Import acme-utils and tomcat-bin ebuilds

Signed-off-by: Stefan Knoblich <stkn@openisdn.net>
2021-02-16 13:44:16 +01:00
parent d66a55eeb7
commit 334b29843d
9 changed files with 823 additions and 0 deletions
--- a/app-admin/acme-utils/Manifest
+++ b/app-admin/acme-utils/Manifest
@@ -0,0 +1,2 @@
+AUX apache-challenge.conf 323 BLAKE2B 30f1191efb6e05b6682a967f513b572153595083277526cac9af2b6958e2fbc6241576370a07725fbc8b65c372877c41df0f1c78d87331083797736b24f5b8bb SHA512 4c292d2a31d4b8e59a0dcba2bfc20258e5188bfb6dcffdc02703e916dd0f3ab6ccfb9f43553dd3184b9f68b90358c08c1c1256d2bb3c76c9117b0196a844ab4a
+EBUILD acme-utils-0.5.6.ebuild 3159 BLAKE2B b6bc6d9730903b56dccd48d47c9136c1ce48537e59a6a632a2a56b422e882b8d39c04b1c2617749f2843db050225af6af6b272bd248472770a3914f2d10b6dd2 SHA512 a88a6bad7938441ceeea0ab5d892baa235b4b0a3e9f7b8bc500a19b7e2f8662eb09449cc22659d33beff4a33b7d5c24be84deb38de2e4107d872545c5f8bcc81
--- a/app-admin/acme-utils/acme-utils-0.5.6.ebuild
+++ b/app-admin/acme-utils/acme-utils-0.5.6.ebuild
@@ -0,0 +1,122 @@
+# Copyright (C) 2016 axsentis GmbH, Stefan Knoblich <s.knoblich@axsentis.de>
+
+EAPI="5"
+
+inherit git-r3 autotools user
+
+EGIT_CLONE_TYPE="shallow"
+EGIT_REPO_URI="https://github.com/stknob/acme-utils.git"
+EGIT_COMMIT="${PV}"
+
+DESCRIPTION="ACME certificate helper scripts"
+LICENSE="MIT"
+KEYWORDS="amd64 x86"
+SLOT="0"
+IUSE="+apache2"
+
+RDEPEND="
+	app-admin/pwgen
+	dev-lang/python
+	dev-libs/openssl
+	net-misc/wget
+	net-dns/bind-tools
+"
+DEPEND="${RDEPEND}"
+
+pkg_setup() {
+	enewgroup acme 65001
+	enewuser  acme 65001 -1 "/etc/acme" "acme"
+}
+
+src_prepare() {
+	eautoreconf || die "reconf failed"
+
+	# Update user/group
+	sed -i -e '/^\(ACME_USER\|ACME_GROUP\)/s:letsencrypt:acme:' \
+		"acme.conf.in" || die "Failed to update user/group"
+}
+
+src_configure() {
+	econf \
+		--sysconfdir="/etc/acme" \
+		--with-certdir="/etc/ssl/acme" \
+		--with-challengedir="/var/www/acme-challenge" \
+		|| die "econf failed"
+}
+
+src_install() {
+	default_src_install
+
+	# Create hook dirs
+	keepdir "/etc/acme/create.d"
+	keepdir "/etc/acme/pre.d"
+	keepdir "/etc/acme/renew.d"
+	keepdir "/etc/acme/post.d"
+
+	# Create cert + challenge directory
+	keepdir "/etc/ssl/acme"
+	keepdir "/var/www/acme-challenge"
+
+	# Fix permissions
+	chown -R root:acme "${D}/etc/acme"
+	chmod    750       "${D}/etc/acme"
+	chown -R root:root "${D}/etc/acme/create.d"
+	chmod    750       "${D}/etc/acme/create.d"
+	chown -R root:root "${D}/etc/acme/pre.d"
+	chmod    750       "${D}/etc/acme/pre.d"
+	chown -R root:root "${D}/etc/acme/renew.d"
+	chmod    750       "${D}/etc/acme/renew.d"
+	chown -R root:root "${D}/etc/acme/post.d"
+	chmod    750       "${D}/etc/acme/post.d"
+	chmod    640       "${D}/etc/acme/acme.conf"
+	chown -R root:acme "${D}/etc/ssl/acme"
+	chmod    750       "${D}/etc/ssl/acme"
+	chown    acme:root "${D}/var/www/acme-challenge"
+	chmod    751       "${D}/var/www/acme-challenge"
+
+	# Server-specific config snippts
+	if use apache2
+	then
+		insinto "/etc/apache2/modules.d"
+		newins  "${FILESDIR}/apache-challenge.conf" "99_acme-challenge.conf"
+	fi
+}
+
+pkg_postinst() {
+	einfo "Use \"emerge =${CATEGORY}/${PF} --config\" to run the initial setup"
+
+	use apache2 && \
+		einfo "To enable apache2 support, set \"-D ACME\" in /etc/conf.d/apache2"
+}
+
+pkg_config() {
+	local my_account_key="/etc/acme/account.key"
+
+	[[ -f "${my_account_key}" ]] && {
+		eerror "Existing account key found, aborting"
+		die
+	}
+
+	einfo "Creating ACME account key..."
+	/usr/sbin/acme-setup-account \
+		|| die "Failed to generate account key"
+
+	# Fix permissions
+	einfo "Setting directory and file permissions..."
+	chown -R root:acme "/etc/acme"
+	chmod    750       "/etc/acme"
+	chown -R root:root "/etc/acme/create.d"
+	chmod    750       "/etc/acme/create.d"
+	chown -R root:root "/etc/acme/pre.d"
+	chmod    750       "/etc/acme/pre.d"
+	chown -R root:root "/etc/acme/renew.d"
+	chmod    750       "/etc/acme/renew.d"
+	chown -R root:root "/etc/acme/post.d"
+	chmod    750       "/etc/acme/post.d"
+	chmod    640       "/etc/acme/acme.conf"
+	chmod    440       "${my_account_key}"
+	chown -R root:acme "/etc/ssl/acme"
+	chmod    750       "/etc/ssl/acme"
+	chown    acme:root "/var/www/acme-challenge"
+	chmod    751       "/var/www/acme-challenge"
+}
--- a/app-admin/acme-utils/files/apache-challenge.conf
+++ b/app-admin/acme-utils/files/apache-challenge.conf
@@ -0,0 +1,14 @@
+#
+# Alias and directory permissions for the ACME http challenge
+#
+<IfDefine ACME>
+
+Alias   /.well-known/acme-challenge/    /var/www/acme-challenge/
+
+<Directory "/var/www/acme-challenge/">
+        Options None
+        AllowOverride None
+        FallbackResource disabled
+        Require all granted
+</Directory>
+</IfDefine>