From nobody Wed Aug 16 18:30:29 2023
X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RQxX56y5Jz4qxXq;
	Wed, 16 Aug 2023 18:30:29 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4RQxX5410Hz4PPt;
	Wed, 16 Aug 2023 18:30:29 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1692210629;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=RhgY3PtsK2h4gA0m+GlbtaQ6QIdxSipHhrEAEu0Z7hc=;
	b=HWBwZnybH2gq4IC2N3/ogtnMPzMnwsod49b6LfYMGW6TnP2LYy/+AiuliULmwtIwNANQ+X
	vRFwWdaHPeMNrdDOXxNTiRh3vPw++kohvhV9ZLtIOOHucZXEp1lussp9bhwdViccJILKTS
	O1kexuXXKyU6tRcuIxV5vdVmD95HfCpE7wcYFh3FP+EeLJK80kAV4Q8xSZbMHwDXlTgTC4
	+3EPWaqMGowVy/9VxpnEdJZV+yrtFA1dgLLkc6rFdUvR89yGGGl59g/ZC6c3tQUAeCgwGH
	QLIACoQ9rQvSNMq8PfIgf8976uhxsVUGtVN7ghZ2AnitdL/x2U5BFD8QxLsn4w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1692210629;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=RhgY3PtsK2h4gA0m+GlbtaQ6QIdxSipHhrEAEu0Z7hc=;
	b=CgsM3PDY3ECOU4V7j62mo/PJFTZeppPcmh3UUnEvn85MjAiBy7T1t7rk//Pk8Df7qUVurR
	UiItsk/Z/OGpLq8azw1TcHHna1rqtWCVk9em53M931eIFivWiX3YHxF1mV0jWCt4mvfu2a
	hT+vh+45bqD/yUToFOKgkTDbrQ8fmXzi0nimvu4fTfF55+UNJIM4gqYMXHKCddLe3USwQY
	Jt08JAnG7NTBct8+7wjsemh3SHgqQZXOq4MQsyEFCx4s6v/8RlsSGMyqu9XZ/pTdmr4otl
	+wZyaBRF7PSWupijImpGKCW+Es8qP2bsoWQiPGSuHvVj3O7UcmmREiqvy8XX4Q==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1692210629; a=rsa-sha256; cv=none;
	b=vVthRfmux47TXnexCOLY4FxnGQBbUnSzJqmcCxYqHrWzs/ge1MTLNm+FuexaMDSpFJPCJi
	cYC7LFg5F/fvUHWnyCtG8NQ8E8zQ4zL2wNW0I+TJiLq3fbnvFUCnZRdnJIrJl7ra7XwSEc
	0YLdTB6jdfhX+UwCBzUowxb6++YAgIjdVB/ufkNgZcgUS3bluyk8K4ITwEXj0yIb0xIlwv
	ItSWqElx7lbyh7IbupvsAa3lwZVMGAKs7uUAokvMjgE4zWvdP4/xg5shbItD63B5ig8C8i
	i0Go2XLu3H7571G7LmcSVAwSW0IYGZbzRP8nzIBNpBEjIyswtb1GSeStEC9GDw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RQxX534Lgz12CW;
	Wed, 16 Aug 2023 18:30:29 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 37GIUTQ8023433;
	Wed, 16 Aug 2023 18:30:29 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 37GIUT6Z023430;
	Wed, 16 Aug 2023 18:30:29 GMT
	(envelope-from git)
Date: Wed, 16 Aug 2023 18:30:29 GMT
Message-Id: <202308161830.37GIUT6Z023430@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Po-Chuan Hsieh <sunpoet@FreeBSD.org>
Subject: git: a5abdadcbd65 - main - security/py-truststore: Add
  py-truststore 0.7.0
List-Id: Commits to the main branch of the FreeBSD ports repository <dev-commits-ports-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main
List-Help: <mailto:dev-commits-ports-main+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-main+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-main@freebsd.org
X-BeenThere: dev-commits-ports-main@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: sunpoet
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: a5abdadcbd65c160c795c040b4e78f3f1c275afe
Auto-Submitted: auto-generated

The branch main has been updated by sunpoet:

