From 69f411d698fbcc1e0c4c4ec5790a354fbd9a970b Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Sun, 24 Jul 2016 06:29:14 +0000 Subject: foo --- config-certbot.PKGBUILD | 7 +++---- config-etckeeper.PKGBUILD | 33 ++++++++++++++++++++++++++++++++- config-proton-base.PKGBUILD | 8 +++++--- config-winston-base.PKGBUILD | 8 +++++--- 4 files changed, 45 insertions(+), 11 deletions(-) diff --git a/config-certbot.PKGBUILD b/config-certbot.PKGBUILD index 77b6e56..5a9e128 100644 --- a/config-certbot.PKGBUILD +++ b/config-certbot.PKGBUILD @@ -24,6 +24,7 @@ cd "$pkgdir" # So, I've encapsulated this into the script # `/etc/ssl/misc/certbot-get`. Edit `/etc/ssl/misc/certbot-get.d/` to # manipulate the list of domains, then run the script. +install -d etc/ssl/misc/certbot-get.d add-file -m755 etc/ssl/misc/certbot-get <<<'#!/bin/bash { set -eu @@ -127,7 +128,6 @@ server { listen [::]:80 default_server; server_name _; - # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response. location / { return 301 https://\$host\$request_uri; } @@ -135,13 +135,12 @@ server { location /.well-known/acme-challenge { root /var/lib/letsencrypt; default_type "text/plain"; - #try_files \$uri =404; } } # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate -ssl_certificate /etc/letsencrypt/live/winston.parabola.nu/fullchain.pem; -ssl_certificate_key /etc/letsencrypt/live/winston.parabola.nu/privkey.pem; +ssl_certificate /etc/ssl/private/myhostname/fullchain.pem; +ssl_certificate_key /etc/ssl/private/myhostname/privkey.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; diff --git a/config-etckeeper.PKGBUILD b/config-etckeeper.PKGBUILD index 75f0af1..88aa419 100644 --- a/config-etckeeper.PKGBUILD +++ b/config-etckeeper.PKGBUILD @@ -1,5 +1,5 @@ . ${BUILDFILE%/*}/common.sh -pkgver=20160713.8 +pkgver=20160713.11 depends=(etckeeper pristine-etc-keeper) @@ -32,6 +32,37 @@ add-file -m755 etc/etckeeper/commit.d/40git-ignore < .installed-packages.txt + +# stage the file as part of the current commit +if [ "\$VCS" = git ]; then + # this will do nothing if the file is unchanged. + git add .installed-packages.txt +fi +EOF + # The etckeeper update-ignore hook is customized to ignore a couple # more files in `/etc` (and avoid ignoring `/etc/mtab`). We ignore # `resolv.conf` because it is managed by [resolvconf][openresolv]. diff --git a/config-proton-base.PKGBUILD b/config-proton-base.PKGBUILD index 373055d..bd19e2f 100644 --- a/config-proton-base.PKGBUILD +++ b/config-proton-base.PKGBUILD @@ -26,8 +26,10 @@ add-unit etc/systemd/system/getty.target.wants/getty@tty1.service add-unit etc/systemd/system/multi-user.target.wants/haveged.service ln -s ../usr/lib/os-release etc/os-release -install -d ssl/certs -ln -s ../../ca-certificates/extracted/tls-ca-bundle.pem ssl/certs/ca-certificates.crt +install -d etc/ssl/certs +ln -s ../../ca-certificates/extracted/tls-ca-bundle.pem etc/ssl/certs/ca-certificates.crt +install -d etc/ssl/private +ln -s ../../letsencrypt/live/$(cat etc/hostname) etc/ssl/private/myhostname # ## timedate @@ -38,7 +40,7 @@ add-unit etc/systemd/system/sysinit.target.wants/systemd-timesyncd.service # ## networking -install -Dm644 /dev/stdin etc/netctl/ethernet-static <