From nobody Wed Aug 16 18:30:29 2023 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RQxX56y5Jz4qxXq; Wed, 16 Aug 2023 18:30:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RQxX5410Hz4PPt; Wed, 16 Aug 2023 18:30:29 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1692210629; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RhgY3PtsK2h4gA0m+GlbtaQ6QIdxSipHhrEAEu0Z7hc=; b=HWBwZnybH2gq4IC2N3/ogtnMPzMnwsod49b6LfYMGW6TnP2LYy/+AiuliULmwtIwNANQ+X vRFwWdaHPeMNrdDOXxNTiRh3vPw++kohvhV9ZLtIOOHucZXEp1lussp9bhwdViccJILKTS O1kexuXXKyU6tRcuIxV5vdVmD95HfCpE7wcYFh3FP+EeLJK80kAV4Q8xSZbMHwDXlTgTC4 +3EPWaqMGowVy/9VxpnEdJZV+yrtFA1dgLLkc6rFdUvR89yGGGl59g/ZC6c3tQUAeCgwGH QLIACoQ9rQvSNMq8PfIgf8976uhxsVUGtVN7ghZ2AnitdL/x2U5BFD8QxLsn4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1692210629; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=RhgY3PtsK2h4gA0m+GlbtaQ6QIdxSipHhrEAEu0Z7hc=; b=CgsM3PDY3ECOU4V7j62mo/PJFTZeppPcmh3UUnEvn85MjAiBy7T1t7rk//Pk8Df7qUVurR UiItsk/Z/OGpLq8azw1TcHHna1rqtWCVk9em53M931eIFivWiX3YHxF1mV0jWCt4mvfu2a hT+vh+45bqD/yUToFOKgkTDbrQ8fmXzi0nimvu4fTfF55+UNJIM4gqYMXHKCddLe3USwQY Jt08JAnG7NTBct8+7wjsemh3SHgqQZXOq4MQsyEFCx4s6v/8RlsSGMyqu9XZ/pTdmr4otl +wZyaBRF7PSWupijImpGKCW+Es8qP2bsoWQiPGSuHvVj3O7UcmmREiqvy8XX4Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1692210629; a=rsa-sha256; cv=none; b=vVthRfmux47TXnexCOLY4FxnGQBbUnSzJqmcCxYqHrWzs/ge1MTLNm+FuexaMDSpFJPCJi cYC7LFg5F/fvUHWnyCtG8NQ8E8zQ4zL2wNW0I+TJiLq3fbnvFUCnZRdnJIrJl7ra7XwSEc 0YLdTB6jdfhX+UwCBzUowxb6++YAgIjdVB/ufkNgZcgUS3bluyk8K4ITwEXj0yIb0xIlwv ItSWqElx7lbyh7IbupvsAa3lwZVMGAKs7uUAokvMjgE4zWvdP4/xg5shbItD63B5ig8C8i i0Go2XLu3H7571G7LmcSVAwSW0IYGZbzRP8nzIBNpBEjIyswtb1GSeStEC9GDw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RQxX534Lgz12CW; Wed, 16 Aug 2023 18:30:29 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 37GIUTQ8023433; Wed, 16 Aug 2023 18:30:29 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 37GIUT6Z023430; Wed, 16 Aug 2023 18:30:29 GMT (envelope-from git) Date: Wed, 16 Aug 2023 18:30:29 GMT Message-Id: <202308161830.37GIUT6Z023430@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Po-Chuan Hsieh Subject: git: a5abdadcbd65 - main - security/py-truststore: Add py-truststore 0.7.0 List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: sunpoet X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: a5abdadcbd65c160c795c040b4e78f3f1c275afe Auto-Submitted: auto-generated The branch main has been updated by sunpoet: URL: https://cgit.FreeBSD.org/ports/commit/?id=a5abdadcbd65c160c795c040b4e78f3f1c275afe commit a5abdadcbd65c160c795c040b4e78f3f1c275afe Author: Po-Chuan Hsieh AuthorDate: 2023-08-16 18:06:51 +0000 Commit: Po-Chuan Hsieh CommitDate: 2023-08-16 18:25:07 +0000 security/py-truststore: Add py-truststore 0.7.0 Truststore is a library which exposes native system certificate stores (ie "trust stores") through an ssl.SSLContext-like API. This means that Python applications no longer need to rely on certifi as a root certificate store. Native system certificate stores have many helpful features compared to a static certificate bundle like certifi: - Automatically update certificates as new CAs are created and removed - Fetch missing intermediate certificates - Check certificates against certificate revocation lists (CRLs) to avoid monster-in-the-middle (MITM) attacks - Managed per-system rather than per-application by a operations/IT team - PyPI is no longer a CA distribution channel Right now truststore is a stand-alone