From 664d761b468c2d93a1e0daebf4b99786cc87cc88 Mon Sep 17 00:00:00 2001 From: Leon Fernandez Date: Sun, 30 Nov 2025 22:04:01 +0100 Subject: [PATCH 1/5] Added missing files for deb package Declarative sysusers setup in rpm package Minor fixes to rpm and deb service unit files --- .gitignore | 19 +++---------------- Makefile | 5 +++-- deb/DEBIAN/postrm | 10 ++++++++++ .../lib/systemd/system/dnstapir-renew.service | 13 +++++++++++++ .../lib/systemd/system/dnstapir-renew.timer | 14 ++++++++++++++ rpm/SOURCES/dnstapir-renew.sysusers.conf | 3 +++ rpm/SPECS/dnstapir-cli.spec.in | 15 +++++++++++++++ 7 files changed, 61 insertions(+), 18 deletions(-) create mode 100755 deb/DEBIAN/postrm create mode 100644 deb/usr/lib/systemd/system/dnstapir-renew.service create mode 100644 deb/usr/lib/systemd/system/dnstapir-renew.timer create mode 100644 rpm/SOURCES/dnstapir-renew.sysusers.conf diff --git a/.gitignore b/.gitignore index fd1cd62..86e3e8a 100644 --- a/.gitignore +++ b/.gitignore @@ -29,21 +29,8 @@ tapir-cli dnstapir-cli version.go -# Ignore rpm build directory and related stuff -*.tar.gz -*.src.rpm -#rpm/ -#!rpm/SOURCES/tapir-renew.service -#!rpm/SOURCES/tapir-renew.timer -#!rpm/SOURCES/tapir-cli.yaml -#!rpm/SPECS/tapir-cli.spec - -# Ignore deb build directory and related stuff -*.deb -deb/ -!deb/DEBIAN/control.in -!deb/DEBIAN/postinst -!deb/DEBIAN/postrm - # Ignore built stuff out/ +*.tar.gz +*.rpm +*.deb diff --git a/Makefile b/Makefile index 0dd3322..5098a39 100644 --- a/Makefile +++ b/Makefile @@ -57,13 +57,14 @@ srpm: tarball test -z "$(outdir)" || cp $(OUT)/$(PROG)-$(RPM_VERSION)-*.src.rpm "$(outdir)" rpm: srpm - rpmbuild --recompile --define "%_topdir $(OUT)/rpm" --undefine=dist $(OUT)/$(PROG)-$(RPM_VERSION)-*.src.rpm + rpmbuild --rebuild --define "%_topdir $(OUT)/rpm" --undefine=dist $(OUT)/$(PROG)-$(RPM_VERSION)-*.rpm + cp $(OUT)/rpm/RPMS/**/$(PROG)-$(RPM_VERSION)-*.rpm $(OUT) + test -z "$(outdir)" || cp $(OUT)/$(PROG)-$(RPM_VERSION)-*.rpm "$(outdir)" deb: build cp -r deb $(OUT) mkdir -p $(OUT)/deb/usr/bin mkdir -p $(OUT)/deb/etc/dnstapir/certs - mkdir -p $(OUT)/deb/usr/lib/systemd/system cp $(OUT)/$(PROG) $(OUT)/deb/usr/bin sed -e "s/@@VERSION@@/$(DEB_VERSION)/g" $(OUT)/deb/DEBIAN/control.in > $(OUT)/deb/DEBIAN/control dpkg-deb -b $(OUT)/deb/ $(OUT)/$(PROG)-$(DEB_VERSION).deb diff --git a/deb/DEBIAN/postrm b/deb/DEBIAN/postrm new file mode 100755 index 0000000..36f797e --- /dev/null +++ b/deb/DEBIAN/postrm @@ -0,0 +1,10 @@ +#!/bin/bash +set -e + +case "$1" in + remove) + ;; + purge) + rm -rf /etc/dnstapir/ + ;; +esac diff --git a/deb/usr/lib/systemd/system/dnstapir-renew.service b/deb/usr/lib/systemd/system/dnstapir-renew.service new file mode 100644 index 0000000..4fd5d97 --- /dev/null +++ b/deb/usr/lib/systemd/system/dnstapir-renew.service @@ -0,0 +1,13 @@ +[Unit] +Description=DNS TAPIR Edge Certificate Renewal +After=network-online.target + +[Service] +Type=oneshot +User=dnstapir-renew +Group=dnstapir +ExecStart=/usr/bin/dnstapir-cli --standalone renew \ + --renew-datakey /etc/dnstapir/certs/datakey-priv.json \ + --renew-cacert-out /etc/dnstapir/certs/ca.crt \ + --renew-clientkey /etc/dnstapir/certs/tls.key \ + --renew-clientcert-out /etc/dnstapir/certs/tls.crt diff --git a/deb/usr/lib/systemd/system/dnstapir-renew.timer b/deb/usr/lib/systemd/system/dnstapir-renew.timer new file mode 100644 index 