Page MenuHomeFreeBSD

security/letsencrypt.sh: Update to 2016-02-12
ClosedPublic

Authored by brnrd on Feb 12 2016, 9:01 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Jan 7, 8:00 PM
Unknown Object (File)
Dec 18 2022, 7:05 PM
Unknown Object (File)
Apr 17 2017, 8:34 PM
Unknown Object (File)
Apr 14 2017, 3:02 PM
Unknown Object (File)
Apr 14 2017, 7:26 AM
Unknown Object (File)
Apr 13 2017, 3:19 AM
Unknown Object (File)
Apr 12 2017, 6:38 AM
Unknown Object (File)
Apr 11 2017, 3:08 PM

Details

Summary

Proposed commit log:

security/letsencrypt.sh: Update to 2016-02-12

  - Update to 2016-02-16
  - Add options for ZSH

PR:		206976
Reviewed_by:	feld (mentor), koobs (mentor), sascha (maintainer)
Approved by:	(mentor)
Differential_Revision:	D5264
Test Plan
  • portlint -AC
  • poudriere testport (OK)

Diff Detail

Repository
rP FreeBSD ports repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

brnrd retitled this revision from to security/letsencrypt.sh: Update to 2016-02-12.
brnrd updated this object.
brnrd edited the test plan for this revision. (Show Details)
brnrd added reviewers: feld, koobs.
brnrd edited the test plan for this revision. (Show Details)

Mailed maintainer

On 2016-02-12 22:05, Bernard Spil wrote:

    Hi Sascha,

    I've created a review for security/letsencrypt.sh to work with ZSH in
    addition to BASH. Parts of my original patch were included upstream.

    Can you provide a maintainer-approval?

    Thanks!

    Bernard Spil
    https://wiki.freebsd.org/BernardSpil/LetsEncrypt


Sorry... Forgot to paste a link to the Phabricator Review

https://reviews.freebsd.org/D5264

Update periodic job

  • Allow running as a different user
  • Allow post-script for deployment

I've no objections to the proposed changes but I still have an update request open here:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206976

I'll close that in favour of this one but would ask you to incorporate two changes from the bug report:

  1. Add the hook.sh.example file to the install target and plist
  2. Add hook.sh.example and letsencrypts.sh itself to the SHEBANG_FILES list

The latter one might interfere with the zsh replacement as I haven't checked when exactly
SHEBANGFIX is run. This might need some testing.

pkg-message also needs an update to reflect the change from monthly_letsencrypt_enable to weekly_letsencrypt_enable.

This revision now requires changes to proceed.Feb 12 2016, 11:27 PM
brnrd edited edge metadata.
brnrd edited edge metadata.

Merge PR 206976

  • Add hooks.sh.example
  • Fix ZSH port-patch target

I've no objections to the proposed changes but I still have an update request open here:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206976

Sorry, hadn't noticed there was a PR already. Thanks for the additions, I think I've merged these in. All installed scripts have ZSH when that has been selected as an option.

sascha_root-login.org edited edge metadata.

Thanks for the additions! Please commit.

I couldn't find a maintainer-approved flag as i've never used phabricator before. If i need to set one please let me know how.

This revision is now accepted and ready to land.Feb 13 2016, 3:06 PM

I couldn't find a maintainer-approved flag as i've never used phabricator before. If i need to set one please let me know how.

Approval of the review is sufficient :D

do we think the change from monthly to weekly is going to affect any existing users?

The call in the periodic script does nothing if the configured max age of the certificates isn't reached.
So the only thing this changes for existing users is that they can be more granular with their age settings.
One could make a case to do this daily as the age is configured in days but i think a week is good enough.
If not this can be fixed with another update if enough users need this.

The only thing that gets called every time after this patch will be the new weekly_letsencrypt_deployscript, if set.
But as this is introduced with this patch it doesn't affect existing users.

feld edited edge metadata.

Users still have to update their /etc/periodic.conf to say "monthly" instead of "weekly" or it will just stop running, but since this is such a new port with hardly any users, I think it should be fine.

This revision was automatically updated to reflect the committed changes.

The periodic script is missing a "then" in the last if clause which results in a sytax error:

/usr/local/etc/periodic/weekly/000.letsencrypt.sh: 21: Syntax error: "fi" unexpected (expecting "then")

Fix:

  • 000.letsencrypt.sh.orig 2016-02-14 23:45:40.527800680 +0100

+++ 000.letsencrypt.sh 2016-02-14 23:42:32.160814076 +0100
@@ -17,6 +17,7 @@

        su -m "$weekly_letsencrypt_user" -c '/usr/local/bin/letsencrypt.sh -c'
fi
if [ -x "$weekly_letsencrypt_deployscript" ]

+ then

        $weekly_letsencrypt_deployscript
fi
 ;;
This revision is now accepted and ready to land.Feb 14 2016, 10:48 PM
This revision was automatically updated to reflect the committed changes.