svn commit: r425172 - in head: . security/acme-client security/acme-client/files
Bernard Spil
brnrd at FreeBSD.org
Wed Nov 2 20:08:36 UTC 2016
Author: brnrd
Date: Wed Nov 2 20:08:33 2016
New Revision: 425172
URL: https://svnweb.freebsd.org/changeset/ports/425172
Log:
security/acme-client: Update to 0.1.13
- Update to 0.1.13
- Modify all configuration paths from letsencrypt to acme
- Update periodic script to reflect path changes
- Update sample scripts to reflect path changes
- Add warning to pkg-message for changed paths
- Add UPDATING entry for changed paths
- Remove warning for old periodic.conf variable names
- Remove warning for letskencrypt rename
Modified:
head/UPDATING
head/security/acme-client/Makefile
head/security/acme-client/distinfo
head/security/acme-client/files/000.acme-client.sh.in
head/security/acme-client/files/acme-client.sh.sample.in
head/security/acme-client/files/deploy.sh.sample.in
head/security/acme-client/files/pkg-message.in
head/security/acme-client/pkg-plist
Modified: head/UPDATING
==============================================================================
--- head/UPDATING Wed Nov 2 19:47:27 2016 (r425171)
+++ head/UPDATING Wed Nov 2 20:08:33 2016 (r425172)
@@ -5,6 +5,19 @@ they are unavoidable.
You should get into the habit of checking this file for changes each time
you update your ports collection, before attempting any port upgrades.
+20161102:
+ AFFECTS: users of security/acme-client
+ AUTHOR: brnrd at FreeBSD.org
+
+ The default configuration paths have changed from 'letsencrypt' to
+ 'acme'. Rename the directories used accordingly
+
+ mv /usr/local/etc/letsencrypt /usr/local/etc/acme
+ mv /usr/local/etc/ssl/letsencrypt /usr/local/etc/ssl/acme
+ mv /usr/local/www/letsencrypt /usr/local/www/acme
+
+ Check your scripts to ensure proper operation.
+
20161030:
AFFECTS: users of mail/squirrelmail
AUTHOR: adamw at FreeBSD.org
Modified: head/security/acme-client/Makefile
==============================================================================
--- head/security/acme-client/Makefile Wed Nov 2 19:47:27 2016 (r425171)
+++ head/security/acme-client/Makefile Wed Nov 2 20:08:33 2016 (r425172)
@@ -2,8 +2,7 @@
# $FreeBSD$
PORTNAME= acme-client
-PORTVERSION= 0.1.11
-PORTREVISION= 2
+PORTVERSION= 0.1.13
DISTVERSIONPREFIX= portable-
CATEGORIES= security
MASTER_SITES= https://kristaps.bsd.lv/${PORTNAME}/snapshots/ \
@@ -26,7 +25,7 @@ STATIC_ACMECLIENT_EXTRA_PATCHES= ${PATCH
MAKEFILE= GNUmakefile
MAKE_ENV= PREFIX=${STAGEDIR}/${PREFIX}
-WWWDIR= ${PREFIX}/www/letsencrypt
+WWWDIR= ${PREFIX}/www/acme
SAMPLE_FILES= acme-client.sh.sample deploy.sh.sample
SUB_FILES= 000.acme-client.sh pkg-message ${SAMPLE_FILES}
@@ -36,20 +35,20 @@ PERIODIC_DIRS= etc/periodic/weekly
PERIODIC_FILES= 000.acme-client.sh
post-patch:
- ${REINPLACE_CMD} -e "s|/etc/|${PREFIX}/etc/|" \
- -e "s|/var/www/letsencrypt|${WWWDIR}|" \
+ ${REINPLACE_CMD} -e "s|/etc/|${PREFIX}/etc/|g" \
+ -e "s|/var/www/acme|${WWWDIR}|" \
${WRKSRC}/main.c ${WRKSRC}/acme-client.1
post-install:
${MKDIR} ${STAGEDIR}${PREFIX}/${PERIODIC_DIRS}
${INSTALL_SCRIPT} ${WRKDIR}/${PERIODIC_FILES} ${STAGEDIR}${PREFIX}/${PERIODIC_DIRS}/${PERIODIC_FILES}
${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/acme-client
-. for d in etc/ssl/letsencrypt etc/ssl/letsencrypt/private \
- etc/letsencrypt www/letsencrypt
+. for d in etc/ssl/acme etc/ssl/acme/private \
+ etc/acme www/acme
${MKDIR} ${STAGEDIR}${PREFIX}/${d}
. endfor
. for d in ${SAMPLE_FILES}
- ${INSTALL_SCRIPT} ${WRKDIR}/${d} ${STAGEDIR}${PREFIX}/etc/letsencrypt/${d}
