From nobody Tue Jan  7 10:12:32 2025
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YS6L873CVz5kJYl;
	Tue, 07 Jan 2025 10:12:32 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4YS6L85B9lz53mH;
	Tue,  7 Jan 2025 10:12:32 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1736244752;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=hfbrhtG7MiZgoJCNhoUNFTiBpuaJd5l8I5zRUl0xgqw=;
	b=NDHvLW55CfK+SG7VsW05bIuTlgqfK8OvmktYbTN+ANiGiQFt3dKdyU216r3292H/vxAndv
	Ns/PeJ/nqz0AuJLF94ALcM2gNYJKCO8oFo8ZbNM6Lb3rL4iLTKaqfj2PspnAJwIn5N1ITT
	xma3Iyp/Bt1FVj6BNbDCa1UD3HWVnw1zVjpXXPwGCJrKIBNy6sxWv/E1AfFNf1fWmWdk4P
	ya50YTLVp5fp+iXEBX+pWw7fmIYBZCEe9sJs6dDI2/10/umMbdNxLybkWK3c+crA0y7PUJ
	pCUK75YzeqBp9J/x+KANJdHf0uqYf9awJZGqFhZKDA7hB6dsCoWCK5JkuLYMJQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1736244752;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=hfbrhtG7MiZgoJCNhoUNFTiBpuaJd5l8I5zRUl0xgqw=;
	b=esbHk6yZBuoUUjeGcSAyx1/PiyPhCjhdozvJt5zQHbjYHZYF4lM9SZm7Id2ZrNnljSlUVx
	4WMkcsVO6mfNUcFNDB3L2TnxF12by8YG0Ct1JaUp4SwPB20HV3FiIFxxR4FsllcBWk7CAP
	7JQ5JJinIWqFqO0jLIbzYc6DNN97kzSGbXX3LluRPgck2E6OyY+LA4usfXfA/u/81+4BbS
	KPXVvb2GXXttAhhnx+SVUYyyN2GMbnLwRAaPOChkpxbKXlGZgYapHGqbs4KZGmNcX63XGb
	bzA+AoDIsRqDEU8O59iuW9nEFX2PWqNhZ1iZa6cnRM+5Nt75Zr3HC5m+mIztuQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1736244752; a=rsa-sha256; cv=none;
	b=NF8Rnk9JTp4b2rgkd4XYyQoCZUojpN9ezNuaogKSWlQZ5Ho0uIc0bPcusyGSYM8sp6hSka
	1W3vFNtb6dcR/aLiLFTisb4Z5QwEIinycgNH76SgUFHL1uasW4gWAUy3pHWBnTyIs2CNYT
	UcgBBy3lU1n6athVuGoiNbsgCu9iQLUQ16h9CFDPnlhTA2wuYGdqjZyHDWxS41zNg36gLl
	7xeEXSffKBL/IP/TxhpD4qkXg/SeBM3KAS+GAxHeFnz4odJGKWK8dgF3Kp5T2QWYBzIpLo
	K1tpxdMLMMC5lSsfGOb6ablff4SlfcbvhS/2hu3lFRYrCjk1soRwXow1+8Z4qQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YS6L84pjxz15YB;
	Tue, 07 Jan 2025 10:12:32 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 507ACWes028987;
	Tue, 7 Jan 2025 10:12:32 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 507ACWqE028984;
	Tue, 7 Jan 2025 10:12:32 GMT
	(envelope-from git)
Date: Tue, 7 Jan 2025 10:12:32 GMT
Message-Id: <202501071012.507ACWqE028984@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Vladimir Druzenko <vvd@FreeBSD.org>
Subject: git: 7bf02d3f9f50 - main - security/step-certificates:
  Update 0.27.5 =?utf-8?Q?=E2=86=92?= 0.28.1, fix issues with
  rc-script
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-ports-all@freebsd.org
Sender: owner-dev-commits-ports-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: vvd
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 7bf02d3f9f50e6cf47aad822a6333bc59023a946
Auto-Submitted: auto-generated

The branch main has been updated by vvd:

URL: https://cgit.FreeBSD.org/ports/commit/?id=7bf02d3f9f50e6cf47aad822a6333bc59023a946

commit 7bf02d3f9f50e6cf47aad822a6333bc59023a946
Author:     Markus Wipp <mw@wipp.bayern>
AuthorDate: 2025-01-07 10:08:18 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2025-01-07 10:12:21 +0000

    security/step-certificates: Update 0.27.5 → 0.28.1, fix issues with rc-script
    
    - Rename rc-script from step-ca to step_ca.
    - Fix permission issue in step_ca rc-script.
    
