Site Navigation

Date:      Fri, 13 Jun 2025 19:33:20 GMT
From:      Chris Rees <crees@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: 9dedd058b1bd - main - security/certmonger: New port
Message-ID:  <202506131933.55DJXKmB035862@gitrepo.freebsd.org>

---

index | next in thread | raw e-mail

---

The branch main has been updated by crees:

URL: https://cgit.FreeBSD.org/ports/commit/?id=9dedd058b1bd0a21c942bdc9f56fa1aeef602449

commit 9dedd058b1bd0a21c942bdc9f56fa1aeef602449
Author:     Chris Rees <crees@FreeBSD.org>
AuthorDate: 2025-06-13 19:30:51 +0000
Commit:     Chris Rees <crees@FreeBSD.org>
CommitDate: 2025-06-13 19:33:08 +0000

    security/certmonger: New port
    
    Certmonger is primarily concerned with getting you or your system
    enrolled with a certificate authority (CA) and keeping you enrolled.
    
    To do this, the certmonger daemon runs in the background, taking guidance from
    client tools (via a D-Bus API, a command-line tool is provided which uses it).
    
    The daemon:
    
        can generate key pairs if you don't already have one
        can use a key pair to generate a certificate signing request
        can submit the signing request to a CA
        can wait for the CA to decide whether or not to issue the certificate
        can store an issued certificate in a specified location
        can monitor the certificate to see if it's about to expire
        can warn you or simply log that a certificate is about to expire
        can attempt to get a new certificate when a certificate is about to expire
    
    The goal is to have certmonger do what you need it to do based on what you've
    told it you need.  If you already have a certificate, it will be happy to just
    check on it periodically and warn you when it's about to expire. If you tell it
    where the private key is, and where the CA is, it can go ahead and try to
    re-enroll if you like.
    
    Keys and certificates can be stored and read in any of these formats:
    
        PEM-formatted files
        NSS database (dbm or sql)
---
 security/Makefile                       |  1 +
 security/certmonger/Makefile            | 41 +++++++++++++++++++
 security/certmonger/distinfo            |  3 ++
 security/certmonger/files/certmonger.in | 26 ++++++++++++
 security/certmonger/pkg-descr           | 27 +++++++++++++
 security/certmonger/pkg-plist           | 71 +++++++++++++++++++++++++++++++++
 6 files changed, 169 insertions(+)

