Bug 257464

Summary: sysutils/zrepl: check for expiring SSL certificates each week
Product: Ports & Packages Reporter: Alan Somers <asomers>
Component: Individual Port(s)Assignee: Dries Michiels <driesm>
Status: Closed FIXED    
Severity: Affects Only Me CC: driesm, grahamperrin
Priority: --- Keywords: feature
Version: LatestFlags: driesm: maintainer-feedback+
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Add a weekly periodic job to check zrepl SSL certs for impending expiration.
none
Add a weekly periodic job to check zrepl SSL certs for impending expiration none

Description Alan Somers freebsd_committer freebsd_triage 2021-07-27 22:12:10 UTC
Created attachment 226746 [details]
Add a weekly periodic job to check zrepl SSL certs for impending expiration.

Expiring SSL certificates are a persistent problem.  I wrote a periodic job to detect whether zrepl's certificates are close to expiration, and warn the sysadmin ahead of time.
Comment 1 Alan Somers freebsd_committer freebsd_triage 2022-08-29 17:31:23 UTC
Created attachment 236226 [details]
Add a weekly periodic job to check zrepl SSL certs for impending expiration

Fixed a bug in the periodic script.  It would whine if there were not certificates installed.  Now it doesn't.
Comment 2 Graham Perrin freebsd_committer freebsd_triage 2022-12-27 09:52:13 UTC
Thank you. Triage: 

* reduce severity, to the norm for a feature
* in progress (work has started, assignee is a person)
* …
Comment 3 Dries Michiels freebsd_committer freebsd_triage 2023-01-13 15:39:18 UTC
Hi Alan,

I like the idea behind your script, but I am wondering does this only check certs that are relevant to zrepl usage, or does it check all certs on the present machine?

"Add a weekly periodic job to check zrepl SSL certs for impending expiration."

From this comment I would think it only considers zrepl SSL certs that will be reported by the script but I cant see the relevant logic in the script which accomplishes that?
Comment 4 Dries Michiels freebsd_committer freebsd_triage 2023-01-13 15:41:13 UTC
Oh nvm, /usr/bin/find %%ETCDIR%%, its right here, and %%ETCDIR%% gets expanded to a zrepl dedicated config dir.

I'll land this somewhere this weekend, nice feature!
Comment 5 Dries Michiels freebsd_committer freebsd_triage 2023-01-13 19:24:39 UTC
Actually, feel free to land this yourself, LGTM!
Comment 6 Dries Michiels freebsd_committer freebsd_triage 2023-01-13 19:25:07 UTC
If you don't have the cycles let me know and I'll land it for you!
Comment 7 commit-hook freebsd_committer freebsd_triage 2023-01-13 20:11:25 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=0de11ff4ffa507b3c91eada0307bb45fea28112a

commit 0de11ff4ffa507b3c91eada0307bb45fea28112a
Author:     Alan Somers <asomers@FreeBSD.org>
AuthorDate: 2021-07-27 22:08:38 +0000
Commit:     Alan Somers <asomers@FreeBSD.org>
CommitDate: 2023-01-13 20:10:59 +0000

    sysutils/zrepl: warn of impending SSL certificate expiration

    Add a periodic script that will warn of impending certifiate expiration.

    PR:             257464
    Approved by:    dries (maintainer, ports)
    Sponsored by:   Axcient

 sysutils/zrepl/Makefile                 |  7 ++++--
 sysutils/zrepl/files/500.zrepl.in (new) | 41 +++++++++++++++++++++++++++++++++
 sysutils/zrepl/files/pkg-message.in     | 10 ++++++++
 sysutils/zrepl/pkg-plist                |  1 +
 4 files changed, 57 insertions(+), 2 deletions(-)
Comment 8 Alan Somers freebsd_committer freebsd_triage 2023-01-13 20:12:04 UTC
Thanks for the review, driesm !