security/p5-openxpki{-i18n}: Update to 3.24.2

- Update two ports sharing the same distribution to 3.24.2
- Add a new file: files/patch-Makefile.PL
- Fix build for openssl 3+
- Fix pkg-plist to make portlint happy
- Fix pkg-message about MariaDB and about new OpenSSL versions

ChangeLog: https://github.com/openxpki/openxpki/compare/v3.22.1...v3.24.2

PR:		272248
This commit is contained in:
Sergei Vyshenski 2023-06-27 17:36:54 +02:00 committed by Robert Clausecker
parent 2a6551e6c0
commit 1c4051cde0
8 changed files with 1125 additions and 554 deletions

View file

@ -1,6 +1,6 @@
PORTNAME= openxpki
DISTVERSIONPREFIX= v
DISTVERSION= 3.24.1
DISTVERSION= 3.24.2
CATEGORIES= security perl5
PKGNAMEPREFIX= p5-
PKGNAMESUFFIX= -i18n

View file

@ -1,3 +1,3 @@
TIMESTAMP = 1675078305
SHA256 (openxpki-openxpki-v3.24.1_GH0.tar.gz) = 70ca49bb8cf4e7ae71362227fd397adfade2462b045331911e72320888872ea1
SIZE (openxpki-openxpki-v3.24.1_GH0.tar.gz) = 34969532
TIMESTAMP = 1687880023
SHA256 (openxpki-openxpki-v3.24.2_GH0.tar.gz) = b7528d3dde96c33c56a5e99a44fb2896190625bf9abc9a8597d25ceabbba8531
SIZE (openxpki-openxpki-v3.24.2_GH0.tar.gz) = 34969529

