From nobody Fri Jan 13 20:11:20 2023
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Ntsxj189vz2p69F;
	Fri, 13 Jan 2023 20:11:21 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Ntsxj0k7Zz3pFp;
	Fri, 13 Jan 2023 20:11:21 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1673640681;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=XzQPk3xtGndv/365h6h5LB1WSexJWs5zt8YtEDC2Z0E=;
	b=B+owfniz79aO3ol1eO3vF1mit6+VcATa/dYOqIn0yRKagtcaLTdnYjfq93BUj/+fpGgkc0
	mgE/DCTaDcZ+QLQR0SwNTPSd/m4UAFRQbopGQFsg/PdrXehNeyqVODdo2MRshCtMgpwWo0
	W5ynwZtIostsdWjXj2BVu1o95xcldrfhJIBk9jRCWG7rG76lmvd34z5YweHtjk9OZ/hH1A
	LWzI0i3Lrd9aUOLmCB1mmgLZTNmvG8Utwfr2f+RwjmPVob96bznW60thefPAqCWmhFpGgH
	aP4RGO609yGzkp08SjwMFJ9xoSKn68N/quVXpOArMG3McPdVs7XQfADuq4RRSg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1673640681;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=XzQPk3xtGndv/365h6h5LB1WSexJWs5zt8YtEDC2Z0E=;
	b=M45giBSzWfwTo4zLmZarSsMJHsUzm20yqjlY4PNNeqU2gTb0QJfwPxfBXr8cXNuOgC6SEC
	kZqxCMIoO6cuUE+pLYSWtuS6+SNaZbEfuSs0UmzDH5Ph7BQOtVRtF/2RY+vsi6ab+qrO62
	SoAQG4KRaS/CXzu7zTzvZ7ROCaITHXtGF9Qm7tyATh191QFiEVJFrQe1cX2e0TjwN7Ymu3
	/51IgDqimLEGQc267kjPo4WD5QZc8AbOAvNl64ZeTDJOnZt6eCKP7dov73XoHYEjPYGxxj
	NdfQ5kRXkg+rEMZFokh72XA/bX6V2dfZ7JSPHzCBV+MFeuXJZsjKuR2CZea4Gw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1673640681; a=rsa-sha256; cv=none;
	b=bV190r+B74/Cvn/fDGZcVeGno0cfiGhIutL8HaepwDwPHHLzrtdJ3m4GEYI+0bp3EcW08a
	TDHdoU/f6clVYTkGbIIZrT0JIPHm8UWkM+bYmySD21LuYS8MG0fNDRCdUrH7K0lZHhyTuq
	x5HVJD8zoYL3E/nPHQJkzfFeul0t/mnobziflT3GASJVn4XnHXMAQ6ICHF3UU7cptpQWhG
	PL2x4T/E2O0dynjNSC1NpYSEnz1UR/4URFrWD0O30bjl1f9Hl9K7YmV6HSUnVuSJBZZvPk
	KtVx5UQ8GmBp7JZxO7aehHH9bLwGgyScZ1LJwuCaNq3R3KuOHTffBb+JP7mNPA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Ntsxh6ZZxzLTy;
	Fri, 13 Jan 2023 20:11:20 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 30DKBKhb035145;
	Fri, 13 Jan 2023 20:11:20 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 30DKBKG8035144;
	Fri, 13 Jan 2023 20:11:20 GMT
	(envelope-from git)
Date: Fri, 13 Jan 2023 20:11:20 GMT
Message-Id: <202301132011.30DKBKG8035144@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Alan Somers <asomers@FreeBSD.org>
Subject: git: 0de11ff4ffa5 - main - sysutils/zrepl: warn of impending SSL certificate expiration
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-all@freebsd.org
X-BeenThere: dev-commits-ports-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: asomers
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 0de11ff4ffa507b3c91eada0307bb45fea28112a
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N

The branch main has been updated by asomers (src committer):

URL: https://cgit.FreeBSD.org/ports/commit/?id=0de11ff4ffa507b3c91eada0307bb45fea28112a

commit 0de11ff4ffa507b3c91eada0307bb45fea28112a
Author:     Alan Somers <asomers@FreeBSD.org>
AuthorDate: 2021-07-27 22:08:38 +0000
Commit:     Alan Somers <asomers@FreeBSD.org>
CommitDate: 2023-01-13 20:10:59 +0000

    sysutils/zrepl: warn of impending SSL certificate expiration
    
    Add a periodic script that will warn of impending certifiate expiration.
    
