FreeBSD Bugzilla – Attachment 203753 Details for
Bug 237349
New port: security/lego Let's Encrypt client written in Go
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Add security/lego and associated UIDs/GIDs
lego.diff (text/plain), 9.49 KB, created by
Matthew Horan
on 2019-04-17 19:44:05 UTC
(
hide
)
Description:
Add security/lego and associated UIDs/GIDs
Filename:
MIME Type:
Creator:
Matthew Horan
Created:
2019-04-17 19:44:05 UTC
Size:
9.49 KB
patch
obsolete
>Index: UIDs >=================================================================== >--- UIDs (revision 499203) >+++ UIDs (working copy) >@@ -549,7 +549,7 @@ > _tss:*:601:601:daemon:0:0:TrouSerS user:/var/empty:/usr/sbin/nologin > _pkcs11:*:602:602:daemon:0:0:opencryptoki user:/var/empty:/usr/sbin/nologin > _acme:*:603:603::0:0:ACME client user:/var/empty:/usr/sbin/nologin >-# free: 604 >+_lego:*:604:604:lego client user:/nonexistent:/usr/sbin/nologin > _hockeypuck:*:605:605::0:0:hockeypuck pgp keyserver user:/var/empty:/usr/sbin/nologin > # free: 606 > # free: 607 >Index: GIDs >=================================================================== >--- GIDs (revision 499203) >+++ GIDs (working copy) >@@ -544,7 +544,7 @@ > _tss:*:601: > _pkcs11:*:602: > _acme:*:603: >-# free: 604 >+_lego:*:604: > _hockeypuck:*:605: > # free: 606 > # free: 607 >Index: security/lego/Makefile >=================================================================== >--- security/lego/Makefile (nonexistent) >+++ security/lego/Makefile (working copy) >@@ -0,0 +1,47 @@ >+# $FreeBSD$ >+ >+PORTNAME= lego >+DISTVERSIONPREFIX= v >+DISTVERSION= 2.4.0 >+CATEGORIES= security >+ >+MAINTAINER= matt@matthoran.com >+COMMENT= Let's Encrypt client and ACME library written in Go >+ >+LICENSE= MIT >+LICENSE_FILE= ${WRKSRC}/LICENSE >+ >+USES= go >+ >+GO_PKGNAME= github.com/go-acme/lego >+GO_TARGET= ${GO_PKGNAME}/cmd/lego >+ >+USE_GITHUB= yes >+GH_ACCOUNT= go-acme >+ >+WWWDIR= ${PREFIX}/www/lego >+ >+SAMPLE_FILES= lego.sh.sample deploy.sh.sample >+SUB_FILES= 604.lego pkg-message ${SAMPLE_FILES} >+SUB_LIST= PORTNAME=${PORTNAME} LEGO_USER=${LEGO_USER} >+ >+PERIODIC_DIRS= etc/periodic/weekly >+PERIODIC_FILES= 604.lego >+ >+LEGO_USER?= _lego >+ >+USERS= ${LEGO_USER} >+GROUPS= ${LEGO_USER} >+ >+post-install: >+ ${MKDIR} ${STAGEDIR}${PREFIX}/${PERIODIC_DIRS} >+ ${INSTALL_SCRIPT} ${WRKDIR}/${PERIODIC_FILES} ${STAGEDIR}${PREFIX}/${PERIODIC_DIRS}/${PERIODIC_FILES} >+. for d in etc/ssl/lego etc/ssl/lego/private \ >+ etc/lego www/lego >+ ${MKDIR} ${STAGEDIR}${PREFIX}/${d} >+. endfor >+. for d in ${SAMPLE_FILES} >+ ${INSTALL_SCRIPT} ${WRKDIR}/${d} ${STAGEDIR}${PREFIX}/etc/lego/${d} >+. endfor >+ >+.include <bsd.port.mk> > >Property changes on: security/lego/Makefile >___________________________________________________________________ >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:keywords >## -0,0 +1 ## >+FreeBSD=%H >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: security/lego/distinfo >=================================================================== >--- security/lego/distinfo (nonexistent) >+++ security/lego/distinfo (working copy) >@@ -0,0 +1,3 @@ >+TIMESTAMP = 1555377935 >+SHA256 (go-acme-lego-v2.4.0_GH0.tar.gz) = d45dcffb88e1f8147e797e7fd9bfefd1320461a7a9c0222802e501ff1cd59c3e >+SIZE (go-acme-lego-v2.4.0_GH0.tar.gz) = 4595834 > >Property changes on: security/lego/distinfo >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: security/lego/files/604.lego.in >=================================================================== >--- security/lego/files/604.lego.in (nonexistent) >+++ security/lego/files/604.lego.in (working copy) >@@ -0,0 +1,32 @@ >+#!/bin/sh >+ >+if [ -r /etc/defaults/periodic.conf ] >+then >+ . /etc/defaults/periodic.conf >+ source_periodic_confs >+fi >+ >+PATH=$PATH:%%LOCALBASE%%/bin:%%LOCALBASE%%/sbin >+export PATH >+ >+case "$weekly_lego_enable" in >+ [Yy][Ee][Ss]) >+ echo >+ echo "Checking Let's Encrypt certificate status:" >+ >+ if [ -x "$weekly_lego_renewscript" ] ; then >+ echo "$weekly_lego_renewscript" | su -fm _lego || exit 3 >+ fi >+ >+ if [ -n "$weekly_lego_deployscript" ] ; then >+ if [ -x "$weekly_lego_deployscript" ] ; then >+ echo "Deploying Let's Encrypt certificates:" >+ $weekly_lego_deployscript || exit 3 >+ else >+ echo 'Skipped, deploy script does not exist or is not executable' >+ fi >+ fi >+ ;; >+ *) >+ ;; >+esac > >Property changes on: security/lego/files/604.lego.in >___________________________________________________________________ >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: security/lego/files/deploy.sh.sample.in >=================================================================== >--- security/lego/files/deploy.sh.sample.in (nonexistent) >+++ security/lego/files/deploy.sh.sample.in (working copy) >@@ -0,0 +1,30 @@ >+#!