From nobody Sat Mar 30 00:43:17 2024 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4V5z5y0gXbz5Fg1d; Sat, 30 Mar 2024 00:43:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4V5z5x6nXfz4gR5; Sat, 30 Mar 2024 00:43:17 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1711759398; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=cZFVaNB6VckRir8du0Yvc/zR1jim3RUl7f/jB+lrLoQ=; b=ul+SGV8ARNTJuC8b92mgrTCLY+zPp5icByNZMUloDcK1fs5bnQ6A19GGPy9rXin0JiGxsK GvJRsNYgNQJnekSG/yTt6dK+Kjs2zD9zy+iFYGqhOQn+r8S4l6pTDMUAwy3HpAFucvGoMA oRhhPKYc0tMviQ/C7KharbhqqRQ25tMpKP2cIrhN5LBIlvkmoXDZf4AFTk+SA7WxGDcrTM HgYVpEpmcda5oUqK9CoUWyk9af/f1xFnphkYvlF7NTAvCdj/iSoAKDeJ8fo6A6SEJoAHHJ yOHit4ToZXV5R2MvvWQyKYerP4eAUShI/aWOa8lV1N6FtoPoD+DCMXVq7eitQA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1711759398; a=rsa-sha256; cv=none; b=n08NMiWicQ8F5utri01pteg3WLtNUEvCP3Z6PRWJEzX+RIUPRd7eVQWWBnp1ADgIRrB6L+ V0SZXCvERU3D9fc7t21ZsuDRK3rYoKWrJBUi8E7kbbY0o4lZyyvzB6aj10LXUXU4MUw5Qb zVlDHfvFmaHG1zor/5fNThQkxOCz/vA/3htYrztksKc2GUMnyCFW/0csTfu9h7IuF2YnuB ekoFLhHUPOEFA+LKKBNYWjOKhqpw3Z/CMyZzng+n8QZBzSyvdE5x6CGIJti8OIf4t6BiMn /BIeGy8VwZGevGc4DN1rLWQ4i6LJ3eVWTdVWovzEL4ccczXMUO7A6Tqbrt/AWQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1711759398; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=cZFVaNB6VckRir8du0Yvc/zR1jim3RUl7f/jB+lrLoQ=; b=g5la63fMGI/7CrE+ssR1//OIWVPXP2LSz+ySsB25gLOexpmAQDgIKeoklpCZI+sko7wY9J dyYHlxQ3G3Zr+aK0hgMfYnWpuSqQI7jM3annVBTomP6xHY552B/+QPKP3VgbdjoyGbSYSF 7qSWm60Hr55pvn00knw7nEiDEFfFrfoR8iBqLeVNXCAa5I02aAwXMElKNo64p+pBk8if1d ECqGLLgjj3xTd2wiQ+5bP57K+ADidg9YDNszqL57tFVVI54KG2zpfoz7WCcI6iQcfjTaHy f9vlhr+UGTMHCBAqvHzRdWtwEuuvDxKjP24Egb4IsHZJEY4xQNGYwX5wshLL1g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4V5z5x6P5tzYLW; Sat, 30 Mar 2024 00:43:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 42U0hHtB045853; Sat, 30 Mar 2024 00:43:17 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 42U0hHKc045850; Sat, 30 Mar 2024 00:43:17 GMT (envelope-from git) Date: Sat, 30 Mar 2024 00:43:17 GMT Message-Id: <202403300043.42U0hHKc045850@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Yasuhiro Kimura Subject: git: 2a67a2fe3a8a - main - security/step-certificates: Update to version 0.26.0 List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: yasu X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 2a67a2fe3a8a96b6adf06514001f2fa9f9ee9714 Auto-Submitted: auto-generated The branch main has been updated by yasu: URL: https://cgit.FreeBSD.org/ports/commit/?id=2a67a2fe3a8a96b6adf06514001f2fa9f9ee9714 commit 2a67a2fe3a8a96b6adf06514001f2fa9f9ee9714 Author: Markus Wipp AuthorDate: 2024-03-29 18:51:42 +0000 Commit: Yasuhiro Kimura CommitDate: 2024-03-30 00:42:03 +0000 security/step-certificates: Update to version 0.26.0 * Add configure target to rc script * Adjusted pkg-message * Pet portclippy PR: 278035 --- security/step-certificates/Makefile | 7 ++--- security/step-certificates/distinfo | 10 +++---- security/step-certificates/files/step-ca.in | 45 +++++++++++++++++++++++++---- security/step-certificates/pkg-message | 5 ++-- 4 files changed, 50 insertions(+), 17 deletions(-) diff --git a/security/step-certificates/Makefile b/security/step-certificates/Makefile index 41ddcf4e6809..a903de9e8408 100644 --- a/security/step-certificates/Makefile +++ b/security/step-certificates/Makefile @@ -1,7 +1,6 @@ PORTNAME= step-certificates DISTVERSIONPREFIX= v -DISTVERSION= 0.25.2 -PORTREVISION= 2 +DISTVERSION= 0.26.0 CATEGORIES= security MAINTAINER= mw@wipp.bayern @@ -17,10 +16,10 @@ RUN_DEPENDS= step:security/step-cli USES= go:modules -GO_MODULE= github.com/smallstep/certificates - USE_RC_SUBR= step-ca +GO_MODULE= github.com/smallstep/certificates + GO_TARGET= ./cmd/step-ca:${PREFIX}/sbin/step-ca GO_BUILDFLAGS= -ldflags "-w -X main.Version=${PORTVERSION}" diff --git a/security/step-certificates/distinfo b/security/step-certificates/distinfo index af645bfe812a..2d510b73e2b7 100644 --- a/security/step-certificates/distinfo +++ b/security/step-certificates/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1701460797 -SHA256 (go/security_step-certificates/step-certificates-v0.25.2/v0.25.2.mod) = 7b8d9e8b5f35b5467da9bb0b5cb2997217cb6343cf4c707ab76566501d374cfb -SIZE (go/security_step-certificates/step-certificates-v0.25.2/v0.25.2.mod) = 6667 -SHA256 (go/security_step-certificates/step-certificates-v0.25.2/v0.25.2.zip) = 9bdffcb28b1ec1a03f8f1d3f49fde9ffb77e1e46d904b88bacecaea8adcb9764 -SIZE (go/security_step-certificates/step-certificates-v0.25.2/v0.25.2.zip) = 1049591 +TIMESTAMP = 1711731230 +SHA256 (go/security_step-certificates/step-certificates-v0.26.0/v0.26.0.mod) = 8c6fa479a3353e3388f2d2b22eae55f02fec0c627449eebd547aaf6b3dd6116a +SIZE (go/security_step-certificates/step-certificates-v0.26.0/v0.26.0.mod) = 8136 +SHA256 (go/security_step-certificates/step-certificates-v0.26.0/v0.26.0.zip) = a630dbbff154f0fb75ae9ced250df488becf2592d1840c44425d06ead197a161 +SIZE (go/security_step-certificates/step-certificates-v0.26.0/v0.26.0.zip) = 1069995 diff --git a/security/step-certificates/files/step-ca.in b/security/step-certificates/files/step-ca.in index 03946767ff2b..59e8e33c5164 100644 --- a/security/step-certificates/files/step-ca.in +++ b/security/step-certificates/files/step-ca.in @@ -49,19 +49,54 @@ command_args="-S -c \ start_precmd=step_ca_startprecmd start_postcmd=step_ca_postcmd +extra_commands="configure" +configure_cmd="step_ca_configure" + step_ca_startprecmd() { if [ ! -e ${pidfile} ]; then install -o ${step_ca_user} -g ${step_ca_group} /dev/null ${pidfile}; fi + if [ ! -e ${step_ca_steppath} ]; then + echo "No configured Step CA found." + echo "Please run service step-ca configure" + exit 1 + else + export STEPPATH=${step_ca_steppath} + fi + + if [ ! -e ${step_ca_password} ]; then + echo "Step CA Password file for auto-start not found" + echo "Please run service step-ca configure" + exit 1 + fi + + if [ -e ${step_ca_steppath}/config/ca.json ]; then + configured_port=$(sed -n -e '/"address"/ s/.*:\(.*\)".*/\1/p' ${step_ca_steppath}/config/ca.json) + if [ ${configured_port} -lt 1024 ]; then + echo "Privileged Port (${configured_port}) configured: cannot run as ${step_ca_user}" + exit 1 + fi + fi +} + +step_ca_postcmd() { + sleep 2 + run_rc_command status +} + +step_ca_configure() { if [ ! -e ${step_ca_steppath} ]; then echo "No configured Step CA found." echo "Creating new one...." + install -m 600 -o ${step_ca_user} -g ${step_ca_group} /dev/null ${step_ca_steppath} export STEPPATH=${step_ca_steppath} %%PREFIX%%/bin/step ca init --ssh - chown -R ${step_ca_user}:${step_ca_group} ${step_ca_steppath} + chown -R ${step_ca_user}:${step_ca_group} ${step_ca_stepdir} else + echo "Configured Step CA found at ${step_ca_steppath}." + echo "Please remove the directory and its contents manually if you really want to reconfigure." export STEPPATH=${step_ca_steppath} fi @@ -72,6 +107,9 @@ step_ca_startprecmd() echo "Please enter the Step CA Password:" stty -echo; read passwd; stty echo; echo echo $passwd > ${step_ca_password} + else + echo "Configured Step CA password file found at ${step_ca_password}." + echo "Please remove the file manually if you really want to reconfigure." fi if [ -e ${step_ca_steppath}/config/ca.json ]; then @@ -82,9 +120,4 @@ step_ca_startprecmd() fi } -step_ca_postcmd() { - sleep 2 - run_rc_command status -} - run_rc_command "$1" diff --git a/security/step-certificates/pkg-message b/security/step-certificates/pkg-message index 7b616c50a4bd..2e595b5f19ae 100644 --- a/security/step-certificates/pkg-message +++ b/security/step-certificates/pkg-message @@ -4,10 +4,11 @@ ================================================================================ Step Certificates requires additional configuration: -The simple way is via the service start script step_ca. +The simple way is via the service start script step_ca with: +service step_ca configure When there is no configuration it will be created. User input is required!!! -The hard way would be via the step command. +The hard way would be manually via the step command. Ensure to set the STEPPATH environment variable. This makes using the commands much simpler.