From 115044aeade92f739788377f401a781570f2bc64 Mon Sep 17 00:00:00 2001 From: asomers Date: Mon, 9 Sep 2019 19:50:42 +0000 Subject: security/py-certbot: Add periodic script for renewing certificates PR: 221043 Submitted by: Dmitry Marakasov, asomers, Yasuhiro KIMURA Approved by: koobs (maintainer timeout) --- security/py-certbot/Makefile | 8 +++++ security/py-certbot/files/500.certbot.in | 53 ++++++++++++++++++++++++++++++++ security/py-certbot/pkg-message | 5 +++ 3 files changed, 66 insertions(+) create mode 100644 security/py-certbot/files/500.certbot.in (limited to 'security') diff --git a/security/py-certbot/Makefile b/security/py-certbot/Makefile index 4b3652b7f1bc..55a9b5a1e8dc 100644 --- a/security/py-certbot/Makefile +++ b/security/py-certbot/Makefile @@ -3,6 +3,7 @@ PORTNAME= certbot PORTVERSION= ${ACME_VERSION} +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= security python MASTER_SITES= CHEESESHOP @@ -34,10 +35,17 @@ USES= python USE_PYTHON= autoplist concurrent distutils NO_ARCH= yes +SUB_FILES= 500.certbot +PLIST_FILES= etc/periodic/weekly/500.certbot post-patch: @${REINPLACE_CMD} -e 's|/usr/local|${LOCALBASE}|' ${WRKSRC}/certbot/compat/misc.py +post-install: + ${MKDIR} ${STAGEDIR}${PREFIX}/etc/periodic/weekly + ${INSTALL_SCRIPT} ${WRKDIR}/500.certbot \ + ${STAGEDIR}${PREFIX}/etc/periodic/weekly + do-test: @cd ${WRKSRC} && ${PYTHON_CMD} ${PYDISTUTILS_SETUP} test diff --git a/security/py-certbot/files/500.certbot.in b/security/py-certbot/files/500.certbot.in new file mode 100644 index 000000000000..be71c68b549c --- /dev/null +++ b/security/py-certbot/files/500.certbot.in @@ -0,0 +1,53 @@ +#!/bin/sh +# +# $FreeBSD$ +# +# Automatically renew Let's Encrypt certificates each week +# +# Add the following lines to /etc/periodic.conf: +# +# weekly_certbot_enable (bool): Set to "NO" by default +# weekly_certbot_service (str): If defined, certbot will try to +# shutdown this this service before +# renewing the certificate, and restart +# it afterwards. For example, set to +# "nginx" or "apache24" + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$weekly_certbot_enable" in + [Yy][Ee][Ss]) + echo + echo "Renewing Let's Encrypt certificates:" + + PRE_HOOK="" + POST_HOOK="" + if [ -n "$weekly_certbot_service" ] + then + if service "$weekly_certbot_service" onestatus + then + PRE_HOOK="service $weekly_certbot_service onestop" + POST_HOOK="service $weekly_certbot_service onestart" + fi + fi + + anticongestion + if %%LOCALBASE%%/bin/certbot renew --pre-hook "$PRE_HOOK" \ + --post-hook "$POST_HOOK" \ + --no-random-sleep-on-renew + then + rc=0 + else + rc=1 + fi + ;; + *) rc=0;; +esac + +exit $rc diff --git a/security/py-certbot/pkg-message b/security/py-certbot/pkg-message index f064e8dc54cb..691b23b62c27 100644 --- a/security/py-certbot/pkg-message +++ b/security/py-certbot/pkg-message @@ -24,6 +24,11 @@ will be made available in the following ports: * Apache plugin: security/py-certbot-apache * Nginx plugin: security/py-certbot-nginx + +In order to automatically renew the certificates, add this line to +/etc/periodic.conf: + + weekly_certbot_enable="YES" EOM } ] -- cgit