pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security
Module Name: pkgsrc
Committed By: hauke
Date: Thu May 2 13:34:56 UTC 2024
Modified Files:
pkgsrc/security: Makefile
Added Files:
pkgsrc/security/uacme: DESCR MESSAGE Makefile PLIST distinfo options.mk
pkgsrc/security/uacme/patches: patch-Makefile.am patch-uacme.c
patch-uacme.sh
Log Message:
Add security/uacme package.
Lightweight client for the RFC8555 ACMEv2 protocol, written in plain C
with minimal dependencies (libcurl and one of GnuTLS, OpenSSL or mbedTLS).
The ACMEv2 protocol allows a Certificate Authority (Let's Encrypt is a
popular one) and an applicant to automate the process of verification
and certificate issuance. The protocol also provides facilities for
other certificate management functions, such as certificate revocation.
To generate a diff of this commit:
cvs rdiff -u -r1.945 -r1.946 pkgsrc/security/Makefile
cvs rdiff -u -r0 -r1.1 pkgsrc/security/uacme/DESCR \
pkgsrc/security/uacme/MESSAGE pkgsrc/security/uacme/Makefile \
pkgsrc/security/uacme/PLIST pkgsrc/security/uacme/distinfo \
pkgsrc/security/uacme/options.mk
cvs rdiff -u -r0 -r1.1 pkgsrc/security/uacme/patches/patch-Makefile.am \
pkgsrc/security/uacme/patches/patch-uacme.c \
pkgsrc/security/uacme/patches/patch-uacme.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/Makefile
diff -u pkgsrc/security/Makefile:1.945 pkgsrc/security/Makefile:1.946
--- pkgsrc/security/Makefile:1.945 Fri Apr 26 15:16:52 2024
+++ pkgsrc/security/Makefile Thu May 2 13:34:56 2024
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.945 2024/04/26 15:16:52 wiz Exp $
+# $NetBSD: Makefile,v 1.946 2024/05/02 13:34:56 hauke Exp $
#
COMMENT= Security and cryptography tools and libraries
@@ -664,6 +664,7 @@ SUBDIR+= tor-browser-https-everywhere
SUBDIR+= tor-browser-noscript
SUBDIR+= tripwire
SUBDIR+= trufflehog
+SUBDIR+= uacme
SUBDIR+= validns
SUBDIR+= vault
SUBDIR+= vaultwarden
Added files:
Index: pkgsrc/security/uacme/DESCR
diff -u /dev/null pkgsrc/security/uacme/DESCR:1.1
--- /dev/null Thu May 2 13:34:56 2024
+++ pkgsrc/security/uacme/DESCR Thu May 2 13:34:56 2024
@@ -0,0 +1,7 @@
+Lightweight client for the RFC8555 ACMEv2 protocol, written in plain C
+with minimal dependencies (libcurl and one of GnuTLS, OpenSSL or mbedTLS).
+
+The ACMEv2 protocol allows a Certificate Authority (Let's Encrypt is a
+popular one) and an applicant to automate the process of verification
+and certificate issuance. The protocol also provides facilities for
+other certificate management functions, such as certificate revocation.
Index: pkgsrc/security/uacme/MESSAGE
diff -u /dev/null pkgsrc/security/uacme/MESSAGE:1.1
--- /dev/null Thu May 2 13:34:56 2024
+++ pkgsrc/security/uacme/MESSAGE Thu May 2 13:34:56 2024
@@ -0,0 +1,10 @@
+===========================================================================
+$NetBSD: MESSAGE,v 1.1 2024/05/02 13:34:56 hauke Exp $
+
+The http-01 challenge protocol expects that the letsencrypt server can
+read back the provided domain challenge via http under the path
+"/.well-known/acme-challenge/".
+
+Your web server needs to alias this directory to "${UACME_CHALLENGE_PATH}".