+ ${INSTALL_SCRIPT} ${WRKDIR}/${d} ${STAGEDIR}${PREFIX}/etc/acme/${d}
. endfor
.include <bsd.port.pre.mk>
Modified: head/security/acme-client/distinfo
==============================================================================
--- head/security/acme-client/distinfo Wed Nov 2 19:47:27 2016 (r425171)
+++ head/security/acme-client/distinfo Wed Nov 2 20:08:33 2016 (r425172)
@@ -1,3 +1,3 @@
-TIMESTAMP = 1472800677
-SHA256 (acme-client-portable-0.1.11.tgz) = cb197820ad5dbe0f264f96f3b39ba71c295ab07ea6447632ee0f11329dbff126
-SIZE (acme-client-portable-0.1.11.tgz) = 45226
+TIMESTAMP = 1478115236
+SHA256 (acme-client-portable-0.1.13.tgz) = d364e68ef1590783d8e73196185c557b162805fefdbc92edf07289d5b32228c6
+SIZE (acme-client-portable-0.1.13.tgz) = 48641
Modified: head/security/acme-client/files/000.acme-client.sh.in
==============================================================================
--- head/security/acme-client/files/000.acme-client.sh.in Wed Nov 2 19:47:27 2016 (r425171)
+++ head/security/acme-client/files/000.acme-client.sh.in Wed Nov 2 20:08:33 2016 (r425172)
@@ -9,24 +9,6 @@ fi
PATH=$PATH:%%LOCALBASE%%/bin:%%LOCALBASE%%/sbin
export PATH
-case "$weekly_letskencrypt_enable" in
- [Yy][Ee][Ss])
- echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'
- echo '!! WARNING: letskencrypt has been renamed to acme-client !!'
- echo '!! rename all weekly_letskencrypt_* periodic variables !!'
- echo '!! to weekly_acme_client_* in your periodic.conf !!'
- echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'
- : ${weekly_acme_client_enable:=$weekly_letskencrypt_enable}
- : ${weekly_acme_client_renewscript:=$weekly_letskencrypt_renewscript}
- : ${weekly_acme_client_domains:=$weekly_letskencrypt_domains}
- : ${weekly_acme_client_challengedir:=$weekly_letskencrypt_challengedir}
- : ${weekly_acme_client_args:=$weekly_letskencrypt_args}
- : ${weekly_acme_client_deployscript:=$weekly_letskencrypt_deployscript}
- ;;
- *)
- ;;
-esac
-
case "$weekly_acme_client_enable" in
[Yy][Ee][Ss])
echo
Modified: head/security/acme-client/files/acme-client.sh.sample.in
==============================================================================
--- head/security/acme-client/files/acme-client.sh.sample.in Wed Nov 2 19:47:27 2016 (r425171)
+++ head/security/acme-client/files/acme-client.sh.sample.in Wed Nov 2 20:08:33 2016 (r425172)
@@ -1,7 +1,7 @@
#!/bin/sh -e
-BASEDIR="%%PREFIX%%/etc/letsencrypt"
-SSLDIR="%%PREFIX%%/etc/ssl/letsencrypt"
+BASEDIR="%%PREFIX%%/etc/acme"
+SSLDIR="%%PREFIX%%/etc/ssl/acme"
DOMAINSFILE="${BASEDIR}/domains.txt"
CHALLENGEDIR="/usr/jails/http/usr/local/www/.well-known/acme-challenge"
Modified: head/security/acme-client/files/deploy.sh.sample.in
==============================================================================
--- head/security/acme-client/files/deploy.sh.sample.in Wed Nov 2 19:47:27 2016 (r425171)
+++ head/security/acme-client/files/deploy.sh.sample.in Wed Nov 2 20:08:33 2016 (r425172)
@@ -3,15 +3,15 @@
set -e
DOMAIN="example.net"
-LEDIR="%%PREFIX%%/etc/ssl/letsencrypt"
+ACMEDIR="%%PREFIX%%/etc/ssl/acme"
JAILSDIR="/usr/jails"
TARGETS="mail http"
for jail in ${targets}; do
targetdir="${JAILSDIR}/${jail}/etc/ssl"
# Check if the certificate has changed
- [[ -z "`diff -rq ${LEDIR}/${domain}/fullchain.pem ${targetdir}/certs/${domain}.pem`" ]] && continue
- cp -L "${LEDIR}/private/${domain}.pem" "${targetdir}/priv/${domain}.pem"
- cp -L "${LEDIR}/${domain}/fullchain.pem" "${targetdir}/certs/${domain}.pem"
+ [[ -z "`diff -rq ${ACMEDIR}/${domain}/fullchain.pem ${targetdir}/certs/${domain}.pem`" ]] && continue
