<pre style='margin:0'>
Christopher Nielsen (mascguy) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/05467904286f8eb5bbb3de1c5494f81c4a1cc311">https://github.com/macports/macports-ports/commit/05467904286f8eb5bbb3de1c5494f81c4a1cc311</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'> new 05467904286 adblock2privoxy: Update to version 2.1.0, add https_inspection, bugfixes
</span>05467904286 is described below
<span style='display:block; white-space:pre;color:#808000;'>commit 05467904286f8eb5bbb3de1c5494f81c4a1cc311
</span>Author: Steven Thomas Smith <s.t.smith@ieee.org>
AuthorDate: Sat Dec 11 21:11:13 2021 -0500
<span style='display:block; white-space:pre;color:#404040;'> adblock2privoxy: Update to version 2.1.0, add https_inspection, bugfixes
</span>---
www/adblock2privoxy/Portfile | 403 ++++++++++++++++++---
www/adblock2privoxy/files/nginx.conf | 28 +-
www/adblock2privoxy/files/openssl.cnf | 229 ++++++++++++
.../files/private.myserver.launchctl-setenv.plist | 16 +
4 files changed, 630 insertions(+), 46 deletions(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/www/adblock2privoxy/Portfile b/www/adblock2privoxy/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index 41d64970c3e..7b134154772 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/www/adblock2privoxy/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/www/adblock2privoxy/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -4,13 +4,11 @@ PortSystem 1.0
</span> PortGroup haskell_stack 1.0
name adblock2privoxy
<span style='display:block; white-space:pre;background:#ffe0e0;'>-version 2.0.2
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+version 2.1.0
</span> revision 0
categories www haskell
maintainers {ieee.org:s.t.smith @essandess} openmaintainer
license GPL-3
<span style='display:block; white-space:pre;background:#ffe0e0;'>-platforms macosx
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-homepage https://github.com/essandess/adblock2privoxy
</span>
description Convert adblock config files to privoxy format
long_description {*}${description}. \
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -33,11 +31,13 @@ long_description {*}${description}. \
</span> elemhide, other, popup, third-party, domain=..., \
match-case, donottrack.
<span style='display:block; white-space:pre;background:#e0ffe0;'>+homepage https://github.com/essandess/adblock2privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span> master_sites https://hackage.haskell.org/package/${name}-${version}
<span style='display:block; white-space:pre;background:#ffe0e0;'>-checksums rmd160 cd58a6b4603dcdce6b5e4014c4fcdd3d6c32753d \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- sha256 c3f90360945df6e2e1fd86b491f980b4621b114020ecfc2220e295db57069c4e \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- size 42133
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+checksums rmd160 da82eb5ece0f97b9ebf3ec97f6631f45d4bb30c5 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sha256 1c5ac2cb54cc9fd336a5ece50a8acbfaee13281ffe8c3a9d8c8b8b44f5859e70 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ size 42526
</span>
depends_run-append \
port:nginx \
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -45,19 +45,23 @@ depends_run-append \
</span> port:wget
variant initialize_always \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- description {Always initialize all configuration files. Intended \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- for development and troubleshooting only. Working deployments \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- must disable this variant to prevent configuration files \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- being overwritten at the next upgrade. Existing configuration \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ description {Always initialize all configuration files. Intended\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ for development and troubleshooting only. Working deployments\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ must disable this variant to prevent configuration files\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ being overwritten at the next upgrade. Existing configuration\
</span> files are not overwritten by default.} {
<span style='display:block; white-space:pre;background:#ffe0e0;'>- ui_warn \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- "
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-\tAll configuration files will be initialized because
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-\tthe variant +initialize_always is set. Please disable
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-\tthis variant for working deployments.
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ pre-fetch {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ui_warn \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "All configuration files will be initialized because\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ the variant +initialize_always is set. Please disable\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ this variant for working deployments."