library that can be installed globally in your application to immediately take advantage of the benefits in Python 3.10+. Truststore has also been integrated into pip as an opt-in method for verifying HTTPS certificates with truststore instead of certifi. Long-term the hope is to make truststore the default way to verify HTTPS certificates in pip and to add this functionality into Python itself. Wish us luck! --- security/Makefile | 1 + security/py-truststore/Makefile | 22 ++++++++++++++++++++++ security/py-truststore/distinfo | 3 +++ security/py-truststore/pkg-descr | 20 ++++++++++++++++++++ 4 files changed, 46 insertions(+) diff --git a/security/Makefile b/security/Makefile index c7cd82f798cf..5e215d686b27 100644 --- a/security/Makefile +++ b/security/Makefile @@ -1037,6 +1037,7 @@ SUBDIR += py-tlslite-ng SUBDIR += py-trezor SUBDIR += py-trustme + SUBDIR += py-truststore SUBDIR += py-tuf SUBDIR += py-txtorcon SUBDIR += py-uhashring diff --git a/security/py-truststore/Makefile b/security/py-truststore/Makefile new file mode 100644 index 000000000000..44ac2b0cf931 --- /dev/null +++ b/security/py-truststore/Makefile @@ -0,0 +1,22 @@ +PORTNAME= truststore +PORTVERSION= 0.7.0 +CATEGORIES= security python +MASTER_SITES= PYPI +PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} + +MAINTAINER= sunpoet@FreeBSD.org +COMMENT= Verify certificates using native system trust stores +WWW= https://truststore.readthedocs.io/en/latest/ \ + https://github.com/sethmlarson/truststore + +LICENSE= MIT +LICENSE_FILE= ${WRKSRC}/LICENSE + +BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}flit-core>=3.2<4:devel/py-flit-core@${PY_FLAVOR} + +USES= python:3.10+ ssl +USE_PYTHON= autoplist concurrent pep517 + +NO_ARCH= yes + +.include diff --git a/security/py-truststore/distinfo b/security/py-truststore/distinfo new file mode 100644 index 000000000000..8b8d307fe2a6 --- /dev/null +++ b/security/py-truststore/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1691069906 +SHA256 (truststore-0.7.0.tar.gz) = 72e784507a624375434381e4bad3eff8614bc8c845a7f5ae16a25a2624d0683f +SIZE (truststore-0.7.0.tar.gz) = 14983 diff --git a/security/py-truststore/pkg-descr b/security/py-truststore/pkg-descr new file mode 100644 index 000000000000..70390d6db633 --- /dev/null +++ b/security/py-truststore/pkg-descr @@ -0,0 +1,20 @@ +Truststore is a library which exposes native system certificate stores (ie +"trust stores") through an ssl.SSLContext-like API. This means that Python +applications no longer need to rely on certifi as a root certificate store. +Native system certificate stores have many helpful features compared to a static +certificate bundle like certifi: +- Automatically update certificates as new CAs are created and removed +- Fetch missing intermediate certificates +- Check certificates against certificate revocation lists (CRLs) to avoid + monster-in-the-middle (MITM) attacks +- Managed per-system rather than per-application by a operations/IT team +- PyPI is no longer a CA distribution channel + +Right now truststore is a stand-alone library that can be installed globally in +your application to immediately take advantage of the benefits in Python 3.10+. +Truststore has also been integrated into pip as an opt-in method for verifying +HTTPS certificates with truststore instead of certifi. + +Long-term the hope is to make truststore the default way to verify HTTPS +certificates in pip and to add this functionality into Python itself. Wish us +luck!