From 1ae57639c05e03c3dac9eb707544ef31cc31f0fe Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jul 10 2020 01:24:53 +0000 Subject: import mod_md-2.0.8-8.module+el8.3.0+6814+67d1e611 --- diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6333b36 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/mod_md-2.0.8.tar.gz diff --git a/.mod_md.metadata b/.mod_md.metadata new file mode 100644 index 0000000..083e09c --- /dev/null +++ b/.mod_md.metadata @@ -0,0 +1 @@ +6cec32070c6fd83701be0874a2d8b4f30d929d03 SOURCES/mod_md-2.0.8.tar.gz diff --git a/SOURCES/a2md.xml b/SOURCES/a2md.xml new file mode 100644 index 0000000..0f74182 --- /dev/null +++ b/SOURCES/a2md.xml @@ -0,0 +1,418 @@ + + + + + + + a2md + mod_md + AuthorEissingStefanstefan.eissing@greenbytes.de + DocumentationUhliarikLubosluhliari@redhat.com + + + + a2md + 1 + + + + a2md + Show and manipulate Apache Managed Domains + + + + + a2md + options + + acme + add + update + drive + list + store + + cmd options + args + + + + + Description + + The a2md utility can be used to configure and update managed domains with + the mod_md module for Apache HTTP Server. Managed Domains are virtual hosts + which automatically obtain and renew TLS certificates from an ACME server. + + + + + Options + + + + + arg, + arg + + The url of the ACME server directory + + + + + arg, + arg + + Directory for file data + + + + + , + + + Print usage information + + + + + , + + + Produce JSON output + + + + + arg, + arg + + Use the HTTP proxy url + + + + + , + + + Produce less output + + + + + arg, + arg + + You agree to the terms of services (url) + + + + + , + + + Produce more output + + + + + , + + + Print version + + + + + ACME server commands + + a2md acme + + newreg + delreg + agree + authz + validate + + opts + args + + + + Play with the ACME server. For most of the commands you need to specify + the url of the ACME server directory. + + + + newreg + + newreg + contact-uri + contact-uri... + + Register a new account at ACME server with given contact-uri (email) + + + + delreg + + delreg + account + + Delete an existing ACME account + + + + agree + + agree + account + + Agree to ACME terms of service + + + + authz + + authz + account + domain + + Request a new authorization for an account and + domain + + + + validate + + validate + account + + Validate account existence + + + + + Managed domain addition + + a2md add + opts + domain + domain... + + + + Adds a new managed domain. Must not overlap with existing domains. + + + + + Updating managed domain + + a2md update + name + opts + + domains + ca + account + contacts + agreement + + + + + Update a managed domain's properties, where name belongs to managed domain which + will be updated. + + + URL of ACME server can be also updated if | + option is present. + + + domains + + domains + dname + dname... + + Update domain where dname is domain name which will be updated. + + + + ca + + ca + url + proto + + The URL where the CA offers its service. + Currently only ACME (LetsEncrypt) proto is implemented. + + + + account + + account + + Account name on corresponding ACME server. + + + + contacts + + contacts + email + email... + + Contact address which will be used by ACME server to inform about renewals or changed terms of service. + + + + agreement + + agreement + URI + + URI pointing to terms of service of ACME server. + + + + + Drive managed domains + + a2md drive + md... + options... + + + + Drive all or the mentioned managed