View file

@ -1,6 +1,6 @@
PORTNAME= openxpki
DISTVERSIONPREFIX= v
DISTVERSION= 3.24.1
DISTVERSION= 3.24.2
CATEGORIES= security perl5
PKGNAMEPREFIX= p5-
@ -11,9 +11,6 @@ WWW= https://www.openxpki.org/
LICENSE= APACHE20
LICENSE_FILE= ${WRKSRC}/LICENSE
BROKEN_SSL= openssl30 openssl31
BROKEN_SSL_REASON= Fails to detect OpenSSL 3.0.0 and later
MY_DEPENDS= bash:shells/bash \
p5-Archive-Zip>=0:archivers/p5-Archive-Zip \
p5-Cache-LRU>=0:devel/p5-Cache-LRU \
@ -42,6 +39,7 @@ MY_DEPENDS= bash:shells/bash \
p5-Data-UUID>=0:devel/p5-Data-UUID \
p5-DateTime-Format-DateParse>=0.04:devel/p5-DateTime-Format-DateParse \
p5-DBD-Mock>=1.45:databases/p5-DBD-Mock \
p5-DBD-SQLite>=1.52:databases/p5-DBD-SQLite \
p5-DBIx-Handler>=0.14:databases/p5-DBIx-Handler \
p5-Devel-NYTProf>=0:devel/p5-Devel-NYTProf \
p5-Feature-Compat-Try>=0.05:devel/p5-Feature-Compat-Try \
@ -78,6 +76,8 @@ MY_DEPENDS= bash:shells/bash \
p5-Switch>=0:lang/p5-Switch \
p5-Sys-SigAction>=0.06:devel/p5-Sys-SigAction \
p5-Template-Toolkit>=2.15:www/p5-Template-Toolkit \
p5-Test-Pod-Coverage>=1.00:devel/p5-Test-Pod-Coverage \
p5-Test-Pod>=1.00:devel/p5-Test-Pod \
p5-Text-CSV_XS>=0.23:textproc/p5-Text-CSV_XS \
p5-TimeDate>=0:devel/p5-TimeDate \
p5-Workflow>=1.60:devel/p5-Workflow \
@ -86,10 +86,7 @@ MY_DEPENDS= bash:shells/bash \
p5-XML-Validator-Schema>=0:textproc/p5-XML-Validator-Schema
BUILD_DEPENDS= ${MY_DEPENDS}
RUN_DEPENDS= ${MY_DEPENDS}
TEST_DEPENDS= p5-DBD-SQLite>=1.52:databases/p5-DBD-SQLite \
p5-Test-Pod-Coverage>=1.00:devel/p5-Test-Pod-Coverage \
p5-Test-Pod>=1.00:devel/p5-Test-Pod \
p5-Test-Prereq>=0:devel/p5-Test-Prereq
TEST_DEPENDS= p5-Test-Prereq>=0:devel/p5-Test-Prereq
USES= gmake perl5 shebangfix ssl
USE_GITHUB= yes
@ -99,12 +96,10 @@ _conf_VERSION= ${DISTVERSION:R}
USE_PERL5= configure
USE_RC_SUBR= openxpki
SHEBANG_FILES= bin/*
SHEBANG_GLOB= *.fcgi *.pl *.pm *.t*
SHEBANG_FILES= ../../*
NO_ARCH= yes
# stay with stable versions only:
PORTSCOUT= limitw:1,even
PORTSCOUT= limitw:1,even # stay with stable versions only
SUB_FILES= pkg-message
WRKSRC_SUBDIR= core/server/
@ -112,8 +107,6 @@ WRKSRC_SUBDIR= core/server/
USERS= openxpki
GROUPS= openxpki
PORTDOCS= *
PORTEXAMPLES= *
OPTIONS_DEFINE= DOCS EXAMPLES GRAPHVIZ
GRAPHVIZ_DESC= With graphical visualization of workflows?
@ -121,28 +114,36 @@ GRAPHVIZ_RUN_DEPENDS= dot:graphics/graphviz \
imgsize:graphics/p5-Image-Size
post-extract:
@${MV} ${WRKSRC_conf}/* ${WRKSRC}/../../config/
@${MKDIR} ${WRKSRC}/config
@${MV} ${WRKSRC_conf}/* ${WRKSRC}/config/
post-patch:
@${REINPLACE_CMD} -e 's|..ENV{PERL} .vergen --format version.|"${PORTVERSION}"|g' ${WRKSRC}/Makefile.PL
@${REINPLACE_CMD} -e 's|..vergen --format version.|"${PORTVERSION}"|g' ${WRKSRC}/Makefile.PL
@${REINPLACE_CMD} -e 's|OPENSSLINC|${OPENSSLINC}|g' ${WRKSRC}/Makefile.PL
@${REINPLACE_CMD} -e 's|OPENSSLLIB|${OPENSSLLIB}|g' ${WRKSRC}/Makefile.PL
@${REINPLACE_CMD} -e 's|OPENSSLBINARY|${OPENSSLBASE}/bin/openssl|g' ${WRKSRC}/Makefile.PL
@( \
cd ${WRKSRC}/../..; \
${ECHO} "Patching dir names..."; \
${GREP} -RIFl -e "/etc/openxpki" config core/server doc qatest tools >filelist; \
${GREP} -RIFl -e "/etc/openxpki" core/server doc qatest tools >filelist; \
${CAT} filelist | ${XARGS} -I % ${REINPLACE_CMD} -e 's|/etc/openxpki|${PREFIX}/etc/openxpki|g' "%"; \
${CAT} filelist | ${XARGS} -I % ${RM} "%.bak"; \
${GREP} -RIFl -e "/run/openxpkid.pid" config core/server doc qatest tools >filelist; \
${CAT} filelist | ${XARGS} -I % ${REINPLACE_CMD} -e 's|/var/run/openxpkid.pid|/var/openxpki/openxpkid.pid|g' "%"; \
${GREP} -RIFl -e "/run/openxpkid.pid" core/server doc qatest tools >filelist; \
${CAT} filelist | ${XARGS} -I % ${REINPLACE_CMD} -e 's|/run/openxpkid.pid|/var/openxpki/openxpkid.pid|g' "%"; \
${CAT} filelist | ${XARGS} -I % ${RM} "%.bak"; \
${GREP} -RIFl -e "www-data" core/server doc qatest tools >filelist; \
${CAT} filelist | ${XARGS} -I % ${REINPLACE_CMD} -e 's|www-data|www|g' "%"; \
${CAT} filelist | ${XARGS} -I % ${RM} "%.bak"; \
${RM} filelist; \
)
@${FIND} ${WRKSRC} -name "*.orig" -delete
@${MKDIR} ${WRKSRC}/t/var/log/openxpki
post-install:
@${MKDIR} ${STAGEDIR}/var/openxpki/session
@${MKDIR} ${STAGEDIR}/var/log/openxpki
@${MKDIR} ${STAGEDIR}${PREFIX}/etc/openxpki
@${MKDIR} ${STAGEDIR}${PREFIX}/etc/openxpki/local/keys
post-install-DOCS-on:
${MKDIR} ${STAGEDIR}${DOCSDIR}
@ -150,7 +151,6 @@ post-install-DOCS-on:
post-install-EXAMPLES-on:
${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
(cd ${WRKSRC}/../.. && ${COPYTREE_SHARE} config ${STAGEDIR}${EXAMPLESDIR})
(cd ${WRKSRC} && ${COPYTREE_SHARE} "htdocs cgi-bin" ${STAGEDIR}${EXAMPLESDIR})
(cd ${WRKSRC} && ${COPYTREE_SHARE} "config htdocs cgi-bin" ${STAGEDIR}${EXAMPLESDIR} "! -name *\.orig")
.include <bsd.port.mk>

