svn commit: r445832 - in head/sysutils: . anvil anvil/files
Dan Langille
dvl at FreeBSD.org
Fri Jul 14 22:22:48 UTC 2017
Author: dvl
Date: Fri Jul 14 22:22:46 2017
New Revision: 445832
URL: https://svnweb.freebsd.org/changeset/ports/445832
Log:
Tools for distributing ssl certificates
Added:
head/sysutils/anvil/
head/sysutils/anvil/Makefile (contents, props changed)
head/sysutils/anvil/distinfo (contents, props changed)
head/sysutils/anvil/files/
head/sysutils/anvil/files/cert-puller.conf.sample.in (contents, props changed)
head/sysutils/anvil/files/cert-shifter.conf.sample.in (contents, props changed)
head/sysutils/anvil/files/pkg-install.in (contents, props changed)
head/sysutils/anvil/files/pkg-message.in (contents, props changed)
head/sysutils/anvil/pkg-descr (contents, props changed)
head/sysutils/anvil/pkg-plist (contents, props changed)
Modified:
head/sysutils/Makefile
Modified: head/sysutils/Makefile
==============================================================================
--- head/sysutils/Makefile Fri Jul 14 21:51:22 2017 (r445831)
+++ head/sysutils/Makefile Fri Jul 14 22:22:46 2017 (r445832)
@@ -39,6 +39,7 @@
SUBDIR += android-file-transfer-qt5
SUBDIR += ansible
SUBDIR += ansible1
+ SUBDIR += anvil
SUBDIR += apachetop
SUBDIR += apcpwr
SUBDIR += apcupsd
Added: head/sysutils/anvil/Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sysutils/anvil/Makefile Fri Jul 14 22:22:46 2017 (r445832)
@@ -0,0 +1,30 @@
+# $FreeBSD$
+
+PORTNAME= anvil
+PORTVERSION= 0.0.6
+CATEGORIES= sysutils
+
+MAINTAINER= dvl at FreeBSD.org
+COMMENT= Tools for distributing ssl certificates
+
+LICENSE= BSD2CLAUSE
+
+USE_GITHUB= yes
+GH_ACCOUNT= dlangille
+
+USERS= anvil
+GROUPS= anvil
+
+SUB_FILES+= cert-shifter.conf.sample cert-puller.conf.sample pkg-install pkg-message
+
+NO_BUILD= yes
+
+do-install:
+ ${MKDIR} ${STAGEDIR}${ETCDIR}
+ ${MKDIR} ${STAGEDIR}/var/db/anvil
+ ${INSTALL_DATA} ${WRKDIR}/cert-shifter.conf.sample ${STAGEDIR}${ETCDIR}
+ ${INSTALL_DATA} ${WRKDIR}/cert-puller.conf.sample ${STAGEDIR}${ETCDIR}
+ ${INSTALL_SCRIPT} ${WRKSRC}/cert-shifter ${STAGEDIR}${PREFIX}/bin
+ ${INSTALL_SCRIPT} ${WRKSRC}/cert-puller ${STAGEDIR}${PREFIX}/bin
+
+.include <bsd.port.mk>
Added: head/sysutils/anvil/distinfo
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sysutils/anvil/distinfo Fri Jul 14 22:22:46 2017 (r445832)
@@ -0,0 +1,3 @@
+TIMESTAMP = 1500063842
+SHA256 (dlangille-anvil-0.0.6_GH0.tar.gz) = 566a70f22f8d05675615b8690bcb8d06d9d5acbe075394c02eeec58bafa404e3
+SIZE (dlangille-anvil-0.0.6_GH0.tar.gz) = 3966
Added: head/sysutils/anvil/files/cert-puller.conf.sample.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sysutils/anvil/files/cert-puller.conf.sample.in Fri Jul 14 22:22:46 2017 (r445832)
@@ -0,0 +1,3 @@
+CERT_SERVER="https://certs.example.org/certs"
+MYCERTS="services.example.org"
+SERVICES="nginx"
Added: head/sysutils/anvil/files/cert-shifter.conf.sample.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sysutils/anvil/files/cert-shifter.conf.sample.in Fri Jul 14 22:22:46 2017 (r445832)
@@ -0,0 +1,6 @@
+CERT_SRC="/var/db/acme/certs"
+
+CERT_DST_ROOT="/var/db/certs-for-rsync"
+CERT_DST_CERTS="${CERT_DST_ROOT}/certs"
+
+TMP="${CERT_DST_ROOT}/tmp"
Added: head/sysutils/anvil/files/pkg-install.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sysutils/anvil/files/pkg-install.in Fri Jul 14 22:22:46 2017 (r445832)
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# $FreeBSD$
+
+if [ "$2" == "POST-INSTALL" ]; then
+ /usr/sbin/chown -R anvil:anvil /var/db/anvil
+fi
Added: head/sysutils/anvil/files/pkg-message.in
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sysutils/anvil/files/pkg-message.in Fri Jul 14 22:22:46 2017 (r445832)
@@ -0,0 +1,26 @@
+After installing anvil, this is a short checklist of things to do:
+
+* adjust anvil.conf
+
+* run 'cert-puller -s' to see the visudo settings you need
+
+* adjust the service configuration files if cert filenames are different
+
+* By default, anvil uses:
+
+ * example.org.fullchain.cer
+ * example.org.key
+
+* anvil does not distribute .key files. Do that manually.
+
+* install the crontab for anvil: sudo crontab -e -u anvil:
+
+###
+# use /bin/sh to run commands, overriding the default set by cron
+SHELL=/bin/sh
+# mail any output to here, no matter whose crontab this is
+MAILTO=you at example.org
+
+7 13 * * * %%PREFIX%%/bin/cert-puller
+###
+
Added: head/sysutils/anvil/pkg-descr
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sysutils/anvil/pkg-descr Fri Jul 14 22:22:46 2017 (r445832)
@@ -0,0 +1,14 @@
+Tools for distributing ssl certificates
+
+Designed for FreeBSD (it uses fetch, not wget or curl [yet]).
+
+It also uses sudo, with the goal of this running as non-root
+and only allowing the cp & mv via sudo.
+
+These tools were designed with acme.sh & Let's Encrypt in mind,
+but they should with with any certificates generated by any
+means.
+
+
+
+WWW: https://github.com/dlangille/anvil
Added: head/sysutils/anvil/pkg-plist
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/sysutils/anvil/pkg-plist Fri Jul 14 22:22:46 2017 (r445832)
@@ -0,0 +1,5 @@
+ at sample %%ETCDIR%%/cert-shifter.conf.sample
+ at sample %%ETCDIR%%/cert-puller.conf.sample
+bin/cert-shifter
+bin/cert-puller
+ at dir(,,755) /var/db/anvil
More information about the svn-ports-all
mailing list