<pre style='margin:0'>
Renee Otten (reneeotten) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/86b6e335a865c1dfb5a52a2ba919adcee193930e">https://github.com/macports/macports-ports/commit/86b6e335a865c1dfb5a52a2ba919adcee193930e</a></p>
<pre style="white-space: pre; background: #F8F8F8"><span style='display:block; white-space:pre;color:#808000;'>commit 86b6e335a865c1dfb5a52a2ba919adcee193930e
</span>Author: Steven Thomas Smith <s.t.smith@ieee.org>
AuthorDate: Wed Mar 31 21:27:44 2021 -0400
<span style='display:block; white-space:pre;color:#404040;'> calendar-contacts-server: Update to final ccs-calendarserver commit, add TLS updates
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> * Update to final ccs-calendarserver commit of archived repo
</span><span style='display:block; white-space:pre;color:#404040;'> * Provide TLS update notes and instructions
</span><span style='display:block; white-space:pre;color:#404040;'> * Minor Portfile fixes: variable names
</span>---
net/calendar-contacts-server/Portfile | 45 +++++++++++++---------
.../files/calendarserver.plist | 4 +-
net/calendar-contacts-server/files/nginx.conf | 45 ++++++++++++++++++++++
3 files changed, 73 insertions(+), 21 deletions(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/calendar-contacts-server/Portfile b/net/calendar-contacts-server/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index 2804d670d60..51369a45327 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/calendar-contacts-server/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/calendar-contacts-server/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -4,12 +4,12 @@ PortSystem 1.0
</span> PortGroup github 1.0
PortGroup active_variants 1.1
<span style='display:block; white-space:pre;background:#ffe0e0;'>-github.setup apple ccs-calendarserver 50894b7
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+github.setup apple ccs-calendarserver 13c706b985fb728b9aab42dc0fef85aae21921c3
</span>
name calendar-contacts-server
# version from https://github.com/apple/ccs-calendarserver/blob/master/setup.py
# with date of git commit appended
<span style='display:block; white-space:pre;background:#ffe0e0;'>-version 9.3.20190916
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+version 9.3.20200212
</span> revision 0
categories net mail
platforms darwin
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -29,19 +29,18 @@ long_description ${description}. \
</span>
homepage https://www.calendarserver.org
<span style='display:block; white-space:pre;background:#ffe0e0;'>-checksums rmd160 fd77e68c4cf6dceb543ce8cff47c5f6c23429ed6 \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- sha256 c97384bb26cec6a764eba3c8cd590c63e912c93f85e8fd5ce3945e6e11065dae \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- size 3714315
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+checksums rmd160 5fd33bb11370e40d3fb8e6550963ec3587156d24 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sha256 e08d8d1a911d408dfd2f9716a1a02d77801b0d28401186d868d7ca3af198f4c6 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ size 3713620
</span>
# use these to specify python versions, python2 required
<span style='display:block; white-space:pre;background:#ffe0e0;'>-set python2_version 2.7
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-set python2_version_nickname \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- [join [lrange [split ${python2_version} .] 0 1] {}]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# use ${prefix}/var/macports/sources/rsync.macports.org/macports/release/tarballs/ports/_resources/port1.0/group/python-1.0.tcl
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set python2_version 27
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set python2_branch [string index ${python2_version} 0].[string range ${python2_version} 1 end]
</span>
# use these to specify PostgreSQL versions, postgresql9 required
<span style='display:block; white-space:pre;background:#ffe0e0;'>-set postgresql9_version 9.6
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-set postgresql9_version_nickname \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- [join [lrange [split ${postgresql9_version} .] 0 1] {}]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set postgresql9_version 96
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set postgresql9_branch [string index ${postgresql9_version} 0].[string range ${postgresql9_version} 1 end]
</span>
depends_lib-append port:cyrus-sasl2 \
port:libffi \
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -49,10 +48,10 @@ depends_lib-append port:cyrus-sasl2 \
</span> port:memcached \
port:nginx \
port:openssl \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- port:postgresql${postgresql9_version_nickname}-server \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- port:python${python2_version_nickname} \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- port:py${python2_version_nickname}-pip \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- port:py${python2_version_nickname}-pyobjc-cocoa