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span> }
<span style='display:block; white-space:pre;background:#e0ffe0;'>+# use domain or ip with port, e.g. 127.0.0.1:8119
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set adblock2privoxy_css_server \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 127.0.0.1:8119
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span> # relative paths to ${prefix}
set ab2p_datadir share/${name}
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -90,7 +94,7 @@ post-extract {
</span> }
post-destroot {
<span style='display:block; white-space:pre;background:#ffe0e0;'>- xinstall -m 0755 -d \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -d \
</span> ${destroot}${prefix}/share/${name}/templates \
${destroot}${prefix}/etc/${name} \
${destroot}${prefix}/etc/${name}/privoxy \
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -115,37 +119,329 @@ post-destroot {
</span> ${destroot}${prefix}/etc/${name}/css/default.html.macports
reinplace "s|@PREFIX@|${prefix}|g" \
${destroot}${prefix}/etc/${name}/nginx.conf.macports
<span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0644 -W ${filespath} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ private.myserver.launchctl-setenv.plist \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${prefix}/share/${name}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set tls_ca_dir ${prefix}/etc/${name}/ca.macports
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set tls_cert_dir ${prefix}/etc/${name}/certs
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+variant https_inspection \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ description {HTTPS CSS Server for use with 'privoxy +https_inspection'.} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ depends_build-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ port:sf-pwgen
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ depends_lib-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ path:bin/openssl:openssl
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # random 4-word-based passphrase
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ proc correct_horse_battery_staple {} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # ignore errors from sf-pwgen if the password is shorter than requested
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set passphrase \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ [join [exec sh -c "sf-pwgen \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ --algorithm memorable --count 2 --length 16 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 2>/dev/null || true"] -]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # set random passphrase if sf-pwgen's is too short for some reason
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {[string length ${passphrase}] < 20} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set passphrase \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ [exec sh -c "openssl rand -base64 23 2>/dev/null \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ | sed 's|=*\$||' || true"]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ return ${passphrase}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ post-destroot {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # TLS Root CA configuration
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0770 -d ${destroot}${tls_cert_dir}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0700 -d ${destroot}${tls_ca_dir}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ destroot.keepdirs-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${tls_cert_dir}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0644 -W ${filespath} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl.cnf \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${tls_ca_dir}/openssl.cnf.macports
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ pre-activate {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { [file exists ${tls_ca_dir}] } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ delete ${tls_ca_dir}.previous
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ move ${tls_ca_dir} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_ca_dir}.previous
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ post-activate {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ foreach f [list \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_ca_dir}/openssl.cnf \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ] {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { [variant_isset "initialize_always"]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ && [file exists ${f}]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ delete ${f}.previous
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ move \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${f} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${f}.previous
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { [variant_isset "initialize_always"]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ || ![file exists ${f}]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { [file isfile ${f}.macports] } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0644 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${f}.macports \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${f}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # CA passphrase
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # generate a strong password, use for openssl -passin and -passout
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set tls_ca_passphrase \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ [correct_horse_battery_staple]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set tls_ca_passphrase_fd \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ [open ${tls_ca_dir}/passphrase.txt w 0600]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # -passin or -passout
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ puts ${tls_ca_passphrase_fd} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_ca_passphrase}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # -passout
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ puts ${tls_ca_passphrase_fd} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_ca_passphrase}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ close ${tls_ca_passphrase_fd}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # create the root CA
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ system -W ${tls_ca_dir} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "sh <<ADBLOCK2PRIVOXY_PKI
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # initialize
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ touch index.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ echo 1000 > serial
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # CA encrypted key
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # EC
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl genpkey -out ca.key.pem -algorithm EC \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -pkeyopt ec_paramgen_curve:P-384 -aes256 \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -pass file:passphrase.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # RSA
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # openssl genpkey -out ca.key.pem -algorithm RSA \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # -pkeyopt rsa_keygen_bits:2048 -aes256 \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # -passout file:passphrase.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ chmod go-rw ca.key.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # CA certificate