0000000..a8b1ca3 --- /dev/null +++ b/deb/usr/lib/systemd/system/dnstapir-renew.timer @@ -0,0 +1,14 @@ +[Unit] +Description=Renew DNS TAPIR mTLS certificate every week +ConditionPathExists=/etc/dnstapir/certs/datakey-priv.json +ConditionPathExists=/etc/dnstapir/certs/ca.crt +ConditionPathExists=/etc/dnstapir/certs/tls.key +ConditionPathExists=/etc/dnstapir/certs/tls.crt + +[Timer] +OnCalendar=weekly +AccuracySec=1h +RandomizedDelaySec=100min + +[Install] +WantedBy=timers.target diff --git a/rpm/SOURCES/dnstapir-renew.sysusers.conf b/rpm/SOURCES/dnstapir-renew.sysusers.conf new file mode 100644 index 0000000..ed57dc9 --- /dev/null +++ b/rpm/SOURCES/dnstapir-renew.sysusers.conf @@ -0,0 +1,3 @@ +#Type Name ID GECOS Home directory Shell +u dnstapir-renew - "DNS TAPIR Edge Certificate Renewal" /etc/dnstapir - +g dnstapir - diff --git a/rpm/SPECS/dnstapir-cli.spec.in b/rpm/SPECS/dnstapir-cli.spec.in index 658f644..b721ca2 100644 --- a/rpm/SPECS/dnstapir-cli.spec.in +++ b/rpm/SPECS/dnstapir-cli.spec.in @@ -1,6 +1,13 @@ # Disable building of debug packages %global debug_package %{nil} +# Handle backwards compat for sysuser creation +%if 0%{?fedora} < 42 || (0%{?rhel} && 0%{?rhel} <= 10) || (0%{?mageia} && 0%{?mageia} < 10) || (0%{?suse_version} && 0%{?suse_version} < 1660) +%bcond_without sysusers_compat +%else +%bcond_with sysusers_compat +%endif + Name: dnstapir-cli Version: @@VERSION@@ Release: 1%{?dist} @@ -11,6 +18,7 @@ URL: https://www.github.com/dnstapir/cli Source0: %{name}.tar.gz Source1: dnstapir-renew.service Source2: dnstapir-renew.timer +Source3: dnstapir-renew.sysusers.conf BuildRequires: git BuildRequires: golang @@ -35,6 +43,10 @@ DESTDIR=%{buildroot}%{_bindir} make install install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir} install -m 0644 %{SOURCE2} %{buildroot}%{_unitdir} +# Users and Groups +install -m 0644 -D %{SOURCE3} %{buildroot}%{_sysusersdir}/dnstapir-renew.conf + + %files %attr(0770,root,dnstapir) %dir %{_sysconfdir}/dnstapir %attr(0770,root,dnstapir) %dir %{_sysconfdir}/dnstapir/certs @@ -42,10 +54,13 @@ install -m 0644 %{SOURCE2} %{buildroot}%{_unitdir} %attr(0660,-,dnstapir) %ghost %{_sysconfdir}/dnstapir/dnstapir-cli.yaml %attr(0644,root,dnstapir) %{_unitdir}/dnstapir-renew.service %attr(0644,root,dnstapir) %{_unitdir}/dnstapir-renew.timer +%{_sysusersdir}/dnstapir-renew.conf +%if %{with sysusers_compat} %pre /usr/bin/getent group dnstapir || /usr/sbin/groupadd -r dnstapir /usr/bin/getent passwd dnstapir-renew || /usr/sbin/useradd -r -d /etc/dnstapir -G dnstapir -s /sbin/nologin dnstapir-renew +%endif %post From b715e43a1e6292e15ac2f53d8dbed2ade43b40cc Mon Sep 17 00:00:00 2001 From: Leon Fernandez Date: Wed, 3 Dec 2025 09:33:44 +0100 Subject: [PATCH 2/5] Declare provides for opensuse builds --- rpm/SPECS/dnstapir-cli.spec.in | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/rpm/SPECS/dnstapir-cli.spec.in b/rpm/SPECS/dnstapir-cli.spec.in index b721ca2..ab5b296 100644 --- a/rpm/SPECS/dnstapir-cli.spec.in +++ b/rpm/SPECS/dnstapir-cli.spec.in @@ -22,6 +22,12 @@ Source3: dnstapir-renew.sysusers.conf BuildRequires: git BuildRequires: golang +%if %{with sysusers_compat} && 0%{?suse_version} +Provides: user(dnstapir-renew) +Provides: group(dnstapir) +%endif + + %description DNS TAPIR EDGE ClI Tool for managing an EDGE deployment From 59e4cfaea90a0f93f356677dc933c2538106ccd3 Mon