git: 9ca1eb0d1ff0 - main - www/xcaddy: update to 0.4.4, modernize port, add security warning

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Jimmy Olgeni <olgeni_at_FreeBSD.org>
Date: Fri, 06 Jun 2025 20:07:51 UTC
The branch main has been updated by olgeni:

URL: https://cgit.FreeBSD.org/ports/commit/?id=9ca1eb0d1ff07efc8109123335995ec349ac6aa3

commit 9ca1eb0d1ff07efc8109123335995ec349ac6aa3
Author:     Jimmy Olgeni <olgeni@FreeBSD.org>
AuthorDate: 2025-06-06 18:12:50 +0000
Commit:     Jimmy Olgeni <olgeni@FreeBSD.org>
CommitDate: 2025-06-06 20:07:43 +0000

    www/xcaddy: update to 0.4.4, modernize port, add security warning
    
    - Convert from GH_TUPLE to GO_MODULE for cleaner dependency management
    - Use USES=go:modules,run to properly handle runtime Go dependency
    - Add pkg-message warning about security implications of running
      Caddy servers as root, with instructions for secure deployment
    - Remove PORTREVISION (reset on version update)
    
    xcaddy builds custom Caddy web servers which often need to bind to
    privileged ports. Users should be aware of the security implications
    and run their custom Caddy builds as unprivileged users with portacl-rc
    for port binding capabilities.
    
    PR:             279391
    Reported by:    Robert William Vesterman
---
 www/xcaddy/Makefile             | 18 +++++-------------
 www/xcaddy/distinfo             | 16 +++++-----------
 www/xcaddy/files/pkg-message.in | 30 ++++++++++++++++++++++++++++++
 3 files changed, 40 insertions(+), 24 deletions(-)

diff --git a/www/xcaddy/Makefile b/www/xcaddy/Makefile
index 797282692454..d47e313cec4d 100644
--- a/www/xcaddy/Makefile
+++ b/www/xcaddy/Makefile
@@ -1,7 +1,6 @@
 PORTNAME=	xcaddy
 DISTVERSIONPREFIX=	v
-DISTVERSION=	0.4.2
-PORTREVISION=	7
+DISTVERSION=	0.4.4
 CATEGORIES=	www
 DIST_SUBDIR=	xcaddy
 
@@ -12,20 +11,13 @@ WWW=		https://github.com/caddyserver/xcaddy
 LICENSE=	APACHE20
 LICENSE_FILE=	${WRKSRC}/LICENSE
 
-# xcaddy actually needs to run the go command to perform builds
-RUN_DEPENDS=	go:lang/go
-
-USES=		go:modules
-
-USE_GITHUB=	yes
-GH_ACCOUNT=	caddyserver
-GH_TUPLE=	Masterminds:semver:v3.2.1:masterminds_semver_v3/vendor/github.com/Masterminds/semver/v3 \
-		akavel:rsrc:v0.10.2:akavel_rsrc/vendor/github.com/akavel/rsrc \
-		google:shlex:e7afc7fbc510:google_shlex/vendor/github.com/google/shlex \
-		josephspurrier:goversioninfo:v1.4.0:josephspurrier_goversioninfo/vendor/github.com/josephspurrier/goversioninfo
+USES=		go:modules,run
 
+GO_MODULE=	github.com/caddyserver/xcaddy
 GO_TARGET=	./cmd/xcaddy
 
+SUB_FILES=	pkg-message
+
 PLIST_FILES=	bin/${PORTNAME}
 
 .include <bsd.port.mk>
diff --git a/www/xcaddy/distinfo b/www/xcaddy/distinfo
index 13c369f585d4..bf229fe67a30 100644
--- a/www/xcaddy/distinfo
+++ b/www/xcaddy/distinfo
@@ -1,11 +1,5 @@
-TIMESTAMP = 1717604060
-SHA256 (xcaddy/caddyserver-xcaddy-v0.4.2_GH0.tar.gz) = 02e685227fdddd2756993ca019cbe120da61833df070ccf23f250c122c13d554
-SIZE (xcaddy/caddyserver-xcaddy-v0.4.2_GH0.tar.gz) = 66798
-SHA256 (xcaddy/Masterminds-semver-v3.2.1_GH0.tar.gz) = 9c84cd0ae71ec40ae85b07110d6d7cfbb46085d3310378ccd89f2f87e77716d2
-SIZE (xcaddy/Masterminds-semver-v3.2.1_GH0.tar.gz) = 27011
-SHA256 (xcaddy/akavel-rsrc-v0.10.2_GH0.tar.gz) = 439ef04fcd896b278b99de793c5b7bab02e13b628bc50df01cb22990c8587b40
-SIZE (xcaddy/akavel-rsrc-v0.10.2_GH0.tar.gz) = 64417
-SHA256 (xcaddy/google-shlex-e7afc7fbc510_GH0.tar.gz) = 87f77e98720add261add169e386cbdcc894e2635dca299bc4119dc417ea321ca
-SIZE (xcaddy/google-shlex-e7afc7fbc510_GH0.tar.gz) = 7342
-SHA256 (xcaddy/josephspurrier-goversioninfo-v1.4.0_GH0.tar.gz) = afe8fb048ee7076599d7b520251dec97fa3d3fd852bdfe52cb535505160bad8d
-SIZE (xcaddy/josephspurrier-goversioninfo-v1.4.0_GH0.tar.gz) = 55672
+TIMESTAMP = 1749233456
+SHA256 (go/www_xcaddy/xcaddy-v0.4.4/v0.4.4.mod) = 9ee7d2d355495f3f7b1fd4b6c318110d8420b7e4b74d8561f3602a7e71b6b7a6
+SIZE (go/www_xcaddy/xcaddy-v0.4.4/v0.4.4.mod) = 416
+SHA256 (go/www_xcaddy/xcaddy-v0.4.4/v0.4.4.zip) = 35fd6b699d98a56c08688a429307012149dce1fc3bdae0c08dcb3944ec0634eb
+SIZE (go/www_xcaddy/xcaddy-v0.4.4/v0.4.4.zip) = 80630
diff --git a/www/xcaddy/files/pkg-message.in b/www/xcaddy/files/pkg-message.in
new file mode 100644
index 000000000000..38ca8ae86831
--- /dev/null
+++ b/www/xcaddy/files/pkg-message.in
@@ -0,0 +1,30 @@
+[
+{
+  type: install
+  message: <<INSTALL
+xcaddy is a tool to build custom Caddy web servers with plugins.
+
+SECURITY NOTICE:
+When building and running Caddy servers created with xcaddy, it is strongly
+recommended to run the resulting Caddy binary as an unprivileged user, such as
+www:www, rather than as root.
+
+For secure deployment of Caddy servers built with xcaddy:
+
+- Use security/portacl-rc to enable privileged port binding:
+
+  # pkg install security/portacl-rc
+  # sysrc portacl_users+=www
+  # sysrc portacl_user_www_tcp="http https"
+  # sysrc portacl_user_www_udp="https"
+  # service portacl enable
+  # service portacl start
+
+- Run your custom Caddy binary as www:www instead of root
+
+See https://caddyserver.com/docs/ for Caddy configuration documentation.
+See https://github.com/caddyserver/xcaddy for xcaddy usage instructions.
+
+INSTALL
+}
+]