diff options
author | surefire | 2017-02-04 22:04:13 +0300 |
---|---|---|
committer | surefire | 2017-02-04 22:04:13 +0300 |
commit | 6d5f71e755aa36553ec4a3a6f4d48bf48745f482 (patch) | |
tree | 3774076653193bcacc9138be187e72e116e59808 | |
parent | 6820a7d6e86e8826f2777150520eba583a645749 (diff) | |
download | aur-6d5f71e755aa36553ec4a3a6f4d48bf48745f482.tar.gz |
upgpkg: acme-client 0.1.16
-rw-r--r-- | .SRCINFO | 14 | ||||
-rw-r--r-- | .gitignore | 5 | ||||
-rw-r--r-- | PKGBUILD | 33 | ||||
-rw-r--r-- | acme@.service | 14 | ||||
-rw-r--r-- | example.conf | 5 | ||||
-rwxr-xr-x | example.hook | 14 |
6 files changed, 54 insertions, 31 deletions
@@ -1,12 +1,12 @@ pkgbase = acme-client-git pkgdesc = Yet another ACME client, specifically for Let's Encrypt, but one with a strong focus on security. Written in C. - pkgver = 0.1.15.r2.g1613a32 + pkgver = 0.1.16+2+g94f9e1e pkgrel = 1 url = https://kristaps.bsd.lv/acme-client/ arch = x86_64 arch = i686 arch = armv7h - license = BSD + license = custom:ISC makedepends = git depends = libbsd provides = acme-client @@ -15,15 +15,17 @@ pkgbase = acme-client-git conflicts = letskencrypt options = emptydirs source = acme-client-git::git+https://github.com/kristapsdz/acme-client-portable.git - source = http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.5.0.tar.gz + source = http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.5.1.tar.gz source = acme@.timer source = acme@.service source = example.conf + source = example.hook sha256sums = SKIP - sha256sums = 8652bf6b55ab51fb37b686a3f604a2643e0e8fde2c56e6a936027d12afda6eae + sha256sums = f71ae0a824b78fb1a47ffa23c9c26e9d96c5c9b29234eacedce6b4c7740287cd sha256sums = c7d852229ae8a1b816ec476554c5d703a5513e6578a38672a52f7e7fca653b73 - sha256sums = d6e274929979a385308f29b4f15a923ce888b57faca9925b6f46a995b2bfd662 - sha256sums = 7ba2721a5eba7eaa10b5fdc1dea213f6e08ab29f3b69c49a2310c7a9a349bc9d + sha256sums = ddaccc43724be3b89d154aced64c6b04089047345c71dcbd60dc41719faae1f6 + sha256sums = d9716504c4c8eb9f1e238ecca6e691cb645657ae0bc32621e9ff10c6791dc978 + sha256sums = 05f97e21e3807fa48e048a56b393bf9fe7e450ded978ccdfb04923b460ec62d1 pkgname = acme-client-git diff --git a/.gitignore b/.gitignore index c470a9e7ae07..c1b2cd8f752a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ acme-client-git/ -*.tgz +pkg/ +src/ +*.pkg.tar.* *.tar.gz -*.tar.xz @@ -1,26 +1,27 @@ # Maintainer: surefire@cryptomile.net - pkgname=acme-client-git -pkgver=0.1.15.r2.g1613a32 +pkgver=0.1.16+2+g94f9e1e pkgrel=1 arch=('x86_64' 'i686' 'armv7h') -license=('BSD') +license=('custom:ISC') pkgdesc="Yet another ACME client, specifically for Let's Encrypt, but one with a strong focus on security. Written in C." url='https://kristaps.bsd.lv/acme-client/' -_sslver=2.5.0 +_sslver=2.5.1 source=(${pkgname}::'git+https://github.com/kristapsdz/acme-client-portable.git' "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${_sslver}.tar.gz" 'acme@.timer' 'acme@.service' - 'example.conf') + 'example.conf' + 'example.hook') sha256sums=('SKIP' - '8652bf6b55ab51fb37b686a3f604a2643e0e8fde2c56e6a936027d12afda6eae' + 'f71ae0a824b78fb1a47ffa23c9c26e9d96c5c9b29234eacedce6b4c7740287cd' 'c7d852229ae8a1b816ec476554c5d703a5513e6578a38672a52f7e7fca653b73' - 'd6e274929979a385308f29b4f15a923ce888b57faca9925b6f46a995b2bfd662' - '7ba2721a5eba7eaa10b5fdc1dea213f6e08ab29f3b69c49a2310c7a9a349bc9d') + 'ddaccc43724be3b89d154aced64c6b04089047345c71dcbd60dc41719faae1f6' + 