Date: Sat, 30 Mar 2024 00:43:17 GMT From: Yasuhiro Kimura <yasu@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 2a67a2fe3a8a - main - security/step-certificates: Update to version 0.26.0 Message-ID: <202403300043.42U0hHKc045850@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by yasu: URL: https://cgit.FreeBSD.org/ports/commit/?id=2a67a2fe3a8a96b6adf06514001f2fa9f9ee9714 commit 2a67a2fe3a8a96b6adf06514001f2fa9f9ee9714 Author: Markus Wipp <mw@wipp.bayern> AuthorDate: 2024-03-29 18:51:42 +0000 Commit: Yasuhiro Kimura <yasu@FreeBSD.org> CommitDate: 2024-03-30 00:42:03 +0000 security/step-certificates: Update to version 0.26.0 * Add configure target to rc script * Adjusted pkg-message * Pet portclippy PR: 278035 --- security/step-certificates/Makefile | 7 ++--- security/step-certificates/distinfo | 10 +++---- security/step-certificates/files/step-ca.in | 45 +++++++++++++++++++++++++---- security/step-certificates/pkg-message | 5 ++-- 4 files changed, 50 insertions(+), 17 deletions(-) diff --git a/security/step-certificates/Makefile b/security/step-certificates/Makefile index 41ddcf4e6809..a903de9e8408 100644 --- a/security/step-certificates/Makefile +++ b/security/step-certificates/Makefile @@ -1,7 +1,6 @@ PORTNAME= step-certificates DISTVERSIONPREFIX= v -DISTVERSION= 0.25.2 -PORTREVISION= 2 +DISTVERSION= 0.26.0 CATEGORIES= security MAINTAINER= mw@wipp.bayern @@ -17,10 +16,10 @@ RUN_DEPENDS= step:security/step-cli USES= go:modules -GO_MODULE= github.com/smallstep/certificates - USE_RC_SUBR= step-ca +GO_MODULE= github.com/smallstep/certificates + GO_TARGET= ./cmd/step-ca:${PREFIX}/sbin/step-ca GO_BUILDFLAGS= -ldflags "-w -X main.Version=${PORTVERSION}" diff --git a/security/step-certificates/distinfo b/security/step-certificates/distinfo index af645bfe812a..2d510b73e2b7 100644 --- a/security/step-certificates/distinfo +++ b/security/step-certificates/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1701460797 -SHA256 (go/security_step-certificates/step-certificates-v0.25.2/v0.25.2.mod) = 7b8d9e8b5f35b5467da9bb0b5cb2997217cb6343cf4c707ab76566501d374cfb -SIZE (go/security_step-certificates/step-certificates-v0.25.2/v0.25.2.mod) = 6667 -SHA256 (go/security_step-certificates/step-certificates-v0.25.2/v0.25.2.zip) = 9bdffcb28b1ec1a03f8f1d3f49fde9ffb77e1e46d904b88bacecaea8adcb9764 -SIZE (go/security_step-certificates/step-certificates-v0.25.2/v0.25.2.zip) = 1049591 +TIMESTAMP = 1711731230 +SHA256 (go/security_step-certificates/step-certificates-v0.26.0/v0.26.0.mod) = 8c6fa479a3353e3388f2d2b22eae55f02fec0c627449eebd547aaf6b3dd6116a +SIZE (go/security_step-certificates/step-certificates-v0.26.0/v0.26.0.mod) = 8136 +SHA256 (go/security_step-certificates/step-certificates-v0.26.0/v0.26.0.zip) = a630dbbff154f0fb75ae9ced250df488becf2592d1840c44425d06ead197a161 +SIZE (go/security_step-certificates/step-certificates-v0.26.0/v0.26.0.zip) = 1069995 diff --git a/security/step-certificates/files/step-ca.in b/security/step-certificates/files/step-ca.in index 03946767ff2b..59e8e33c5164 100644 --- a/security/step-certificates/files/step-ca.in +++ b/security/step-certificates/files/step-ca.in @@ -49,19 +49,54 @@ command_args="-S -c \ start_precmd=step_ca_startprecmd start_postcmd=step_ca_postcmd +extra_commands="configure" +configure_cmd="step_ca_configure" + step_ca_startprecmd() { if [ ! -e ${pidfile} ]; then install -o ${step_ca_user} -g ${step_ca_group} /dev/null ${pidfile}; fi + if [ ! -e ${step_ca_steppath} ]; then + echo "No configured Step CA found." + echo "Please run service step-ca configure" + exit 1 + else + export STEPPATH=${step_ca_steppath} + fi + + if [ ! -e ${step_ca_password} ]; then + echo "Step CA Password file for auto-start not found" + echo "Please run service step-ca configure" + exit 1 + fi + + if [ -e ${step_ca_steppath}/config/ca.json ]; then + configured_port=$(sed -n -e '/"address"/ s/.*:\(.*\)".*/\1/p' ${step_ca_steppath}/config/ca.json) + if [ ${configured_port} -lt 1024 ]; then + echo "Privileged Port (${configured_port}) configured: cannot run as ${step_ca_user}" + exit 1 + fi + fi +} + +step_ca_postcmd() { + sleep 2 + run_rc_command status +} + +step_ca_configure() { if [ ! -e ${step_ca_steppath} ]; then echo "No configured Step CA found." echo "Creating new one...." + install -m 600 -o ${step_ca_user} -g ${step_ca_group} /dev/null ${step_ca_steppath} export STEPPATH=${step_ca_steppath} %%PREFIX%%/bin/step ca init --ssh - chown -R ${step_ca_user}:${step_ca_group} ${step_ca_steppath} + chown -R ${step_ca_user}:${step_ca_group} ${step_ca_stepdir} else + echo "Configured Step CA found at ${step_ca_steppath}." + echo "Please remove the directory and its contents manually if you really want to reconfigure." export STEPPATH=${step_ca_steppath} fi @@ -72,6 +107,9 @@ step_ca_startprecmd() echo "Please enter the Step CA Password:" stty -echo; read passwd; stty echo; echo echo $passwd > ${step_ca_password} + else + echo "Configured Step CA password file found at ${step_ca_password}." + echo "Please remove the file manually if you really want to reconfigure." fi if [ -e ${step_ca_steppath}/config/ca.json ]; then @@ -82,9 +120,4 @@ step_ca_startprecmd() fi } -step_ca_postcmd() { - sleep 2 - run_rc_command status -} - run_rc_command "$1" diff --git a/security/step-certificates/pkg-message b/security/step-certificates/pkg-message index 7b616c50a4bd..2e595b5f19ae 100644 --- a/security/step-certificates/pkg-message +++ b/security/step-certificates/pkg-message @@ -4,10 +4,11 @@ ================================================================================ Step Certificates requires additional configuration: -The simple way is via the service start script step_ca. +The simple way is via the service start script step_ca with: +service step_ca configure When there is no configuration it will be created. User input is required!!! -The hard way would be via the step command. +The hard way would be manually via the step command. Ensure to set the STEPPATH environment variable. This makes using the commands much simpler.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202403300043.42U0hHKc045850>