security/p5-openxpki{-i18n}: Update to 3.24.2

- Update two ports sharing the same distribution to 3.24.2
- Add a new file: files/patch-Makefile.PL
- Fix build for openssl 3+
- Fix pkg-plist to make portlint happy
- Fix pkg-message about MariaDB and about new OpenSSL versions

ChangeLog: openxpki/openxpki@v3.22.1...v3.24.2

PR:		272248

security/p5-openxpki-i18n/Makefile

@@ -1,6 +1,6 @@
 PORTNAME=	openxpki
 DISTVERSIONPREFIX=	v
-DISTVERSION=	3.24.1
+DISTVERSION=	3.24.2
 CATEGORIES=	security perl5
 PKGNAMEPREFIX=	p5-
 PKGNAMESUFFIX=	-i18n

security/p5-openxpki-i18n/distinfo

@@ -1,3 +1,3 @@
-TIMESTAMP = 1675078305
-SHA256 (openxpki-openxpki-v3.24.1_GH0.tar.gz) = 70ca49bb8cf4e7ae71362227fd397adfade2462b045331911e72320888872ea1
-SIZE (openxpki-openxpki-v3.24.1_GH0.tar.gz) = 34969532
+TIMESTAMP = 1687880023
+SHA256 (openxpki-openxpki-v3.24.2_GH0.tar.gz) = b7528d3dde96c33c56a5e99a44fb2896190625bf9abc9a8597d25ceabbba8531
+SIZE (openxpki-openxpki-v3.24.2_GH0.tar.gz) = 34969529

security/p5-openxpki/Makefile

@@ -1,6 +1,6 @@
 PORTNAME=	openxpki
 DISTVERSIONPREFIX=	v
-DISTVERSION=	3.24.1
+DISTVERSION=	3.24.2
 CATEGORIES=	security perl5
 PKGNAMEPREFIX=	p5-
 
@@ -11,9 +11,6 @@ WWW=		https://www.openxpki.org/
 LICENSE=	APACHE20
 LICENSE_FILE=	${WRKSRC}/LICENSE
 
-BROKEN_SSL=	openssl30 openssl31
-BROKEN_SSL_REASON=	Fails to detect OpenSSL 3.0.0 and later
-
 MY_DEPENDS=	bash:shells/bash \
 		p5-Archive-Zip>=0:archivers/p5-Archive-Zip \
 		p5-Cache-LRU>=0:devel/p5-Cache-LRU \
@@ -42,6 +39,7 @@ MY_DEPENDS=	bash:shells/bash \
 		p5-Data-UUID>=0:devel/p5-Data-UUID \
 		p5-DateTime-Format-DateParse>=0.04:devel/p5-DateTime-Format-DateParse \
 		p5-DBD-Mock>=1.45:databases/p5-DBD-Mock \
+		p5-DBD-SQLite>=1.52:databases/p5-DBD-SQLite \
 		p5-DBIx-Handler>=0.14:databases/p5-DBIx-Handler \
 		p5-Devel-NYTProf>=0:devel/p5-Devel-NYTProf \
 		p5-Feature-Compat-Try>=0.05:devel/p5-Feature-Compat-Try \
@@ -78,6 +76,8 @@ MY_DEPENDS=	bash:shells/bash \
 		p5-Switch>=0:lang/p5-Switch \
 		p5-Sys-SigAction>=0.06:devel/p5-Sys-SigAction \
 		p5-Template-Toolkit>=2.15:www/p5-Template-Toolkit \
+		p5-Test-Pod-Coverage>=1.00:devel/p5-Test-Pod-Coverage \
+		p5-Test-Pod>=1.00:devel/p5-Test-Pod \
 		p5-Text-CSV_XS>=0.23:textproc/p5-Text-CSV_XS \
 		p5-TimeDate>=0:devel/p5-TimeDate \
 		p5-Workflow>=1.60:devel/p5-Workflow \
@@ -86,10 +86,7 @@ MY_DEPENDS=	bash:shells/bash \
 		p5-XML-Validator-Schema>=0:textproc/p5-XML-Validator-Schema
 BUILD_DEPENDS=	${MY_DEPENDS}
 RUN_DEPENDS=	${MY_DEPENDS}
-TEST_DEPENDS=	p5-DBD-SQLite>=1.52:databases/p5-DBD-SQLite \
-		p5-Test-Pod-Coverage>=1.00:devel/p5-Test-Pod-Coverage \
-		p5-Test-Pod>=1.00:devel/p5-Test-Pod \
-		p5-Test-Prereq>=0:devel/p5-Test-Prereq
+TEST_DEPENDS=	p5-Test-Prereq>=0:devel/p5-Test-Prereq
 