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:postgresql${postgresql9_version}-server \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:python${python2_version} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:py${python2_version}-pip \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:py${python2_version}-pyobjc-cocoa
</span>
depends_run-append port:pip_select \
port:postgresql_select
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -88,7 +87,7 @@ post-extract {
</span> # Use postgresql96
# ccs-calendarserver's postgres code points to `PSQL = "../postgresql/_root/bin/psql"`
# https://github.com/apple/ccs-calendarserver/blob/master/calendarserver/tools/checkdatabaseschema.py
<span style='display:block; white-space:pre;background:#ffe0e0;'>- reinplace "s|\"../postgresql/_root/bin/psql\"|\"${prefix}/lib/postgresql${postgresql9_version_nickname}/bin/psql\"|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ reinplace "s|\"../postgresql/_root/bin/psql\"|\"${prefix}/lib/postgresql${postgresql9_version}/bin/psql\"|g" \
</span> ${worksrcpath}/calendarserver/tools/checkdatabaseschema.py
}
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -102,7 +101,7 @@ pre-build {
</span> copy ${worksrcpath} \
${destroot}${prefix}/src/${ccsname}
# MacPorts python2 pip
<span style='display:block; white-space:pre;background:#ffe0e0;'>- ln -s ${prefix}/bin/pip-${python2_version} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ln -s ${prefix}/bin/pip-${python2_branch} \
</span> ${workpath}/bin/pip
}
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -118,7 +117,7 @@ build.env "USE_OPENSSL=1" \
</span> destroot {
# configuration design: MacPorts file and/or directory templates installed
# to *.macports, then edited with local network settings, then in
<span style='display:block; white-space:pre;background:#ffe0e0;'>- # post-activate copied to actual configuration files if such don't exist
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # post-activate copied to actual configuration files if such don't exist
</span>
xinstall -o ${calendarserverUser} -d \
${destroot}${calendarserverpackage}
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -363,7 +362,7 @@ PACKAGE_CALENDARSERVER
</span> "s|@CALENDARSERVERUSER@|${calendarserverUser}|g" \
"s|@CALENDARSERVERDIR@|${calendarserverdir}|g" \
"s|@TLS_CERTIFICATE_NAME@|${tls_certificate_name}|g" \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- "s|@POSTGRESQL9_VERSION_NICKNAME@|${postgresql9_version_nickname}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "s|@POSTGRESQL9_VERSION@|${postgresql9_version}|g" \
</span> ] {
reinplace -q ${cmd} ${f}
}
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -524,6 +523,14 @@ unencrypted):
</span> http://${fullhost}:8800
https://${fullhost}:8843
<span style='display:block; white-space:pre;background:#e0ffe0;'>+TLS certificate updates must be included in calendar-contacts-server's \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+proxy nginx.conf and, if installed, mail-server dovecot's conf.d/10-ssl.conf, \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+and postfix's master.cf. Instructions are included as comments in:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sudo vi ${prefix}/var/calendarserver/Library/CalendarServer/etc/nginx.conf
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sudo vi ${prefix}/etc/dovecot/conf.d/10-ssl.conf
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sudo vi ${prefix}/etc/postfix/main.cf
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span> Known issues:
* All local accounts have access to calendarserver's password using
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/calendar-contacts-server/files/calendarserver.plist b/net/calendar-contacts-server/files/calendarserver.plist
</span><span style='display:block; white-space:pre;color:#808080;'>index 85e410ed67b..de2d6333381 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/calendar-contacts-server/files/calendarserver.plist
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/calendar-contacts-server/files/calendarserver.plist
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -128,7 +128,7 @@
</span> <key>Postgres</key>
<dict>
<key>Ctl</key>
<span style='display:block; white-space:pre;background:#ffe0e0;'>- <string>@PREFIX@/lib/postgresql@POSTGRESQL9_VERSION_NICKNAME@/bin/pg_ctl</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>@PREFIX@/lib/postgresql@POSTGRESQL9_VERSION@/bin/pg_ctl</string>
</span> <key>Options</key>
<array>
<!-- <string>-c log_statement=all</string> -->
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -151,7 +151,7 @@
</span> <!-- If the DBType is '', and we're spawning postgres ourselves,
where is the initdb tool to create its database cluster with? -->
<key>Init</key>
<span style='display:block; white-space:pre;background:#ffe0e0;'>- <string>@PREFIX@/lib/postgresql@POSTGRESQL9_VERSION_NICKNAME@/bin/initdb</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>@PREFIX@/lib/postgresql@POSTGRESQL9_VERSION@/bin/initdb</string>
