From nobody Thu Oct 6 21:28:03 2022 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Mk4Kv4ClGz4V6SY; Thu, 6 Oct 2022 21:28:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Mk4Kv20x4z3rMM; Thu, 6 Oct 2022 21:28:03 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1665091683; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=UDP84QdCd19fc0Pt1QKKhrSzW6SxqXCXIYdQtvKvu8w=; b=qGDajU61r8eBLpOwqe4F0JXdsngqzlYQKm1d1hqsh7LLlATsZbeOxdXHFx1z9wwbjPzHzZ lh33jj/MlrjshQGyYVu5ONHmBXJhLWS5J+I/jhRuKwuywa4JNKP8im+/Gg2VnbLBmh4zXs TYeDj5PDALPNlqx9wgGB3PZNpRUpn6f1YrZDIe3L7ved9BvpGbO8Fdp9LIAp3MFgUzGPQi DO4RcmAio42U6hIsyWGoIwHret67thqw27iVWJFxZESoFZIB3uN7wdRsQ3dJl/S4YVzjbJ GxvDjQLCMq8hj8AgRc9afJjJf57onVWAwg/vQv1nzo0vyeT1gNJH7iGXRM4i3A== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Mk4Kv16qnzNC5; Thu, 6 Oct 2022 21:28:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 296LS3VO006003; Thu, 6 Oct 2022 21:28:03 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 296LS3qr006002; Thu, 6 Oct 2022 21:28:03 GMT (envelope-from git) Date: Thu, 6 Oct 2022 21:28:03 GMT Message-Id: <202210062128.296LS3qr006002@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Adam Weinberger Subject: git: 9174dd44ecdd - main - www/caddy-custom: Add port List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: adamw X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 9174dd44ecddea33670398ff31f3a6b45134ef78 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1665091683; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=UDP84QdCd19fc0Pt1QKKhrSzW6SxqXCXIYdQtvKvu8w=; b=r06z48gHzr4HyK9QbF6IHnpfNMBsKW6OJhkrR6FvLqoZ+GraRJs57JQ8O8nQpT/Klnv5wQ W2dovQI8aMEeG3L4Fg4I7/RC3e0u8jGy8JfCT/L5RHXejx+I/kEytVZ4ROwMfRNtM+a18Q NrmfKcCRRYqR8YtHaBNJvFFAjYhxkoa7d/vNKHEN+m8PzcNhMpaSDHgN82zdjxmyw07IHM Ks3slOjsa8F/xTmlGMs4xX+E5zvE8Sd/gAH66LTYlmIrEGRG9zIi0gbhfgpTNFIKh3KII9 XITZWe0NjUZfhqXUY0b/xGOXA22xo8U1JqE2bhF69VfUhdK/oRZmTApKrEgWag== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1665091683; a=rsa-sha256; cv=none; b=eNMA29pVZBeM2WY6xEn0P3+H7UUgs7/pa/NFWdgnth64N1JseIdV+QnbRObY5DeRjMdUj3 cH04CQ6O1jUJ7p4aTeifNRcptlI90Fjcj/Bp8dE4ROcfaE0UCFhTWfL6curCfuDZzdqfoy Fx5kbDcHa6ilp1f6SOc7KKlyecDc/bE6ETkwry+kpqmdIV5lNoq8wP+A84ZKlKLoSw99d+ kQQWPSDEosKEG8aKJPboQzTFdGA7WaqTaA0bBkotZtffTxAetrXFGL9zVATqSMv80FgXzC nXtVyhKXSiBAnxjJPe7B+KbgveBRR6JYRJ+XhLar1UTJm8Or3ojsZOiL8vXtFw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by adamw: URL: https://cgit.FreeBSD.org/ports/commit/?id=9174dd44ecddea33670398ff31f3a6b45134ef78 commit 9174dd44ecddea33670398ff31f3a6b45134ef78 Author: Adam Weinberger AuthorDate: 2022-10-06 21:23:58 +0000 Commit: Adam Weinberger CommitDate: 2022-10-06 21:27:34 +0000 www/caddy-custom: Add port This port allows you to build a version of the caddy webserver using whichever plugins you desire. To do so, it uses the official build mechanism, xcaddy (from the www/xcaddy port). However, this requires network access. To use this port, you'll need to add ALLOW_NETWORKING_PACKAGES="caddy-custom" to your poudriere.conf. Make really really REALLY sure you understand the implications of doing this. If you use xcaddy, then there really isn't any other actual implication, but I'm using my scary voice to discourage people from shooting themselves in the foot. --- www/caddy-custom/Makefile | 47 +++++++++++++++ www/caddy-custom/files/caddy.in | 128 ++++++++++++++++++++++++++++++++++++++++ www/caddy-custom/pkg-descr | 31 ++++++++++ 3 files changed, 206 insertions(+) diff --git a/www/caddy-custom/Makefile b/www/caddy-custom/Makefile new file mode 100644 index 000000000000..8b687b23f248 --- /dev/null +++ b/www/caddy-custom/Makefile @@ -0,0 +1,47 @@ +# READ pkg-descr FOR INSTRUCTIONS! +# This port will NOT build in poudriere without (simple) manual +# intervention. +# It is intentionally not hooked to package build. + +PORTNAME= caddy-custom +PORTVERSION= ${CADDY_VERSION}.