<pre style='margin:0'>
Perry E. Metzger (pmetzger) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/03886da07fe636bd2c398bc98b14372d1d2f55a2">https://github.com/macports/macports-ports/commit/03886da07fe636bd2c398bc98b14372d1d2f55a2</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'> new 03886da07fe calendar-contacts-server: Update notes.
</span>03886da07fe is described below
<span style='display:block; white-space:pre;color:#808000;'>commit 03886da07fe636bd2c398bc98b14372d1d2f55a2
</span>Author: Steven Thomas Smith <s.t.smith@ieee.org>
AuthorDate: Mon Nov 21 08:02:30 2022 -0500
<span style='display:block; white-space:pre;color:#404040;'> calendar-contacts-server: Update notes.
</span>---
net/calendar-contacts-server/Portfile | 98 +++++++++++++++++++----------------
1 file changed, 54 insertions(+), 44 deletions(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/calendar-contacts-server/Portfile b/net/calendar-contacts-server/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index 61087525c11..a6480db7edc 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/net/calendar-contacts-server/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/calendar-contacts-server/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -19,14 +19,14 @@ license Apache-2
</span>
description Apple Calendar and Contacts Server configuration
<span style='display:block; white-space:pre;background:#ffe0e0;'>-long_description ccs-calendarserver is a standards-compliant server \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- implementing the CalDAV and CardDAV protocols, \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- including iMIP and APNS. It provides a shared \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- location on the network allowing multiple users to \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- store and edit calendaring and contact \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- information. This port provides a basic, working, \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- easily modifiable configuration, previously used \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- in macOS Server.app, and an nginx reverse proxy to \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+long_description ccs-calendarserver is a standards-compliant server\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ implementing the CalDAV and CardDAV protocols,\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ including iMIP and APNS. It provides a shared\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ location on the network allowing multiple users to\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ store and edit calendaring and contact\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ information. This port provides a basic, working,\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ easily modifiable configuration, previously used\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ in macOS Server.app, and an nginx reverse proxy to\
</span> handle modern crypto and isolate the backend server.
homepage https://www.calendarserver.org
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -494,14 +494,14 @@ post-deactivate {
</span> delete ${calendarserverpackage}
}
<span style='display:block; white-space:pre;background:#ffe0e0;'>-notes "Apple Calendar and Contacts Server is a standards-compliant \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-server implementing the CalDAV and CardDAV protocols. Full \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-deployment requires a working mail server, DNS configuration on both the \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-LAN and the internet, including SPF and DKIM records, trusted TLS \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+notes "Apple Calendar and Contacts Server is a standards-compliant\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+server implementing the CalDAV and CardDAV protocols. Full\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+deployment requires a working mail server, DNS configuration on both the\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+LAN and the internet, including SPF and DKIM records, trusted TLS\
</span> certificates, port forwarding, possibly a mail relay, and more.
<span style='display:block; white-space:pre;background:#ffe0e0;'>-Users must reconfigure this installation for their own system, network, \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-and security model specifics by editing all necessary files and checking \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Users must reconfigure this installation for their own system, network,\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+and security model specifics by editing all necessary files and checking\
</span> file permissions. A subset of these settings are visible in the files:
port contents calendar-contacts-server
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -519,8 +519,8 @@ These are the locations and network settings for the default configuration:
</span> Personal data (note, outside ${prefix}):
/var/calendarserver/Library/CalendarServer/Data
<span style='display:block; white-space:pre;background:#ffe0e0;'>-A working Calendar and Contacts Server will allow local account \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-authentication at these web pages (ports 8008 and 8800 are \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+A working Calendar and Contacts Server will allow local account\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+authentication at these web pages (ports 8008 and 8800 are\
</span> unencrypted):
http://${fullhost}:8008
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -528,8 +528,8 @@ unencrypted):
</span> http://${fullhost}:8800
https://${fullhost}:8843
<span style='display:block; white-space:pre;background:#ffe0e0;'>-TLS certificate updates must be included in calendar-contacts-server's \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-proxy nginx.conf and, if installed, mail-server dovecot's conf.d/10-ssl.conf, \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+TLS certificate updates must be included in calendar-contacts-server's\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+proxy nginx.conf and, if installed, mail-server dovecot's conf.d/10-ssl.conf,\
</span> and postfix's master.cf. Instructions are included as comments in:
sudo vi ${prefix}/var/calendarserver/Library/CalendarServer/etc/nginx.conf
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -549,20 +549,30 @@ Known issues:
</span>
security find-generic-password -a calendarserver@${fullhost} -g
<span style='display:block; white-space:pre;background:#ffe0e0;'>- This is a hack to provide twistedcaldav authentication access. See: \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ If this Keychain item is missing, it must be added with a\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ corresponding password for the calendarserver user:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sudo /usr/bin/security add-generic-password \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -a calendarserver@${fullhost} \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -s org.calendarserver -T /usr/bin/security \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -w 'a-strong-passphrase' \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -A /Library/Keychains/System.keychain
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sudo dscl . passwd /Users/calendarserver 'a-strong-passphrase'
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ This is a hack to provide twistedcaldav authentication access. See:\
</span> https://github.com/apple/ccs-calendarserver/blob/master/twistedcaldav/util.py \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- An alternate approach must be used if non-trusted local accounts \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ An alternate approach must be used if non-trusted local accounts\
</span> exist on the Calendar and Contacts Server.
