Date: Wed, 16 Aug 2023 18:30:29 GMT From: Po-Chuan Hsieh <sunpoet@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: a5abdadcbd65 - main - security/py-truststore: Add py-truststore 0.7.0 Message-ID: <202308161830.37GIUT6Z023430@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by sunpoet: URL: https://cgit.FreeBSD.org/ports/commit/?id=a5abdadcbd65c160c795c040b4e78f3f1c275afe commit a5abdadcbd65c160c795c040b4e78f3f1c275afe Author: Po-Chuan Hsieh <sunpoet@FreeBSD.org> AuthorDate: 2023-08-16 18:06:51 +0000 Commit: Po-Chuan Hsieh <sunpoet@FreeBSD.org> CommitDate: 2023-08-16 18:25:07 +0000 security/py-truststore: Add py-truststore 0.7.0 Truststore is a library which exposes native system certificate stores (ie "trust stores") through an ssl.SSLContext-like API. This means that Python applications no longer need to rely on certifi as a root certificate store. Native system certificate stores have many helpful features compared to a static certificate bundle like certifi: - Automatically update certificates as new CAs are created and removed - Fetch missing intermediate certificates - Check certificates against certificate revocation lists (CRLs) to avoid monster-in-the-middle (MITM) attacks - Managed per-system rather than per-application by a operations/IT team - PyPI is no longer a CA distribution channel Right now truststore is a stand-alone library that can be installed globally in your application to immediately take advantage of the benefits in Python 3.10+. Truststore has also been integrated into pip as an opt-in method for verifying HTTPS certificates with truststore instead of certifi. Long-term the hope is to make truststore the default way to verify HTTPS certificates in pip and to add this functionality into Python itself. Wish us luck! --- security/Makefile | 1 + security/py-truststore/Makefile | 22 ++++++++++++++++++++++ security/py-truststore/distinfo | 3 +++ security/py-truststore/pkg-descr | 20 ++++++++++++++++++++ 4 files changed, 46 insertions(+) diff --git a/security/Makefile b/security/Makefile index c7cd82f798cf..5e215d686b27 100644 --- a/security/Makefile +++ b/security/Makefile @@ -1037,6 +1037,7 @@ SUBDIR += py-tlslite-ng SUBDIR += py-trezor SUBDIR += py-trustme + SUBDIR += py-truststore SUBDIR += py-tuf SUBDIR += py-txtorcon SUBDIR += py-uhashring diff --git a/security/py-truststore/Makefile b/security/py-truststore/Makefile new file mode 100644 index 000000000000..44ac2b0cf931 --- /dev/null +++ b/security/py-truststore/Makefile @@ -0,0 +1,22 @@ +PORTNAME= truststore +PORTVERSION= 0.7.0 +CATEGORIES= security python +MASTER_SITES= PYPI +PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} + +MAINTAINER= sunpoet@FreeBSD.org +COMMENT= Verify certificates using native system trust stores +WWW= https://truststore.readthedocs.io/en/latest/ \ + https://github.com/sethmlarson/truststore + +LICENSE= MIT +LICENSE_FILE= ${WRKSRC}/LICENSE + +BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}flit-core>=3.2<4:devel/py-flit-core@${PY_FLAVOR} + +USES= python:3.10+ ssl +USE_PYTHON= autoplist concurrent pep517 + +NO_ARCH= yes + +.include <bsd.port.mk> diff --git a/security/py-truststore/distinfo b/security/py-truststore/distinfo new file mode 100644 index 000000000000..8b8d307fe2a6 --- /dev/null +++ b/security/py-truststore/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1691069906 +SHA256 (truststore-0.7.0.tar.gz) = 72e784507a624375434381e4bad3eff8614bc8c845a7f5ae16a25a2624d0683f +SIZE (truststore-0.7.0.tar.gz) = 14983 diff --git a/security/py-truststore/pkg-descr b/security/py-truststore/pkg-descr new file mode 100644 index 000000000000..70390d6db633 --- /dev/null +++ b/security/py-truststore/pkg-descr @@ -0,0 +1,20 @@ +Truststore is a library which exposes native system certificate stores (ie +"trust stores") through an ssl.SSLContext-like API. This means that Python +applications no longer need to rely on certifi as a root certificate store. +Native system certificate stores have many helpful features compared to a static +certificate bundle like certifi: +- Automatically update certificates as new CAs are created and removed +- Fetch missing intermediate certificates +- Check certificates against certificate revocation lists (CRLs) to avoid + monster-in-the-middle (MITM) attacks +- Managed per-system rather than per-application by a operations/IT team +- PyPI is no longer a CA distribution channel + +Right now truststore is a stand-alone library that can be installed globally in +your application to immediately take advantage of the benefits in Python 3.10+. +Truststore has also been integrated into pip as an opt-in method for verifying +HTTPS certificates with truststore instead of certifi. + +Long-term the hope is to make truststore the default way to verify HTTPS +certificates in pip and to add this functionality into Python itself. Wish us +luck!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202308161830.37GIUT6Z023430>