pkgsrc/security/py-certbot/Makefile

# $NetBSD: Makefile,v 1.9 2018/12/15 21:12:23 wiz Exp $

PKGNAME=	${PYPKGPREFIX}-${DISTNAME}
CATEGORIES=	security

COMMENT=	Client for the Let's Encrypt CA
MAINTAINER=	fhajny@NetBSD.org
LICENSE=	apache-2.0

EGG_NAME=	${DISTNAME}

.include "Makefile.common"

DEPENDS+=	${PYPKGPREFIX}-acme-${PKGVERSION_NOREV}{nb*,}:../../security/py-acme
DEPENDS+=	${PYPKGPREFIX}-configargparse>=0.9.3:../../devel/py-configargparse
DEPENDS+=	${PYPKGPREFIX}-configobj-[0-9]*:../../devel/py-configobj
DEPENDS+=	${PYPKGPREFIX}-cryptography>=1.2:../../security/py-cryptography
DEPENDS+=	${PYPKGPREFIX}-josepy-[0-9]*:../../security/py-josepy
DEPENDS+=	${PYPKGPREFIX}-mock-[0-9]*:../../devel/py-mock
DEPENDS+=	${PYPKGPREFIX}-parsedatetime>=2.0:../../time/py-parsedatetime
DEPENDS+=	${PYPKGPREFIX}-pytz-[0-9]*:../../time/py-pytz
DEPENDS+=	${PYPKGPREFIX}-rfc3339-[0-9]*:../../time/py-rfc3339
DEPENDS+=	${PYPKGPREFIX}-six-[0-9]*:../../lang/py-six
DEPENDS+=	${PYPKGPREFIX}-ZopeComponent-[0-9]*:../../devel/py-ZopeComponent
DEPENDS+=	${PYPKGPREFIX}-ZopeInterface-[0-9]*:../../devel/py-ZopeInterface

# Needed for the test target
# https://github.com/certbot/certbot/issues/2956
BUILD_DEPENDS+=	${PYPKGPREFIX}-readline-[0-9]*:../../devel/py-readline

BUILD_DEFS+=		VARBASE

PKG_SYSCONFSUBDIR=	letsencrypt

SUBST_CLASSES+=		path
SUBST_STAGE.path=	pre-build
SUBST_MESSAGE.path=	Fixing default paths
SUBST_FILES.path+=	certbot/constants.py certbot/display/ops.py
SUBST_FILES.path+=	certbot/plugins/*.py certbot/tests/*.py
SUBST_SED.path+=	-e 's,/etc/letsencrypt,${PKG_SYSCONFDIR},g'
SUBST_SED.path+=	-e 's,/var/lib/letsencrypt,${VARBASE}/letsencrypt,g'
SUBST_SED.path+=	-e 's,/var/log/letsencrypt,${VARBASE}/letsencrypt/log,g'

MAKE_DIRS+=		${VARBASE}/letsencrypt/log

INSTALLATION_DIRS+=	share/examples/certbot

post-install:
	${MV} ${DESTDIR}${PREFIX}/bin/certbot \
		${DESTDIR}${PREFIX}/bin/certbot${PYVERSSUFFIX}
	${INSTALL_DATA} ${WRKSRC}/examples/cli.ini \
		${DESTDIR}${PREFIX}/share/examples/certbot

.include "../../lang/python/egg.mk"
.include "../../mk/bsd.pkg.mk"
*: update email for fhajny 2018-12-15 22:12:18 +01:00			`# $NetBSD: Makefile,v 1.9 2018/12/15 21:12:23 wiz Exp $`
Import certbot 0.6.0 as security/py-certbot. Certbot, previously the Let's Encrypt Client, is EFF's tool to obtain certs from Let's Encrypt, and (optionally) autoenable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol. 2016-05-25 20:18:16 +02:00
			`PKGNAME= ${PYPKGPREFIX}-${DISTNAME}`
			`CATEGORIES= security`

