diff options
author | surefire | 2016-09-18 20:42:00 +0300 |
---|---|---|
committer | surefire | 2016-09-18 20:55:43 +0300 |
commit | b9ec62c07e84839e215fe6a3b4ae00c5663317c0 (patch) | |
tree | a17a1921fb541141614e4ceca6997e69b4ccd15c | |
download | aur-b9ec62c07e84839e215fe6a3b4ae00c5663317c0.tar.gz |
Initial
-rw-r--r-- | .SRCINFO | 25 | ||||
-rw-r--r-- | .gitignore | 4 | ||||
-rw-r--r-- | PKGBUILD | 65 | ||||
-rw-r--r-- | acme@.service | 28 | ||||
-rw-r--r-- | acme@.timer | 9 | ||||
-rw-r--r-- | example.conf | 29 |
6 files changed, 160 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..732cc35c00b9 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,25 @@ +pkgbase = acme-client-git + pkgdesc = Yet another ACME client, specifically for Let's Encrypt, but one with a strong focus on security. Written in C. + pkgver = 0.1.11.r4.ge15995f + pkgrel = 1 + url = https://kristaps.bsd.lv/acme-client/ + arch = any + license = custom + makedepends = git + depends = libbsd + provides = acme-client + conflicts = acme-client + options = emptydirs + source = acme-client-git::git+https://github.com/kristapsdz/acme-client-portable.git + source = http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.4.2.tar.gz + source = acme@.timer + source = acme@.service + source = example.conf + sha256sums = SKIP + sha256sums = 5f87d778e5d62822d60e38fa9621c1c5648fc559d198ba314bd9d89cbf67d9e3 + sha256sums = c7d852229ae8a1b816ec476554c5d703a5513e6578a38672a52f7e7fca653b73 + sha256sums = 2fbe99262986b4e4d84e659bc868e1e616c3b150190d50994f4184b1d606dc60 + sha256sums = b441b83feda96286a932add31237abfccb9f7bed7d13a3c6d85886e6a62fcc8f + +pkgname = acme-client-git + diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000000..c470a9e7ae07 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +acme-client-git/ +*.tgz +*.tar.gz +*.tar.xz diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..893efde6caf1 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,65 @@ +# Maintainer: surefire@cryptomile.net + +pkgname=acme-client-git +_pkgname=acme-client +pkgver=0.1.11.r4.ge15995f +pkgrel=1 +arch=('x86_64' 'i686') +license=('custom') +pkgdesc="Yet another ACME client, specifically for Let's Encrypt, but one with a strong focus on security. Written in C." +url='https://kristaps.bsd.lv/acme-client/' + +_sslver=2.4.2 + +source=(${pkgname}::'git+https://github.com/kristapsdz/acme-client-portable.git' + "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${_sslver}.tar.gz" + 'acme@.timer' + 'acme@.service' + 'example.conf') + +sha256sums=('SKIP' + '5f87d778e5d62822d60e38fa9621c1c5648fc559d198ba314bd9d89cbf67d9e3' + 'c7d852229ae8a1b816ec476554c5d703a5513e6578a38672a52f7e7fca653b73' + '2fbe99262986b4e4d84e659bc868e1e616c3b150190d50994f4184b1d606dc60' + 'b441b83feda96286a932add31237abfccb9f7bed7d13a3c6d85886e6a62fcc8f') + +depends=('libbsd') +makedepends=('git') + +conflicts=('acme-client') +provides=('acme-client') + +options=('emptydirs') + +pkgver() { + cd "${pkgname}" + git describe --long --tags | sed 's/VERSION_//;s/\([^-]*-g\)/r\1/;s/[-_]/./g' +} + +build() { + pushd "libressl-${_sslver}" + ./configure --disable-shared --disable-static --enable-static=tls,ssl,crypto + make + + popd + + pushd "${pkgname}" + make \ + LIBBSD='-Wl,-dy -lbsd' \ + CFLAGS="-g -W -Wall -DHAVE_CONFIG_H -I../libressl-${_sslver}/include" \ + LDFLAGS="-L../libressl-${_sslver}/{tls,ssl,crypto}/.libs -Wl,-dn" +} + +package() { + cd "${pkgname}" + + install -Dm755 -t "${pkgdir}/usr/bin" acme-client + install -Dm644 -t "${pkgdir}/usr/share/man/man1" acme-client.1 + install -Dm644 -t "${pkgdir}/usr/share/licenses/${_pkgname}" LICENSE.md + + install -Dm644 -t "${pkgdir}/usr/lib/systemd/system" ../acme@.{timer,service} + install -Dm644 -t "${pkgdir}/etc/acme" ../example.conf + + install -dm0755 "${pkgdir}/var/lib/acme/accounts" "${pkgdir}/var/lib/acme/certs" + +} diff --git a/acme@.service b/acme@.service new file mode 100644 index 000000000000..b2f16e6ddbc9 --- /dev/null +++ b/acme@.service @@ -0,0 +1,28 @@ +[Unit] +Description=Check and renew ACME TLS certificates +After=network.target +Requires=network.target + +[Service] +# You need to configure http server so that directory "/run/acme-challenge" was the alias of "/.well-known/acme-challenge" +# +# Nginx example: +# +# location /.well-known/acme-challenge { +# alias /run/acme-challenge; +# } + +RuntimeDirectory=acme-challenge +RuntimeDirectoryMode=0755 + +SuccessExitStatus=2 + +Environment="ACME_DIR=/var/lib/acme" +Environment="ACME_ARGS=-vbnN" +Environment="ACME_ACCOUNT=letsencrypt" + +EnvironmentFile=/etc/acme/%I.conf + +ExecStartPre=/usr/bin/install -dm0700 "${ACME_DIR}/certs/%I" + +ExecStart=/usr/bin/acme-client $ACME_ARGS -f "${ACME_DIR}/accounts/${ACME_ACCOUNT}.pem" -c "${ACME_DIR}/certs/%I" -k "${ACME_DIR}/certs/%I/privkey.pem" -C /run/acme-challenge $ACME_DOMAINS diff --git a/acme@.timer b/acme@.timer new file mode 100644 index 000000000000..3b954c3ae74e --- /dev/null +++ b/acme@.timer @@ -0,0 +1,9 @@ +[Unit] +Description=Check and renew ACME TLS certificates + +[Timer] +OnCalendar=daily +RandomizedDelaySec=1h + +[Install] +WantedBy=timers.target diff --git a/example.conf b/example.conf new file mode 100644 index 000000000000..9ea17221ba09 --- /dev/null +++ b/example.conf @@ -0,0 +1,29 @@ +# Before first run you need to configure http server so that directory "/run/acme-challenge" was the alias of "/.well-known/acme-challenge" +# Nginx example: +# location /.well-known/acme-challenge { +# alias /run/acme-challenge; +# } +# +# Manual run: +# systemctl start acme@example +# +# Show status: +# journalctl -e -u acme@example +# +# If no errors, then certificate and key will be placed in the directory /var/lib/acme/certs/example +# +# Enable daily timer check and renew certs: +# systemctl enable --now letsencrypt@example.timer + +# List domain names included in certificate separated by space. All domains should work and refer to this server. +ACME_DOMAINS="example.com www.example.com" + +# Directory for acme accounts and certificates +#ACME_DIR="/var/lib/acme" + +#ACME_ACCOUNT="letsencrypt" + +#ACME_ARGS="-vbnN" + +# See also: +# man 1 acme-client |