git: a5abdadcbd65 - main - security/py-truststore: Add py-truststore 0.7.0

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Po-Chuan Hsieh <sunpoet_at_FreeBSD.org>
Date: Wed, 16 Aug 2023 18:30:29 UTC
The branch main has been updated by sunpoet:

URL: https://cgit.FreeBSD.org/ports/commit/?id=a5abdadcbd65c160c795c040b4e78f3f1c275afe

commit a5abdadcbd65c160c795c040b4e78f3f1c275afe
Author:     Po-Chuan Hsieh <sunpoet@FreeBSD.org>
AuthorDate: 2023-08-16 18:06:51 +0000
Commit:     Po-Chuan Hsieh <sunpoet@FreeBSD.org>
CommitDate: 2023-08-16 18:25:07 +0000

    security/py-truststore: Add py-truststore 0.7.0
    
    Truststore is a library which exposes native system certificate stores (ie
    "trust stores") through an ssl.SSLContext-like API. This means that Python
    applications no longer need to rely on certifi as a root certificate store.
    Native system certificate stores have many helpful features compared to a static
    certificate bundle like certifi:
    - Automatically update certificates as new CAs are created and removed
    - Fetch missing intermediate certificates
    - Check certificates against certificate revocation lists (CRLs) to avoid
      monster-in-the-middle (MITM) attacks
    - Managed per-system rather than per-application by a operations/IT team
    - PyPI is no longer a CA distribution channel
    
    Right now truststore is a stand-alone library that can be installed globally in
    your application to immediately take advantage of the benefits in Python 3.10+.
    Truststore has also been integrated into pip as an opt-in method for verifying
    HTTPS certificates with truststore instead of certifi.
    
    Long-term the hope is to make truststore the default way to verify HTTPS
    certificates in pip and to add this functionality into Python itself. Wish us
    luck!
---
 security/Makefile                |  1 +
 security/py-truststore/Makefile  | 22 ++++++++++++++++++++++
 security/py-truststore/distinfo  |  3 +++
 security/py-truststore/pkg-descr | 20 ++++++++++++++++++++
 4 files changed, 46 insertions(+)

diff --git a/security/Makefile b/security/Makefile
index c7cd82f798cf..5e215d686b27 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -1037,6 +1037,7 @@
     SUBDIR += py-tlslite-ng
     SUBDIR += py-trezor
     SUBDIR += py-trustme
+    SUBDIR += py-truststore
     SUBDIR += py-tuf
     SUBDIR += py-txtorcon
     SUBDIR += py-uhashring
diff --git a/security/py-truststore/Makefile b/security/py-truststore/Makefile
new file mode 100644
index 000000000000..44ac2b0cf931
--- /dev/null
+++ b/security/py-truststore/Makefile
@@ -0,0 +1,22 @@
+PORTNAME=	truststore
+PORTVERSION=	0.7.0
+CATEGORIES=	security python
+MASTER_SITES=	PYPI
+PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
+
+MAINTAINER=	sunpoet@FreeBSD.org
+COMMENT=	Verify certificates using native system trust stores
+WWW=		https://truststore.readthedocs.io/en/latest/ \
+		https://github.com/sethmlarson/truststore
+
+LICENSE=	MIT
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+BUILD_DEPENDS=	${PYTHON_PKGNAMEPREFIX}flit-core>=3.2<4:devel/py-flit-core@${PY_FLAVOR}
+
+USES=		python:3.10+ ssl
+USE_PYTHON=	autoplist concurrent pep517
+
+NO_ARCH=	yes
+
+.include <bsd.port.mk>
diff --git a/security/py-truststore/distinfo b/security/py-truststore/distinfo
new file mode 100644
index 000000000000..8b8d307fe2a6
--- /dev/null
+++ b/security/py-truststore/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1691069906
+SHA256 (truststore-0.7.0.tar.gz) = 72e784507a624375434381e4bad3eff8614bc8c845a7f5ae16a25a2624d0683f
+SIZE (truststore-0.7.0.tar.gz) = 14983
diff --git a/security/py-truststore/pkg-descr b/security/py-truststore/pkg-descr
new file mode 100644
index 000000000000..70390d6db633
--- /dev/null
+++ b/security/py-truststore/pkg-descr
@@ -0,0 +1,20 @@
+Truststore is a library which exposes native system certificate stores (ie
+"trust stores") through an ssl.SSLContext-like API. This means that Python
+applications no longer need to rely on certifi as a root certificate store.
+Native system certificate stores have many helpful features compared to a static
+certificate bundle like certifi:
+- Automatically update certificates as new CAs are created and removed
+- Fetch missing intermediate certificates
+- Check certificates against certificate revocation lists (CRLs) to avoid
+  monster-in-the-middle (MITM) attacks
+- Managed per-system rather than per-application by a operations/IT team
+- PyPI is no longer a CA distribution channel
+
+Right now truststore is a stand-alone library that can be installed globally in
+your application to immediately take advantage of the benefits in Python 3.10+.
+Truststore has also been integrated into pip as an opt-in method for verifying
+HTTPS certificates with truststore instead of certifi.
+
+Long-term the hope is to make truststore the default way to verify HTTPS
+certificates in pip and to add this functionality into Python itself. Wish us
+luck!