diff --git a/ssh-host-cert-sign@.service b/ssh-host-cert-sign@.service deleted file mode 100644 index 0efde1e..0000000 --- a/ssh-host-cert-sign@.service +++ /dev/null @@ -1,34 +0,0 @@ -[Unit] -Description=Request %I SSH Host Certificate -After=network-online.target -Wants=network-online.target - -[Service] -Type=oneshot -EnvironmentFile=-/etc/sysconfig/ssh-host-cert-sign -ExecStart=/usr/bin/sshca-cli host sign --output /etc/ssh/ssh_host_%I_key-cert.pub /etc/ssh/ssh_host_%I_key.pub - -CapabilityBoundingSet=CAP_CHOWN -DeviceAllow= -DevicePolicy=closed -LockPersonality=yes -MemoryDenyWriteExecute=yes -NoNewPrivileges=yes -PrivateDevices=yes -PrivateUsers=yes -PrivateTmp=yes -ProcSubset=pid -ProtectClock=yes -ProtectControlGroups=yes -ProtectHome=yes -ProtectHostname=yes -ProtectKernelLogs=yes -ProtectKernelModules=yes -ProtectKernelTunables=yes -ProtectProc=invisible -ProtectSystem=strict -ReadWritePaths=/etc/ssh -RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX -RestrictNamespaces=yes -RestrictRealtime=yes -RestrictSUIDSGID=yes diff --git a/ssh-host-certs-renew.target b/ssh-host-certs-renew.target deleted file mode 100644 index 9e54f1b..0000000 --- a/ssh-host-certs-renew.target +++ /dev/null @@ -1,7 +0,0 @@ -# vim: set ft=systemd : -[Unit] -Description=Request SSH Host Certificates -StopWhenUnneeded=yes -Wants=ssh-host-cert-sign@ed25519.service -Wants=ssh-host-cert-sign@rsa.service -Wants=ssh-host-cert-sign@ecdsa.service diff --git a/ssh-host-certs-renew.timer b/ssh-host-certs-renew.timer deleted file mode 100644 index 3f6f728..0000000 --- a/ssh-host-certs-renew.timer +++ /dev/null @@ -1,12 +0,0 @@ -# vim: set ft=systemd : -[Unit] -Description=Periodically renew SSH host certificates - -[Timer] -Unit=%N.target -OnCalendar=Tue *-*-* 00:00:00 -RandomizedDelaySec=48h -Persistent=yes - -[Install] -WantedBy=timers.target diff --git a/ssh-host-certs.target b/ssh-host-certs.target deleted file mode 100644 index 6277e22..0000000 --- a/ssh-host-certs.target +++ /dev/null @@ -1,10 +0,0 @@ -# vim: set ft=systemd : -[Unit] -Description=Request SSH Host Certificates -ConditionFirstBoot=yes -Wants=ssh-host-cert-sign@ed25519.service -Wants=ssh-host-cert-sign@rsa.service -Wants=ssh-host-cert-sign@ecdsa.service - -[Install] -WantedBy=multi-user.target diff --git a/sshca-cli.spec b/sshca-cli.spec index afe946a..6992133 100644 --- a/sshca-cli.spec +++ b/sshca-cli.spec @@ -8,7 +8,7 @@ Name: sshca-cli Version: 0.1.1 -Release: 1%{?dist} +Release: 2%{?dist} Summary: CLI client for SSHCA SourceLicense: MIT OR Apache-2.0 @@ -18,30 +18,17 @@ License: MIT OR Apache-2.0 URL: https://git.pyrocufflink.net/dustin/sshca Source: sshca-cli-%{version}.tar.xz Source: sshca-cli-%{version}-vendor.tar.xz -Source: ssh-host-cert-sign@.service -Source: ssh-host-certs.target -Source: ssh-host-certs-renew.target -Source: ssh-host-certs-renew.timer ExclusiveArch: %{rust_arches} BuildRequires: cargo-rpm-macros >= 25 BuildRequires: openssl-devel -BuildRequires: systemd-rpm-macros %global _description %{expand: CLI client for SSHCA.} %description %{_description} -%package systemd -Summary: systemd units for managing SSH host certificates with SSHCA -Requires: %{name} = %{version} - -%description systemd -A collection of systemd service, timer, and target units that automatically -request and renew SSH host certificates from an SSHCA server. - %prep %autosetup -n %{crate}-%{version} -p1 -a1 %cargo_prep -v vendor @@ -56,28 +43,11 @@ request and renew SSH host certificates from an SSHCA server. %install %cargo_install -mkdir -p $RPM_BUILD_ROOT%{_unitdir} -install -m u=rw,go=r \ - %{SOURCE2} \ - %{SOURCE3} \ - %{SOURCE4} \ - %{SOURCE5} \ - $RPM_BUILD_ROOT%{_unitdir} - %if %{with check} %check %cargo_test %endif -%post systemd -%systemd_post ssh-host-certs.target ssh-host-certs-renew.timer - -%preun systemd -%systemd_preun ssh-host-certs.target ssh-host-certs-renew.timer - -%postun systemd -%systemd_postun ssh-host-certs.target ssh-host-certs-renew.timer - %files %license LICENSE-Apache-2.0.txt %license LICENSE-MIT.txt @@ -85,9 +55,6 @@ install -m u=rw,go=r \ %license cargo-vendor.txt %{_bindir}/sshca-cli -%files systemd -%{_unitdir}/* - %changelog * Sun Nov 05 2023 Dustin C. Hatch - 0.1.0-1 - Initial package