Created attachment 234464 [details] Patch against the current ports tree. A new version of my port of OpenCA’s OCSP responder (needs libpki posted previously). Updated to the last version published (3.1.3).
Hi, Thanks for your patch! Looks good overall but there are some parts that looks a bit strange (quick review) security/openca-ocspd/Makefile L6: DISTVERSIONPREFIX should be defined before DISTVERSION Ref: "Example 17. Use of USE_GITHUB with DISTVERSIONPREFIX" in Porters Handbook L13: Please also define LICENSE_FILE L21: Remove L31: Shouldn't be needed, if so please fix patches openca-ocspd/files/patch-global-vars.in - Is this patch correct? security/openca-ocspd/pkg-plist L2, L3: This is a bit hacky, just remove the files in ports Makefile and/or project Makefile(s) Tested on (version, arch)? Does it build using Poudriere? Please also try to submit changes to upstream Best regards, Daniel
Created attachment 234483 [details] Patch against current ports tree Corrected patch.
Daniel, thanks for your review, I will look into the issues you mention and update the patch accordingly. The 3 patches (libpki openca-ocspd and py-certbot-plugin-gandi) I submitted are the one I use on my system : - freebsd 13.1, built from source - ports built with poudriere - arch x86_64 So far they seem to work well… I have been using them like for a year or so
...and of course I forgot something, libxml2 dependency should be defined using https://github.com/freebsd/freebsd-ports/blob/main/Mk/Uses/gnome.mk Pretty much everything mentioned here also applies to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264474
Created attachment 234504 [details] Patch against current ports tree Well, after some bumpy and clumsy attempts I managed to cook up a (hopefully) cleaner version for the two ports (libpki and openca-ocspd. I got rid of the patch to global-vars.in which only was there to avoid a probably harmless warning during build. I still wonder if license reference is what it should, it appears to be a modified apache license. Thank you for your kind interest (my first ports submission) !
*** Bug 259379 has been marked as a duplicate of this bug. ***
Created attachment 234693 [details] Patch against current ports tree - removed “created by” comment - removed unnecessary DISTNAME - corrected order of variables as recommended by portclippy - regenerated patch with make makepatch instead of patch and -change committer email to bruno@ruomad.net to match maintainer email
Created attachment 234911 [details] Updated patch against ports tree (matching update libpki port) Revised port using the last version of my port proposal for libpki
Created attachment 235251 [details] Corrected patch against current ports tree Hello, A corrected version of my port proposal, with pkg.plist fixed to add @sample for installed sample files (as per https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=265189). My mistake, I forgot to re-add @sample tags when updating pkg.plist. Thanks Bruno
====> Running Q/A tests (stage-qa) Warning: port uses /usr/local/var instead of /var ====> Checking for pkg-plist issues (check-plist) ===> Parsing plist ===> Checking for items in STAGEDIR missing from pkg-plist Error: Orphaned: @dir etc/init.d ===> Checking for items in pkg-plist which are not in STAGEDIR ===> Error: Plist issues found.
Ok I’ll amend it, as far as I understood : - suppress etc/init.d - use /var instead of /usr/var Thanks Bruno
Created attachment 235281 [details] Patch against current ports tree Hello, Here is a new version which : - moves most sample config files to share - adds a message to direct user to them for customization - removes /usr/local/etc/init.d - removes reference to /usr/local/var (as /var is used anyway) Thanks Bruno
Hi Bruno, ====> Running Q/A tests (stage-qa) Warning: port uses /usr/local/var instead of /var[1] Warning: /usr/ports/security/openca-ocspd/pkg-message not in UCL format, will be shown on initial install only.[2] Warning: See https://docs.freebsd.org/en/books/porters-handbook/pkg-files/#porting-message ====> Checking for pkg-plist issues (check-plist) ===> Parsing plist ===> Checking for items in STAGEDIR missing from pkg-plist Error: Orphaned: @dir %%DATADIR%%/etc/ocspd/pki/hsm.d Error: Orphaned: @dir %%DATADIR%%/etc/ocspd/pki/profile.d Error: Orphaned: @dir var/run ===> Checking for items in pkg-plist which are not in STAGEDIR ===> Error: Plist issues found.[3] [1] same warning as previous patch, is there a fix for it? [2] you could use a UCL install message instead [3] orphaned dirs
Created attachment 235307 [details] Patch against current ports tree (revision 1) Hello, I tried to correct the errors... Added an UCL message as well. Hope this works. Thanks Bruno
Created attachment 235313 [details] Fixed patch against current ports tree Sorry, fixed patch (typos in UCL) Also, I trashed the PORTREVISION=1 as port hasn't yet been committed. Bruno
Hello, are you sure that program does't use ${PREFIX}/var/run to run? Makefile.in mentions: --- install-data-local: @$(NORMAL_INSTALL) @$(mkinstalldirs) $(DESTDIR)$(exec_prefix)/var @$(mkinstalldirs) $(DESTDIR)$(exec_prefix)/var/run --- I added a RMDIR to port Makefile: --- ${RMDIR} ${STAGEDIR}${PREFIX}/var/run + ${RMDIR} ${STAGEDIR}${PREFIX}/var --- so it can silence Q/A tests: --- ====> Running Q/A tests (stage-qa) ====> Checking for pkg-plist issues (check-plist) ===> Parsing plist ===> Checking for items in STAGEDIR missing from pkg-plist ===> Checking for items in pkg-plist which are not in STAGEDIR ===> No pkg-plist issues found (check-plist) =>> Checking for staging violations... done --- But this is not the most correct way to do it and I'm thinking why is program configured to create 'var/run' in ${PREFIX} like we see it in STAGEDIR. What you think? Cheers
Hello, I think the origin of the var/run pb comes from the init.d script upstream, which I replaced, so the version built doesn’t use $PREFIX/var/run at all. Not sure if there is a better (cleaner way) than removing var from stage without patching upstream. I’ll keep investigating… Bruno
Hello, I think we could try to add --localstatedir=/var/run to CONFIGURE_ARGS What do you think ? Bruno
Hum, doesn't seem to improve anything
Let's proceed with stage ${PREFIX}/var/run removal since your tests tells that program use /var/run.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=e0fac7248904fc89d82ba4b064ca8a61410b1133 commit e0fac7248904fc89d82ba4b064ca8a61410b1133 Author: Bruno Damour <bruno@ruomad.net> AuthorDate: 2022-07-21 08:45:31 +0000 Commit: Nuno Teixeira <eduardo@FreeBSD.org> CommitDate: 2022-07-21 08:47:59 +0000 security/openca-ocspd: New port: OpenCA’s OCSP responder - submitter becomes maintainer OpenCA OCSP Responder is an rfc2560 compliant OCSPD responder. The server is a stand-alone application and can be integrated into many different PKI solutions as it does not depend on specific database scheme. Furthermore it can be used as a responder for multiple CAs. WWW: https://www.openca.org/projects/ocspd PR: 264475 security/Makefile | 1 + security/openca-ocspd/Makefile (new) | 52 +++++++++++++++++++++++++++ security/openca-ocspd/distinfo (new) | 3 ++ security/openca-ocspd/files/ocspd.in (new +x) | 21 +++++++++++ security/openca-ocspd/pkg-descr (new) | 6 ++++ security/openca-ocspd/pkg-message (new) | 18 ++++++++++ security/openca-ocspd/pkg-plist (new) | 18 ++++++++++ 7 files changed, 119 insertions(+)
Committed, thanks!