FreeBSD Bugzilla – Attachment 226238 Details for
Bug 256992
[New Port] security/certmgr: Automated certificate management using a CFSSL CA
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
security/certmgr: Automated certificate management using a CFSSL CA
0001-security-certmgr-new-port.patch (text/plain), 16.78 KB, created by
Robert Clausecker
on 2021-07-05 14:13:47 UTC
(
hide
)
Description:
security/certmgr: Automated certificate management using a CFSSL CA
Filename:
MIME Type:
Creator:
Robert Clausecker
Created:
2021-07-05 14:13:47 UTC
Size:
16.78 KB
patch
obsolete
>From b569d4d10b25ee4c84f82da9851e5e6f660b96aa Mon Sep 17 00:00:00 2001 >From: Robert Clausecker <fuz@fuz.su> >Date: Sun, 4 Jul 2021 23:36:21 +0200 >Subject: [PATCH] security/certmgr: new port > >--- > security/Makefile | 1 + > security/certmgr/Makefile | 64 +++++++++++++++++++ > security/certmgr/distinfo | 63 ++++++++++++++++++ > security/certmgr/files/certmgr.yaml.sample.in | 47 ++++++++++++++ > security/certmgr/files/patch-README.md | 18 ++++++ > .../files/patch-certmgr_cmd_genconfig.go | 15 +++++ > .../certmgr/files/patch-certmgr_cmd_root.go | 20 ++++++ > security/certmgr/files/pkg-message.in | 3 + > security/certmgr/pkg-descr | 11 ++++ > security/certmgr/pkg-plist | 5 ++ > 10 files changed, 247 insertions(+) > create mode 100644 security/certmgr/Makefile > create mode 100644 security/certmgr/distinfo > create mode 100644 security/certmgr/files/certmgr.yaml.sample.in > create mode 100644 security/certmgr/files/patch-README.md > create mode 100644 security/certmgr/files/patch-certmgr_cmd_genconfig.go > create mode 100644 security/certmgr/files/patch-certmgr_cmd_root.go > create mode 100644 security/certmgr/files/pkg-message.in > create mode 100644 security/certmgr/pkg-descr > create mode 100644 security/certmgr/pkg-plist > >diff --git a/security/Makefile b/security/Makefile >index 9896760557b1..11637432e0db 100644 >--- a/security/Makefile >+++ b/security/Makefile >@@ -68,6 +68,7 @@ > SUBDIR += cargo-audit > SUBDIR += ccrypt > SUBDIR += ccsrch >+ SUBDIR += certmgr > SUBDIR += cfs > SUBDIR += cfssl > SUBDIR += chaosreader >diff --git a/security/certmgr/Makefile b/security/certmgr/Makefile >new file mode 100644 >index 000000000000..17677ae8e0dc >--- /dev/null >+++ b/security/certmgr/Makefile >@@ -0,0 +1,64 @@ >+PORTNAME= certmgr >+DISTVERSIONPREFIX= v >+DISTVERSION= 3.0.3 >+CATEGORIES= security net >+ >+MAINTAINER= fuz@fuz.su >+COMMENT= Automated certificate management using a CFSSL CA >+ >+LICENSE= BSD2CLAUSE >+LICENSE_FILE= ${WRKSRC}/LICENSE >+ >+RUN_DEPENDS= bash:shells/bash >+ >+USES= go:modules >+USE_GITHUB= yes >+GH_ACCOUNT= cloudflare >+GH_TUPLE= beorn7:perks:v1.0.0:beorn7_perks/vendor/github.com/beorn7/perks \ >+ cenkalti:backoff:v2.2.1:cenkalti_backoff/vendor/github.com/cenkalti/backoff \ >+ cloudflare:backoff:647f3cdfc87a:cloudflare_backoff/vendor/github.com/cloudflare/backoff \ >+ cloudflare:cfssl:2001f384ec4f:cloudflare_cfssl/vendor/github.com/cloudflare/cfssl \ >+ fsnotify:fsnotify:v1.4.7:fsnotify_fsnotify/vendor/github.com/fsnotify/fsnotify \ >+ go-yaml:yaml:v2.2.2:go_yaml_yaml/vendor/gopkg.in/yaml.v2 \ >+ golang:crypto:5c40567a22f8:golang_crypto/vendor/golang.org/x/crypto \ >+ golang:protobuf:v1.3.1:golang_protobuf/vendor/github.com/golang/protobuf \ >+ golang:sys:5ed2794edfdc:golang_sys/vendor/golang.org/x/sys \ >+ golang:text:v0.3.2:golang_text/vendor/golang.org/x/text \ >+ google:certificate-transparency-go:v1.0.21:google_certificate_transparency_go/vendor/github.com/google/certificate-transparency-go \ >+ hashicorp:hcl:v1.0.0:hashicorp_hcl/vendor/github.com/hashicorp/hcl \ >+ inconshreveable:mousetrap:v1.0.0:inconshreveable_mousetrap/vendor/github.com/inconshreveable/mousetrap \ >+ konsorten:go-windows-terminal-sequences:v1.0.2:konsorten_go_windows_terminal_sequences/vendor/github.com/konsorten/go-windows-terminal-sequences \ >+ magiconair:properties:v1.8.1:magiconair_properties/vendor/github.com/magiconair/properties \ >+ matttproud:golang_protobuf_extensions:v1.0.1:matttproud_golang_protobuf_extensions/vendor/github.com/matttproud/golang_protobuf_extensions \ >+ mitchellh:mapstructure:v1.1.2:mitchellh_mapstructure/vendor/github.com/mitchellh/mapstructure \ >+ pelletier:go-toml:v1.4.0:pelletier_go_toml/vendor/github.com/pelletier/go-toml \ >+ pkg:errors:7f95ac13edff:pkg_errors/vendor/github.com/pkg/errors \ >+ prometheus:client_golang:v0.9.4:prometheus_client_golang/vendor/github.com/prometheus/client_golang \ >+ prometheus:client_model:fd36f4220a90:prometheus_client_model/vendor/github.com/prometheus/client_model \ >+ prometheus:common:v0.4.1:prometheus_common/vendor/github.com/prometheus/common \ >+ prometheus:procfs:v0.0.2:prometheus_procfs/vendor/github.com/prometheus/procfs \ >+ sirupsen:logrus:v1.4.2:sirupsen_logrus/vendor/github.com/sirupsen/logrus \ >+ spf13:afero:v1.2.2:spf13_afero/vendor/github.com/spf13/afero \ >+ spf13:cast:v1.3.0:spf13_cast/vendor/github.com/spf13/cast \ >+ spf13:cobra:v0.0.5:spf13_cobra/vendor/github.com/spf13/cobra \ >+ spf13:jwalterweatherman:v1.1.0:spf13_jwalterweatherman/vendor/github.com/spf13/jwalterweatherman \ >+ spf13:pflag:v1.0.3:spf13_pflag/vendor/github.com/spf13/pflag \ >+ spf13:viper:v1.4.0:spf13_viper/vendor/github.com/spf13/viper >+ >+GO_TARGET= ./certmgr >+SUB_FILES= certmgr.yaml.sample pkg-message >+ >+post-patch: >+ ${REINPLACE_CMD} -e 's,%%ETCDIR%%,${ETCDIR},' \ >+ ${WRKSRC}/certmgr/cmd/genconfig.go \ >+ ${WRKSRC}/certmgr/cmd/root.go \ >+ ${WRKSRC}/README.md >+ >+post-install: >+ ${MKDIR} ${STAGEDIR}${ETCDIR} >+ ${MKDIR} ${STAGEDIR}${ETCDIR}.d >+ ${MKDIR} ${STAGEDIR}${DOCSDIR} >+ ${INSTALL_MAN} ${WRKSRC}/README.md ${WRKSRC}/SPEC.rst ${STAGEDIR}${DOCSDIR}/ >+ ${INSTALL_DATA} ${WRKDIR}/certmgr.yaml.sample ${STAGEDIR}${ETCDIR}/ >+ >+.include <bsd.port.mk> >diff --git a/security/certmgr/distinfo b/security/certmgr/distinfo >new file mode 100644 >index 000000000000..4fb2c7f0e4c9 >--- /dev/null >+++ b/security/certmgr/distinfo >@@ -0,0 +1,63 @@ >+TIMESTAMP = 1625430800 >+SHA256 (cloudflare-certmgr-v3.0.3_GH0.tar.gz) = 61c1b23cd11224eab8f1f11b96a3b5753019b515a5fc0a0ae668145a616129d8 >+SIZE (cloudflare-certmgr-v3.0.3_GH0.tar.gz) = 2633953 >+SHA256 (beorn7-perks-v1.0.0_GH0.tar.gz) = b69d92e2e84b7d510dfa6110d3ac4ada0096a6c81190c5e174aa888bfe475cbc >+SIZE (beorn7-perks-v1.0.0_GH0.tar.gz) = 10866 >+SHA256 (cenkalti-backoff-v2.2.1_GH0.tar.gz) = a2c29d0184e7afc415975cf2689723028d2686ffbb67fe0999ab1d691e6d16db >+SIZE (cenkalti-backoff-v2.2.1_GH0.tar.gz) = 8623 >+SHA256 (cloudflare-backoff-647f3cdfc87a_GH0.tar.gz) = d2162141b0a093de7b43434b3ce1013d0e88f1149c52b1a26b94a5e95f313c04 >+SIZE (cloudflare-backoff-647f3cdfc87a_GH0.tar.gz) = 4752 >+SHA256 (cloudflare-cfssl-2001f384ec4f_GH0.tar.gz) = f2d349d3c06496766368eba907cea298432aa711f38eea70383fa896001277e2 >+SIZE (cloudflare-cfssl-2001f384ec4f_GH0.tar.gz) = 5007843 >+SHA256 (fsnotify-fsnotify-v1.4.7_GH0.tar.gz) = b7530d973d0ab0e58ad8ce1b9a4b963d6f57b3d72f2f9e13d49846976361b1cd >+SIZE (fsnotify-fsnotify-v1.4.7_GH0.tar.gz) = 31139 >+SHA256 (go-yaml-yaml-v2.2.2_GH0.tar.gz) = 42c3e4ef9eca2860d22b3c6c5582c6c13fb4b417e5ebc1acc56ee5e2c4ddcaff >+SIZE (go-yaml-yaml-v2.2.2_GH0.tar.gz) = 70656 >+SHA256 (golang-crypto-5c40567a22f8_GH0.tar.gz) = d6ca43aa1a344adee0c1f45ad31172e0d195b6e17ea269dfd212c2c203a58cf0 >+SIZE (golang-crypto-5c40567a22f8_GH0.tar.gz) = 1690710 >+SHA256 (golang-protobuf-v1.3.1_GH0.tar.gz) = 3f3a6123054a9847093c119895f1660612f301fe95358f3a6a1a33fd0933e6cf >+SIZE (golang-protobuf-v1.3.1_GH0.tar.gz) = 310884 >+SHA256 (golang-sys-5ed2794edfdc_GH0.tar.gz) = c442f47a1bc5d4bf384d1f1389652035fab6ee03485038c2e58af39269c0c0f9 >+SIZE (golang-sys-5ed2794edfdc_GH0.tar.gz) = 1434109 >+SHA256 (golang-text-v0.3.2_GH0.tar.gz) = 0b9309698f5708531c5377ab1e29b423a6d9e20c55a8d386c3b8283428212f22 >+SIZE (golang-text-v0.3.2_GH0.tar.gz) = 7168069 >+SHA256 (google-certificate-transparency-go-v1.0.21_GH0.tar.gz) = 6f9f8b67f19ee6be7b0261342cbd69db13559f40945441a9dfe2db5bf0eae25b >+SIZE (google-certificate-transparency-go-v1.0.21_GH0.tar.gz) = 4401179 >+SHA256 (hashicorp-hcl-v1.0.0_GH0.tar.gz) = 50632428210503070fd2fde748c88b7414bf84a6a0eadebf9d8e596a033bead2 >+SIZE (hashicorp-hcl-v1.0.0_GH0.tar.gz) = 70658 >+SHA256 (inconshreveable-mousetrap-v1.0.0_GH0.tar.gz) = 5edc7731c819c305623568e317aa253d342be3447def97f1fa9e10eb5ad819f6 >+SIZE (inconshreveable-mousetrap-v1.0.0_GH0.tar.gz) = 2290 >+SHA256 (konsorten-go-windows-terminal-sequences-v1.0.2_GH0.tar.gz) = e61f6422c7d1222c4c642b9134e5a4576a89ff651ef947487faa8ef33b6b4cfe >+SIZE (konsorten-go-windows-terminal-sequences-v1.0.2_GH0.tar.gz) = 1987 >+SHA256 (magiconair-properties-v1.8.1_GH0.tar.gz) = 4449df3d2be86608bfc997228f66f1cff57bf620cc5bf9ba44339c7e4c5612dd >+SIZE (magiconair-properties-v1.8.1_GH0.tar.gz) = 29735 >+SHA256 (matttproud-golang_protobuf_extensions-v1.0.1_GH0.tar.gz) = 2def0ee6f6b12b1efc0e3007d89f598608a072610e805c3655ea9d13c3ead49b >+SIZE (matttproud-golang_protobuf_extensions-v1.0.1_GH0.tar.gz) = 