			`COMMENT= Client for the Let's Encrypt CA`
*: update email for fhajny 2018-12-15 22:12:18 +01:00			`MAINTAINER= fhajny@NetBSD.org`
Import certbot 0.6.0 as security/py-certbot. Certbot, previously the Let's Encrypt Client, is EFF's tool to obtain certs from Let's Encrypt, and (optionally) autoenable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol. 2016-05-25 20:18:16 +02:00			`LICENSE= apache-2.0`

			`EGG_NAME= ${DISTNAME}`

			`.include "Makefile.common"`

			`DEPENDS+= ${PYPKGPREFIX}-acme-${PKGVERSION_NOREV}{nb*,}:../../security/py-acme`
			`DEPENDS+= ${PYPKGPREFIX}-configargparse>=0.9.3:../../devel/py-configargparse`
			`DEPENDS+= ${PYPKGPREFIX}-configobj-[0-9]*:../../devel/py-configobj`
Update security/py-{acme,certbot} to 0.20.0. 0.20.0 - 2017-12-06 - Certbot's ACME library now recognizes URL fields in challenge objects in preparation for Let's Encrypt's new ACME endpoint. - The Apache plugin now parses some distro specific Apache configuration files on non-Debian systems allowing it to get a clearer picture on the running configuration. - Certbot better reports network failures by removing information about connection retries from the error output. - An unnecessary question when using Certbot's webroot plugin interactively has been removed. - Certbot's NGINX plugin no longer sometimes incorrectly reports that it was unable to deploy a HTTP->HTTPS redirect when requesting Certbot to enable a redirect for multiple domains. - Problems where the Apache plugin was failing to find directives and duplicating existing directives on openSUSE have been resolved. - An issue running the test shipped with Certbot and some our DNS plugins with older versions of mock have been resolved. - On some systems, users reported strangely interleaved output depending on when stdout and stderr were flushed. 0.19.0 - 2017-10-04 - Certbot now has renewal hook directories where executable files can be placed for Certbot to run with the renew subcommand. - After revoking a certificate with the revoke subcommand, Certbot will offer to delete the lineage associated with the certificate. - When using Certbot's Google Cloud DNS plugin on Google Compute Engine, you no longer have to provide a credential file to Certbot if you have configured sufficient permissions for the instance which Certbot can automatically obtain using Google's metadata service. - When deleting certificates interactively using the delete subcommand, Certbot will now allow you to select multiple lineages to be deleted at once. - Certbot's Apache plugin no longer always parses Apache's sites-available on Debian based systems and instead only parses virtual hosts included in your Apache configuration. - The plugins subcommand can now be run without root access. - certbot-auto now includes a timeout when updating itself so it no longer hangs indefinitely when it is unable to connect to the external server. - An issue where Certbot's Apache plugin would sometimes fail to deploy a certificate on Debian based systems if mod_ssl wasn't already enabled has been resolved. - A bug in our Docker image where the certificates subcommand could not report if certificates maintained by Certbot had been revoked has been fixed. - Certbot's RFC 2136 DNS plugin (for use with software like BIND) now properly performs DNS challenges when the domain being verified contains a CNAME record. 2017-12-09 17:39:03 +01:00			`DEPENDS+= ${PYPKGPREFIX}-cryptography>=1.2:../../security/py-cryptography`
security/py-certbot: Update to 0.22.0 ### Added - Support for obtaining wildcard certificates and a newer version of the ACME protocol such as the one implemented by Let's Encrypt's upcoming ACMEv2 endpoint was added to Certbot and its ACME library. Certbot still works with older ACME versions and will automatically change the version of the protocol used based on the version the ACME CA implements. - The Apache and Nginx plugins are now able to automatically install a wildcard certificate to multiple virtual hosts that you select from your server configuration. - The `certbot install` command now accepts the `--cert-name` flag for selecting a certificate. - `acme.client.BackwardsCompatibleClientV2` was added to Certbot's ACME library which automatically handles most of the differences between new and old ACME versions. `acme.client.ClientV2` is also available for people who only want to support one version of the protocol or want to handle the differences between versions themselves. - certbot-auto now supports the flag --install-only which has the script install Certbot and its dependencies and exit without invoking Certbot. - Support for issuing a single certificate for a wildcard and base domain was added to our Google Cloud DNS plugin. To do this, we now require your API credentials have additional permissions, however, your credentials will already have these permissions unless you defined a custom role with fewer permissions than the standard DNS administrator role provided by Google. These permissions are also only needed for the case described above so it will continue to work for existing users. For more information about the permissions changes, see the documentation in the plugin. ### Changed - We have broken lockstep between our ACME library, Certbot, and its plugins. This means that the different components do not need to be the same version to work together like they did previously. This makes packaging easier because not every piece of Certbot needs to be repackaged to ship a change to a subset of its components. - Support for Python 2.6 and Python 3.3 has been removed from ACME, Certbot, Certbot's plugins, and certbot-auto. If you are using certbot-auto on a RHEL 6 based system, it will walk you through the process of installing Certbot with Python 3 and refuse to upgrade to a newer version of Certbot until you have done so. - Certbot's components now work with older versions of setuptools to simplify packaging for EPEL 7. ### Fixed - Issues caused by Certbot's Nginx plugin adding multiple ipv6only directives has been resolved. - A problem where Certbot's Apache plugin would add redundant include directives for the TLS configuration managed by Certbot has been fixed. - Certbot's webroot plugin now properly deletes any directories it creates. 2018-03-13 11:08:51 +01:00			`DEPENDS+= ${PYPKGPREFIX}-josepy-[0-9]*:../../security/py-josepy`
Import certbot 0.6.0 as security/py-certbot. Certbot, previously the Let's Encrypt Client, is EFF's tool to obtain certs from Let's Encrypt, and (optionally) autoenable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol. 2016-05-25 20:18:16 +02:00			`DEPENDS+= ${PYPKGPREFIX}-mock-[0-9]*:../../devel/py-mock`
			`DEPENDS+= ${PYPKGPREFIX}-parsedatetime>=2.0:../../time/py-parsedatetime`
			`DEPENDS+= ${PYPKGPREFIX}-pytz-[0-9]*:../../time/py-pytz`
			`DEPENDS+= ${PYPKGPREFIX}-rfc3339-[0-9]*:../../time/py-rfc3339`
			`DEPENDS+= ${PYPKGPREFIX}-six-[0-9]*:../../lang/py-six`
			`DEPENDS+= ${PYPKGPREFIX}-ZopeComponent-[0-9]*:../../devel/py-ZopeComponent`
			`DEPENDS+= ${PYPKGPREFIX}-ZopeInterface-[0-9]*:../../devel/py-ZopeInterface`

