security/step-certificates: Update to version 0.26.0

* Add configure target to rc script * Adjusted pkg-message * Pet portclippy PR: 278035
freebsd · Mar 30, 2024 · 2a67a2f · 2a67a2f
1 parent 8cecd9f
commit 2a67a2f
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 17 deletions.
diff --git a/security/step-certificates/Makefile b/security/step-certificates/Makefile
@@ -1,7 +1,6 @@
 PORTNAME=	step-certificates
 DISTVERSIONPREFIX=	v
-DISTVERSION=	0.25.2
-PORTREVISION=	2
+DISTVERSION=	0.26.0
 CATEGORIES=	security
 
 MAINTAINER=	mw@wipp.bayern
@@ -17,10 +16,10 @@ RUN_DEPENDS=	step:security/step-cli
 
 USES=		go:modules
 
-GO_MODULE=	github.com/smallstep/certificates
-
 USE_RC_SUBR=	step-ca
 
+GO_MODULE=	github.com/smallstep/certificates
+
 GO_TARGET=	./cmd/step-ca:${PREFIX}/sbin/step-ca
 
 GO_BUILDFLAGS=	-ldflags "-w -X main.Version=${PORTVERSION}"

diff --git a/security/step-certificates/distinfo b/security/step-certificates/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1701460797
-SHA256 (go/security_step-certificates/step-certificates-v0.25.2/v0.25.2.mod) = 7b8d9e8b5f35b5467da9bb0b5cb2997217cb6343cf4c707ab76566501d374cfb
-SIZE (go/security_step-certificates/step-certificates-v0.25.2/v0.25.2.mod) = 6667
-SHA256 (go/security_step-certificates/step-certificates-v0.25.2/v0.25.2.zip) = 9bdffcb28b1ec1a03f8f1d3f49fde9ffb77e1e46d904b88bacecaea8adcb9764
-SIZE (go/security_step-certificates/step-certificates-v0.25.2/v0.25.2.zip) = 1049591
+TIMESTAMP = 1711731230
+SHA256 (go/security_step-certificates/step-certificates-v0.26.0/v0.26.0.mod) = 8c6fa479a3353e3388f2d2b22eae55f02fec0c627449eebd547aaf6b3dd6116a
+SIZE (go/security_step-certificates/step-certificates-v0.26.0/v0.26.0.mod) = 8136
+SHA256 (go/security_step-certificates/step-certificates-v0.26.0/v0.26.0.zip) = a630dbbff154f0fb75ae9ced250df488becf2592d1840c44425d06ead197a161
+SIZE (go/security_step-certificates/step-certificates-v0.26.0/v0.26.0.zip) = 1069995
diff --git a/security/step-certificates/files/step-ca.in b/security/step-certificates/files/step-ca.in
@@ -49,19 +49,54 @@ command_args="-S -c \
 start_precmd=step_ca_startprecmd
 start_postcmd=step_ca_postcmd
 
+extra_commands="configure"
+configure_cmd="step_ca_configure"
+
 step_ca_startprecmd()
 {
         if [ ! -e ${pidfile} ]; then
                 install -o ${step_ca_user} -g ${step_ca_group} /dev/null ${pidfile};
         fi
 
+	if [ ! -e ${step_ca_steppath} ]; then
+		echo "No configured Step CA found."
+		echo "Please run service step-ca configure"
+		exit 1
+	else
+		export STEPPATH=${step_ca_steppath}
+	fi
+
+	if [ ! -e ${step_ca_password} ]; then
+		echo "Step CA Password file for auto-start not found"
+		echo "Please run service step-ca configure"
+		exit 1
+	fi
+
+	if [ -e ${step_ca_steppath}/config/ca.json ]; then
+		configured_port=$(sed -n -e '/"address"/ s/.*:\(.*\)".*/\1/p' ${step_ca_steppath}/config/ca.json)
+		if [ ${configured_port} -lt 1024 ]; then
+			echo "Privileged Port (${configured_port}) configured: cannot run as ${step_ca_user}"
+			exit 1
+		fi
+	fi
+}
+
+step_ca_postcmd() {
+	sleep 2
+	run_rc_command status
+}
+
+step_ca_configure() {
 	if [ ! -e ${step_ca_steppath} ]; then
 		echo "No configured Step CA found."
 		echo "Creating new one...."
+		install -m 600 -o ${step_ca_user} -g ${step_ca_group} /dev/null ${step_ca_steppath}
 		export STEPPATH=${step_ca_steppath}
 		%%PREFIX%%/bin/step ca init --ssh
-		chown -R ${step_ca_user}:${step_ca_group} ${step_ca_steppath}
+		chown -R ${step_ca_user}:${step_ca_group} ${step_ca_stepdir}
 	else
+		echo "Configured Step CA found at ${step_ca_steppath}."
+		echo "Please remove the directory and its contents manually if you really want to reconfigure."
 		export STEPPATH=${step_ca_steppath}
 	fi
 
@@ -72,6 +107,9 @@ step_ca_startprecmd()
 		echo "Please enter the Step CA Password:"
 		stty -echo; read passwd; stty echo; echo
 		echo $passwd > ${step_ca_password}
+	else
+		echo "Configured Step CA password file found at ${step_ca_password}."
+		echo "Please remove the file manually if you really want to reconfigure."
 	fi
 
 	if [ -e ${step_ca_steppath}/config/ca.json ]; then
@@ -82,9 +120,4 @@ step_ca_startprecmd()
 	fi
 }
 
-step_ca_postcmd() {
-	sleep 2
-	run_rc_command status
-}
-
 run_rc_command "$1"
diff --git a/security/step-certificates/pkg-message b/security/step-certificates/pkg-message
@@ -4,10 +4,11 @@
 ================================================================================
 Step Certificates requires additional configuration:
 
-The simple way is via the service start script step_ca. 
+The simple way is via the service start script step_ca with:
+service step_ca configure
 When there is no configuration it will be created. User input is required!!!
 
-The hard way would be via the step command.
+The hard way would be manually via the step command.
 
 Ensure to set the STEPPATH environment variable. This makes using the
 commands much simpler.