security/acme-client: Update to 0.1.13
- Update to 0.1.13 - Modify all configuration paths from letsencrypt to acme - Update periodic script to reflect path changes - Update sample scripts to reflect path changes - Add warning to pkg-message for changed paths - Add UPDATING entry for changed paths - Remove warning for old periodic.conf variable names - Remove warning for letskencrypt rename
This commit is contained in:
Bernard Spil
parent
25e6a123e1
commit
e4b0b4453a
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=425172
8 changed files with 48 additions and 51 deletions
13
UPDATING
13
UPDATING
|
|
@ -5,6 +5,19 @@ they are unavoidable.
|
|||
You should get into the habit of checking this file for changes each time
|
||||
you update your ports collection, before attempting any port upgrades.
|
||||
|
||||
20161102:
|
||||
AFFECTS: users of security/acme-client
|
||||
AUTHOR: brnrd@FreeBSD.org
|
||||
|
||||
The default configuration paths have changed from 'letsencrypt' to
|
||||
'acme'. Rename the directories used accordingly
|
||||
|
||||
mv /usr/local/etc/letsencrypt /usr/local/etc/acme
|
||||
mv /usr/local/etc/ssl/letsencrypt /usr/local/etc/ssl/acme
|
||||
mv /usr/local/www/letsencrypt /usr/local/www/acme
|
||||
|
||||
Check your scripts to ensure proper operation.
|
||||
|
||||
20161030:
|
||||
AFFECTS: users of mail/squirrelmail
|
||||
AUTHOR: adamw@FreeBSD.org
|
||||
|
|
|
|||
|
|
@ -2,8 +2,7 @@
|
|||
# $FreeBSD$
|
||||
|
||||
PORTNAME= acme-client
|
||||
PORTVERSION= 0.1.11
|
||||
PORTREVISION= 2
|
||||
PORTVERSION= 0.1.13
|
||||
DISTVERSIONPREFIX= portable-
|
||||
CATEGORIES= security
|
||||
MASTER_SITES= https://kristaps.bsd.lv/${PORTNAME}/snapshots/ \
|
||||
|
|
@ -26,7 +25,7 @@ STATIC_ACMECLIENT_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-GNUmakefile
|
|||
MAKEFILE= GNUmakefile
|
||||
MAKE_ENV= PREFIX=${STAGEDIR}/${PREFIX}
|
||||
|
||||
WWWDIR= ${PREFIX}/www/letsencrypt
|
||||
WWWDIR= ${PREFIX}/www/acme
|
||||
|
||||
SAMPLE_FILES= acme-client.sh.sample deploy.sh.sample
|
||||
SUB_FILES= 000.acme-client.sh pkg-message ${SAMPLE_FILES}
|
||||
|
|
@ -36,20 +35,20 @@ PERIODIC_DIRS= etc/periodic/weekly
|
|||
PERIODIC_FILES= 000.acme-client.sh
|
||||
|
||||
post-patch:
|
||||
${REINPLACE_CMD} -e "s|/etc/|${PREFIX}/etc/|" \
|
||||
-e "s|/var/www/letsencrypt|${WWWDIR}|" \
|
||||
${REINPLACE_CMD} -e "s|/etc/|${PREFIX}/etc/|g" \
|
||||
-e "s|/var/www/acme|${WWWDIR}|" \
|
||||
${WRKSRC}/main.c ${WRKSRC}/acme-client.1
|
||||
|
||||
post-install:
|
||||
${MKDIR} ${STAGEDIR}${PREFIX}/${PERIODIC_DIRS}
|
||||
${INSTALL_SCRIPT} ${WRKDIR}/${PERIODIC_FILES} ${STAGEDIR}${PREFIX}/${PERIODIC_DIRS}/${PERIODIC_FILES}
|
||||
${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/acme-client
|
||||
. for d in etc/ssl/letsencrypt etc/ssl/letsencrypt/private \
|
||||
etc/letsencrypt www/letsencrypt
|
||||
. for d in etc/ssl/acme etc/ssl/acme/private \
|
||||
etc/acme www/acme
|
||||
${MKDIR} ${STAGEDIR}${PREFIX}/${d}
|
||||
. endfor
|
||||
. for d in ${SAMPLE_FILES}
|
||||
${INSTALL_SCRIPT} ${WRKDIR}/${d} ${STAGEDIR}${PREFIX}/etc/letsencrypt/${d}
|
||||
${INSTALL_SCRIPT} ${WRKDIR}/${d} ${STAGEDIR}${PREFIX}/etc/acme/${d}
|
||||
. endfor
|
||||
|
||||
.include <bsd.port.pre.mk>
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
TIMESTAMP = 1472800677
|
||||
SHA256 (acme-client-portable-0.1.11.tgz) = cb197820ad5dbe0f264f96f3b39ba71c295ab07ea6447632ee0f11329dbff126
|
||||
SIZE (acme-client-portable-0.1.11.tgz) = 45226
|
||||
TIMESTAMP = 1478115236
|
||||
SHA256 (acme-client-portable-0.1.13.tgz) = d364e68ef1590783d8e73196185c557b162805fefdbc92edf07289d5b32228c6
|
||||
SIZE (acme-client-portable-0.1.13.tgz) = 48641
|
||||
|
|
|
|||
|
|
@ -9,24 +9,6 @@ fi
|
|||
PATH=$PATH:%%LOCALBASE%%/bin:%%LOCALBASE%%/sbin
|
||||
export PATH
|
||||
|
||||
case "$weekly_letskencrypt_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'
|
||||
echo '!! WARNING: letskencrypt has been renamed to acme-client !!'
