pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/security



Module Name:    pkgsrc
Committed By:   hauke
Date:           Thu May  2 13:34:56 UTC 2024

Modified Files:
        pkgsrc/security: Makefile
Added Files:
        pkgsrc/security/uacme: DESCR MESSAGE Makefile PLIST distinfo options.mk
        pkgsrc/security/uacme/patches: patch-Makefile.am patch-uacme.c
            patch-uacme.sh

Log Message:
Add security/uacme package.

Lightweight client for the RFC8555 ACMEv2 protocol, written in plain C
with minimal dependencies (libcurl and one of GnuTLS, OpenSSL or mbedTLS).

The ACMEv2 protocol allows a Certificate Authority (Let's Encrypt is a
popular one) and an applicant to automate the process of verification
and certificate issuance.  The protocol also provides facilities for
other certificate management functions, such as certificate revocation.


To generate a diff of this commit:
cvs rdiff -u -r1.945 -r1.946 pkgsrc/security/Makefile
cvs rdiff -u -r0 -r1.1 pkgsrc/security/uacme/DESCR \
    pkgsrc/security/uacme/MESSAGE pkgsrc/security/uacme/Makefile \
    pkgsrc/security/uacme/PLIST pkgsrc/security/uacme/distinfo \
    pkgsrc/security/uacme/options.mk
cvs rdiff -u -r0 -r1.1 pkgsrc/security/uacme/patches/patch-Makefile.am \
    pkgsrc/security/uacme/patches/patch-uacme.c \
    pkgsrc/security/uacme/patches/patch-uacme.sh

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/Makefile
diff -u pkgsrc/security/Makefile:1.945 pkgsrc/security/Makefile:1.946
--- pkgsrc/security/Makefile:1.945      Fri Apr 26 15:16:52 2024
+++ pkgsrc/security/Makefile    Thu May  2 13:34:56 2024
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.945 2024/04/26 15:16:52 wiz Exp $
+# $NetBSD: Makefile,v 1.946 2024/05/02 13:34:56 hauke Exp $
 #
 
 COMMENT=       Security and cryptography tools and libraries
@@ -664,6 +664,7 @@ SUBDIR+=    tor-browser-https-everywhere
 SUBDIR+=       tor-browser-noscript
 SUBDIR+=       tripwire
 SUBDIR+=       trufflehog
+SUBDIR+=       uacme
 SUBDIR+=       validns
 SUBDIR+=       vault
 SUBDIR+=       vaultwarden

Added files:

Index: pkgsrc/security/uacme/DESCR
diff -u /dev/null pkgsrc/security/uacme/DESCR:1.1
--- /dev/null   Thu May  2 13:34:56 2024
+++ pkgsrc/security/uacme/DESCR Thu May  2 13:34:56 2024
@@ -0,0 +1,7 @@
+Lightweight client for the RFC8555 ACMEv2 protocol, written in plain C
+with minimal dependencies (libcurl and one of GnuTLS, OpenSSL or mbedTLS).
+
+The ACMEv2 protocol allows a Certificate Authority (Let's Encrypt is a
+popular one) and an applicant to automate the process of verification
+and certificate issuance.  The protocol also provides facilities for
+other certificate management functions, such as certificate revocation.
Index: pkgsrc/security/uacme/MESSAGE
diff -u /dev/null pkgsrc/security/uacme/MESSAGE:1.1
--- /dev/null   Thu May  2 13:34:56 2024
+++ pkgsrc/security/uacme/MESSAGE       Thu May  2 13:34:56 2024
@@ -0,0 +1,10 @@
+===========================================================================
+$NetBSD: MESSAGE,v 1.1 2024/05/02 13:34:56 hauke Exp $
+
+The http-01 challenge protocol expects that the letsencrypt server can
+read back the provided domain challenge via http under the path
+"/.well-known/acme-challenge/".
+
+Your web server needs to alias this directory to "${UACME_CHALLENGE_PATH}".
+
+===========================================================================
Index: pkgsrc/security/uacme/Makefile
diff -u /dev/null pkgsrc/security/uacme/Makefile:1.1
--- /dev/null   Thu May  2 13:34:56 2024
+++ pkgsrc/security/uacme/Makefile      Thu May  2 13:34:56 2024
@@ -0,0 +1,67 @@
+# $NetBSD: Makefile,v 1.1 2024/05/02 13:34:56 hauke Exp $
+
+PKGNAME=       uacme-${PKGVER}
+DISTNAME=      v${PKGVER}
+PKGVER=                1.7.5
+CATEGORIES=    security
+MASTER_SITES=  ${MASTER_SITE_GITHUB:=ndilieto/uacme/archive/refs/tags/}
+
+MAINTAINER=    hauke%NetBSD.org@localhost
+COMMENT=       Lightweight C ACMEv2 client which uses external authenticators
+HOMEPAGE=      https://github.com/ndilieto/uacme
+LICENSE=       gnu-gpl-v3
+
+BUILD_DEPENDS+=                asciidoc-[0-9]*:../../textproc/asciidoc
+
+USE_TOOLS+=            gmake pkg-config autoconf autoreconf automake
+
+USE_LANGUAGES=         c
+USE_CC_FEATURES=       c11
+
+GNU_CONFIGURE=         yes
+WRKSRC=                        ${WRKDIR}/uacme-${PKGVER}
+
+HOOKDIR=               libexec
+DOCDIR=                        share/doc/uacme
+UACME_CONFDIR=         ${VARBASE}/uacme
+UACME_CHALLENGE_PATH=  ${UACME_CONFDIR}/challenge
+
+CONFIGURE_ARGS=                --datadir=${PREFIX}/${HOOKDIR}
+CONFIGURE_ARGS+=       --disable-maintainer-mode
+CONFIGURE_ARGS+=       --sysconfdir=${PKG_SYSCONFDIR}
+
+BUILD_DEFS+=           VARBASE
+
+.include "options.mk"
+
+REPLACE_SH+=                   nsupdate.sh uacme.sh ualpn.sh
+
+MESSAGE_SUBST+=                        UACME_CHALLENGE_PATH=${UACME_CHALLENGE_PATH}
+
+SUBST_CLASSES+=                        confdir
+SUBST_STAGE.confdir=           pre-configure
+SUBST_MESSAGE.confdir=         Set CONFDIR default
+SUBST_FILES.confdir=           uacme.c