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl req -config openssl.cnf \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -new -x509 -days 1460 -sha256 \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -extensions v3_ca \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -out ca.cert.pem -key ca.key.pem \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -passin file:passphrase.txt -batch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # CA certificate openssl self-verification
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl verify -CAfile ca.cert.pem ca.cert.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Convert to .cer DER and .p12 for other uses
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl x509 -outform der -in ca.cert.pem -out ca.cer
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl pkcs12 -export -out ca.p12 \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -inkey ca.key.pem -in ca.cert.pem \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -passin file:passphrase.txt \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -passout file:passphrase.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # verify .p12 passphrase
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl pkcs12 -noout -in ca.p12 -passin file:passphrase.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Server certificates
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Server certificate encrypted key and decrypted key
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl genpkey -out adblock2privoxy-nginx.key.pem \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -algorithm EC -pkeyopt ec_paramgen_curve:P-384 -aes256 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -pass file:passphrase.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl ec -in adblock2privoxy-nginx.key.pem \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -passin file:passphrase.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -out adblock2privoxy-nginx.key.pem.decrypted
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ chmod go-rwx adblock2privoxy-nginx.key.pem.decrypted
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Server certificate CSR
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl req -config openssl.cnf -new -sha256 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -extensions server_cert -key adblock2privoxy-nginx.key.pem \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -passin file:passphrase.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -out adblock2privoxy-nginx.csr.pem -batch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Server certificate (825 days maximum validity)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # https://support.apple.com/en-us/HT210176
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl ca -config openssl.cnf -days 825 -notext -md sha256 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -extensions server_cert -in adblock2privoxy-nginx.csr.pem \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -out adblock2privoxy-nginx.cert.pem \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -passin file:passphrase.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -subj '/CN=adblock2privoxy-nginx' -batch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Server certificate chain of trust
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ cat adblock2privoxy-nginx.cert.pem ca.cert.pem \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ > adblock2privoxy-nginx.chain.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Server certificate and chain validity
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl verify -CAfile ca.cert.pem adblock2privoxy-nginx.cert.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl verify -CAfile ca.cert.pem adblock2privoxy-nginx.chain.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ADBLOCK2PRIVOXY_PKI
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { ![file exists ${tls_cert_dir}/adblock2privoxy-nginx.cert.pem]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ || ![file exists ${tls_cert_dir}/adblock2privoxy-nginx.key.pem.decrypted]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0664 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_ca_dir}/ca.cert.pem \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_cert_dir}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0664 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_ca_dir}/ca.key.pem \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_cert_dir}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0600 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_ca_dir}/passphrase.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_cert_dir}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0664 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_ca_dir}/adblock2privoxy-nginx.cert.pem \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_cert_dir}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0664 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_ca_dir}/adblock2privoxy-nginx.chain.pem \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_cert_dir}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0664 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_ca_dir}/adblock2privoxy-nginx.key.pem \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_cert_dir}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0600 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_ca_dir}/adblock2privoxy-nginx.key.pem.decrypted \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_cert_dir}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { ![file exists ${tls_cert_dir}/dhparam.pem]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ system -W ${tls_ca_dir} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "sh <<ADBLOCK2PRIVOXY_DH
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # DH params
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl dhparam -out dhparam.pem 2048
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ADBLOCK2PRIVOXY_DH
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0664 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_ca_dir}/dhparam.pem \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_cert_dir}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { ![file exists ${tls_cert_dir}/openssl.cnf]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0664 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_ca_dir}/openssl.cnf \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_cert_dir}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # check adblock2privoxy-nginx certificate validity
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # 30 days = 2592000 seconds
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ post-activate {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set ab2p_cert_valid [exec /bin/sh -c \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "if openssl x509 -checkend 2592000 -noout \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -in \"${tls_cert_dir}/adblock2privoxy-nginx.cert.pem\" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 1>/dev/null 2>&1; \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ then echo 'WONT_EXPIRE'; \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ else echo 'WILL_EXPIRE'; fi"]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {[string trim ${ab2p_cert_valid}] ne {WONT_EXPIRE}} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ui_warn "Certificate ${tls_cert_dir}/adblock2privoxy-nginx.cert.pem expired or will expire within 30 days."
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ notes-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "Configure adblock2privoxy PKI by creating a\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ certificate from e.g. Privoxy's certificate authority (CA). As sudo:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Example, more likely use ${prefix}/etc/privoxy/CA
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ cp -R ${prefix}/etc/privoxy/ca.macports ca.adblock2privoxy && cd ca.adblock2privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ cp ${tls_cert_dir}/openssl.cnf .
