git: 8b99252493eb - main - security/dehydrated: Update to 0.7.1-6-g4fd777e

From: Koichiro Iwao <meta_at_FreeBSD.org>
Date: Wed, 06 Mar 2024 04:29:32 UTC
The branch main has been updated by meta:

URL: https://cgit.FreeBSD.org/ports/commit/?id=8b99252493ebd9ad3c26b430af4de57021c46e6e

commit 8b99252493ebd9ad3c26b430af4de57021c46e6e
Author:     Koichiro Iwao <meta@FreeBSD.org>
AuthorDate: 2024-03-06 04:04:02 +0000
Commit:     Koichiro Iwao <meta@FreeBSD.org>
CommitDate: 2024-03-06 04:28:44 +0000

    security/dehydrated: Update to 0.7.1-6-g4fd777e
    
    Also add another periodic file to run dehydrated more frequent than
    weekly because OSCP response file should be updated before expiry [1].
    
    PR:             277409
    Reported by:    mfechner [1]
---
 security/dehydrated/Makefile                       | 16 ++++----
 security/dehydrated/distinfo                       |  6 +--
 security/dehydrated/files/000.dehydrated.daily.in  | 46 ++++++++++++++++++++++
 ...{000.dehydrated.in => 000.dehydrated.weekly.in} |  0
 security/dehydrated/files/pkg-message.in           | 11 ++++++
 security/dehydrated/pkg-plist                      |  1 +
 6 files changed, 69 insertions(+), 11 deletions(-)

diff --git a/security/dehydrated/Makefile b/security/dehydrated/Makefile
index 2310ddb7343a..91503e154f03 100644
--- a/security/dehydrated/Makefile
+++ b/security/dehydrated/Makefile
@@ -1,8 +1,7 @@
 PORTNAME=	dehydrated
 DISTVERSIONPREFIX=	v
-DISTVERSION=	0.7.1-5
-PORTREVISION=	1
-DISTVERSIONSUFFIX=	-ge3ef43c
+DISTVERSION=	0.7.1-6
+DISTVERSIONSUFFIX=	-g4fd777e
 CATEGORIES=	security
 
 MAINTAINER=	meta@FreeBSD.org
@@ -22,7 +21,7 @@ SHEBANG_FILES=	docs/examples/hook.sh dehydrated
 
 NO_ARCH=	yes
 NO_BUILD=	yes
-SUB_FILES=	000.dehydrated pkg-message
+SUB_FILES=	000.dehydrated.daily 000.dehydrated.weekly pkg-message
 SUB_LIST=	PORTNAME=${PORTNAME}
 
 OPTIONS_DEFINE=		DOCS
@@ -35,8 +34,6 @@ ZSH_DESC=	Use the Z shell (ZSH)
 
 BASH_RUN_DEPENDS=	bash:shells/bash
 ZSH_RUN_DEPENDS=	zsh:shells/zsh
-PERIODIC_DIRS=		etc/periodic/weekly
-PERIODIC_FILES=		000.dehydrated
 
 post-patch:
 .	for f in docs/examples/config dehydrated
@@ -50,13 +47,16 @@ post-patch-ZSH-on:
 .	endfor
 
 do-install:
-	@${MKDIR} ${STAGEDIR}${ETCDIR}/.acme-challenges ${STAGEDIR}${PREFIX}/${PERIODIC_DIRS}
+	@${MKDIR} ${STAGEDIR}${ETCDIR}/.acme-challenges \
+		${STAGEDIR}${PREFIX}/etc/periodic/daily \
+		${STAGEDIR}${PREFIX}/etc/periodic/weekly
 	${INSTALL_DATA} ${WRKSRC}/docs/examples/config ${STAGEDIR}${ETCDIR}/config.sample
 	${INSTALL_DATA} ${WRKSRC}/docs/examples/hook.sh ${STAGEDIR}${ETCDIR}/hook.sh.sample
 	${INSTALL_DATA} ${WRKSRC}/docs/examples/domains.txt ${STAGEDIR}${ETCDIR}/domains.txt.sample
 	${INSTALL_MAN} ${WRKSRC}/docs/man/dehydrated.1 ${STAGEDIR}${PREFIX}/share/man/man1
 	${INSTALL_SCRIPT} ${WRKSRC}/${PORTNAME} ${STAGEDIR}${PREFIX}/bin/${PORTNAME}
-	${INSTALL_SCRIPT} ${WRKDIR}/${PERIODIC_FILES} ${STAGEDIR}${PREFIX}/${PERIODIC_DIRS}/${PERIODIC_FILES}
+	${INSTALL_SCRIPT} ${WRKDIR}/000.dehydrated.daily ${STAGEDIR}${PREFIX}/etc/periodic/daily/000.dehydrated
+	${INSTALL_SCRIPT} ${WRKDIR}/000.dehydrated.weekly ${STAGEDIR}${PREFIX}/etc/periodic/weekly/000.dehydrated
 	@${MKDIR} ${STAGEDIR}${PREFIX}/www/dehydrated
 
