Date: Mon, 29 Jan 2024 16:12:55 GMT From: Florian Smeets <flo@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 6d25994b8ea2 - main - security/certspotter: Add new port Message-ID: <202401291612.40TGCtbQ070646@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by flo: URL: https://cgit.FreeBSD.org/ports/commit/?id=6d25994b8ea26a536e4826452d795156617eff69 commit 6d25994b8ea26a536e4826452d795156617eff69 Author: Florian Smeets <flo@FreeBSD.org> AuthorDate: 2024-01-29 16:11:04 +0000 Commit: Florian Smeets <flo@FreeBSD.org> CommitDate: 2024-01-29 16:11:04 +0000 security/certspotter: Add new port Cert Spotter is a Certificate Transparency log monitor from SSLMate that alerts you when an SSL/TLS certificate is issued for one of your domains. Cert Spotter is easier to use than other open source CT monitors, since it does not require a database. It's also more robust, since it uses a special certificate parser that ensures it won't miss certificates. --- GIDs | 2 +- UIDs | 2 +- security/Makefile | 1 + security/certspotter/Makefile | 35 ++++++++++++++++++++++++ security/certspotter/distinfo | 5 ++++ security/certspotter/files/certspotter.in | 44 +++++++++++++++++++++++++++++++ security/certspotter/pkg-descr | 2 ++ security/certspotter/pkg-plist | 4 +++ 8 files changed, 93 insertions(+), 2 deletions(-) diff --git a/GIDs b/GIDs index cf53657bdd4f..a2e872ae22ab 100644 --- a/GIDs +++ b/GIDs @@ -269,7 +269,7 @@ dkfilter:*:325: smfs:*:326: _reticulum:*:327: galene:*:328: -# free: 329 +certspotter:*:329: orthanc:*:330: # free: 331 # free: 332 diff --git a/UIDs b/UIDs index d81e56e33c98..f0522ea3f17c 100644 --- a/UIDs +++ b/UIDs @@ -274,7 +274,7 @@ dkfilter:*:325:325::0:0:DK Filter Owner:/nonexistent:/usr/sbin/nologin smfs:*:326:326::0:0:SMFSAV Owner:/nonexistent:/usr/sbin/nologin _reticulum:*:327:327::0:0:Reticulum Daemon:/nonexistent:/usr/sbin/nologin galene:*:328:328::0:0:Galene Visioconference server:/nonexistent:/usr/sbin/nologin -# free: 329 +certspotter:*:329:329::0:0:Cert Spotter user:/nonexistent:/usr/sbin/nologin orthanc:*:330:330::0:0:Orthanc Daemon:/nonexistent:/usr/sbin/nologin # free: 331 # free: 332 diff --git a/security/Makefile b/security/Makefile index 99ec5c3a1f7b..c5b64253fdfa 100644 --- a/security/Makefile +++ b/security/Makefile @@ -74,6 +74,7 @@ SUBDIR += ccrypt SUBDIR += ccsrch SUBDIR += certmgr + SUBDIR += certspotter SUBDIR += cfs SUBDIR += cfssl SUBDIR += cfv diff --git a/security/certspotter/Makefile b/security/certspotter/Makefile new file mode 100644 index 000000000000..fa65f32f417d --- /dev/null +++ b/security/certspotter/Makefile @@ -0,0 +1,35 @@ +PORTNAME= certspotter +DISTVERSIONPREFIX= v +DISTVERSION= 0.18.0 +CATEGORIES= security www + +MAINTAINER= flo@FreeBSD.org +COMMENT= Certificate Transparency Monitor +WWW= https://github.com/SSLMate/certspotter + +LICENSE= MPL20 +LICENSE_FILE= ${WRKSRC}/LICENSE + +USES= go:1.21,modules +USE_RC_SUBR= certspotter +GO_MODULE= software.sslmate.com/src/certspotter +GO_TARGET= ./cmd/${PORTNAME}:${PREFIX}/sbin/${PORTNAME} + +CERTSPOTTER_USER?= certspotter +CERTSPOTTER_GROUP?