diff --git a/security/Makefile b/security/Makefile --- a/security/Makefile +++ b/security/Makefile @@ -983,6 +983,7 @@ SUBDIR += py-pgpdump SUBDIR += py-pgpy SUBDIR += py-plaso + SUBDIR += py-pnu-certwatch SUBDIR += py-pnu-vuxml SUBDIR += py-potr SUBDIR += py-pwntools diff --git a/security/py-pnu-certwatch/Makefile b/security/py-pnu-certwatch/Makefile new file mode 100644 --- /dev/null +++ b/security/py-pnu-certwatch/Makefile @@ -0,0 +1,27 @@ +PORTNAME= pnu-certwatch +DISTVERSION= 1.0.3 +CATEGORIES= security python +MASTER_SITES= PYPI +PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} + +MAINTAINER= hubert.tournier@gmail.com +COMMENT= Watch X509 certificates expiration dates +WWW= https://github.com/HubTou/certwatch + +LICENSE= BSD3CLAUSE +LICENSE_FILE= ${WRKSRC}/License + +BUILD_DEPENDS= ${PY_SETUPTOOLS} \ + ${PYTHON_PKGNAMEPREFIX}wheel>0:devel/py-wheel@${PY_FLAVOR} + +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}pnu-libpnu>=1.3.0:devel/py-pnu-libpnu@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}openpyxl>0:textproc/py-openpyxl@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}prettytable>0:devel/py-prettytable@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}tqdm>0:misc/py-tqdm@${PY_FLAVOR} + +USES= python shebangfix +USE_PYTHON= autoplist flavors pep517 cryptography + +SHEBANG_FILES= src/certwatch/*.py + +.include diff --git a/security/py-pnu-certwatch/distinfo b/security/py-pnu-certwatch/distinfo new file mode 100644 --- /dev/null +++ b/security/py-pnu-certwatch/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1711310583 +SHA256 (pnu-certwatch-1.0.3.tar.gz) = e736811765f567cb427035eb8449196638c1ea8ef7cb68755a58b2668b400f44 +SIZE (pnu-certwatch-1.0.3.tar.gz) = 22073 diff --git a/security/py-pnu-certwatch/pkg-descr b/security/py-pnu-certwatch/pkg-descr new file mode 100644 --- /dev/null +++ b/security/py-pnu-certwatch/pkg-descr @@ -0,0 +1,29 @@ +The certwatch utility monitors X509 certificates expiration dates by +processing one or more data files containing lists of hostnames with +optional port numbers. + +It's mainly used to check the expiration date of HTTPS certificates +(which is the default target when the port number is not indicated), +but the tool is protocol-agnostic and can "talk" to any SNI-aware +(Server Name Information) SSL/TLS server (smtps, imaps, ldaps, etc.) +without making too much assumptions on the correctness of servers +certificates. + +The certificates can be saved to a specified directory for further +analysis with other tools (such as OpenSSL). + +The tool's results are presented as text tables. + +The main one is the list of certificates successfully fetched, ordered +by expiration date. This list can be filtered to only show +certificates expired or expiring within the specified number of days. + +The second table is the sorted list of hostnames / hostports where +certificates couldn't be fetched, with our best attempts to identify +the reason why. + +Two additional tables can be generated in order to print the common +names and alternate names unmentioned in your input data files. + +Finally, for user convenience, all these reports can be generated in a +single multi-tabs Excel workbook.