 do-install-DOCS-on:
diff --git a/security/dehydrated/distinfo b/security/dehydrated/distinfo
index 5c7732d8cd1e..9298ccf74384 100644
--- a/security/dehydrated/distinfo
+++ b/security/dehydrated/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1673905899
-SHA256 (dehydrated-io-dehydrated-v0.7.1-5-ge3ef43c_GH0.tar.gz) = 4e7f64963731141987d93fd4f8b09f74c012ee603f4cbe3d2107a3de046c9680
-SIZE (dehydrated-io-dehydrated-v0.7.1-5-ge3ef43c_GH0.tar.gz) = 120749
+TIMESTAMP = 1709697522
+SHA256 (dehydrated-io-dehydrated-v0.7.1-6-g4fd777e_GH0.tar.gz) = de412c89502df7beb08e20d2d6e6f2b9f314dc60e6a12d08f9e7712b80d569c6
+SIZE (dehydrated-io-dehydrated-v0.7.1-6-g4fd777e_GH0.tar.gz) = 120738
diff --git a/security/dehydrated/files/000.dehydrated.daily.in b/security/dehydrated/files/000.dehydrated.daily.in
new file mode 100644
index 000000000000..9e1cc23329fd
--- /dev/null
+++ b/security/dehydrated/files/000.dehydrated.daily.in
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+if [ -r /etc/defaults/periodic.conf ]
+then
+    . /etc/defaults/periodic.conf
+    source_periodic_confs
+fi
+
+PATH=$PATH:%%LOCALBASE%%/bin:%%LOCALBASE%%/sbin
+export PATH
+
+case "$daily_letsencrypt_enable" in
+    [Yy][Ee][Ss])
+        : ${daily_dehydrated_enable:=$daily_letsencrypt_enable}
+        : ${daily_dehydrated_user:=$daily_letsencrypt_user}
+        : ${daily_dehydrated_flags:=$daily_letsencrypt_flags}
+        : ${daily_dehydrated_deployscript:=$daily_letsencrypt_deployscript}
+        ;;
+    *)
+        ;;
+esac
+
+case "$daily_dehydrated_enable" in
+    [Yy][Ee][Ss])
+	echo
+	echo "Checking Let's Encrypt certificate status:"
+
+	if [ -z "$daily_dehydrated_user" ]
+	then
+		%%PREFIX%%/bin/dehydrated -c $daily_dehydrated_flags
+	else
+		su -m "$daily_dehydrated_user" -c "%%PREFIX%%/bin/dehydrated -c $daily_dehydrated_flags"
+	fi
+
+	echo "Deploying Let's Encrypt certificates:"
+
+	if [ -x "$daily_dehydrated_deployscript" ]
+	then
+		$daily_dehydrated_deployscript
+	else
+		echo 'Skipped, deploy script not set or not executable.'
+	fi
+        ;;
+    *)
+        ;;
+esac
diff --git a/security/dehydrated/files/000.dehydrated.in b/security/dehydrated/files/000.dehydrated.weekly.in
similarity index 100%
rename from security/dehydrated/files/000.dehydrated.in
rename to security/dehydrated/files/000.dehydrated.weekly.in
diff --git a/security/dehydrated/files/pkg-message.in b/security/dehydrated/files/pkg-message.in
index e12265f46eb1..1e16d24ec107 100644
--- a/security/dehydrated/files/pkg-message.in
+++ b/security/dehydrated/files/pkg-message.in
@@ -21,6 +21,17 @@ weekly_dehydrated_deployscript="%%PREFIX%%/etc/%%PORTNAME%%/deploy.sh"
 
 Additional flags for the periodic run go into
 weekly_dehydrated_flags="-g"
+
+If weekly run is not frequent enough, such as when fetching OCSP
+response files (expires in 7 days), replace "weekly_" with "daily_"
+as follows to run dehydrated daily. Options are exactly same with
+weekly.
+
+daily_dehydrated_enable="YES"
+daily_dehydrated_user="_letsencrypt"
+daily_dehydrated_deployscript="%%PREFIX%%/etc/%%PORTNAME%%/deploy.sh"
+daily_dehydrated_flags="-g"
+
 EOM
 }
 ]
diff --git a/security/dehydrated/pkg-plist b/security/dehydrated/pkg-plist
index b58800ef572f..5de12829eab1 100644
--- a/security/dehydrated/pkg-plist
+++ b/security/dehydrated/pkg-plist
@@ -3,6 +3,7 @@ bin/dehydrated
 @sample %%ETCDIR%%/config.sample
 @sample %%ETCDIR%%/domains.txt.sample
 @sample %%ETCDIR%%/hook.sh.sample
+etc/periodic/daily/000.dehydrated
 etc/periodic/weekly/000.dehydrated
 share/man/man1/dehydrated.1.gz
 %%PORTDOCS%%%%DOCSDIR%%/README.md