From owner-svn-ports-head@freebsd.org Fri Aug 12 23:18:00 2016 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A0571BB6BAD; Fri, 12 Aug 2016 23:18:00 +0000 (UTC) (envelope-from brnrd@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 61C6C1CB0; Fri, 12 Aug 2016 23:18:00 +0000 (UTC) (envelope-from brnrd@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u7CNHx7I069769; Fri, 12 Aug 2016 23:17:59 GMT (envelope-from brnrd@FreeBSD.org) Received: (from brnrd@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u7CNHx6M069763; Fri, 12 Aug 2016 23:17:59 GMT (envelope-from brnrd@FreeBSD.org) Message-Id: <201608122317.u7CNHx6M069763@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: brnrd set sender to brnrd@FreeBSD.org using -f From: Bernard Spil Date: Fri, 12 Aug 2016 23:17:58 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r420150 - in head/security/letskencrypt: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Aug 2016 23:18:00 -0000 Author: brnrd Date: Fri Aug 12 23:17:58 2016 New Revision: 420150 URL: https://svnweb.freebsd.org/changeset/ports/420150 Log: security/letskencrypt: Allow configurable license agreement - Backport upstream fixes for -a option (license agreement URL) - Bump PORTREVISION PR: 211798 Submitted by: Dave Cottlehuber Reported by: Dave Cottlehuber Added: head/security/letskencrypt/files/patch-extern.h (contents, props changed) head/security/letskencrypt/files/patch-letskencrypt.1 (contents, props changed) head/security/letskencrypt/files/patch-main.c (contents, props changed) head/security/letskencrypt/files/patch-netproc.c (contents, props changed) Modified: head/security/letskencrypt/Makefile head/security/letskencrypt/files/pkg-message.in Modified: head/security/letskencrypt/Makefile ============================================================================== --- head/security/letskencrypt/Makefile Fri Aug 12 23:02:52 2016 (r420149) +++ head/security/letskencrypt/Makefile Fri Aug 12 23:17:58 2016 (r420150) @@ -3,6 +3,7 @@ PORTNAME= letskencrypt PORTVERSION= 0.1.9 +PORTREVISION= 1 DISTVERSIONPREFIX= portable- CATEGORIES= security MASTER_SITES= https://kristaps.bsd.lv/letskencrypt/snapshots/ \ Added: head/security/letskencrypt/files/patch-extern.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/letskencrypt/files/patch-extern.h Fri Aug 12 23:17:58 2016 (r420150) @@ -0,0 +1,11 @@ +--- extern.h.orig 2016-07-24 05:54:33 UTC ++++ extern.h +@@ -188,7 +188,7 @@ int fileproc(int, const char *); + int keyproc(int, const char *, + const char **, size_t, int); + int netproc(int, int, int, int, int, int, int, int, int, +- const char *const *, size_t); ++ const char *const *, size_t, const char *); + + /* + * Debugging functions. Added: head/security/letskencrypt/files/patch-letskencrypt.1 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/letskencrypt/files/patch-letskencrypt.1 Fri Aug 12 23:17:58 2016 (r420150) @@ -0,0 +1,26 @@ +--- letskencrypt.1.orig 2016-07-24 05:54:34 UTC ++++ letskencrypt.1 +@@ -1,4 +1,4 @@ +-.Dd $Mdocdate: July 16 2016 $ ++.Dd $Mdocdate: July 28 2016 $ + .Dt LETSKENCRYPT 1 + .Os + .Sh NAME +@@ -10,6 +10,7 @@ + .Sh SYNOPSIS + .Nm letskencrypt + .Op Fl FmnNrsv ++.Op Fl a Ar agreement + .Op Fl C Ar challengedir + .Op Fl c Ar certdir + .Op Fl f Ar accountkey +@@ -78,6 +79,9 @@ staging server instead of the real thing + .It Fl v + Verbose operation. + Specify twice to also trace communication and data transfers. ++.It Fl a Ar agreement ++Use an alternative agreement URL. ++The default uses the current one, but it may be out of date. + .It Fl C Ar challengedir + Where to register challenges. + See Added: head/security/letskencrypt/files/patch-main.