Thu May 2 13:34:56 2024 UTC (21d)
Add security/uacme package.
Lightweight client for the RFC8555 ACMEv2 protocol, written in plain C
with minimal dependencies (libcurl and one of GnuTLS, OpenSSL or mbedTLS).
The ACMEv2 protocol allows a Certificate Authority (Let's Encrypt is a
popular one) and an applicant to automate the process of verification
and certificate issuance. The protocol also provides facilities for
other certificate management functions, such as certificate revocation.
(hauke)
diff -r1.945 -r1.946 pkgsrc/security/Makefile
diff -r0 -r1.1 pkgsrc/security/uacme/DESCR
diff -r0 -r1.1 pkgsrc/security/uacme/MESSAGE
diff -r0 -r1.1 pkgsrc/security/uacme/Makefile
diff -r0 -r1.1 pkgsrc/security/uacme/PLIST
diff -r0 -r1.1 pkgsrc/security/uacme/distinfo
diff -r0 -r1.1 pkgsrc/security/uacme/options.mk
diff -r0 -r1.1 pkgsrc/security/uacme/patches/patch-Makefile.am
diff -r0 -r1.1 pkgsrc/security/uacme/patches/patch-uacme.c
diff -r0 -r1.1 pkgsrc/security/uacme/patches/patch-uacme.sh
--- pkgsrc/security/Makefile 2024/04/26 15:16:52 1.945
+++ pkgsrc/security/Makefile 2024/05/02 13:34:56 1.946
| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | # $NetBSD: Makefile,v 1.945 2024/04/26 15:16:52 wiz Exp $ | | 1 | # $NetBSD: Makefile,v 1.946 2024/05/02 13:34:56 hauke Exp $ |
2 | # | | 2 | # |
3 | | | 3 | |
4 | COMMENT= Security and cryptography tools and libraries | | 4 | COMMENT= Security and cryptography tools and libraries |
5 | | | 5 | |
6 | SUBDIR+= 2fa | | 6 | SUBDIR+= 2fa |
7 | SUBDIR+= Bastille | | 7 | SUBDIR+= Bastille |
8 | SUBDIR+= CSP | | 8 | SUBDIR+= CSP |
9 | SUBDIR+= CoolKey | | 9 | SUBDIR+= CoolKey |
10 | SUBDIR+= EasyPG | | 10 | SUBDIR+= EasyPG |
11 | SUBDIR+= HElib | | 11 | SUBDIR+= HElib |
12 | SUBDIR+= KeePass | | 12 | SUBDIR+= KeePass |
13 | SUBDIR+= PACK | | 13 | SUBDIR+= PACK |
14 | SUBDIR+= PortableSigner | | 14 | SUBDIR+= PortableSigner |
| @@ -654,26 +654,27 @@ SUBDIR+= subfinder | | | @@ -654,26 +654,27 @@ SUBDIR+= subfinder |
654 | SUBDIR+= sudo | | 654 | SUBDIR+= sudo |
655 | SUBDIR+= tcl-tls | | 655 | SUBDIR+= tcl-tls |
656 | SUBDIR+= tcp_wrappers | | 656 | SUBDIR+= tcp_wrappers |
657 | SUBDIR+= tct | | 657 | SUBDIR+= tct |
658 | SUBDIR+= terrapin-scanner | | 658 | SUBDIR+= terrapin-scanner |
659 | SUBDIR+= tkpasman | | 659 | SUBDIR+= tkpasman |
660 | SUBDIR+= tlswrapper | | 660 | SUBDIR+= tlswrapper |
661 | SUBDIR+= tlsx | | 661 | SUBDIR+= tlsx |
662 | SUBDIR+= tor-browser | | 662 | SUBDIR+= tor-browser |
663 | SUBDIR+= tor-browser-https-everywhere | | 663 | SUBDIR+= tor-browser-https-everywhere |
664 | SUBDIR+= tor-browser-noscript | | 664 | SUBDIR+= tor-browser-noscript |
665 | SUBDIR+= tripwire | | 665 | SUBDIR+= tripwire |
666 | SUBDIR+= trufflehog | | 666 | SUBDIR+= trufflehog |
| | | 667 | SUBDIR+= uacme |
667 | SUBDIR+= validns | | 668 | SUBDIR+= validns |
668 | SUBDIR+= vault | | 669 | SUBDIR+= vault |
669 | SUBDIR+= vaultwarden | | 670 | SUBDIR+= vaultwarden |
670 | SUBDIR+= volatility3 | | 671 | SUBDIR+= volatility3 |
671 | SUBDIR+= wfuzz | | 672 | SUBDIR+= wfuzz |
672 | SUBDIR+= wolfssl | | 673 | SUBDIR+= wolfssl |
673 | SUBDIR+= xca | | 674 | SUBDIR+= xca |
674 | SUBDIR+= xhash | | 675 | SUBDIR+= xhash |
675 | SUBDIR+= xml-security-c | | 676 | SUBDIR+= xml-security-c |
676 | SUBDIR+= xmlsec1 | | 677 | SUBDIR+= xmlsec1 |
677 | SUBDIR+= yafic | | 678 | SUBDIR+= yafic |
678 | SUBDIR+= yara | | 679 | SUBDIR+= yara |
679 | SUBDIR+= ykclient | | 680 | SUBDIR+= ykclient |
Lightweight client for the RFC8555 ACMEv2 protocol, written in plain C
with minimal dependencies (libcurl and one of GnuTLS, OpenSSL or mbedTLS).
