Add some sane defaults in account.conf to get you started.

Supply a link to the dnsapi/deploy scripts so it all just works.
Create ~acme/.acme.sh & ~acme/certs to make things easier.
Also provide a newsyslog.conf sample file for the log file rotation.

Differential Revision:	https://reviews.freebsd.org/D11450

5 files changed, 59 insertions, 1 deletions

diff --git a/security/acme.sh/Makefile b/security/acme.sh/Makefile
index 37803a59c44b..08732f4f5fb9 100644
--- a/security/acme.sh/Makefile
+++ b/security/acme.sh/Makefile
@@ -2,8 +2,8 @@
 
 PORTNAME=	acme.sh
 PORTVERSION=	2.6.9
-PORTREVISION=	2
 DISTVERSIONPREFIX=	v
+PORTREVISION=	3
 CATEGORIES=	security
 
 MAINTAINER=	dvl@FreeBSD.org
@@ -34,11 +34,14 @@ WGET_RUN_DEPENDS=	wget:ftp/wget
 
 PORTDOCS=	README.md
 
+SUB_FILES=	pkg-install pkg-message
+
 do-install:
 	${INSTALL_SCRIPT} ${WRKSRC}/${PORTNAME} ${STAGEDIR}${PREFIX}/sbin/${PORTNAME}
 	${MKDIR} ${STAGEDIR}${EXAMPLESDIR}/deploy ${STAGEDIR}${EXAMPLESDIR}/dnsapi
 	( cd ${WRKSRC} && ${COPYTREE_BIN} deploy ${STAGEDIR}${EXAMPLESDIR} )
 	( cd ${WRKSRC} && ${COPYTREE_BIN} dnsapi ${STAGEDIR}${EXAMPLESDIR} )
+	${INSTALL_DATA} ${FILESDIR}/acme.sh ${STAGEDIR}${EXAMPLESDIR}
 
 do-install-DOCS-on:
 	${MKDIR} ${STAGEDIR}${DOCSDIR}
diff --git a/security/acme.sh/files/acme.sh b/security/acme.sh/files/acme.sh
new file mode 100644
index 000000000000..f2d26e670a96
--- /dev/null
+++ b/security/acme.sh/files/acme.sh
@@ -0,0 +1,6 @@
+# acme.sh configuration file for newsyslog.conf
+#
+# see newsyslog.conf(5) for details
+#
+# logfilename         [owner:group]   mode count size when  flags [/pid_file] [sig_num]
+/var/log/acme.sh.log  acme:acme       640  90    *    @T00   B
diff --git a/security/acme.sh/files/pkg-install.in b/security/acme.sh/files/pkg-install.in
new file mode 100644
index 000000000000..2a87c609c19f
--- /dev/null
+++ b/security/acme.sh/files/pkg-install.in
@@ -0,0 +1,29 @@
+#!/bin/sh
+#
+# $FreeBSD$
+
+if [ "$2" = "POST-INSTALL" ]; then
+    if [ ! -d ~acme/.acme.sh ]; then
+        /usr/bin/install -d -o acme -g acme -m 750 ~acme/.acme.sh
+    fi
+
+    if [ ! -d ~acme/certs ]; then    
+        /usr/bin/install -d -o acme -g acme -m 750 ~acme/certs
+    fi
+    
+    if [ ! -d ~acme/.acme.sh/dnsapi ]; then
+        /bin/ln -sf %%EXAMPLESDIR%%/dnsapi ~acme/.acme.sh
+    fi
+    
+    if [ ! -f ~acme/.acme.sh/account.conf.sample ]; then
+
+        /bin/cat << EOF >> ~acme/.acme.sh/account.conf.sample
+NSUPDATE_SERVER="mydns.example.org"
+NSUPDATE_KEY="/var/db/acme/Kmydns.example.org.+165+59977.key"
+DEFAULT_DNS_SLEEP="10"
+CERT_HOME="/var/db/acme/certs"
+LOG_FILE='/var/log/acme.sh.log'
+EOF
+        /bin/chmod 640 ~acme/.acme.sh/account.conf.sample
+    fi
+fi
diff --git a/security/acme.sh/files/pkg-message.in b/security/acme.sh/files/pkg-message.in
new file mode 100644
index 000000000000..55c67e8b571d
--- /dev/null
+++ b/security/acme.sh/files/pkg-message.in
@@ -0,0 +1,19 @@
+
+
+This script will create the following directories if they do not exist:
+
+ ~acme/.acme.sh
+ ~acme/certs
+
+The script will also install ~acme/.acme.sh/account.conf.sample which has
+sane defaults.  Copy this to ~acme/.acme.sh/account.conf and edit contents
+to suit.
+
+In the %%EXAMPLESDIR%% directory, you can find the dnsapi 
+scripts which will be useful if you decide to use dns-01 challenges. Also 
+included are the deploy scripts.
+
+A newsyslog.conf sample file is provided at %%EXAMPLESDIR%%/acme.sh
+and you could create a symlink from that to %%PREFIX%%/etc/newsyslog.conf.d/
+
+
diff --git a/security/acme.sh/pkg-plist b/security/acme.sh/pkg-plist
index 67044c1edb7b..e64ca6b5f343 100644
--- a/security/acme.sh/pkg-plist
+++ b/security/acme.sh/pkg-plist
@@ -1,4 +1,5 @@
 sbin/acme.sh
+%%EXAMPLESDIR%%/acme.sh
 %%EXAMPLESDIR%%/deploy/README.md
 %%EXAMPLESDIR%%/deploy/apache.sh
 %%EXAMPLESDIR%%/deploy/cpanel.sh