FreeBSD Bugzilla – Attachment 205281 Details for
Bug 237349
New port: security/lego Let's Encrypt client written in Go
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
security/lego port patch v3
lego.diff (text/plain), 10.10 KB, created by
Matthew Horan
on 2019-06-22 12:29:54 UTC
(
hide
)
Description:
security/lego port patch v3
Filename:
MIME Type:
Creator:
Matthew Horan
Created:
2019-06-22 12:29:54 UTC
Size:
10.10 KB
patch
obsolete
>Index: UIDs >=================================================================== >--- UIDs (revision 504379) >+++ UIDs (working copy) >@@ -549,7 +549,7 @@ > _tss:*:601:601:daemon:0:0:TrouSerS user:/var/empty:/usr/sbin/nologin > _pkcs11:*:602:602:daemon:0:0:opencryptoki user:/var/empty:/usr/sbin/nologin > _acme:*:603:603::0:0:ACME client user:/var/empty:/usr/sbin/nologin >-# free: 604 >+_lego:*:604:604::0:0:lego client user:/nonexistent:/usr/sbin/nologin > _hockeypuck:*:605:605::0:0:hockeypuck pgp keyserver user:/var/empty:/usr/sbin/nologin > # free: 606 > # free: 607 >Index: GIDs >=================================================================== >--- GIDs (revision 504379) >+++ GIDs (working copy) >@@ -544,7 +544,7 @@ > _tss:*:601: > _pkcs11:*:602: > _acme:*:603: >-# free: 604 >+_lego:*:604: > _hockeypuck:*:605: > # free: 606 > # free: 607 >Index: security/lego/Makefile >=================================================================== >--- security/lego/Makefile (nonexistent) >+++ security/lego/Makefile (working copy) >@@ -0,0 +1,46 @@ >+# $FreeBSD$ >+ >+PORTNAME= lego >+DISTVERSIONPREFIX= v >+DISTVERSION= 2.6.0 >+CATEGORIES= security >+ >+MAINTAINER= matt@matthoran.com >+COMMENT= Let's Encrypt client and ACME library written in Go >+ >+LICENSE= MIT >+LICENSE_FILE= ${WRKSRC}/LICENSE >+ >+RUN_DEPENDS= ${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss >+ >+USES= go >+ >+GO_PKGNAME= github.com/go-acme/lego >+GO_TARGET= ${GO_PKGNAME}/cmd/lego >+GO_BUILDFLAGS= -ldflags '-X "main.version=${GH_TAGNAME}"' >+ >+USE_GITHUB= yes >+GH_ACCOUNT= go-acme >+ >+SAMPLE_FILES= lego.sh.sample deploy.sh.sample >+SUB_FILES= 604.lego pkg-message ${SAMPLE_FILES} >+SUB_LIST= PORTNAME=${PORTNAME} LEGO_USER=${LEGO_USER} >+ >+PERIODIC_DIRS= etc/periodic/weekly >+PERIODIC_FILES= 604.lego >+ >+LEGO_USER?= _lego >+ >+USERS= ${LEGO_USER} >+GROUPS= ${LEGO_USER} >+ >+post-install: >+ ${MKDIR} ${STAGEDIR}${PREFIX}/${PERIODIC_DIRS} >+ ${INSTALL_SCRIPT} ${WRKDIR}/${PERIODIC_FILES} ${STAGEDIR}${PREFIX}/${PERIODIC_DIRS}/${PERIODIC_FILES} >+ ${MKDIR} ${STAGEDIR}${PREFIX}/etc/ssl/lego \ >+ ${STAGEDIR}${ETCDIR} ${STAGEDIR}${WWWDIR} >+. for d in ${SAMPLE_FILES} >+ ${INSTALL_SCRIPT} ${WRKDIR}/${d} ${STAGEDIR}${ETCDIR}/${d} >+. endfor >+ >+.include <bsd.port.mk> > >Property changes on: security/lego/Makefile >___________________________________________________________________ >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:keywords >## -0,0 +1 ## >+FreeBSD=%H >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: security/lego/distinfo >=================================================================== >--- security/lego/distinfo (nonexistent) >+++ security/lego/distinfo (working copy) >@@ -0,0 +1,3 @@ >+TIMESTAMP = 1559482047 >+SHA256 (go-acme-lego-v2.6.0_GH0.tar.gz) = 1abba13871f58fe483a3d4ac3900d44cddeacfc3dfe9fae2d96e45a9a39e7ce7 >+SIZE (go-acme-lego-v2.6.0_GH0.tar.gz) = 4996556 > >Property changes on: security/lego/distinfo >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: security/lego/files/604.lego.in >=================================================================== >--- security/lego/files/604.lego.in (nonexistent) >+++ security/lego/files/604.lego.in (working copy) >@@ -0,0 +1,32 @@ >+#!