|
||||
echo '!! rename all weekly_letskencrypt_* periodic variables !!'
|
||||
echo '!! to weekly_acme_client_* in your periodic.conf !!'
|
||||
echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'
|
||||
: ${weekly_acme_client_enable:=$weekly_letskencrypt_enable}
|
||||
: ${weekly_acme_client_renewscript:=$weekly_letskencrypt_renewscript}
|
||||
: ${weekly_acme_client_domains:=$weekly_letskencrypt_domains}
|
||||
: ${weekly_acme_client_challengedir:=$weekly_letskencrypt_challengedir}
|
||||
: ${weekly_acme_client_args:=$weekly_letskencrypt_args}
|
||||
: ${weekly_acme_client_deployscript:=$weekly_letskencrypt_deployscript}
|
||||
;;
|
||||
*)
|
||||
;;
|
||||
esac
|
||||
|
||||
case "$weekly_acme_client_enable" in
|
||||
[Yy][Ee][Ss])
|
||||
echo
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/sh -e
|
||||
|
||||
BASEDIR="%%PREFIX%%/etc/letsencrypt"
|
||||
SSLDIR="%%PREFIX%%/etc/ssl/letsencrypt"
|
||||
BASEDIR="%%PREFIX%%/etc/acme"
|
||||
SSLDIR="%%PREFIX%%/etc/ssl/acme"
|
||||
DOMAINSFILE="${BASEDIR}/domains.txt"
|
||||
CHALLENGEDIR="/usr/jails/http/usr/local/www/.well-known/acme-challenge"
|
||||
|
||||
|
|
|
|||
|
|
@ -3,15 +3,15 @@
|
|||
set -e
|
||||
|
||||
DOMAIN="example.net"
|
||||
LEDIR="%%PREFIX%%/etc/ssl/letsencrypt"
|
||||
ACMEDIR="%%PREFIX%%/etc/ssl/acme"
|
||||
JAILSDIR="/usr/jails"
|
||||
TARGETS="mail http"
|
||||
for jail in ${targets}; do
|
||||
targetdir="${JAILSDIR}/${jail}/etc/ssl"
|
||||
# Check if the certificate has changed
|
||||
[[ -z "`diff -rq ${LEDIR}/${domain}/fullchain.pem ${targetdir}/certs/${domain}.pem`" ]] && continue
|
||||
cp -L "${LEDIR}/private/${domain}.pem" "${targetdir}/priv/${domain}.pem"
|
||||
cp -L "${LEDIR}/${domain}/fullchain.pem" "${targetdir}/certs/${domain}.pem"
|
||||
[[ -z "`diff -rq ${ACMEDIR}/${domain}/fullchain.pem ${targetdir}/certs/${domain}.pem`" ]] && continue
|
||||
cp -L "${ACMEDIR}/private/${domain}.pem" "${targetdir}/priv/${domain}.pem"
|
||||
cp -L "${ACMEDIR}/${domain}/fullchain.pem" "${targetdir}/certs/${domain}.pem"
|
||||
chmod 400 "${targetdir}/priv/${domain}.pem"
|
||||
chmod 644 "${targetdir}/certs/${domain}.pem"
|
||||
# Restart/-load relevant services
|
||||
|
|
@ -25,9 +25,9 @@ done
|
|||
#for jail in ${targets}; do
|
||||
# targetdir="${JAILSDIR}/${jail}/etc/ssl"
|
||||
# # Check if the certificate has changed
|
||||
# [[ -z "`diff -rq ${LEDIR}/${domain}/fullchain.pem ${targetdir}/certs/${domain}.pem`" ]] && continue
|
||||
# cp -L "${LEDIR}/private/${domain}.pem" "${targetdir}/priv/${domain}.pem"
|
||||
# cp -L "${LEDIR}/${domain}/fullchain.pem" "${targetdir}/certs/${domain}.pem"
|
||||
# [[ -z "`diff -rq ${ACMEDIR}/${domain}/fullchain.pem ${targetdir}/certs/${domain}.pem`" ]] && continue
|