+
+===========================================================================
Index: pkgsrc/security/uacme/Makefile
diff -u /dev/null pkgsrc/security/uacme/Makefile:1.1
--- /dev/null Thu May 2 13:34:56 2024
+++ pkgsrc/security/uacme/Makefile Thu May 2 13:34:56 2024
@@ -0,0 +1,67 @@
+# $NetBSD: Makefile,v 1.1 2024/05/02 13:34:56 hauke Exp $
+
+PKGNAME= uacme-${PKGVER}
+DISTNAME= v${PKGVER}
+PKGVER= 1.7.5
+CATEGORIES= security
+MASTER_SITES= ${MASTER_SITE_GITHUB:=ndilieto/uacme/archive/refs/tags/}
+
+MAINTAINER= hauke%NetBSD.org@localhost
+COMMENT= Lightweight C ACMEv2 client which uses external authenticators
+HOMEPAGE= https://github.com/ndilieto/uacme
+LICENSE= gnu-gpl-v3
+
+BUILD_DEPENDS+= asciidoc-[0-9]*:../../textproc/asciidoc
+
+USE_TOOLS+= gmake pkg-config autoconf autoreconf automake
+
+USE_LANGUAGES= c
+USE_CC_FEATURES= c11
+
+GNU_CONFIGURE= yes
+WRKSRC= ${WRKDIR}/uacme-${PKGVER}
+
+HOOKDIR= libexec
+DOCDIR= share/doc/uacme
+UACME_CONFDIR= ${VARBASE}/uacme
+UACME_CHALLENGE_PATH= ${UACME_CONFDIR}/challenge
+
+CONFIGURE_ARGS= --datadir=${PREFIX}/${HOOKDIR}
+CONFIGURE_ARGS+= --disable-maintainer-mode
+CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
+
+BUILD_DEFS+= VARBASE
+
+.include "options.mk"
+
+REPLACE_SH+= nsupdate.sh uacme.sh ualpn.sh
+
+MESSAGE_SUBST+= UACME_CHALLENGE_PATH=${UACME_CHALLENGE_PATH}
+
+SUBST_CLASSES+= confdir
+SUBST_STAGE.confdir= pre-configure
+SUBST_MESSAGE.confdir= Set CONFDIR default
+SUBST_FILES.confdir= uacme.c
+SUBST_VARS.confdir= UACME_CONFDIR
+
+SUBST_CLASSES+= challenge
+SUBST_STAGE.challenge= pre-configure
+SUBST_MESSAGE.challenge= Set http-01 challenge default directory
+SUBST_FILES.challenge= uacme.sh
+SUBST_VARS.challenge= UACME_CHALLENGE_PATH
+
+INSTALLATION_DIRS+= ${HOOKDIR}/uacme ${DOCDIR}
+
+OWN_DIRS= ${UACME_CONFDIR} ${UACME_CHALLENGE_PATH}
+OWN_DIRS_PERMS+= ${UACME_CONFDIR}/private ${REAL_ROOT_USER} \
+ ${REAL_ROOT_GROUP} 0700
+
+pre-configure:
+ cd ${WRKSRC} && autoreconf -if
+
+post-install:
+ ${INSTALL_MAN} ${WRKSRC}/README.md ${DESTDIR}${PREFIX}/${DOCDIR}
+
+.include "../../devel/libev/buildlink3.mk"
+.include "../../www/curl/buildlink3.mk"
+.include "../../mk/bsd.pkg.mk"
Index: pkgsrc/security/uacme/PLIST
diff -u /dev/null pkgsrc/security/uacme/PLIST:1.1
--- /dev/null Thu May 2 13:34:56 2024
+++ pkgsrc/security/uacme/PLIST Thu May 2 13:34:56 2024
@@ -0,0 +1,9 @@
+@comment $NetBSD: PLIST,v 1.1 2024/05/02 13:34:56 hauke Exp $
+bin/uacme
+bin/ualpn
+libexec/uacme/nsupdate.sh