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # edit openssl.cnf for your local organizationName, commonName, etc.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # initialize
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ touch index.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ echo 1000 > serial
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Server certificates
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Server certificate encrypted key and decrypted key
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl genpkey -out adblock2privoxy-nginx.key.pem \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -algorithm EC -pkeyopt ec_paramgen_curve:P-384 -aes256 \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -pass file:passphrase.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl ec -in adblock2privoxy-nginx.key.pem \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -passin file:passphrase.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -out adblock2privoxy-nginx.key.pem.decrypted
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ chmod go-rwx adblock2privoxy-nginx.key.pem.decrypted
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Server certificate CSR
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl req -config openssl.cnf -new -sha256 \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -extensions server_cert -key adblock2privoxy-nginx.key.pem \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -passin file:passphrase.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -out adblock2privoxy-nginx.csr.pem -batch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Server certificate (825 days maximum validity)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # https://support.apple.com/en-us/HT210176
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl ca -config openssl.cnf -days 825 -notext -md sha256 \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -extensions server_cert -in adblock2privoxy-nginx.csr.pem \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -out adblock2privoxy-nginx.cert.pem \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -passin file:passphrase.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -subj '/CN=adblock2privoxy-nginx' -batch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Server certificate chain of trust
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ cat adblock2privoxy-nginx.cert.pem ca.cert.pem \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ > adblock2privoxy-nginx.chain.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Server certificate and chain validity
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl verify -CAfile ca.cert.pem adblock2privoxy-nginx.cert.pemw
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl verify -CAfile ca.cert.pem adblock2privoxy-nginx.chain.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Install the adblock2privoxy PKI
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ cp -p ca.key.pem ca.cert.pem passphrase.pem \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ adblock2privoxy-nginx.cert.pem adblock2privoxy-nginx.chain.pem \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ adblock2privoxy-nginx.key.pem adblock2privoxy-nginx.key.pem.decrypted \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${tls_cert_dir}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+default_variants-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ +https_inspection
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# default: empty flag
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set ab2p_use_http_flag \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ {}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+if { ![variant_isset "https_inspection"] } {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set ab2p_use_http_flag \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ {-u}
</span> }
startupitem.create yes
startupitems \
name ${name} \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- start "\"( IFS=\$'\\\\n' ADBLOCK2PRIVOXY_BLOCKLIST=(\$(grep -v -e '^ *#' < \${prefix}/etc/${name}/adblock2privoxy_blocklist.txt \\\\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-\t\t| while read -r t; do if wget --max-redirect=0 -S --spider \$t 2>&1 | grep -q 'HTTP/1.1 200 OK'; then echo \$t; fi done)); \\\\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-\t/bin/test -f \\\"\${prefix}/etc/adblock2privoxy/privoxy/ab2p.task\\\" \\\\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-\t&& \\\"\${prefix}/bin/adblock2privoxy\\\" -t \\\"\${prefix}/etc/adblock2privoxy/privoxy/ab2p.task\\\" \\\\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-\t|| \\\"\${prefix}/bin/adblock2privoxy\\\" -p \\\"\${prefix}/etc/adblock2privoxy/privoxy\\\" \\\\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-\t\t-w \\\"\${prefix}/etc/adblock2privoxy/css\\\" \\\\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-\t\t-d 127.0.0.1:8119 \\\\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-\t\t\\\"\${ADBLOCK2PRIVOXY_BLOCKLIST\[@]}\\\" \\\\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-\t) && \\\"\${prefix}/bin/port\\\" reload privoxy\"" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ init "ADBLOCK2PRIVOXY_CSS_SERVER=\"\${ADBLOCK2PRIVOXY_CSS_SERVER:-${adblock2privoxy_css_server}}\"" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ start [list "( IFS=\$'\\n' ADBLOCK2PRIVOXY_BLOCKLIST=(\$(grep -v -e '^ *#' < \${prefix}/etc/${name}/adblock2privoxy_blocklist.txt \\" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "\t| while read -r t; do if \"\${prefix}/bin/wget\" --max-redirect=0 -S --spider \"\${t}\" 2>&1 | grep -q 'HTTP/1.1 200 OK'; then echo \"\${t}\"; fi done)); \\" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "/bin/test -f \"\${prefix}/etc/adblock2privoxy/privoxy/ab2p.task\" \\" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "&& \"\${prefix}/bin/adblock2privoxy\" -t \"\${prefix}/etc/adblock2privoxy/privoxy/ab2p.task\" \\" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "|| \"\${prefix}/bin/adblock2privoxy\" -p \"\${prefix}/etc/adblock2privoxy/privoxy\" \\" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "\t-w \"\${prefix}/etc/adblock2privoxy/css\" \\" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "\t-d \${ADBLOCK2PRIVOXY_CSS_SERVER} ${ab2p_use_http_flag} \\" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "\t\"\${ADBLOCK2PRIVOXY_BLOCKLIST\[@]}\" \\" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ") && \"\${prefix}/bin/port\" reload privoxy" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ] \
</span> stop "\"/usr/bin/kill -SIGUSR1 \\\"\$(/usr/bin/pgrep -u root ${name})\\\" 2>/dev/null\"" \
pidfile none
startupitems-append \
name ${name}-nginx \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- init "\"pidfile=\\\"\${prefix}/var/run/nginx/nginx-adblock2privoxy.pid\\\"\"" \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- start "\"\\\"\${prefix}/sbin/nginx\\\" \\\\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-\t\t-c \\\\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-\t\t\\\"\${prefix}/etc/${name}/nginx.conf\\\" \\\\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-\t\t-g \\\\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-\t\t\\\"daemon off;\\\"\"" \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- stop "\"if \[ -f \${pidfile} \]; then
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-\t\t/usr/bin/kill \\\"\$(cat \${pidfile})\\\" \\\\
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-\t\t\t&& /bin/rm -f \${pidfile} ;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-\telse
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-\t\t/usr/bin/kill -SIGUSR1 \\\"\$(/usr/bin/pgrep -u root nginx)\\\" 2>/dev/null ;
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-\tfi\""
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ init "pidfile=\"\${prefix}/var/run/nginx/nginx-adblock2privoxy.pid\"" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ start [list "\"\${prefix}/sbin/nginx\" \\" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "\t-c \\" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "\t\"\${prefix}/etc/${name}/nginx.conf\" \\" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "\t-g \"daemon off;\"" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ stop [list "if \[ -f \"\${pidfile}\" \]; then" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "\t/usr/bin/kill \"\$(cat \"\${pidfile}\")\" \\" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "\t\t&& /bin/rm -f \"\${pidfile}\" ;" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "else" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "\t/usr/bin/kill -SIGUSR1 \"\$(/usr/bin/pgrep -u root nginx)\" 2>/dev/null ;" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "fi" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ]
</span>
post-activate {
# org.macports.adblock2privoxy
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -161,6 +457,10 @@ post-activate {
</span> <integer>30</integer>\\
</dict>\\
</array>\\
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>StandardErrorPath</key>\\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>${prefix}/var/log/${name}.log</string>\\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>StandardOutPath</key>\\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>${prefix}/var/log/${name}.log</string>\\
</span> &|" \
${prefix}/etc/${startupitem.location}/org.macports.${name}/org.macports.${name}.plist
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -189,22 +489,35 @@ post-activate {
</span> }
}
<span style='display:block; white-space:pre;background:#ffe0e0;'>-notes "After initial installation, it is necessary to kickstart this launch daemon, \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+notes "\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+After initial installation, it is necessary to kickstart this launch daemon,\
</span> which does not run at load:
<span style='display:block; white-space:pre;background:#ffe0e0;'>-sudo launchctl kickstart -k system/org.macports.adblock2privoxy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sudo launchctl kickstart -k system/org.macports.adblock2privoxy
</span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>-The blocklist URLs are specified in the file
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+The blocklist URLs are specified in the file\
</span> ${prefix}/etc/${name}/adblock2privoxy_blocklist.txt.