Update security/py-{acme,certbot} to 0.10.0. No changelog released, commits closed for 0.10.0: - Stop IDisplay AssertionErrors - Add update_symlinks to "--help manage" - Hide rename command for 0.10.0 - Disable rename command for 0.10.0 - Break on failure to deploy cert - Incorrect success condition in nginx - certbot delete and rename evoke IDisplay - Put update_symlinks in certbot --help manage - Fix Error Message for invalid FQDNs - pyopenssl inject workaround - pyparsing.restOfLine is not a function, don't call it - Add information on updating [certbot\|letsencrypt]-auto - Remove quotes so tilde is expanded - Correctly report when we skip hooks during renewal - Add line number to Augeas syntax error message - Mention line in (Apache) conf file in case of Augeas parse/syntax error - Fixes #3954 and adds a test to prevent regressions - Further OCSP improvements - `-n` doesn't like `force_interactive`? - Save allow_subset_of_names in renewal conf files - I promise checklists are OK (fixes #3934) - Return domains for _find_domains_or_certname - --cert-name causes explosions when trying to use "run" as an installer - Interactivity glitch in git master - Document some particularities of the revoke subcommand - test using os.path.sep not hardcoded / - Save --pre and --post hooks in renewal conf files, and run them in a sophisticated way - Don't add ServerAlias directives when the domain is already covered by a wildcard - Mitigate problems for people who run without -n - Use relative paths for livedir symlinks - Implement delete command - Use isatty checks before asking new questions - Ensure apt-cache is always running in English if we're going to grep - Sort the names by domain (then subdomain) before showing them - Merge the manual and script plugins - --allow-subset-of-names should probably be a renewalparam - Fix certbox-nginx address equality check - Implement our fancy new --help output - Make renew command respect the --cert-name flag - Error when using non-english locale on Debian - Document defaults - Improve simple --help output - Add pyasn1 back to le-auto - Mark Nginx vhosts as ssl when any vhost is on ssl at that address - Fully check for Nginx address equality - Preserve --must-staple in configuration for renewal (#3844) - Git master certbot is making executable renewal conf files? - Improve the "certbot certificates" output - Renewal: Preserve 'OCSP Must Staple' (option --must-staple) - Security enhancement cleanup - Parallalelise nosetests from tox - "certbot certificates" is API-like, so make it future-proof - Fix LE_AUTO_SUDO usage - Remove the sphinxcontrib.programout [docs]dependency - No more relative path connection from live-crt to archive-crt files - Ensure tests pass with openssl 1.1 - Output success message for revoke command - acme module fails tests with openssl 1.1 - Pin pyopenssl 16.2.0 in certbot-auto - Fixed output of `certbot-auto --version`(#3637). - Take advantage of urllib3 pyopenssl rewrite - Busybox support - Fix --http-01-port typo at source - Implement the --cert-name flag to select a lineage by its name. - Fix reinstall message - Changed plugin interface return types (#3748). - Remove letshelp-letsencrypt - Bump pyopenssl version - Bump python-cryptography to 1.5.3 - Remove get_all_certs_keys() from Apache and Nginx - Further merge --script-* with ---hook - Certbot opens curses sessions for informational notices, breaking automation - Fix writing pem files with Python3 - Strange reinstallation errors - Don't re-add redirects if one exists - Use subprocess.Popen.terminate instead of os.killpg - Generalize return types for plugin interfaces - Don't re-append Nginx redirect directive - Cli help is sometimes wrong