git: 9dedd058b1bd - main - security/certmonger: New port
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 13 Jun 2025 19:33:20 UTC
The branch main has been updated by crees:
URL: https://cgit.FreeBSD.org/ports/commit/?id=9dedd058b1bd0a21c942bdc9f56fa1aeef602449
commit 9dedd058b1bd0a21c942bdc9f56fa1aeef602449
Author: Chris Rees <crees@FreeBSD.org>
AuthorDate: 2025-06-13 19:30:51 +0000
Commit: Chris Rees <crees@FreeBSD.org>
CommitDate: 2025-06-13 19:33:08 +0000
security/certmonger: New port
Certmonger is primarily concerned with getting you or your system
enrolled with a certificate authority (CA) and keeping you enrolled.
To do this, the certmonger daemon runs in the background, taking guidance from
client tools (via a D-Bus API, a command-line tool is provided which uses it).
The daemon:
can generate key pairs if you don't already have one
can use a key pair to generate a certificate signing request
can submit the signing request to a CA
can wait for the CA to decide whether or not to issue the certificate
can store an issued certificate in a specified location
can monitor the certificate to see if it's about to expire
can warn you or simply log that a certificate is about to expire
can attempt to get a new certificate when a certificate is about to expire
The goal is to have certmonger do what you need it to do based on what you've
told it you need. If you already have a certificate, it will be happy to just
check on it periodically and warn you when it's about to expire. If you tell it
where the private key is, and where the CA is, it can go ahead and try to
re-enroll if you like.
Keys and certificates can be stored and read in any of these formats:
PEM-formatted files
NSS database (dbm or sql)
---
security/Makefile | 1 +
security/certmonger/Makefile | 41 +++++++++++++++++++
security/certmonger/distinfo | 3 ++
security/certmonger/files/certmonger.in | 26 ++++++++++++
security/certmonger/pkg-descr | 27 +++++++++++++
security/certmonger/pkg-plist | 71 +++++++++++++++++++++++++++++++++
6 files changed, 169 insertions(+)
diff --git a/security/Makefile b/security/Makefile
index dc0f37cf5530..ddae4dbefef7 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -76,6 +76,7 @@
SUBDIR += ccsrch
SUBDIR += certificate_maker
SUBDIR += certmgr
+ SUBDIR += certmonger
SUBDIR += certspotter
SUBDIR += cfssl
SUBDIR += cfv
diff --git a/security/certmonger/Makefile b/security/certmonger/Makefile
new file mode 100644
index 000000000000..6d992e7e3e51
--- /dev/null
+++ b/security/certmonger/Makefile
@@ -0,0 +1,41 @@
+PORTNAME= certmonger
+DISTVERSION= 0.79.20
+CATEGORIES= security
+MASTER_SITES= https://pagure.io/certmonger/archive/${DISTVERSION}/
+
+MAINTAINER= crees@FreeBSD.org
+COMMENT= Daemon to enrol with a CA and renew SSL certificates
+WWW= https://pagure.io/certmonger
+
+LICENSE= GPLv3
+LICENSE_FILE= ${WRKSRC}/LICENSE
+
+LIB_DEPENDS= libcurl.so:ftp/curl \
+ libdbus-1.so:devel/dbus \
+ libidn2.so:dns/libidn2 \
+ libjansson.so:devel/jansson \
+ libldap.so:net/openldap26-client \
+ libnspr4.so:devel/nspr \
+ libnss3.so:security/nss \
