Bug 272312 - [NEW PORT] security/p5-openxpki-clca: Toolkit for root CA
Summary: [NEW PORT] security/p5-openxpki-clca: Toolkit for root CA
Status: Open
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-ports-bugs (Nobody)
URL: https://github.com/openxpki/clca
Keywords:
Depends on:
Blocks:
 
Reported: 2023-07-01 12:24 UTC by Sergei Vyshenski
Modified: 2023-08-09 13:37 UTC (History)
1 user (show)

See Also:

Attachments
git format-patch -1 main (11.51 KB, patch)
2023-07-01 12:24 UTC, Sergei Vyshenski 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sergei Vyshenski 2023-07-01 12:24:04 UTC 
Created attachment 243099 [details]
git format-patch -1 main

Command Line Certificate Authority (clca) is a collection of tools (written in
Bash and Perl atop of OpenSSL or LibreSSL) that allow for basic PKI operations
such as Sub CA certificate issuance (signing certificate requests), certificate
revocation and CRL issuance. Originally designed to be used for a Root CA, it
may also be used for lower level CAs or even end entity certificates as well.

https://github.com/openxpki/clca

- "portlint -AC" gives non-relevant warns.
- "portclippy Makefile" is happy.
- "portfmt -D Makefile" gives non-relevant warns.
- Tested with:
13.2-RELEASE-p1
portlint 2.20.0
portfmt 1.1.4
pkg 1.19.1
poudriere 3.3.7_1
perl 5.32.1_3
openssl 1.1.1t-freebsd, openssl 3.0.9, openssl 3.1.1, libressl 3.7.3
Comment 1 Robert Clausecker freebsd_committer freebsd_triage 2023-08-09 13:37:48 UTC 
Thank you for your submission.  Contrary to what I said in my email, this submission is not ready to be committed.

Some issues for you to check:

 - You seem to be doing a bunch of rote replacements in an unconventional way.
   Check if you can use USES=shebangfix instead
 - if not, I recommend writing a patch file that replaces all instances of the
   token you want to replace with some easy to see token.  Then use REINPLACE_CMD
   to fix all instances of this token.  For example, replace openssl with
   %%OPENSSL%% in a patch file, then ${REINPLACE_CMD} -e
   s,%%OPENSSL%%,${something} to fix this up.  This simplifies the whole thing to

       ${FIND} ${some_dir} -exec ${REINPLACE_CMD} -e ... {} +

 - I recommend moving ${REINPLACE_CMD} use to pre-configure as to not break
   make makepatch
 - in any way, do not delete the .bak files as these are used by stage-qa to
   check for misuse of REINPLACE_CMD
 - use ${PERL} instead of hardcoding ${PREFIX}/bin/perl
 - do not assume the port directory is writable.  Put temporarily files like
   filelist into ${WRKDIR}
 - your pkg-plist does not install anything unless EXAMPLES are selected.
   Is this correct?
 - do not define dummy do-build or do-install targets.  If you don't need these
   targets, define NO_BUILD=yes or NO_INSTALL=yes as appropriate.
 - your installation message recommends that the user copies all these files to
   his or her home directory.  Why is this needed?  Can't you install the scripts
   and files into standard locations so they can be used from where they are?
   We want ports to be usable as they are.  Ports are not just a vehicle to
   download a bunch of files to the users computer.