-
Notifications
You must be signed in to change notification settings - Fork 1.3k
/
Portfile
89 lines (75 loc) · 3.52 KB
/
Portfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
PortSystem 1.0
PortGroup makefile 1.0
name danectl
version 0.8.4
revision 0
categories security
license GPL-2+
maintainers {raf.org:raf @macportsraf} openmaintainer
description DNSSEC DANE implementation manager
long_description {*}${description}. \
\n\nDANE is \"DNS-based Authentication of Named Entities\". \
It means securely letting the world know in advance what \
your public encryption keys are by publishing them as \
DNS records (TLSA, SSHFP, OPENPGPKEY, SMIMEA) in your \
DNSSEC-enabled internet domain zone. This is the simplest \
and most secure way to let the world know what keys to \
expect when connecting to your servers. This can apply to \
TLS keys, SSH host keys, and OpenPGP and S/MIME keys. \
This makes it possible to prevent impersonation or \
man-in-the-middle attacks. It's mostly used with mail \
servers. Eventually, it could render certificate \
authorities unnecessary. DNSSEC has become very easy.
depends_lib port:libidn2
supported_archs noarch
platforms any
default_variants +tlsa +sshfp +openpgpkey +smimea
variant tlsa description {Add TLSA support for TLS servers} {
depends_run-append \
port:certbot \
port:openssl \
port:coreutils
}
variant sshfp description {Add SSHFP support for ssh servers} {
depends_run-append \
port:openssh
}
variant openpgpkey description {Add OPENPGPKEY support for GnuPG keys} {
depends_run-append \
port:gnupg2
}
variant smimea description {Add SMIMEA support for S/MIME keys} {
# Suppress a port lint warning about port:openssl appearing twice
if {![variant_isset tlsa]} {
depends_run-append \
port:openssl
}
}
homepage https://raf.org/${name}/
master_sites ${homepage}download/ \
https://web.archive.org/web/20230718143137/${homepage}download/ \
https://github.com/raforg/${name}/releases/download/v${version}/ \
https://codeberg.org/raforg/${name}/releases/download/v${version}/
checksums rmd160 ce7b310967bcc81678a9cd3e1bf890df90cb7ae2 \
sha256 179730da7e8d7b68f62b92292b7bc883922fa5cb8361eba22666a1fa6886e10e \
size 56860
post-patch {
# Set the installation prefix
# Suppress a reinplace runtime warning when ${prefix} is /usr/local (unlikely)
if {![string match /usr/local ${prefix}]} {
reinplace -W ${worksrcpath} "s|/usr/local|${prefix}|g" Makefile
}
# Certbot is definitely a macports port (tlsa variant dependency)
reinplace -W ${worksrcpath} "s|/etc/letsencrypt|${prefix}/etc/letsencrypt|g" danectl danectl.1
# Assume apache2 or nginx would also be macports ports, if present
reinplace -W ${worksrcpath} "s|/etc/apache2|${prefix}/etc/apache2|g" danectl danectl.1
reinplace -W ${worksrcpath} "s|/etc/nginx|${prefix}/etc/nginx|g" danectl danectl.1
# Don't require users to put ${prefix}/libexec/gnubin in their $PATH
reinplace -W ${worksrcpath} "s|sha256sum|gsha256sum|g" danectl danectl.1
}
build {}
test.run yes
livecheck.type regex
livecheck.url ${homepage}download/
livecheck.regex ${name}-(\\d+(?:\\.\\d+)*)${extract.suffix}