commit: 1e9bc7bf78116de4f64fd98a1705da1cd8cac286 Author: Ulrich Müller <ulm <AT> gentoo <DOT> org> AuthorDate: Fri Dec 27 15:34:57 2024 +0000 Commit: Marc Schiffbauer <mschiff <AT> gentoo <DOT> org> CommitDate: Fri Jan 3 00:38:38 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1e9bc7bf
app-crypt/dehydrated: Ignore output of "openssl req" Closes: https://bugs.gentoo.org/942637 Signed-off-by: Ulrich Müller <ulm <AT> gentoo.org> Closes: https://github.com/gentoo/gentoo/pull/39864 Signed-off-by: Marc Schiffbauer <mschiff <AT> gentoo.org> app-crypt/dehydrated/dehydrated-0.7.1-r1.ebuild | 63 ++++++++++++++++++++++ .../files/dehydrated-0.7.1-openssl-stdout.patch | 19 +++++++ 2 files changed, 82 insertions(+) diff --git a/app-crypt/dehydrated/dehydrated-0.7.1-r1.ebuild b/app-crypt/dehydrated/dehydrated-0.7.1-r1.ebuild new file mode 100644 index 000000000000..db7d63245d29 --- /dev/null +++ b/app-crypt/dehydrated/dehydrated-0.7.1-r1.ebuild @@ -0,0 +1,63 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI="8" + +VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/dehydrated.asc + +inherit verify-sig + +DESCRIPTION="A client for signing certificates with an ACME-server" +HOMEPAGE="https://dehydrated.io/"; +SRC_URI=" + https://github.com/dehydrated-io/${PN}/releases/download/v${PV}/${P}.tar.gz + verify-sig? ( https://github.com/dehydrated-io/${PN}/releases/download/v${PV}/${P}.tar.gz.asc ) +" + +LICENSE="MIT" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86" +IUSE="+cron" + +BDEPEND="verify-sig? ( sec-keys/openpgp-keys-dehydrated )" +RDEPEND="acct-group/dehydrated + acct-user/dehydrated + app-shells/bash + net-misc/curl + cron? ( virtual/cron )" + +PATCHES=( "${FILESDIR}"/${P}-openssl-stdout.patch ) + +src_configure() { + default + sed -i 's,^#CONFIG_D=.*,CONFIG_D="/etc/dehydrated/config.d",' docs/examples/config \ + || die "could not set config (CONFIG_D)" +} + +src_install() { + dobin ${PN} + insinto /etc/${PN} + doins docs/examples/{config,domains.txt,hook.sh} + fperms u+x /etc/${PN}/hook.sh + dodoc docs/*.md + + insinto /etc/${PN}/config.d + newins "${FILESDIR}"/00_gentoo.sh-r1 00_gentoo.sh + + keepdir /etc/${PN}/domains.d + + doman docs/man/dehydrated.1 + + if use cron ; then + insinto /etc/cron.d + newins "${FILESDIR}"/cron-r1 ${PN} + fi +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]] ; then + einfo "See /etc/dehydrated/config for configuration." + + use cron && einfo "After finishing setup you should enable the cronjob in /etc/cron.d/dehydrated." + fi +} diff --git a/app-crypt/dehydrated/files/dehydrated-0.7.1-openssl-stdout.patch b/app-crypt/dehydrated/files/dehydrated-0.7.1-openssl-stdout.patch new file mode 100644 index 000000000000..16e8271d4678 --- /dev/null +++ b/app-crypt/dehydrated/files/dehydrated-0.7.1-openssl-stdout.patch @@ -0,0 +1,19 @@ +https://bugs.gentoo.org/942637 + +commit 4fd777e87e589652b1127b79ac6688ed7cb151fe +Author: Wilfried Teiken <[email protected]> +Date: Sun Dec 3 15:07:01 2023 -0500 + + Ignore output of 'openssl req -verify'. + +--- a/dehydrated ++++ b/dehydrated +@@ -1011,7 +1011,7 @@ signed_request() { + extract_altnames() { + csr="${1}" # the CSR itself (not a file) + +- if ! <<<"${csr}" "${OPENSSL}" req -verify -noout 2>/dev/null; then ++ if ! <<<"${csr}" "${OPENSSL}" req -verify -noout >/dev/null 2>&1; then + _exiterr "Certificate signing request isn't valid" + fi +
