pkgsrc/security/py-certbot-nginx/Makefile

# $NetBSD: Makefile,v 1.16 2021/02/09 10:06:43 adam Exp $

.include "../../security/py-certbot/Makefile.common"

DISTNAME=	certbot-nginx-${CERTBOT_VERSION}
MASTER_SITES=	${MASTER_SITE_PYPI:=c/certbot-nginx/}

COMMENT=	Nginx plugin for Certbot

DEPENDS+=	${PYPKGPREFIX}-OpenSSL>=17.3.0:../../security/py-OpenSSL
DEPENDS+=	${PYPKGPREFIX}-acme>=1.4.0:../../security/py-acme
DEPENDS+=	${PYPKGPREFIX}-certbot>=1.6.0:../../security/py-certbot
DEPENDS+=	${PYPKGPREFIX}-setuptools>=39.0.1:../../devel/py-setuptools
DEPENDS+=	${PYPKGPREFIX}-pyparsing>=2.2.0:../../devel/py-pyparsing
DEPENDS+=	${PYPKGPREFIX}-ZopeInterface-[0-9]*:../../devel/py-ZopeInterface

PKG_SYSCONFVAR=		nginx

SUBST_CLASSES+=		paths
SUBST_STAGE.paths=	pre-configure
SUBST_MESSAGE.paths=	Fixing absolute paths.
SUBST_FILES.paths=	certbot_nginx/_internal/constants.py
SUBST_VARS.paths=	PKG_SYSCONFDIR