+SUBST_VARS.confdir=            UACME_CONFDIR
+
+SUBST_CLASSES+=                        challenge
+SUBST_STAGE.challenge=         pre-configure
+SUBST_MESSAGE.challenge=       Set http-01 challenge default directory
+SUBST_FILES.challenge=         uacme.sh
+SUBST_VARS.challenge=          UACME_CHALLENGE_PATH
+
+INSTALLATION_DIRS+=            ${HOOKDIR}/uacme ${DOCDIR}
+
+OWN_DIRS=                      ${UACME_CONFDIR} ${UACME_CHALLENGE_PATH}
+OWN_DIRS_PERMS+=               ${UACME_CONFDIR}/private ${REAL_ROOT_USER} \
+                                       ${REAL_ROOT_GROUP} 0700
+
+pre-configure:
+       cd ${WRKSRC} && autoreconf -if
+
+post-install:
+       ${INSTALL_MAN} ${WRKSRC}/README.md ${DESTDIR}${PREFIX}/${DOCDIR}
+
+.include "../../devel/libev/buildlink3.mk"
+.include "../../www/curl/buildlink3.mk"
+.include "../../mk/bsd.pkg.mk"
Index: pkgsrc/security/uacme/PLIST
diff -u /dev/null pkgsrc/security/uacme/PLIST:1.1
--- /dev/null   Thu May  2 13:34:56 2024
+++ pkgsrc/security/uacme/PLIST Thu May  2 13:34:56 2024
@@ -0,0 +1,9 @@
+@comment $NetBSD: PLIST,v 1.1 2024/05/02 13:34:56 hauke Exp $
+bin/uacme
+bin/ualpn
+libexec/uacme/nsupdate.sh
+libexec/uacme/uacme.sh
+libexec/uacme/ualpn.sh
+man/man1/uacme.1
+man/man1/ualpn.1
+share/doc/uacme/README.md
Index: pkgsrc/security/uacme/distinfo
diff -u /dev/null pkgsrc/security/uacme/distinfo:1.1
--- /dev/null   Thu May  2 13:34:56 2024
+++ pkgsrc/security/uacme/distinfo      Thu May  2 13:34:56 2024
@@ -0,0 +1,8 @@
+$NetBSD: distinfo,v 1.1 2024/05/02 13:34:56 hauke Exp $
+
+BLAKE2s (v1.7.5.tar.gz) = 1947951f05e8b61a896394d1f67367446969dc14205440514ad679e1951bf208
+SHA512 (v1.7.5.tar.gz) = c219e3ade3a81e3088cc95ecc6422022d18bffd11f26aa1618d7e4bdbf492034ae886ad6d4428ba9bbe64dbe6e6576945f50ea8ae9d6f85098758a20ff82051c
+Size (v1.7.5.tar.gz) = 258398 bytes
+SHA1 (patch-Makefile.am) = 562ca9e346d95771798c8fab146f59aaefb57b52
+SHA1 (patch-uacme.c) = ef74f682f7a4336da4b3686aa50678298608f67e
+SHA1 (patch-uacme.sh) = 24da3e33aac08634d61287d1fb971f0b4095de8e
Index: pkgsrc/security/uacme/options.mk
diff -u /dev/null pkgsrc/security/uacme/options.mk:1.1
--- /dev/null   Thu May  2 13:34:56 2024
+++ pkgsrc/security/uacme/options.mk    Thu May  2 13:34:56 2024
@@ -0,0 +1,25 @@
+# $NetBSD: options.mk,v 1.1 2024/05/02 13:34:56 hauke Exp $
+
+PKG_OPTIONS_VAR=               PKG_OPTIONS.uacme
+
+PKG_OPTIONS_REQUIRED_GROUPS=   tls
+PKG_OPTIONS_GROUP.tls=         openssl gnutls mbedtls
+
+PKG_SUGGESTED_OPTIONS=         openssl
+
+.include "../../mk/bsd.options.mk"
+
+.if !empty(PKG_OPTIONS:Mopenssl)
+CONFIGURE_ARGS+=       --with-openssl=${BUILDLINK_PREFIX.openssl}
+.include "../../security/openssl/buildlink3.mk"
+.endif
+
+.if !empty(PKG_OPTIONS:Mgnutls)
+CONFIGURE_ARGS+=       --with-gnutls=${BUILDLINK_PREFIX.gnutls}
+.include "../../security/gnutls/buildlink3.mk"
+.endif
+
+.if !empty(PKG_OPTIONS:Mmbedtls)
+CONFIGURE_ARGS+=       --with-mbedtls=${BUILDLINK_PREFIX.mbedtls3}
+.include "../../security/mbedtls3/buildlink3.mk"
+.endif