about what the default for something is - [certbot-auto] Bump cryptography version to 1.5.2 - python-cryptography build failure on sid - Remove sphinxcontrib-programoutput dependency? - Allow notification interface to not wrap text - Fix non-ASCII domain check. - Add renew_hook to options stored in the renewal config, #3394 - Where oh where has sphinxcontrib-programoutput gone? - Remove some domain name checks. - Allowing modification check to run using "tox" - How to modify -auto - Don't crash when U-label IDN provided on command line - Add README file to each live directory explaining its contents. - Allow user to select all domains by typing empty string at checklist - Fix issue with suggest_unsafe undeclared - Update docs/contributing.rst to match display behavior during release. - Referencing unbound variable in certbot.display.ops.get_email - Add list-certs command - Remove the curses dialog, thereby deprecating the --help and --dialog command line options - Remove the curses dialog, thereby deprecating the --help and --dialog command line options - Specify archive directory in renewal configuration file - 0.9.1 fails in non-interactive use (pythondialog, error opening terminal) - Allow certbot to get a cert for default_servers - [nginx] Cert for two domains in one virtaulhost fails - [nginx] --hsts and --uir flags not working? - `certbot-auto --version` still says `letsencrypt 0.9.3` (should say `certbot 0.9.3`?) - Add a cli option for "all domains my installer sees" - Stop rejecting punycode domain names - Standalone vs. Apache for available ports - nginx-compatibility-weirdness - Support requesting IDNA2008 Punycode domains - Cert Management Improvement Project (C-MIP) - Add --lineage command line option for nicer SAN management. - Fix requirements.txt surgery in response to shipping certbot-nginx - Use correct Content-Types in headers. - Missing Content-Type 'application/json' in POST requests - Script plugin - Inconsistent error placement - Server alias [revision requested] - When getopts is called multiple time we need to reset OPTIND. - certbot-auto: Print link to doc on debugging pip install error [revision requested] - Update ACME error namespace to match the new draft. - Update errors to match latest ACME version. - Testing the output of build.py against lea-source/lea - Make return type of certbot.interfaces.IInstaller.get_all_keys_certs() an iterator - Fix requirements file surgery for 0.10.0 release - Update Where Are My Certs section. - Hooks do not get stored in renewal config file - Multiple vhosts - Bind to IPv6, fix the problem of ipv6 site cannot generate / renew certificate [revision requested] - Warning message for low memory servers - Run simple certbot-auto tests with `tox` - letsencrypt-auto-source/letsencrypt-auto should be the output of build.py - DialogError should come with --text instructions - Support correct error namespace - Verification URL after successful certificate configuration can't be opened from terminal - Use appropriate caution when handling configurations that have complex rewrite logic - `revoke` doesn't output any status - adding -delete option to remove the cert files - Stop using simple_verify in manual plugin - Ways of specifying what to renew - Allow removing SAN from multidomain certificate when renewing - Dialog is sometimes ugly - Allow user to override sudo as root authorization method [minor revision requested] - Add a README file to each live directory explaining its contents - ExecutableNotFound 2017-01-12 17:02:43 +01:00			`# Needed for the test target`
			`# https://github.com/certbot/certbot/issues/2956`
			`BUILD_DEPENDS+= ${PYPKGPREFIX}-readline-[0-9]*:../../devel/py-readline`