View file

@ -1,5 +1,5 @@
TIMESTAMP = 1675078273
SHA256 (openxpki-openxpki-v3.24.1_GH0.tar.gz) = 70ca49bb8cf4e7ae71362227fd397adfade2462b045331911e72320888872ea1
SIZE (openxpki-openxpki-v3.24.1_GH0.tar.gz) = 34969532
TIMESTAMP = 1677275136
SHA256 (openxpki-openxpki-v3.24.2_GH0.tar.gz) = b7528d3dde96c33c56a5e99a44fb2896190625bf9abc9a8597d25ceabbba8531
SIZE (openxpki-openxpki-v3.24.2_GH0.tar.gz) = 34969529
SHA256 (openxpki-openxpki-config-v3.24_GH0.tar.gz) = 677adc87fa8ccbf85ca7c0b42b61c3a628acc18fa57d091df9bfaf5a3ee86704
SIZE (openxpki-openxpki-config-v3.24_GH0.tar.gz) = 153657

View file

@ -10,7 +10,7 @@
# openxpki_enable="YES"
# to ensure that openxpki starts at boot time.
# Define and edit this variable in file /etc/rc.conf:
# openxpki_conf="%%PREFIX%%/etc/openxpki/config.git"
# openxpki_conf="%%PREFIX%%/etc/openxpki/config.d"
# if your configuration is in different place.
#
# DO NOT CHANGE THESE DEFAULT VALUES HERE

