Hi,
Netshot 0.14.1 was released a while ago. The release notes list these items:
- Library update (vulnerability fix)
- Fix an error which could prevent the removal of credential sets
- Add support for PKCS12 keystores (default now)
I verified that after "pkg_add -u" netshot still works with an existing
Java key store file (*.jks).
I think it makes sense to keep the "@extra ${SYSCONFDIR}/netshot.jks" in
PLIST since that is what the example config suggested till now.
But I'm not sure on this one.
Comments, OKs?
Remi
Index: Makefile
===================================================================
RCS file: /cvs/ports/sysutils/netshot/Makefile,v
retrieving revision 1.7
diff -u -p -r1.7 Makefile
--- Makefile 12 Sep 2019 21:21:25 -0000 1.7
+++ Makefile 27 Oct 2019 20:46:40 -0000
@@ -2,7 +2,7 @@
COMMENT = config backup and policy check for network devices
-V = 0.14.0
+V = 0.14.1
DISTNAME = netshot_${V}
PKGNAME = ${DISTNAME:S/_/-/}
WRKDIST = ${WRKDIR}
Index: distinfo
===================================================================
RCS file: /cvs/ports/sysutils/netshot/distinfo,v
retrieving revision 1.3
diff -u -p -r1.3 distinfo
--- distinfo 12 Sep 2019 21:21:25 -0000 1.3
+++ distinfo 27 Oct 2019 20:52:12 -0000
@@ -1,2 +1,2 @@
-SHA256 (netshot_0.14.0.zip) = 7HX9oTy/mWagcSvTPsgekNX7WTelHS7eu1lNUbNdOO8=
-SIZE (netshot_0.14.0.zip) = 45721309
+SHA256 (netshot_0.14.1.zip) = MpKMvBCtsvuEu1SyFxOYGHBO0Xzf4GRszy2DiH6pGUE=
+SIZE (netshot_0.14.1.zip) = 45722115
Index: patches/patch-netshot_conf
===================================================================
RCS file: /cvs/ports/sysutils/netshot/patches/patch-netshot_conf,v
retrieving revision 1.3
diff -u -p -r1.3 patch-netshot_conf
--- patches/patch-netshot_conf 12 Sep 2019 21:21:25 -0000 1.3
+++ patches/patch-netshot_conf 27 Oct 2019 21:06:03 -0000
@@ -19,8 +19,8 @@ Index: netshot.conf
netshot.db.encryptionpassword = netshot
# REST
--netshot.http.ssl.keystore.file = /usr/local/netshot/netshot.jks
-+netshot.http.ssl.keystore.file = ${SYSCONFDIR}/netshot.jks
+-netshot.http.ssl.keystore.file = /usr/local/netshot/netshot.pfx
++netshot.http.ssl.keystore.file = ${SYSCONFDIR}/netshot.pfx
netshot.http.ssl.keystore.pass = password
#netshot.http.baseurl = https://localhost
netshot.http.baseurl = https://0.0.0.0
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/sysutils/netshot/pkg/PLIST,v
retrieving revision 1.2
diff -u -p -r1.2 PLIST
--- pkg/PLIST 12 Sep 2019 21:21:25 -0000 1.2
+++ pkg/PLIST 27 Oct 2019 21:15:46 -0000
@@ -18,6 +18,7 @@ share/examples/netshot/netshot.conf
@group _netshot
@sample ${SYSCONFDIR}/netshot.conf
@extra ${SYSCONFDIR}/netshot.jks
+@extra ${SYSCONFDIR}/netshot.pfx
@mode 0750
@owner _netshot
@sample ${VARBASE}/log/netshot/
Index: pkg/README
===================================================================
RCS file: /cvs/ports/sysutils/netshot/pkg/README,v
retrieving revision 1.1
diff -u -p -r1.1 README
--- pkg/README 12 Sep 2019 21:21:25 -0000 1.1
+++ pkg/README 4 Feb 2020 16:14:35 -0000
@@ -26,12 +26,18 @@ MariaDB on the same host.
might be modified to look like this:
netshot.db.url = jdbc:mysql://localhost/netshot01?serverTimezone=UTC
-- Create a TLS certificate in a Java keystore:
- # ${LOCALBASE}/jdk-1.8.0/bin/keytool -genkey -keyalg RSA -alias selfsigned \
- -keystore ${SYSCONFDIR}/netshot.jks -storepass password -validity 3600 \
- -keysize 4096
- # chmod 640 ${SYSCONFDIR}/netshot.jks
- # chgrp _netshot ${SYSCONFDIR}/netshot.jks
+- Create a TLS key and certificate and put it in a keystore for Java:
+ # openssl req -new -x509 -days 825 \
+ -subj '/CN=netshot.example.com' \
+ -addext 'subjectAltName = DNS:netshot.example.com' \
+ -keyout ${SYSCONFDIR}/ssl/private/netshot.key \
+ -out ${SYSCONFDIR}/ssl/netshot.crt
+ # openssl pkcs12 -export -name netshot \
+ -in ${SYSCONFDIR}/ssl/netshot.crt \
+ -inkey ${SYSCONFDIR}/ssl/private/netshot.key \
+ -out ${SYSCONFDIR}/netshot.pfx
+ # chmod 640 ${SYSCONFDIR}/netshot.pfx
+ # chgrp _netshot ${SYSCONFDIR}/netshot.pfx
- Enable and start Netshot to create the database tables.
# rcctl enable netshot; rcctl start netshot