Example production run:
<span style='display:block; white-space:pre;background:#ffe0e0;'>-adblock2privoxy -p ${prefix}/etc/adblock2privoxy/privoxy -w ${prefix}/etc/adblock2privoxy/css -d 127.0.0.1:8119 \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ adblock2privoxy -p ${prefix}/etc/adblock2privoxy/privoxy -w ${prefix}/etc/adblock2privoxy/css -d ${adblock2privoxy_css_server} \\
</span> \$(< ${prefix}/etc/${name}/adblock2privoxy_blocklist.txt)
Update run:
<span style='display:block; white-space:pre;background:#ffe0e0;'>-adblock2privoxy -t ${prefix}/etc/adblock2privoxy/privoxy/ab2p.task"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ adblock2privoxy -t ${prefix}/etc/adblock2privoxy/privoxy/ab2p.task
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+The CSS web server domain name or IP address is specified by the\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+environment variables (with default values):
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \${ADBLOCK2PRIVOXY_CSS_SERVER:-${adblock2privoxy_css_server}}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+To change site-specific launchd environment variables,\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+use the launchd plist:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/share/${name}/private.myserver.launchctl-setenv.plist
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+"
</span>
if { [variant_isset "initialize_always"] } {
if {[exists notes]} {
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -212,7 +525,7 @@ if { [variant_isset "initialize_always"] } {
</span> notes-append ""
}
notes-append \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- "The variant +initialize_always is set, which initializes \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- all configuration files. Please disable this variant for \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "The variant +initialize_always is set, which initializes\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ all configuration files. Please disable this variant for\
</span> working deployments."
}
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/www/adblock2privoxy/files/nginx.conf b/www/adblock2privoxy/files/nginx.conf
</span><span style='display:block; white-space:pre;color:#808080;'>index 556eeefad65..c4bf3cef36f 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/www/adblock2privoxy/files/nginx.conf
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/www/adblock2privoxy/files/nginx.conf
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -23,14 +23,40 @@ http {
</span> #ab2p css domain name (optional, should be equal to --domainCSS parameter)
server_name localhost;
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ ssl on;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ssl_certificate @PREFIX@/etc/adblock2privoxy/certs/adblock2privoxy-nginx.chain.pem;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ssl_certificate_key @PREFIX@/etc/adblock2privoxy/certs/adblock2privoxy-nginx.key.pem.decrypted;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # use modern crypto
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # https://ssl-config.mozilla.org
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ssl_protocols TLSv1.3;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ssl_prefer_server_ciphers on;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ssl_dhparam @PREFIX@/etc/adblock2privoxy/certs/dhparam.pem;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ssl_ciphers TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:EECDH+AESGCM:EDH+AESGCM;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ssl_ecdh_curve secp384r1;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ssl_session_timeout 180m;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ssl_session_cache shared:SSL:20m;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ssl_session_tickets off;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # comply with Content Security policy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ add_header Content-Type "text/css";
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ add_header X-Content-Type-Options nosniff;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span> #root = --webDir parameter value
root @PREFIX@/etc/adblock2privoxy/css;
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ # If useHTTP is set:
</span> # Ensure that http://localhost:8119/ is a legitimate (200 return code)
# default page; use as iOS proxy.pac blackhole
# Test with curl -I --proxy http://127.0.0.1:8119 http://www.foo.com/bar?q=snafoo
location / {
<span style='display:block; white-space:pre;background:#ffe0e0;'>- rewrite ^ /default.html break;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ return 301 http://$server_name:$server_port/@blackhole?;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # rewrite ^ /default.html break;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ location ~ ^/@blackhole {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ default_type text/html;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ return 200 "<!DOCTYPE html>\n<html>\n<head>\n<meta charset='utf-8'>\n</head>\n<body>\n<p><a href=\"https://github.com/essandess/adblock2privoxy\">adblock2privoxy</a> blackhole 🕳</p>\n</body>\n</html>\n";
</span> }
location ~ ^/+(ab2p(?:\.common)?\.css) {
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/www/adblock2privoxy/files/openssl.cnf b/www/adblock2privoxy/files/openssl.cnf
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 00000000000..52ee6ac669e
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/www/adblock2privoxy/files/openssl.cnf
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,229 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Commands to create Privoxy Root CA certificate
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Clean start
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# rm ca.* index.txt* serial*
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+##################
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# CA
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+##################
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Privoxy Root CA
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# mkdir certs && cd certs
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# touch index.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# echo 1000 > serial
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# CA certificate encrypted key passphrase, both -passin and -passout