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/letskencrypt/files/patch-main.c Fri Aug 12 23:17:58 2016 (r420150) @@ -0,0 +1,55 @@ +--- main.c.orig 2016-07-24 05:54:33 UTC ++++ main.c +@@ -30,6 +30,8 @@ + + #include "extern.h" + ++#define AGREEMENT "https://letsencrypt.org" \ ++ "/documents/LE-SA-v1.1.1-August-1-2016.pdf" + #define SSL_DIR "/etc/ssl/letsencrypt" + #define SSL_PRIV_DIR "/etc/ssl/letsencrypt/private" + #define ETC_DIR "/etc/letsencrypt" +@@ -74,7 +76,7 @@ doasprintf(const char *fmt, ...) + int + main(int argc, char *argv[]) + { +- const char *domain; ++ const char *domain, *agreement; + char *certdir, *acctkey, *chngdir, *keyfile; + int key_fds[2], acct_fds[2], chng_fds[2], + cert_fds[2], file_fds[2], dns_fds[2], +@@ -91,9 +93,13 @@ main(int argc, char *argv[]) + newacct = remote = revoke = verbose = force = + multidir = staging = newkey = 0; + certdir = keyfile = acctkey = chngdir = NULL; ++ agreement = AGREEMENT; + +- while (-1 != (c = getopt(argc, argv, "FmnNrstvf:c:C:k:"))) ++ while (-1 != (c = getopt(argc, argv, "bFmnNrstva:f:c:C:k:"))) + switch (c) { ++ case ('a'): ++ agreement = optarg; ++ break; + case ('c'): + free(certdir); + if (NULL == (certdir = strdup(optarg))) +@@ -282,7 +288,8 @@ main(int argc, char *argv[]) + chng_fds[1], cert_fds[1], + dns_fds[1], rvk_fds[1], + newacct, revoke, staging, +- (const char *const *)alts, altsz); ++ (const char *const *)alts, altsz, ++ agreement); + free(alts); + exit(c ? EXIT_SUCCESS : EXIT_FAILURE); + } +@@ -459,7 +466,8 @@ main(int argc, char *argv[]) + (2 == c ? EXIT_SUCCESS : 2)); + usage: + fprintf(stderr, "usage: %s " +- "[-FnNrsv] " ++ "[-bFmnNrsv] " ++ "[-a agreement] " + "[-C challengedir] " + "[-c certdir] " + "[-f accountkey] " Added: head/security/letskencrypt/files/patch-netproc.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/letskencrypt/files/patch-netproc.c Fri Aug 12 23:17:58 2016 (r420150) @@ -0,0 +1,48 @@ +--- netproc.c.orig 2016-07-24 05:54:33 UTC ++++ netproc.c +@@ -31,8 +31,6 @@ + + #define URL_REAL_CA "https://acme-v01.api.letsencrypt.org/directory" + #define URL_STAGE_CA "https://acme-staging.api.letsencrypt.org/directory" +-#define URL_LICENSE "https://letsencrypt.org" \ +- "/documents/LE-SA-v1.0.1-July-27-2015.pdf" + + #define RETRY_DELAY 5 + #define RETRY_MAX 10 +@@ -333,7 +331,8 @@ sreq(struct conn *c, const char *addr, c + * Returns non-zero on success. + */ + static int +-donewreg(struct conn *c, const struct capaths *p) ++donewreg(struct conn *c, const char *agreement, ++ const struct capaths *p) + { + int rc; + char *req; +@@ -342,7 +341,7 @@ donewreg(struct conn *c, const struct ca + rc = 0; + dodbg("%s: new-reg", p->newreg); + +- if (NULL == (req = json_fmt_newreg(URL_LICENSE))) ++ if (NULL == (req = json_fmt_newreg(agreement))) + warnx("json_fmt_newreg"); + else if ((lc = sreq(c, p->newreg, req)) < 0) + warnx("%s: bad comm", p->newreg); +@@ -585,7 +584,7 @@ dofullchain(struct conn *c, const char * + int + netproc(int kfd, int afd, int Cfd, int cfd, int dfd, int rfd, + int newacct, int revoke, int staging, +- const char *const *alts, size_t altsz) ++ const char *const *alts, size_t altsz, const char *agreement) + { + int rc; + size_t i; +@@ -690,7 +689,7 @@ netproc(int kfd, int afd, int Cfd, int c + + /* If new, register with the CA server. */ + +- if (newacct && ! donewreg(&c, &paths)) ++ if (newacct && ! donewreg(&c, agreement, &paths)) + goto out; + + /* Pre-authorise all domains with CA server. */ Modified: head/security/letskencrypt/files/pkg-message.in ============================================================================== --- head/security/letskencrypt/files/pkg-message.in Fri Aug 12 23:02:52 2016 (r420149) +++ head/security/letskencrypt/files/pkg-message.in Fri Aug 12 23:17:58 2016 (r420150) @@ -1,4 +1,15 @@ +============================================================== + +LetsEncrypt's ACME servers have changed the LE license +agreement. To successfully run renewal you have to add + + -a https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf + +to the command invocation. + +============================================================== + There are example scripts in %%PREFIX%%/etc/letsencrypt that you can for renewing and deploying multiple certificates