[arch-commits] Commit in acme-user/repos/community-any (8 files)
Bruno Pagani
archange at gemini.archlinux.org
Sat Apr 9 20:27:26 UTC 2022
Date: Saturday, April 9, 2022 @ 20:27:26
Author: archange
Revision: 1183158
archrelease: copy trunk to community-any
Added:
acme-user/repos/community-any/PKGBUILD
(from rev 1183157, acme-user/trunk/PKGBUILD)
Deleted:
acme-user/repos/community-any/PKGBUILD
acme-user/repos/community-any/acme-post.sh
acme-user/repos/community-any/acme-renew.sh
acme-user/repos/community-any/acme.service
acme-user/repos/community-any/acme.sysusers
acme-user/repos/community-any/acme.timer
acme-user/repos/community-any/acme.tmpfiles
---------------+
PKGBUILD | 51 +++++++++++++++++++++------------------------------
acme-post.sh | 18 ------------------
acme-renew.sh | 8 --------
acme.service | 38 --------------------------------------
acme.sysusers | 1 -
acme.timer | 10 ----------
acme.tmpfiles | 3 ---
7 files changed, 21 insertions(+), 108 deletions(-)
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2022-04-09 20:26:59 UTC (rev 1183157)
+++ PKGBUILD 2022-04-09 20:27:26 UTC (rev 1183158)
@@ -1,30 +0,0 @@
-# Maintainer: Bruno Pagani <archange at archlinux.org>
-
-pkgname=acme-user
-pkgver=1.0.0
-pkgrel=1
-pkgdesc="acme-tiny systemd files for running as dedicated user instead of root."
-arch=(any)
-url="https://certbot.eff.org"
-license=(GPL)
-depends=(acme-tiny systemd)
-source=(acme.service
- acme.timer
- acme.tmpfiles
- acme.sysusers
- acme-renew.sh
- acme-post.sh)
-sha256sums=(799b67ec34b23004002cc90aa40c639979c155b793f3e4cb1012008163332051
- c8bf2bf90baaf5630d7a0d1761773fd75b153d39f6d34289e287c862eebead2d
- 34f0023cef60e11d5ac83b91fe36df7a3b7353c6a70dc4f86128e0d4cec4268a
- 6b0124bad46fb4f1864b791c57b974e76c25c07e2f8476b7de3757cba7cc4c11
- 2ebe80ce48fecdf30c5f7a3db173541cc61ff70ccb55d7b1ea4fc31d89b6e933
- db7881b0ceaab0eb555765b378a4437890d70bffe4f38e64541e0a42eb36f993)
-
-package() {
- install -Dm755 acme-renew.sh "${pkgdir}"/usr/bin/acme-renew
- install -Dm755 acme-post.sh "${pkgdir}"/usr/bin/acme-post
- install -Dm644 acme.{service,timer} -t "${pkgdir}"/usr/lib/systemd/system/
- install -Dm644 acme.tmpfiles "${pkgdir}"/usr/lib/tmpfiles.d/acme.conf
- install -Dm644 acme.sysusers "${pkgdir}"/usr/lib/sysusers.d/acme.conf
-}
Copied: acme-user/repos/community-any/PKGBUILD (from rev 1183157, acme-user/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2022-04-09 20:27:26 UTC (rev 1183158)
@@ -0,0 +1,21 @@
+# Maintainer: Bruno Pagani <archange at archlinux.org>
+
+pkgname=acme-user
+pkgver=1.0.1
+pkgrel=1
+pkgdesc="acme-tiny systemd files for running as dedicated user instead of root."