+libexec/uacme/uacme.sh
+libexec/uacme/ualpn.sh
+man/man1/uacme.1
+man/man1/ualpn.1
+share/doc/uacme/README.md
Index: pkgsrc/security/uacme/distinfo
diff -u /dev/null pkgsrc/security/uacme/distinfo:1.1
--- /dev/null Thu May 2 13:34:56 2024
+++ pkgsrc/security/uacme/distinfo Thu May 2 13:34:56 2024
@@ -0,0 +1,8 @@
+$NetBSD: distinfo,v 1.1 2024/05/02 13:34:56 hauke Exp $
+
+BLAKE2s (v1.7.5.tar.gz) = 1947951f05e8b61a896394d1f67367446969dc14205440514ad679e1951bf208
+SHA512 (v1.7.5.tar.gz) = c219e3ade3a81e3088cc95ecc6422022d18bffd11f26aa1618d7e4bdbf492034ae886ad6d4428ba9bbe64dbe6e6576945f50ea8ae9d6f85098758a20ff82051c
+Size (v1.7.5.tar.gz) = 258398 bytes
+SHA1 (patch-Makefile.am) = 562ca9e346d95771798c8fab146f59aaefb57b52
+SHA1 (patch-uacme.c) = ef74f682f7a4336da4b3686aa50678298608f67e
+SHA1 (patch-uacme.sh) = 24da3e33aac08634d61287d1fb971f0b4095de8e
Index: pkgsrc/security/uacme/options.mk
diff -u /dev/null pkgsrc/security/uacme/options.mk:1.1
--- /dev/null Thu May 2 13:34:56 2024
+++ pkgsrc/security/uacme/options.mk Thu May 2 13:34:56 2024
@@ -0,0 +1,25 @@
+# $NetBSD: options.mk,v 1.1 2024/05/02 13:34:56 hauke Exp $
+
+PKG_OPTIONS_VAR= PKG_OPTIONS.uacme
+
+PKG_OPTIONS_REQUIRED_GROUPS= tls
+PKG_OPTIONS_GROUP.tls= openssl gnutls mbedtls
+
+PKG_SUGGESTED_OPTIONS= openssl
+
+.include "../../mk/bsd.options.mk"
+
+.if !empty(PKG_OPTIONS:Mopenssl)
+CONFIGURE_ARGS+= --with-openssl=${BUILDLINK_PREFIX.openssl}
+.include "../../security/openssl/buildlink3.mk"
+.endif
+
+.if !empty(PKG_OPTIONS:Mgnutls)
+CONFIGURE_ARGS+= --with-gnutls=${BUILDLINK_PREFIX.gnutls}
+.include "../../security/gnutls/buildlink3.mk"
+.endif
+
+.if !empty(PKG_OPTIONS:Mmbedtls)
+CONFIGURE_ARGS+= --with-mbedtls=${BUILDLINK_PREFIX.mbedtls3}
+.include "../../security/mbedtls3/buildlink3.mk"
+.endif
Index: pkgsrc/security/uacme/patches/patch-Makefile.am
diff -u /dev/null pkgsrc/security/uacme/patches/patch-Makefile.am:1.1
--- /dev/null Thu May 2 13:34:56 2024
+++ pkgsrc/security/uacme/patches/patch-Makefile.am Thu May 2 13:34:56 2024
@@ -0,0 +1,44 @@
+$NetBSD: patch-Makefile.am,v 1.1 2024/05/02 13:34:56 hauke Exp $
+
+Do not bother with html docs - man pages are good enough
+for Ents and Men
+
+--- Makefile.am.orig 2024-04-21 18:01:13.826158561 +0000
++++ Makefile.am
+@@ -67,23 +67,15 @@ endif
+
+ if ENABLE_DOCS
+ dist_man1_MANS = uacme.1
+-dist_html_DATA = docs/uacme.html
+
+ if ENABLE_UALPN
+ dist_man1_MANS += ualpn.1
+-dist_html_DATA += docs/ualpn.html
+
+ ualpn.1: ualpn.1.txt $(top_srcdir)/.version