URL: https://cgit.FreeBSD.org/ports/commit/?id=a5abdadcbd65c160c795c040b4e78f3f1c275afe

commit a5abdadcbd65c160c795c040b4e78f3f1c275afe
Author:     Po-Chuan Hsieh <sunpoet@FreeBSD.org>
AuthorDate: 2023-08-16 18:06:51 +0000
Commit:     Po-Chuan Hsieh <sunpoet@FreeBSD.org>
CommitDate: 2023-08-16 18:25:07 +0000

    security/py-truststore: Add py-truststore 0.7.0
    
    Truststore is a library which exposes native system certificate stores (ie
    "trust stores") through an ssl.SSLContext-like API. This means that Python
    applications no longer need to rely on certifi as a root certificate store.
    Native system certificate stores have many helpful features compared to a static
    certificate bundle like certifi:
    - Automatically update certificates as new CAs are created and removed
    - Fetch missing intermediate certificates
    - Check certificates against certificate revocation lists (CRLs) to avoid
      monster-in-the-middle (MITM) attacks
    - Managed per-system rather than per-application by a operations/IT team
    - PyPI is no longer a CA distribution channel
    
    Right now truststore is a stand-alone library that can be installed globally in
    your application to immediately take advantage of the benefits in Python 3.10+.
    Truststore has also been integrated into pip as an opt-in method for verifying
    HTTPS certificates with truststore instead of certifi.
    
    Long-term the hope is to make truststore the default way to verify HTTPS
    certificates in pip and to add this functionality into Python itself. Wish us
    luck!
---
 security/Makefile                |  1 +
 security/py-truststore/Makefile  | 22 ++++++++++++++++++++++
 security/py-truststore/distinfo  |  3 +++
 security/py-truststore/pkg-descr | 20 ++++++++++++++++++++
 4 files changed, 46 insertions(+)

diff --git a/security/Makefile b/security/Makefile
index c7cd82f798cf..5e215d686b27 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -1037,6 +1037,7 @@
     SUBDIR += py-tlslite-ng
     SUBDIR += py-trezor
     SUBDIR += py-trustme
+    SUBDIR += py-truststore
     SUBDIR += py-tuf
     SUBDIR += py-txtorcon
     SUBDIR += py-uhashring
diff --git a/security/py-truststore/Makefile b/security/py-truststore/Makefile
new file mode 100644
index 000000000000..44ac2b0cf931
--- /dev/null
+++ b/security/py-truststore/Makefile
@@ -0,0 +1,22 @@
+PORTNAME=	truststore
+PORTVERSION=	0.7.0
+CATEGORIES=	security python
+MASTER_SITES=	PYPI
+PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
+
+MAINTAINER=	sunpoet@FreeBSD.org
+COMMENT=	Verify certificates using native system trust stores
+WWW=		https://truststore.readthedocs.io/en/latest/ \
+		https://github.com/sethmlarson/truststore
+
+LICENSE=	MIT
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+BUILD_DEPENDS=	${PYTHON_PKGNAMEPREFIX}flit-core>=3.2<4:devel/py-flit-core@${PY_FLAVOR}
+
+USES=		python:3.10+ ssl
+USE_PYTHON=	autoplist concurrent pep517
+
+NO_ARCH=	yes
+
+.include <bsd.port.mk>
diff --git a/security/py-truststore/distinfo b/security/py-truststore/distinfo
new file mode 100644
index 000000000000..8b8d307fe2a6
--- /dev/null
+++ b/security/py-truststore/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1691069906
+SHA256 (truststore-0.7.0.tar.gz) = 72e784507a624375434381e4bad3eff8614bc8c845a7f5ae16a25a2624d0683f
+SIZE (truststore-0.7.0.tar.gz) = 14983
diff --git a/security/py-truststore/pkg-descr b/security/py-truststore/pkg-descr
new file mode 100644
index 000000000000..70390d6db633
--- /dev/null
+++ b/security/py-truststore/pkg-descr
@@ -0,0 +1,20 @@
+Truststore is a library which exposes native system certificate stores (ie
+"trust stores") through an ssl.SSLContext-like API. This means that Python
+applications no longer need to rely on certifi as a root certificate store.
+Native system certificate stores have many helpful features compared to a static
+certificate bundle like certifi:
+- Automatically update certificates as new CAs are created and removed
+- Fetch missing intermediate certificates
+- Check certificates against certificate revocation lists (CRLs) to avoid
+  monster-in-the-middle (MITM) attacks
+- Managed per-system rather than per-application by a operations/IT team
+- PyPI is no longer a CA distribution channel
+
+Right now truststore is a stand-alone library that can be installed globally in
+your application to immediately take advantage of the benefits in Python 3.10+.
+Truststore has also been integrated into pip as an opt-in method for verifying
+HTTPS certificates with truststore instead of certifi.
+
+Long-term the hope is to make truststore the default way to verify HTTPS
+certificates in pip and to add this functionality into Python itself. Wish us
+luck!