Bug 205326 - [NEW PORT] security/cfssl: CloudFlares PKI and TLS toolkit
Summary: [NEW PORT] security/cfssl: CloudFlares PKI and TLS toolkit
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Yuri Victorovich
Depends on: 205282
  Show dependency treegraph
Reported: 2015-12-15 00:08 UTC by Yuri Victorovich
Modified: 2020-05-24 01:59 UTC (History)
5 users (show)

See Also:

shar archive (3.87 KB, text/plain)
2015-12-15 00:08 UTC, Yuri Victorovich
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Yuri Victorovich freebsd_committer 2015-12-15 00:08:41 UTC
Created attachment 164247 [details]
shar archive

I heard this is a very good tool to manage certificates, though I didn't use it much myself.

Written in Go.
Comment 1 Nikolai Lifanov freebsd_committer 2017-01-02 15:25:16 UTC
Can I uncomment or remove TEST stanzas?
Comment 2 Nikolai Lifanov freebsd_committer 2017-01-02 18:06:07 UTC
There are a couple of issues to work out first, like getting bsd.sites.mk to accept dots in GH_TUPLE. Hold on, I'll work through it.
Comment 3 Nikolai Lifanov freebsd_committer 2017-01-02 19:06:46 UTC
I can't actually fetch most of it. My mentor found a port that has Github URLs with the "." and "-" characters in it: sysutils/serf.

Can you try adjusting GH_TUPLE definition so that the fetch succeeds please?

I can try to fix it too, but I won't have time to work on it until later.
Comment 4 Yuri Victorovich freebsd_committer 2017-01-02 19:23:39 UTC
Thank you for working on this. This is strange, because this used to work. I will look into this this week.
Comment 5 Nikolai Lifanov freebsd_committer 2017-01-02 22:48:37 UTC
The port doesn't have "distinfo" file.
To verify that fetch works:
 1) empty out distfiles directory
 2) make fetch
 3) make makesum
and include distinfo you received with the shar.
Comment 6 Nikolai Lifanov freebsd_committer 2017-01-02 22:50:33 UTC
You can use sysutils/serf as a reference for how to set GH_TUPLE for this.
Comment 7 Nikolai Lifanov freebsd_committer 2017-01-19 20:57:26 UTC
With this, I can at least fetch everything, although the package still doesn't build (stuff is extracted to the wrong place):

GH_TUPLE=       GeertJohan:go.rice:53da841:rice/src/github.com/GeertJohan/go.rice \
                cloudflare:cf-tls:358b61f:tls/src/github.com/cloudflare/cf-tls \
                cloudflare:go-metrics:6a9aea3:metrics/src/github.com/cloudflare/go-metrics \
                cloudflare:redoctober:ce47aa1:redoctober/src/github.com/cloudflare/redoctober \
                dgryski:go-rc2:8a90216:rc2/src/github.com/dgryski/go-rc2 \
                miekg:pkcs11:21d03fe:pkcs11/src/github.com/miekg/pkcs11 \
                daaku:go.zipexe:a5fe243:zipexe/src/github.com/daaku/go.zipexe \
GO_BASE=        7b85b09:crypto
Comment 8 Nikolai Lifanov freebsd_committer 2017-02-18 23:47:01 UTC
Hi Yuri!

I'd like to move this forward. Do you need any help?
Comment 9 Yuri Victorovich freebsd_committer 2017-02-19 10:11:05 UTC

I am on travel.I will answer in a week.

Comment 10 Yuri Victorovich freebsd_committer 2017-11-26 10:36:37 UTC
Sorry, I will take it myself.
Comment 11 uros 2018-10-08 17:09:11 UTC
Any news here. Soon to be a year from last conversation.
Comment 12 Jan Bramkamp 2019-01-09 10:59:26 UTC
Good question. CFSSL is used by the consul deployment guide and sounds a lot nicer than writing your own shell scripts to deal with openssl.
Comment 13 daniel.engberg.lists 2020-03-20 07:54:11 UTC
Ping Yuri
Comment 14 Tomoyuki Sakurai 2020-05-23 10:25:00 UTC
if anyone is still interested, please try my updated port at:

Comment 15 commit-hook freebsd_committer 2020-05-23 18:28:17 UTC
A commit references this bug:

Author: yuri
Date: Sat May 23 18:28:13 UTC 2020
New revision: 536329
URL: https://svnweb.freebsd.org/changeset/ports/536329

  New port: security/cfssl: CloudFlares PKI and TLS toolkit

  PR:		205326
  Submitted by:	Tomoyuki Sakurai <trombik1973@gmail.com> (latest version), me (original version)

Comment 16 Yuri Victorovich freebsd_committer 2020-05-23 18:29:26 UTC
Committed, thanks!
Comment 17 Tomoyuki Sakurai 2020-05-24 01:59:08 UTC
not directly related to the port, but you probably do not want to use cfssl as-is. if you are ansible user, here is ansible role for cfssl that I am working on.
Comment 18 Tomoyuki Sakurai 2020-05-24 01:59:37 UTC
missing url in the previous comment