svn commit: r550490 - in head/security/testssl.sh: . files
Adam Weinberger
adamw at FreeBSD.org
Tue Sep 29 10:10:52 UTC 2020
Author: adamw
Date: Tue Sep 29 10:10:50 2020
New Revision: 550490
URL: https://svnweb.freebsd.org/changeset/ports/550490
Log:
security/testssl.sh: Turn REINPLACEs into patches
While here, improve some text strings and general formatting.
Modified:
head/security/testssl.sh/Makefile
head/security/testssl.sh/files/patch-testssl.sh
head/security/testssl.sh/pkg-descr
Modified: head/security/testssl.sh/Makefile
==============================================================================
--- head/security/testssl.sh/Makefile Tue Sep 29 09:41:41 2020 (r550489)
+++ head/security/testssl.sh/Makefile Tue Sep 29 10:10:50 2020 (r550490)
@@ -5,45 +5,40 @@ DISTVERSION= 3.0.2
CATEGORIES= security
MAINTAINER= adamw at FreeBSD.org
-COMMENT= Test TLS/SSL encryption anywhere on any port
+COMMENT= Analyze and report TLS/SSL configuration/misconfiguration
LICENSE= GPLv2
LICENSE_FILE= ${WRKSRC}/LICENSE
-RUN_DEPENDS= ${LOCALBASE}/openssl-unsafe/bin/openssl:security/openssl-unsafe \
+RUN_DEPENDS= openssl-unsafe>=1.0.1:security/openssl-unsafe \
bash:shells/bash
TEST_DEPENDS= p5-JSON>=0:converters/p5-JSON
USES= perl5 shebangfix
USE_GITHUB= yes
GH_ACCOUNT= drwetter
-USE_PERL5= test
+
SHEBANG_FILES= testssl.sh utils/*
+
+USE_PERL5= test
TEST_ENV= TESTSSL_INSTALL_DIR=${WRKSRC}
NO_ARCH= yes
NO_BUILD= yes
post-patch:
- @${REINPLACE_CMD} -e '/elif test_openssl_suffix/d' \
- -e 's at OPENSSL=PREFIX at OPENSSL=${PREFIX}@' \
- -e 's@$${TESTSSL_INSTALL_DIR:-""}@$${TESTSSL_INSTALL_DIR:-"${DATADIR}"}@' \
- -e '/check_bsd_mount$$/d' \
+ ${REINPLACE_CMD} -e 's|%%PREFIX%%|${PREFIX}|; s|%%DATADIR%%|${DATADIR}|' \
${WRKSRC}/testssl.sh
do-install:
- ${INSTALL_SCRIPT} ${WRKSRC}/testssl.sh \
- ${STAGEDIR}${PREFIX}/bin
- ${INSTALL_MAN} ${WRKSRC}/doc/testssl.1 \
- ${STAGEDIR}${MAN1PREFIX}/man/man1
- @cd ${WRKSRC} && \
- ${COPYTREE_SHARE} "etc utils" ${STAGEDIR}${DATADIR}
+ ${INSTALL_SCRIPT} ${WRKSRC}/testssl.sh ${STAGEDIR}${PREFIX}/bin
+ ${INSTALL_MAN} ${WRKSRC}/doc/testssl.1 ${STAGEDIR}${MAN1PREFIX}/man/man1
+ cd ${WRKSRC} && ${COPYTREE_SHARE} "etc utils" ${STAGEDIR}${DATADIR}
do-test:
# Run the badssl.com test as a sanity check. The full test suite
# opens too many network connections and might take too long to
# run.
- @cd ${WRKSRC} && \
- ${SETENV} ${TEST_ENV} prove -v t/51_badssl.com.t
+ cd ${WRKSRC} && ${SETENV} ${TEST_ENV} prove -v t/51_badssl.com.t
.include <bsd.port.mk>
Modified: head/security/testssl.sh/files/patch-testssl.sh
==============================================================================
--- head/security/testssl.sh/files/patch-testssl.sh Tue Sep 29 09:41:41 2020 (r550489)
+++ head/security/testssl.sh/files/patch-testssl.sh Tue Sep 29 10:10:50 2020 (r550490)
@@ -1,12 +1,29 @@
---- testssl.sh.orig 2019-12-11 11:41:31 UTC
+--- testssl.sh.orig 2020-09-29 09:50:09 UTC
+++ testssl.sh
-@@ -190,6 +190,9 @@ TERM_CURRPOS=0
+@@ -132,7 +132,7 @@ declare -r RUN_DIR="$(dirname "$0")"
+ declare -r SYSTEM="$(uname -s)"
+ declare -r SYSTEMREV="$(uname -r)"
+ SYSTEM2="" # currently only being used for WSL = bash on windows
+-TESTSSL_INSTALL_DIR="${TESTSSL_INSTALL_DIR:-""}" # If you run testssl.sh and it doesn't find it necessary file automagically set TESTSSL_INSTALL_DIR
++TESTSSL_INSTALL_DIR="${TESTSSL_INSTALL_DIR:-"%%DATADIR%%"}" # If you run testssl.sh and it doesn't find it necessary file automagically set TESTSSL_INSTALL_DIR
+ CA_BUNDLES_PATH="${CA_BUNDLES_PATH:-""}" # You can have your stores some place else
+ ADDITIONAL_CA_FILES="${ADDITIONAL_CA_FILES:-""}" # single file with a CA in PEM format or comma separated lists of them
+ CIPHERS_BY_STRENGTH_FILE=""
+@@ -187,6 +187,9 @@ TERM_CURRPOS=0
########### Defining (and presetting) variables which can be changed
#
# Following variables make use of $ENV and can be used like "OPENSSL=<myprivate_path_to_openssl> ./testssl.sh <URI>"
-+if [[ -z "$OPENSSL" ]] ; then
-+ OPENSSL=PREFIX/openssl-unsafe/bin/openssl
++if [[ -z "$OPENSSL" ]]; then
++ OPENSSL=%%PREFIX%%/openssl-unsafe/bin/openssl
+fi
declare -x OPENSSL
OPENSSL_TIMEOUT=${OPENSSL_TIMEOUT:-""} # Default connect timeout with openssl before we call the server side unreachable
CONNECT_TIMEOUT=${CONNECT_TIMEOUT:-""} # Default connect timeout with sockets before we call the server side unreachable
+@@ -20128,7 +20131,6 @@ lets_roll() {
+ mybanner
+ check_proxy
+ check4openssl_oldfarts
+- check_bsd_mount
+
+
+ if "$do_display_only"; then
Modified: head/security/testssl.sh/pkg-descr
==============================================================================
--- head/security/testssl.sh/pkg-descr Tue Sep 29 09:41:41 2020 (r550489)
+++ head/security/testssl.sh/pkg-descr Tue Sep 29 10:10:50 2020 (r550490)
@@ -3,13 +3,12 @@ any port for the support of TLS/SSL ciphers, protocols
cryptographic flaws. Key features:
- Clear output: you can tell easily whether anything is good or bad
+- Machine readable output (CSV, two JSON formats)
- Flexibility: You can test any SSL/TLS enabled and STARTTLS service,
not only webservers at port 443
-- Toolbox: Several command line options help you to run YOUR test and
- configure YOUR output
+- Toolbox: Several command line options help you to run your test and
+ configure your output
- Reliability: features are tested thoroughly
-- Verbosity: If a particular check cannot be performed because of a
- missing capability on your client side, you'll get a warning
- Privacy: It's only you who sees the result, not a third party
WWW: https://github.com/drwetter/testssl.sh
More information about the svn-ports-all
mailing list