security/openca-ocspd: New port: OpenCA’s OCSP responder

 - submitter becomes maintainer

OpenCA OCSP Responder is an rfc2560 compliant OCSPD responder.
The server is a stand-alone application and can be integrated into many
different PKI solutions as it does not depend on specific database scheme.
Furthermore it can be used as a responder for multiple CAs.

WWW: https://www.openca.org/projects/ocspd

PR:		264475

7 files changed, 119 insertions, 0 deletions

diff --git a/security/Makefile b/security/Makefile
index 5c0317e122fd..bb1715d19967 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -379,6 +379,7 @@
     SUBDIR += onionscan
     SUBDIR += op
     SUBDIR += openbsm
+    SUBDIR += openca-ocspd
     SUBDIR += openconnect
     SUBDIR += openconnect-freebsd-daemon
     SUBDIR += openconnect-gui
diff --git a/security/openca-ocspd/Makefile b/security/openca-ocspd/Makefile
new file mode 100644
index 000000000000..45795272cce3
--- /dev/null
+++ b/security/openca-ocspd/Makefile
@@ -0,0 +1,52 @@
+PORTNAME=	openca-ocspd
+DISTVERSIONPREFIX=	v
+DISTVERSION=	3.1.3
+CATEGORIES=	security
+
+MAINTAINER=	bruno@ruomad.net
+COMMENT=	OpenCA OCSP responder
+
+LICENSE=	APACHE20
+LICENSE_FILE=	${WRKSRC}/COPYING
+
+NOT_FOR_ARCHS=	arm64
+
+LIB_DEPENDS=	libpki.so:security/libpki
+
+USES=		autoreconf gnome libtool shebangfix ssl
+USE_GITHUB=	yes
+GH_ACCOUNT=	openca
+USE_GNOME=	libxml2
+# Add a rc script to start the OCSP daemon
+USE_RC_SUBR=	ocspd
+
+SHEBANG_FILES=	etc/ocspd.in scripts/ocspd-genreq.sh.in
+
+GNU_CONFIGURE=	yes
+CONFIGURE_ARGS=	--with-libpki-prefix=${PREFIX}
+
+# Rename installed configuration files to samples
+post-stage:
+	${MKDIR} ${STAGEDIR}${PREFIX}/share/openca-ocspd/etc; \
+	${MKDIR} ${STAGEDIR}${PREFIX}/share/openca-ocspd/etc/ocspd; \
+	${MKDIR} ${STAGEDIR}${PREFIX}/share/openca-ocspd/etc/ocspd/ca.d; \
+	${MKDIR} ${STAGEDIR}${PREFIX}/share/openca-ocspd/etc/ocspd/pki; \
+	${MKDIR} ${STAGEDIR}${PREFIX}/share/openca-ocspd/etc/ocspd/pki/token.d; \
+	cd ${STAGEDIR}${PREFIX}/etc/ocspd/pki; \
+	for f in $$(find * -type f); do \
+		${MV} ${STAGEDIR}${PREFIX}/etc/ocspd/pki/$$f ${STAGEDIR}${PREFIX}/share/openca-ocspd/etc/ocspd/pki/$$f.sample; \
+	done; \
+	cd ${STAGEDIR}${PREFIX}/etc/ocspd/ca.d; \
+	for f in $$(find * -type f); do \
+		${MV} ${STAGEDIR}${PREFIX}/etc/ocspd/ca.d/$$f ${STAGEDIR}${PREFIX}/share/openca-ocspd/etc/ocspd/ca.d/$$f.sample; \
+	done; \
+	for f in $$(find ${STAGEDIR}${PREFIX}/etc/ocspd -type f); do \
+		${MV} $$f $$f.sample; \
+	done; \
+	${RM} ${STAGEDIR}${PREFIX}/bin/test.sh; \
+	${RM} ${STAGEDIR}${PREFIX}/etc/init.d/ocspd; \
+	${RMDIR} ${STAGEDIR}${PREFIX}/etc/init.d
+	${RMDIR} ${STAGEDIR}${PREFIX}/var/run
+	${RMDIR} ${STAGEDIR}${PREFIX}/var
+
+.include <bsd.port.mk>
diff --git a/security/openca-ocspd/distinfo b/security/openca-ocspd/distinfo
new file mode 100644
index 000000000000..5a94844ad10d
--- /dev/null