Import certbot 0.6.0 as security/py-certbot. Certbot, previously the Let's Encrypt Client, is EFF's tool to obtain certs from Let's Encrypt, and (optionally) autoenable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol. 2016-05-25 20:18:16 +02:00			`BUILD_DEFS+= VARBASE`

			`PKG_SYSCONFSUBDIR= letsencrypt`

			`SUBST_CLASSES+= path`
			`SUBST_STAGE.path= pre-build`
			`SUBST_MESSAGE.path= Fixing default paths`
			`SUBST_FILES.path+= certbot/constants.py certbot/display/ops.py`
			`SUBST_FILES.path+= certbot/plugins/.py certbot/tests/.py`
			`SUBST_SED.path+= -e 's,/etc/letsencrypt,${PKG_SYSCONFDIR},g'`
			`SUBST_SED.path+= -e 's,/var/lib/letsencrypt,${VARBASE}/letsencrypt,g'`
			`SUBST_SED.path+= -e 's,/var/log/letsencrypt,${VARBASE}/letsencrypt/log,g'`

			`MAKE_DIRS+= ${VARBASE}/letsencrypt/log`

			`INSTALLATION_DIRS+= share/examples/certbot`

			`post-install:`
Update py-certbot and py-acme to 0.14.0. Use ALTERNATIVES to handle different Python versions better. 0.14.0 - 2017-05-04 Added - Python 3.3+ support for all Certbot packages. certbot-auto still currently only supports Python 2, but the acme, certbot, certbot-apache, and certbot-nginx packages on PyPI now fully support Python 2.6, 2.7, and 3.3+. - Certbot's Apache plugin now handles multiple virtual hosts per file. - Lockfiles to prevent multiple versions of Certbot running simultaneously. Changed - When converting an HTTP virtual host to HTTPS in Apache, Certbot only copies the virtual host rather than the entire contents of the file it's contained in. - The Nginx plugin now includes SSL/TLS directives in a separate file located in Certbot's configuration directory rather than copying the contents of the file into every modified server block. Fixed - Ensure logging is configured before parts of Certbot attempt to log any messages. - Support for the --quiet flag in certbot-auto. - Reverted a change made in a previous release to make the acme and certbot packages always depend on argparse. This dependency is conditional again on the user's Python version. - Small bugs in the Nginx plugin such as properly handling empty server blocks and setting server_names_hash_bucket_size during challenges. 2017-05-11 10:23:35 +02:00			`${MV} ${DESTDIR}${PREFIX}/bin/certbot \`
			`${DESTDIR}${PREFIX}/bin/certbot${PYVERSSUFFIX}`
Import certbot 0.6.0 as security/py-certbot. Certbot, previously the Let's Encrypt Client, is EFF's tool to obtain certs from Let's Encrypt, and (optionally) autoenable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol. 2016-05-25 20:18:16 +02:00			`${INSTALL_DATA} ${WRKSRC}/examples/cli.ini \`
			`${DESTDIR}${PREFIX}/share/examples/certbot`

			`.include "../../lang/python/egg.mk"`
			`.include "../../mk/bsd.pkg.mk"`