svn commit: r511693 - in head/security/py-certbot: . files
Alan Somers
asomers at FreeBSD.org
Mon Sep 9 19:50:43 UTC 2019
Author: asomers (src committer)
Date: Mon Sep 9 19:50:42 2019
New Revision: 511693
URL: https://svnweb.freebsd.org/changeset/ports/511693
Log:
security/py-certbot: Add periodic script for renewing certificates
PR: 221043
Submitted by: Dmitry Marakasov, asomers, Yasuhiro KIMURA
Approved by: koobs (maintainer timeout)
Added:
head/security/py-certbot/files/500.certbot.in (contents, props changed)
Modified:
head/security/py-certbot/Makefile
head/security/py-certbot/pkg-message
Modified: head/security/py-certbot/Makefile
==============================================================================
--- head/security/py-certbot/Makefile Mon Sep 9 19:34:59 2019 (r511692)
+++ head/security/py-certbot/Makefile Mon Sep 9 19:50:42 2019 (r511693)
@@ -3,6 +3,7 @@
PORTNAME= certbot
PORTVERSION= ${ACME_VERSION}
+PORTREVISION= 1
PORTEPOCH= 1
CATEGORIES= security python
MASTER_SITES= CHEESESHOP
@@ -34,9 +35,16 @@ USES= python
USE_PYTHON= autoplist concurrent distutils
NO_ARCH= yes
+SUB_FILES= 500.certbot
+PLIST_FILES= etc/periodic/weekly/500.certbot
post-patch:
@${REINPLACE_CMD} -e 's|/usr/local|${LOCALBASE}|' ${WRKSRC}/certbot/compat/misc.py
+
+post-install:
+ ${MKDIR} ${STAGEDIR}${PREFIX}/etc/periodic/weekly
+ ${INSTALL_SCRIPT} ${WRKDIR}/500.certbot \
+ ${STAGEDIR}${PREFIX}/etc/periodic/weekly
do-test:
@cd ${WRKSRC} && ${PYTHON_CMD} ${PYDISTUTILS_SETUP} test
Added: head/security/py-certbot/files/500.certbot.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/py-certbot/files/500.certbot.in Mon Sep 9 19:50:42 2019 (r511693)
@@ -0,0 +1,53 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# Automatically renew Let's Encrypt certificates each week
+#
+# Add the following lines to /etc/periodic.conf:
+#
+# weekly_certbot_enable (bool): Set to "NO" by default
+# weekly_certbot_service (str): If defined, certbot will try to
+# shutdown this this service before
+# renewing the certificate, and restart
+# it afterwards. For example, set to
+# "nginx" or "apache24"
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$weekly_certbot_enable" in
+ [Yy][Ee][Ss])
+ echo
+ echo "Renewing Let's Encrypt certificates:"
+
+ PRE_HOOK=""
+ POST_HOOK=""
+ if [ -n "$weekly_certbot_service" ]
+ then
+ if service "$weekly_certbot_service" onestatus
+ then
+ PRE_HOOK="service $weekly_certbot_service onestop"
+ POST_HOOK="service $weekly_certbot_service onestart"
+ fi
+ fi
+
+ anticongestion
+ if %%LOCALBASE%%/bin/certbot renew --pre-hook "$PRE_HOOK" \
+ --post-hook "$POST_HOOK" \
+ --no-random-sleep-on-renew
+ then
+ rc=0
+ else
+ rc=1
+ fi
+ ;;
+ *) rc=0;;
+esac
+
+exit $rc
Modified: head/security/py-certbot/pkg-message
==============================================================================
--- head/security/py-certbot/pkg-message Mon Sep 9 19:34:59 2019 (r511692)
+++ head/security/py-certbot/pkg-message Mon Sep 9 19:50:42 2019 (r511693)
@@ -24,6 +24,11 @@ will be made available in the following ports:
* Apache plugin: security/py-certbot-apache
* Nginx plugin: security/py-certbot-nginx
+
+In order to automatically renew the certificates, add this line to
+/etc/periodic.conf:
+
+ weekly_certbot_enable="YES"
EOM
}
]
More information about the svn-ports-all
mailing list