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# sf-pwgen --algorithm memorable --count 2 --length 24 2>/dev/null | paste -s -d -- '-' \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# 1>passphrase.txt || true
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# if [ $(head -1 passphrase.txt | wc -c) < 20 ]; then openssl rand -base64 23 1>passphrase.txt 2>/dev/null; fi
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# cat passphrase.txt passphrase.txt > passphrase-dbl.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# && mv passphrase-dbl.txt passphrase.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# || rm -f passphrase-dbl.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# chmod go-rwx passphrase.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# CA encrypted key
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# EC
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl genpkey -out ca.key.pem -algorithm EC \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# -pkeyopt ec_paramgen_curve:P-256 -aes256 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# -pass file:passphrase.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# RSA
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# # openssl genpkey -out ca.key.pem -algorithm RSA \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# # -pkeyopt rsa_keygen_bits:2048 -aes256 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# # -pass file:passphrase.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# CA certificate
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl req -config openssl.cnf \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# -new -x509 -days 3650 -sha256 -extensions v3_ca -out certs/ca.cert.pem \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# -key ca.key.pem -passin file:passphrase.txt -batch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# CA certificate text verification
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl x509 -text -noout -in ca.cert.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# CA certificate openssl self-verification
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl verify -CAfile ca.cert.pem ca.cert.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# CA convert to PKCS12
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Note: `man openssl`: "If the same pathname
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# argument is supplied to -passin and -passout arguments then the
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# first line will be used for the input password and the next line
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# for the output password."
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl pkcs12 -export -out ca.p12 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# -inkey ca.key.pem -in ca.cert.pem \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# -passin file:passphrase.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# -passout file:passphrase.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# verify .p12 passphrase
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl pkcs12 -noout -in ca.p12 -passin file:passphrase.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+######################
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Server certificates
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+######################
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Clean and prepare directory for new certificates
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# rm serial* 01.pem index.txt ; echo 01 > serial ; touch index.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Server certificate encrypted key and decrypted key
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl genpkey -out adblock2privoxy-nginx.key.pem \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# -algorithm EC -pkeyopt ec_paramgen_curve:P-384 -aes256 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# -pass file:passphrase.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl ec -in adblock2privoxy-nginx.key.pem -passin file:passphrase.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# -out adblock2privoxy-nginx.key.pem.decrypted
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# chmod go-rwx adblock2privoxy-nginx.key.pem.decrypted
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Server certificate CSR
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl req -config openssl.cnf -new -sha256 -extensions server_cert \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# -key adblock2privoxy-nginx.key.pem -passin file:passphrase.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# -out adblock2privoxy-nginx.csr.pem -batch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Server certificate (825 days maximum validity)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# https://support.apple.com/en-us/HT210176
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl ca -config openssl.cnf -days 825 -notext -md sha256 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# -extensions server_cert -in adblock2privoxy-nginx.csr.pem \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# -out adblock2privoxy-nginx.cert.pem -passin file:passphrase.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# -subj '/CN=adblock2privoxy-nginx' -batch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Server certificate chain of trust
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# cat adblock2privoxy-nginx.cert.pem ca.cert.pem > adblock2privoxy-nginx.chain.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Server certificate text
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl x509 -in adblock2privoxy-nginx.cert.pem -text -noout
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Server certificate and chain validity
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl verify -CAfile ca.cert.pem adblock2privoxy-nginx.cert.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl verify -CAfile ca.cert.pem adblock2privoxy-nginx.chain.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# DH params
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl dhparam -out dhparam.pem 2048
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+[ca]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+default_ca = CA_default
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+[ CA_default ]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Directory and file locations.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+dir = .
