package init

fetch-crl.service

@@ -0,0 +1,14 @@
+# This unit has no install section by design
+# Enable timer instead
+# systemctl enable fetch-crl.timer
+# systemctl start fetch-crl.timer
+
+[Unit]
+Description=Run fetch-crl once
+After=syslog.target network.target
+
+[Service]
+EnvironmentFile=-/etc/sysconfig/fetch-crl
+ExecStart=/usr/sbin/fetch-crl -q $FETCHCRL_OPTIONS $FETCHCRL_BOOT_OPTIONS
+TimeoutSec=10m
+

fetch-crl.spec

@@ -0,0 +1,81 @@
+Name:                fetch-crl
+Version:             3.0.21
+Release:             1
+Summary:             Downloads Certificate Revocation Lists
+License:             ASL 2.0
+URL:                 https://wiki.nikhef.nl/grid/FetchCRL3
+Source0:             https://dist.eugridpma.info/distribution/util/fetch-crl3/fetch-crl-%{version}.tar.gz
+Source1:             fetch-crl.service
+Source2:             fetch-crl.timer
+BuildArch:           noarch
+Requires:            openssl
+%if 0%{?el7}
+Requires:            perl(File::Basename) perl(File::Temp) perl(Getopt::Long) perl(IO::Select)
+Requires:            perl(IPC::Open3) perl(LWP) perl(POSIX) perl(Sys::Syslog) perl(Time::Local)
+%endif
+Requires:            perl(LWP::Protocol::https)
+Requires(post):   systemd
+Requires(preun):  systemd
+Requires(postun): systemd
+BuildRequires:       perl-generators systemd make
+%description
+This tool and associated timer entry ensure that Certificate Revocation
+Lists (CRLs) are periodically retrieved from the web sites of the respective
+Certification Authorities.
+It assumes that the installed CA files follow the hash.crl_url convention.
+
+%prep
+%setup -q
+cp -p %{SOURCE1} fetch-crl.service
+cp -p %{SOURCE2} fetch-crl.timer
+cat << \EOF > %{name}-req
+%{__perl_requires} $* |\
+sed -e '/perl(CRL)/d' |\
+sed -e '/perl(CRLWriter)/d' |\
+sed -e '/perl(ConfigTiny)/d' |\
+sed -e '/perl(FCLog)/d' |\
+sed -e '/perl(OSSL)/d' |\
+sed -e '/perl(TrustAnchor)/d' |\
+sed -e '/perl(base64)/d'
+EOF
+%global __perl_requires %{_builddir}/fetch-crl-%{version}/%{name}-req
+chmod +x %{__perl_requires}
+
+%build
+
+%install
+make install PREFIX=$RPM_BUILD_ROOT%{_usr} ETC=$RPM_BUILD_ROOT%{_sysconfdir} CACHE=$RPM_BUILD_ROOT%{_var}/cache
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/grid-security/certificates
+mkdir -p $RPM_BUILD_ROOT%{_unitdir}
+install -p -m 644  %{name}.service $RPM_BUILD_ROOT%{_unitdir}/%{name}.service
+install -p -m 644  %{name}.timer $RPM_BUILD_ROOT%{_unitdir}/%{name}.timer
+rm -rf $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}-%{version}
+
+%post
+%systemd_post %{name}.timer
+
+%preun
+%systemd_preun %{name}.timer
+
+%postun
+%systemd_postun_with_restart %{name}.timer
+
+%files
+%{_sbindir}/%{name}
+%{_sbindir}/clean-crl
+%{_unitdir}/%{name}.service
+%{_unitdir}/%{name}.timer
+%dir %{_var}/cache/%{name}
+%dir %{_sysconfdir}/grid-security
+%dir %{_sysconfdir}/grid-security/certificates
+%dir %{_sysconfdir}/%{name}.d
+%doc %{_mandir}/man8/%{name}.8.gz
+%doc %{_mandir}/man8/clean-crl.8.gz
+%doc CHANGES NOTICE README fetch-crl.cnf.example
+%config(noreplace) %{_sysconfdir}/%{name}.conf
+%license LICENSE
+
+%changelog
+* Mon Sep 6 2021 wulei <wulei80@huawei.com> - 3.0.21-1
+- package init

fetch-crl.timer

@@ -0,0 +1,10 @@
+[Unit]
+Description=Run fetch-crl every 6 hours
+
+[Timer]
+OnBootSec=1min
+OnUnitActiveSec=6h
+Persistent=true
+
+[Install]
+WantedBy=timers.target