${XCADDY_VERSION} +CATEGORIES= www +DISTFILES= # none + +MAINTAINER= adamw@FreeBSD.org +COMMENT= Caddy (www/caddy) with customized plugins +WWW= https://caddyserver.com + +LICENSE= APACHE20 + +BUILD_DEPENDS= xcaddy:www/xcaddy + +USES= go:no_targets + +CONFLICTS_INSTALL= caddy + +USE_RC_SUBR= caddy +SUB_FILES= caddy + +PLIST_FILES= bin/caddy + +CADDY_VERSION!= ${MAKE} -C ${.CURDIR}/../caddy -V '$${DISTVERSION}.$${PORTREVISION}' +XCADDY_VERSION!=${MAKE} -C ${.CURDIR}/../xcaddy -V '$${DISTVERSION}.$${PORTREVISION}' + +.for plugin in ${CADDY_CUSTOM_PLUGINS} +PLUGINS+= --with ${plugin} +.endfor + +XCADDY_GO_BUILD_FLAGS?= ${GO_BUILDFLAGS} + +XCADDY_ENV+= XCADDY_WHICH_GO="${GO_CMD}" \ + XCADDY_GO_BUILD_FLAGS="${XCADDY_GO_BUILD_FLAGS}" + +do-build: + ${MKDIR} ${WRKSRC} + cd ${WRKSRC} && ${XCADDY_ENV} ${LOCALBASE}/bin/xcaddy build ${PLUGINS} + +do-install: + ${INSTALL_PROGRAM} ${WRKSRC}/caddy ${STAGEDIR}${PREFIX}/bin + +.include diff --git a/www/caddy-custom/files/caddy.in b/www/caddy-custom/files/caddy.in new file mode 100644 index 000000000000..a67e3e832bbc --- /dev/null +++ b/www/caddy-custom/files/caddy.in @@ -0,0 +1,128 @@ +#!/bin/sh + +# PROVIDE: caddy +# REQUIRE: LOGIN DAEMON NETWORKING +# KEYWORD: shutdown + +# To enable caddy, add 'caddy_enable="YES"' to /etc/rc.conf or +# /etc/rc.conf.local + +# Optional settings: +# caddy_command (string): Full path to the caddy binary +# caddy_config (string): Full path to caddy config file +# (%%PREFIX%%/etc/Caddyfile) +# caddy_adapter (string): Config adapter type (caddyfile) +# caddy_directory (string): Root for caddy storage (ACME certs, etc.) +# (/var/db/caddy) +# caddy_extra_flags (string): Extra flags passed to caddy start +# caddy_logdir (string): Where caddy logs are stored +# (/var/log/caddy) +# caddy_logfile (string): Location of process log (${caddy_logdir}/caddy.log) +# This is for startup/shutdown/error messages. +# To create an access log, see: +# https://caddyserver.com/docs/caddyfile/directives/log +# caddy_user (user): User to run caddy (root) +# caddy_group (group): Group to run caddy (wheel) +# +# This script will honor XDG_CONFIG_HOME/XDG_DATA_HOME. Caddy will create a +# .../caddy subdir in each of those. By default, they are subdirs of /var/db/caddy. +# See https://caddyserver.com/docs/conventions#data-directory + +. /etc/rc.subr + +name=caddy +rcvar=caddy_enable +desc="Powerful, enterprise-ready, open source web server with automatic HTTPS written in Go" + +load_rc_config $name + +# Defaults +: ${caddy_enable:=NO} +: ${caddy_adapter:=caddyfile} +: ${caddy_config:="%%PREFIX%%/etc/Caddyfile"} +: ${caddy_command:="%%PREFIX%%/bin/${name}"} +: ${caddy_directory:=/var/db/caddy} +: ${caddy_extra_flags:=""} +: ${caddy_logdir:="/var/log/${name}"} +: ${caddy_logfile:="${caddy_logdir}/${name}.log"} +: ${caddy_user:="root"} +: ${caddy_group:="wheel"} + +# Config and base directories +: ${XDG_CONFIG_HOME:="${caddy_directory}/config"} +: ${XDG_DATA_HOME:="${caddy_directory}/data"} +export XDG_CONFIG_HOME XDG_DATA_HOME + +command="${caddy_command}" +caddy_flags="--config ${caddy_config} --adapter ${caddy_adapter}" +pidfile="/var/run/${name}/${name}.pid" + +required_files="${caddy_config} ${caddy_command}" + +start_precmd="caddy_precmd" +start_cmd="caddy_start" +stop_precmd="caddy_prestop" + +# Extra Commands +extra_commands="configtest reload" +configtest_cmd="caddy_execute validate ${caddy_flags}" +reload_cmd="caddy_execute reload ${caddy_flags}" + +caddy_execute() +{ + /usr/bin/su -m "${caddy_user}" -c "${caddy_command} $*" +} + +caddy_precmd() +{ + # Create required directories and set permissions + /usr/bin/install -d -m 755 -o "${caddy_user}" -g "${caddy_group}" ${caddy_directory} + /usr/bin/install -d -m 700 -o "${caddy_user}" -g "${caddy_group}" ${caddy_directory}/config + /usr/bin/install -d -m 700 -o "${caddy_user}" -g "${caddy_group}" ${caddy_directory}/data + /usr/bin/install -d -m 755 -o "${caddy_user}" -g "${caddy_group}" ${caddy_logdir} + /usr/bin/install -d -m 700 -o "${caddy_user}" -g "${caddy_group}" /var/run/caddy + if [ -e ${caddy_logfile} ]; then + /bin/chmod 644 ${caddy_logfile} + /usr/sbin/chown root:wheel ${caddy_logfile} + else + /usr/bin/install -m 644 -o root -g wheel /dev/null ${caddy_logfile} + fi +} + +caddy_start() +{ + echo -n "Starting caddy... " + /usr/bin/su -m ${caddy_user} -c "${caddy_command} start ${caddy_flags} \ + ${caddy_extra_flags} --pidfile ${pidfile}" >> ${caddy_logfile} 2>&1 + if [ $? -eq 0 ] && ps -ax -o pid | grep -q "$(cat ${pidfile})"; then + echo "done" + echo "Log: ${caddy_logfile}" + else + echo "Error: Caddy failed to start" + echo "Check the caddy log: ${caddy_logfile}" + fi +} + +caddy_prestop() +{ + local result + + echo -n "Stopping caddy... " + + result="$(caddy_execute stop 2>&1)" + if [ ${?} -eq 0 ]; then + echo "done" + exit 0 + else + if echo "${result}" | grep -q "connection refused"; then + echo "admin interface unavailable; using pidfile" + return 0 + else + echo "Error: Unable to stop caddy" + echo "Check the caddy log: ${caddy_logfile}" + return 1 + fi + fi +} + +run_rc_command "$1" diff --git a/www/caddy-custom/pkg-descr b/www/caddy-custom/pkg-descr new file mode 100644 index 000000000000..db3ba70aab5d --- /dev/null +++ b/www/caddy-custom/pkg-descr @@ -0,0 +1,31 @@ +This port will build a customized version of the caddy webserver +using plugins of your choice. + +Caddy is a high-performance webserver with a simple config format, +out-of-the-box HTTP/3 support, and automatica transparent ACME +certificate provisioning. + +NOTE: THIS PORT BYPASSES EVERY SINGLE ONE OF FREEBSD'S CHECKSUM- +BASED DISTFILE TAMPERING DETECTION MECHANISMS. USE THIS AT YOUR +OWN PERIL (though the peril is exactly the same as using the +xcaddy port). + +To make this work: + +1) In /usr/local/etc/poudriere.conf, add the following: + + ALLOW_NETWORKING_PACKAGES="caddy-custom" + + You can skip this step if you're not building in poudriere. + +2) Put your plugin list into make.conf (or + /usr/local/etc/poudriere.conf/make.conf): + + .if ${.CURDIR:M*/www/caddy-custom*} + CADDY_CUSTOM_PLUGINS= github.com/caddy-dns/rfc2136 github.com/greenpau/caddy-security + .endif + + If you have any other xcaddy build flags you want to set, put + them in XCADDY_ENV. + +3) Profit