diff options
author | Dan Langille <dvl@FreeBSD.org> | 2017-07-14 22:22:46 +0000 |
---|---|---|
committer | Dan Langille <dvl@FreeBSD.org> | 2017-07-14 22:22:46 +0000 |
commit | 4946491d57d5a32f1c2688482806ce3de42003f2 (patch) | |
tree | ad71e6c138e02b6573f0ecf4982c8539b9d1bd2f /sysutils/anvil | |
parent | 5606e472b7208510ef034f689709d91fa2e58241 (diff) | |
download | ports-4946491d57d5a32f1c2688482806ce3de42003f2.tar.gz ports-4946491d57d5a32f1c2688482806ce3de42003f2.zip |
Tools for distributing ssl certificates
Notes
Notes:
svn path=/head/; revision=445832
Diffstat (limited to 'sysutils/anvil')
-rw-r--r-- | sysutils/anvil/Makefile | 30 | ||||
-rw-r--r-- | sysutils/anvil/distinfo | 3 | ||||
-rw-r--r-- | sysutils/anvil/files/cert-puller.conf.sample.in | 3 | ||||
-rw-r--r-- | sysutils/anvil/files/cert-shifter.conf.sample.in | 6 | ||||
-rw-r--r-- | sysutils/anvil/files/pkg-install.in | 7 | ||||
-rw-r--r-- | sysutils/anvil/files/pkg-message.in | 26 | ||||
-rw-r--r-- | sysutils/anvil/pkg-descr | 14 | ||||
-rw-r--r-- | sysutils/anvil/pkg-plist | 5 |
8 files changed, 94 insertions, 0 deletions
diff --git a/sysutils/anvil/Makefile b/sysutils/anvil/Makefile new file mode 100644 index 000000000000..4619e6751e4e --- /dev/null +++ b/sysutils/anvil/Makefile @@ -0,0 +1,30 @@ +# $FreeBSD$ + +PORTNAME= anvil +PORTVERSION= 0.0.6 +CATEGORIES= sysutils + +MAINTAINER= dvl@FreeBSD.org +COMMENT= Tools for distributing ssl certificates + +LICENSE= BSD2CLAUSE + +USE_GITHUB= yes +GH_ACCOUNT= dlangille + +USERS= anvil +GROUPS= anvil + +SUB_FILES+= cert-shifter.conf.sample cert-puller.conf.sample pkg-install pkg-message + +NO_BUILD= yes + +do-install: + ${MKDIR} ${STAGEDIR}${ETCDIR} + ${MKDIR} ${STAGEDIR}/var/db/anvil + ${INSTALL_DATA} ${WRKDIR}/cert-shifter.conf.sample ${STAGEDIR}${ETCDIR} + ${INSTALL_DATA} ${WRKDIR}/cert-puller.conf.sample ${STAGEDIR}${ETCDIR} + ${INSTALL_SCRIPT} ${WRKSRC}/cert-shifter ${STAGEDIR}${PREFIX}/bin + ${INSTALL_SCRIPT} ${WRKSRC}/cert-puller ${STAGEDIR}${PREFIX}/bin + +.include <bsd.port.mk> diff --git a/sysutils/anvil/distinfo b/sysutils/anvil/distinfo new file mode 100644 index 000000000000..f917cea98f2b --- /dev/null +++ b/sysutils/anvil/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1500063842 +SHA256 (dlangille-anvil-0.0.6_GH0.tar.gz) = 566a70f22f8d05675615b8690bcb8d06d9d5acbe075394c02eeec58bafa404e3 +SIZE (dlangille-anvil-0.0.6_GH0.tar.gz) = 3966 diff --git a/sysutils/anvil/files/cert-puller.conf.sample.in b/sysutils/anvil/files/cert-puller.conf.sample.in new file mode 100644 index 000000000000..5d1efd7f7552 --- /dev/null +++ b/sysutils/anvil/files/cert-puller.conf.sample.in @@ -0,0 +1,3 @@ +CERT_SERVER="https://certs.example.org/certs" +MYCERTS="services.example.org" +SERVICES="nginx" diff --git a/sysutils/anvil/files/cert-shifter.conf.sample.in b/sysutils/anvil/files/cert-shifter.conf.sample.in new file mode 100644 index 000000000000..89cb0ff9f946 --- /dev/null +++ b/sysutils/anvil/files/cert-shifter.conf.sample.in @@ -0,0 +1,6 @@ +CERT_SRC="/var/db/acme/certs" + +CERT_DST_ROOT="/var/db/certs-for-rsync" +CERT_DST_CERTS="${CERT_DST_ROOT}/certs" + +TMP="${CERT_DST_ROOT}/tmp" diff --git a/sysutils/anvil/files/pkg-install.in b/sysutils/anvil/files/pkg-install.in new file mode 100644 index 000000000000..9c15eb8fc418 --- /dev/null +++ b/sysutils/anvil/files/pkg-install.in @@ -0,0 +1,7 @@ +#!/bin/sh + +# $FreeBSD$ + +if [ "$2" == "POST-INSTALL" ]; then + /usr/sbin/chown -R anvil:anvil /var/db/anvil +fi diff --git a/sysutils/anvil/files/pkg-message.in b/sysutils/anvil/files/pkg-message.in new file mode 100644 index 000000000000..6d119d894080 --- /dev/null +++ b/sysutils/anvil/files/pkg-message.in @@ -0,0 +1,26 @@ +After installing anvil, this is a short checklist of things to do: + +* adjust anvil.conf + +* run 'cert-puller -s' to see the visudo settings you need + +* adjust the service configuration files if cert filenames are different + +* By default, anvil uses: + + * example.org.fullchain.cer + * example.org.key + +* anvil does not distribute .key files. Do that manually. + +* install the crontab for anvil: sudo crontab -e -u anvil: + +### +# use /bin/sh to run commands, overriding the default set by cron +SHELL=/bin/sh +# mail any output to here, no matter whose crontab this is +MAILTO=you@example.org + +7 13 * * * %%PREFIX%%/bin/cert-puller +### + diff --git a/sysutils/anvil/pkg-descr b/sysutils/anvil/pkg-descr new file mode 100644 index 000000000000..b590dedc7d9b --- /dev/null +++ b/sysutils/anvil/pkg-descr @@ -0,0 +1,14 @@ +Tools for distributing ssl certificates + +Designed for FreeBSD (it uses fetch, not wget or curl [yet]). + +It also uses sudo, with the goal of this running as non-root +and only allowing the cp & mv via sudo. + +These tools were designed with acme.sh & Let's Encrypt in mind, +but they should with with any certificates generated by any +means. + + + +WWW: https://github.com/dlangille/anvil diff --git a/sysutils/anvil/pkg-plist b/sysutils/anvil/pkg-plist new file mode 100644 index 000000000000..51dc0a85846d --- /dev/null +++ b/sysutils/anvil/pkg-plist @@ -0,0 +1,5 @@ +@sample %%ETCDIR%%/cert-shifter.conf.sample +@sample %%ETCDIR%%/cert-puller.conf.sample +bin/cert-shifter +bin/cert-puller +@dir(,,755) /var/db/anvil |