Created attachment 164247 [details] shar archive I heard this is a very good tool to manage certificates, though I didn't use it much myself. Written in Go.
Can I uncomment or remove TEST stanzas?
There are a couple of issues to work out first, like getting bsd.sites.mk to accept dots in GH_TUPLE. Hold on, I'll work through it.
I can't actually fetch most of it. My mentor found a port that has Github URLs with the "." and "-" characters in it: sysutils/serf. Can you try adjusting GH_TUPLE definition so that the fetch succeeds please? I can try to fix it too, but I won't have time to work on it until later.
Thank you for working on this. This is strange, because this used to work. I will look into this this week.
The port doesn't have "distinfo" file. To verify that fetch works: 1) empty out distfiles directory 2) make fetch 3) make makesum and include distinfo you received with the shar.
You can use sysutils/serf as a reference for how to set GH_TUPLE for this.
With this, I can at least fetch everything, although the package still doesn't build (stuff is extracted to the wrong place): GH_TUPLE= GeertJohan:go.rice:53da841:rice/src/github.com/GeertJohan/go.rice \ cloudflare:cf-tls:358b61f:tls/src/github.com/cloudflare/cf-tls \ cloudflare:go-metrics:6a9aea3:metrics/src/github.com/cloudflare/go-metrics \ cloudflare:redoctober:ce47aa1:redoctober/src/github.com/cloudflare/redoctober \ dgryski:go-rc2:8a90216:rc2/src/github.com/dgryski/go-rc2 \ miekg:pkcs11:21d03fe:pkcs11/src/github.com/miekg/pkcs11 \ daaku:go.zipexe:a5fe243:zipexe/src/github.com/daaku/go.zipexe \ kardianos:osext:10da294:osext/src/github.com/kardianos/osext GO_BASE= 7b85b09:crypto
Hi Yuri! I'd like to move this forward. Do you need any help?
Nikolai, I am on travel.I will answer in a week. Yuri
Sorry, I will take it myself.
Any news here. Soon to be a year from last conversation.
Good question. CFSSL is used by the consul deployment guide and sounds a lot nicer than writing your own shell scripts to deal with openssl.
Ping Yuri
if anyone is still interested, please try my updated port at: https://github.com/trombik/freebsd-ports-cfssl
A commit references this bug: Author: yuri Date: Sat May 23 18:28:13 UTC 2020 New revision: 536329 URL: https://svnweb.freebsd.org/changeset/ports/536329 Log: New port: security/cfssl: CloudFlares PKI and TLS toolkit PR: 205326 Submitted by: Tomoyuki Sakurai <trombik1973@gmail.com> (latest version), me (original version) Changes: head/security/Makefile head/security/cfssl/ head/security/cfssl/Makefile head/security/cfssl/distinfo head/security/cfssl/files/ head/security/cfssl/files/patch-cli_version_version.go head/security/cfssl/pkg-descr
Committed, thanks!
not directly related to the port, but you probably do not want to use cfssl as-is. if you are ansible user, here is ansible role for cfssl that I am working on.
missing url in the previous comment https://github.com/trombik/ansible-role-cfssl