Sep 17 00:00:00 2001 From: Leon Fernandez Date: Wed, 3 Dec 2025 13:57:52 +0100 Subject: [PATCH 3/5] Misc rabbit changes --- Makefile | 4 ++-- rpm/SOURCES/dnstapir-renew.sysusers.conf | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 5098a39..c911090 100644 --- a/Makefile +++ b/Makefile @@ -57,8 +57,8 @@ srpm: tarball test -z "$(outdir)" || cp $(OUT)/$(PROG)-$(RPM_VERSION)-*.src.rpm "$(outdir)" rpm: srpm - rpmbuild --rebuild --define "%_topdir $(OUT)/rpm" --undefine=dist $(OUT)/$(PROG)-$(RPM_VERSION)-*.rpm - cp $(OUT)/rpm/RPMS/**/$(PROG)-$(RPM_VERSION)-*.rpm $(OUT) + rpmbuild --rebuild --define "%_topdir $(OUT)/rpm" --undefine=dist $(OUT)/$(PROG)-$(RPM_VERSION)-*.src.rpm + cp $(OUT)/rpm/RPMS/*/$(PROG)-$(RPM_VERSION)-*.rpm $(OUT) test -z "$(outdir)" || cp $(OUT)/$(PROG)-$(RPM_VERSION)-*.rpm "$(outdir)" deb: build diff --git a/rpm/SOURCES/dnstapir-renew.sysusers.conf b/rpm/SOURCES/dnstapir-renew.sysusers.conf index ed57dc9..b99ad44 100644 --- a/rpm/SOURCES/dnstapir-renew.sysusers.conf +++ b/rpm/SOURCES/dnstapir-renew.sysusers.conf @@ -1,3 +1,3 @@ #Type Name ID GECOS Home directory Shell -u dnstapir-renew - "DNS TAPIR Edge Certificate Renewal" /etc/dnstapir - +u dnstapir-renew -:dnstapir "DNS TAPIR Edge Certificate Renewal" /etc/dnstapir - g dnstapir - From bd1abae88d1a44139d89eb9ddb3bc604cb8511e4 Mon Sep 17 00:00:00 2001 From: Leon Fernandez Date: Sun, 7 Dec 2025 21:36:15 +0100 Subject: [PATCH 4/5] rabbit fixes --- rpm/SPECS/dnstapir-cli.spec.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rpm/SPECS/dnstapir-cli.spec.in b/rpm/SPECS/dnstapir-cli.spec.in index ab5b296..a8d56cb 100644 --- a/rpm/SPECS/dnstapir-cli.spec.in +++ b/rpm/SPECS/dnstapir-cli.spec.in @@ -2,7 +2,7 @@ %global debug_package %{nil} # Handle backwards compat for sysuser creation -%if 0%{?fedora} < 42 || (0%{?rhel} && 0%{?rhel} <= 10) || (0%{?mageia} && 0%{?mageia} < 10) || (0%{?suse_version} && 0%{?suse_version} < 1660) +%if (0%{?fedora} && 0%{?fedora} < 42) || (0%{?rhel} && 0%{?rhel} <= 10) || (0%{?suse_version} && 0%{?suse_version} < 1660) %bcond_without sysusers_compat %else %bcond_with sysusers_compat @@ -60,7 +60,7 @@ install -m 0644 -D %{SOURCE3} %{buildroot}%{_sysusersdir}/dnstapir-renew.conf %attr(0660,-,dnstapir) %ghost %{_sysconfdir}/dnstapir/dnstapir-cli.yaml %attr(0644,root,dnstapir) %{_unitdir}/dnstapir-renew.service %attr(0644,root,dnstapir) %{_unitdir}/dnstapir-renew.timer -%{_sysusersdir}/dnstapir-renew.conf +%attr(0644,root,root) %{_sysusersdir}/dnstapir-renew.conf %if %{with sysusers_compat} %pre From 5f0f8af7205f56db328216d48cecf6c6e59dd063 Mon Sep 17 00:00:00 2001 From: Leon Fernandez Date: Tue, 9 Dec 2025 11:28:20 +0100 Subject: [PATCH 5/5] Consistently omit trailing slash for paths in rpm spec --- rpm/SPECS/dnstapir-cli.spec.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rpm/SPECS/dnstapir-cli.spec.in b/rpm/SPECS/dnstapir-cli.spec.in index a8d56cb..1fc3a94 100644 --- a/rpm/SPECS/dnstapir-cli.spec.in +++ b/rpm/SPECS/dnstapir-cli.spec.in @@ -31,8 +31,8 @@ Provides: group(dnstapir) %description DNS TAPIR EDGE ClI Tool for managing an EDGE deployment -%{!?_unitdir: %define _unitdir /usr/lib/systemd/system/} -%{!?_sysusersdir: %define _sysusersdir /usr/lib/sysusers.d/} +%{!?_unitdir: %define _unitdir /usr/lib/systemd/system} +%{!?_sysusersdir: %define _sysusersdir /usr/lib/sysusers.d} %prep %setup -n %{name}