Index | Thread | Search

From:
Stuart Henderson <stu@spacehopper.org>
Subject:
Re: [new] security/certspotter 0.16.0
To:
Renaud Allard <renaud@allard.it>
Cc:
ports@openbsd.org
Date:
Wed, 14 Feb 2024 14:28:57 +0000

Download raw body.

Thread 
On 2024/02/14 15:04, Renaud Allard wrote:
> 
> 
> On 2/14/24 14:43, Ian Darwin wrote:
> > On 2/14/24 07:07, Stuart Henderson wrote:
> > > ooof, this uses a *lot* of bandwidth!
> > > 
> >  From the man page:
> > 
> > > -start_at_end
> > > 
> > > : Start monitoring logs from the end rather than the beginning.
> > > 
> > > |**WARNING**: monitoring from the beginning guarantees detection of
> > > all certificates, but requires downloading hundreds of millions of
> > > certificates, which takes days. |
> 
> Whatever one you choose, it will need to build its database and that takes
> days. I don't remember exactly how much time it took, but that was in the
> one week range or so.
> After it has downloaded every cert, it will be somewhat quiet.

How about this so at least we do give some kind of warning?
I added the docs in while there.


Index: Makefile
===================================================================
RCS file: /cvs/ports/security/certspotter/Makefile,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 Makefile
--- Makefile	13 Feb 2024 11:57:52 -0000	1.1.1.1
+++ Makefile	14 Feb 2024 14:28:01 -0000
@@ -4,6 +4,7 @@ ONLY_FOR_ARCHS = aarch64 amd64 mips64 ri
 COMMENT =       Certificate Transparency log monitor
 
 V =		0.16.0
+REVISION =	0
 MODGO_MODNAME =	software.sslmate.com/src/certspotter
 MODGO_VERSION =	v${V}
 
@@ -21,6 +22,10 @@ PERMIT_PACKAGE =        Yes
 MODULES =	lang/go
 
 WANTLIB +=	c pthread
+
+post-install:
+	${INSTALL_DATA_DIR} ${PREFIX}/share/doc/certspotter
+	${INSTALL_DATA} ${WRKSRC}/*.md ${PREFIX}/share/doc/certspotter
 
 .include "modules.inc"
 .include <bsd.port.mk>
Index: pkg/DESCR
===================================================================
RCS file: /cvs/ports/security/certspotter/pkg/DESCR,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 DESCR
--- pkg/DESCR	13 Feb 2024 11:57:52 -0000	1.1.1.1
+++ pkg/DESCR	14 Feb 2024 14:28:01 -0000
@@ -14,3 +14,6 @@ You can use Cert Spotter to detect:
   authority and want to impersonate your site.
 - Certificates issued in violation of your corporate policy or outside
   of your centralized certificate procurement process.
+
+N.B. Cert Spotter fetches the entire set of CT logs, using a large
+amount of bandwidth while doing so, possibly for a week or more.
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/security/certspotter/pkg/PLIST,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 PLIST
--- pkg/PLIST	13 Feb 2024 11:57:52 -0000	1.1.1.1
+++ pkg/PLIST	14 Feb 2024 14:28:01 -0000
@@ -11,4 +11,7 @@
 @mode
 @owner
 @group
+share/doc/certspotter/
+share/doc/certspotter/CHANGELOG.md
+share/doc/certspotter/README.md
 share/doc/pkg-readmes/${PKGSTEM}