37184 >+SHA256 (mitchellh-mapstructure-v1.1.2_GH0.tar.gz) = 53fbc06b125ff1c9c73a4eb1764346932671a29c67a45a92e2ebc6855635069b >+SIZE (mitchellh-mapstructure-v1.1.2_GH0.tar.gz) = 20980 >+SHA256 (pelletier-go-toml-v1.4.0_GH0.tar.gz) = 04fb4855a64495c0c055c83b8a3446cabc6bfa4830eb458816370db38c0e67b0 >+SIZE (pelletier-go-toml-v1.4.0_GH0.tar.gz) = 73274 >+SHA256 (pkg-errors-7f95ac13edff_GH0.tar.gz) = 4e9ca579db7a8aae95f9e696d8e9bcb76e8cbf6ae57803b647096cebdca39d6a >+SIZE (pkg-errors-7f95ac13edff_GH0.tar.gz) = 12515 >+SHA256 (prometheus-client_golang-v0.9.4_GH0.tar.gz) = d2a5856d9c43fcbf757d6ecd6e3a88312b90d2c9fec63647ee597eb09f120044 >+SIZE (prometheus-client_golang-v0.9.4_GH0.tar.gz) = 142795 >+SHA256 (prometheus-client_model-fd36f4220a90_GH0.tar.gz) = 17571c708bab9a1ba18d9dd0c9bfe96dff3f1b84c63e7d8d4c3489ef5c34ee40 >+SIZE (prometheus-client_model-fd36f4220a90_GH0.tar.gz) = 57491 >+SHA256 (prometheus-common-v0.4.1_GH0.tar.gz) = 99229ef4b100e55d1e6496995f1a1af6813426b8820521bc041340eb077985b9 >+SIZE (prometheus-common-v0.4.1_GH0.tar.gz) = 98631 >+SHA256 (prometheus-procfs-v0.0.2_GH0.tar.gz) = ad1d1f1328a1c394b30225b939ed39482ba54de7be70d439c0555d68857457d5 >+SIZE (prometheus-procfs-v0.0.2_GH0.tar.gz) = 78550 >+SHA256 (sirupsen-logrus-v1.4.2_GH0.tar.gz) = 67f2ddf467b7e63d2d2529d227946a331e245aeef7e2e4521ae82647b5ef84d9 >+SIZE (sirupsen-logrus-v1.4.2_GH0.tar.gz) = 41373 >+SHA256 (spf13-afero-v1.2.2_GH0.tar.gz) = b577afca7e9839aa7cf0ddd712af553aec671b74f97fe0c88c63f911d1020570 >+SIZE (spf13-afero-v1.2.2_GH0.tar.gz) = 46157 >+SHA256 (spf13-cast-v1.3.0_GH0.tar.gz) = e685282ea33f89e9354d148ad1886f532bcebe86b0b60a167988f7c6d081085f >+SIZE (spf13-cast-v1.3.0_GH0.tar.gz) = 11085 >+SHA256 (spf13-cobra-v0.0.5_GH0.tar.gz) = 79226ce00e2b91306277e679d024eea6d17d0c02fc671555fd25df0c3ea07423 >+SIZE (spf13-cobra-v0.0.5_GH0.tar.gz) = 111126 >+SHA256 (spf13-jwalterweatherman-v1.1.0_GH0.tar.gz) = 4fd850a792c5738954c4801cf549d8d0bf53edd17139cd39d179aa5abf7ec68d >+SIZE (spf13-jwalterweatherman-v1.1.0_GH0.tar.gz) = 6871 >+SHA256 (spf13-pflag-v1.0.3_GH0.tar.gz) = 9e57f86f493f04d9077fccd04e7139ebf243dd544e917ab83d35729b3e54a124 >+SIZE (spf13-pflag-v1.0.3_GH0.tar.gz) = 46002 >+SHA256 (spf13-viper-v1.4.0_GH0.tar.gz) = ee522a00960a36db8f83c820a85fce99a177db2b022697e5c1881cd852d9c4c0 >+SIZE (spf13-viper-v1.4.0_GH0.tar.gz) = 44183 >diff --git a/security/certmgr/files/certmgr.yaml.sample.in b/security/certmgr/files/certmgr.yaml.sample.in >new file mode 100644 >index 000000000000..61d5e7964380 >--- /dev/null >+++ b/security/certmgr/files/certmgr.yaml.sample.in >@@ -0,0 +1,47 @@ >+# directory containing the certificate specs >+dir: %%ETCDIR%%.d >+ >+# this specifies the service manager to use for restarting or reloading >+# services. This can be systemd (using systemctl), sysv (using service), >+# circus (using circusctl), openrc (using rc-service), dummy (no >+# restart/reload behavior), or command (see the command svcmgr section >+# for details of how to use this). >+svcmgr: sysv >+ >+# optional: this is the default duration before a certificate expiry >+# that certmgr starts attempting to renew PKI. This defaults to >+# 72 hours. >+# before: 72h >+ >+# optional: this is the default for how often certmgr will check >+# certificate expirations and update PKI material on disk upon any >+# changes (if necessary). This defaults to one hour. >+# interval: 60m >+ >+# optional: this is used to vary the interval period. A random time >+# between 0 and this value is added to interval if specified. This >+# defaults to 0. >+# interval_splay: 0 >+ >+# if specified, a random sleep period between 0 and this value is used >+# for the initial sleep after startup of a spec. This provides a way to >+# ensure that if a fleet of certmgr are restarted at the same time, >+# their period of wakeup is randomized to avoid said fleet waking up and >+# doing interval checks at the same time for a given spec. This defaults >+# to 0. >+# initial_splay: 0 >+ >+# specifies the address for the Prometheus HTTP endpoint. >+metrics_address: localhost >+ >+# specifies the port for the Prometheus HTTP endpoint. >+metrics_port: 8080 >+ >+# boolean, if true, only fire a spec's action if the service is actually >+# running. If this is set to false (the default for historical reasons), >+# this can lead to certmgr starting a downed service when PKI expiry >+# occurs. >+take_actions_only_if_running: false >+ >+default_remote: ca.example.net:8888 >+ >diff --git a/security/certmgr/files/patch-README.md b/security/certmgr/files/patch-README.md >new file mode 100644 >index 000000000000..e27163e0647d >--- /dev/null >+++ b/security/certmgr/files/patch-README.md >@@ -0,0 +1,18 @@ >+--- README.md.orig 2021-07-04 21:06:24 UTC >++++ README.md >+@@ -39,13 +39,13 @@ Prometheus is used to collect some useful `certmgr` me >+ ## certmgr.yaml >+ >+ The configuration file must be a YAML file; it is expected to be in >+-`/etc/certmgr/certmgr.yaml`. The location can be changed using the >++`%%ETCDIR%%/certmgr.yaml`. The location can be changed using the >+ `-f` flag. >+ >+ An example `certmgr.yaml` file is: >+ >+ ``` >+-dir: /etc/certmgr.d >++dir: %%ETCDIR%%.d >+ default_remote: ca.example.net:8888 >+ svcmgr: systemd >+ before: 72h >diff --git a/security/certmgr/files/patch-certmgr_cmd_genconfig.go b/security/certmgr/files/patch-certmgr_cmd_genconfig.go >new file mode 100644 >index 000000000000..337c73cd2f16 >--- /dev/null >+++ b/security/certmgr/files/patch-certmgr_cmd_genconfig.go >@@ -0,0 +1,15 @@ >+--- certmgr/cmd/genconfig.go.orig 2021-07-04 20:59:28 UTC >++++ certmgr/cmd/genconfig.go >+@@ -15,9 +15,9 @@ import ( >+ var force bool >+ >+ const ( >+- defaultConfigFile = "/etc/certmgr/certmgr.yaml" >+- defaultDir = "/etc/certmgr.d" >+- defaultServiceManager = "systemd" >++ defaultConfigFile = "%%ETCDIR%%/certmgr.yaml" >++ defaultDir = "%%ETCDIR%%.d" >++ defaultServiceManager = "sysv" >+ defaultBefore = "72h" >+ defaultInterval = "1h" >+ defaultMetricsAddr = "localhost" >diff --git a/security/certmgr/files/patch-certmgr_cmd_root.go b/security/certmgr/files/patch-certmgr_cmd_root.go >new file mode 100644 >index 000000000000..6201a1f4e08b >--- /dev/null >+++ b/security/certmgr/files/patch-certmgr_cmd_root.go >@@ -0,0 +1,20 @@ >+--- certmgr/cmd/root.go.orig 2021-07-05 13:42:49 UTC >++++ certmgr/cmd/root.go >+@@ -133,7 +133,7 @@ func Execute() { >+ func init() { >+ cobra.OnInitialize(initConfig) >+ >+- RootCmd.PersistentFlags().StringVarP(&cfgFile, "config", "f", "", "config file (default is /etc/certmgr/certmgr.yaml)") >++ RootCmd.PersistentFlags().StringVarP(&cfgFile, "config", "f", "", "config file (default is %%ETCDIR%%/certmgr.yaml)") >+ RootCmd.PersistentFlags().StringP("dir", "d", "", "either the directory containing certificate specs, or the path to the spec file you wish to operate on") >+ RootCmd.PersistentFlags().StringP("svcmgr", "m", "", fmt.Sprintf("service manager, must be one of: %s", strings.Join(storage.SupportedServiceBackends, ", "))) >+ RootCmd.PersistentFlags().DurationP("before", "t", cert.DefaultBefore, "how long before certificates expire to start renewing (in duration format)") >+@@ -161,7 +161,7 @@ func initConfig() { >+ viper.SetConfigFile(cfgFile) >+ } else { >+ viper.SetConfigName("certmgr") // name of config file (without extension) >+- viper.AddConfigPath("/etc/certmgr") // adding home directory as first search path >++ viper.AddConfigPath("%%ETCDIR%%") // adding home directory as first search path >+ } >+ >+ viper.SetEnvPrefix("CERTMGR") >diff --git a/security/certmgr/files/pkg-message.in b/security/certmgr/files/pkg-message.in >new file mode 100644 >index 000000000000..ee0dde24da27 >--- /dev/null >+++ b/security/certmgr/files/pkg-message.in >@@ -0,0 +1,3 @@ >+certmgr has been installed. Please copy %%ETCDIR%%/certmgr.yaml.sample >+to %%ETCDIR%%/certmgr.yaml and edit the file as appropriate for your >+setup before using the program. >diff --git a/security/certmgr/pkg-descr b/security/certmgr/pkg-descr >new file mode 100644 >index 000000000000..487f66dcb353 >--- /dev/null >+++ b/security/certmgr/pkg-descr >@@ -0,0 +1,11 @@ >+certmgr is a tool for managing certificates using CFSSL. It does the >+following: >+ >+ - Ensures certificates are present. >+ - Renews certificates before they expire. >+ - Triggering a service reload or restart on certificate updates. >+ >+It operates on certificate specs, which are JSON files containing the >+information needed to generate a certificate. >+ >+WWW: https://github.com/cloudflare/certmgr >diff --git a/security/certmgr/pkg-plist b/security/certmgr/pkg-plist >new file mode 100644 >index 000000000000..9f4415e43f0e >--- /dev/null >+++ b/security/certmgr/pkg-plist >@@ -0,0 +1,5 @@ >+bin/certmgr >+%%ETCDIR%%/certmgr.yaml.sample >+@dir %%ETCDIR%%.d >+%%DOCSDIR%%/README.md >+%%DOCSDIR%%/SPEC.rst >-- >2.31.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=226238">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 256992
: 226238