diff --git a/fetch-crl-3.0.21.tar.gz b/fetch-crl-3.0.21.tar.gz new file mode 100644 index 0000000..203a882 Binary files /dev/null and b/fetch-crl-3.0.21.tar.gz differ diff --git a/fetch-crl.service b/fetch-crl.service new file mode 100644 index 0000000..6f05bc6 --- /dev/null +++ b/fetch-crl.service @@ -0,0 +1,14 @@ +# This unit has no install section by design +# Enable timer instead +# systemctl enable fetch-crl.timer +# systemctl start fetch-crl.timer + +[Unit] +Description=Run fetch-crl once +After=syslog.target network.target + +[Service] +EnvironmentFile=-/etc/sysconfig/fetch-crl +ExecStart=/usr/sbin/fetch-crl -q $FETCHCRL_OPTIONS $FETCHCRL_BOOT_OPTIONS +TimeoutSec=10m + diff --git a/fetch-crl.spec b/fetch-crl.spec new file mode 100644 index 0000000..464a5c2 --- /dev/null +++ b/fetch-crl.spec @@ -0,0 +1,81 @@ +Name: fetch-crl +Version: 3.0.21 +Release: 1 +Summary: Downloads Certificate Revocation Lists +License: ASL 2.0 +URL: https://wiki.nikhef.nl/grid/FetchCRL3 +Source0: https://dist.eugridpma.info/distribution/util/fetch-crl3/fetch-crl-%{version}.tar.gz +Source1: fetch-crl.service +Source2: fetch-crl.timer +BuildArch: noarch +Requires: openssl +%if 0%{?el7} +Requires: perl(File::Basename) perl(File::Temp) perl(Getopt::Long) perl(IO::Select) +Requires: perl(IPC::Open3) perl(LWP) perl(POSIX) perl(Sys::Syslog) perl(Time::Local) +%endif +Requires: perl(LWP::Protocol::https) +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +BuildRequires: perl-generators systemd make +%description +This tool and associated timer entry ensure that Certificate Revocation +Lists (CRLs) are periodically retrieved from the web sites of the respective +Certification Authorities. +It assumes that the installed CA files follow the hash.crl_url convention. + +%prep +%setup -q +cp -p %{SOURCE1} fetch-crl.service +cp -p %{SOURCE2} fetch-crl.timer +cat << \EOF > %{name}-req +%{__perl_requires} $* |\ +sed -e '/perl(CRL)/d' |\ +sed -e '/perl(CRLWriter)/d' |\ +sed -e '/perl(ConfigTiny)/d' |\ +sed -e '/perl(FCLog)/d' |\ +sed -e '/perl(OSSL)/d' |\ +sed -e '/perl(TrustAnchor)/d' |\ +sed -e '/perl(base64)/d' +EOF +%global __perl_requires %{_builddir}/fetch-crl-%{version}/%{name}-req +chmod +x %{__perl_requires} + +%build + +%install +make install PREFIX=$RPM_BUILD_ROOT%{_usr} ETC=$RPM_BUILD_ROOT%{_sysconfdir} CACHE=$RPM_BUILD_ROOT%{_var}/cache +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/grid-security/certificates +mkdir -p $RPM_BUILD_ROOT%{_unitdir} +install -p -m 644 %{name}.service $RPM_BUILD_ROOT%{_unitdir}/%{name}.service +install -p -m 644 %{name}.timer $RPM_BUILD_ROOT%{_unitdir}/%{name}.timer +rm -rf $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}-%{version} + +%post +%systemd_post %{name}.timer + +%preun +%systemd_preun %{name}.timer + +%postun +%systemd_postun_with_restart %{name}.timer + +%files +%{_sbindir}/%{name} +%{_sbindir}/clean-crl +%{_unitdir}/%{name}.service +%{_unitdir}/%{name}.timer +%dir %{_var}/cache/%{name} +%dir %{_sysconfdir}/grid-security +%dir %{_sysconfdir}/grid-security/certificates +%dir %{_sysconfdir}/%{name}.d +%doc %{_mandir}/man8/%{name}.8.gz +%doc %{_mandir}/man8/clean-crl.8.gz +%doc CHANGES NOTICE README fetch-crl.cnf.example +%config(noreplace) %{_sysconfdir}/%{name}.conf +%license LICENSE + +%changelog +* Mon Sep 6 2021 wulei - 3.0.21-1 +- package init diff --git a/fetch-crl.timer b/fetch-crl.timer new file mode 100644 index 0000000..9f4e6c5 --- /dev/null +++ b/fetch-crl.timer @@ -0,0 +1,10 @@ +[Unit] +Description=Run fetch-crl every 6 hours + +[Timer] +OnBootSec=1min +OnUnitActiveSec=6h +Persistent=true + +[Install] +WantedBy=timers.target