diff --git a/security/Makefile b/security/Makefile
index dc0f37cf5530..ddae4dbefef7 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -76,6 +76,7 @@
     SUBDIR += ccsrch
     SUBDIR += certificate_maker
     SUBDIR += certmgr
+    SUBDIR += certmonger
     SUBDIR += certspotter
     SUBDIR += cfssl
     SUBDIR += cfv
diff --git a/security/certmonger/Makefile b/security/certmonger/Makefile
new file mode 100644
index 000000000000..6d992e7e3e51
--- /dev/null
+++ b/security/certmonger/Makefile
@@ -0,0 +1,41 @@
+PORTNAME=	certmonger
+DISTVERSION=	0.79.20
+CATEGORIES=	security
+MASTER_SITES=	https://pagure.io/certmonger/archive/${DISTVERSION}/
+
+MAINTAINER=	crees@FreeBSD.org
+COMMENT=	Daemon to enrol with a CA and renew SSL certificates
+WWW=		https://pagure.io/certmonger
+
+LICENSE=	GPLv3
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+LIB_DEPENDS=	libcurl.so:ftp/curl		\
+		libdbus-1.so:devel/dbus		\
+		libidn2.so:dns/libidn2		\
+		libjansson.so:devel/jansson	\
+		libldap.so:net/openldap26-client \
+		libnspr4.so:devel/nspr		\
+		libnss3.so:security/nss		\
+		libpopt.so:devel/popt		\
+		libtalloc.so:devel/talloc	\
+		libtevent.so:devel/tevent	\
+		libuuid.so:misc/e2fsprogs-libuuid
+
+USES=		autoreconf gettext gnome gssapi:mit iconv pkgconfig ssl
+USE_GNOME=	libxml2
+USE_RC_SUBR=	${PORTNAME}
+GNU_CONFIGURE=	yes
+CONFIGURE_ARGS+=	${ICONV_CONFIGURE_ARG}
+CFLAGS+=	-L${PREFIX}/lib -lintl
+
+# There appears to be some hardcoded gettext dependencies
+#OPTIONS_DEFINE=	NLS
+
+post-install:
+		${MV}	${STAGEDIR}${ETCDIR}/${PORTNAME}.conf \
+			${STAGEDIR}${ETCDIR}/${PORTNAME}.conf.sample
+		${RMDIR} ${STAGEDIR}/var/lib/${PORTNAME}/cas
+		${RMDIR} ${STAGEDIR}/var/lib/${PORTNAME}/requests
+
+.include <bsd.port.mk>
diff --git a/security/certmonger/distinfo b/security/certmonger/distinfo
new file mode 100644
index 000000000000..425f176df586
--- /dev/null
+++ b/security/certmonger/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1747746478
+SHA256 (certmonger-0.79.20.tar.gz) = 23645a5c1b284d73df448dbb97366c1b6e639223fc9465e7834fa5c5fef3f01e
+SIZE (certmonger-0.79.20.tar.gz) = 962445
diff --git a/security/certmonger/files/certmonger.in b/security/certmonger/files/certmonger.in
new file mode 100644
index 000000000000..5b7a7fafa4bd
--- /dev/null
+++ b/security/certmonger/files/certmonger.in
@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# PROVIDE: certmonger
+# REQUIRE: dbus
+# KEYWORD: shutdown
+#
+# Add the following lines to /etc/rc.conf to enable Certmonger
+#
+# dbus_enable=yes
+# certmonger_enable=yes
+#
+
+. /etc/rc.subr
+
+name=certmonger
+rcvar=certmonger_enable
+desc="Certificate monitor and PKI enrolment client"
+load_rc_config $name
+
+: ${certmonger_enable:=no}
+
+command="%%PREFIX%%/sbin/certmonger"
+pidfile=/var/run/certmonger.pid
+command_args="-p $pidfile"
+
+run_rc_command $*
diff --git a/security/certmonger/pkg-descr b/security/certmonger/pkg-descr
new file mode 100644
index 000000000000..57bfb56e9369
--- /dev/null
+++ b/security/certmonger/pkg-descr
@@ -0,0 +1,27 @@
+Certmonger is primarily concerned with getting you or your system
+enrolled with a certificate authority (CA) and keeping you enrolled.
+
+To do this, the certmonger daemon runs in the background, taking guidance from
+client tools (via a D-Bus API, a command-line tool is provided which uses it).
+
+The daemon:
+
+    can generate key pairs if you don't already have one
+    can use a key pair to generate a certificate signing request
+    can submit the signing request to a CA
+    can wait for the CA to decide whether or not to issue the certificate
+    can store an issued certificate in a specified location
+    can monitor the certificate to see if it's about to expire