Index: pkgsrc/security/uacme/patches/patch-Makefile.am
diff -u /dev/null pkgsrc/security/uacme/patches/patch-Makefile.am:1.1
--- /dev/null   Thu May  2 13:34:56 2024
+++ pkgsrc/security/uacme/patches/patch-Makefile.am     Thu May  2 13:34:56 2024
@@ -0,0 +1,44 @@
+$NetBSD: patch-Makefile.am,v 1.1 2024/05/02 13:34:56 hauke Exp $
+
+Do not bother with html docs - man pages are good enough 
+for Ents and Men
+
+--- Makefile.am.orig   2024-04-21 18:01:13.826158561 +0000
++++ Makefile.am
+@@ -67,23 +67,15 @@ endif
+ 
+ if ENABLE_DOCS
+ dist_man1_MANS = uacme.1
+-dist_html_DATA = docs/uacme.html
+ 
+ if ENABLE_UALPN
+ dist_man1_MANS += ualpn.1
+-dist_html_DATA += docs/ualpn.html
+ 
+ ualpn.1: ualpn.1.txt $(top_srcdir)/.version
+       $(AM_V_GEN)$(A2X) -L -d manpage -f manpage \
+           -a revision=$(VERSION) \
+           -a sysconfdir="${sysconfdir}" \
+           -a runstatedir="${runstatedir}" $<
+-
+-docs/ualpn.html: ualpn.1.txt $(top_srcdir)/.version
+-      $(AM_V_GEN)$(ASCIIDOC) -d manpage -b html5 -o $@ \
+-          -a revision=$(VERSION) \
+-          -a sysconfdir="${sysconfdir}" \
+-          -a runstatedir="${runstatedir}" $<
+ endif
+ 
+ uacme.1: uacme.1.txt $(top_srcdir)/.version
+@@ -91,12 +83,6 @@ uacme.1: uacme.1.txt $(top_srcdir)/.vers
+           -a revision=$(VERSION) \
+           -a sysconfdir="${sysconfdir}" \
+           -a runstatedir="${runstatedir}" $<
+-
+-docs/uacme.html: uacme.1.txt $(top_srcdir)/.version
+-      $(AM_V_GEN)$(ASCIIDOC) -d manpage -b html5 -o $@ \
+-          -a revision=$(VERSION) \
+-          -a sysconfdir="${sysconfdir}" \
+-          -a runstatedir="${runstatedir}" $<
+ endif
+ 
+ .PHONY: valgrind
Index: pkgsrc/security/uacme/patches/patch-uacme.c
diff -u /dev/null pkgsrc/security/uacme/patches/patch-uacme.c:1.1
--- /dev/null   Thu May  2 13:34:56 2024
+++ pkgsrc/security/uacme/patches/patch-uacme.c Thu May  2 13:34:56 2024
@@ -0,0 +1,15 @@
+$NetBSD: patch-uacme.c,v 1.1 2024/05/02 13:34:56 hauke Exp $
+
+Set CONFDIR default - we prefer not to write under /etc
+
+--- uacme.c.orig       2024-04-24 20:06:00.457609312 +0000
++++ uacme.c
+@@ -46,7 +46,7 @@
+ 
+ #define PRODUCTION_URL "https://acme-v02.api.letsencrypt.org/directory";
+ #define STAGING_URL "https://acme-staging-v02.api.letsencrypt.org/directory";
+-#define DEFAULT_CONFDIR SYSCONFDIR "/ssl/uacme"
++#define DEFAULT_CONFDIR "@UACME_CONFDIR@"
+ 
+ typedef struct acme {
+     privkey_t key;
Index: pkgsrc/security/uacme/patches/patch-uacme.sh
diff -u /dev/null pkgsrc/security/uacme/patches/patch-uacme.sh:1.1
--- /dev/null   Thu May  2 13:34:56 2024
+++ pkgsrc/security/uacme/patches/patch-uacme.sh        Thu May  2 13:34:56 2024
@@ -0,0 +1,17 @@
+$NetBSD: patch-uacme.sh,v 1.1 2024/05/02 13:34:56 hauke Exp $
+
+Make location of the http-01 challenges build-configurable.
+The web server used then has to map the directory to
+"/.well-known/acme-challenge/".
+
+--- uacme.sh.orig      2024-04-25 11:12:57.787219060 +0000
++++ uacme.sh
+@@ -16,7 +16,7 @@
+ # You should have received a copy of the GNU General Public License
+ # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ 
+-CHALLENGE_PATH="${UACME_CHALLENGE_PATH:-/var/www/.well-known/acme-challenge}"
++CHALLENGE_PATH="${UACME_CHALLENGE_PATH:-@UACME_CHALLENGE_PATH@}"
+ ARGS=5
+ E_BADARGS=85
+ 



Home | Main Index | Thread Index | Old Index