= certspotter + +SUB_LIST+= CERTSPOTTER_GROUP=${CERTSPOTTER_GROUP} \ + CERTSPOTTER_USER=${CERTSPOTTER_USER} + +USERS= ${CERTSPOTTER_USER} +GROUPS= ${CERTSPOTTER_GROUP} + +PLIST_SUB+= CERTSPOTTER_GROUP=${CERTSPOTTER_GROUP} \ + CERTSPOTTER_USER=${CERTSPOTTER_USER} + +pre-install: + @${MKDIR} ${STAGEDIR}/var/db/${PORTNAME} + @${MKDIR} ${STAGEDIR}${PREFIX}/etc/${PORTNAME} + @${ECHO_CMD} "example.org" > ${STAGEDIR}${PREFIX}/etc/${PORTNAME}/watchlist.sample + @${MKDIR} ${STAGEDIR}/var/run/${PORTNAME} +.include <bsd.port.mk> diff --git a/security/certspotter/distinfo b/security/certspotter/distinfo new file mode 100644 index 000000000000..d7a980228c6e --- /dev/null +++ b/security/certspotter/distinfo @@ -0,0 +1,5 @@ +TIMESTAMP = 1706474827 +SHA256 (go/security_certspotter/certspotter-v0.18.0/v0.18.0.mod) = 7999f3e078b45dae94b4b4b34bee2dda107e3a23bff847f54b584d0ce3bb549d +SIZE (go/security_certspotter/certspotter-v0.18.0/v0.18.0.mod) = 165 +SHA256 (go/security_certspotter/certspotter-v0.18.0/v0.18.0.zip) = cd52b973de3ee04cbf5ced8eb87c6634185e77ad2bf4da756a4c72b9881f2c59 +SIZE (go/security_certspotter/certspotter-v0.18.0/v0.18.0.zip) = 89899 diff --git a/security/certspotter/files/certspotter.in b/security/certspotter/files/certspotter.in new file mode 100644 index 000000000000..f22d334d210d --- /dev/null +++ b/security/certspotter/files/certspotter.in @@ -0,0 +1,44 @@ +#!/bin/sh + +# PROVIDE: certspotter +# REQUIRE: LOGIN +# KEYWORD: shutdown +# +# Add these lines to /etc/rc.conf.local or /etc/rc.conf +# to enable this service: +# +# certspotter_enable (bool): Set to YES to enable certspotter. +# Set to NO by default. +# certspotter_statedir (path): State dir. Set to /var/db/certspotter +# by default. +# certspotter_watchlist (path): File listing the monitored domains. +# Set to %%ETCIDIR%%/watchlist by default. +# certspotter_email (string): The email address notifications will be +# sent to. Set to root by default. +# certspotter_user (string): The user account used to run the daemon. +# Default: %%CERTSPOTTER_USER%% + +. /etc/rc.subr + +name=certspotter +rcvar=certspotter_enable + +load_rc_config $name + +: ${certspotter_enable:="NO"} +: ${certspotter_statedir="/var/db/certspotter"} +: ${certspotter_watchlist="%%ETCDIR%%/watchlist"} +: ${certspotter_user:="%%CERTSPOTTER_USER%%"} +: ${certspotter_email:="root"} + +pidfile=/var/run/certspotter/${name}.pid +command=%%PREFIX%%/sbin/certspotter +start_cmd="certspotter_start" + +certspotter_start() +{ + echo "Starting ${name}." + /usr/sbin/daemon -c -f -p ${pidfile} -u ${certspotter_user} %%PREFIX%%/sbin/certspotter -state_dir $certspotter_statedir -watchlist $certspotter_watchlist -email $certspotter_email -start_at_end +} + +run_rc_command "$1" diff --git a/security/certspotter/pkg-descr b/security/certspotter/pkg-descr new file mode 100644 index 000000000000..007655649d98 --- /dev/null +++ b/security/certspotter/pkg-descr @@ -0,0 +1,2 @@ +Cert Spotter is a Certificate Transparency log monitor from SSLMate that +alerts you when an SSL/TLS certificate is issued for one of your domains. diff --git a/security/certspotter/pkg-plist b/security/certspotter/pkg-plist new file mode 100644 index 000000000000..0544303c9f5d --- /dev/null +++ b/security/certspotter/pkg-plist @@ -0,0 +1,4 @@ +sbin/certspotter +@sample etc/certspotter/watchlist.sample +@dir(%%CERTSPOTTER_USER%%,%%CERTSPOTTER_GROUP%%,700) /var/db/certspotter +@dir(%%CERTSPOTTER_USER%%,%%CERTSPOTTER_GROUP%%,0775) /var/run/certspotter
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202401291612.40TGCtbQ070646>