 USES=		gmake perl5 shebangfix ssl
 USE_GITHUB=	yes
@@ -99,58 +96,61 @@ _conf_VERSION=	${DISTVERSION:R}
 
 USE_PERL5=	configure
 USE_RC_SUBR=	openxpki
-SHEBANG_FILES=	bin/*
-SHEBANG_GLOB=	*.fcgi *.pl *.pm *.t*
+SHEBANG_FILES=	../../*
 
 NO_ARCH=	yes
-# stay with stable versions only:
-PORTSCOUT=	limitw:1,even
+PORTSCOUT=	limitw:1,even # stay with stable versions only
 SUB_FILES=	pkg-message
 
 WRKSRC_SUBDIR=	core/server/
 
 USERS=		openxpki
 GROUPS=		openxpki
 
-PORTDOCS=	*
-PORTEXAMPLES=	*
 OPTIONS_DEFINE=	DOCS EXAMPLES GRAPHVIZ
 
 GRAPHVIZ_DESC=		With graphical visualization of workflows?
 GRAPHVIZ_RUN_DEPENDS=	dot:graphics/graphviz \
 			imgsize:graphics/p5-Image-Size
 
 post-extract:
-	@${MV} ${WRKSRC_conf}/* ${WRKSRC}/../../config/
+	@${MKDIR} ${WRKSRC}/config
+	@${MV} ${WRKSRC_conf}/* ${WRKSRC}/config/
 
 post-patch:
 	@${REINPLACE_CMD} -e 's|..ENV{PERL} .vergen --format version.|"${PORTVERSION}"|g' ${WRKSRC}/Makefile.PL
 	@${REINPLACE_CMD} -e 's|..vergen --format version.|"${PORTVERSION}"|g' ${WRKSRC}/Makefile.PL
+	@${REINPLACE_CMD} -e 's|OPENSSLINC|${OPENSSLINC}|g' ${WRKSRC}/Makefile.PL
+	@${REINPLACE_CMD} -e 's|OPENSSLLIB|${OPENSSLLIB}|g' ${WRKSRC}/Makefile.PL
+	@${REINPLACE_CMD} -e 's|OPENSSLBINARY|${OPENSSLBASE}/bin/openssl|g' ${WRKSRC}/Makefile.PL
 	@( \
 	cd ${WRKSRC}/../..; \
 	${ECHO} "Patching dir names..."; \
-	${GREP} -RIFl -e "/etc/openxpki" config core/server doc qatest tools >filelist; \
+	${GREP} -RIFl -e "/etc/openxpki" core/server doc qatest tools >filelist; \
 	${CAT} filelist | ${XARGS} -I % ${REINPLACE_CMD} -e 's|/etc/openxpki|${PREFIX}/etc/openxpki|g' "%"; \
 	${CAT} filelist | ${XARGS} -I % ${RM} "%.bak"; \
-	${GREP} -RIFl -e "/run/openxpkid.pid" config core/server doc qatest tools >filelist; \
-	${CAT} filelist | ${XARGS} -I % ${REINPLACE_CMD} -e 's|/var/run/openxpkid.pid|/var/openxpki/openxpkid.pid|g' "%"; \
+	${GREP} -RIFl -e "/run/openxpkid.pid" core/server doc qatest tools >filelist; \
+	${CAT} filelist | ${XARGS} -I % ${REINPLACE_CMD} -e 's|/run/openxpkid.pid|/var/openxpki/openxpkid.pid|g' "%"; \
+	${CAT} filelist | ${XARGS} -I % ${RM} "%.bak"; \
+	${GREP} -RIFl -e "www-data" core/server doc qatest tools >filelist; \
+	${CAT} filelist | ${XARGS} -I % ${REINPLACE_CMD} -e 's|www-data|www|g' "%"; \
 	${CAT} filelist | ${XARGS} -I % ${RM} "%.bak"; \
 	${RM} filelist; \
 	)
+	@${FIND} ${WRKSRC} -name "*.orig" -delete
 	@${MKDIR} ${WRKSRC}/t/var/log/openxpki
 
