# Disable automatic requires/provides processing AutoReqProv: no %global projname acme_srv %global __python %{__python3} %{!?_unitdir: %global _unitdir /usr/lib/systemd/system} Summary: library implementing ACME server functionality Name: acme2certifier %define ghowner grindsa Version: 0.23.1 Release: 1.2 License: GPL3; @grindsa@github URL: https://github.com/grindsa/acme2certifier Requires: nginx # EPEL repo required Requires: policycoreutils-python-utils Requires: uwsgi-plugin-python3 Requires: python3-uwsgidecorators.x86_64 Requires: tar # pip **RISK** Requires: python-dateutil Requires: pytz Requires: python-setuptools Requires: python-jwcrypto Requires: python-cryptography Requires: pyOpenSSL Requires: python-dns Requires: python-certsrv Requires: python-configparser Requires: python-dateutil Requires: python-requests Requires: python3-pysocks Requires: python3-josepy Requires: python3-acme Requires: python3-impacket Requires: python-xmltodict Requires: python3-pyasn1 Requires: python3-pyasn1-modules BuildArch: noarch #define ghsha 1699c09758e56f740437674a8d6ba36443399f24 %define mungedurl refs/tags/%{?ghsha}%{?!ghsha:%{version}} Source0: https://github.com/%{ghowner}/%{?URLbit}%{?!URLbit:%{name}}/archive/%{?mungedurl}.tar.gz %description acme2certifier is development project to create an ACME protocol proxy. Main intention is to provide ACME services on CA servers which do not support this protocol yet. It consists of two libraries: - acme_srv/*.py - a bunch of classes implementing ACME server functionality based on rfc8555 - ca_handler.py - interface towards CA server. The intention of this library is to be modular that an adaption to other CA servers should be straight forward. As of today the following handlers are available: - Openssl - NetGuard Certificate Manager/Insta Certifier - NetGuard Certificate Lifecycle Manager - Generic EST protocol handler - Generic CMPv2 protocol handler - Microsoft Certificate Enrollment Web Services - Microsoft Windows Client Certificate Enrollment Protocol (MS-WCCE) via RPC/DCOM - Generic ACME protocol handler supporting Letsencrypt, BuyPass.com and ZeroSSL - XCA - acme2dfn (external; ACME proxy for the German research network's SOAP API) For more up-to-date information and further documentation, please visit the project's home page at: https://github.com/grindsa/acme2certifier Remember to: sudo chkconfig uwsgi on sudo service uwsgi start %prep %autosetup -p1 -n %{name}-%{?ghsha}%{?!ghsha:%{version}} -N %build # nothing to build %install # Main %{__mkdir_p} \ %{buildroot}%{_datadir} \ %{buildroot}%{_unitdir} #\ #%{buildroot}%{_sysconfdir}/httpd/conf.d \ %{__cp} -a . %{buildroot}%{_datadir}/%{projname} %{__chmod} -R go-w %{buildroot}%{_datadir}/%{projname} %{__cp} -a \ .github/openssl_ca_handler.py_acme_srv_choosen_handler.cfg \ %{buildroot}%{_datadir}/%{projname}/acme_srv.cfg %{__cp} -a \ examples/db_handler/wsgi_handler.py \ %{buildroot}%{_datadir}/%{projname}/db_handler.py %{__cp} -a \ examples/acme2certifier_wsgi.py \ %{buildroot}%{_datadir}/%{projname}/ ## Modify acme2certifier.ini for Redhat/Centos and derivations %{__sed} ' $a\ plugins = python3 ' \ examples/nginx/acme2certifier.ini > \ %{buildroot}%{_datadir}/%{projname}/acme2certifier.ini ## Configure and enable uWSGI service %{__sed} ' s:cd /opt/acme2certifier; :: s:/opt/acme2certifier:%{_datadir}:g /^User/i\ WorkingDirectory=%{_datadir} ' \ examples/nginx/uwsgi.service > \ %{buildroot}%{_unitdir}/uwsgi.service # ugh %clean %{__chmod} -R 777 $RPM_BUILD_ROOT %{__rm} -rf $RPM_BUILD_ROOT %files %defattr(-,root,root,-) %license LICENSE %doc *.md requirements.txt %attr(0755,nginx,-)%{_datadir}/%{projname}/ %{_unitdir}/uwsgi.service %changelog