%global _empty_manifest_terminate_build 0
Name:		python-cryptdomainmgr
Version:	0.2.7
Release:	1
Summary:	Software managing certificate, dkim and domain updates automagically.
License:	https://www.fsf.org/licensing/licenses/agpl-3.0.html
URL:		https://www.entroserv.de/offene-software/cryptdomainmgr
Source0:	https://mirrors.nju.edu.cn/pypi/web/packages/9c/bb/4e4cd0d869291e397921fe4e8686ef26b42cca98087285f4ba129fa4e2b2/cryptdomainmgr-0.2.7.tar.gz
BuildArch:	noarch


%description
[![Build Status](https://app.travis-ci.com/TheTesla/cryptdomainmgr.svg?branch=master)](https://app.travis-ci.com/TheTesla/cryptdomainmgr)

# Crypto Domain Manager

Automate all your cryptographic needs!

## Goals

* Zero downtime
* Automatic certificate renewal
* Spam protection
* Updated DNS records

Configure once and always stay up to date.

## Use cases

* Renew letsencrypt certicates
* Derive all kinds of data from the signature
* Ensure everything is secure

## External Service APIs

* Domain Certificate: [letsencrypt.org](https://letsencrypt.org)
* DNS Record Updates: [inwx.de](https://inwx.de)

## Linux Services

* DKIM signatures:
  * rspamd
* Reload systemd services:
  * apache2
  * postfix
  * dovecot
  * rspamd
  * traefik in Docker

## Managed DNS Records

* TLSA - for [DNS based authentication of named entities](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) DANE
* DKIM - domain keys for email signatures and spam detection
* CAA - specify the CA
* DMARC, SPF, ADSP - configure secure DNS

## No downtime strategy

Updating keys, certifcates and other needs 3 steps to prevent gaps in availabillity:

1. **Prepare**: Create certificates, keys etc. and publish corresponding records to DNS.
2. **Rollover**: Apply new certificates and keys, because now negative cache TTL on DNS is reached.
3. **Cleanup**: Delete all no more needed stuff from disk and DNS.

## Needed Plugins and Dependencies

* **dnsuptools**: to interface with DNS API -- updating DNS entries
* **dehydrated**: to get new certificate (included with cryptdomainmgr)
* **rspamd**: to create (and use) DKIM keys

## Installation

These libraries are needed for pycurl used by dnsuptools for automatic ip retrieving:
```bash
apt install -y libcurl4-openssl-dev libssl-dev
```
This comman is used by dehydrated to communicate with letsencrypt for certificate renewal:
```bash
apt install -y curl
```
For DKIM we need rspamd:
```bash
apt install -y lsb-release wget # optional
CODENAME=`lsb_release -c -s`
wget -O- https://rspamd.com/apt-stable/gpg.key | apt-key add -
echo "deb [arch=amd64] http://rspamd.com/apt-stable/ $CODENAME main" > /etc/apt/sources.list.d/rspamd.list
echo "deb-src [arch=amd64] http://rspamd.com/apt-stable/ $CODENAME main" >> /etc/apt/sources.list.d/rspamd.list
apt update
apt install -y rspamd
```
Now install the cryptdomainmgr. This pulls all need dependencies.
```bash
python2 -m pip install cryptdomainmgr
```
Feel free to try python3, but inwx client doesn't support it.
```bash
python3 -m pip install cryptdomainmgr
```

## Documentation

We need help here!

For now please look at:
* German project description and tutorial: https://www.entroserv.de/offene-software/cryptdomainmgr
* Slides: https://github.com/TheTesla/cryptdomainmgr-talk
* Look at the configfiles examples

hints:
* Multiple Configfiles with priority allowed
* Specify content of config file content as argument

## Next goals

* improve documentation
* docker support - partly done, ToDo: label handling needed, daemon mode without external shell stript needed
* website
* automated tests - partly done
* nsupdate for DNS updates

Long term goals:
* ARC key renewal
* WPIA integration
* DNSSEC key renewal
* TXT record (may collide with SPF and other TXT based records)
* multi server support for one domain: TLSA delete by timeout
* constrain minimum renewal/phase time interval
* validations - ensure signatures are used correctly
* run as service
* PowerDNS support

## Contributions

If you like the project feel free to give me a star.
Please let us know if you use this project.

All kind of contributions are welcome.