+ cp -L "${ACMEDIR}/private/${domain}.pem" "${targetdir}/priv/${domain}.pem"
+ cp -L "${ACMEDIR}/${domain}/fullchain.pem" "${targetdir}/certs/${domain}.pem"
chmod 400 "${targetdir}/priv/${domain}.pem"
chmod 644 "${targetdir}/certs/${domain}.pem"
# Restart/-load relevant services
@@ -25,9 +25,9 @@ done
#for jail in ${targets}; do
# targetdir="${JAILSDIR}/${jail}/etc/ssl"
# # Check if the certificate has changed
-# [[ -z "`diff -rq ${LEDIR}/${domain}/fullchain.pem ${targetdir}/certs/${domain}.pem`" ]] && continue
-# cp -L "${LEDIR}/private/${domain}.pem" "${targetdir}/priv/${domain}.pem"
-# cp -L "${LEDIR}/${domain}/fullchain.pem" "${targetdir}/certs/${domain}.pem"
+# [[ -z "`diff -rq ${ACMEDIR}/${domain}/fullchain.pem ${targetdir}/certs/${domain}.pem`" ]] && continue
+# cp -L "${ACMEDIR}/private/${domain}.pem" "${targetdir}/priv/${domain}.pem"
+# cp -L "${ACMEDIR}/${domain}/fullchain.pem" "${targetdir}/certs/${domain}.pem"
# chmod 400 "${targetdir}/priv/${domain}.pem"
# chmod 644 "${targetdir}/certs/${domain}.pem"
# # Restart/-load relevant services
Modified: head/security/acme-client/files/pkg-message.in
==============================================================================
--- head/security/acme-client/files/pkg-message.in Wed Nov 2 19:47:27 2016 (r425171)
+++ head/security/acme-client/files/pkg-message.in Wed Nov 2 20:08:33 2016 (r425172)
@@ -1,11 +1,14 @@
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!! WARNING: letskencrypt has been renamed to acme-client !!
-!! rename all weekly_letskencrypt_* periodic variables !!
-!! to weekly_acme_client_* in your periodic.conf !!
-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! WARNING: The default configuration paths have changed, !!
+!! rename !!
+!! /usr/local/www/letsencrypt to /usr/local/www/acme, !!
+!! /usr/local/etc/letsencrypt to /usr/local/etc/acme and !!
+!! /usr/local/etc/ssl/letsencrypt to /usr/local/etc/ssl/acme !!
+!! and verify paths in your scripts !!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
There are example scripts in
- %%PREFIX%%/etc/letsencrypt
+ %%PREFIX%%/etc/acme
that you can use for renewing and deploying multiple certificates
In order to run the script regularly to update
@@ -27,7 +30,7 @@ To set additional acme-client arguments
To run a specific script for the renewal (ignore previously set variables)
allows generating/renewing multiple keys/certificates
- weekly_acme_client_renewscript=""%%PREFIX%%/etc/letsencrypt/%%PORTNAME%%.sh"
+ weekly_acme_client_renewscript=""%%PREFIX%%/etc/acme/%%PORTNAME%%.sh"
To run a script after the renewal to deploy changed certs
- weekly_acme_client_deployscript="%%PREFIX%%/etc/letsencrypt/deploy.sh"
+ weekly_acme_client_deployscript="%%PREFIX%%/etc/acme/deploy.sh"
Modified: head/security/acme-client/pkg-plist
==============================================================================
--- head/security/acme-client/pkg-plist Wed Nov 2 19:47:27 2016 (r425171)
+++ head/security/acme-client/pkg-plist Wed Nov 2 20:08:33 2016 (r425172)
@@ -1,10 +1,10 @@
bin/acme-client
man/man1/acme-client.1.gz
etc/periodic/weekly/000.acme-client.sh
- at dir(,,0700) etc/letsencrypt
+ at dir(,,0700) etc/acme
@dir(,,0755) etc/ssl
- at dir(,,0755) etc/ssl/letsencrypt
- at dir(,,0700) etc/ssl/letsencrypt/private
+ at dir(,,0755) etc/ssl/acme
+ at dir(,,0700) etc/ssl/acme/private
@dir(,www,) %%WWWDIR%%
- at sample etc/letsencrypt/deploy.sh.sample
- at sample etc/letsencrypt/acme-client.sh.sample
+ at sample etc/acme/deploy.sh.sample
+ at sample etc/acme/acme-client.sh.sample
More information about the svn-ports-all
mailing list