domains toward completeness + + + Options + + + + arg, + arg + + Which challenge type to use + + + + , + + + Force driving the managed domain, even when it seems valid + + + + , + + + Reset any staging data for the managed domain + + + + + + + List managed domamins + + a2md list + + + + List all managed domains + + + + + Manipulating MD store + + a2md store + + add + remove + list + update + + opts + args + + + + Manipulate the MD store + + + + add + + add + dns + dns2... + + Add a new managed domain dns with all the additional domain names + + + + remove + + remove + -f | --force + name + name... + + Remove the managed domains name from the store + When or option is specified, force managed domain removal - be silent about missing domains + + + list + + list + + List all managed domains in the store + + + update + + update + name + + domains + dname + dname... + + + If cmd is specified followed by one or + more domains, MD store will be updated with those domains. + URL of ACME server can be also updated if | + option is present. + + + + + + + diff --git a/SOURCES/mod_md-2.0.8-duptrim-seg.patch b/SOURCES/mod_md-2.0.8-duptrim-seg.patch new file mode 100644 index 0000000..4267558 --- /dev/null +++ b/SOURCES/mod_md-2.0.8-duptrim-seg.patch @@ -0,0 +1,13 @@ +diff --git a/src/md_result.c b/src/md_result.c +index 4076d5b..0e0b688 100644 +--- a/src/md_result.c ++++ b/src/md_result.c +@@ -32,7 +32,7 @@ + static const char *dup_trim(apr_pool_t *p, const char *s) + { + char *d = apr_pstrdup(p, s); +- apr_collapse_spaces(d, d); ++ if (d) apr_collapse_spaces(d, d); + return d; + } + diff --git a/SOURCES/mod_md-2.0.8-state_dir.patch b/SOURCES/mod_md-2.0.8-state_dir.patch new file mode 100644 index 0000000..970424f --- /dev/null +++ b/SOURCES/mod_md-2.0.8-state_dir.patch @@ -0,0 +1,23 @@ + +Enable state_dir support for 2.4.x. + +--- mod_md-2.0.8/src/mod_md_config.c.state_dir ++++ mod_md-2.0.8/src/mod_md_config.c +@@ -44,7 +44,7 @@ + /* Default settings for the global conf */ + static md_mod_conf_t defmc = { + NULL, /* list of mds */ +-#if AP_MODULE_MAGIC_AT_LEAST(20180906, 2) ++#if 1 + NULL, /* base dir by default state-dir-relative */ + #else + MD_DEFAULT_BASE_DIR, +@@ -898,7 +898,7 @@ + mc->hsts_header = apr_psprintf(p, "max-age=%d", mc->hsts_max_age); + } + +-#if AP_MODULE_MAGIC_AT_LEAST(20180906, 2) ++#if 1 + if (mc->base_dir == NULL) { + mc->base_dir = ap_state_dir_relative(p, MD_DEFAULT_BASE_DIR); + } diff --git a/SOURCES/mod_md-2.0.8-tolerate-missing-res.patch b/SOURCES/mod_md-2.0.8-tolerate-missing-res.patch new file mode 100644 index 0000000..37819cc --- /dev/null +++ b/SOURCES/mod_md-2.0.8-tolerate-missing-res.patch @@ -0,0 +1,22 @@ +diff --git a/src/md_acme.c b/src/md_acme.c +index d2cc00a..005a387 100644 +--- a/src/md_acme.c ++++ b/src/md_acme.c +@@ -728,8 +728,15 @@ static apr_status_t update_directory(const md_http_response_t *res) + acme->api.v2.revoke_cert = md_json_dups(acme->p, json, "revokeCert", NULL); + acme->api.v2.key_change = md_json_dups(acme->p, json, "keyChange", NULL); + acme->api.v2.new_nonce = md_json_dups(acme->p, json, "newNonce", NULL); +- if (acme->api.v2.new_account && acme->api.v2.new_order +- && acme->api.v2.revoke_cert && acme->api.v2.key_change ++ /* RFC 8555 only requires "directory" and "newNonce" resources. ++ * mod_md uses "newAccount" and "newOrder" so check for them. ++ * But mod_md does not use the "revokeCert" or "keyChange" ++ * resources, so tolerate the absense of those keys. In the ++ * future if mod_md implements revocation or key rollover then ++ * the use of those features should be predicated on the ++ * server's advertised capabilities. */ ++ if (acme->api.v2.new_account ++ && acme->api.v2.new_order + && acme->api.v2.new_nonce) { + acme->version = MD_ACME_VERSION_2; + } diff --git a/SPECS/mod_md.spec b/SPECS/mod_md.spec new file mode 100644 index 0000000..299efa1 --- /dev/null +++ b/SPECS/mod_md.spec @@ -0,0 +1,99 @@ +# Module Magic Numberfa +%{!?