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+certs = $dir
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+crl_dir = $dir
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+new_certs_dir = $dir
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+database = $dir/index.txt
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+serial = $dir/serial
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+RANDFILE = $dir/.rand
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# The root key and root certificate.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+private_key = $dir/ca.key.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+certificate = $dir/ca.cert.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# For certificate revocation lists.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+crlnumber = $dir/crlnumber
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+crl = $dir/ca.crl.pem
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+crl_extensions = crl_ext
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+default_crl_days = 30
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# SHA-1 is deprecated, so use SHA-2 instead.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+default_md = sha256
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+name_opt = ca_default
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+cert_opt = ca_default
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+default_days = 825
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+preserve = no
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+policy = policy_strict
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+[ policy_strict ]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# The root CA should only sign intermediate certificates that match.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# See the POLICY FORMAT section of `man ca`.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+countryName = optional
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+stateOrProvinceName = optional
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+organizationName = optional
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+organizationalUnitName = optional
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+commonName = supplied
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+emailAddress = optional
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+[ policy_loose ]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Allow the intermediate CA to sign a more diverse range of certificates.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# See the POLICY FORMAT section of the `ca` man page.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+countryName = optional
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+stateOrProvinceName = optional
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+localityName = optional
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+organizationName = optional
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+organizationalUnitName = optional
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+commonName = optional
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+emailAddress = optional
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+[req]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Options for the `req` tool (`man req`).
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# default_bits = 4096
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+default_bits = 2048
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+distinguished_name = req_distinguished_name
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+string_mask = utf8only
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# SHA-1 is deprecated, so use SHA-2 instead.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+default_md = sha256
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+[req_distinguished_name]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+countryName = US
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+countryName_default = US
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+countryName_min = 2
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+countryName_max = 2
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+stateOrProvinceName = Massachusetts
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+stateOrProvinceName_default = Massachusetts
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+localityName = Boston
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+localityName_default = Boston
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+0.organizationName = MacPorts
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+0.organizationName_default = MacPorts
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+organizationalUnitName = adblock2privoxy-nginx
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+commonName = adblock2privoxy-nginx
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+commonName_default = adblock2privoxy-nginx
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+commonName_max = 64
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+emailAddress = macports-users@lists.macports.org
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+emailAddress_max = 40
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+[ v3_ca ]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Extensions for a typical CA (`man x509v3_config`).
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+subjectKeyIdentifier = hash
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+authorityKeyIdentifier = keyid:always, issuer
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+basicConstraints = critical, CA:true
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+[ v3_intermediate_ca ]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Extensions for a typical intermediate CA (`man x509v3_config`).
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+subjectKeyIdentifier = hash
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+#authorityKeyIdentifier = keyid:always, issuer
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+basicConstraints = critical, CA:true, pathlen:0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+keyUsage = critical, digitalSignature, cRLSign, keyCertSign
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+[ usr_cert ]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Extensions for client certificates (`man x509v3_config`).
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+basicConstraints = CA:FALSE
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+subjectKeyIdentifier = hash
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+authorityKeyIdentifier = keyid, issuer
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+extendedKeyUsage = clientAuth, emailProtection
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+[ server_cert ]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Extensions for server certificates (`man x509v3_config`).
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+basicConstraints = CA:FALSE
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+keyUsage = critical, digitalSignature, keyEncipherment
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+extendedKeyUsage = critical, serverAuth
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+subjectKeyIdentifier = hash
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+authorityKeyIdentifier = keyid, issuer:always
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+subjectAltName = DNS:localhost, IP:127.0.0.1
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+[ crl_ext ]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Extension for CRLs (`man x509v3_config`).
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+authorityKeyIdentifier=keyid:always
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+[ ocsp ]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Extension for OCSP signing certificates (`man ocsp`).
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+basicConstraints = CA:FALSE
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+subjectKeyIdentifier = hash
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+authorityKeyIdentifier = keyid, issuer
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+keyUsage = critical, digitalSignature
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+extendedKeyUsage = critical, OCSPSigning
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+[ smime ]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+subjectAltName = critical, email:copy
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+extendedKeyUsage = critical, emailProtection
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git a/www/adblock2privoxy/files/private.myserver.launchctl-setenv.plist b/www/adblock2privoxy/files/private.myserver.launchctl-setenv.plist
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 00000000000..9519d18b4fc
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/www/adblock2privoxy/files/private.myserver.launchctl-setenv.plist
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,16 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+<?xml version="1.0" encoding="UTF-8"?>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+<plist version="1.0">
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+<dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Label</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>private.myserver.launchctl-setenv</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>ProgramArguments</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>/bin/bash</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>-c</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>/bin/launchctl setenv ADBLOCK2PRIVOXY_CSS_SERVER 10.0.1.3:8119</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>RunAtLoad</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+</dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+</plist>
</span></pre><pre style='margin:0'>
</pre>