+    can warn you or simply log that a certificate is about to expire
+    can attempt to get a new certificate when a certificate is about to expire
+
+The goal is to have certmonger do what you need it to do based on what you've
+told it you need.  If you already have a certificate, it will be happy to just
+check on it periodically and warn you when it's about to expire. If you tell it
+where the private key is, and where the CA is, it can go ahead and try to
+re-enroll if you like.
+
+Keys and certificates can be stored and read in any of these formats:
+
+    PEM-formatted files
+    NSS database (dbm or sql)
diff --git a/security/certmonger/pkg-plist b/security/certmonger/pkg-plist
new file mode 100644
index 000000000000..fa555dcc03b1
--- /dev/null
+++ b/security/certmonger/pkg-plist
@@ -0,0 +1,71 @@
+bin/getcert
+bin/ipa-getcert
+bin/local-getcert
+bin/selfsign-getcert
+@sample %%ETCDIR%%/certmonger.conf.sample
+etc/dbus-1/system.d/org.fedorahosted.certmonger.conf
+libexec/certmonger/certmonger-session
+libexec/certmonger/dogtag-ipa-renew-agent-submit
+libexec/certmonger/dogtag-submit
+libexec/certmonger/ipa-submit
+libexec/certmonger/local-submit
+libexec/certmonger/scep-submit
+sbin/certmonger
+share/dbus-1/services/org.fedorahosted.certmonger.service
+share/locale/bg/LC_MESSAGES/certmonger.mo
+share/locale/ca/LC_MESSAGES/certmonger.mo
+share/locale/cs_CZ/LC_MESSAGES/certmonger.mo
+share/locale/da/LC_MESSAGES/certmonger.mo
+share/locale/de/LC_MESSAGES/certmonger.mo
+share/locale/es/LC_MESSAGES/certmonger.mo
+share/locale/eu/LC_MESSAGES/certmonger.mo
+share/locale/fr/LC_MESSAGES/certmonger.mo
+share/locale/gu/LC_MESSAGES/certmonger.mo
+share/locale/hu/LC_MESSAGES/certmonger.mo
+share/locale/id/LC_MESSAGES/certmonger.mo
+share/locale/it/LC_MESSAGES/certmonger.mo
+share/locale/ja/LC_MESSAGES/certmonger.mo
+share/locale/ka/LC_MESSAGES/certmonger.mo
+share/locale/ko/LC_MESSAGES/certmonger.mo
+share/locale/lt/LC_MESSAGES/certmonger.mo
+share/locale/nb/LC_MESSAGES/certmonger.mo
+share/locale/nl/LC_MESSAGES/certmonger.mo
+share/locale/pl/LC_MESSAGES/certmonger.mo
+share/locale/pt/LC_MESSAGES/certmonger.mo
+share/locale/pt_BR/LC_MESSAGES/certmonger.mo
+share/locale/ru/LC_MESSAGES/certmonger.mo
+share/locale/si/LC_MESSAGES/certmonger.mo
+share/locale/sv/LC_MESSAGES/certmonger.mo
+share/locale/ta/LC_MESSAGES/certmonger.mo
+share/locale/tr/LC_MESSAGES/certmonger.mo
+share/locale/uk/LC_MESSAGES/certmonger.mo
+share/locale/zh_CN/LC_MESSAGES/certmonger.mo
+share/locale/zh_TW/LC_MESSAGES/certmonger.mo
+share/man/man1/getcert-add-ca.1.gz
+share/man/man1/getcert-add-scep-ca.1.gz
+share/man/man1/getcert-list-cas.1.gz
+share/man/man1/getcert-list.1.gz
+share/man/man1/getcert-modify-ca.1.gz
+share/man/man1/getcert-refresh-ca.1.gz
+share/man/man1/getcert-refresh.1.gz
+share/man/man1/getcert-rekey.1.gz
+share/man/man1/getcert-remove-ca.1.gz
+share/man/man1/getcert-request.1.gz
+share/man/man1/getcert-resubmit.1.gz
+share/man/man1/getcert-start-tracking.1.gz
+share/man/man1/getcert-status.1.gz
+share/man/man1/getcert-stop-tracking.1.gz
+share/man/man1/getcert.1.gz
+share/man/man1/ipa-getcert.1.gz
+share/man/man1/local-getcert.1.gz
+share/man/man1/selfsign-getcert.1.gz
+share/man/man5/certmonger.conf.5.gz
+share/man/man8/certmonger-dogtag-ipa-renew-agent-submit.8.gz
+share/man/man8/certmonger-dogtag-submit.8.gz
+share/man/man8/certmonger-ipa-submit.8.gz
+share/man/man8/certmonger-local-submit.8.gz
+share/man/man8/certmonger-scep-submit.8.gz
+share/man/man8/certmonger.8.gz
+@dir /var/lib/certmonger/local
+@dir /var/lib/certmonger
+@dir /var/lib

home | help

---

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202506131933.55DJXKmB035862>

Legal Notices | © 1995-2026 The FreeBSD Project. All rights reserved.

Contact