Date: Wed, 6 Mar 2024 04:29:32 GMT From: Koichiro Iwao <meta@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 8b99252493eb - main - security/dehydrated: Update to 0.7.1-6-g4fd777e Message-ID: <202403060429.4264TWQM006599@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by meta: URL: https://cgit.FreeBSD.org/ports/commit/?id=8b99252493ebd9ad3c26b430af4de57021c46e6e commit 8b99252493ebd9ad3c26b430af4de57021c46e6e Author: Koichiro Iwao <meta@FreeBSD.org> AuthorDate: 2024-03-06 04:04:02 +0000 Commit: Koichiro Iwao <meta@FreeBSD.org> CommitDate: 2024-03-06 04:28:44 +0000 security/dehydrated: Update to 0.7.1-6-g4fd777e Also add another periodic file to run dehydrated more frequent than weekly because OSCP response file should be updated before expiry [1]. PR: 277409 Reported by: mfechner [1] --- security/dehydrated/Makefile | 16 ++++---- security/dehydrated/distinfo | 6 +-- security/dehydrated/files/000.dehydrated.daily.in | 46 ++++++++++++++++++++++ ...{000.dehydrated.in => 000.dehydrated.weekly.in} | 0 security/dehydrated/files/pkg-message.in | 11 ++++++ security/dehydrated/pkg-plist | 1 + 6 files changed, 69 insertions(+), 11 deletions(-) diff --git a/security/dehydrated/Makefile b/security/dehydrated/Makefile index 2310ddb7343a..91503e154f03 100644 --- a/security/dehydrated/Makefile +++ b/security/dehydrated/Makefile @@ -1,8 +1,7 @@ PORTNAME= dehydrated DISTVERSIONPREFIX= v -DISTVERSION= 0.7.1-5 -PORTREVISION= 1 -DISTVERSIONSUFFIX= -ge3ef43c +DISTVERSION= 0.7.1-6 +DISTVERSIONSUFFIX= -g4fd777e CATEGORIES= security MAINTAINER= meta@FreeBSD.org @@ -22,7 +21,7 @@ SHEBANG_FILES= docs/examples/hook.sh dehydrated NO_ARCH= yes NO_BUILD= yes -SUB_FILES= 000.dehydrated pkg-message +SUB_FILES= 000.dehydrated.daily 000.dehydrated.weekly pkg-message SUB_LIST= PORTNAME=${PORTNAME} OPTIONS_DEFINE= DOCS @@ -35,8 +34,6 @@ ZSH_DESC= Use the Z shell (ZSH) BASH_RUN_DEPENDS= bash:shells/bash ZSH_RUN_DEPENDS= zsh:shells/zsh -PERIODIC_DIRS= etc/periodic/weekly -PERIODIC_FILES= 000.dehydrated post-patch: . for f in docs/examples/config dehydrated @@ -50,13 +47,16 @@ post-patch-ZSH-on: . endfor do-install: - @${MKDIR} ${STAGEDIR}${ETCDIR}/.acme-challenges ${STAGEDIR}${PREFIX}/${PERIODIC_DIRS} + @${MKDIR} ${STAGEDIR}${ETCDIR}/.acme-challenges \ + ${STAGEDIR}${PREFIX}/etc/periodic/daily \ + ${STAGEDIR}${PREFIX}/etc/periodic/weekly ${INSTALL_DATA} ${WRKSRC}/docs/examples/config ${STAGEDIR}${ETCDIR}/config.sample ${INSTALL_DATA} ${WRKSRC}/docs/examples/hook.sh ${STAGEDIR}${ETCDIR}/hook.sh.sample ${INSTALL_DATA} ${WRKSRC}/docs/examples/domains.txt ${STAGEDIR}${ETCDIR}/domains.txt.sample ${INSTALL_MAN} ${WRKSRC}/docs/man/dehydrated.1 ${STAGEDIR}${PREFIX}/share/man/man1 ${INSTALL_SCRIPT} ${WRKSRC}/${PORTNAME} ${STAGEDIR}${PREFIX}/bin/${PORTNAME} - ${INSTALL_SCRIPT} ${WRKDIR}/${PERIODIC_FILES} ${STAGEDIR}${PREFIX}/${PERIODIC_DIRS}/${PERIODIC_FILES} + ${INSTALL_SCRIPT} ${WRKDIR}/000.dehydrated.daily ${STAGEDIR}${PREFIX}/etc/periodic/daily/000.dehydrated + ${INSTALL_SCRIPT} ${WRKDIR}/000.dehydrated.weekly ${STAGEDIR}${PREFIX}/etc/periodic/weekly/000.dehydrated @${MKDIR} ${STAGEDIR}${PREFIX}/www/dehydrated do-install-DOCS-on: diff --git a/security/dehydrated/distinfo b/security/dehydrated/distinfo index 5c7732d8cd1e..9298ccf74384 100644 --- a/security/dehydrated/distinfo +++ b/security/dehydrated/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1673905899 -SHA256 (dehydrated-io-dehydrated-v0.7.1-5-ge3ef43c_GH0.tar.gz) = 4e7f64963731141987d93fd4f8b09f74c012ee603f4cbe3d2107a3de046c9680 -SIZE (dehydrated-io-dehydrated-v0.7.1-5-ge3ef43c_GH0.tar.gz) = 120749 +TIMESTAMP = 1709697522 +SHA256 (dehydrated-io-dehydrated-v0.7.1-6-g4fd777e_GH0.tar.gz) = de412c89502df7beb08e20d2d6e6f2b9f314dc60e6a12d08f9e7712b80d569c6 +SIZE (dehydrated-io-dehydrated-v0.7.1-6-g4fd777e_GH0.tar.gz) = 120738 diff --git a/security/dehydrated/files/000.dehydrated.daily.in b/security/dehydrated/files/000.dehydrated.daily.in new file mode 100644 index 000000000000..9e1cc23329fd --- /dev/null +++ b/security/dehydrated/files/000.dehydrated.daily.in @@ -0,0 +1,46 @@ +#!/bin/sh + +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +PATH=$PATH:%%LOCALBASE%%/bin:%%LOCALBASE%%/sbin +export PATH + +case "$daily_letsencrypt_enable" in + [Yy][Ee][Ss]) + : ${daily_dehydrated_enable:=$daily_letsencrypt_enable} + : ${daily_dehydrated_user:=$daily_letsencrypt_user} + : ${daily_dehydrated_flags:=$daily_letsencrypt_flags} + : ${daily_dehydrated_deployscript:=$daily_letsencrypt_deployscript} + ;; + *) + ;; +esac + +case "$daily_dehydrated_enable" in + [Yy][Ee][Ss]) + echo + echo "Checking Let's Encrypt certificate status:" + + if [ -z "$daily_dehydrated_user" ] + then + %%PREFIX%%/bin/dehydrated -c $daily_dehydrated_flags + else + su -m "$daily_dehydrated_user" -c "%%PREFIX%%/bin/dehydrated -c $daily_dehydrated_flags" + fi + + echo "Deploying Let's Encrypt certificates:" + + if [ -x "$daily_dehydrated_deployscript" ] + then + $daily_dehydrated_deployscript + else + echo 'Skipped, deploy script not set or not executable.' + fi + ;; + *) + ;; +esac diff --git a/security/dehydrated/files/000.dehydrated.in b/security/dehydrated/files/000.dehydrated.weekly.in similarity index 100% rename from security/dehydrated/files/000.dehydrated.in rename to security/dehydrated/files/000.dehydrated.weekly.in diff --git a/security/dehydrated/files/pkg-message.in b/security/dehydrated/files/pkg-message.in index e12265f46eb1..1e16d24ec107 100644 --- a/security/dehydrated/files/pkg-message.in +++ b/security/dehydrated/files/pkg-message.in @@ -21,6 +21,17 @@ weekly_dehydrated_deployscript="%%PREFIX%%/etc/%%PORTNAME%%/deploy.sh" Additional flags for the periodic run go into weekly_dehydrated_flags="-g" + +If weekly run is not frequent enough, such as when fetching OCSP +response files (expires in 7 days), replace "weekly_" with "daily_" +as follows to run dehydrated daily. Options are exactly same with +weekly. + +daily_dehydrated_enable="YES" +daily_dehydrated_user="_letsencrypt" +daily_dehydrated_deployscript="%%PREFIX%%/etc/%%PORTNAME%%/deploy.sh" +daily_dehydrated_flags="-g" + EOM } ] diff --git a/security/dehydrated/pkg-plist b/security/dehydrated/pkg-plist index b58800ef572f..5de12829eab1 100644 --- a/security/dehydrated/pkg-plist +++ b/security/dehydrated/pkg-plist @@ -3,6 +3,7 @@ bin/dehydrated @sample %%ETCDIR%%/config.sample @sample %%ETCDIR%%/domains.txt.sample @sample %%ETCDIR%%/hook.sh.sample +etc/periodic/daily/000.dehydrated etc/periodic/weekly/000.dehydrated share/man/man1/dehydrated.1.gz %%PORTDOCS%%%%DOCSDIR%%/README.md
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202403060429.4264TWQM006599>