diff --git a/security/step-certificates/Makefile b/security/step-certificates/Makefile index dd3daf6c32a2..d70b9816948b 100644 --- a/security/step-certificates/Makefile +++ b/security/step-certificates/Makefile @@ -1,41 +1,40 @@ PORTNAME= step-certificates DISTVERSIONPREFIX= v -DISTVERSION= 0.27.5 -PORTREVISION= 1 +DISTVERSION= 0.28.1 CATEGORIES= security MAINTAINER= mw@wipp.bayern -COMMENT= Smallstep step-ca certificates server +COMMENT= Smallstep step_ca certificates server WWW= https://smallstep.com/certificates/ LICENSE= APACHE20 LICENSE_FILE= ${WRKSRC}/LICENSE BUILD_DEPENDS= pcsc-lite>0:devel/pcsc-lite LIB_DEPENDS= libpcsclite.so:devel/pcsc-lite RUN_DEPENDS= step:security/step-cli USES= go:1.22,modules -USE_RC_SUBR= step-ca +USE_RC_SUBR= step_ca GO_MODULE= github.com/smallstep/certificates GO_TARGET= ./cmd/step-ca:${PREFIX}/sbin/step-ca GO_BUILDFLAGS= -ldflags "-w -X main.Version=${PORTVERSION}" USERS= step GROUPS= step post-install: ${MKDIR} ${STAGEDIR}${PREFIX}/etc/step ${MKDIR} ${STAGEDIR}${DOCSDIR} (cd ${WRKSRC}/examples && ${COPYTREE_SHARE} . ${STAGEDIR}${DOCSDIR}) ${INSTALL_MAN} ${WRKSRC}/LICENSE ${STAGEDIR}${DOCSDIR} ${INSTALL_MAN} ${WRKSRC}/CHANGELOG.md ${STAGEDIR}${DOCSDIR} ${INSTALL_MAN} ${WRKSRC}/CONTRIBUTING.md ${STAGEDIR}${DOCSDIR} ${INSTALL_MAN} ${WRKSRC}/README.md ${STAGEDIR}${DOCSDIR} ${INSTALL_MAN} ${WRKSRC}/SECURITY.md ${STAGEDIR}${DOCSDIR} .include diff --git a/security/step-certificates/distinfo b/security/step-certificates/distinfo index 27f74b7c1385..7306fa012d25 100644 --- a/security/step-certificates/distinfo +++ b/security/step-certificates/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1729364384 -SHA256 (go/security_step-certificates/step-certificates-v0.27.5/v0.27.5.mod) = 035fc4e3449be2e504dd99cf79ed07b27c3d514aee7bb116db4707861620c9d2 -SIZE (go/security_step-certificates/step-certificates-v0.27.5/v0.27.5.mod) = 8344 -SHA256 (go/security_step-certificates/step-certificates-v0.27.5/v0.27.5.zip) = 2c4774a23b31bb2fa3f854776c99269a9add30b0d5dc23b0c301ba46dc77e11c -SIZE (go/security_step-certificates/step-certificates-v0.27.5/v0.27.5.zip) = 1161319 +TIMESTAMP = 1736184396 +SHA256 (go/security_step-certificates/step-certificates-v0.28.1/v0.28.1.mod) = 41cf738a27e1f0894ddd48801408f60c78fd8b69dee14e8db55c9eb445959d46 +SIZE (go/security_step-certificates/step-certificates-v0.28.1/v0.28.1.mod) = 8354 +SHA256 (go/security_step-certificates/step-certificates-v0.28.1/v0.28.1.zip) = b1e3a63ae518e9475979006b3665816757e06f62bef180060749fb4eb276dd42 +SIZE (go/security_step-certificates/step-certificates-v0.28.1/v0.28.1.zip) = 1168039 diff --git a/security/step-certificates/files/step-ca.in b/security/step-certificates/files/step_ca.in similarity index 93% rename from security/step-certificates/files/step-ca.in rename to security/step-certificates/files/step_ca.in index 88d784823679..2d5ac4edad39 100644 --- a/security/step-certificates/files/step-ca.in +++ b/security/step-certificates/files/step_ca.in @@ -1,123 +1,124 @@ #!