From nobody Wed Mar 06 04:29:32 2024
X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TqKG454ytz5BddM;
	Wed,  6 Mar 2024 04:29:32 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4TqKG44Qg0z4NFd;
	Wed,  6 Mar 2024 04:29:32 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1709699372;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=qHcoyHZSoBtDyeGUC+VVGQAyfKpJoa/wEwqG4AYxeJ0=;
	b=tWCHd0NC19yEYE4yGrzXK6qydX+Ns45yzYx679qr7IKfyxT4PbhDKKUE45PiYxphKxfyEx
	mqSSWcY0LXQwgBQZc4E70WZAGFd0oOjaK/zb9aDB2vqWwoW0lQl2m5IDWcIjbSl6erzl9S
	xADWrWtli8SQS9VXydpb9sGgsm+ZTyisfsT1Yxzc6WI+mSSDcO8a/GZBuIX9Zaj7oQtibO
	HPz+Or+6KlM81Zqpq5J6IX8LNVOxa6SEfkLKPo5xcyp57zmXqpvgWpEmoKTgnWIHdfOSUS
	1jj9O4fAkau38qgiC9ghCn9/umhw9PGBP2kQ6kgq7kL6vigo6F8kwqXD2y2IKQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1709699372; a=rsa-sha256; cv=none;
	b=NBS5amvaBQq1cXVECRgxEzpF/fs4t97IIyj2lCPMJ6YZEeoKXHFFNLLfyMutNNQyfqWTmx
	gc5Ga02vEANUX++AaC6msaYPBl7nC7tct93S4zZOql9cFtfYg2VHupPf5Yo26Kv/BZ92Nl
	R+jL/NTSOVDOOoPQvLbqJ7huIwTvwAonH8Z1x/WykNtwr0k2Gxjo4lvsfXYmYbWxvwPqcN
	88iHpCy5zcY//mJoyVXZ/KhIyKQ9oVmkTvlD83uNfXhMQI1PRFnr2jOBmVnFDLiMUpaziC
	yaMjX+2z+YZXGvQVtyyA6/jEhgQPknjDcoHB733dA0uLEbnlsvLkA+RLPglElg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1709699372;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=qHcoyHZSoBtDyeGUC+VVGQAyfKpJoa/wEwqG4AYxeJ0=;
	b=mYox95nl61AGc9ZRzTqaJj6G7d+oQGDYRVrmPmKYBtlbzGmEkpsKsRfteNEzjJgTqoItg4
	null60C5ZWINMIwDH8dbnZJaI62OaxfZOkFQMYPeIs5JUujH/7xaemUIIdLWNlt/yya0Ct
	EOCCWN8QvWC8WuerOMrtr6W79RBvh3n4ORlJ0z7WvgX6/JSKq/V0WinU/VJRFefJzcKhMv
	CdoqG1EGWMupravURtb6z0FiKhufvIgdiUTxa2Vyl0qJFVrvn/cBtn3x7FWlZRws2V0taP
	scH9pqnAPleQU3PGFkI9eGvEqw2A0eyjTcOwetHgYNAv2TxDudNeWKlhPPV7/Q==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TqKG43yl2zbCl;
	Wed,  6 Mar 2024 04:29:32 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 4264TWvA006602;
	Wed, 6 Mar 2024 04:29:32 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 4264TWQM006599;
	Wed, 6 Mar 2024 04:29:32 GMT
	(envelope-from git)
Date: Wed, 6 Mar 2024 04:29:32 GMT
Message-Id: <202403060429.4264TWQM006599@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Koichiro Iwao <meta@FreeBSD.org>
Subject: git: 8b99252493eb - main - security/dehydrated: Update to
  0.7.1-6-g4fd777e
List-Id: Commits to the main branch of the FreeBSD ports repository <dev-commits-ports-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main
List-Help: <mailto:dev-commits-ports-main+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-main+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-main@freebsd.org
X-BeenThere: dev-commits-ports-main@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: meta
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 8b99252493ebd9ad3c26b430af4de57021c46e6e
Auto-Submitted: auto-generated

The branch main has been updated by meta:

URL: https://cgit.FreeBSD.org/ports/commit/?id=8b99252493ebd9ad3c26b430af4de57021c46e6e

commit 8b99252493ebd9ad3c26b430af4de57021c46e6e
Author:     Koichiro Iwao <meta@FreeBSD.org>
AuthorDate: 2024-03-06 04:04:02 +0000
Commit:     Koichiro Iwao <meta@FreeBSD.org>
CommitDate: 2024-03-06 04:28:44 +0000

    security/dehydrated: Update to 0.7.1-6-g4fd777e
    
    Also add another periodic file to run dehydrated more frequent than
    weekly because OSCP response file should be updated before expiry [1].
    
