From nobody Tue Mar 26 11:02:52 2024 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4V3n2j1782z5FMgT; Tue, 26 Mar 2024 11:02:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4V3n2j0L3pz4NLv; Tue, 26 Mar 2024 11:02:53 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1711450973; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NzxN0Srnr30lVHitSczhaPZL6+KtthB3HwpCfALk4ZM=; b=BhKEG6AM83mdzTUzeXGTS2PN6kv/F8cqVK5cFUwt6kMEme0kW57ioAedPv7ZwUcrCZzKzW 6f+YExLuPEH8WCvhi2GDb2a1lQCF+J6/n8EwrL5wUb2ZxOe1dESW9hRZN0JWdCl4bfogUP L57QgfUi3gzOG0AVRg2hG+Fc3+CWRFcG1uJzP0pTEXaK02PLsVhPi+1XuyxCYRhL+jKEy3 03falZcd3ZvpYVIPV9gu1VX5fTx4x0imY5oIEXi2iZRw/p2iZMWIw+Eh+CKPPX7EoNFV80 h5s43qAWut35cX8dv4AbusPQBOK85aszZ/umf9nO6o6VBPkCQi5TzeIbDO7gtQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1711450973; a=rsa-sha256; cv=none; b=NnEvnXSb1+8cSu6IlxIsxJJRToXrzDf+qPRX7ODp4m48Be0I4AWbt09HIB2h0txpQfuqen ykcjOZGHnVgyn7ZUOZ847OMtPvbcTeHrMrwJFJ1q1LS5S0T7Zl0IpEPkWy563S29dCFk1W kpQLdRTiRut9o5xJpInjhLQ370ebnqU2C9eqrqtW+xpS9huo+l4uY0D8pvgfP+Xltq7ok0 tS0XSIaSNo0RISnliaCeAX+KVAHIKGoc7WQVsB6GCUrJr8c7SpA+hJvoox0rEonADjwQO2 icAmD79oXC2sBVg+ZsYAs3iDcBKCi+2odj5/EFvYx2f9nB8b+28DUXHwbtA3Jw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1711450973; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NzxN0Srnr30lVHitSczhaPZL6+KtthB3HwpCfALk4ZM=; b=bQ1kTXaySgg8elZtBiYjisG0dNU0L6M1L0ZidbgzWGaB1LDw/qZm5zWDXijCOT43RacCOq j+iksfGeYSYY3pIOcadhLI9CyXx8LewTFYPC14DcQYz7Z3DTGIuh/Y4Ml9Id1TCQuuvKvh 521MHs6WIBFMf5OTLoV45DwuGnXofOYNJqBwMPPzhO0AxI7M7lcla1NzkXQrI+cCnxhzwx orEaDXngThWvbz8AREh219ghV+NHnf857CvGs27TCzdGvesgXmxWmL19kgnpEVlLmGh6Fe guZ2lymcGt/INPly+fkHluME5RL5X+3958uij8RaBXScNGEdYjDO355dlVqccA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4V3n2h7381zxwp; Tue, 26 Mar 2024 11:02:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 42QB2qJn028251; Tue, 26 Mar 2024 11:02:52 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 42QB2qSO028248; Tue, 26 Mar 2024 11:02:52 GMT (envelope-from git) Date: Tue, 26 Mar 2024 11:02:52 GMT Message-Id: <202403261102.42QB2qSO028248@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Philippe Audeoud Subject: git: 4ede5b61f28e - main - security/py-pnu-certwatch: new port List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jadawin X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 4ede5b61f28e82a74af0fca197a75e2db2039ac9 Auto-Submitted: auto-generated The branch main has been updated by jadawin: URL: https://cgit.FreeBSD.org/ports/commit/?id=4ede5b61f28e82a74af0fca197a75e2db2039ac9 commit 4ede5b61f28e82a74af0fca197a75e2db2039ac9 Author: Philippe Audeoud AuthorDate: 2024-03-26 10:21:37 +0000 Commit: Philippe Audeoud CommitDate: 2024-03-26 11:02:11 +0000 security/py-pnu-certwatch: new port The certwatch utility monitors X509 certificates expiration dates by processing one or more data files containing lists of hostnames with optional port numbers. It's mainly used to check the expiration date of HTTPS certificates (which is the default target when the port number is not indicated), but the tool is protocol-agnostic and can "talk" to any SNI-aware (Server Name Information) SSL/TLS server (smtps, imaps, ldaps, etc.) without making too much assumptions on the correctness of servers certificates. The certificates can be saved to a specified directory for further analysis with other tools (such as OpenSSL). The tool's results are presented as text tables. The main one is the list of certificates successfully fetched, ordered by expiration date. This list can be filtered to only show certificates expired or expiring within the specified number of days. The second table is the sorted list of hostnames / hostports where certificates couldn't be fetched, with our best attempts to identify the reason why. Two additional tables can be generated in order to print