+arch=(any)
+url="https://github.com/ArchangeGabriel/acme-user"
+license=(GPL)
+depends=(acme-tiny systemd)
+source=(${url}/releases/download/v${pkgver}/${pkgname}-${pkgver}.tar.zst{,.asc})
+sha256sums=(bbc14de2b86d4ebaa2c3559de92df42beac556a96d098fce5d9ac75a9a8cb933 SKIP)
+validpgpkeys=(69DA34D78FE0EFD596AC6D049D893EC4DAAF9129)
+
+package() {
+ install -Dm755 acme-renew.sh "${pkgdir}"/usr/bin/acme-renew
+ install -Dm755 acme-post.sh "${pkgdir}"/usr/bin/acme-post
+ install -Dm644 acme.{service,timer} -t "${pkgdir}"/usr/lib/systemd/system/
+ install -Dm644 acme.tmpfiles "${pkgdir}"/usr/lib/tmpfiles.d/acme.conf
+ install -Dm644 acme.sysusers "${pkgdir}"/usr/lib/sysusers.d/acme.conf
+}
Deleted: acme-post.sh
===================================================================
--- acme-post.sh 2022-04-09 20:26:59 UTC (rev 1183157)
+++ acme-post.sh 2022-04-09 20:27:26 UTC (rev 1183158)
@@ -1,18 +0,0 @@
-#!/usr/bin/sh
-
-# Read through domains
-for domain in $(find /etc/acme -type d -not -path /etc/acme); do
- if [ -f ${domain}/fullchain_new.pem ]; then # The certificate was renewed
- echo "Replacing certificate and fixing permissions for ${domain##*/}…"
- mv ${domain}/fullchain{_new,}.pem
- chown root:root ${domain}/fullchain.pem
- chmod 444 ${domain}/fullchain.pem
- # Splitting for OCSP needs
- FULLCHAIN=$(<${domain}/fullchain.pem)
- echo "${FULLCHAIN%%-----END CERTIFICATE-----*}-----END CERTIFICATE-----" > ${domain}/cert.pem
- echo -e "${FULLCHAIN#*-----END CERTIFICATE-----}" | sed '/./,$!d' > ${domain}/chain.pem
- fi
- # Regenerate answers for OCSP stapling (whether or not the certificate has been renewed)
- echo "Regenerating OCSP priming for ${domain##*/}…"
- openssl ocsp -noverify -no_nonce -respout ${domain}/ocsp.der -issuer ${domain}/chain.pem -cert ${domain}/cert.pem -url $(openssl x509 -noout -ocsp_uri -in ${domain}/cert.pem)
-done
Deleted: acme-renew.sh
===================================================================
--- acme-renew.sh 2022-04-09 20:26:59 UTC (rev 1183157)
+++ acme-renew.sh 2022-04-09 20:27:26 UTC (rev 1183158)
@@ -1,8 +0,0 @@
-#!/usr/bin/sh
-
-for domain in $(find /etc/acme -type d -not -path /etc/acme); do
- echo "Checking certificate expiry date for ${domain##*/}…"
- openssl x509 -noout -checkend 2592000 -in ${domain}/fullchain.pem > /dev/null 2>&1 && echo "Certificate not expiring within 30 days, skipping." && continue
- echo "Renewing certificate for ${domain##*/}…"
- /usr/bin/acme-tiny --account-key /etc/acme/accountkey.pem --csr ${domain}/csr.pem --acme-dir /var/lib/acme/ > ${domain}/fullchain_new.pem || exit
-done
Deleted: acme.service
===================================================================
--- acme.service 2022-04-09 20:26:59 UTC (rev 1183157)
+++ acme.service 2022-04-09 20:27:26 UTC (rev 1183158)
@@ -1,38 +0,0 @@
-[Unit]
-Description=ACME certificate renewal
-
-[Service]
-Type=oneshot
-User=acme
-Group=acme
-PermissionsStartOnly=True
-ExecStart=/usr/bin/acme-renew
-ExecStartPost=!/usr/bin/acme-post
-Restart=on-failure
-StateDirectory=acme
-ReadWritePaths=/etc/acme/
-AmbientCapabilities=
-CapabilityBoundingSet=
-LockPersonality=true
-MemoryDenyWriteExecute=true
-NoNewPrivileges=true
-PrivateDevices=true
-PrivateTmp=true
-PrivateUsers=true
-ProtectClock=true
-ProtectControlGroups=yes
-ProtectHome=true
-ProtectHostname=true
-ProtectKernelLogs=true
-ProtectKernelModules=yes
-ProtectKernelTunables=true
-ProtectProc=invisible
-ProtectSystem=strict
-RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
-RestrictNamespaces=true
-RestrictRealtime=true
-RestrictSUIDSGID=true
-#SecureBits=noroot-locked
-SystemCallArchitectures=native
-SystemCallFilter=@system-service
-SystemCallErrorNumber=EPERM
Deleted: acme.sysusers
===================================================================
--- acme.sysusers 2022-04-09 20:26:59 UTC (rev 1183157)
+++ acme.sysusers 2022-04-09 20:27:26 UTC (rev 1183158)
@@ -1 +0,0 @@
-u acme - "ACME dedicated user" /var/lib/acme
Deleted: acme.timer
===================================================================
--- acme.timer 2022-04-09 20:26:59 UTC (rev 1183157)
+++ acme.timer 2022-04-09 20:27:26 UTC (rev 1183158)
@@ -1,10 +0,0 @@
-[Unit]
-Description=Renew ACME certificats daily
-
-[Timer]
-OnCalendar=*-*-* 00/12:00:00
-RandomizedDelaySec=12h
-Persistent=true
-
-[Install]
-WantedBy=timers.target
Deleted: acme.tmpfiles
===================================================================
--- acme.tmpfiles 2022-04-09 20:26:59 UTC (rev 1183157)
+++ acme.tmpfiles 2022-04-09 20:27:26 UTC (rev 1183158)
@@ -1,3 +0,0 @@
-d /etc/acme 0750 acme acme
-d /var/lib/acme 0755 acme acme
-d /var/log/acme 0750 acme acme
More information about the arch-commits
mailing list