+++ b/security/openca-ocspd/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1654414248
+SHA256 (openca-openca-ocspd-v3.1.3_GH0.tar.gz) = 59a0054bee22ba72b23263ead6a8458e2086f1996111608a2a2aafbd9e30f591
+SIZE (openca-openca-ocspd-v3.1.3_GH0.tar.gz) = 592190
diff --git a/security/openca-ocspd/files/ocspd.in b/security/openca-ocspd/files/ocspd.in
new file mode 100755
index 000000000000..dc813fc1fe86
--- /dev/null
+++ b/security/openca-ocspd/files/ocspd.in
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+# PROVIDE: ocspd
+# REQUIRE: NETWORK
+
+. /etc/rc.subr
+
+name=ocspd
+rcvar=ocspd_enable
+
+pidfile="/var/run/${name}.pid"
+
+command="%%PREFIX%%/sbin/ocspd"
+command_args="-c %%PREFIX%%/etc/ocspd/ocspd.xml -d -v"
+
+load_rc_config ${name}
+: ${ocspd_enable:=no}
+: ${ocspd_msg="Nothing started."}
+
+
+run_rc_command "$1"
diff --git a/security/openca-ocspd/pkg-descr b/security/openca-ocspd/pkg-descr
new file mode 100644
index 000000000000..f4fd28e1a48e
--- /dev/null
+++ b/security/openca-ocspd/pkg-descr
@@ -0,0 +1,6 @@
+OpenCA OCSP Responder is an rfc2560 compliant OCSPD responder.
+The server is a stand-alone application and can be integrated into many
+different PKI solutions as it does not depend on specific database scheme.
+Furthermore it can be used as a responder for multiple CAs.
+
+WWW: https://www.openca.org/projects/ocspd
diff --git a/security/openca-ocspd/pkg-message b/security/openca-ocspd/pkg-message
new file mode 100644
index 000000000000..3b13ccc58dfb
--- /dev/null
+++ b/security/openca-ocspd/pkg-message
@@ -0,0 +1,18 @@
+[
+{ type: install
+  message: <<EOM
+Sample Configuration files have been installed in
+$PREFIX/share/openca-ocspd/etc, in a hierachy that mimics the one created in
+$PREFIX/etc.
+They may be used as templates to be copied into the corresponding subdirectory
+under $PREFIX/etc and customized according to user context.
+EOM
+}
+{
+type: remove
+message: <<EOM
+User-installed configuration files under $PREFIX/etc/ocspd have been preserved and
+must be removed manually if needed, as well as this directory. 
+EOM
+}
+]
diff --git a/security/openca-ocspd/pkg-plist b/security/openca-ocspd/pkg-plist
new file mode 100644
index 000000000000..8615fabc665e
--- /dev/null
+++ b/security/openca-ocspd/pkg-plist
@@ -0,0 +1,18 @@
+bin/ocspd-genreq.sh
+@sample etc/ocspd/ocspd.xml.sample
+libdata/pkgconfig/openca-ocspd.pc
+sbin/ocspd
+share/man/man3/ocspd.3.gz
+share/man/man3/ocspd.conf.3.gz
+%%DATADIR%%/etc/ocspd/pki/token.d/etoken.xml.sample
+%%DATADIR%%/etc/ocspd/pki/token.d/software.xml.sample
+%%DATADIR%%/etc/ocspd/pki/token.d/eracom.xml.sample
+%%DATADIR%%/etc/ocspd/ca.d/collegeca.xml.sample
+%%DATADIR%%/etc/ocspd/ca.d/self-certs.xml.sample
+@dir etc/ocspd/ca.d
+@dir etc/ocspd/certs
+@dir etc/ocspd/crls
+@dir etc/ocspd/pki/hsm.d
+@dir etc/ocspd/pki/profile.d
+@dir etc/ocspd/pki/token.d
+@dir etc/ocspd/private