Date: Fri, 14 Jul 2017 22:22:46 +0000 (UTC) From: Dan Langille <dvl@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r445832 - in head/sysutils: . anvil anvil/files Message-ID: <201707142222.v6EMMklE011960@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: dvl Date: Fri Jul 14 22:22:46 2017 New Revision: 445832 URL: https://svnweb.freebsd.org/changeset/ports/445832 Log: Tools for distributing ssl certificates Added: head/sysutils/anvil/ head/sysutils/anvil/Makefile (contents, props changed) head/sysutils/anvil/distinfo (contents, props changed) head/sysutils/anvil/files/ head/sysutils/anvil/files/cert-puller.conf.sample.in (contents, props changed) head/sysutils/anvil/files/cert-shifter.conf.sample.in (contents, props changed) head/sysutils/anvil/files/pkg-install.in (contents, props changed) head/sysutils/anvil/files/pkg-message.in (contents, props changed) head/sysutils/anvil/pkg-descr (contents, props changed) head/sysutils/anvil/pkg-plist (contents, props changed) Modified: head/sysutils/Makefile Modified: head/sysutils/Makefile ============================================================================== --- head/sysutils/Makefile Fri Jul 14 21:51:22 2017 (r445831) +++ head/sysutils/Makefile Fri Jul 14 22:22:46 2017 (r445832) @@ -39,6 +39,7 @@ SUBDIR += android-file-transfer-qt5 SUBDIR += ansible SUBDIR += ansible1 + SUBDIR += anvil SUBDIR += apachetop SUBDIR += apcpwr SUBDIR += apcupsd Added: head/sysutils/anvil/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sysutils/anvil/Makefile Fri Jul 14 22:22:46 2017 (r445832) @@ -0,0 +1,30 @@ +# $FreeBSD$ + +PORTNAME= anvil +PORTVERSION= 0.0.6 +CATEGORIES= sysutils + +MAINTAINER= dvl@FreeBSD.org +COMMENT= Tools for distributing ssl certificates + +LICENSE= BSD2CLAUSE + +USE_GITHUB= yes +GH_ACCOUNT= dlangille + +USERS= anvil +GROUPS= anvil + +SUB_FILES+= cert-shifter.conf.sample cert-puller.conf.sample pkg-install pkg-message + +NO_BUILD= yes + +do-install: + ${MKDIR} ${STAGEDIR}${ETCDIR} + ${MKDIR} ${STAGEDIR}/var/db/anvil + ${INSTALL_DATA} ${WRKDIR}/cert-shifter.conf.sample ${STAGEDIR}${ETCDIR} + ${INSTALL_DATA} ${WRKDIR}/cert-puller.conf.sample ${STAGEDIR}${ETCDIR} + ${INSTALL_SCRIPT} ${WRKSRC}/cert-shifter ${STAGEDIR}${PREFIX}/bin + ${INSTALL_SCRIPT} ${WRKSRC}/cert-puller ${STAGEDIR}${PREFIX}/bin + +.include <bsd.port.mk> Added: head/sysutils/anvil/distinfo ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sysutils/anvil/distinfo Fri Jul 14 22:22:46 2017 (r445832) @@ -0,0 +1,3 @@ +TIMESTAMP = 1500063842 +SHA256 (dlangille-anvil-0.0.6_GH0.tar.gz) = 566a70f22f8d05675615b8690bcb8d06d9d5acbe075394c02eeec58bafa404e3 +SIZE (dlangille-anvil-0.0.6_GH0.tar.gz) = 3966 Added: head/sysutils/anvil/files/cert-puller.conf.sample.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sysutils/anvil/files/cert-puller.conf.sample.in Fri Jul 14 22:22:46 2017 (r445832) @@ -0,0 +1,3 @@ +CERT_SERVER="https://certs.example.org/certs" +MYCERTS="services.example.org" +SERVICES="nginx" Added: head/sysutils/anvil/files/cert-shifter.conf.sample.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sysutils/anvil/files/cert-shifter.conf.sample.in Fri Jul 14 22:22:46 2017 (r445832) @@ -0,0 +1,6 @@ +CERT_SRC="/var/db/acme/certs" + +CERT_DST_ROOT="/var/db/certs-for-rsync" +CERT_DST_CERTS="${CERT_DST_ROOT}/certs" + +TMP="${CERT_DST_ROOT}/tmp" Added: head/sysutils/anvil/files/pkg-install.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sysutils/anvil/files/pkg-install.in Fri Jul 14 22:22:46 2017 (r445832) @@ -0,0 +1,7 @@ +#!/bin/sh + +# $FreeBSD$ + +if [ "$2" == "POST-INSTALL" ]; then + /usr/sbin/chown -R anvil:anvil /var/db/anvil +fi Added: head/sysutils/anvil/files/pkg-message.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sysutils/anvil/files/pkg-message.in Fri Jul 14 22:22:46 2017 (r445832) @@ -0,0 +1,26 @@ +After installing anvil, this is a short checklist of things to do: + +* adjust anvil.conf + +* run 'cert-puller -s' to see the visudo settings you need + +* adjust the service configuration files if cert filenames are different + +* By default, anvil uses: + + * example.org.fullchain.cer + * example.org.key + +* anvil does not distribute .key files. Do that manually. + +* install the crontab for anvil: sudo crontab -e -u anvil: + +### +# use /bin/sh to run commands, overriding the default set by cron +SHELL=/bin/sh +# mail any output to here, no matter whose crontab this is +MAILTO=you@example.org + +7 13 * * * %%PREFIX%%/bin/cert-puller +### + Added: head/sysutils/anvil/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sysutils/anvil/pkg-descr Fri Jul 14 22:22:46 2017 (r445832) @@ -0,0 +1,14 @@ +Tools for distributing ssl certificates + +Designed for FreeBSD (it uses fetch, not wget or curl [yet]). + +It also uses sudo, with the goal of this running as non-root +and only allowing the cp & mv via sudo. + +These tools were designed with acme.sh & Let's Encrypt in mind, +but they should with with any certificates generated by any +means. + + + +WWW: https://github.com/dlangille/anvil Added: head/sysutils/anvil/pkg-plist ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/sysutils/anvil/pkg-plist Fri Jul 14 22:22:46 2017 (r445832) @@ -0,0 +1,5 @@ +@sample %%ETCDIR%%/cert-shifter.conf.sample +@sample %%ETCDIR%%/cert-puller.conf.sample +bin/cert-shifter +bin/cert-puller +@dir(,,755) /var/db/anvil
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201707142222.v6EMMklE011960>