    PR:             257464
    Approved by:    dries (maintainer, ports)
    Sponsored by:   Axcient
---
 sysutils/zrepl/Makefile             |  7 +++++--
 sysutils/zrepl/files/500.zrepl.in   | 41 +++++++++++++++++++++++++++++++++++++
 sysutils/zrepl/files/pkg-message.in | 10 +++++++++
 sysutils/zrepl/pkg-plist            |  1 +
 4 files changed, 57 insertions(+), 2 deletions(-)

diff --git a/sysutils/zrepl/Makefile b/sysutils/zrepl/Makefile
index ed56db478494..146f21339104 100644
--- a/sysutils/zrepl/Makefile
+++ b/sysutils/zrepl/Makefile
@@ -1,7 +1,7 @@
 PORTNAME=	zrepl
 DISTVERSIONPREFIX=	v
 DISTVERSION=	0.6.0
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	sysutils
 
 MAINTAINER=	driesm@FreeBSD.org
@@ -19,7 +19,7 @@ GO_BUILDFLAGS=	-ldflags "\
 		-s -w\
 		-X ${GO_MODULE}/version.${PORTNAME}Version=${DISTVERSIONFULL}"
 
-SUB_FILES=	pkg-message
+SUB_FILES=	pkg-message 500.zrepl
 
 OPTIONS_DEFINE=		EXAMPLES MANPAGES
 OPTIONS_DEFAULT=	MANPAGES
@@ -40,6 +40,9 @@ post-install:
 	${INSTALL_DATA} ${FILESDIR}/newsyslog.conf ${STAGEDIR}${EXAMPLESDIR}/newsyslog.conf
 	${INSTALL_DATA} ${FILESDIR}/syslog.conf ${STAGEDIR}${EXAMPLESDIR}/syslog.conf
 	${INSTALL_DATA} ${FILESDIR}/zrepl.yml ${STAGEDIR}${ETCDIR}/zrepl.yml.sample
+	${MKDIR} ${STAGEDIR}${PREFIX}/etc/periodic/weekly
+	${INSTALL_SCRIPT} ${WRKDIR}/500.zrepl \
+		${STAGEDIR}${PREFIX}/etc/periodic/weekly/500.zrepl
 
 post-install-EXAMPLES-on:
 	@${MKDIR} ${STAGEDIR}${EXAMPLESDIR}/hooks
diff --git a/sysutils/zrepl/files/500.zrepl.in b/sysutils/zrepl/files/500.zrepl.in
new file mode 100644
index 000000000000..b7f1b3abb4d3
--- /dev/null
+++ b/sysutils/zrepl/files/500.zrepl.in
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+# Check zrepl SSL certificates for impending expiration each week
+#
+# Add the following lines to /etc/periodic.conf:
+#
+# weekly_zrepl_enable (bool):	Set to "NO" by default
+# weekly_zrepl_warntime (int): Set to one month's worth of seconds by default
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+    . /etc/defaults/periodic.conf
+    source_periodic_confs
+fi
+
+# 30 days in seconds
+: ${weekly_zrepl_warntime="2592000"}
+
+rc=0
+case "$weekly_zrepl_enable" in
+    [Yy][Ee][Ss])
+	echo
+	echo "Check Zrepl certificates for upcoming expiration:"
+
+	for cert in `/usr/bin/find %%ETCDIR%% -maxdepth 1 -name *.crt`; do
+		/usr/bin/openssl x509 --in "${cert}" \
+			-checkend "${weekly_zrepl_warntime}"
+
+		if [ $? -gt 0 ]; then
+			echo "${cert} will expire soon"
+			/usr/bin/openssl x509 --in "${cert}" -noout -enddate
+			rc=3
+		fi
+	done
+	;;
+    *)  rc=0;;
+esac
+
+exit $rc
diff --git a/sysutils/zrepl/files/pkg-message.in b/sysutils/zrepl/files/pkg-message.in
index f01100004e97..9d0cc7020a45 100644
--- a/sysutils/zrepl/files/pkg-message.in
+++ b/sysutils/zrepl/files/pkg-message.in
@@ -22,6 +22,16 @@ DANGER - SNAPSHOT PRUNING REQUIRES EXPLICIT KEEP RULES:
 For any ZFS snapshot that you want to keep, at least one rule must match.
 This also applies to snapshots taken by means other than zrepl
 (e.g. snapshots taken manually or via boot environment tools).
+
+In order to automatically warn the operator of impending certificate
+expiration, add this line to /etc/periodic.conf:
+
+    weekly_zrepl_enable="YES"
+
+More config details in the zrepl periodic script:
+
+    %%LOCALBASE%%/etc/periodic/weekly/500.zrepl
+
 EOM
 }
 ]
diff --git a/sysutils/zrepl/pkg-plist b/sysutils/zrepl/pkg-plist
index c26b48a40cc9..a11961d1fa43 100644
--- a/sysutils/zrepl/pkg-plist
+++ b/sysutils/zrepl/pkg-plist
@@ -1,4 +1,5 @@
 bin/zrepl
+etc/periodic/weekly/500.zrepl
 @sample %%ETCDIR%%/zrepl.yml.sample
 %%PORTEXAMPLES%%%%EXAMPLESDIR%%/bandwidth_limit.yml
 %%PORTEXAMPLES%%%%EXAMPLESDIR%%/grafana-prometheus-zrepl.json