/bin/sh -# PROVIDE: step-ca +# PROVIDE: step_ca # REQUIRE: LOGIN networking # KEYWORD: shutdown # # Add the following lines to /etc/rc.conf.local or /etc/rc.conf # to enable or customize this service: # # step_ca_enable (bool): Set to NO by default. # Set to YES to enable step_ca. # step_ca_user (user): Set user to run step_ca. # Default is "step" # step_ca_group (group): Set group to run step_ca. # Default is "step" # step_ca_stepdir (dir): Set dir to run step_ca in. # Default is "%%PREFIX%%/etc/step" # step_ca_steppath (dir): Set dir to run hold step_ca CA information in. # Default is "${step_ca_stepdir}/ca" # step_ca_password (path): step_ca CA Password file path # Default is "${step_ca_stepdir}/password.txt" . /etc/rc.subr name="step_ca" rcvar="step_ca_enable" load_rc_config $name : ${step_ca_enable:=no} : ${step_ca_user:=step} : ${step_ca_group:=step} : ${step_ca_stepdir:=%%PREFIX%%/etc/step} : ${step_ca_steppath:=${step_ca_stepdir}/ca} : ${step_ca_password:=${step_ca_stepdir}/password.txt} +: ${step_ca_env:=STEPPATH=${step_ca_steppath}} pidfile="/var/run/${name}.pid" step_ca_command="%%PREFIX%%/sbin/step-ca" step_ca_config="\ ${step_ca_steppath}/config/ca.json \ --password-file ${step_ca_password}" command="/usr/sbin/daemon" command_args="-S -c \ -P $pidfile \ -t $name \ -T $name \ $step_ca_command $step_ca_config" start_precmd=step_ca_startprecmd start_postcmd=step_ca_postcmd extra_commands="configure" configure_cmd="step_ca_configure" step_ca_startprecmd() { if [ ! -e ${pidfile} ]; then install -o ${step_ca_user} -g ${step_ca_group} /dev/null ${pidfile}; fi if [ ! -e ${step_ca_steppath} ]; then echo "No configured Step CA found." - echo "Please run service step-ca configure" + echo "Please run service step_ca configure" exit 1 else export STEPPATH=${step_ca_steppath} fi if [ ! -e ${step_ca_password} ]; then echo "Step CA Password file for auto-start not found" - echo "Please run service step-ca configure" + echo "Please run service step_ca configure" exit 1 fi if [ -e ${step_ca_steppath}/config/ca.json ]; then configured_port=$(sed -n -e '/"address"/ s/.*:\(.*\)".*/\1/p' ${step_ca_steppath}/config/ca.json) if [ ${configured_port} -lt 1024 ]; then echo "Privileged Port (${configured_port}) configured: cannot run as ${step_ca_user}" exit 1 fi fi } step_ca_postcmd() { sleep 2 run_rc_command status } step_ca_configure() { if [ ! -e ${step_ca_steppath} ]; then echo "No configured Step CA found." echo "Creating new one...." - install -d -m 600 -o ${step_ca_user} -g ${step_ca_group} ${step_ca_steppath} + install -d -m 700 -o ${step_ca_user} -g ${step_ca_group} ${step_ca_steppath} export STEPPATH=${step_ca_steppath} %%PREFIX%%/bin/step ca init --ssh chown -R ${step_ca_user}:${step_ca_group} ${step_ca_stepdir} else echo "Configured Step CA found at ${step_ca_steppath}." echo "Please remove the directory and its contents manually if you really want to reconfigure." export STEPPATH=${step_ca_steppath} fi if [ ! -e ${step_ca_password} ]; then echo "Step CA Password file for auto-start not found" echo "Creating it...." install -m 600 -o ${step_ca_user} -g ${step_ca_group} /dev/null ${step_ca_password} echo "Please enter the Step CA Password:" stty -echo; read passwd; stty echo; echo echo $passwd > ${step_ca_password} else echo "Configured Step CA password file found at ${step_ca_password}." echo "Please remove the file manually if you really want to reconfigure." fi if [ -e ${step_ca_steppath}/config/ca.json ]; then configured_port=$(sed -n -e '/"address"/ s/.*:\(.*\)".*/\1/p' ${step_ca_steppath}/config/ca.json) if [ ${configured_port} -lt 1024 ]; then echo "Privileged Port (${configured_port}) configured: cannot run as ${step_ca_user}" fi fi } run_rc_command "$1" diff --git a/security/step-certificates/pkg-message b/security/step-certificates/pkg-message index 2e595b5f19ae..bca4286cd021 100644 --- a/security/step-certificates/pkg-message +++ b/security/step-certificates/pkg-message @@ -1,27 +1,29 @@ [ { type: install message: <