Hi,

Netshot 0.14.1 was released a while ago. The release notes list these items:

- Library update (vulnerability fix)
- Fix an error which could prevent the removal of credential sets
- Add support for PKCS12 keystores (default now)

I verified that after "pkg_add -u" netshot still works with an existing
Java key store file (*.jks).

I think it makes sense to keep the "@extra ${SYSCONFDIR}/netshot.jks" in
PLIST since that is what the example config suggested till now.
But I'm not sure on this one.

Comments, OKs?

Remi


Index: Makefile
===================================================================
RCS file: /cvs/ports/sysutils/netshot/Makefile,v
retrieving revision 1.7
diff -u -p -r1.7 Makefile
--- Makefile    12 Sep 2019 21:21:25 -0000      1.7
+++ Makefile    27 Oct 2019 20:46:40 -0000
@@ -2,7 +2,7 @@
 
 COMMENT =              config backup and policy check for network devices
 
-V =                    0.14.0
+V =                    0.14.1
 DISTNAME =             netshot_${V}
 PKGNAME =              ${DISTNAME:S/_/-/}
 WRKDIST =              ${WRKDIR}
Index: distinfo
===================================================================
RCS file: /cvs/ports/sysutils/netshot/distinfo,v
retrieving revision 1.3
diff -u -p -r1.3 distinfo
--- distinfo    12 Sep 2019 21:21:25 -0000      1.3
+++ distinfo    27 Oct 2019 20:52:12 -0000
@@ -1,2 +1,2 @@
-SHA256 (netshot_0.14.0.zip) = 7HX9oTy/mWagcSvTPsgekNX7WTelHS7eu1lNUbNdOO8=
-SIZE (netshot_0.14.0.zip) = 45721309
+SHA256 (netshot_0.14.1.zip) = MpKMvBCtsvuEu1SyFxOYGHBO0Xzf4GRszy2DiH6pGUE=
+SIZE (netshot_0.14.1.zip) = 45722115
Index: patches/patch-netshot_conf
===================================================================
RCS file: /cvs/ports/sysutils/netshot/patches/patch-netshot_conf,v
retrieving revision 1.3
diff -u -p -r1.3 patch-netshot_conf
--- patches/patch-netshot_conf  12 Sep 2019 21:21:25 -0000      1.3
+++ patches/patch-netshot_conf  27 Oct 2019 21:06:03 -0000
@@ -19,8 +19,8 @@ Index: netshot.conf
  netshot.db.encryptionpassword = netshot
  
  # REST
--netshot.http.ssl.keystore.file = /usr/local/netshot/netshot.jks
-+netshot.http.ssl.keystore.file = ${SYSCONFDIR}/netshot.jks
+-netshot.http.ssl.keystore.file = /usr/local/netshot/netshot.pfx
++netshot.http.ssl.keystore.file = ${SYSCONFDIR}/netshot.pfx
  netshot.http.ssl.keystore.pass = password
  #netshot.http.baseurl = https://localhost
  netshot.http.baseurl = https://0.0.0.0
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/sysutils/netshot/pkg/PLIST,v
retrieving revision 1.2
diff -u -p -r1.2 PLIST
--- pkg/PLIST   12 Sep 2019 21:21:25 -0000      1.2
+++ pkg/PLIST   27 Oct 2019 21:15:46 -0000
@@ -18,6 +18,7 @@ share/examples/netshot/netshot.conf
 @group _netshot
 @sample ${SYSCONFDIR}/netshot.conf
 @extra ${SYSCONFDIR}/netshot.jks
+@extra ${SYSCONFDIR}/netshot.pfx
 @mode 0750
 @owner _netshot
 @sample ${VARBASE}/log/netshot/
Index: pkg/README
===================================================================
RCS file: /cvs/ports/sysutils/netshot/pkg/README,v
retrieving revision 1.1
diff -u -p -r1.1 README
--- pkg/README  12 Sep 2019 21:21:25 -0000      1.1
+++ pkg/README  4 Feb 2020 16:14:35 -0000
@@ -26,12 +26,18 @@ MariaDB on the same host.
   might be modified to look like this:
   netshot.db.url = jdbc:mysql://localhost/netshot01?serverTimezone=UTC
 
-- Create a TLS certificate in a Java keystore:
-  # ${LOCALBASE}/jdk-1.8.0/bin/keytool -genkey -keyalg RSA -alias selfsigned \
-    -keystore ${SYSCONFDIR}/netshot.jks -storepass password -validity 3600 \
-    -keysize 4096
-  # chmod 640 ${SYSCONFDIR}/netshot.jks
-  # chgrp _netshot ${SYSCONFDIR}/netshot.jks
+- Create a TLS key and certificate and put it in a keystore for Java:
+  # openssl req -new -x509 -days 825 \
+    -subj '/CN=netshot.example.com' \
+    -addext 'subjectAltName = DNS:netshot.example.com' \
+    -keyout ${SYSCONFDIR}/ssl/private/netshot.key \
+    -out ${SYSCONFDIR}/ssl/netshot.crt
+  # openssl pkcs12 -export -name netshot \
+    -in ${SYSCONFDIR}/ssl/netshot.crt \
+    -inkey ${SYSCONFDIR}/ssl/private/netshot.key \
+    -out ${SYSCONFDIR}/netshot.pfx
+  # chmod 640 ${SYSCONFDIR}/netshot.pfx
+  # chgrp _netshot ${SYSCONFDIR}/netshot.pfx
 
 - Enable and start Netshot to create the database tables.
   # rcctl enable netshot; rcctl start netshot

Reply via email to