 post-install:
 	@${MKDIR} ${STAGEDIR}/var/openxpki/session
 	@${MKDIR} ${STAGEDIR}/var/log/openxpki
-	@${MKDIR} ${STAGEDIR}${PREFIX}/etc/openxpki
+	@${MKDIR} ${STAGEDIR}${PREFIX}/etc/openxpki/local/keys
 
 post-install-DOCS-on:
 	${MKDIR} ${STAGEDIR}${DOCSDIR}
 	(cd ${WRKSRC}/../../doc && ${COPYTREE_SHARE} . ${STAGEDIR}${DOCSDIR})
 
 post-install-EXAMPLES-on:
 	${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
-	(cd ${WRKSRC}/../.. && ${COPYTREE_SHARE} config ${STAGEDIR}${EXAMPLESDIR})
-	(cd ${WRKSRC} && ${COPYTREE_SHARE} "htdocs cgi-bin" ${STAGEDIR}${EXAMPLESDIR})
+	(cd ${WRKSRC} && ${COPYTREE_SHARE} "config htdocs cgi-bin" ${STAGEDIR}${EXAMPLESDIR} "! -name *\.orig")
 
 .include <bsd.port.mk>

security/p5-openxpki/distinfo

@@ -1,5 +1,5 @@
-TIMESTAMP = 1675078273
-SHA256 (openxpki-openxpki-v3.24.1_GH0.tar.gz) = 70ca49bb8cf4e7ae71362227fd397adfade2462b045331911e72320888872ea1
-SIZE (openxpki-openxpki-v3.24.1_GH0.tar.gz) = 34969532
+TIMESTAMP = 1677275136
+SHA256 (openxpki-openxpki-v3.24.2_GH0.tar.gz) = b7528d3dde96c33c56a5e99a44fb2896190625bf9abc9a8597d25ceabbba8531
+SIZE (openxpki-openxpki-v3.24.2_GH0.tar.gz) = 34969529
 SHA256 (openxpki-openxpki-config-v3.24_GH0.tar.gz) = 677adc87fa8ccbf85ca7c0b42b61c3a628acc18fa57d091df9bfaf5a3ee86704
 SIZE (openxpki-openxpki-config-v3.24_GH0.tar.gz) = 153657

security/p5-openxpki/files/openxpki.in

@@ -10,7 +10,7 @@
 # openxpki_enable="YES"
 # to ensure that openxpki starts at boot time.
 # Define and edit this variable in file /etc/rc.conf:
-# openxpki_conf="%%PREFIX%%/etc/openxpki/config.git"
+# openxpki_conf="%%PREFIX%%/etc/openxpki/config.d"
 # if your configuration is in different place.
 #
 # DO NOT CHANGE THESE DEFAULT VALUES HERE