The ACMEv2 protocol allows a Certificate Authority (Let's Encrypt is a
popular one) and an applicant to automate the process of verification
and certificate issuance. The protocol also provides facilities for
other certificate management functions, such as certificate revocation.
===========================================================================
$NetBSD: MESSAGE,v 1.1 2024/05/02 13:34:56 hauke Exp $
The http-01 challenge protocol expects that the letsencrypt server can
read back the provided domain challenge via http under the path
"/.well-known/acme-challenge/".
Your web server needs to alias this directory to "${UACME_CHALLENGE_PATH}".
===========================================================================
# $NetBSD: Makefile,v 1.1 2024/05/02 13:34:56 hauke Exp $
PKGNAME= uacme-${PKGVER}
DISTNAME= v${PKGVER}
PKGVER= 1.7.5
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_GITHUB:=ndilieto/uacme/archive/refs/tags/}
MAINTAINER= hauke@NetBSD.org
COMMENT= Lightweight C ACMEv2 client which uses external authenticators
HOMEPAGE= https://github.com/ndilieto/uacme
LICENSE= gnu-gpl-v3
BUILD_DEPENDS+= asciidoc-[0-9]*:../../textproc/asciidoc
USE_TOOLS+= gmake pkg-config autoconf autoreconf automake
USE_LANGUAGES= c
USE_CC_FEATURES= c11
GNU_CONFIGURE= yes
WRKSRC= ${WRKDIR}/uacme-${PKGVER}
HOOKDIR= libexec
DOCDIR= share/doc/uacme
UACME_CONFDIR= ${VARBASE}/uacme
UACME_CHALLENGE_PATH= ${UACME_CONFDIR}/challenge
CONFIGURE_ARGS= --datadir=${PREFIX}/${HOOKDIR}
CONFIGURE_ARGS+= --disable-maintainer-mode
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
BUILD_DEFS+= VARBASE
.include "options.mk"
REPLACE_SH+= nsupdate.sh uacme.sh ualpn.sh
MESSAGE_SUBST+= UACME_CHALLENGE_PATH=${UACME_CHALLENGE_PATH}
SUBST_CLASSES+= confdir
SUBST_STAGE.confdir= pre-configure
SUBST_MESSAGE.confdir= Set CONFDIR default
SUBST_FILES.confdir= uacme.c
SUBST_VARS.confdir= UACME_CONFDIR
SUBST_CLASSES+= challenge
SUBST_STAGE.challenge= pre-configure
SUBST_MESSAGE.challenge= Set http-01 challenge default directory
SUBST_FILES.challenge= uacme.sh
SUBST_VARS.challenge= UACME_CHALLENGE_PATH
INSTALLATION_DIRS+= ${HOOKDIR}/uacme ${DOCDIR}
OWN_DIRS= ${UACME_CONFDIR} ${UACME_CHALLENGE_PATH}
OWN_DIRS_PERMS+= ${UACME_CONFDIR}/private ${REAL_ROOT_USER} \
${REAL_ROOT_GROUP} 0700
pre-configure:
cd ${WRKSRC} && autoreconf -if
post-install:
${INSTALL_MAN} ${WRKSRC}/README.md ${DESTDIR}${PREFIX}/${DOCDIR}
.include "../../devel/libev/buildlink3.mk"
.include "../../www/curl/buildlink3.mk"
.include "../../mk/bsd.pkg.mk"
@comment $NetBSD: PLIST,v 1.1 2024/05/02 13:34:56 hauke Exp $
bin/uacme
bin/ualpn
libexec/uacme/nsupdate.sh
libexec/uacme/uacme.sh
libexec/uacme/ualpn.sh
man/man1/uacme.1
man/man1/ualpn.1
share/doc/uacme/README.md
$NetBSD: distinfo,v 1.1 2024/05/02 13:34:56 hauke Exp $
BLAKE2s (v1.7.5.tar.gz) = 1947951f05e8b61a896394d1f67367446969dc14205440514ad679e1951bf208
SHA512 (v1.7.5.tar.gz) = c219e3ade3a81e3088cc95ecc6422022d18bffd11f26aa1618d7e4bdbf492034ae886ad6d4428ba9bbe64dbe6e6576945f50ea8ae9d6f85098758a20ff82051c
Size (v1.7.5.tar.gz) = 258398 bytes