+ libpopt.so:devel/popt \
+ libtalloc.so:devel/talloc \
+ libtevent.so:devel/tevent \
+ libuuid.so:misc/e2fsprogs-libuuid
+
+USES= autoreconf gettext gnome gssapi:mit iconv pkgconfig ssl
+USE_GNOME= libxml2
+USE_RC_SUBR= ${PORTNAME}
+GNU_CONFIGURE= yes
+CONFIGURE_ARGS+= ${ICONV_CONFIGURE_ARG}
+CFLAGS+= -L${PREFIX}/lib -lintl
+
+# There appears to be some hardcoded gettext dependencies
+#OPTIONS_DEFINE= NLS
+
+post-install:
+ ${MV} ${STAGEDIR}${ETCDIR}/${PORTNAME}.conf \
+ ${STAGEDIR}${ETCDIR}/${PORTNAME}.conf.sample
+ ${RMDIR} ${STAGEDIR}/var/lib/${PORTNAME}/cas
+ ${RMDIR} ${STAGEDIR}/var/lib/${PORTNAME}/requests
+
+.include <bsd.port.mk>
diff --git a/security/certmonger/distinfo b/security/certmonger/distinfo
new file mode 100644
index 000000000000..425f176df586
--- /dev/null
+++ b/security/certmonger/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1747746478
+SHA256 (certmonger-0.79.20.tar.gz) = 23645a5c1b284d73df448dbb97366c1b6e639223fc9465e7834fa5c5fef3f01e
+SIZE (certmonger-0.79.20.tar.gz) = 962445
diff --git a/security/certmonger/files/certmonger.in b/security/certmonger/files/certmonger.in
new file mode 100644
index 000000000000..5b7a7fafa4bd
--- /dev/null
+++ b/security/certmonger/files/certmonger.in
@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# PROVIDE: certmonger
+# REQUIRE: dbus
+# KEYWORD: shutdown
+#
+# Add the following lines to /etc/rc.conf to enable Certmonger
+#
+# dbus_enable=yes
+# certmonger_enable=yes
+#
+
+. /etc/rc.subr
+
+name=certmonger
+rcvar=certmonger_enable
+desc="Certificate monitor and PKI enrolment client"
+load_rc_config $name
+
+: ${certmonger_enable:=no}
+
+command="%%PREFIX%%/sbin/certmonger"
+pidfile=/var/run/certmonger.pid
+command_args="-p $pidfile"
+
+run_rc_command $*
diff --git a/security/certmonger/pkg-descr b/security/certmonger/pkg-descr
new file mode 100644
index 000000000000..57bfb56e9369
--- /dev/null
+++ b/security/certmonger/pkg-descr
@@ -0,0 +1,27 @@
+Certmonger is primarily concerned with getting you or your system
+enrolled with a certificate authority (CA) and keeping you enrolled.
+
+To do this, the certmonger daemon runs in the background, taking guidance from
+client tools (via a D-Bus API, a command-line tool is provided which uses it).
+
+The daemon:
+
+ can generate key pairs if you don't already have one
+ can use a key pair to generate a certificate signing request
+ can submit the signing request to a CA
+ can wait for the CA to decide whether or not to issue the certificate
+ can store an issued certificate in a specified location
+ can monitor the certificate to see if it's about to expire
+ can warn you or simply log that a certificate is about to expire
+ can attempt to get a new certificate when a certificate is about to expire
+
+The goal is to have certmonger do what you need it to do based on what you've
+told it you need. If you already have a certificate, it will be happy to just
+check on it periodically and warn you when it's about to expire. If you tell it
+where the private key is, and where the CA is, it can go ahead and try to
+re-enroll if you like.