View file

@ -0,0 +1,126 @@
--- Makefile.PL.orig 2023-06-21 23:40:24 UTC
+++ Makefile.PL
@@ -9,59 +9,11 @@ my $vergen = '../../tools/vergen';
###########################################################################
# determine OpenSSL version
-## first we have to find a working OpenSSL
-# OPENSSL_LIB
-# OPENSSL_INC
-# OPENSSL_PREFIX set
-# /usr/local/ssl
-# /usr/local
-# /usr
-# /
-# ...
+my $openssl_inc_dir = "OPENSSLINC";
+my $openssl_lib_dir = "OPENSSLLIB";
+my $openssl_binary = "OPENSSLBINARY";
-my $openssl_inc_dir = '';
-my $openssl_lib_dir = '';
-my $openssl_binary = '';
-
-my @paths = qw( /usr/local/ssl
- /opt/local/ssl
- /usr/local
- /opt/local
- /usr
- /opt
- );
-
-unshift @paths, $ENV{OPENSSL_PREFIX}
- if (exists $ENV{OPENSSL_PREFIX} and $ENV{OPENSSL_PREFIX} ne '');
-
-my $tmp_ver;
-
-foreach my $path (@paths) {
- my $tmp_inc = File::Spec->catfile($path, 'include');
- $tmp_ver = File::Spec->catfile($tmp_inc, 'openssl', 'opensslv.h');
- my $tmp_lib = File::Spec->catfile($path, 'lib');
- my $tmp_bin = File::Spec->catfile($path, 'bin', 'openssl');
-
- if (-d $tmp_inc &&
- -d $tmp_lib &&
- -r $tmp_ver &&
- -r $tmp_bin && -x $tmp_bin) {
- $openssl_inc_dir = $tmp_inc;
- $openssl_lib_dir = $tmp_lib;
- $openssl_binary = $tmp_bin;
- last;
- }
-}
-
-# accept settings from OPENSSL_INC and OPENSSL_LIB if BOTH exist
-if (exists $ENV{OPENSSL_INC} && $ENV{OPENSSL_INC} != "" &&
- exists $ENV{OPENSSL_LIB} && $ENV{OPENSSL_LIB} != ""
-) {
- $openssl_inc_dir = $ENV{OPENSSL_INC};
- $openssl_lib_dir = $ENV{OPENSSL_LIB};
-}
-
die "Could not find usable OpenSSL installation. Stopped"
unless defined $openssl_inc_dir;
@@ -72,60 +24,10 @@ print STDERR "OpenSSL library: $openssl_lib_dir\n";
print STDERR "OpenSSL headers: $openssl_inc_dir\n";
print STDERR "OpenSSL binary: $openssl_binary\n";
-# ask the binary for it's version
-# openssl version should produce output like this:
-# OpenSSL 0.9.7l 28 Sep 2006
-# OpenSSL 1.0.0a 1 Jun 2010
-my $openssl_version_string = `$openssl_binary version`;
-my ($openssl_version_major, $openssl_version_minor, $openssl_version_fix, $openssl_version_patch, $openssl_version_flavour);
-if ($openssl_version_string =~ m/\s*OpenSSL\s+(\d+)\.(\d+)\.(\d+)([a-zA-Z]+)/i) {
- # OpenSSL 0.9
- $openssl_version_flavour = 'OpenSSL';
- $openssl_version_major = $1;
- $openssl_version_minor = $2;
- $openssl_version_fix = $3;
- $openssl_version_patch = $4;
- print "$openssl_version_flavour version: major=$openssl_version_major, minor=$openssl_version_minor, fix=$openssl_version_fix, patch=$openssl_version_patch\n";
-
-} elsif ($openssl_version_string =~ m/\s*(OpenSSL|LibreSSL)\s+(\d+)\.(\d+)\.(\d+)\s+/) {
- # OpenSSL 1.0
- $openssl_version_flavour = $1;
- $openssl_version_major = $2;
- $openssl_version_minor = $3;
- $openssl_version_fix = $4;
- print "OpenSSL version: major=$openssl_version_major, minor=$openssl_version_minor, fix=$openssl_version_fix\n";
-} else {
- print "Problem: malformed openssl version string!\n";
- print STDERR "Consider setting OPENSSL_PREFIX correctly.\n\n";
- exit 1;
-}
-
-# Warn on old openssl - should work but lacks support for some features
-if ($openssl_version_major == 0 &&
- $openssl_version_minor == 9 &&
- $openssl_version_fix == 8
-) {
- print STDERR "Warning: openssl 0.9.8 found - this will work but lacks some features, e.g. server side key generation!";
-
-} elsif ( $openssl_version_flavour =~ m/LibreSSL/i ) {
- print STDERR "Warning: LibreSSL found, support for LibreSSL is experimental!";
-
-} elsif (not
- ($openssl_version_flavour =~ m/OpenSSL/i &&
- $openssl_version_major == 1 &&
- (($openssl_version_minor == 0) || ($openssl_version_minor == 1) ))
-) {
- print STDERR "\n";
- print STDERR "ERROR: OpenSSL 0.9.8, 1.0 or 1.1 is required.\n";
- print STDERR "Consider setting OPENSSL_PREFIX correctly.\n\n";
- exit 1;
-}
-
# make OpenSSL binary location available to tests
open my $fh, ">", File::Spec->catfile("t", "cfg.binary.openssl");
print $fh $openssl_binary;
close $fh;
-
###########################################################################
# determine OpenXPKI version

