<pre style='margin:0'>
Renee Otten (reneeotten) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/563e7145c23708492c43092cc73fdf1aee13d227">https://github.com/macports/macports-ports/commit/563e7145c23708492c43092cc73fdf1aee13d227</a></p>
<pre style="white-space: pre; background: #F8F8F8"><span style='display:block; white-space:pre;color:#808000;'>commit 563e7145c23708492c43092cc73fdf1aee13d227
</span>Author: Steven Thomas Smith <s.t.smith@ieee.org>
AuthorDate: Wed May 13 11:42:28 2020 -0400
<span style='display:block; white-space:pre;color:#404040;'> calendar-contacts-server: Add +apns variant notes
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> * Improve notes for APNS certificate updates
</span>---
net/calendar-contacts-server/Portfile | 56 +++++++++++++++++++++++++----------
1 file changed, 40 insertions(+), 16 deletions(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/calendar-contacts-server/Portfile b/net/calendar-contacts-server/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index d4b4bfb..2804d67 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/calendar-contacts-server/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/calendar-contacts-server/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -568,6 +568,19 @@ variant apns \
</span>
1. Acquire APNS Mail certificates from a (virtual) macOS\
High Sierra 10.13 and Server.app version 5.6. Export\
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ the APNS certificates and keys from the Keychain into the\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ files com.apple.servermgrd.apns.calendar.cer and\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ com.apple.servermgrd.apns.calendar.key.p12. APNS certificates\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ appear separately with names APSP:<UUID> that correspond to the\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ certificate's User ID field, com.apple.calendar.XServer.<UUID>.\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ APNS keys are simply named com.apple.servermgrd.apns.calendar.\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Repeat for the certificate com.apple.servermgrd.apns.contact.cer\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ and key com.apple.servermgrd.apns.contact.key.p12.\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ *Note*: APNS Mail certificate creation is deprecated on\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Server.app version 5.7+.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 1. Acquire APNS Mail certificates from a (virtual) macOS\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ High Sierra 10.13 and Server.app version 5.6. Export\
</span> the certificates from the Keychain into the files\
com.apple.servermgrd.apns.calendar.p12 and\
com.apple.servermgrd.apns.contact.p12. *Note*: APNS Mail\
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -575,45 +588,56 @@ variant apns \
</span>
2. Convert the APNS Mail certificates to cert, key, and chain PEM files:
<span style='display:block; white-space:pre;background:#ffe0e0;'>- # apns:com.apple.calendar
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- openssl pkcs12 -in com.apple.servermgrd.apns.calendar.p12 \\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- -clcerts -nokeys | sed '/BEGIN CERTIFICATE/,\$!d' \\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- > com.apple.calendar.cert.pem
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- sudo install -m 0644 -o ${calendarserverUser} -g _calendar \\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- com.apple.calendar.cert.pem \\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${calendarserverdir}/Library/CalendarServer/Config/Certificates
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- openssl pkcs12 -in com.apple.servermgrd.apns.calendar.p12 \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl x509 -inform der -in com.apple.servermgrd.apns.calendar.cer \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ | sed '/BEGIN CERTIFICATE/,$!d' > com.apple.calendar.cert.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl x509 -inform der -in com.apple.servermgrd.apns.contact.cer \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ | sed '/BEGIN CERTIFICATE/,$!d' > com.apple.contact.cert.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl pkcs12 -in com.apple.servermgrd.apns.calendar.key.p12 \\
</span> -nodes -nocerts | sed '/BEGIN PRIVATE KEY/,\$!d' \\
> com.apple.calendarserver.key.pem.decrypted
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl pkcs12 -in com.apple.servermgrd.apns.contact.key.p12 \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -nodes -nocerts | sed '/BEGIN PRIVATE KEY/,\$!d' \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ > com.apple.contact.key.pem.decrypted
</span> sudo security add-generic-password -a apns:com.apple.calendar \\
-s 'MacPorts Calendar and Contacts Server' \\
-T /usr/bin/security \\
-w \$(openssl rand -base64 24) \\
-U /Library/Keychains/System.keychain
<span style='display:block; white-space:pre;background:#ffe0e0;'>- # encrypt the key with passphrase in this keychain account
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sudo security add-generic-password -a apns:com.apple.contact \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -s 'MacPorts Calendar and Contacts Server' \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -T /usr/bin/security \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -w \$(openssl rand -base64 24) \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -U /Library/Keychains/System.keychain
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # encrypt the keys with these passphrases
</span> openssl rsa -aes256 -in com.apple.calendar.key.pem.decrypted \\
-out com.apple.calendar.key.pem
<span style='display:block; white-space:pre;background:#ffe0e0;'>- sudo install -m 0644 -o ${calendarserverUser} -g _calendar \\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- com.apple.calendar.key.pem \\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- ${calendarserverdir}/Library/CalendarServer/Config/Certificates
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl rsa -aes256 -in com.apple.contact.key.pem.decrypted \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -out com.apple.contact.key.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # create the full PKI chain of trust
</span> curl -LO https://www.apple.com/certificateauthority/AppleAAI2CA.cer
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ curl -LO https://www.apple.com/appleca/AppleIncRootCertificate.cer
</span> openssl x509 -inform der -in AppleAAI2CA.cer \\
-out AppleAAI2CA.cert.pem
<span style='display:block; white-space:pre;background:#ffe0e0;'>- curl -LO https://www.apple.com/appleca/AppleIncRootCertificate.cer
</span> openssl x509 -inform der -in AppleIncRootCertificate.cer \\
-out AppleIncRootCertificate.cert.pem
cat com.apple.calendar.cert.pem \\
AppleAAI2CA.cert.pem \\
AppleIncRootCertificate.cert.pem \\
> com.apple.calendar.chain.pem
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ cat com.apple.contact.cert.pem \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ AppleAAI2CA.cert.pem \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ AppleIncRootCertificate.cert.pem \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ > com.apple.contact.chain.pem
</span> openssl verify -CAfile com.apple.calendar.chain.pem \\
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ com.apple.calendar.cert.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl verify -CAfile com.apple.contact.chain.pem \\
</span> com.apple.contact.cert.pem
sudo install -m 0644 -o ${calendarserverUser} -g _calendar \\
<span style='display:block; white-space:pre;background:#ffe0e0;'>- com.apple.calendar.chain.pem \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ com.apple.calendar.cert.pem com.apple.contact.cert.pem \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ com.apple.calendar.key.pem com.apple.contact.key.pem \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ com.apple.calendar.chain.pem com.apple.contact.chain.pem \\
</span> ${calendarserverdir}/Library/CalendarServer/Config/Certificates
<span style='display:block; white-space:pre;background:#ffe0e0;'>- Repeat these steps for apns:com.apple.contact.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-
</span> 3. Configure calendarserver for APNS by uncommenting this block in\
the file ${calendarserverdir}/Library/CalendarServer/Config/calendarserver.plist:
</pre><pre style='margin:0'>
</pre>