aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTomoyuki Sakurai <trombik1973@gmail.com>2021-10-18 16:38:27 +0000
committerYuri Victorovich <yuri@FreeBSD.org>2021-10-18 16:54:28 +0000
commita6dddfbc3b259aaec389e8314b703851e7c8eb68 (patch)
treead59449011d72a9b1847d66dafd91ca505a0299d
parente6b9ebac9ebb06ae964e1680fcdb6f2bdf6b35ee (diff)
downloadports-a6dddfbc3b259aaec389e8314b703851e7c8eb68.tar.gz
ports-a6dddfbc3b259aaec389e8314b703851e7c8eb68.zip
security/cfssl: Add the RC script to start as a daemon to run the HTTP-based API server
The API endpoint is 127.0.0.1:8888. PR: 259247
-rw-r--r--GIDs2
-rw-r--r--UIDs2
-rw-r--r--security/cfssl/Makefile20
-rw-r--r--security/cfssl/files/cfssl.in38
-rw-r--r--security/cfssl/pkg-plist9
5 files changed, 68 insertions, 3 deletions
diff --git a/GIDs b/GIDs
index 3bb5c1e4ada0..4cb40984b169 100644
--- a/GIDs
+++ b/GIDs
@@ -815,7 +815,7 @@ opensearch:*:855:
bitmark:*:872:
bitmark-recorder:*:873:
librespeed:*:874:
-# free: 875
+cfssl:*:875:
_lms:*:876:
gemserv:*:877:
gerbera:*:878:
diff --git a/UIDs b/UIDs
index f490764e29d5..4adfd141d0bc 100644
--- a/UIDs
+++ b/UIDs
@@ -820,7 +820,7 @@ archiva:*:871:871::0:0:Apache Archiva Daemon:/nonexistent:/usr/sbin/nologin
bitmark:*:872:872::0:0:Bitmark Property System:/var/lib/bitmarkd:/usr/sbin/nologin
bitmark-recorder:*:873:873::0:0:Bitmark Property Recorder:/var/lib/recorderd:/usr/sbin/nologin
librespeed:*:874:874::0:0:LibreSpeed user:/nonexistent:/usr/sbin/nologin
-# free: 875
+cfssl:*:875:875::0:0:cfssl user:/nonexistent:/usr/sbin/nologin
_lms:*:876:876::0:0:Lightweight Music Server user:/nonexistent:/usr/sbin/nologin
gemserv:*:877:877::0:0:gemserv user:/nonexistent:/usr/sbin/nologin
gerbera:*:878:878::0:0:Gerbera DLNA Media Server:/nonexistent:/usr/sbin/nologin
diff --git a/security/cfssl/Makefile b/security/cfssl/Makefile
index b01b21076a1c..1aa20f12bd19 100644
--- a/security/cfssl/Makefile
+++ b/security/cfssl/Makefile
@@ -1,6 +1,7 @@
PORTNAME= cfssl
DISTVERSIONPREFIX= v
DISTVERSION= 1.6.1
+PORTREVISION= 1
CATEGORIES= security
MAINTAINER= yuri@FreeBSD.org
@@ -19,12 +20,20 @@ EXES= cfssl cfssl-bundle cfssl-certinfo cfssl-newkey cfssl-scan cfssljson mkbun
PLIST_FILES= ${EXES:S/^/bin\//}
+CFSSL_EXTRA_TARGETS= bin/goose
+PLIST_FILES+= ${CFSSL_EXTRA_TARGETS}
+USE_RC_SUBR= ${PORTNAME}
+USERS= cfssl
+GROUPS= cfssl
+# installs a file to the same path
+CONFLICTS= goose
+
pre-configure:
${REINPLACE_CMD} -e 's|%%DISTVERSION%%|${DISTVERSION}|g' ${WRKSRC}/cli/version/version.go
# the project uses Makefile for build and installation
do-build:
- @cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} ${GO_ENV} ${MAKE_CMD} ${MAKE_FLAGS} ${MAKEFILE} ${_MAKE_JOBS} all
+ @cd ${WRKSRC} && ${SETENV} ${MAKE_ENV} ${GO_ENV} ${MAKE_CMD} ${MAKE_FLAGS} ${MAKEFILE} ${_MAKE_JOBS} all ${CFSSL_EXTRA_TARGETS}
do-install:
# Makefile is used but the install target uses go install.
@@ -33,4 +42,13 @@ do-install:
${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/${F}
.endfor
+ ${INSTALL} -d ${STAGEDIR}${DATADIR}
+.for D in certdb/sqlite certdb/pg certdb/mysql
+ cd ${WRKSRC} && ${COPYTREE_SHARE} ${D} ${STAGEDIR}${DATADIR}
+.endfor
+
+.for F in ${CFSSL_EXTRA_TARGETS}
+ ${INSTALL_PROGRAM} ${WRKSRC}/${F} ${STAGEDIR}/${PREFIX}/${F}
+.endfor
+
.include <bsd.port.mk>
diff --git a/security/cfssl/files/cfssl.in b/security/cfssl/files/cfssl.in
new file mode 100644
index 000000000000..1779ae0252c0
--- /dev/null
+++ b/security/cfssl/files/cfssl.in
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+# PROVIDE: cfssl
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+
+# Add the following lines to /etc/rc.conf to enable `cfssl':
+#
+# cfssl_enable="YES"
+#
+# An example cfssl_flags:
+# cfssl_flags="-db-config /usr/local/etc/ssl/db.json -ca /usr/local/etc/ssl/ca.pem -ca-key /usr/local/etc/ssl/ca-key.pem -config /usr/local/etc/ssl/ca-config.json"
+#
+
+. /etc/rc.subr
+
+name="cfssl"
+rcvar=cfssl_enable
+
+load_rc_config "$name"
+: ${cfssl_enable="NO"}
+: ${cfssl_flags:=""}
+
+command="/usr/sbin/daemon"
+cfssl_command="%%PREFIX%%/bin/cfssl"
+cfssl_user="cfssl"
+pidfile="/var/run/$name.pid"
+flags=" "
+command_args="-S -p ${pidfile} ${cfssl_command} serve ${cfssl_flags}"
+procname="%%PREFIX%%/bin/cfssl"
+start_precmd="cfssl_precmd"
+
+cfssl_precmd()
+{
+ install -o ${cfssl_user} /dev/null ${pidfile}
+}
+
+run_rc_command "$1"
diff --git a/security/cfssl/pkg-plist b/security/cfssl/pkg-plist
new file mode 100644
index 000000000000..5612f39af661
--- /dev/null
+++ b/security/cfssl/pkg-plist
@@ -0,0 +1,9 @@
+%%DATADIR%%/certdb/mysql/dbconf.yml
+%%DATADIR%%/certdb/mysql/migrations/001_CreateCertificates.sql
+%%DATADIR%%/certdb/mysql/migrations/002_AddMetadataToCertificates.sql
+%%DATADIR%%/certdb/pg/dbconf.yml
+%%DATADIR%%/certdb/pg/migrations/001_CreateCertificates.sql
+%%DATADIR%%/certdb/pg/migrations/002_AddMetadataToCertificates.sql
+%%DATADIR%%/certdb/sqlite/dbconf.yml
+%%DATADIR%%/certdb/sqlite/migrations/001_CreateCertificates.sql
+%%DATADIR%%/certdb/sqlite/migrations/002_AddMetadataToCertificates.sql