%package -n python3-cryptdomainmgr
Summary:	Software managing certificate, dkim and domain updates automagically.
Provides:	python-cryptdomainmgr
BuildRequires:	python3-devel
BuildRequires:	python3-setuptools
BuildRequires:	python3-pip
%description -n python3-cryptdomainmgr
[![Build Status](https://app.travis-ci.com/TheTesla/cryptdomainmgr.svg?branch=master)](https://app.travis-ci.com/TheTesla/cryptdomainmgr)

# Crypto Domain Manager

Automate all your cryptographic needs!

## Goals

* Zero downtime
* Automatic certificate renewal
* Spam protection
* Updated DNS records

Configure once and always stay up to date.

## Use cases

* Renew letsencrypt certicates
* Derive all kinds of data from the signature
* Ensure everything is secure

## External Service APIs

* Domain Certificate: [letsencrypt.org](https://letsencrypt.org)
* DNS Record Updates: [inwx.de](https://inwx.de)

## Linux Services

* DKIM signatures:
  * rspamd
* Reload systemd services:
  * apache2
  * postfix
  * dovecot
  * rspamd
  * traefik in Docker

## Managed DNS Records

* TLSA - for [DNS based authentication of named entities](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) DANE
* DKIM - domain keys for email signatures and spam detection
* CAA - specify the CA
* DMARC, SPF, ADSP - configure secure DNS

## No downtime strategy

Updating keys, certifcates and other needs 3 steps to prevent gaps in availabillity:

1. **Prepare**: Create certificates, keys etc. and publish corresponding records to DNS.
2. **Rollover**: Apply new certificates and keys, because now negative cache TTL on DNS is reached.
3. **Cleanup**: Delete all no more needed stuff from disk and DNS.

## Needed Plugins and Dependencies

* **dnsuptools**: to interface with DNS API -- updating DNS entries
* **dehydrated**: to get new certificate (included with cryptdomainmgr)
* **rspamd**: to create (and use) DKIM keys

## Installation

These libraries are needed for pycurl used by dnsuptools for automatic ip retrieving:
```bash
apt install -y libcurl4-openssl-dev libssl-dev
```
This comman is used by dehydrated to communicate with letsencrypt for certificate renewal:
```bash
apt install -y curl
```
For DKIM we need rspamd:
```bash
apt install -y lsb-release wget # optional
CODENAME=`lsb_release -c -s`
wget -O- https://rspamd.com/apt-stable/gpg.key | apt-key add -
echo "deb [arch=amd64] http://rspamd.com/apt-stable/ $CODENAME main" > /etc/apt/sources.list.d/rspamd.list
echo "deb-src [arch=amd64] http://rspamd.com/apt-stable/ $CODENAME main" >> /etc/apt/sources.list.d/rspamd.list
apt update
apt install -y rspamd
```
Now install the cryptdomainmgr. This pulls all need dependencies.
```bash
python2 -m pip install cryptdomainmgr
```
Feel free to try python3, but inwx client doesn't support it.
```bash
python3 -m pip install cryptdomainmgr
```

## Documentation

We need help here!

For now please look at:
* German project description and tutorial: https://www.entroserv.de/offene-software/cryptdomainmgr
* Slides: https://github.com/TheTesla/cryptdomainmgr-talk
* Look at the configfiles examples

hints:
* Multiple Configfiles with priority allowed
* Specify content of config file content as argument

## Next goals

* improve documentation
* docker support - partly done, ToDo: label handling needed, daemon mode without external shell stript needed
* website
* automated tests - partly done
* nsupdate for DNS updates

Long term goals:
* ARC key renewal
* WPIA integration
* DNSSEC key renewal
* TXT record (may collide with SPF and other TXT based records)
* multi server support for one domain: TLSA delete by timeout
* constrain minimum renewal/phase time interval
* validations - ensure signatures are used correctly
* run as service
* PowerDNS support

## Contributions

If you like the project feel free to give me a star.
Please let us know if you use this project.

All kind of contributions are welcome.


%package help
Summary:	Development documents and examples for cryptdomainmgr
Provides:	python3-cryptdomainmgr-doc
%description help
[![Build Status](https://app.travis-ci.com/TheTesla/cryptdomainmgr.svg?branch=master)](https://app.travis-ci.com/TheTesla/cryptdomainmgr)

# Crypto Domain Manager

Automate all your cryptographic needs!