'd9716504c4c8eb9f1e238ecca6e691cb645657ae0bc32621e9ff10c6791dc978' + '05f97e21e3807fa48e048a56b393bf9fe7e450ded978ccdfb04923b460ec62d1') depends=('libbsd') makedepends=('git') @@ -32,22 +33,15 @@ options=('emptydirs') pkgver() { cd "${pkgname}" - git describe --long --tags | sed 's/VERSION_//;s/\([^-]*-g\)/r\1/;s/[-_]/./g' -} - -prepare() { - cd "${pkgname}" - - # Disable libseccomp - sed -i GNUmakefile -e '/pkg-config --exists libseccomp/ s/echo 1/echo 0/' + git describe --long --tags | sed 's/^VERSION_//; s/_/./g; s/-/+/g' } build() { - cd "libressl-${_sslver}" + cd "$srcdir/libressl-${_sslver}" ./configure --disable-shared --enable-static make - cd "../${pkgname}" + cd "$srcdir/$pkgname" make \ CPPFLAGS="-I../libressl-${_sslver}/include" \ LDFLAGS="-L../libressl-${_sslver}/{tls,ssl,crypto}/.libs" @@ -62,6 +56,7 @@ package() { install -Dm644 -t "${pkgdir}/usr/lib/systemd/system" ../acme@.{timer,service} install -Dm644 -t "${pkgdir}/etc/acme" ../example.conf + install -Dm755 -t "${pkgdir}/etc/acme" ../example.hook - install -dm0755 "${pkgdir}/var/lib/acme"/{accounts,certs} + install -dm755 "${pkgdir}/var/lib/acme"/{accounts,certs} } diff --git a/acme@.service b/acme@.service index 5103ef9a16da..4371fd089963 100644 --- a/acme@.service +++ b/acme@.service @@ -5,7 +5,9 @@ Requires=network.target AssertFileNotEmpty=/etc/acme/%I.conf [Service] -# You need to configure http server so that directory "/run/acme-challenge" was the alias of "/.well-known/acme-challenge" +# You need to configure http server +# so that directory "/run/acme-challenge" +# was the alias of "/.well-known/acme-challenge" # # Nginx example: # @@ -25,8 +27,14 @@ Environment="ACME_ACCOUNT=letsencrypt" EnvironmentFile=/etc/acme/%I.conf ExecStartPre=/usr/bin/install -dm0700 "${ACME_DIR}/certs/%I" - -ExecStart=/usr/bin/acme-client $ACME_ARGS -f "${ACME_DIR}/accounts/${ACME_ACCOUNT}.pem" -c "${ACME_DIR}/certs/%I" -k "${ACME_DIR}/certs/%I/privkey.pem" -C /run/acme-challenge $ACME_DOMAINS +ExecStopPost=/usr/bin/sh -c "[ ! -x '/etc/acme/%I.hook' ] || exec '/etc/acme/%I.hook'" + +ExecStart=/usr/bin/acme-client $ACME_ARGS \ + -f "${ACME_DIR}/accounts/${ACME_ACCOUNT}.pem" \ + -c "${ACME_DIR}/certs/%I" \ + -k "${ACME_DIR}/certs/%I/privkey.pem" \ + -C /run/acme-challenge \ + $ACME_DOMAINS CapabilityBoundingSet=CAP_SYS_CHROOT CAP_SETUID CAP_SETGID NoNewPrivileges=true diff --git a/example.conf b/example.conf index 10082bf73b82..c6552fdb3a89 100644 --- a/example.conf +++ b/example.conf @@ -1,4 +1,7 @@ -# Before first run you need to configure http server so that directory "/run/acme-challenge" was the alias of "/.well-known/acme-challenge" +# Before first run you need to configure http server +# so that directory "/run/acme-challenge" +# was the alias of "/.well-known/acme-challenge" +# # Nginx example: # location /.well-known/acme-challenge { # alias /run/acme-challenge; diff --git a/example.hook b/example.hook new file mode 100755 index 000000000000..807de8863c69 --- /dev/null +++ b/example.hook @@ -0,0 +1,14 @@ +#!/bin/sh +# +# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#%24EXIT_CODE +# > $EXIT_STATUS contains the numeric exit code formatted as string if $EXIT_CODE is "exited", +# > and the signal name in all other cases. +# +# $EXIT_STATUS of acme-client +# 1 on failure +# 2 if the certificates didn't change (up to date) +# 0 if certificates were changed (revoked or updated). + +if [ 0 = "$EXIT_STATUS" ]; then + systemctl reload nginx.service +fi |