/bin/sh -e >+ >+SSLDIR="%%PREFIX%%/etc/ssl" >+ >+copy_certs () { >+ local certdir certfile domain keyfile rc >+ rc=1 >+ >+ certdir="${SSLDIR}/lego/certificates" >+ certfiles="$(find "${certdir}" -name "*.crt" -not -name "*.issuer.crt")" >+ for certfile in $certfiles >+ do >+ domain="$(basename "$certfile" .crt)" >+ keyfile="$(dirname "$certfile")/${domain}.key" >+ >+ if ! cmp -s "${certfile}" "${SSLDIR}/certs/${domain}.crt" >+ then >+ cp "${certfile}" "${SSLDIR}/certs/${domain}.crt" >+ cp "${keyfile}" "${SSLDIR}/private/${domain}.key" >+ rc=0 >+ fi >+ done >+ >+ return $rc >+} >+ >+if copy_certs >+then >+ output=$(service nginx reload 2>&1) || (echo "$output" && exit 1) >+fi > >Property changes on: security/lego/files/deploy.sh.sample.in >___________________________________________________________________ >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: security/lego/files/lego.sh.sample.in >=================================================================== >--- security/lego/files/lego.sh.sample.in (nonexistent) >+++ security/lego/files/lego.sh.sample.in (working copy) >@@ -0,0 +1,34 @@ >+#!/bin/sh -e >+ >+# Email used for registration and recovery contact. >+EMAIL="" >+ >+BASEDIR="%%PREFIX%%/etc/lego" >+SSLDIR="%%PREFIX%%/etc/ssl/lego" >+DOMAINSFILE="${BASEDIR}/domains.txt" >+ >+if [ -z "${EMAIL}" ]; then >+ echo "Please set EMAIL to a valid address in ${BASEDIR}/lego.sh" >+ exit 1 >+fi >+ >+if [ ! -e "${DOMAINSFILE}" ]; then >+ echo "Please create ${DOMAINSFILE} as specified in ${BASEDIR}/lego.sh" >+ exit 1 >+fi >+ >+# %%PREFIX%%/etc/lego/domains.txt: >+# example.com www.example.com >+ >+# Generates a certificate with CN=example.com and >+# SAN=example.com www.example.com >+ >+# Each line will generate a separate certificate. >+ >+while read line ; do >+ output=$(%%PREFIX%%/bin/lego --path "${SSLDIR}" \ >+ --email="${EMAIL}" \ >+ $(printf -- "--domains=%s " $line) \ >+ --http --http.webroot="%%WWWDIR%%" \ >+ renew --days 30) || (echo "$output" && exit 1) >+done < "${DOMAINSFILE}" > >Property changes on: security/lego/files/lego.sh.sample.in >___________________________________________________________________ >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: security/lego/files/pkg-message.in >=================================================================== >--- security/lego/files/pkg-message.in (nonexistent) >+++ security/lego/files/pkg-message.in (working copy) >@@ -0,0 +1,19 @@ >+ >+There are example scripts in >+ %%PREFIX%%/etc/lego >+that you can use for renewing and deploying certificates >+ >+In order to run the script regularly to update the certificates add this line >+to /etc/periodic.conf >+ >+ weekly_lego_enable="YES" >+ >+Additionally the following parameters may be added to /etc/periodic.conf: >+ >+Script to run to renew certificates, will be run as %%LEGO_USER%% (required) >+ weekly_lego_renewscript="%%PREFIX%%/etc/lego/lego.sh" >+ >+To run a script after the renewal to deploy certificates >+ weekly_lego_deployscript="%%PREFIX%%/etc/lego/deploy.sh" >+ >+ > >Property changes on: security/lego/files/pkg-message.in >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: security/lego/pkg-descr >=================================================================== >--- security/lego/pkg-descr (nonexistent) >+++ security/lego/pkg-descr (working copy) >@@ -0,0 +1,4 @@ >+lego is a client for Let's Encrypt users, written in Go. It has support for a >+number of ACME challenges, and no external dependencies. >+ >+WWW: https://github.com/go-acme/lego > >Property changes on: security/lego/pkg-descr >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: security/lego/pkg-plist >=================================================================== >--- security/lego/pkg-plist (nonexistent) >+++ security/lego/pkg-plist (working copy) >@@ -0,0 +1,8 @@ >+bin/lego >+etc/periodic/weekly/604.lego >+@dir(_lego,_lego,0700) etc/lego >+@dir(,,0755) etc/ssl >+@dir(_lego,_lego,0755) etc/ssl/lego >+@dir(_lego,www,) %%WWWDIR%% >+@sample etc/lego/lego.sh.sample >+@sample etc/lego/deploy.sh.sample > >Property changes on: security/lego/pkg-plist >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=203753">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 237349
:
203753
|
205153
|
205281
|
206022