security/p5-openxpki/files/patch-Makefile.PL

@@ -0,0 +1,126 @@
+--- Makefile.PL.orig	2023-06-21 23:40:24 UTC
++++ Makefile.PL
+@@ -9,59 +9,11 @@ my $vergen = '../../tools/vergen';
+
+ ###########################################################################
+ # determine OpenSSL version
+-## first we have to find a working OpenSSL
+
+-# OPENSSL_LIB
+-# OPENSSL_INC
+-# OPENSSL_PREFIX set
+-# /usr/local/ssl
+-# /usr/local
+-# /usr
+-# /
+-# ...
++my $openssl_inc_dir = "OPENSSLINC";
++my $openssl_lib_dir = "OPENSSLLIB";
++my $openssl_binary =  "OPENSSLBINARY";
+
+-my $openssl_inc_dir = '';
+-my $openssl_lib_dir = '';
+-my $openssl_binary  = '';
+-
+-my @paths = qw( /usr/local/ssl
+-                /opt/local/ssl
+-                /usr/local
+-                /opt/local
+-                /usr
+-                /opt
+-              );
+-
+-unshift @paths, $ENV{OPENSSL_PREFIX}
+-    if (exists $ENV{OPENSSL_PREFIX} and $ENV{OPENSSL_PREFIX} ne '');
+-
+-my $tmp_ver;
+-
+-foreach my $path (@paths) {
+-    my $tmp_inc = File::Spec->catfile($path, 'include');
+-    $tmp_ver = File::Spec->catfile($tmp_inc, 'openssl', 'opensslv.h');
+-    my $tmp_lib = File::Spec->catfile($path, 'lib');
+-    my $tmp_bin = File::Spec->catfile($path, 'bin', 'openssl');
+-
+-    if (-d $tmp_inc &&
+-        -d $tmp_lib &&
+-        -r $tmp_ver &&
+-        -r $tmp_bin && -x $tmp_bin) {
+-        $openssl_inc_dir = $tmp_inc;
+-        $openssl_lib_dir = $tmp_lib;
+-        $openssl_binary  = $tmp_bin;
+-        last;
+-    }
+-}
+-
+-# accept settings from OPENSSL_INC and OPENSSL_LIB if BOTH exist
+-if (exists $ENV{OPENSSL_INC} && $ENV{OPENSSL_INC} != "" &&
+-    exists $ENV{OPENSSL_LIB} && $ENV{OPENSSL_LIB} != ""
+-) {
+-    $openssl_inc_dir = $ENV{OPENSSL_INC};
+-    $openssl_lib_dir = $ENV{OPENSSL_LIB};
+-}
+-
+ die "Could not find usable OpenSSL installation. Stopped"
+     unless defined $openssl_inc_dir;
+
+@@ -72,60 +24,10 @@ print STDERR "OpenSSL library: $openssl_lib_dir\n";
+ print STDERR "OpenSSL headers: $openssl_inc_dir\n";
+ print STDERR "OpenSSL binary:  $openssl_binary\n";
+
+-# ask the binary for it's version
+-# openssl version should produce output like this:
+-# OpenSSL 0.9.7l 28 Sep 2006
+-# OpenSSL 1.0.0a 1 Jun 2010
+-my $openssl_version_string = `$openssl_binary version`;
+-my ($openssl_version_major, $openssl_version_minor, $openssl_version_fix, $openssl_version_patch, $openssl_version_flavour);
+-if ($openssl_version_string =~ m/\s*OpenSSL\s+(\d+)\.(\d+)\.(\d+)([a-zA-Z]+)/i) {
+-    # OpenSSL 0.9
+-    $openssl_version_flavour = 'OpenSSL';
+-    $openssl_version_major = $1;
+-    $openssl_version_minor = $2;
+-    $openssl_version_fix   = $3;
+-    $openssl_version_patch = $4;
+-    print "$openssl_version_flavour version: major=$openssl_version_major, minor=$openssl_version_minor, fix=$openssl_version_fix, patch=$openssl_version_patch\n";
+-
+-} elsif ($openssl_version_string =~ m/\s*(OpenSSL|LibreSSL)\s+(\d+)\.(\d+)\.(\d+)\s+/) {
+-    # OpenSSL 1.0
+-    $openssl_version_flavour = $1;
+-    $openssl_version_major = $2;
+-    $openssl_version_minor = $3;
+-    $openssl_version_fix   = $4;
+-    print "OpenSSL version: major=$openssl_version_major, minor=$openssl_version_minor, fix=$openssl_version_fix\n";
+-} else {
+-    print "Problem: malformed openssl version string!\n";
+-    print STDERR "Consider setting OPENSSL_PREFIX correctly.\n\n";
+-    exit 1;
+-}
+-
+-# Warn on old openssl - should work but lacks support for some features
+-if ($openssl_version_major == 0 &&
+-    $openssl_version_minor == 9 &&
+-    $openssl_version_fix   == 8
+-) {
+-    print STDERR "Warning: openssl 0.9.8 found - this will work but lacks some features, e.g. server side key generation!";
+-
+-} elsif ( $openssl_version_flavour =~ m/LibreSSL/i ) {
+-    print STDERR "Warning: LibreSSL found, support for LibreSSL is experimental!";
+-
+-} elsif (not
+-    ($openssl_version_flavour =~ m/OpenSSL/i &&
+-     $openssl_version_major == 1 &&
+-     (($openssl_version_minor == 0) || ($openssl_version_minor == 1) ))
+-) {
+-    print STDERR "\n";
+-    print STDERR "ERROR: OpenSSL 0.9.8, 1.0 or 1.1 is required.\n";
+-    print STDERR "Consider setting OPENSSL_PREFIX correctly.\n\n";
+-    exit 1;
+-}
+-
+ # make OpenSSL binary location available to tests
+ open my $fh, ">", File::Spec->catfile("t", "cfg.binary.openssl");
+ print $fh $openssl_binary;
+ close $fh;
+-
+
+ ###########################################################################
+ # determine OpenXPKI version