    PR:             277409
    Reported by:    mfechner [1]
---
 security/dehydrated/Makefile                       | 16 ++++----
 security/dehydrated/distinfo                       |  6 +--
 security/dehydrated/files/000.dehydrated.daily.in  | 46 ++++++++++++++++++++++
 ...{000.dehydrated.in => 000.dehydrated.weekly.in} |  0
 security/dehydrated/files/pkg-message.in           | 11 ++++++
 security/dehydrated/pkg-plist                      |  1 +
 6 files changed, 69 insertions(+), 11 deletions(-)

diff --git a/security/dehydrated/Makefile b/security/dehydrated/Makefile
index 2310ddb7343a..91503e154f03 100644
--- a/security/dehydrated/Makefile
+++ b/security/dehydrated/Makefile
@@ -1,8 +1,7 @@
 PORTNAME=	dehydrated
 DISTVERSIONPREFIX=	v
-DISTVERSION=	0.7.1-5
-PORTREVISION=	1
-DISTVERSIONSUFFIX=	-ge3ef43c
+DISTVERSION=	0.7.1-6
+DISTVERSIONSUFFIX=	-g4fd777e
 CATEGORIES=	security
 
 MAINTAINER=	meta@FreeBSD.org
@@ -22,7 +21,7 @@ SHEBANG_FILES=	docs/examples/hook.sh dehydrated
 
 NO_ARCH=	yes
 NO_BUILD=	yes
-SUB_FILES=	000.dehydrated pkg-message
+SUB_FILES=	000.dehydrated.daily 000.dehydrated.weekly pkg-message
 SUB_LIST=	PORTNAME=${PORTNAME}
 
 OPTIONS_DEFINE=		DOCS
@@ -35,8 +34,6 @@ ZSH_DESC=	Use the Z shell (ZSH)
 
 BASH_RUN_DEPENDS=	bash:shells/bash
 ZSH_RUN_DEPENDS=	zsh:shells/zsh
-PERIODIC_DIRS=		etc/periodic/weekly
-PERIODIC_FILES=		000.dehydrated
 
 post-patch:
 .	for f in docs/examples/config dehydrated
@@ -50,13 +47,16 @@ post-patch-ZSH-on:
 .	endfor
 
 do-install:
-	@${MKDIR} ${STAGEDIR}${ETCDIR}/.acme-challenges ${STAGEDIR}${PREFIX}/${PERIODIC_DIRS}
+	@${MKDIR} ${STAGEDIR}${ETCDIR}/.acme-challenges \
+		${STAGEDIR}${PREFIX}/etc/periodic/daily \
+		${STAGEDIR}${PREFIX}/etc/periodic/weekly
 	${INSTALL_DATA} ${WRKSRC}/docs/examples/config ${STAGEDIR}${ETCDIR}/config.sample
 	${INSTALL_DATA} ${WRKSRC}/docs/examples/hook.sh ${STAGEDIR}${ETCDIR}/hook.sh.sample
 	${INSTALL_DATA} ${WRKSRC}/docs/examples/domains.txt ${STAGEDIR}${ETCDIR}/domains.txt.sample
 	${INSTALL_MAN} ${WRKSRC}/docs/man/dehydrated.1 ${STAGEDIR}${PREFIX}/share/man/man1
 	${INSTALL_SCRIPT} ${WRKSRC}/${PORTNAME} ${STAGEDIR}${PREFIX}/bin/${PORTNAME}
-	${INSTALL_SCRIPT} ${WRKDIR}/${PERIODIC_FILES} ${STAGEDIR}${PREFIX}/${PERIODIC_DIRS}/${PERIODIC_FILES}
+	${INSTALL_SCRIPT} ${WRKDIR}/000.dehydrated.daily ${STAGEDIR}${PREFIX}/etc/periodic/daily/000.dehydrated
+	${INSTALL_SCRIPT} ${WRKDIR}/000.dehydrated.weekly ${STAGEDIR}${PREFIX}/etc/periodic/weekly/000.dehydrated
 	@${MKDIR} ${STAGEDIR}${PREFIX}/www/dehydrated
 