SHA1 (patch-Makefile.am) = 562ca9e346d95771798c8fab146f59aaefb57b52
SHA1 (patch-uacme.c) = ef74f682f7a4336da4b3686aa50678298608f67e
SHA1 (patch-uacme.sh) = 24da3e33aac08634d61287d1fb971f0b4095de8e
# $NetBSD: options.mk,v 1.1 2024/05/02 13:34:56 hauke Exp $
PKG_OPTIONS_VAR= PKG_OPTIONS.uacme
PKG_OPTIONS_REQUIRED_GROUPS= tls
PKG_OPTIONS_GROUP.tls= openssl gnutls mbedtls
PKG_SUGGESTED_OPTIONS= openssl
.include "../../mk/bsd.options.mk"
.if !empty(PKG_OPTIONS:Mopenssl)
CONFIGURE_ARGS+= --with-openssl=${BUILDLINK_PREFIX.openssl}
.include "../../security/openssl/buildlink3.mk"
.endif
.if !empty(PKG_OPTIONS:Mgnutls)
CONFIGURE_ARGS+= --with-gnutls=${BUILDLINK_PREFIX.gnutls}
.include "../../security/gnutls/buildlink3.mk"
.endif
.if !empty(PKG_OPTIONS:Mmbedtls)
CONFIGURE_ARGS+= --with-mbedtls=${BUILDLINK_PREFIX.mbedtls3}
.include "../../security/mbedtls3/buildlink3.mk"
.endif
$NetBSD: patch-Makefile.am,v 1.1 2024/05/02 13:34:56 hauke Exp $
Do not bother with html docs - man pages are good enough
for Ents and Men
--- Makefile.am.orig 2024-04-21 18:01:13.826158561 +0000
+++ Makefile.am
@@ -67,23 +67,15 @@ endif
if ENABLE_DOCS
dist_man1_MANS = uacme.1
-dist_html_DATA = docs/uacme.html
if ENABLE_UALPN
dist_man1_MANS += ualpn.1
-dist_html_DATA += docs/ualpn.html
ualpn.1: ualpn.1.txt $(top_srcdir)/.version
$(AM_V_GEN)$(A2X) -L -d manpage -f manpage \
-a revision=$(VERSION) \
-a sysconfdir="${sysconfdir}" \
-a runstatedir="${runstatedir}" $<
-
-docs/ualpn.html: ualpn.1.txt $(top_srcdir)/.version
- $(AM_V_GEN)$(ASCIIDOC) -d manpage -b html5 -o $@ \
- -a revision=$(VERSION) \
- -a sysconfdir="${sysconfdir}" \
- -a runstatedir="${runstatedir}" $<
endif
uacme.1: uacme.1.txt $(top_srcdir)/.version
@@ -91,12 +83,6 @@ uacme.1: uacme.1.txt $(top_srcdir)/.vers
-a revision=$(VERSION) \
-a sysconfdir="${sysconfdir}" \
-a runstatedir="${runstatedir}" $<
-
-docs/uacme.html: uacme.1.txt $(top_srcdir)/.version
- $(AM_V_GEN)$(ASCIIDOC) -d manpage -b html5 -o $@ \
- -a revision=$(VERSION) \
- -a sysconfdir="${sysconfdir}" \
- -a runstatedir="${runstatedir}" $<
endif
.PHONY: valgrind
$NetBSD: patch-uacme.c,v 1.1 2024/05/02 13:34:56 hauke Exp $
Set CONFDIR default - we prefer not to write under /etc
--- uacme.c.orig 2024-04-24 20:06:00.457609312 +0000
+++ uacme.c
@@ -46,7 +46,7 @@
#define PRODUCTION_URL "https://acme-v02.api.letsencrypt.org/directory"
#define STAGING_URL "https://acme-staging-v02.api.letsencrypt.org/directory"
-#define DEFAULT_CONFDIR SYSCONFDIR "/ssl/uacme"
+#define DEFAULT_CONFDIR "@UACME_CONFDIR@"
typedef struct acme {
privkey_t key;
$NetBSD: patch-uacme.sh,v 1.1 2024/05/02 13:34:56 hauke Exp $
Make location of the http-01 challenges build-configurable.
The web server used then has to map the directory to
"/.well-known/acme-challenge/".
--- uacme.sh.orig 2024-04-25 11:12:57.787219060 +0000
+++ uacme.sh
@@ -16,7 +16,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-CHALLENGE_PATH="${UACME_CHALLENGE_PATH:-/var/www/.well-known/acme-challenge}"
+CHALLENGE_PATH="${UACME_CHALLENGE_PATH:-@UACME_CHALLENGE_PATH@}"
ARGS=5
E_BADARGS=85