security/py-truststore: Add py-truststore 0.7.0

Truststore is a library which exposes native system certificate stores (ie
"trust stores") through an ssl.SSLContext-like API. This means that Python
applications no longer need to rely on certifi as a root certificate store.
Native system certificate stores have many helpful features compared to a static
certificate bundle like certifi:
- Automatically update certificates as new CAs are created and removed
- Fetch missing intermediate certificates
- Check certificates against certificate revocation lists (CRLs) to avoid
  monster-in-the-middle (MITM) attacks
- Managed per-system rather than per-application by a operations/IT team
- PyPI is no longer a CA distribution channel

Right now truststore is a stand-alone library that can be installed globally in
your application to immediately take advantage of the benefits in Python 3.10+.
Truststore has also been integrated into pip as an opt-in method for verifying
HTTPS certificates with truststore instead of certifi.

Long-term the hope is to make truststore the default way to verify HTTPS
certificates in pip and to add this functionality into Python itself. Wish us
luck!

security/Makefile

@@ -1037,6 +1037,7 @@
     SUBDIR += py-tlslite-ng
     SUBDIR += py-trezor
     SUBDIR += py-trustme
+    SUBDIR += py-truststore
     SUBDIR += py-tuf
     SUBDIR += py-txtorcon
     SUBDIR += py-uhashring

security/py-truststore/Makefile

@@ -0,0 +1,22 @@
+PORTNAME=	truststore
+PORTVERSION=	0.7.0
+CATEGORIES=	security python
+MASTER_SITES=	PYPI
+PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
+
+MAINTAINER=	sunpoet@FreeBSD.org
+COMMENT=	Verify certificates using native system trust stores
+WWW=		https://truststore.readthedocs.io/en/latest/ \
+		https://github.com/sethmlarson/truststore
+
+LICENSE=	MIT
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+BUILD_DEPENDS=	${PYTHON_PKGNAMEPREFIX}flit-core>=3.2<4:devel/py-flit-core@${PY_FLAVOR}
+
+USES=		python:3.10+ ssl
+USE_PYTHON=	autoplist concurrent pep517
+
+NO_ARCH=	yes
+
+.include <bsd.port.mk>

security/py-truststore/distinfo

@@ -0,0 +1,3 @@
+TIMESTAMP = 1691069906
+SHA256 (truststore-0.7.0.tar.gz) = 72e784507a624375434381e4bad3eff8614bc8c845a7f5ae16a25a2624d0683f
+SIZE (truststore-0.7.0.tar.gz) = 14983

security/py-truststore/pkg-descr

@@ -0,0 +1,20 @@
+Truststore is a library which exposes native system certificate stores (ie
+"trust stores") through an ssl.SSLContext-like API. This means that Python
+applications no longer need to rely on certifi as a root certificate store.
+Native system certificate stores have many helpful features compared to a static
+certificate bundle like certifi:
+- Automatically update certificates as new CAs are created and removed
+- Fetch missing intermediate certificates
+- Check certificates against certificate revocation lists (CRLs) to avoid
+  monster-in-the-middle (MITM) attacks
+- Managed per-system rather than per-application by a operations/IT team
+- PyPI is no longer a CA distribution channel
+
+Right now truststore is a stand-alone library that can be installed globally in
+your application to immediately take advantage of the benefits in Python 3.10+.
+Truststore has also been integrated into pip as an opt-in method for verifying
+HTTPS certificates with truststore instead of certifi.
+
+Long-term the hope is to make truststore the default way to verify HTTPS
+certificates in pip and to add this functionality into Python itself. Wish us
+luck!