security/dehydrated: Update to 0.7.1-6-g4fd777e

Also add another periodic file to run dehydrated more frequent than weekly because OSCP response file should be updated before expiry [1]. PR: 277409 Reported by: mfechner [1]
2024-11-18 00:10:04 +00:00 · 2024-03-06 13:04:02 +09:00 · 2024-03-06 13:04:02 +09:00 · 8b99252493
commit 8b99252493
parent bd06befd73
6 changed files with 69 additions and 11 deletions
--- a/security/dehydrated/Makefile
+++ b/security/dehydrated/Makefile
@ -1,8 +1,7 @@
 PORTNAME=	dehydrated
 DISTVERSIONPREFIX=	v
-DISTVERSION=	0.7.1-5
-PORTREVISION=	1
-DISTVERSIONSUFFIX=	-ge3ef43c
+DISTVERSION=	0.7.1-6
+DISTVERSIONSUFFIX=	-g4fd777e
 CATEGORIES=	security

 MAINTAINER=	meta@FreeBSD.org
@ -22,7 +21,7 @@ SHEBANG_FILES=	docs/examples/hook.sh dehydrated

 NO_ARCH=	yes
 NO_BUILD=	yes
-SUB_FILES=	000.dehydrated pkg-message
+SUB_FILES=	000.dehydrated.daily 000.dehydrated.weekly pkg-message
 SUB_LIST=	PORTNAME=${PORTNAME}

 OPTIONS_DEFINE=		DOCS
@ -35,8 +34,6 @@ ZSH_DESC=	Use the Z shell (ZSH)

 BASH_RUN_DEPENDS=	bash:shells/bash
 ZSH_RUN_DEPENDS=	zsh:shells/zsh
-PERIODIC_DIRS=		etc/periodic/weekly
-PERIODIC_FILES=		000.dehydrated

 post-patch:
 .	for f in docs/examples/config dehydrated
@ -50,13 +47,16 @@ post-patch-ZSH-on:
 .	endfor

 do-install:
-	@${MKDIR} ${STAGEDIR}${ETCDIR}/.acme-challenges ${STAGEDIR}${PREFIX}/${PERIODIC_DIRS}
+	@${MKDIR} ${STAGEDIR}${ETCDIR}/.acme-challenges \
+		${STAGEDIR}${PREFIX}/etc/periodic/daily \
+		${STAGEDIR}${PREFIX}/etc/periodic/weekly
 	${INSTALL_DATA} ${WRKSRC}/docs/examples/config ${STAGEDIR}${ETCDIR}/config.sample
 	${INSTALL_DATA} ${WRKSRC}/docs/examples/hook.sh ${STAGEDIR}${ETCDIR}/hook.sh.sample
 	${INSTALL_DATA} ${WRKSRC}/docs/examples/domains.txt ${STAGEDIR}${ETCDIR}/domains.txt.sample
 	${INSTALL_MAN} ${WRKSRC}/docs/man/dehydrated.1 ${STAGEDIR}${PREFIX}/share/man/man1
 	${INSTALL_SCRIPT} ${WRKSRC}/${PORTNAME} ${STAGEDIR}${PREFIX}/bin/${PORTNAME}
-	${INSTALL_SCRIPT} ${WRKDIR}/${PERIODIC_FILES} ${STAGEDIR}${PREFIX}/${PERIODIC_DIRS}/${PERIODIC_FILES}
+	${INSTALL_SCRIPT} ${WRKDIR}/000.dehydrated.daily ${STAGEDIR}${PREFIX}/etc/periodic/daily/000.dehydrated
+	${INSTALL_SCRIPT} ${WRKDIR}/000.dehydrated.weekly ${STAGEDIR}${PREFIX}/etc/periodic/weekly/000.dehydrated
 	@${MKDIR} ${STAGEDIR}${PREFIX}/www/dehydrated

