fix hooks

acmetool/acmetool-hook.sh

@@ -9,12 +9,12 @@ shift
 if [ ".$EVENT_NAME" = ".live-updated" ]; then
     #   reload Apache, if present
     if [ -x @l_prefix@/sbin/apache ]; then
-        @l_prefix@/bin/openpkg rc apache reload
+        @l_prefix@/bin/sudo @l_prefix@/bin/openpkg rc apache reload
     fi
 
     #   reload NGINX, if present
     if [ -x @l_prefix@/sbin/nginx ]; then
-        @l_prefix@/bin/openpkg rc nginx reload
+        @l_prefix@/bin/sudo @l_prefix@/bin/openpkg rc nginx reload
     fi
 fi
 

acmetool/acmetool-sudoers.txt

@@ -0,0 +1,6 @@
+##
+##  acmetool-sudoers.txt -- sudo(8) configuration for ACMETool
+##
+
+@l_rusr@ ALL = (root) NOPASSWD: SETENV: @l_prefix@/bin/openpkg
+

acmetool/acmetool.spec

@@ -36,20 +36,21 @@ Class:        EVAL
 Group:        Cryptography
 License:      MIT
 Version:      %{V_acmetool_base}
-Release:      20160204
+Release:      20160205
 
 #   list of sources
 Source0:      http://download.openpkg.org/components/versioned/acmetool/acmetool-%{V_acmetool_snap}.tar.xz
 Source1:      acmetool-apache.conf
 Source2:      acmetool-responses.yaml
 Source3:      acmetool-hook.sh
-Source4:      acmetool.c
-Source5:      rc.acmetool
+Source4:      acmetool-sudoers.txt
+Source5:      acmetool.c
+Source6:      rc.acmetool
 Patch0:       acmetool.patch
 
 #   build information
 BuildPreReq:  OpenPKG, openpkg >= 20160101, go
-PreReq:       OpenPKG, openpkg >= 20160101
+PreReq:       OpenPKG, openpkg >= 20160101, sudo
 
 %description
     ACMETool is an easy-to-use command line tool for automatically
@@ -96,6 +97,7 @@ PreReq:       OpenPKG, openpkg >= 20160101
     %{l_shtool} mkdir -f -p -m 755 \
         $RPM_BUILD_ROOT%{l_prefix}/sbin \
         $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d \
+        $RPM_BUILD_ROOT%{l_prefix}/etc/sudo/sudoers.d \
         $RPM_BUILD_ROOT%{l_prefix}/etc/acmetool \
         $RPM_BUILD_ROOT%{l_prefix}/etc/apache/apache.d \
         $RPM_BUILD_ROOT%{l_prefix}/libexec/acmetool/hook \
@@ -116,6 +118,11 @@ PreReq:       OpenPKG, openpkg >= 20160101
         %{SOURCE acmetool-hook.sh} \
         $RPM_BUILD_ROOT%{l_prefix}/libexec/acmetool/hook/life-updated
 
+    #   install sudo(8) configuration
+    %{l_shtool} install -c -m 644 %{l_value -s -a} \
+        %{SOURCE acmetool-sudoers.txt} \
+        $RPM_BUILD_ROOT%{l_prefix}/etc/sudo/sudoers.d/acmetool
+
     #   install responses file
     %{l_shtool} install -c -m 644 %{l_value -s -a} \
         %{SOURCE acmetool-responses.yaml} \
@@ -133,8 +140,11 @@ PreReq:       OpenPKG, openpkg >= 20160101
     #   determine installation files
     %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
         %{l_files_std} \
-        '%attr(4755,%{l_rusr},%{l_rgrp}) %{l_prefix}/sbin/acmetool' \
         '%config %{l_prefix}/etc/acmetool/*' \
+        '%attr(0600,%{l_susr},%{l_sgrp}) %{l_prefix}/etc/sudo/sudoers.d/acmetool' \
+        '%not %dir %{l_prefix}/etc/sudo/sudoers.d' \
+        '%not %dir %{l_prefix}/etc/sudo' \
+        '%attr(4755,%{l_rusr},%{l_rgrp}) %{l_prefix}/sbin/acmetool' \
         '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/acmetool/*'
 
 %files -f files