+
+Keys and certificates can be stored and read in any of these formats:
+
+ PEM-formatted files
+ NSS database (dbm or sql)
diff --git a/security/certmonger/pkg-plist b/security/certmonger/pkg-plist
new file mode 100644
index 000000000000..fa555dcc03b1
--- /dev/null
+++ b/security/certmonger/pkg-plist
@@ -0,0 +1,71 @@
+bin/getcert
+bin/ipa-getcert
+bin/local-getcert
+bin/selfsign-getcert
+@sample %%ETCDIR%%/certmonger.conf.sample
+etc/dbus-1/system.d/org.fedorahosted.certmonger.conf
+libexec/certmonger/certmonger-session
+libexec/certmonger/dogtag-ipa-renew-agent-submit
+libexec/certmonger/dogtag-submit
+libexec/certmonger/ipa-submit
+libexec/certmonger/local-submit
+libexec/certmonger/scep-submit
+sbin/certmonger
+share/dbus-1/services/org.fedorahosted.certmonger.service
+share/locale/bg/LC_MESSAGES/certmonger.mo
+share/locale/ca/LC_MESSAGES/certmonger.mo
+share/locale/cs_CZ/LC_MESSAGES/certmonger.mo
+share/locale/da/LC_MESSAGES/certmonger.mo
+share/locale/de/LC_MESSAGES/certmonger.mo
+share/locale/es/LC_MESSAGES/certmonger.mo
+share/locale/eu/LC_MESSAGES/certmonger.mo
+share/locale/fr/LC_MESSAGES/certmonger.mo
+share/locale/gu/LC_MESSAGES/certmonger.mo
+share/locale/hu/LC_MESSAGES/certmonger.mo
+share/locale/id/LC_MESSAGES/certmonger.mo
+share/locale/it/LC_MESSAGES/certmonger.mo
+share/locale/ja/LC_MESSAGES/certmonger.mo
+share/locale/ka/LC_MESSAGES/certmonger.mo
+share/locale/ko/LC_MESSAGES/certmonger.mo
+share/locale/lt/LC_MESSAGES/certmonger.mo
+share/locale/nb/LC_MESSAGES/certmonger.mo
+share/locale/nl/LC_MESSAGES/certmonger.mo
+share/locale/pl/LC_MESSAGES/certmonger.mo
+share/locale/pt/LC_MESSAGES/certmonger.mo
+share/locale/pt_BR/LC_MESSAGES/certmonger.mo
+share/locale/ru/LC_MESSAGES/certmonger.mo
+share/locale/si/LC_MESSAGES/certmonger.mo
+share/locale/sv/LC_MESSAGES/certmonger.mo
+share/locale/ta/LC_MESSAGES/certmonger.mo
+share/locale/tr/LC_MESSAGES/certmonger.mo
+share/locale/uk/LC_MESSAGES/certmonger.mo
+share/locale/zh_CN/LC_MESSAGES/certmonger.mo
+share/locale/zh_TW/LC_MESSAGES/certmonger.mo
+share/man/man1/getcert-add-ca.1.gz
+share/man/man1/getcert-add-scep-ca.1.gz
+share/man/man1/getcert-list-cas.1.gz
+share/man/man1/getcert-list.1.gz
+share/man/man1/getcert-modify-ca.1.gz
+share/man/man1/getcert-refresh-ca.1.gz
+share/man/man1/getcert-refresh.1.gz
+share/man/man1/getcert-rekey.1.gz
+share/man/man1/getcert-remove-ca.1.gz
+share/man/man1/getcert-request.1.gz
+share/man/man1/getcert-resubmit.1.gz
+share/man/man1/getcert-start-tracking.1.gz
+share/man/man1/getcert-status.1.gz
+share/man/man1/getcert-stop-tracking.1.gz
+share/man/man1/getcert.1.gz
+share/man/man1/ipa-getcert.1.gz
+share/man/man1/local-getcert.1.gz
+share/man/man1/selfsign-getcert.1.gz
+share/man/man5/certmonger.conf.5.gz
+share/man/man8/certmonger-dogtag-ipa-renew-agent-submit.8.gz
+share/man/man8/certmonger-dogtag-submit.8.gz
+share/man/man8/certmonger-ipa-submit.8.gz
+share/man/man8/certmonger-local-submit.8.gz
+share/man/man8/certmonger-scep-submit.8.gz
+share/man/man8/certmonger.8.gz
+@dir /var/lib/certmonger/local
+@dir /var/lib/certmonger
+@dir /var/lib