Hey,
Update to prosody. Latest version.
I noticed that the SSL key generation creates the key with a permission
that _prosody cannot access. Fixed this in the certs Makefile and in the
sample key.
Tested on my laptop connecting PSI and Pidgin and sending messages
between two different users over a TLS encrypted connection. All seems
well.
Comments, OK?
Index: Makefile
===
RCS file: /home/edd/cvsync/ports/net/prosody/Makefile,v
retrieving revision 1.31
diff -u -p -r1.31 Makefile
--- Makefile27 Nov 2014 08:12:51 - 1.31
+++ Makefile12 Jan 2015 23:42:43 -
@@ -3,10 +3,9 @@
SHARED_ONLY= Yes
COMMENT= communications server for Jabber/XMPP written in Lua
-DISTNAME= prosody-0.9.6
+DISTNAME = prosody-0.9.7
CATEGORIES=net
MASTER_SITES= http://prosody.im/downloads/source/
-REVISION = 0
HOMEPAGE= http://prosody.im/
Index: distinfo
===
RCS file: /home/edd/cvsync/ports/net/prosody/distinfo,v
retrieving revision 1.8
diff -u -p -r1.8 distinfo
--- distinfo27 Oct 2014 13:41:17 - 1.8
+++ distinfo12 Jan 2015 21:34:11 -
@@ -1,2 +1,2 @@
-SHA256 (prosody-0.9.6.tar.gz) = dSGM+QeJuYIAkxE15K7se9FS+4n11Juwe63NHCxWQOc=
-SIZE (prosody-0.9.6.tar.gz) = 266740
+SHA256 (prosody-0.9.7.tar.gz) = 3UuZs5l2RCBViYyTPAE1mOVYvu0R13lddv/A8ah+LgA=
+SIZE (prosody-0.9.7.tar.gz) = 266638
Index: patches/patch-certs_Makefile
===
RCS file: /home/edd/cvsync/ports/net/prosody/patches/patch-certs_Makefile,v
retrieving revision 1.3
diff -u -p -r1.3 patch-certs_Makefile
--- patches/patch-certs_Makefile23 Apr 2014 17:59:01 - 1.3
+++ patches/patch-certs_Makefile12 Jan 2015 23:31:23 -
@@ -1,6 +1,6 @@
$OpenBSD: patch-certs_Makefile,v 1.3 2014/04/23 17:59:01 jca Exp $
certs/Makefile.origThu Feb 27 20:04:09 2014
-+++ certs/Makefile Thu Feb 27 20:05:11 2014
+--- certs/Makefile.origFri Oct 24 23:30:55 2014
certs/Makefile Mon Jan 12 23:30:53 2015
@@ -2,13 +2,13 @@
keysize=2048
@@ -19,3 +19,9 @@ $OpenBSD: patch-certs_Makefile,v 1.3 201
# to generate a self signed certificate.
.PRECIOUS: %.cnf %.key
+@@ -28,3 +28,5 @@ keysize=2048
+ %.key:
+ openssl genrsa $(keysize) $@
+ @chmod 400 $@
++ @chown _prosody $@ || \
++ echo ***WARNING***: You will need to 'chown _prosody $@'
Index: pkg/PLIST
===
RCS file: /home/edd/cvsync/ports/net/prosody/pkg/PLIST,v
retrieving revision 1.8
diff -u -p -r1.8 PLIST
--- pkg/PLIST 23 Apr 2014 17:59:01 - 1.8
+++ pkg/PLIST 12 Jan 2015 23:44:51 -
@@ -157,8 +157,12 @@ share/examples/prosody/certs/example.com
share/examples/prosody/certs/localhost.cnf
share/examples/prosody/certs/localhost.crt
@sample ${SYSCONFDIR}/prosody/certs/localhost.crt
+@mode 400
+@owner _prosody
share/examples/prosody/certs/localhost.key
@sample ${SYSCONFDIR}/prosody/certs/localhost.key
+@mode
+@owner
share/examples/prosody/certs/openssl.cnf
@sample ${SYSCONFDIR}/prosody/certs/openssl.cnf
share/examples/prosody/prosody.cfg.lua
--
Best Regards
Edd Barrett
http://www.theunixzoo.co.uk