||||
# cp -L "${ACMEDIR}/private/${domain}.pem" "${targetdir}/priv/${domain}.pem"
|
||||
# cp -L "${ACMEDIR}/${domain}/fullchain.pem" "${targetdir}/certs/${domain}.pem"
|
||||
# chmod 400 "${targetdir}/priv/${domain}.pem"
|
||||
# chmod 644 "${targetdir}/certs/${domain}.pem"
|
||||
# # Restart/-load relevant services
|
||||
|
|
|
|||
|
|
@ -1,11 +1,14 @@
|
|||
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
||||
!! WARNING: letskencrypt has been renamed to acme-client !!
|
||||
!! rename all weekly_letskencrypt_* periodic variables !!
|
||||
!! to weekly_acme_client_* in your periodic.conf !!
|
||||
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
||||
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
||||
!! WARNING: The default configuration paths have changed, !!
|
||||
!! rename !!
|
||||
!! /usr/local/www/letsencrypt to /usr/local/www/acme, !!
|
||||
!! /usr/local/etc/letsencrypt to /usr/local/etc/acme and !!
|
||||
!! /usr/local/etc/ssl/letsencrypt to /usr/local/etc/ssl/acme !!
|
||||
!! and verify paths in your scripts !!
|
||||
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
||||
|
||||
There are example scripts in
|
||||
%%PREFIX%%/etc/letsencrypt
|
||||
%%PREFIX%%/etc/acme
|
||||
that you can use for renewing and deploying multiple certificates
|
||||
|
||||
In order to run the script regularly to update
|
||||
|
|
@ -27,7 +30,7 @@ To set additional acme-client arguments (see acme-client(1))
|
|||
|
||||
To run a specific script for the renewal (ignore previously set variables)
|
||||
allows generating/renewing multiple keys/certificates
|
||||
weekly_acme_client_renewscript=""%%PREFIX%%/etc/letsencrypt/%%PORTNAME%%.sh"
|
||||
weekly_acme_client_renewscript=""%%PREFIX%%/etc/acme/%%PORTNAME%%.sh"
|
||||
|
||||
To run a script after the renewal to deploy changed certs
|
||||
weekly_acme_client_deployscript="%%PREFIX%%/etc/letsencrypt/deploy.sh"
|
||||
weekly_acme_client_deployscript="%%PREFIX%%/etc/acme/deploy.sh"
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
bin/acme-client
|
||||
man/man1/acme-client.1.gz
|
||||
etc/periodic/weekly/000.acme-client.sh
|
||||
@dir(,,0700) etc/letsencrypt
|
||||
@dir(,,0700) etc/acme
|
||||
@dir(,,0755) etc/ssl
|
||||
@dir(,,0755) etc/ssl/letsencrypt
|
||||
@dir(,,0700) etc/ssl/letsencrypt/private
|
||||
@dir(,,0755) etc/ssl/acme
|
||||
@dir(,,0700) etc/ssl/acme/private
|
||||
@dir(,www,) %%WWWDIR%%
|
||||
@sample etc/letsencrypt/deploy.sh.sample
|
||||
@sample etc/letsencrypt/acme-client.sh.sample
|
||||
@sample etc/acme/deploy.sh.sample
|
||||
@sample etc/acme/acme-client.sh.sample
|
||||
|
|
|
|||
Loading…
Reference in a new issue