* The CalendarServer service does not reliably start after reboot,
presumably due to an issue with launchd. A workaround
after rebooting is to issue the commands:
<span style='display:block; white-space:pre;background:#ffe0e0;'>- sudo port unload calendar-contacts-server ; sleep 5 ; \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sudo port unload calendar-contacts-server ; sleep 5 ;\\
</span> sudo port load calendar-contacts-server
<span style='display:block; white-space:pre;background:#ffe0e0;'>- * The package ccs-calendarserver is written in Python 2.7, which will \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- reach the end of its life on January 1st, 2020. A future version of \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ * The package ccs-calendarserver is written in Python 2.7, which will\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ reach the end of its life on January 1st, 2020. A future version of\
</span> pip will drop support for Python 2.7."
if { [variant_isset "initialize_always"] } {
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -571,8 +581,8 @@ if { [variant_isset "initialize_always"] } {
</span> notes-append ""
}
notes-append \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- "The variant +initialize_always is set, which initializes \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- all configuration files. Please disable this variant for \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "The variant +initialize_always is set, which initializes\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ all configuration files. Please disable this variant for\
</span> working deployments."
}
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -583,30 +593,30 @@ variant apns \
</span> notes-append ""
}
notes-append \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- "Calendar and Contacts Server may be configured to use \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "Calendar and Contacts Server may be configured to use\
</span> Apple Push Notification Service (APNS) with these steps:
<span style='display:block; white-space:pre;background:#ffe0e0;'>- 1. Acquire APNS Mail certificates from a (virtual) macOS \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- High Sierra 10.13 and Server.app version 5.6. Export \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- the APNS certificates and keys from the Keychain into the \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- files com.apple.servermgrd.apns.calendar.cer and \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- com.apple.servermgrd.apns.calendar.key.p12. APNS certificates \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- appear separately with names APSP:<UUID> that correspond to the \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- certificate's User ID field, com.apple.calendar.XServer.<UUID>. \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- APNS keys are simply named com.apple.servermgrd.apns.calendar. \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- Repeat for the certificate com.apple.servermgrd.apns.contact.cer \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- and key com.apple.servermgrd.apns.contact.key.p12. \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- *Note*: APNS Mail certificate creation is deprecated on \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 1. Acquire APNS Mail certificates from a (virtual) macOS\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ High Sierra 10.13 and Server.app version 5.6. Export\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ the APNS certificates and keys from the Keychain into the\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ files com.apple.servermgrd.apns.calendar.cer and\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ com.apple.servermgrd.apns.calendar.key.p12. APNS certificates\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ appear separately with names APSP:<UUID> that correspond to the\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ certificate's User ID field, com.apple.calendar.XServer.<UUID>.\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ APNS keys are simply named com.apple.servermgrd.apns.calendar.\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Repeat for the certificate com.apple.servermgrd.apns.contact.cer\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ and key com.apple.servermgrd.apns.contact.key.p12.\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ *Note*: APNS Mail certificate creation is deprecated on\
</span> Server.app version 5.7+.
<span style='display:block; white-space:pre;background:#ffe0e0;'>- 1. Acquire APNS Mail certificates from a (virtual) macOS \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- High Sierra 10.13 and Server.app version 5.6. Export \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- the certificates from the Keychain into the files \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- com.apple.servermgrd.apns.calendar.p12 and \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- com.apple.servermgrd.apns.contact.p12. *Note*: APNS Mail \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 1. Acquire APNS Mail certificates from a (virtual) macOS\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ High Sierra 10.13 and Server.app version 5.6. Export\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ the certificates from the Keychain into the files\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ com.apple.servermgrd.apns.calendar.p12 and\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ com.apple.servermgrd.apns.contact.p12. *Note*: APNS Mail\
</span> certificate creation is deprecated on Server.app version 5.7\+.
<span style='display:block; white-space:pre;background:#ffe0e0;'>- 2. Convert the APNS Mail certificates to cert, key, and chain PEM files, \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 2. Convert the APNS Mail certificates to cert, key, and chain PEM files,\
</span> all named \"apns:com.apple.*.pem\":
openssl x509 -inform der -in com.apple.servermgrd.apns.calendar.cer \\
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -661,7 +671,7 @@ variant apns \
</span> sudo bash -c 'cd ${calendarserverdir}/Library/CalendarServer/Config/Certificates \; \\
for f in com.apple.*.pem\; do mv -f \"\${f}\" \"apns:\${f}\"\; done'
<span style='display:block; white-space:pre;background:#ffe0e0;'>- 3. Configure calendarserver for APNS by uncommenting this block in \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 3. Configure calendarserver for APNS by uncommenting this block in\
</span> the file ${calendarserverdir}/Library/CalendarServer/Config/calendarserver.plist:
<key>Notifications</key>
</pre><pre style='margin:0'>
</pre>