security/p5-openxpki/files/pkg-message.in

@@ -2,13 +2,21 @@
 { type: install
   message: <<EOM
 - Universal server building block (OpenXPKI) for arbitrary PKI: installed.
-- SCEP prerequisite binary and i18n tools for UI: installed.
+- i18n tools for UI: installed.
 - Enable utf8 locale (e.g. en_US.utf8) for the translation staff to operate
   (translation is needed even for English language).
-- Install your favorite database (enable utf8 support),
-  e.g. databases/mysql56-server
-- Install perl interface for your favorite database,
-  e.g. databases/p5-DBD-mysql
+- Using database
+  = Install your favorite database (enable utf8 support), e.g.
+    databases/postgresql15-server 
+    and perl interface for it, e.g. databases/p5-DBD-Pg
+  = Examples, demos and tutorials of OpenXPKI traditionally use MariaDB 
+    database. But its use with OpenXPKI on FreeBSD is a bit tricky:
+      - Install e.g. databases/mariadb106-server
+      - Add value mysql to file /etc/make.conf like this:
+        DEFAULT_VERSIONS+= mysql=10.6m
+      - cd /usr/ports/databases/p5-DBD-mysql && make reinstall
+        Note that installing of databases/p5-DBD-MariaDB here may hinder
+        operation of your OpeXPKI setup. 
 - Install your favorite web server.
   Copy FastCGI scripts from %%EXAMPLESDIR%%/cgi-bin to the location
   where your web server can use them. Set executable permissions for them.
@@ -18,13 +26,17 @@
 - If you want your server to act just as the simplest CA,
   then the basic deployment procedure is all you need:
   copy sample configuration for this case with
-    cp -R %%EXAMPLESDIR%%/config/openxpki/* %%PREFIX%%/etc/openxpki/
+    cp -pR %%EXAMPLESDIR%%/config/* %%PREFIX%%/etc/openxpki/
   and follow advice at:
   https://openxpki.readthedocs.org/en/latest/quickstart.html
   Without this deployment procedure OpenXPKI server would not start.
 - If you want more complex role for your server inside the PKI infrastructure,
-  then you need to perform further deployment procedure for your server atop
+  then perform further deployment procedure for your server atop
   the basic deployment.
+- Oversimplified example scripts and configs are provided herewith for 
+  illustration only, and not for production use. All features of OpenXPI in 
+  production should be acquired by setting up an appropriate server with 
+  needed deployment procedure.  
 - This port has created user:group as openxpki:openxpki, which owns
   the OpenXPKI server.
 - After first fresh installation, create empty log files as follows
@@ -38,20 +50,33 @@ install -m 660 -o www -g www /dev/null /var/log/openxpki/soap.log
 - It is essential that www and openpki are two different users in your system.
 
 - Start daemons in this order:
-    database server,
-    OpenXPKI server (%%PREFIX%%/etc/rc.d/openxpki start),
-    web server.
+    1) database server,
+    2) OpenXPKI server (%%PREFIX%%/etc/rc.d/openxpki start),
+    3) web server.
 - Docs installed (if you opted so) into %%DOCSDIR%%
 - Mind FreeBSD specific file structure:
     %%PREFIX%%/etc/openxpki: server configuration, logs configuration.
     /var/openxpki: pid file, socket file, ...
     /var/openxpki/session: session files.
     /var/log/openxpki: server log files.
     /var/tmp: temporary directory.
-- OpenXPKI has not been fully tested with LibreSSL,
-  report your LibreSSL story to the list
-  https://sourceforge.net/p/openxpki/mailman/
-  or use OpenSSL instead.
+- Use of openssl/libressl
+  = This package comes (from FreeBSD build cluster) bound with 
+  openssl from base system, cf: /usr/ports/Mk/Uses/ssl.mk
+  If you want to use openssl or libressl from ports instead, then:
+    1) add the name of respective port 
+       (openssl, openssl30, openssl31, libressl, libressl-devel...)
+       to /etc/make.conf file e.g. like this:
+       DEFAULT_VERSIONS+= ssl=openssl31
+    2) install security/openssl31
+    3) cd /usr/ports/security/p5-openxpki && make reinstall
+       you do not need to rebuild dependencies, installed from packages.
+  = Using versions OpenSSL 1.0 or less can restrict features of the OpenXPI.
+  = OpenXPKI builds just fine with any available versions of OpenSSL or 
+    LibreSSL. But its operation with LibreSSL, or with OpenSSL 3+ has not
+    been fully tested. Report your respective story to the list
+      https://sourceforge.net/p/openxpki/mailman/
+    or use OpenSSL 1.1.1 instead.
 EOM
 }
 { type: upgrade