</span> </dict>
<!-- Data root -->
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/calendar-contacts-server/files/nginx.conf b/net/calendar-contacts-server/files/nginx.conf
</span><span style='display:block; white-space:pre;color:#808080;'>index 076fde54968..7624f2a6471 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/calendar-contacts-server/files/nginx.conf
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/calendar-contacts-server/files/nginx.conf
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -16,6 +16,51 @@ events {
</span> worker_connections 1024;
}
<span style='display:block; white-space:pre;background:#e0ffe0;'>+# To use macOS Server v5.10 generated certificates:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 0. Identify the file that looks like @host@.@domain@.@tld@.@CERTIFICATE_SHA1@.cert.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# and verify its issue date and issuer "* Intermediate CA" with:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# $ ls /etc/certificates
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# $ openssl x509 -inform pem -in /etc/certificates/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.cert.pem -text -noout
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# $ openssl x509 -noout -fingerprint -sha1 -inform pem -in openssl x509 -noout -fingerprint -sha1 -inform pem -in /etc/certificates/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.cert.pem | tr -d ':' | sed -e 's|^SHA1 Fingerprint=||' | tr -d ':' | sed -e 's|^SHA1 Fingerprint=||'
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Use this SHA1 to obtain the passphraphse for this certificate's private key from:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Keychain Access.app> System> Search for this SHA1>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Double-click "Mac OS X Server certificate management"> Show password
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 1. Create a secure storage for this passphrase and desctrypted key:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# $ sudo mkdir -p @PREFIX@/etc/certificates/private
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# $ sudo chmod 0700 @PREFIX@/etc/certificates/private
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# $ sudo vi @PREFIX@/etc/certificates/private/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.key.pem.passphrase /etc/certificates/private
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# $ sudo chmod -R go-rwx @PREFIX@/etc/certificates/private
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# `ssl_key_password` wasn't working on my install, so put the decrypted key in @PREFIX@/etc/certificates/private
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# $ sudo openssl rsa -in /etc/certificates/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.key.pem -out @PREFIX@/etc/certificates/private/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.key.pem.decrypted -passin file:@PREFIX@/etc/certificates/private/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.key.pem.passphrase
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# $ sudo chmod -R go-rwx @PREFIX@/etc/certificates/private
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 2. Link to the existing TLS chain.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# $ sudo ln -s /etc/certificates/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.cert.pem @PREFIX@/etc/certificates
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# $ sudo ln -s /etc/certificates/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.key.pem @PREFIX@/etc/certificates
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# $ sudo ln -s /etc/certificates/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.chain.pem @PREFIX@/etc/certificates
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# $ sudo ln -s /etc/certificates/@host@.@domain@.@tld@.@CERTIFICATE_SHA1@.concat.pem @PREFIX@/etc/certificates
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 3. Confirm restricted permissions:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# $ ls -l @PREFIX@/etc/certificates
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# $ sudo ls -l @PREFIX@/etc/certificates/private
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 4. Finally, reconfigure dovecot's conf.d/10-ssl.conf, postfix's master.cf,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# and, if installed, calendar-contacts-server's proxy nginx.conf:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# $ sudo vi @PREFIX@/etc/dovecot/conf.d/10-ssl.conf
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# $ sudo vi @PREFIX@/etc/postfix/main.cf
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# $ sudo vi @PREFIX@/var/calendarserver/Library/CalendarServer/etc/nginx.conf
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span> http {
include @PREFIX@/etc/nginx/mime.types;
default_type application/octet-stream;
</pre><pre style='margin:0'>
</pre>