    Changelogs:
    https://github.com/smallstep/certificates/releases/tag/v0.28.0
    https://github.com/smallstep/certificates/releases/tag/v0.28.1
    
    PR:     283894 282633
---
 security/step-certificates/Makefile                         |  7 +++----
 security/step-certificates/distinfo                         | 10 +++++-----
 security/step-certificates/files/{step-ca.in => step_ca.in} |  9 +++++----
 security/step-certificates/pkg-message                      |  2 ++
 4 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/security/step-certificates/Makefile b/security/step-certificates/Makefile
index dd3daf6c32a2..d70b9816948b 100644
--- a/security/step-certificates/Makefile
+++ b/security/step-certificates/Makefile
@@ -1,11 +1,10 @@
 PORTNAME=	step-certificates
 DISTVERSIONPREFIX=	v
-DISTVERSION=	0.27.5
-PORTREVISION=	1
+DISTVERSION=	0.28.1
 CATEGORIES=	security
 
 MAINTAINER=	mw@wipp.bayern
-COMMENT=	Smallstep step-ca certificates server
+COMMENT=	Smallstep step_ca certificates server
 WWW=		https://smallstep.com/certificates/
 
 LICENSE=	APACHE20
@@ -17,7 +16,7 @@ RUN_DEPENDS=	step:security/step-cli
 
 USES=		go:1.22,modules
 
-USE_RC_SUBR=	step-ca
+USE_RC_SUBR=	step_ca
 
 GO_MODULE=	github.com/smallstep/certificates
 
diff --git a/security/step-certificates/distinfo b/security/step-certificates/distinfo
index 27f74b7c1385..7306fa012d25 100644
--- a/security/step-certificates/distinfo
+++ b/security/step-certificates/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1729364384
-SHA256 (go/security_step-certificates/step-certificates-v0.27.5/v0.27.5.mod) = 035fc4e3449be2e504dd99cf79ed07b27c3d514aee7bb116db4707861620c9d2
-SIZE (go/security_step-certificates/step-certificates-v0.27.5/v0.27.5.mod) = 8344
-SHA256 (go/security_step-certificates/step-certificates-v0.27.5/v0.27.5.zip) = 2c4774a23b31bb2fa3f854776c99269a9add30b0d5dc23b0c301ba46dc77e11c
-SIZE (go/security_step-certificates/step-certificates-v0.27.5/v0.27.5.zip) = 1161319
+TIMESTAMP = 1736184396
+SHA256 (go/security_step-certificates/step-certificates-v0.28.1/v0.28.1.mod) = 41cf738a27e1f0894ddd48801408f60c78fd8b69dee14e8db55c9eb445959d46
+SIZE (go/security_step-certificates/step-certificates-v0.28.1/v0.28.1.mod) = 8354
+SHA256 (go/security_step-certificates/step-certificates-v0.28.1/v0.28.1.zip) = b1e3a63ae518e9475979006b3665816757e06f62bef180060749fb4eb276dd42
+SIZE (go/security_step-certificates/step-certificates-v0.28.1/v0.28.1.zip) = 1168039
diff --git a/security/step-certificates/files/step-ca.in b/security/step-certificates/files/step_ca.in
similarity index 93%
rename from security/step-certificates/files/step-ca.in
rename to security/step-certificates/files/step_ca.in
index 88d784823679..2d5ac4edad39 100644
--- a/security/step-certificates/files/step-ca.in
+++ b/security/step-certificates/files/step_ca.in
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# PROVIDE: step-ca
+# PROVIDE: step_ca
 # REQUIRE: LOGIN networking
 # KEYWORD: shutdown
 #
@@ -32,6 +32,7 @@ load_rc_config $name
 : ${step_ca_stepdir:=%%PREFIX%%/etc/step}
 : ${step_ca_steppath:=${step_ca_stepdir}/ca}
 : ${step_ca_password:=${step_ca_stepdir}/password.txt}
+: ${step_ca_env:=STEPPATH=${step_ca_steppath}}
 
 pidfile="/var/run/${name}.pid"
 step_ca_command="%%PREFIX%%/sbin/step-ca"
@@ -60,7 +61,7 @@ step_ca_startprecmd()
 
 	if [ ! -e ${step_ca_steppath} ]; then
 		echo "No configured Step CA found."
-		echo "Please run service step-ca configure"
+		echo "Please run service step_ca configure"
 		exit 1
 	else
 		export STEPPATH=${step_ca_steppath}
@@ -68,7 +69,7 @@ step_ca_startprecmd()
 
 	if [ ! -e ${step_ca_password} ]; then
 		echo "Step CA Password file for auto-start not found"
-		echo "Please run service step-ca configure"
+		echo "Please run service step_ca configure"
 		exit 1
 	fi
 
@@ -90,7 +91,7 @@ step_ca_configure() {
 	if [ ! -e ${step_ca_steppath} ]; then
 		echo "No configured Step CA found."
 		echo "Creating new one...."
-		install -d -m 600 -o ${step_ca_user} -g ${step_ca_group} ${step_ca_steppath}
+		install -d -m 700 -o ${step_ca_user} -g ${step_ca_group} ${step_ca_steppath}
 		export STEPPATH=${step_ca_steppath}
 		%%PREFIX%%/bin/step ca init --ssh
 		chown -R ${step_ca_user}:${step_ca_group} ${step_ca_stepdir}
diff --git a/security/step-certificates/pkg-message b/security/step-certificates/pkg-message
index 2e595b5f19ae..bca4286cd021 100644
--- a/security/step-certificates/pkg-message
+++ b/security/step-certificates/pkg-message
@@ -21,6 +21,8 @@ Following are the defaults for step certificates and can be overridden by rc.con
 * The password required for automatic startup is in step_ca_password (%%PREFIX%%/etc/step/password.txt)
 * By default step certificates logs to syslog with a tag of step_ca
 
+Due to an inconsistency between this message and the rc-script, the rc-script has been renamed from step-ca to step_ca in v0.28.1.
+Please be aware of this if you call the rc-script from a custom script.
 ================================================================================
 EOM
 }