.include "../../lang/python/egg.mk"
.include "../../mk/bsd.pkg.mk"
py-acme py-certbot*: updated to 1.12.0 1.12.0 Changed The --preferred-chain flag now only checks the Issuer Common Name of the topmost (closest to the root) certificate in the chain, instead of checking every certificate in the chain. Support for Python 2 has been removed. In previous releases, we caused certbot-auto to stop updating its Certbot installation. In this release, we are beginning to disable updates to the certbot-auto script itself. This release includes Amazon Linux users, and all other systems that are not based on Debian or RHEL. We plan to make this change to the certbot-auto script for all users in the coming months. Fixed Fixed the apache component on openSUSE Tumbleweed which no longer provides an apache2ctl symlink and uses apachectl instead. Fixed a typo in certbot/crypto_util.py causing an error upon attempting secp521r1 key generation 2021-02-09 11:06:41 +01:00			`# $NetBSD: Makefile,v 1.16 2021/02/09 10:06:43 adam Exp $`
py-acme/py-certbot: updated to 0.39.0 0.39.0: Added Support for Python 3.8 was added to Certbot and all of its components. Support for CentOS 8 was added to certbot-auto. Changed Don't send OCSP requests for expired certificates Return to using platform.linux_distribution instead of distro.linux_distribution in OS fingerprinting for Python < 3.8 Updated the Nginx plugin's TLS configuration to keep support for some versions of IE11. Fixed Fixed OS detection in the Apache plugin on RHEL 6. 2019-10-02 19:36:43 +02:00
			`.include "../../security/py-certbot/Makefile.common"`
py-certbot-nginx: add nginx certbot plugin 2019-01-15 13:05:47 +01:00
py-acme: update to 0.35.0 py-certbot: update to 0.35.0 py-certbot-apache: update to 0.35.0 py-certbot-dns-luadns: update to 0.35.0 py-certbot-dns-nsone: update to 0.35.0 py-certbot-dns-ovh: update to 0.35.0 py-certbot-dns-rfc2136: update to 0.35.0 py-certbot-dns-route53: update to 0.35.0 py-certbot-dns-sakuracloud: update to 0.35.0 py-certbot-nginx: update to 0.35.0 pkgsrc changes: --------------- * Add py-certbot/Makefile.common to make version number coherent upstream changes: ----------------- - Added o dns_rfc2136 plugin now supports explicitly specifing an authorative base domain for cases when the automatic method does not work (e.g. Split horizon DNS) - Fixed o Renewal parameter webroot_path is always saved, avoiding some regressions when webroot authenticator plugin is invoked with no challenge to perform. o Certbot now accepts OCSP responses when an explicit authorized responder, different from the issuer, is used to sign OCSP responses. o Scripts in Certbot hook directories are no longer executed when their filenames end in a tilde. - Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only package with changes other than its version number was: o certbot o certbot-dns-rfc2136 2019-06-11 16:22:01 +02:00			`DISTNAME= certbot-nginx-${CERTBOT_VERSION}`
py-acme,py-certbot*: updated to 0.31.0 0.31.0: Added Avoid reprocessing challenges that are already validated when a certificate is issued. Support for initiating (but not solving end-to-end) TLS-ALPN-01 challenges with the acme module. Changed Certbot's official Docker images are now based on Alpine Linux 3.9 rather than 3.7. The new version comes with OpenSSL 1.1.1. Lexicon-based DNS plugins are now fully compatible with Lexicon 3.x (support on 2.x branch is maintained). Apache plugin now attempts to configure all VirtualHosts matching requested domain name instead of only a single one when answering the HTTP-01 challenge. Fixed Fixed accessing josepy contents through acme.jose when the full acme.jose path is used. Clarify behavior for deleting certs as part of revocation. Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only package with changes other than its version number was: acme certbot certbot-apache certbot-dns-cloudxns certbot-dns-dnsimple certbot-dns-dnsmadeeasy certbot-dns-gehirn certbot-dns-linode certbot-dns-luadns certbot-dns-nsone certbot-dns-ovh certbot-dns-sakuracloud More details about these changes can be found on our GitHub repo. 2019-02-12 13:56:31 +01:00			`MASTER_SITES= ${MASTER_SITE_PYPI:=c/certbot-nginx/}`
py-certbot-nginx: add nginx certbot plugin 2019-01-15 13:05:47 +01:00
py-acme: update to 0.35.0 py-certbot: update to 0.35.0 py-certbot-apache: update to 0.35.0 py-certbot-dns-luadns: update to 0.35.0 py-certbot-dns-nsone: update to 0.35.0 py-certbot-dns-ovh: update to 0.35.0 py-certbot-dns-rfc2136: update to 0.35.0 py-certbot-dns-route53: update to 0.35.0 py-certbot-dns-sakuracloud: update to 0.35.0 py-certbot-nginx: update to 0.35.0 pkgsrc changes: --------------- * Add py-certbot/Makefile.common to make version number coherent upstream changes: ----------------- - Added o dns_rfc2136 plugin now supports explicitly specifing an authorative base domain for cases when the automatic method does not work (e.g. Split horizon DNS) - Fixed o Renewal parameter webroot_path is always saved, avoiding some regressions when webroot authenticator plugin is invoked with no challenge to perform. o Certbot now accepts OCSP responses when an explicit authorized responder, different from the issuer, is used to sign OCSP responses. o Scripts in Certbot hook directories are no longer executed when their filenames end in a tilde. - Despite us having broken lockstep, we are continuing to release new versions of all Certbot components during releases for the time being, however, the only package with changes other than its version number was: o certbot o certbot-dns-rfc2136 2019-06-11 16:22:01 +02:00			`COMMENT= Nginx plugin for Certbot`