/bin/sh >+ >+if [ -r /etc/defaults/periodic.conf ] >+then >+ . /etc/defaults/periodic.conf >+ source_periodic_confs >+fi >+ >+PATH=$PATH:%%LOCALBASE%%/bin:%%LOCALBASE%%/sbin >+export PATH >+ >+case "$weekly_lego_enable" in >+ [Yy][Ee][Ss]) >+ echo >+ echo "Checking Let's Encrypt certificate status:" >+ >+ if [ -x "$weekly_lego_renewscript" ] ; then >+ echo "$weekly_lego_renewscript" | su -fm _lego || exit 3 >+ fi >+ >+ if [ -n "$weekly_lego_deployscript" ] ; then >+ if [ -x "$weekly_lego_deployscript" ] ; then >+ echo "Deploying Let's Encrypt certificates:" >+ $weekly_lego_deployscript || exit 3 >+ else >+ echo 'Skipped, deploy script does not exist or is not executable' >+ fi >+ fi >+ ;; >+ *) >+ ;; >+esac > >Property changes on: security/lego/files/604.lego.in >___________________________________________________________________ >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: security/lego/files/deploy.sh.sample.in >=================================================================== >--- security/lego/files/deploy.sh.sample.in (nonexistent) >+++ security/lego/files/deploy.sh.sample.in (working copy) >@@ -0,0 +1,30 @@ >+#!/bin/sh -e >+ >+SSLDIR="%%PREFIX%%/etc/ssl" >+ >+copy_certs () { >+ local certdir certfile domain keyfile rc >+ rc=1 >+ >+ certdir="${SSLDIR}/lego/certificates" >+ certfiles="$(find "${certdir}" -name "*.crt" -not -name "*.issuer.crt")" >+ for certfile in $certfiles >+ do >+ domain="$(basename "$certfile" .crt)" >+ keyfile="$(dirname "$certfile")/${domain}.key" >+ >+ if ! cmp -s "${certfile}" "${SSLDIR}/certs/${domain}.crt" >+ then >+ cp "${certfile}" "${SSLDIR}/certs/${domain}.crt" >+ cp "${keyfile}" "${SSLDIR}/private/${domain}.key" >+ rc=0 >+ fi >+ done >+ >+ return $rc >+} >+ >+if copy_certs >+then >+ output=$(service nginx reload 2>&1) || (echo "$output" && exit 1) >+fi > >Property changes on: security/lego/files/deploy.sh.sample.in >___________________________________________________________________ >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: security/lego/files/lego.sh.sample.in >=================================================================== >--- security/lego/files/lego.sh.sample.in (nonexistent) >+++ security/lego/files/lego.sh.sample.in (working copy) >@@ -0,0 +1,40 @@ >+#!/bin/sh -e >+ >+# Email used for registration and recovery contact. >+EMAIL="" >+ >+BASEDIR="%%ETCDIR%%" >+SSLDIR="%%PREFIX%%/etc/ssl/lego" >+DOMAINSFILE="${BASEDIR}/domains.txt" >+ >+if [ -z "${EMAIL}" ]; then >+ echo "Please set EMAIL to a valid address in ${BASEDIR}/lego.sh" >+ exit 1 >+fi >+ >+if [ ! -e "${DOMAINSFILE}" ]; then >+ echo "Please create ${DOMAINSFILE} as specified in ${BASEDIR}/lego.sh" >+ exit 1 >+fi >+ >+if [ "$1" = "run" ]; then >+ command="run" >+else >+ command="renew --days 30" >+fi >+ >+run_or_renew() { >+ %%PREFIX%%/bin/lego --path "${SSLDIR}" \ >+ --email="${EMAIL}" \ >+ $(printf -- "--domains=%s " $line) \ >+ --http --http.webroot="%%WWWDIR%%" \ >+ $1 >+} >+ >+while read line <&3; do >+ if [ "$command" = "run" ]; then >+ run_or_renew "$command" >+ else >+ output=$(run_or_renew "$command") || (echo "$output" && exit 1) >+ fi >+done 3<"${DOMAINSFILE}" > >Property changes on: security/lego/files/lego.sh.sample.in >___________________________________________________________________ >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: security/lego/files/pkg-message.in >=================================================================== >--- security/lego/files/pkg-message.in (nonexistent) >+++ security/lego/files/pkg-message.in (working copy) >@@ -0,0 +1,37 @@ >+ >+There are example scripts in >+ %%ETCDIR%% >+that you can use for renewing and deploying certificates. >+ >+In order to run the script regularly to update the certificates add this line >+to /etc/periodic.conf: >+ >+ weekly_lego_enable="YES" >+ >+Additionally the following parameters may be added to /etc/periodic.conf: >+ >+Script to run to renew certificates, will be run as %%LEGO_USER%% (required) >+ weekly_lego_renewscript="%%ETCDIR%%/lego.sh" >+ >+To run a script after the renewal to deploy certificates >+ weekly_lego_deployscript="%%ETCDIR%%/deploy.sh" >+ >+If using the example renew script, add the domains for which lego will manage >+certificates to >+ %%ETCDIR%%/domains.txt, one domain on each line. >+ >+To add a Subject Alternate Name to the certificate, append the domain(s) to the >+line: >+ example.com www.example.com >+ >+To run lego for the first time, edit >+ %%ETCDIR%%/lego.sh >+and set the EMAIL variable. >+ >+Then run lego.sh with the run argument as the %%LEGO_USER%% user: >+ $ %%ETCDIR%%/lego.sh run >+ >+Subsequent periodic runs will run with the renew argument by default, with a >+renewal interval of 30 days. >+ >+ > >Property changes on: security/lego/files/pkg-message.in >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: security/lego/pkg-descr >=================================================================== >--- security/lego/pkg-descr (nonexistent) >+++ security/lego/pkg-descr (working copy) >@@ -0,0 +1,4 @@ >+lego is a client for Let's Encrypt users, written in Go. It has support for a >+number of ACME challenges, and no external dependencies. >+ >+WWW: https://github.com/go-acme/lego > >Property changes on: security/lego/pkg-descr >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: security/lego/pkg-plist >=================================================================== >--- security/lego/pkg-plist (nonexistent) >+++ security/lego/pkg-plist (working copy) >@@ -0,0 +1,8 @@ >+bin/lego >+etc/periodic/weekly/604.lego >+@dir(_lego,_lego,0700) etc/lego >+@dir(,,0755) etc/ssl >+@dir(_lego,_lego,0755) etc/ssl/lego >+@dir(_lego,www,) %%WWWDIR%% >+@sample(_lego,_lego,0700) etc/lego/lego.sh.sample >+@sample etc/lego/deploy.sh.sample > >Property changes on: security/lego/pkg-plist >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=205281">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 237349
:
203753
|
205153
|
205281
|
206022