From nobody Mon Oct 18 16:54:37 2021
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 15BD0180512D;
	Mon, 18 Oct 2021 16:54:38 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4HY2zK3bdcz4nZg;
	Mon, 18 Oct 2021 16:54:37 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 369BC241F4;
	Mon, 18 Oct 2021 16:54:37 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 19IGsb8M091989;
	Mon, 18 Oct 2021 16:54:37 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 19IGsbJE091988;
	Mon, 18 Oct 2021 16:54:37 GMT
	(envelope-from git)
Date: Mon, 18 Oct 2021 16:54:37 GMT
Message-Id: <202110181654.19IGsbJE091988@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Yuri Victorovich <yuri@FreeBSD.org>
Subject: git: a6dddfbc3b25 - main - security/cfssl: Add the RC script to start as a daemon to run the HTTP-based API server
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-all@freebsd.org
X-BeenThere: dev-commits-ports-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: yuri
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: a6dddfbc3b259aaec389e8314b703851e7c8eb68
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch main has been updated by yuri:

URL: https://cgit.FreeBSD.org/ports/commit/?id=a6dddfbc3b259aaec389e8314b703851e7c8eb68

commit a6dddfbc3b259aaec389e8314b703851e7c8eb68
Author:     Tomoyuki Sakurai <trombik1973@gmail.com>
AuthorDate: 2021-10-18 16:38:27 +0000
Commit:     Yuri Victorovich <yuri@FreeBSD.org>
CommitDate: 2021-10-18 16:54:28 +0000

    security/cfssl: Add the RC script to start as a daemon to run the HTTP-based API server
    
    The API endpoint is 127.0.0.1:8888.
    
    PR:             259247
---
 GIDs                          |  2 +-
 UIDs                          |  2 +-
 security/cfssl/Makefile       | 20 +++++++++++++++++++-
 security/cfssl/files/cfssl.in | 38 ++++++++++++++++++++++++++++++++++++++
 security/cfssl/pkg-plist      |  9 +++++++++
 5 files changed, 68 insertions(+), 3 deletions(-)

diff --git a/GIDs b/GIDs
index 3bb5c1e4ada0..4cb40984b169 100644
--- a/GIDs
+++ b/GIDs
@@ -815,7 +815,7 @@ opensearch:*:855:
 bitmark:*:872:
 bitmark-recorder:*:873:
 librespeed:*:874:
-# free: 875
+cfssl:*:875:
 _lms:*:876:
 gemserv:*:877:
 gerbera:*:878:
diff --git a/UIDs b/UIDs
index f490764e29d5..4adfd141d0bc 100644
--- a/UIDs
+++ b/UIDs
@@ -820,7 +820,7 @@ archiva:*:871:871::0:0:Apache Archiva Daemon:/nonexistent:/usr/sbin/nologin
 bitmark:*:872:872::0:0:Bitmark Property System:/var/lib/bitmarkd:/usr/sbin/nologin
 bitmark-recorder:*:873:873::0:0:Bitmark Property Recorder:/var/lib/recorderd:/usr/sbin/nologin
 librespeed:*:874:874::0:0:LibreSpeed user:/nonexistent:/usr/sbin/nologin
-# free: 875
+cfssl:*:875:875::0:0:cfssl user:/nonexistent:/usr/sbin/nologin
 _lms:*:876:876::0:0:Lightweight Music Server user:/nonexistent:/usr/sbin/nologin
 gemserv:*:877:877::0:0:gemserv user:/nonexistent:/usr/sbin/nologin
 gerbera:*:878:878::0:0:Gerbera DLNA Media Server:/nonexistent:/usr/sbin/nologin
diff --git a/security/cfssl/Makefile b/security/cfssl/Makefile
index b01b21076a1c..1aa20f12bd19 100644
--- a/security/cfssl/Makefile
+++ b/security/cfssl/Makefile
@@ -1,6 +1,7 @@
 PORTNAME=	cfssl
 DISTVERSIONPREFIX=	v
 DISTVERSION=	1.6.1
+PORTREVISION=	1
 CATEGORIES=	security
 
 MAINTAINER=	yuri@FreeBSD.org
@@ -19,12 +20,20 @@ EXES=		cfssl cfssl-bundle cfssl-certinfo cfssl-newkey cfssl-scan cfssljson mkbun
 
