap-handling.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up dehydrated-0.7.0/dehydrated.improve-trap-handling dehydrated-0.7.0/dehydrated ---- dehydrated-0.7.0/dehydrated.improve-trap-handling 2021-01-23 10:53:56.138791571 +0200 -+++ dehydrated-0.7.0/dehydrated 2021-01-23 11:02:55.124007858 +0200 -@@ -528,7 +528,7 @@ init_system() { - [[ -w "${LOCKDIR}" ]] || _exiterr "Directory ${LOCKDIR} for LOCKFILE ${LOCKFILE} is not writable, aborting." - ( set -C; date > "${LOCKFILE}" ) 2>/dev/null || _exiterr "Lock file '${LOCKFILE}' present, aborting." - remove_lock() { rm -f "${LOCKFILE}"; } -- trap 'remove_lock' EXIT -+ trap 'remove_lock' EXIT TERM - fi - - # Get CA URLs diff --git a/dehydrated.service b/dehydrated.service deleted file mode 100644 index 6a55914..0000000 --- a/dehydrated.service +++ /dev/null @@ -1,6 +0,0 @@ -[Unit] -Description=dehydrated client for signing certificates with an ACME server - -[Service] -Type=oneshot -ExecStart=/usr/libexec/dehydrated-cron diff --git a/dehydrated.spec b/dehydrated.spec index eaf1da0..c37c733 100644 --- a/dehydrated.spec +++ b/dehydrated.spec @@ -1,41 +1,20 @@ -Summary: Client for signing certificates with an ACME server +%{!?_rundir:%global _rundir %%{_localstatedir}/run} + +Summary: A client for signing certificates with an ACME server Name: dehydrated -Version: 0.7.1 -Release: 8%{?dist} +Version: 0.6.5 +Release: 1%{?dist} License: MIT -URL: https://github.com/dehydrated-io/dehydrated -Source0: https://github.com/dehydrated-io/dehydrated/releases/download/v%{version}/dehydrated-%{version}.tar.gz -Source1: https://github.com/dehydrated-io/dehydrated/releases/download/v%{version}/dehydrated-%{version}.tar.gz.asc -Source2: https://keys.openpgp.org/vks/v1/by-fingerprint/3C2F2605E078A1E18F4793909C4DBE6CF438F333 -Source3: dehydrated.tmpfiles -Source4: dehydrated.timer -Source5: dehydrated.service -Source6: 50-dehydrated.preset -Source7: dehydrated-cron - -Patch0: dehydrated-autowash.patch -Patch1: dehydrated-improve-trap-handling.patch -Patch2: dehydrated-hook.sh-defaults.patch - -BuildArch: noarch -BuildRequires: gnupg2 -BuildRequires: systemd-rpm-macros -%{?systemd_requires} -Requires: coreutils -Requires: curl -Requires: diffutils -Requires: gawk -Requires: grep -%if 0%{?fedora} || 0%{?rhel} >= 9 -# Usually provided by s-nail, historically by mailx -Requires: /usr/bin/mailx -%else -# s-nail (EPEL 8) provides /usr/bin/mailx, mailx (RHEL 8) provides /bin/mailx -Requires: (/usr/bin/mailx or /bin/mailx) -%endif +URL: https://github.com/lukas2511/dehydrated +Source0: https://github.com/lukas2511/dehydrated/releases/download/v%{version}/%{name}-%{version}.tar.gz +Source1: dehydrated.tmpfiles Requires: openssl +Requires: curl Requires: sed -Requires: util-linux +%if 0%{?fedora} || 0%{?rhel} >= 7 +BuildRequires: systemd +%endif +BuildArch: noarch %description This is a client for signing certificates with an ACME-server (currently @@ -44,70 +23,45 @@ script. Dehydrated supports both ACME v1 and the new ACME v2 including support for wildcard certificates! Current features: -- Signing of a list of domains (including wildcard domains!) -- Signing of a custom CSR (either standalone or completely automated using - hooks!) -- Renewal if a certificate is about to expire or defined set of domains changed -- Certificate revocation +* Signing of a list of domains +* Signing of a CSR +* Renewal if a certificate is about to expire or SAN (subdomains) changed +* Certificate revocation %prep -%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' %setup -q -%patch -P0 -p1 -b .autowash -%patch -P1 -p1 -b .improve-trap-handling -%patch -P2 -p1 %build : nothing to do %install -mkdir -p %{buildroot}%{_rundir}/dehydrated mkdir -p %{buildroot}%{_sysconfdir}/dehydrated/accounts mkdir -p %{buildroot}%{_sysconfdir}/dehydrated/archive mkdir -p %{buildroot}%{_sysconfdir}/dehydrated/certs mkdir -p %{buildroot}%{_sysconfdir}/dehydrated/conf.d -mkdir -p %{buildroot}%{_sysconfdir}/dehydrated/domains.txt.d -mkdir -p %{buildroot}%{_sysconfdir}/dehydrated/hook.d -install -D -p -m 0644 %{SOURCE3} %{buildroot}%{_tmpfilesdir}/dehydrated.conf -install -D -p -m 0644 %{SOURCE4} %{buildroot}%{_unitdir}/dehydrated.timer -install -D -p -m 0644 %{SOURCE5} %{buildroot}%{_unitdir}/dehydrated.service -install -D -p -m 0644 %{SOURCE6} %{buildroot}%{_presetdir}/50-dehydrated.preset -install -D -p -m 0755 %{SOURCE7} %{buildroot}%{_libexecdir}/dehydrated-cron +mkdir -p %{buildroot}%{_rundir}/dehydrated +%if 0%{?fedora} || 0%{?rhel} >= 7 +install -D -p -m 0644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/dehydrated.conf +%endif sed \ -e 's|^#LOCKFILE="\${BASEDIR}/lock"|LOCKFILE="%{_rundir}/dehydrated/lock"|' \ -e 's|^#CONFIG_D=|CONFIG_D="\${BASEDIR}/conf.d"|' \ -e 's|^#HOOK=|HOOK="\${BASEDIR}/hook.sh"|' \ -e 's|^#PRIVATE_KEY_RENEW="yes"|PRIVATE_KEY_RENEW="no"|' \ - -e 's|^#AUTO_CLEANUP="no"|AUTO_CLEANUP="yes"|' \ - -e 's|^#KEY_ALGO=secp384r1|KEY_ALGO=rsa|' \ docs/examples/config >%{buildroot}%{_sysconfdir}/dehydrated/config -touch --reference=docs/examples/config \ - %{buildroot}%{_sysconfdir}/dehydrated/config -sed -i.orig -e 's|^\#!/usr/bin/env bash|#!/bin/bash|' \ - docs/examples/hook.sh -touch --reference=docs/examples/hook.sh.orig \ - docs/examples/hook.sh && rm docs/examples/hook.sh.orig -install -p docs/examples/hook.sh %{buildroot}%{_sysconfdir}/dehydrated/hook.sh -sed -i.orig -e 's|^\#!/usr/bin/env bash|#!/bin/bash|' \ - dehydrated -touch --reference=dehydrated.orig dehydrated && \ - rm dehydrated.orig - +install -p docs/examples/hook.sh %{buildroot}%{_sysconfdir}/dehydrated/ install -D -p -m 0755 dehydrated %{buildroot}%{_bindir}/dehydrated -install -D -p -m 0644 docs/man/dehydrated.1 \ - %{buildroot}%{_mandir}/man1/dehydrated.1 +install -D -p -m 0644 docs/man/dehydrated.1 %{buildroot}%{_mandir}/man1/dehydrated.1 rm -rf docs/man/ -# remove execute bits from documentation -chmod a-x docs/examples/hook.sh %post -%systemd_post dehydrated.timer dehydrated.service -if [ $1 -eq 1 ]; then - systemctl start dehydrated.timer >/dev/null 2>&1 || : +if [ ! -f %{_sysconfdir}/cron.d/dehydrated ]; then + echo "$(($RANDOM % 60)) $(($RANDOM % 6)) * * $(($RANDOM % 7)) root test -s %{_sysconfdir}/dehydrated/domains.txt && %{_bindir}/dehydrated --cron" \ + >%{_sysconfdir}/cron.d/dehydrated fi umask=$(umask) umask 027 -if [ -z "$(ls -1 %{_sysconfdir}/dehydrated/conf.d/*.sh 2>/dev/null)" ]; then +if [ -z "$(ls %{_sysconfdir}/dehydrated/conf.d/*.sh 2>/dev/null)" ]; then touch %{_sysconfdir}/dehydrated/conf.d/local.sh fi if [ ! -e %{_sysconfdir}/dehydrated/domains.txt ]; then @@ -115,25 +69,10 @@ if [ ! -e %{_sysconfdir}/dehydrated/domains.txt ]; then fi umask ${umask} || : -%preun -%systemd_preun dehydrated.timer dehydrated.service - -%postun -%systemd_postun_with_restart dehydrated.timer -%systemd_postun dehydrated.service - -%triggerun -- dehydrated <= 0.7.0-2 -systemctl preset dehydrated.timer dehydrated.service >/dev/null 2>&1 || : -systemctl start dehydrated.timer >/dev/null 2>&1 || : - %files -%doc README.md CHANGELOG docs/* +%doc README.md docs/* %license LICENSE -%{_presetdir}/50-dehydrated.preset -%{_unitdir}/dehydrated.service -%{_unitdir}/dehydrated.timer -%{_tmpfilesdir}/dehydrated.conf -%{_libexecdir}/dehydrated-cron +%attr(0644,root,root) %ghost %{_sysconfdir}/cron.d/dehydrated %attr(0750,root,root) %dir %{_sysconfdir}/dehydrated %attr(0640,root,root) %config(noreplace) %{_sysconfdir}/dehydrated/config %attr(0750,root,root) %config(noreplace) %{_sysconfdir}/dehydrated/hook.sh @@ -143,73 +82,14 @@ systemctl start dehydrated.timer >/dev/null 2>&1 || : %attr(0750,root,root) %dir %{_sysconfdir}/dehydrated/conf.d %attr(0640,root,root) %ghost %{_sysconfdir}/dehydrated/conf.d/local.sh %attr(0640,root,root) %ghost %{_sysconfdir}/dehydrated/domains.txt -%attr(0750,root,root) %dir %{_sysconfdir}/dehydrated/domains.txt.d -%attr(0750,root,root) %dir %{_sysconfdir}/dehydrated/hook.d %attr(0750,root,root) %dir %{_rundir}/dehydrated +%if 0%{?fedora} || 0%{?rhel} >= 7 +%{_tmpfilesdir}/dehydrated.conf +%endif %{_bindir}/dehydrated %{_mandir}/man1/dehydrated.1* %changelog -* Wed Jul 23 2025 Fedora Release Engineering - 0.7.1-8 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild - -* Thu Jan 16 2025 Fedora Release Engineering - 0.7.1-7 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild - -* Thu Dec 26 2024 Robert Scheck - 0.7.1-6 -- Added missing dehydrated run-time requirements -- Resolved: rhbz#2279854 dehydrated dependency issue on EL8 - -* Wed Jul 17 2024 Fedora Release Engineering - 0.7.1-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild - -* Wed Jan 24 2024 Fedora Release Engineering - 0.7.1-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Fri Jan 19 2024 Fedora Release Engineering - 0.7.1-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Wed Jul 19 2023 Fedora Release Engineering - 0.7.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild - -* Wed May 31 2023 Robert Scheck - 0.7.1-1 -- Resolved: rhbz#2139056 dehydrated-0.7.1 is available -- Resolved: rhbz#2035549 genkey ecparam - ECDSA key, P-384 (secp384r1) - -* Thu Jan 19 2023 Fedora Release Engineering - 0.7.0-7 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild - -* Thu Jul 21 2022 Fedora Release Engineering - 0.7.0-6 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild - -* Fri Feb 04 2022 Carl George - 0.7.0-5 -- Require path instead of package name for mailx rhbz#2050852 - -* Thu Jan 20 2022 Fedora Release Engineering - 0.7.0-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild - -* Wed Jul 21 2021 Fedora Release Engineering - 0.7.0-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild - -* Tue Jun 01 2021 Paul Wouters - 0.7.0-2 -- Update trigger to proper version - -* Tue Jun 01 2021 Paul Wouters - 0.7.0-1 -- Resolved: rhbz#1872621 [RFE] Ship systemd units for auto-renewal -- Resolved: rhbz#1906674 dehydrated-0.7.0 is available - -* Tue Jan 26 2021 Fedora Release Engineering - 0.6.5-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - -* Mon Jul 27 2020 Fedora Release Engineering - 0.6.5-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild - -* Tue Jan 28 2020 Fedora Release Engineering - 0.6.5-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - -* Wed Jul 24 2019 Fedora Release Engineering - 0.6.5-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild - * Wed Jun 26 2019 Paul Wouters - 0.6.5-1 - Resolves: rhbz#1723766 Updated to 0.6.5 diff --git a/dehydrated.timer b/dehydrated.timer deleted file mode 100644 index e0024ad..0000000 --- a/dehydrated.timer +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=dehydrated client for signing certificates with an ACME server - -[Timer] -OnCalendar=daily -Persistent=true -RandomizedDelaySec=2h - -[Install] -WantedBy=timers.target diff --git a/sources b/sources index 1352885..7369fd6 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -SHA512 (dehydrated-0.7.1.tar.gz) = b7ac078d6034e784f3f485e8ce56b5fa2f1e2a3b5ef014d260046b5f1d5cbd99727501e95a9530d0d1b2f300003d3fa5bf7e7f532092041597236d92fbeb0f3c -SHA512 (dehydrated-0.7.1.tar.gz.asc) = f03872b7e087b3f719a76aaebd46f017f47595feb03a29f5fcbe33796655cdcd0a34580ae34a85e3280c8305a2fe2ada47e4436bfbec294b7dbf67768df86394 +SHA512 (dehydrated-0.6.5.tar.gz) = da8ff3ecb7ddeb25356469fa272aef4e7c3705049caf88d09656dbc4baf29e0efa135e6f154c78cec82da17a27a78f2145ee3b7bd71521a080e10550d09b8a53