_httpd_mmn: %global _httpd_mmn %(cat %{_includedir}/httpd/.mmn 2>/dev/null || echo 0-0)} + +Name: mod_md +Version: 2.0.8 +Release: 8%{?dist} +Summary: Certificate provisioning using ACME for the Apache HTTP Server +License: ASL 2.0 +URL: https://icing.github.io/mod_md/ +Source0: https://github.com/icing/mod_md/releases/download/v%{version}/mod_md-%{version}.tar.gz +# documentation +Source10: a2md.xml +Patch1: mod_md-2.0.8-state_dir.patch +Patch2: mod_md-2.0.8-duptrim-seg.patch +Patch3: mod_md-2.0.8-tolerate-missing-res.patch +BuildRequires: gcc +BuildRequires: pkgconfig, httpd-devel >= 2.4.37, openssl-devel >= 1.1.0, jansson-devel, libcurl-devel +BuildRequires: xmlto +Requires: httpd-mmn = %{_httpd_mmn}, mod_ssl >= 1:2.4.37-17 +Conflicts: httpd < 2.4.37-17 +Epoch: 1 + +%description +This module manages common properties of domains for one or more +virtual hosts. Specifically it can use the ACME protocol to automate +certificate provisioning. Certificates will be configured for managed +domains and their virtual hosts automatically, including at renewal. + +%prep +%setup -q +%patch1 -p1 -b .state_dir +%patch2 -p1 -b .dup_trim +%patch3 -p1 -b .tol_missing_res + +xmlto man $RPM_SOURCE_DIR/a2md.xml + +%build +%configure +# remove rpath +sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool +sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool + +%make_build V=1 + +%check +%make_build check + +%install +%make_install +rm -rf %{buildroot}/etc/httpd/share/doc/ + +# remove links and rename SO files +rm -f %{buildroot}%{_httpd_moddir}/mod_md.so +mv %{buildroot}%{_httpd_moddir}/mod_md.so.0.0.0 %{buildroot}%{_httpd_moddir}/mod_md.so + +# create configuration +mkdir -p %{buildroot}%{_httpd_modconfdir} +echo "LoadModule md_module modules/mod_md.so" > %{buildroot}%{_httpd_modconfdir}/01-md.conf + +# Install man pages +install -d $RPM_BUILD_ROOT%{_mandir}/man1 +install -m 644 -p a2md.1 $RPM_BUILD_ROOT%{_mandir}/man1 + +%files +%doc README.md ChangeLog AUTHORS +%license LICENSE +%config(noreplace) %{_httpd_modconfdir}/01-md.conf +%{_httpd_moddir}/mod_md.so +%{_bindir}/a2md +%{_mandir}/man1/* + +%changelog +* Thu May 28 2020 Lubos Uhliarik - 1:2.0.8-8 +- Resolves: #1832844 - mod_md does not work with ACME server that does not + provide keyChange or revokeCert resources + +* Wed Jan 22 2020 Lubos Uhliarik - 1:2.0.8-7 +- Resolves: #1747912 - add a2md(1) documentation + +* Mon Dec 09 2019 Lubos Uhliarik - 1:2.0.8-6 +- Resolves: #1781263 - mod_md ACMEv1 crash + +* Thu Oct 03 2019 Lubos Uhliarik - 1:2.0.8-5 +- Resolves: #1747898 - add mod_md package + +* Fri Aug 30 2019 Joe Orton - 1:2.0.8-4 +- require mod_ssl, update package description + +* Fri Aug 30 2019 Joe Orton - 1:2.0.8-3 +- rebuild against 2.4.41 + +* Thu Jul 25 2019 Fedora Release Engineering - 1:2.0.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri Jul 12 2019 Joe Orton - 1:2.0.8-1 +- update to 2.0.8 + +* Tue Jun 11 2019 Lubos Uhliarik - 2.0.3-1 +- Initial import (#1719248).