the common names and alternate names unmentioned in your input data files. Finally, for user convenience, all these reports can be generated in a single multi-tabs Excel workbook. PR: 277970 Approved by: maintainer, bapt (mentor) --- security/Makefile | 1 + security/py-pnu-certwatch/Makefile | 27 +++++++++++++++++++++++++++ security/py-pnu-certwatch/distinfo | 3 +++ security/py-pnu-certwatch/pkg-descr | 29 +++++++++++++++++++++++++++++ 4 files changed, 60 insertions(+) diff --git a/security/Makefile b/security/Makefile index 8a112586287d..1a519e82e787 100644 --- a/security/Makefile +++ b/security/Makefile @@ -983,6 +983,7 @@ SUBDIR += py-pgpdump SUBDIR += py-pgpy SUBDIR += py-plaso + SUBDIR += py-pnu-certwatch SUBDIR += py-pnu-vuxml SUBDIR += py-potr SUBDIR += py-pwntools diff --git a/security/py-pnu-certwatch/Makefile b/security/py-pnu-certwatch/Makefile new file mode 100644 index 000000000000..874ccc716166 --- /dev/null +++ b/security/py-pnu-certwatch/Makefile @@ -0,0 +1,27 @@ +PORTNAME= pnu-certwatch +DISTVERSION= 1.0.3 +CATEGORIES= security python +MASTER_SITES= PYPI +PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} + +MAINTAINER= hubert.tournier@gmail.com +COMMENT= Watch X509 certificates expiration dates +WWW= https://github.com/HubTou/certwatch + +LICENSE= BSD3CLAUSE +LICENSE_FILE= ${WRKSRC}/License + +BUILD_DEPENDS= ${PY_SETUPTOOLS} \ + ${PYTHON_PKGNAMEPREFIX}wheel>0:devel/py-wheel@${PY_FLAVOR} + +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}pnu-libpnu>=1.3.0:devel/py-pnu-libpnu@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}openpyxl>0:textproc/py-openpyxl@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}prettytable>0:devel/py-prettytable@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}tqdm>0:misc/py-tqdm@${PY_FLAVOR} + +USES= python shebangfix +USE_PYTHON= autoplist flavors pep517 cryptography + +SHEBANG_FILES= src/certwatch/*.py + +.include diff --git a/security/py-pnu-certwatch/distinfo b/security/py-pnu-certwatch/distinfo new file mode 100644 index 000000000000..5d81292223f7 --- /dev/null +++ b/security/py-pnu-certwatch/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1711310583 +SHA256 (pnu-certwatch-1.0.3.tar.gz) = e736811765f567cb427035eb8449196638c1ea8ef7cb68755a58b2668b400f44 +SIZE (pnu-certwatch-1.0.3.tar.gz) = 22073 diff --git a/security/py-pnu-certwatch/pkg-descr b/security/py-pnu-certwatch/pkg-descr new file mode 100644 index 000000000000..a09d4334c6ad --- /dev/null +++ b/security/py-pnu-certwatch/pkg-descr @@ -0,0 +1,29 @@ +The certwatch utility monitors X509 certificates expiration dates by +processing one or more data files containing lists of hostnames with +optional port numbers. + +It's mainly used to check the expiration date of HTTPS certificates +(which is the default target when the port number is not indicated), +but the tool is protocol-agnostic and can "talk" to any SNI-aware +(Server Name Information) SSL/TLS server (smtps, imaps, ldaps, etc.) +without making too much assumptions on the correctness of servers +certificates. + +The certificates can be saved to a specified directory for further +analysis with other tools (such as OpenSSL). + +The tool's results are presented as text tables. + +The main one is the list of certificates successfully fetched, ordered +by expiration date. This list can be filtered to only show +certificates expired or expiring within the specified number of days. + +The second table is the sorted list of hostnames / hostports where +certificates couldn't be fetched, with our best attempts to identify +the reason why. + +Two additional tables can be generated in order to print the common +names and alternate names unmentioned in your input data files. + +Finally, for user convenience, all these reports can be generated in a +single multi-tabs Excel workbook.