## Goals

* Zero downtime
* Automatic certificate renewal
* Spam protection
* Updated DNS records

Configure once and always stay up to date.

## Use cases

* Renew letsencrypt certicates
* Derive all kinds of data from the signature
* Ensure everything is secure

## External Service APIs

* Domain Certificate: [letsencrypt.org](https://letsencrypt.org)
* DNS Record Updates: [inwx.de](https://inwx.de)

## Linux Services

* DKIM signatures:
  * rspamd
* Reload systemd services:
  * apache2
  * postfix
  * dovecot
  * rspamd
  * traefik in Docker

## Managed DNS Records

* TLSA - for [DNS based authentication of named entities](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) DANE
* DKIM - domain keys for email signatures and spam detection
* CAA - specify the CA
* DMARC, SPF, ADSP - configure secure DNS

## No downtime strategy

Updating keys, certifcates and other needs 3 steps to prevent gaps in availabillity:

1. **Prepare**: Create certificates, keys etc. and publish corresponding records to DNS.
2. **Rollover**: Apply new certificates and keys, because now negative cache TTL on DNS is reached.
3. **Cleanup**: Delete all no more needed stuff from disk and DNS.

## Needed Plugins and Dependencies

* **dnsuptools**: to interface with DNS API -- updating DNS entries
* **dehydrated**: to get new certificate (included with cryptdomainmgr)
* **rspamd**: to create (and use) DKIM keys

## Installation

These libraries are needed for pycurl used by dnsuptools for automatic ip retrieving:
```bash
apt install -y libcurl4-openssl-dev libssl-dev
```
This comman is used by dehydrated to communicate with letsencrypt for certificate renewal:
```bash
apt install -y curl
```
For DKIM we need rspamd:
```bash
apt install -y lsb-release wget # optional
CODENAME=`lsb_release -c -s`
wget -O- https://rspamd.com/apt-stable/gpg.key | apt-key add -
echo "deb [arch=amd64] http://rspamd.com/apt-stable/ $CODENAME main" > /etc/apt/sources.list.d/rspamd.list
echo "deb-src [arch=amd64] http://rspamd.com/apt-stable/ $CODENAME main" >> /etc/apt/sources.list.d/rspamd.list
apt update
apt install -y rspamd
```
Now install the cryptdomainmgr. This pulls all need dependencies.
```bash
python2 -m pip install cryptdomainmgr
```
Feel free to try python3, but inwx client doesn't support it.
```bash
python3 -m pip install cryptdomainmgr
```

## Documentation

We need help here!

For now please look at:
* German project description and tutorial: https://www.entroserv.de/offene-software/cryptdomainmgr
* Slides: https://github.com/TheTesla/cryptdomainmgr-talk
* Look at the configfiles examples

hints:
* Multiple Configfiles with priority allowed
* Specify content of config file content as argument

## Next goals

* improve documentation
* docker support - partly done, ToDo: label handling needed, daemon mode without external shell stript needed
* website
* automated tests - partly done
* nsupdate for DNS updates

Long term goals:
* ARC key renewal
* WPIA integration
* DNSSEC key renewal
* TXT record (may collide with SPF and other TXT based records)
* multi server support for one domain: TLSA delete by timeout
* constrain minimum renewal/phase time interval
* validations - ensure signatures are used correctly
* run as service
* PowerDNS support

## Contributions

If you like the project feel free to give me a star.
Please let us know if you use this project.

All kind of contributions are welcome.


%prep
%autosetup -n cryptdomainmgr-0.2.7

%build
%py3_build

%install
%py3_install
install -d -m755 %{buildroot}/%{_pkgdocdir}
if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi
if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi
if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi
if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi
pushd %{buildroot}
if [ -d usr/lib ]; then
	find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst
fi
if [ -d usr/lib64 ]; then
	find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst
fi
if [ -d usr/bin ]; then
	find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst
fi
if [ -d usr/sbin ]; then
	find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst
fi
touch doclist.lst
if [ -d usr/share/man ]; then
	find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst
fi
popd
mv %{buildroot}/filelist.lst .
mv %{buildroot}/doclist.lst .

%files -n python3-cryptdomainmgr -f filelist.lst
%dir %{python3_sitelib}/*

%files help -f doclist.lst
%{_docdir}/*

%changelog
* Tue May 30 2023 Python_Bot <Python_Bot@openeuler.org> - 0.2.7-1
- Package Spec generated