Date: Wed, 2 Nov 2016 20:08:33 +0000 (UTC) From: Bernard Spil <brnrd@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r425172 - in head: . security/acme-client security/acme-client/files Message-ID: <201611022008.uA2K8XbW074472@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: brnrd Date: Wed Nov 2 20:08:33 2016 New Revision: 425172 URL: https://svnweb.freebsd.org/changeset/ports/425172 Log: security/acme-client: Update to 0.1.13 - Update to 0.1.13 - Modify all configuration paths from letsencrypt to acme - Update periodic script to reflect path changes - Update sample scripts to reflect path changes - Add warning to pkg-message for changed paths - Add UPDATING entry for changed paths - Remove warning for old periodic.conf variable names - Remove warning for letskencrypt rename Modified: head/UPDATING head/security/acme-client/Makefile head/security/acme-client/distinfo head/security/acme-client/files/000.acme-client.sh.in head/security/acme-client/files/acme-client.sh.sample.in head/security/acme-client/files/deploy.sh.sample.in head/security/acme-client/files/pkg-message.in head/security/acme-client/pkg-plist Modified: head/UPDATING ============================================================================== --- head/UPDATING Wed Nov 2 19:47:27 2016 (r425171) +++ head/UPDATING Wed Nov 2 20:08:33 2016 (r425172) @@ -5,6 +5,19 @@ they are unavoidable. You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. +20161102: + AFFECTS: users of security/acme-client + AUTHOR: brnrd@FreeBSD.org + + The default configuration paths have changed from 'letsencrypt' to + 'acme'. Rename the directories used accordingly + + mv /usr/local/etc/letsencrypt /usr/local/etc/acme + mv /usr/local/etc/ssl/letsencrypt /usr/local/etc/ssl/acme + mv /usr/local/www/letsencrypt /usr/local/www/acme + + Check your scripts to ensure proper operation. + 20161030: AFFECTS: users of mail/squirrelmail AUTHOR: adamw@FreeBSD.org Modified: head/security/acme-client/Makefile ============================================================================== --- head/security/acme-client/Makefile Wed Nov 2 19:47:27 2016 (r425171) +++ head/security/acme-client/Makefile Wed Nov 2 20:08:33 2016 (r425172) @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= acme-client -PORTVERSION= 0.1.11 -PORTREVISION= 2 +PORTVERSION= 0.1.13 DISTVERSIONPREFIX= portable- CATEGORIES= security MASTER_SITES= https://kristaps.bsd.lv/${PORTNAME}/snapshots/ \ @@ -26,7 +25,7 @@ STATIC_ACMECLIENT_EXTRA_PATCHES= ${PATCH MAKEFILE= GNUmakefile MAKE_ENV= PREFIX=${STAGEDIR}/${PREFIX} -WWWDIR= ${PREFIX}/www/letsencrypt +WWWDIR= ${PREFIX}/www/acme SAMPLE_FILES= acme-client.sh.sample deploy.sh.sample SUB_FILES= 000.acme-client.sh pkg-message ${SAMPLE_FILES} @@ -36,20 +35,20 @@ PERIODIC_DIRS= etc/periodic/weekly PERIODIC_FILES= 000.acme-client.sh post-patch: - ${REINPLACE_CMD} -e "s|/etc/|${PREFIX}/etc/|" \ - -e "s|/var/www/letsencrypt|${WWWDIR}|" \ + ${REINPLACE_CMD} -e "s|/etc/|${PREFIX}/etc/|g" \ + -e "s|/var/www/acme|${WWWDIR}|" \ ${WRKSRC}/main.c ${WRKSRC}/acme-client.1 post-install: ${MKDIR} ${STAGEDIR}${PREFIX}/${PERIODIC_DIRS} ${INSTALL_SCRIPT} ${WRKDIR}/${PERIODIC_FILES} ${STAGEDIR}${PREFIX}/${PERIODIC_DIRS}/${PERIODIC_FILES} ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/acme-client -. for d in etc/ssl/letsencrypt etc/ssl/letsencrypt/private \ - etc/letsencrypt www/letsencrypt +. for d in etc/ssl/acme etc/ssl/acme/private \ + etc/acme www/acme ${MKDIR} ${STAGEDIR}${PREFIX}/${d} . endfor . for d in ${SAMPLE_FILES} - ${INSTALL_SCRIPT} ${WRKDIR}/${d} ${STAGEDIR}${PREFIX}/etc/letsencrypt/${d} + ${INSTALL_SCRIPT} ${WRKDIR}/${d} ${STAGEDIR}${PREFIX}/etc/acme/${d} . endfor .include <bsd.port.pre.mk> Modified: head/security/acme-client/distinfo ============================================================================== --- head/security/acme-client/distinfo Wed Nov 2 19:47:27 2016 (r425171) +++ head/security/acme-client/distinfo Wed Nov 2 20:08:33 2016 (r425172) @@ -1,3 +1,3 @@ -TIMESTAMP = 1472800677 -SHA256 (acme-client-portable-0.1.11.tgz) = cb197820ad5dbe0f264f96f3b39ba71c295ab07ea6447632ee0f11329dbff126 -SIZE (acme-client-portable-0.1.11.tgz) = 45226 +TIMESTAMP = 1478115236 +SHA256 (acme-client-portable-0.1.13.tgz) = d364e68ef1590783d8e73196185c557b162805fefdbc92edf07289d5b32228c6 +SIZE (acme-client-portable-0.1.13.tgz) = 48641 Modified: head/security/acme-client/files/000.acme-client.sh.in ============================================================================== --- head/security/acme-client/files/000.acme-client.sh.in Wed Nov 2 19:47:27 2016 (r425171) +++ head/security/acme-client/files/000.acme-client.sh.in Wed Nov 2 20:08:33 2016 (r425172) @@ -9,24 +9,6 @@ fi PATH=$PATH:%%LOCALBASE%%/bin:%%LOCALBASE%%/sbin export PATH -case "$weekly_letskencrypt_enable" in - [Yy][Ee][Ss]) - echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!' - echo '!! WARNING: letskencrypt has been renamed to acme-client !!' - echo '!! rename all weekly_letskencrypt_* periodic variables !!' - echo '!! to weekly_acme_client_* in your periodic.conf !!' - echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!' - : ${weekly_acme_client_enable:=$weekly_letskencrypt_enable} - : ${weekly_acme_client_renewscript:=$weekly_letskencrypt_renewscript} - : ${weekly_acme_client_domains:=$weekly_letskencrypt_domains} - : ${weekly_acme_client_challengedir:=$weekly_letskencrypt_challengedir} - : ${weekly_acme_client_args:=$weekly_letskencrypt_args} - : ${weekly_acme_client_deployscript:=$weekly_letskencrypt_deployscript} - ;; - *) - ;; -esac - case "$weekly_acme_client_enable" in [Yy][Ee][Ss]) echo Modified: head/security/acme-client/files/acme-client.sh.sample.in ============================================================================== --- head/security/acme-client/files/acme-client.sh.sample.in Wed Nov 2 19:47:27 2016 (r425171) +++ head/security/acme-client/files/acme-client.sh.sample.in Wed Nov 2 20:08:33 2016 (r425172) @@ -1,7 +1,7 @@ #!/bin/sh -e -BASEDIR="%%PREFIX%%/etc/letsencrypt" -SSLDIR="%%PREFIX%%/etc/ssl/letsencrypt" +BASEDIR="%%PREFIX%%/etc/acme" +SSLDIR="%%PREFIX%%/etc/ssl/acme" DOMAINSFILE="${BASEDIR}/domains.txt" CHALLENGEDIR="/usr/jails/http/usr/local/www/.well-known/acme-challenge" Modified: head/security/acme-client/files/deploy.sh.sample.in ============================================================================== --- head/security/acme-client/files/deploy.sh.sample.in Wed Nov 2 19:47:27 2016 (r425171) +++ head/security/acme-client/files/deploy.sh.sample.in Wed Nov 2 20:08:33 2016 (r425172) @@ -3,15 +3,15 @@ set -e DOMAIN="example.net" -LEDIR="%%PREFIX%%/etc/ssl/letsencrypt" +ACMEDIR="%%PREFIX%%/etc/ssl/acme" JAILSDIR="/usr/jails" TARGETS="mail http" for jail in ${targets}; do targetdir="${JAILSDIR}/${jail}/etc/ssl" # Check if the certificate has changed - [[ -z "`diff -rq ${LEDIR}/${domain}/fullchain.pem ${targetdir}/certs/${domain}.pem`" ]] && continue - cp -L "${LEDIR}/private/${domain}.pem" "${targetdir}/priv/${domain}.pem" - cp -L "${LEDIR}/${domain}/fullchain.pem" "${targetdir}/certs/${domain}.pem" + [[ -z "`diff -rq ${ACMEDIR}/${domain}/fullchain.pem ${targetdir}/certs/${domain}.pem`" ]] && continue + cp -L "${ACMEDIR}/private/${domain}.pem" "${targetdir}/priv/${domain}.pem" + cp -L "${ACMEDIR}/${domain}/fullchain.pem" "${targetdir}/certs/${domain}.pem" chmod 400 "${targetdir}/priv/${domain}.pem" chmod 644 "${targetdir}/certs/${domain}.pem" # Restart/-load relevant services @@ -25,9 +25,9 @@ done #for jail in ${targets}; do # targetdir="${JAILSDIR}/${jail}/etc/ssl" # # Check if the certificate has changed -# [[ -z "`diff -rq ${LEDIR}/${domain}/fullchain.pem ${targetdir}/certs/${domain}.pem`" ]] && continue -# cp -L "${LEDIR}/private/${domain}.pem" "${targetdir}/priv/${domain}.pem" -# cp -L "${LEDIR}/${domain}/fullchain.pem" "${targetdir}/certs/${domain}.pem" +# [[ -z "`diff -rq ${ACMEDIR}/${domain}/fullchain.pem ${targetdir}/certs/${domain}.pem`" ]] && continue +# cp -L "${ACMEDIR}/private/${domain}.pem" "${targetdir}/priv/${domain}.pem" +# cp -L "${ACMEDIR}/${domain}/fullchain.pem" "${targetdir}/certs/${domain}.pem" # chmod 400 "${targetdir}/priv/${domain}.pem" # chmod 644 "${targetdir}/certs/${domain}.pem" # # Restart/-load relevant services Modified: head/security/acme-client/files/pkg-message.in ============================================================================== --- head/security/acme-client/files/pkg-message.in Wed Nov 2 19:47:27 2016 (r425171) +++ head/security/acme-client/files/pkg-message.in Wed Nov 2 20:08:33 2016 (r425172) @@ -1,11 +1,14 @@ -!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -!! WARNING: letskencrypt has been renamed to acme-client !! -!! rename all weekly_letskencrypt_* periodic variables !! -!! to weekly_acme_client_* in your periodic.conf !! -!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!! WARNING: The default configuration paths have changed, !! +!! rename !! +!! /usr/local/www/letsencrypt to /usr/local/www/acme, !! +!! /usr/local/etc/letsencrypt to /usr/local/etc/acme and !! +!! /usr/local/etc/ssl/letsencrypt to /usr/local/etc/ssl/acme !! +!! and verify paths in your scripts !! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! There are example scripts in - %%PREFIX%%/etc/letsencrypt + %%PREFIX%%/etc/acme that you can use for renewing and deploying multiple certificates In order to run the script regularly to update @@ -27,7 +30,7 @@ To set additional acme-client arguments To run a specific script for the renewal (ignore previously set variables) allows generating/renewing multiple keys/certificates - weekly_acme_client_renewscript=""%%PREFIX%%/etc/letsencrypt/%%PORTNAME%%.sh" + weekly_acme_client_renewscript=""%%PREFIX%%/etc/acme/%%PORTNAME%%.sh" To run a script after the renewal to deploy changed certs - weekly_acme_client_deployscript="%%PREFIX%%/etc/letsencrypt/deploy.sh" + weekly_acme_client_deployscript="%%PREFIX%%/etc/acme/deploy.sh" Modified: head/security/acme-client/pkg-plist ============================================================================== --- head/security/acme-client/pkg-plist Wed Nov 2 19:47:27 2016 (r425171) +++ head/security/acme-client/pkg-plist Wed Nov 2 20:08:33 2016 (r425172) @@ -1,10 +1,10 @@ bin/acme-client man/man1/acme-client.1.gz etc/periodic/weekly/000.acme-client.sh -@dir(,,0700) etc/letsencrypt +@dir(,,0700) etc/acme @dir(,,0755) etc/ssl -@dir(,,0755) etc/ssl/letsencrypt -@dir(,,0700) etc/ssl/letsencrypt/private +@dir(,,0755) etc/ssl/acme +@dir(,,0700) etc/ssl/acme/private @dir(,www,) %%WWWDIR%% -@sample etc/letsencrypt/deploy.sh.sample -@sample etc/letsencrypt/acme-client.sh.sample +@sample etc/acme/deploy.sh.sample +@sample etc/acme/acme-client.sh.sample
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201611022008.uA2K8XbW074472>