Page MenuHomeFreeBSD
Files F152652309

D25391.id73440.diff
No OneTemporary
Actions

D25391.id73440.diff
View Options

Index: security/py-certbot/Makefile
===================================================================
--- security/py-certbot/Makefile
+++ security/py-certbot/Makefile
@@ -3,6 +3,7 @@
PORTNAME= certbot
PORTVERSION= ${ACME_VERSION}
+PORTREVISION= 1
PORTEPOCH= 1
CATEGORIES= security python
MASTER_SITES= CHEESESHOP
@@ -33,8 +34,9 @@
USE_PYTHON= autoplist concurrent distutils
NO_ARCH= yes
-SUB_FILES= 500.certbot
-PLIST_FILES= etc/periodic/weekly/500.certbot
+SUB_FILES= 500.certbot pkg-message
+PLIST_FILES= etc/periodic/weekly/500.certbot-${PYTHON_VER}
+SUB_LIST= PYTHON_VER=${PYTHON_VER}
post-patch:
@${REINPLACE_CMD} -e 's|/usr/local|${LOCALBASE}|' \
@@ -44,7 +46,7 @@
post-install:
${MKDIR} ${STAGEDIR}${PREFIX}/etc/periodic/weekly
${INSTALL_SCRIPT} ${WRKDIR}/500.certbot \
- ${STAGEDIR}${PREFIX}/etc/periodic/weekly
+ ${STAGEDIR}${PREFIX}/etc/periodic/weekly/500.certbot-${PYTHON_VER}
do-test:
@cd ${WRKSRC} && ${PYTHON_CMD} ${PYDISTUTILS_SETUP} test
Index: security/py-certbot/files/500.certbot.in
===================================================================
--- security/py-certbot/files/500.certbot.in
+++ security/py-certbot/files/500.certbot.in
@@ -7,11 +7,23 @@
# Add the following lines to /etc/periodic.conf:
#
# weekly_certbot_enable (bool): Set to "NO" by default
-# weekly_certbot_service (str): If defined, certbot will try to
-# shutdown this this service before
-# renewing the certificate, and restart
-# it afterwards. For example, set to
-# "nginx" or "apache24"
+# weekly_certbot_service (str): If defined, certbot will try to shutdown this
+# service before renewing the certificate, and restart it afterwards.
+# For example, set to "nginx" or "apache24". This is usually used to avoid
+# conflict with the standalone plugin webserver.
+# If any of pre_hook or post_hook is set, this behavior is disabled.
+# weekly_certbot_pre_hook (str): Command to be run in a shell before obtaining
+# any certificates.
+# weekly_certbot_post_hook (str): Command to be run in a shell after
+# attempting to obtain/renew certificates.
+# An example to reload nginx after renewing all certificates.
+# weekly_certbot_post_hook="service nginx onereload"
+# weekly_certbot_deploy_hook (str): Command to be run in a shell once for each
+# successfully issued certificate.
+# weekly_certbot_custom_args (str): Any other misc arguments for the renewal
+# See certbot -h renew for full list
+# An example to force renewal for certificates not due yet
+# weekly_certbot_custom_args="--force-renewal"
# If there is a global system configuration file, suck it in.
#
@@ -28,23 +40,41 @@
PRE_HOOK=""
POST_HOOK=""
- if [ -n "$weekly_certbot_service" ]
+ DEPLOY_HOOK=""
+
+ if [ -n "$weekly_certbot_service" ] && \
+ [ -z "$weekly_certbot_pre_hook" ] && [ -z "$weekly_certbot_post_hook" ];
then
- if service "$weekly_certbot_service" onestatus
- then
- PRE_HOOK="service $weekly_certbot_service onestop"
- POST_HOOK="service $weekly_certbot_service onestart"
- fi
+ if service "$weekly_certbot_service" onestatus
+ then
+ PRE_HOOK="--pre-hook 'service $weekly_certbot_service onestop'"
+ POST_HOOK="--post-hook 'service $weekly_certbot_service onestart'"
+ fi
+ else
+ if [ -n "$weekly_certbot_pre_hook" ]; then
+ PRE_HOOK="--pre-hook '$weekly_certbot_pre_hook'"
+ fi
+
+ if [ -n "$weekly_certbot_post_hook" ]; then
+ POST_HOOK="--post-hook '$weekly_certbot_post_hook'"
+ fi
fi
+ if [ -n "$weekly_certbot_deploy_hook" ]; then
+ DEPLOY_HOOK="--deploy-hook '$weekly_certbot_deploy_hook'"
+ fi
+
anticongestion
- if %%LOCALBASE%%/bin/certbot renew --pre-hook "$PRE_HOOK" \
- --post-hook "$POST_HOOK" \
- --no-random-sleep-on-renew
+
+ eval %%LOCALBASE%%/bin/certbot-%%PYTHON_VER%% renew "$PRE_HOOK" "$POST_HOOK" \
+ "$DEPLOY_HOOK" "$weekly_certbot_custom_args" --no-random-sleep-on-renew
+ if [ $? -gt 0 ]
then
- rc=0
+ echo
+ echo "Errors were reported when renewing Let's Encrypt certificate(s)."
+ rc=3
else
- rc=1
+ rc=0
fi
;;
*) rc=0;;
Index: security/py-certbot/files/pkg-message.in
===================================================================
--- security/py-certbot/files/pkg-message.in
+++ security/py-certbot/files/pkg-message.in
@@ -29,6 +29,28 @@
/etc/periodic.conf:
weekly_certbot_enable="YES"
+
+More config details in the certbot periodic script:
+
+ %%LOCALBASE%%/etc/periodic/weekly/500.certbot-%%PYTHON_VER%%
+
+EOM
+}
+{
+ type: upgrade
+ maximum_version: "1.5.0_1,1"
+ message: <<EOM
+The certbot periodic script has new config options:
+
+ * weekly_certbot_pre_hook
+ * weekly_certbot_post_hook
+ * weekly_certbot_deploy_hook
+ * weekly_certbot_custom_args
+
+For config details, see the certbot periodic script:
+
+ %%LOCALBASE%%/etc/periodic/weekly/500.certbot-%%PYTHON_VER%%
+
EOM
}
]
Index: security/py-certbot/pkg-message
===================================================================
--- security/py-certbot/pkg-message
+++ security/py-certbot/pkg-message
@@ -1,34 +0,0 @@
-[
-{ type: install
- message: <<EOM
-This port installs the "standalone" client only, which does not use and
-is not the certbot-auto bootstrap/wrapper script.
-
-The simplest form of usage to obtain certificates is:
-
- # sudo certbot certonly --standalone -d <domain>, [domain2, ... domainN]>
-
-NOTE:
-
-The client requires the ability to bind on TCP port 80 or 443 (depending
-on the --preferred-challenges option used). If a server is running on that
-port, it will need to be temporarily stopped so that the standalone server
-can listen on that port to complete the challenge authentication process.
-
-For more information on the 'standalone' mode, see:
-
- https://certbot.eff.org/docs/using.html#standalone
-
-The certbot plugins to support apache and nginx certificate installation
-will be made available in the following ports:
-
- * Apache plugin: security/py-certbot-apache
- * Nginx plugin: security/py-certbot-nginx
-
-In order to automatically renew the certificates, add this line to
-/etc/periodic.conf:
-
- weekly_certbot_enable="YES"
-EOM
-}
-]

File Metadata

Mime Type
text/plain
Expires
Fri, Apr 17, 7:14 AM (2 m, 11 s)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
31646155
Default Alt Text
D25391.id73440.diff (6 KB)

Event Timeline