git: 2a67a2fe3a8a - main - security/step-certificates: Update to version 0.26.0
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 30 Mar 2024 00:43:17 UTC
The branch main has been updated by yasu:
URL: https://cgit.FreeBSD.org/ports/commit/?id=2a67a2fe3a8a96b6adf06514001f2fa9f9ee9714
commit 2a67a2fe3a8a96b6adf06514001f2fa9f9ee9714
Author: Markus Wipp <mw@wipp.bayern>
AuthorDate: 2024-03-29 18:51:42 +0000
Commit: Yasuhiro Kimura <yasu@FreeBSD.org>
CommitDate: 2024-03-30 00:42:03 +0000
security/step-certificates: Update to version 0.26.0
* Add configure target to rc script
* Adjusted pkg-message
* Pet portclippy
PR: 278035
---
security/step-certificates/Makefile | 7 ++---
security/step-certificates/distinfo | 10 +++----
security/step-certificates/files/step-ca.in | 45 +++++++++++++++++++++++++----
security/step-certificates/pkg-message | 5 ++--
4 files changed, 50 insertions(+), 17 deletions(-)
diff --git a/security/step-certificates/Makefile b/security/step-certificates/Makefile
index 41ddcf4e6809..a903de9e8408 100644
--- a/security/step-certificates/Makefile
+++ b/security/step-certificates/Makefile
@@ -1,7 +1,6 @@
PORTNAME= step-certificates
DISTVERSIONPREFIX= v
-DISTVERSION= 0.25.2
-PORTREVISION= 2
+DISTVERSION= 0.26.0
CATEGORIES= security
MAINTAINER= mw@wipp.bayern
@@ -17,10 +16,10 @@ RUN_DEPENDS= step:security/step-cli
USES= go:modules
-GO_MODULE= github.com/smallstep/certificates
-
USE_RC_SUBR= step-ca
+GO_MODULE= github.com/smallstep/certificates
+
GO_TARGET= ./cmd/step-ca:${PREFIX}/sbin/step-ca
GO_BUILDFLAGS= -ldflags "-w -X main.Version=${PORTVERSION}"
diff --git a/security/step-certificates/distinfo b/security/step-certificates/distinfo
index af645bfe812a..2d510b73e2b7 100644
--- a/security/step-certificates/distinfo
+++ b/security/step-certificates/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1701460797
-SHA256 (go/security_step-certificates/step-certificates-v0.25.2/v0.25.2.mod) = 7b8d9e8b5f35b5467da9bb0b5cb2997217cb6343cf4c707ab76566501d374cfb
-SIZE (go/security_step-certificates/step-certificates-v0.25.2/v0.25.2.mod) = 6667
-SHA256 (go/security_step-certificates/step-certificates-v0.25.2/v0.25.2.zip) = 9bdffcb28b1ec1a03f8f1d3f49fde9ffb77e1e46d904b88bacecaea8adcb9764
-SIZE (go/security_step-certificates/step-certificates-v0.25.2/v0.25.2.zip) = 1049591
+TIMESTAMP = 1711731230
+SHA256 (go/security_step-certificates/step-certificates-v0.26.0/v0.26.0.mod) = 8c6fa479a3353e3388f2d2b22eae55f02fec0c627449eebd547aaf6b3dd6116a
+SIZE (go/security_step-certificates/step-certificates-v0.26.0/v0.26.0.mod) = 8136
+SHA256 (go/security_step-certificates/step-certificates-v0.26.0/v0.26.0.zip) = a630dbbff154f0fb75ae9ced250df488becf2592d1840c44425d06ead197a161
+SIZE (go/security_step-certificates/step-certificates-v0.26.0/v0.26.0.zip) = 1069995
diff --git a/security/step-certificates/files/step-ca.in b/security/step-certificates/files/step-ca.in
index 03946767ff2b..59e8e33c5164 100644
--- a/security/step-certificates/files/step-ca.in
+++ b/security/step-certificates/files/step-ca.in
@@ -49,19 +49,54 @@ command_args="-S -c \
start_precmd=step_ca_startprecmd
start_postcmd=step_ca_postcmd
+extra_commands="configure"
+configure_cmd="step_ca_configure"
+
step_ca_startprecmd()
{
if [ ! -e ${pidfile} ]; then
install -o ${step_ca_user} -g ${step_ca_group} /dev/null ${pidfile};
fi
+ if [ ! -e ${step_ca_steppath} ]; then
+ echo "No configured Step CA found."
+ echo "Please run service step-ca configure"
+ exit 1
+ else
+ export STEPPATH=${step_ca_steppath}
+ fi
+
+ if [ ! -e ${step_ca_password} ]; then
+ echo "Step CA Password file for auto-start not found"
+ echo "Please run service step-ca configure"
+ exit 1
+ fi
+
+ if [ -e ${step_ca_steppath}/config/ca.json ]; then
+ configured_port=$(sed -n -e '/"address"/ s/.*:\(.*\)".*/\1/p' ${step_ca_steppath}/config/ca.json)
+ if [ ${configured_port} -lt 1024 ]; then
+ echo "Privileged Port (${configured_port}) configured: cannot run as ${step_ca_user}"
+ exit 1
+ fi
+ fi
+}
+
+step_ca_postcmd() {
+ sleep 2
+ run_rc_command status
+}
+
+step_ca_configure() {
if [ ! -e ${step_ca_steppath} ]; then
echo "No configured Step CA found."
echo "Creating new one...."
+ install -m 600 -o ${step_ca_user} -g ${step_ca_group} /dev/null ${step_ca_steppath}
export STEPPATH=${step_ca_steppath}
%%PREFIX%%/bin/step ca init --ssh
- chown -R ${step_ca_user}:${step_ca_group} ${step_ca_steppath}
+ chown -R ${step_ca_user}:${step_ca_group} ${step_ca_stepdir}
else
+ echo "Configured Step CA found at ${step_ca_steppath}."
+ echo "Please remove the directory and its contents manually if you really want to reconfigure."
export STEPPATH=${step_ca_steppath}
fi
@@ -72,6 +107,9 @@ step_ca_startprecmd()
echo "Please enter the Step CA Password:"
stty -echo; read passwd; stty echo; echo
echo $passwd > ${step_ca_password}
+ else
+ echo "Configured Step CA password file found at ${step_ca_password}."
+ echo "Please remove the file manually if you really want to reconfigure."
fi
if [ -e ${step_ca_steppath}/config/ca.json ]; then
@@ -82,9 +120,4 @@ step_ca_startprecmd()
fi
}
-step_ca_postcmd() {
- sleep 2
- run_rc_command status
-}
-
run_rc_command "$1"
diff --git a/security/step-certificates/pkg-message b/security/step-certificates/pkg-message
index 7b616c50a4bd..2e595b5f19ae 100644
--- a/security/step-certificates/pkg-message
+++ b/security/step-certificates/pkg-message
@@ -4,10 +4,11 @@
================================================================================
Step Certificates requires additional configuration:
-The simple way is via the service start script step_ca.
+The simple way is via the service start script step_ca with:
+service step_ca configure
When there is no configuration it will be created. User input is required!!!
-The hard way would be via the step command.
+The hard way would be manually via the step command.
Ensure to set the STEPPATH environment variable. This makes using the
commands much simpler.