View file

@ -2,13 +2,21 @@
{ type: install
message: <<EOM
- Universal server building block (OpenXPKI) for arbitrary PKI: installed.
- SCEP prerequisite binary and i18n tools for UI: installed.
- i18n tools for UI: installed.
- Enable utf8 locale (e.g. en_US.utf8) for the translation staff to operate
(translation is needed even for English language).
- Install your favorite database (enable utf8 support),
e.g. databases/mysql56-server
- Install perl interface for your favorite database,
e.g. databases/p5-DBD-mysql
- Using database
= Install your favorite database (enable utf8 support), e.g.
databases/postgresql15-server
and perl interface for it, e.g. databases/p5-DBD-Pg
= Examples, demos and tutorials of OpenXPKI traditionally use MariaDB
database. But its use with OpenXPKI on FreeBSD is a bit tricky:
- Install e.g. databases/mariadb106-server
- Add value mysql to file /etc/make.conf like this:
DEFAULT_VERSIONS+= mysql=10.6m
- cd /usr/ports/databases/p5-DBD-mysql && make reinstall
Note that installing of databases/p5-DBD-MariaDB here may hinder
operation of your OpeXPKI setup.
- Install your favorite web server.
Copy FastCGI scripts from %%EXAMPLESDIR%%/cgi-bin to the location
where your web server can use them. Set executable permissions for them.
@ -18,13 +26,17 @@
- If you want your server to act just as the simplest CA,
then the basic deployment procedure is all you need:
copy sample configuration for this case with
cp -R %%EXAMPLESDIR%%/config/openxpki/* %%PREFIX%%/etc/openxpki/
cp -pR %%EXAMPLESDIR%%/config/* %%PREFIX%%/etc/openxpki/
and follow advice at:
https://openxpki.readthedocs.org/en/latest/quickstart.html
Without this deployment procedure OpenXPKI server would not start.
- If you want more complex role for your server inside the PKI infrastructure,
then you need to perform further deployment procedure for your server atop
then perform further deployment procedure for your server atop
the basic deployment.
- Oversimplified example scripts and configs are provided herewith for
illustration only, and not for production use. All features of OpenXPI in
production should be acquired by setting up an appropriate server with
needed deployment procedure.
- This port has created user:group as openxpki:openxpki, which owns
the OpenXPKI server.
- After first fresh installation, create empty log files as follows
@ -38,9 +50,9 @@ install -m 660 -o www -g www /dev/null /var/log/openxpki/soap.log
- It is essential that www and openpki are two different users in your system.
- Start daemons in this order:
database server,
OpenXPKI server (%%PREFIX%%/etc/rc.d/openxpki start),
web server.
1) database server,
2) OpenXPKI server (%%PREFIX%%/etc/rc.d/openxpki start),
3) web server.
- Docs installed (if you opted so) into %%DOCSDIR%%
- Mind FreeBSD specific file structure:
%%PREFIX%%/etc/openxpki: server configuration, logs configuration.
@ -48,10 +60,23 @@ install -m 660 -o www -g www /dev/null /var/log/openxpki/soap.log
/var/openxpki/session: session files.
/var/log/openxpki: server log files.
/var/tmp: temporary directory.
- OpenXPKI has not been fully tested with LibreSSL,
report your LibreSSL story to the list
https://sourceforge.net/p/openxpki/mailman/
or use OpenSSL instead.
- Use of openssl/libressl
= This package comes (from FreeBSD build cluster) bound with
openssl from base system, cf: /usr/ports/Mk/Uses/ssl.mk
If you want to use openssl or libressl from ports instead, then:
1) add the name of respective port
(openssl, openssl30, openssl31, libressl, libressl-devel...)
to /etc/make.conf file e.g. like this:
DEFAULT_VERSIONS+= ssl=openssl31
2) install security/openssl31
3) cd /usr/ports/security/p5-openxpki && make reinstall
you do not need to rebuild dependencies, installed from packages.
= Using versions OpenSSL 1.0 or less can restrict features of the OpenXPI.
= OpenXPKI builds just fine with any available versions of OpenSSL or
LibreSSL. But its operation with LibreSSL, or with OpenSSL 3+ has not
been fully tested. Report your respective story to the list
https://sourceforge.net/p/openxpki/mailman/
or use OpenSSL 1.1.1 instead.
EOM
}
{ type: upgrade

File diff suppressed because it is too large Load diff