diff options
| author | Markus Wipp <mw@wipp.bayern> | 2024-03-29 18:51:42 +0000 |
|---|---|---|
| committer | Yasuhiro Kimura <yasu@FreeBSD.org> | 2024-03-30 00:42:03 +0000 |
| commit | 2a67a2fe3a8a96b6adf06514001f2fa9f9ee9714 (patch) | |
| tree | 6b757aaa45fe97b8ea06989d5071006a0b802bbc | |
| parent | 8cecd9f244cfe531016d47be6904f09fae39e137 (diff) | |
| download | ports-2a67a2fe3a8a96b6adf06514001f2fa9f9ee9714.tar.gz ports-2a67a2fe3a8a96b6adf06514001f2fa9f9ee9714.zip | |
security/step-certificates: Update to version 0.26.0
* Add configure target to rc script
* Adjusted pkg-message
* Pet portclippy
PR: 278035
| -rw-r--r-- | security/step-certificates/Makefile | 7 | ||||
| -rw-r--r-- | security/step-certificates/distinfo | 10 | ||||
| -rw-r--r-- | security/step-certificates/files/step-ca.in | 45 | ||||
| -rw-r--r-- | security/step-certificates/pkg-message | 5 |
4 files changed, 50 insertions, 17 deletions
diff --git a/security/step-certificates/Makefile b/security/step-certificates/Makefile index 41ddcf4e6809..a903de9e8408 100644 --- a/security/step-certificates/Makefile +++ b/security/step-certificates/Makefile @@ -1,7 +1,6 @@ PORTNAME= step-certificates DISTVERSIONPREFIX= v -DISTVERSION= 0.25.2 -PORTREVISION= 2 +DISTVERSION= 0.26.0 CATEGORIES= security MAINTAINER= mw@wipp.bayern @@ -17,10 +16,10 @@ RUN_DEPENDS= step:security/step-cli USES= go:modules -GO_MODULE= github.com/smallstep/certificates - USE_RC_SUBR= step-ca +GO_MODULE= github.com/smallstep/certificates + GO_TARGET= ./cmd/step-ca:${PREFIX}/sbin/step-ca GO_BUILDFLAGS= -ldflags "-w -X main.Version=${PORTVERSION}" diff --git a/security/step-certificates/distinfo b/security/step-certificates/distinfo index af645bfe812a..2d510b73e2b7 100644 --- a/security/step-certificates/distinfo +++ b/security/step-certificates/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1701460797 -SHA256 (go/security_step-certificates/step-certificates-v0.25.2/v0.25.2.mod) = 7b8d9e8b5f35b5467da9bb0b5cb2997217cb6343cf4c707ab76566501d374cfb -SIZE (go/security_step-certificates/step-certificates-v0.25.2/v0.25.2.mod) = 6667 -SHA256 (go/security_step-certificates/step-certificates-v0.25.2/v0.25.2.zip) = 9bdffcb28b1ec1a03f8f1d3f49fde9ffb77e1e46d904b88bacecaea8adcb9764 -SIZE (go/security_step-certificates/step-certificates-v0.25.2/v0.25.2.zip) = 1049591 +TIMESTAMP = 1711731230 +SHA256 (go/security_step-certificates/step-certificates-v0.26.0/v0.26.0.mod) = 8c6fa479a3353e3388f2d2b22eae55f02fec0c627449eebd547aaf6b3dd6116a +SIZE (go/security_step-certificates/step-certificates-v0.26.0/v0.26.0.mod) = 8136 +SHA256 (go/security_step-certificates/step-certificates-v0.26.0/v0.26.0.zip) = a630dbbff154f0fb75ae9ced250df488becf2592d1840c44425d06ead197a161 +SIZE (go/security_step-certificates/step-certificates-v0.26.0/v0.26.0.zip) = 1069995 diff --git a/security/step-certificates/files/step-ca.in b/security/step-certificates/files/step-ca.in index 03946767ff2b..59e8e33c5164 100644 --- a/security/step-certificates/files/step-ca.in +++ b/security/step-certificates/files/step-ca.in @@ -49,6 +49,9 @@ command_args="-S -c \ start_precmd=step_ca_startprecmd start_postcmd=step_ca_postcmd +extra_commands="configure" +configure_cmd="step_ca_configure" + step_ca_startprecmd() { if [ ! -e ${pidfile} ]; then @@ -57,11 +60,43 @@ step_ca_startprecmd() if [ ! -e ${step_ca_steppath} ]; then echo "No configured Step CA found." + echo "Please run service step-ca configure" + exit 1 + else + export STEPPATH=${step_ca_steppath} + fi + + if [ ! -e ${step_ca_password} ]; then + echo "Step CA Password file for auto-start not found" + echo "Please run service step-ca configure" + exit 1 + fi + + if [ -e ${step_ca_steppath}/config/ca.json ]; then + configured_port=$(sed -n -e '/"address"/ s/.*:\(.*\)".*/\1/p' ${step_ca_steppath}/config/ca.json) + if [ ${configured_port} -lt 1024 ]; then + echo "Privileged Port (${configured_port}) configured: cannot run as ${step_ca_user}" + exit 1 + fi + fi +} + +step_ca_postcmd() { + sleep 2 + run_rc_command status +} + +step_ca_configure() { + if [ ! -e ${step_ca_steppath} ]; then + echo "No configured Step CA found." echo "Creating new one...." + install -m 600 -o ${step_ca_user} -g ${step_ca_group} /dev/null ${step_ca_steppath} export STEPPATH=${step_ca_steppath} %%PREFIX%%/bin/step ca init --ssh - chown -R ${step_ca_user}:${step_ca_group} ${step_ca_steppath} + chown -R ${step_ca_user}:${step_ca_group} ${step_ca_stepdir} else + echo "Configured Step CA found at ${step_ca_steppath}." + echo "Please remove the directory and its contents manually if you really want to reconfigure." export STEPPATH=${step_ca_steppath} fi @@ -72,6 +107,9 @@ step_ca_startprecmd() echo "Please enter the Step CA Password:" stty -echo; read passwd; stty echo; echo echo $passwd > ${step_ca_password} + else + echo "Configured Step CA password file found at ${step_ca_password}." + echo "Please remove the file manually if you really want to reconfigure." fi if [ -e ${step_ca_steppath}/config/ca.json ]; then @@ -82,9 +120,4 @@ step_ca_startprecmd() fi } -step_ca_postcmd() { - sleep 2 - run_rc_command status -} - run_rc_command "$1" diff --git a/security/step-certificates/pkg-message b/security/step-certificates/pkg-message index 7b616c50a4bd..2e595b5f19ae 100644 --- a/security/step-certificates/pkg-message +++ b/security/step-certificates/pkg-message @@ -4,10 +4,11 @@ ================================================================================ Step Certificates requires additional configuration: -The simple way is via the service start script step_ca. +The simple way is via the service start script step_ca with: +service step_ca configure When there is no configuration it will be created. User input is required!!! -The hard way would be via the step command. +The hard way would be manually via the step command. Ensure to set the STEPPATH environment variable. This makes using the commands much simpler. |