From owner-svn-ports-head@freebsd.org Mon Sep 9 19:50:43 2019 Return-Path: Delivered-To: svn-ports-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5615FDE14E; Mon, 9 Sep 2019 19:50:43 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46RzKv1hJTz4X9x; Mon, 9 Sep 2019 19:50:43 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 1D4B41A9B9; Mon, 9 Sep 2019 19:50:43 +0000 (UTC) (envelope-from asomers@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x89Joh2E066397; Mon, 9 Sep 2019 19:50:43 GMT (envelope-from asomers@FreeBSD.org) Received: (from asomers@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x89JogYe066394; Mon, 9 Sep 2019 19:50:42 GMT (envelope-from asomers@FreeBSD.org) Message-Id: <201909091950.x89JogYe066394@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: asomers set sender to asomers@FreeBSD.org using -f From: Alan Somers Date: Mon, 9 Sep 2019 19:50:42 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r511693 - in head/security/py-certbot: . files X-SVN-Group: ports-head X-SVN-Commit-Author: asomers X-SVN-Commit-Paths: in head/security/py-certbot: . files X-SVN-Commit-Revision: 511693 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Sep 2019 19:50:43 -0000 Author: asomers (src committer) Date: Mon Sep 9 19:50:42 2019 New Revision: 511693 URL: https://svnweb.freebsd.org/changeset/ports/511693 Log: security/py-certbot: Add periodic script for renewing certificates PR: 221043 Submitted by: Dmitry Marakasov, asomers, Yasuhiro KIMURA Approved by: koobs (maintainer timeout) Added: head/security/py-certbot/files/500.certbot.in (contents, props changed) Modified: head/security/py-certbot/Makefile head/security/py-certbot/pkg-message Modified: head/security/py-certbot/Makefile ============================================================================== --- head/security/py-certbot/Makefile Mon Sep 9 19:34:59 2019 (r511692) +++ head/security/py-certbot/Makefile Mon Sep 9 19:50:42 2019 (r511693) @@ -3,6 +3,7 @@ PORTNAME= certbot PORTVERSION= ${ACME_VERSION} +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= security python MASTER_SITES= CHEESESHOP @@ -34,9 +35,16 @@ USES= python USE_PYTHON= autoplist concurrent distutils NO_ARCH= yes +SUB_FILES= 500.certbot +PLIST_FILES= etc/periodic/weekly/500.certbot post-patch: @${REINPLACE_CMD} -e 's|/usr/local|${LOCALBASE}|' ${WRKSRC}/certbot/compat/misc.py + +post-install: + ${MKDIR} ${STAGEDIR}${PREFIX}/etc/periodic/weekly + ${INSTALL_SCRIPT} ${WRKDIR}/500.certbot \ + ${STAGEDIR}${PREFIX}/etc/periodic/weekly do-test: @cd ${WRKSRC} && ${PYTHON_CMD} ${PYDISTUTILS_SETUP} test Added: head/security/py-certbot/files/500.certbot.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/py-certbot/files/500.certbot.in Mon Sep 9 19:50:42 2019 (r511693) @@ -0,0 +1,53 @@ +#!/bin/sh +# +# $FreeBSD$ +# +# Automatically renew Let's Encrypt certificates each week +# +# Add the following lines to /etc/periodic.conf: +# +# weekly_certbot_enable (bool): Set to "NO" by default +# weekly_certbot_service (str): If defined, certbot will try to +# shutdown this this service before +# renewing the certificate, and restart +# it afterwards. For example, set to +# "nginx" or "apache24" + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$weekly_certbot_enable" in + [Yy][Ee][Ss]) + echo + echo "Renewing Let's Encrypt certificates:" + + PRE_HOOK="" + POST_HOOK="" + if [ -n "$weekly_certbot_service" ] + then + if service "$weekly_certbot_service" onestatus + then + PRE_HOOK="service $weekly_certbot_service onestop" + POST_HOOK="service $weekly_certbot_service onestart" + fi + fi + + anticongestion + if %%LOCALBASE%%/bin/certbot renew --pre-hook "$PRE_HOOK" \ + --post-hook "$POST_HOOK" \ + --no-random-sleep-on-renew + then + rc=0 + else + rc=1 + fi + ;; + *) rc=0;; +esac + +exit $rc Modified: head/security/py-certbot/pkg-message ============================================================================== --- head/security/py-certbot/pkg-message Mon Sep 9 19:34:59 2019 (r511692) +++ head/security/py-certbot/pkg-message Mon Sep 9 19:50:42 2019 (r511693) @@ -24,6 +24,11 @@ will be made available in the following ports: * Apache plugin: security/py-certbot-apache * Nginx plugin: security/py-certbot-nginx + +In order to automatically renew the certificates, add this line to +/etc/periodic.conf: + + weekly_certbot_enable="YES" EOM } ]