 do-install-DOCS-on:
--- a/security/dehydrated/distinfo
+++ b/security/dehydrated/distinfo
@ -1,3 +1,3 @@
-TIMESTAMP = 1673905899
-SHA256 (dehydrated-io-dehydrated-v0.7.1-5-ge3ef43c_GH0.tar.gz) = 4e7f64963731141987d93fd4f8b09f74c012ee603f4cbe3d2107a3de046c9680
-SIZE (dehydrated-io-dehydrated-v0.7.1-5-ge3ef43c_GH0.tar.gz) = 120749
+TIMESTAMP = 1709697522
+SHA256 (dehydrated-io-dehydrated-v0.7.1-6-g4fd777e_GH0.tar.gz) = de412c89502df7beb08e20d2d6e6f2b9f314dc60e6a12d08f9e7712b80d569c6
+SIZE (dehydrated-io-dehydrated-v0.7.1-6-g4fd777e_GH0.tar.gz) = 120738
--- a/security/dehydrated/files/000.dehydrated.daily.in
+++ b/security/dehydrated/files/000.dehydrated.daily.in
@ -0,0 +1,46 @@
+#!/bin/sh
+
+if [ -r /etc/defaults/periodic.conf ]
+then
+    . /etc/defaults/periodic.conf
+    source_periodic_confs
+fi
+
+PATH=$PATH:%%LOCALBASE%%/bin:%%LOCALBASE%%/sbin
+export PATH
+
+case "$daily_letsencrypt_enable" in
+    [Yy][Ee][Ss])
+        : ${daily_dehydrated_enable:=$daily_letsencrypt_enable}
+        : ${daily_dehydrated_user:=$daily_letsencrypt_user}
+        : ${daily_dehydrated_flags:=$daily_letsencrypt_flags}
+        : ${daily_dehydrated_deployscript:=$daily_letsencrypt_deployscript}
+        ;;
+    *)
+        ;;
+esac
+
+case "$daily_dehydrated_enable" in
+    [Yy][Ee][Ss])
+	echo
+	echo "Checking Let's Encrypt certificate status:"
+
+	if [ -z "$daily_dehydrated_user" ]
+	then
+		%%PREFIX%%/bin/dehydrated -c $daily_dehydrated_flags
+	else
+		su -m "$daily_dehydrated_user" -c "%%PREFIX%%/bin/dehydrated -c $daily_dehydrated_flags"
+	fi
+
+	echo "Deploying Let's Encrypt certificates:"
+
+	if [ -x "$daily_dehydrated_deployscript" ]
+	then
+		$daily_dehydrated_deployscript
+	else
+		echo 'Skipped, deploy script not set or not executable.'
+	fi
+        ;;
+    *)
+        ;;
+esac
--- a/security/dehydrated/files/000.dehydrated.weekly.in
+++ b/security/dehydrated/files/000.dehydrated.weekly.in
--- a/security/dehydrated/files/pkg-message.in
+++ b/security/dehydrated/files/pkg-message.in
@ -21,6 +21,17 @@ weekly_dehydrated_deployscript="%%PREFIX%%/etc/%%PORTNAME%%/deploy.sh"

 Additional flags for the periodic run go into
 weekly_dehydrated_flags="-g"
+
+If weekly run is not frequent enough, such as when fetching OCSP
+response files (expires in 7 days), replace "weekly_" with "daily_"
+as follows to run dehydrated daily. Options are exactly same with
+weekly.
+
+daily_dehydrated_enable="YES"
+daily_dehydrated_user="_letsencrypt"
+daily_dehydrated_deployscript="%%PREFIX%%/etc/%%PORTNAME%%/deploy.sh"
+daily_dehydrated_flags="-g"
+
 EOM
 }
 ]
--- a/security/dehydrated/pkg-plist
+++ b/security/dehydrated/pkg-plist
@ -3,6 +3,7 @@ bin/dehydrated
@sample %%ETCDIR%%/config.sample
@sample %%ETCDIR%%/domains.txt.sample
@sample %%ETCDIR%%/hook.sh.sample
+etc/periodic/daily/000.dehydrated
 etc/periodic/weekly/000.dehydrated
 share/man/man1/dehydrated.1.gz
 %%PORTDOCS%%%%DOCSDIR%%/README.md