 do-install-DOCS-on:
diff --git a/security/dehydrated/distinfo b/security/dehydrated/distinfo
index 5c7732d8cd1e..9298ccf74384 100644
--- a/security/dehydrated/distinfo
+++ b/security/dehydrated/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1673905899
-SHA256 (dehydrated-io-dehydrated-v0.7.1-5-ge3ef43c_GH0.tar.gz) = 4e7f64963731141987d93fd4f8b09f74c012ee603f4cbe3d2107a3de046c9680
-SIZE (dehydrated-io-dehydrated-v0.7.1-5-ge3ef43c_GH0.tar.gz) = 120749
+TIMESTAMP = 1709697522
+SHA256 (dehydrated-io-dehydrated-v0.7.1-6-g4fd777e_GH0.tar.gz) = de412c89502df7beb08e20d2d6e6f2b9f314dc60e6a12d08f9e7712b80d569c6
+SIZE (dehydrated-io-dehydrated-v0.7.1-6-g4fd777e_GH0.tar.gz) = 120738
diff --git a/security/dehydrated/files/000.dehydrated.daily.in b/security/dehydrated/files/000.dehydrated.daily.in
new file mode 100644
index 000000000000..9e1cc23329fd
--- /dev/null
+++ b/security/dehydrated/files/000.dehydrated.daily.in
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+if [ -r /etc/defaults/periodic.conf ]
+then
+    . /etc/defaults/periodic.conf
+    source_periodic_confs
+fi
+
+PATH=$PATH:%%LOCALBASE%%/bin:%%LOCALBASE%%/sbin
+export PATH
+
+case "$daily_letsencrypt_enable" in
+    [Yy][Ee][Ss])
+        : ${daily_dehydrated_enable:=$daily_letsencrypt_enable}
+        : ${daily_dehydrated_user:=$daily_letsencrypt_user}
+        : ${daily_dehydrated_flags:=$daily_letsencrypt_flags}
+        : ${daily_dehydrated_deployscript:=$daily_letsencrypt_deployscript}
+        ;;
+    *)
+        ;;
+esac
+
+case "$daily_dehydrated_enable" in
+    [Yy][Ee][Ss])
+	echo
+	echo "Checking Let's Encrypt certificate status:"
+
+	if [ -z "$daily_dehydrated_user" ]
+	then
+		%%PREFIX%%/bin/dehydrated -c $daily_dehydrated_flags
+	else
+		su -m "$daily_dehydrated_user" -c "%%PREFIX%%/bin/dehydrated -c $daily_dehydrated_flags"
+	fi
+
+	echo "Deploying Let's Encrypt certificates:"
+
+	if [ -x "$daily_dehydrated_deployscript" ]
+	then
+		$daily_dehydrated_deployscript
+	else
+		echo 'Skipped, deploy script not set or not executable.'
+	fi
+        ;;
+    *)
+        ;;
+esac
diff --git a/security/dehydrated/files/000.dehydrated.in b/security/dehydrated/files/000.dehydrated.weekly.in
similarity index 100%
rename from security/dehydrated/files/000.dehydrated.in
rename to security/dehydrated/files/000.dehydrated.weekly.in
diff --git a/security/dehydrated/files/pkg-message.in b/security/dehydrated/files/pkg-message.in
index e12265f46eb1..1e16d24ec107 100644
--- a/security/dehydrated/files/pkg-message.in
+++ b/security/dehydrated/files/pkg-message.in
@@ -21,6 +21,17 @@ weekly_dehydrated_deployscript="%%PREFIX%%/etc/%%PORTNAME%%/deploy.sh"
 
 Additional flags for the periodic run go into
 weekly_dehydrated_flags="-g"
+
+If weekly run is not frequent enough, such as when fetching OCSP
+response files (expires in 7 days), replace "weekly_" with "daily_"
+as follows to run dehydrated daily. Options are exactly same with
+weekly.
+
+daily_dehydrated_enable="YES"
+daily_dehydrated_user="_letsencrypt"
+daily_dehydrated_deployscript="%%PREFIX%%/etc/%%PORTNAME%%/deploy.sh"
+daily_dehydrated_flags="-g"
+
 EOM
 }
 ]
diff --git a/security/dehydrated/pkg-plist b/security/dehydrated/pkg-plist
index b58800ef572f..5de12829eab1 100644
--- a/security/dehydrated/pkg-plist
+++ b/security/dehydrated/pkg-plist
@@ -3,6 +3,7 @@ bin/dehydrated
 @sample %%ETCDIR%%/config.sample
 @sample %%ETCDIR%%/domains.txt.sample
 @sample %%ETCDIR%%/hook.sh.sample
+etc/periodic/daily/000.dehydrated
 etc/periodic/weekly/000.dehydrated
 share/man/man1/dehydrated.1.gz
 %%PORTDOCS%%%%DOCSDIR%%/README.md