 PLIST_FILES=	${EXES:S/^/bin\//}
 
+CFSSL_EXTRA_TARGETS=	bin/goose
+PLIST_FILES+=	${CFSSL_EXTRA_TARGETS}
+USE_RC_SUBR=	${PORTNAME}
+USERS=	cfssl
+GROUPS=	cfssl
+# installs a file to the same path
+CONFLICTS=	goose
+
 pre-configure:
 	${REINPLACE_CMD} -e 's|%%DISTVERSION%%|${DISTVERSION}|g' ${WRKSRC}/cli/version/version.go
 
 # the project uses Makefile for build and installation
 do-build:
-	@cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} ${GO_ENV} ${MAKE_CMD} ${MAKE_FLAGS} ${MAKEFILE} ${_MAKE_JOBS} all
+	@cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} ${GO_ENV} ${MAKE_CMD} ${MAKE_FLAGS} ${MAKEFILE} ${_MAKE_JOBS} all ${CFSSL_EXTRA_TARGETS}
 
 do-install:
 	# Makefile is used but the install target uses go install.
@@ -33,4 +42,13 @@ do-install:
 	${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/${F}
 .endfor
 
+	${INSTALL} -d ${STAGEDIR}${DATADIR}
+.for D in certdb/sqlite certdb/pg certdb/mysql
+	cd ${WRKSRC} && ${COPYTREE_SHARE} ${D} ${STAGEDIR}${DATADIR}
+.endfor
+
+.for F in ${CFSSL_EXTRA_TARGETS}
+	${INSTALL_PROGRAM} ${WRKSRC}/${F} ${STAGEDIR}/${PREFIX}/${F}
+.endfor
+
 .include <bsd.port.mk>
diff --git a/security/cfssl/files/cfssl.in b/security/cfssl/files/cfssl.in
new file mode 100644
index 000000000000..1779ae0252c0
--- /dev/null
+++ b/security/cfssl/files/cfssl.in
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+# PROVIDE: cfssl
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+
+# Add the following lines to /etc/rc.conf to enable `cfssl':
+#
+# cfssl_enable="YES"
+#
+# An example cfssl_flags:
+# cfssl_flags="-db-config /usr/local/etc/ssl/db.json -ca /usr/local/etc/ssl/ca.pem -ca-key /usr/local/etc/ssl/ca-key.pem -config /usr/local/etc/ssl/ca-config.json"
+#
+
+. /etc/rc.subr
+
+name="cfssl"
+rcvar=cfssl_enable
+
+load_rc_config "$name"
+: ${cfssl_enable="NO"}
+: ${cfssl_flags:=""}
+
+command="/usr/sbin/daemon"
+cfssl_command="%%PREFIX%%/bin/cfssl"
+cfssl_user="cfssl"
+pidfile="/var/run/$name.pid"
+flags=" "
+command_args="-S -p ${pidfile} ${cfssl_command} serve ${cfssl_flags}"
+procname="%%PREFIX%%/bin/cfssl"
+start_precmd="cfssl_precmd"
+
+cfssl_precmd()
+{
+	install -o ${cfssl_user} /dev/null ${pidfile}
+}
+
+run_rc_command "$1"
diff --git a/security/cfssl/pkg-plist b/security/cfssl/pkg-plist
new file mode 100644
index 000000000000..5612f39af661
--- /dev/null
+++ b/security/cfssl/pkg-plist
@@ -0,0 +1,9 @@
+%%DATADIR%%/certdb/mysql/dbconf.yml
+%%DATADIR%%/certdb/mysql/migrations/001_CreateCertificates.sql
+%%DATADIR%%/certdb/mysql/migrations/002_AddMetadataToCertificates.sql
+%%DATADIR%%/certdb/pg/dbconf.yml
+%%DATADIR%%/certdb/pg/migrations/001_CreateCertificates.sql
+%%DATADIR%%/certdb/pg/migrations/002_AddMetadataToCertificates.sql
+%%DATADIR%%/certdb/sqlite/dbconf.yml
+%%DATADIR%%/certdb/sqlite/migrations/001_CreateCertificates.sql
+%%DATADIR%%/certdb/sqlite/migrations/002_AddMetadataToCertificates.sql