py-acme py-certbot*: updated to 1.12.0 1.12.0 Changed The --preferred-chain flag now only checks the Issuer Common Name of the topmost (closest to the root) certificate in the chain, instead of checking every certificate in the chain. Support for Python 2 has been removed. In previous releases, we caused certbot-auto to stop updating its Certbot installation. In this release, we are beginning to disable updates to the certbot-auto script itself. This release includes Amazon Linux users, and all other systems that are not based on Debian or RHEL. We plan to make this change to the certbot-auto script for all users in the coming months. Fixed Fixed the apache component on openSUSE Tumbleweed which no longer provides an apache2ctl symlink and uses apachectl instead. Fixed a typo in certbot/crypto_util.py causing an error upon attempting secp521r1 key generation 2021-02-09 11:06:41 +01:00			`DEPENDS+= ${PYPKGPREFIX}-OpenSSL>=17.3.0:../../security/py-OpenSSL`
py-acme/py-certbot: updated to 1.4.0 1.4.0: Added Turn off session tickets for apache plugin by default when appropriate. * Added serial number of certificate to the output of `certbot certificates` * Expose two new environment variables in the authenticator and cleanup scripts used by the `manual` plugin: `CERTBOT_REMAINING_CHALLENGES` is equal to the number of challenges remaining after the current challenge, `CERTBOT_ALL_DOMAINS` is a comma-separated list of all domains challenged for the current certificate. * Added TLS-ALPN-01 challenge support in the `acme` library. Support of this challenge in the Certbot client is planned to be added in a future release. * Added minimal proxy support for OCSP verification. * On Windows, hooks are now executed in a Powershell shell instead of a CMD shell, allowing both `.ps1` and `.bat` as valid scripts for Certbot. Changed * Reorganized error message when a user entered an invalid email address. * Stop asking interactively if the user would like to add a redirect. * `mock` dependency is now conditional on Python 2 in all of our packages. * Deprecate certbot-auto on Gentoo, macOS, and FreeBSD. Fixed * When using an RFC 8555 compliant endpoint, the `acme` library no longer sends the `resource` field in any requests or the `type` field when responding to challenges. * Fix nginx plugin crash when non-ASCII configuration file is being read (instead, the user will be warned that UTF-8 must be used). * Fix hanging OCSP queries during revocation checking - added a 10 second timeout. * Standalone servers now have a default socket timeout of 30 seconds, fixing cases where an idle connection can cause the standalone plugin to hang. * Parsing of the RFC 8555 application/pem-certificate-chain now tolerates CRLF line endings. This should fix interoperability with Buypass' services. More details about these changes can be found on our GitHub repo. 2020-05-07 12:53:44 +02:00			`DEPENDS+= ${PYPKGPREFIX}-acme>=1.4.0:../../security/py-acme`
py-acme py-certbot: updated to 1.8.0 Certbot 1.8.0 Added Added the ability to remove email and phone contact information from an account using update_account --register-unsafely-without-email Changed Support for Python 3.5 has been removed. Fixed The problem causing the Apache plugin in the Certbot snap on ARM systems to fail to load the Augeas library it depends on has been fixed. The acme library can now tell the ACME server to clear contact information by passing an empty tuple to the contact field of a Registration message. Fixed the stack smashing detected * error in the Certbot snap on some systems. More details about these changes can be found on our GitHub repo. 2020-09-30 11:03:45 +02:00			`DEPENDS+= ${PYPKGPREFIX}-certbot>=1.6.0:../../security/py-certbot`
py-acme py-certbot*: updated to 1.12.0 1.12.0 Changed The --preferred-chain flag now only checks the Issuer Common Name of the topmost (closest to the root) certificate in the chain, instead of checking every certificate in the chain. Support for Python 2 has been removed. In previous releases, we caused certbot-auto to stop updating its Certbot installation. In this release, we are beginning to disable updates to the certbot-auto script itself. This release includes Amazon Linux users, and all other systems that are not based on Debian or RHEL. We plan to make this change to the certbot-auto script for all users in the coming months. Fixed Fixed the apache component on openSUSE Tumbleweed which no longer provides an apache2ctl symlink and uses apachectl instead. Fixed a typo in certbot/crypto_util.py causing an error upon attempting secp521r1 key generation 2021-02-09 11:06:41 +01:00			`DEPENDS+= ${PYPKGPREFIX}-setuptools>=39.0.1:../../devel/py-setuptools`
			`DEPENDS+= ${PYPKGPREFIX}-pyparsing>=2.2.0:../../devel/py-pyparsing`
py-certbot-nginx: add nginx certbot plugin 2019-01-15 13:05:47 +01:00			`DEPENDS+= ${PYPKGPREFIX}-ZopeInterface-[0-9]*:../../devel/py-ZopeInterface`

Look for nginx.conf in PKG_SYSCONFDIR.nginx 2020-06-21 10:00:03 +02:00			`PKG_SYSCONFVAR= nginx`

			`SUBST_CLASSES+= paths`
			`SUBST_STAGE.paths= pre-configure`
			`SUBST_MESSAGE.paths= Fixing absolute paths.`
			`SUBST_FILES.paths= certbot_nginx/_internal/constants.py`
			`SUBST_VARS.paths= PKG_SYSCONFDIR`

py-certbot-nginx: add nginx certbot plugin 2019-01-15 13:05:47 +01:00			`.include "../../lang/python/egg.mk"`
			`.include "../../mk/bsd.pkg.mk"`