[arch-commits] Commit in acme-user/trunk (6 files)
Bruno Pagani
archange at gemini.archlinux.org
Sat Apr 9 20:27:00 UTC 2022
Date: Saturday, April 9, 2022 @ 20:26:59
Author: archange
Revision: 1183157
upgpkg: acme-user 1.0.1-1
Deleted:
acme-user/trunk/acme-post.sh
acme-user/trunk/acme-renew.sh
acme-user/trunk/acme.service
acme-user/trunk/acme.sysusers
acme-user/trunk/acme.timer
acme-user/trunk/acme.tmpfiles
---------------+
acme-post.sh | 18 ------------------
acme-renew.sh | 8 --------
acme.service | 38 --------------------------------------
acme.sysusers | 1 -
acme.timer | 10 ----------
acme.tmpfiles | 3 ---
6 files changed, 78 deletions(-)
Deleted: acme-post.sh
===================================================================
--- acme-post.sh 2022-04-09 20:25:51 UTC (rev 1183156)
+++ acme-post.sh 2022-04-09 20:26:59 UTC (rev 1183157)
@@ -1,18 +0,0 @@
-#!/usr/bin/sh
-
-# Read through domains
-for domain in $(find /etc/acme -type d -not -path /etc/acme); do
- if [ -f ${domain}/fullchain_new.pem ]; then # The certificate was renewed
- echo "Replacing certificate and fixing permissions for ${domain##*/}…"
- mv ${domain}/fullchain{_new,}.pem
- chown root:root ${domain}/fullchain.pem
- chmod 444 ${domain}/fullchain.pem
- # Splitting for OCSP needs
- FULLCHAIN=$(<${domain}/fullchain.pem)
- echo "${FULLCHAIN%%-----END CERTIFICATE-----*}-----END CERTIFICATE-----" > ${domain}/cert.pem
- echo -e "${FULLCHAIN#*-----END CERTIFICATE-----}" | sed '/./,$!d' > ${domain}/chain.pem
- fi
- # Regenerate answers for OCSP stapling (whether or not the certificate has been renewed)
- echo "Regenerating OCSP priming for ${domain##*/}…"
- openssl ocsp -noverify -no_nonce -respout ${domain}/ocsp.der -issuer ${domain}/chain.pem -cert ${domain}/cert.pem -url $(openssl x509 -noout -ocsp_uri -in ${domain}/cert.pem)
-done
Deleted: acme-renew.sh
===================================================================
--- acme-renew.sh 2022-04-09 20:25:51 UTC (rev 1183156)
+++ acme-renew.sh 2022-04-09 20:26:59 UTC (rev 1183157)
@@ -1,8 +0,0 @@
-#!/usr/bin/sh
-
-for domain in $(find /etc/acme -type d -not -path /etc/acme); do
- echo "Checking certificate expiry date for ${domain##*/}…"
- openssl x509 -noout -checkend 2592000 -in ${domain}/fullchain.pem > /dev/null 2>&1 && echo "Certificate not expiring within 30 days, skipping." && continue
- echo "Renewing certificate for ${domain##*/}…"
- /usr/bin/acme-tiny --account-key /etc/acme/accountkey.pem --csr ${domain}/csr.pem --acme-dir /var/lib/acme/ > ${domain}/fullchain_new.pem || exit
-done
Deleted: acme.service
===================================================================
--- acme.service 2022-04-09 20:25:51 UTC (rev 1183156)
+++ acme.service 2022-04-09 20:26:59 UTC (rev 1183157)
@@ -1,38 +0,0 @@
-[Unit]
-Description=ACME certificate renewal
-
-[Service]
-Type=oneshot
-User=acme
-Group=acme
-PermissionsStartOnly=True
-ExecStart=/usr/bin/acme-renew
-ExecStartPost=!/usr/bin/acme-post
-Restart=on-failure
-StateDirectory=acme
-ReadWritePaths=/etc/acme/
-AmbientCapabilities=
-CapabilityBoundingSet=
-LockPersonality=true
-MemoryDenyWriteExecute=true
-NoNewPrivileges=true
-PrivateDevices=true
-PrivateTmp=true
-PrivateUsers=true
-ProtectClock=true
-ProtectControlGroups=yes
-ProtectHome=true
-ProtectHostname=true
-ProtectKernelLogs=true
-ProtectKernelModules=yes
-ProtectKernelTunables=true
-ProtectProc=invisible
-ProtectSystem=strict
-RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
-RestrictNamespaces=true
-RestrictRealtime=true
-RestrictSUIDSGID=true
-#SecureBits=noroot-locked
-SystemCallArchitectures=native
-SystemCallFilter=@system-service
-SystemCallErrorNumber=EPERM
Deleted: acme.sysusers
===================================================================
--- acme.sysusers 2022-04-09 20:25:51 UTC (rev 1183156)
+++ acme.sysusers 2022-04-09 20:26:59 UTC (rev 1183157)
@@ -1 +0,0 @@
-u acme - "ACME dedicated user" /var/lib/acme
Deleted: acme.timer
===================================================================
--- acme.timer 2022-04-09 20:25:51 UTC (rev 1183156)
+++ acme.timer 2022-04-09 20:26:59 UTC (rev 1183157)
@@ -1,10 +0,0 @@
-[Unit]
-Description=Renew ACME certificats daily
-
-[Timer]
-OnCalendar=*-*-* 00/12:00:00
-RandomizedDelaySec=12h
-Persistent=true
-
-[Install]
-WantedBy=timers.target
Deleted: acme.tmpfiles
===================================================================
--- acme.tmpfiles 2022-04-09 20:25:51 UTC (rev 1183156)
+++ acme.tmpfiles 2022-04-09 20:26:59 UTC (rev 1183157)
@@ -1,3 +0,0 @@
-d /etc/acme 0750 acme acme
-d /var/lib/acme 0755 acme acme
-d /var/log/acme 0750 acme acme
More information about the arch-commits
mailing list