+ $(AM_V_GEN)$(A2X) -L -d manpage -f manpage \
+ -a revision=$(VERSION) \
+ -a sysconfdir="${sysconfdir}" \
+ -a runstatedir="${runstatedir}" $<
+-
+-docs/ualpn.html: ualpn.1.txt $(top_srcdir)/.version
+- $(AM_V_GEN)$(ASCIIDOC) -d manpage -b html5 -o $@ \
+- -a revision=$(VERSION) \
+- -a sysconfdir="${sysconfdir}" \
+- -a runstatedir="${runstatedir}" $<
+ endif
+
+ uacme.1: uacme.1.txt $(top_srcdir)/.version
+@@ -91,12 +83,6 @@ uacme.1: uacme.1.txt $(top_srcdir)/.vers
+ -a revision=$(VERSION) \
+ -a sysconfdir="${sysconfdir}" \
+ -a runstatedir="${runstatedir}" $<
+-
+-docs/uacme.html: uacme.1.txt $(top_srcdir)/.version
+- $(AM_V_GEN)$(ASCIIDOC) -d manpage -b html5 -o $@ \
+- -a revision=$(VERSION) \
+- -a sysconfdir="${sysconfdir}" \
+- -a runstatedir="${runstatedir}" $<
+ endif
+
+ .PHONY: valgrind
Index: pkgsrc/security/uacme/patches/patch-uacme.c
diff -u /dev/null pkgsrc/security/uacme/patches/patch-uacme.c:1.1
--- /dev/null Thu May 2 13:34:56 2024
+++ pkgsrc/security/uacme/patches/patch-uacme.c Thu May 2 13:34:56 2024
@@ -0,0 +1,15 @@
+$NetBSD: patch-uacme.c,v 1.1 2024/05/02 13:34:56 hauke Exp $
+
+Set CONFDIR default - we prefer not to write under /etc
+
+--- uacme.c.orig 2024-04-24 20:06:00.457609312 +0000
++++ uacme.c
+@@ -46,7 +46,7 @@
+
+ #define PRODUCTION_URL "https://acme-v02.api.letsencrypt.org/directory"
+ #define STAGING_URL "https://acme-staging-v02.api.letsencrypt.org/directory"
+-#define DEFAULT_CONFDIR SYSCONFDIR "/ssl/uacme"
++#define DEFAULT_CONFDIR "@UACME_CONFDIR@"
+
+ typedef struct acme {
+ privkey_t key;
Index: pkgsrc/security/uacme/patches/patch-uacme.sh
diff -u /dev/null pkgsrc/security/uacme/patches/patch-uacme.sh:1.1
--- /dev/null Thu May 2 13:34:56 2024
+++ pkgsrc/security/uacme/patches/patch-uacme.sh Thu May 2 13:34:56 2024
@@ -0,0 +1,17 @@
+$NetBSD: patch-uacme.sh,v 1.1 2024/05/02 13:34:56 hauke Exp $
+
+Make location of the http-01 challenges build-configurable.
+The web server used then has to map the directory to
+"/.well-known/acme-challenge/".
+
+--- uacme.sh.orig 2024-04-25 11:12:57.787219060 +0000
++++ uacme.sh
+@@ -16,7 +16,7 @@
+ # You should have received a copy of the GNU General Public License
+ # along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+-CHALLENGE_PATH="${UACME_CHALLENGE_PATH:-/var/www/.well-known/acme-challenge}"
++CHALLENGE_PATH="${UACME_CHALLENGE_PATH:-@UACME_CHALLENGE_PATH@}"
+ ARGS=5
+ E_BADARGS=85
+
Home |
Main Index |
Thread Index |
Old Index