Merge branch 'stable14' of https://github.com/sadsoldier/ports12 into stable14

crypto/lego/Makefile

@@ -0,0 +1,19 @@
+PORTNAME=	lego
+DISTVERSIONPREFIX=	v
+DISTVERSION=	4.25.2
+CATEGORIES=	security
+
+MAINTAINER=	matt@matthoran.com
+COMMENT=	Let's Encrypt client and ACME library written in Go
+WWW=		https://github.com/go-acme/lego
+
+
+#RUN_DEPENDS=	${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss
+
+USES=		go:modules
+GO_MODULE=	github.com/go-acme/lego/v4
+GO_TARGET=	./cmd/lego
+GO_BUILDFLAGS=	-ldflags '-X "main.version=${DISTVERSION}"'
+
+
+.include <bsd.port.mk>

crypto/lego/distinfo

@@ -0,0 +1,5 @@
+TIMESTAMP = 1754576407
+SHA256 (go/security_lego/lego-v4.25.2/v4.25.2.mod) = d4a62b1d418a18edeb1389150c8d2b6726ce7dd8fb4b4f17958562a5e0136884
+SIZE (go/security_lego/lego-v4.25.2/v4.25.2.mod) = 10758
+SHA256 (go/security_lego/lego-v4.25.2/v4.25.2.zip) = ecf3cd5c1056d13a6a0d7f841834df8492c7a0877d4934cfade0dbdddfc6d551
+SIZE (go/security_lego/lego-v4.25.2/v4.25.2.zip) = 1562189

crypto/lego/files/604.lego.in

@@ -0,0 +1,32 @@
+#!/bin/sh
+
+if [ -r /etc/defaults/periodic.conf ]
+then
+    . /etc/defaults/periodic.conf
+    source_periodic_confs
+fi
+
+PATH=$PATH:%%LOCALBASE%%/bin:%%LOCALBASE%%/sbin
+export PATH
+
+case "$weekly_lego_enable" in
+    [Yy][Ee][Ss])
+	echo
+	echo "Checking Let's Encrypt certificate status:"
+
+	if [ -x "$weekly_lego_renewscript" ] ; then
+		echo "$weekly_lego_renewscript" | su -fm _lego || exit 3
+	fi
+
+	if [ -n "$weekly_lego_deployscript" ] ; then
+		if [ -x "$weekly_lego_deployscript" ] ; then
+			echo "Deploying Let's Encrypt certificates:"
+			$weekly_lego_deployscript || exit 3
+		else
+			echo 'Skipped, deploy script does not exist or is not executable'
+		fi
+	fi
+	;;
+    *)
+        ;;
+esac

crypto/lego/files/deploy.sh.sample.in

@@ -0,0 +1,30 @@
+#!/bin/sh -e
+
+SSLDIR="%%PREFIX%%/etc/ssl"
+
+copy_certs () {
+  local certdir certfile domain keyfile rc
+  rc=1
+
+  certdir="${SSLDIR}/lego/certificates"
+  certfiles="$(find "${certdir}" -name "*.crt" -not -name "*.issuer.crt")"
+  for certfile in $certfiles
+  do
+    domain="$(basename "$certfile" .crt)"
+    keyfile="$(dirname "$certfile")/${domain}.key"
+
+    if ! cmp -s "${certfile}" "${SSLDIR}/certs/${domain}.crt"
+    then
+      cp "${certfile}" "${SSLDIR}/certs/${domain}.crt"
+      cp "${keyfile}" "${SSLDIR}/private/${domain}.key"
+      rc=0
+    fi
+  done
+
+  return $rc
+}
+
+if copy_certs
+then
+  output=$(service nginx reload 2>&1) || (echo "$output" && exit 1)
+fi

crypto/lego/files/lego.sh.sample.in

@@ -0,0 +1,40 @@
+#!/bin/sh -e
+
+# Email used for registration and recovery contact.
+EMAIL=""
+
+BASEDIR="%%ETCDIR%%"
+SSLDIR="%%PREFIX%%/etc/ssl/lego"
+DOMAINSFILE="${BASEDIR}/domains.txt"
+
+if [ -z "${EMAIL}" ]; then
+	echo "Please set EMAIL to a valid address in ${BASEDIR}/lego.sh"
+	exit 1
+fi
+
+if [ ! -e "${DOMAINSFILE}" ]; then
+	echo "Please create ${DOMAINSFILE} as specified in ${BASEDIR}/lego.sh"
+	exit 1
+fi
+
+if [ "$1" = "run" ]; then
+	command="run"
+else
+	command="renew --days 30"
+fi
+
+run_or_renew() {
+	%%PREFIX%%/bin/lego --path "${SSLDIR}" \
+		--email="${EMAIL}" \
+		$(printf -- "--domains=%s " $line) \
+		--http --http.webroot="%%WWWDIR%%" \
+		$1
+}
+
+while read line <&3; do
+	if [ "$command" = "run" ]; then
+		run_or_renew "$command"
+	else
+		output=$(run_or_renew "$command") || (echo "$output" && exit 1)
+	fi
+done 3<"${DOMAINSFILE}"

crypto/lego/files/pkg-message.in

@@ -0,0 +1,47 @@
+[
+{ type: install
+  message: <<EOM
+There are sample scripts in
+    %%ETCDIR%%
+that you can use for renewing and deploying certificates.
+
+In order to run the script regularly to update the certificates add this line
+to /etc/periodic.conf:
+
+    weekly_lego_enable="YES"
+
+Additionally the following parameters may be added to /etc/periodic.conf:
+
+Script to run to renew certificates, will be run as %%LEGO_USER%% (required)
+    weekly_lego_renewscript="%%ETCDIR%%/lego.sh"
+
+To run a script after the renewal to deploy certificates
+    weekly_lego_deployscript="%%ETCDIR%%/deploy.sh"
+
+Note that the deploy script is provided as a sample and may need to be modified
+for your environment. The script will attempt to deploy certificates to
+    %%ETCDIR%%/ssl/certs
+and private keys to
+    %%ETCDIR%%/ssl/private.
+The script also tries to restart nginx.
+
+If using the sample renew script, add the domains for which lego will manage
+certificates to
+    %%ETCDIR%%/domains.txt, one domain on each line.
+
+To add a Subject Alternate Name to the certificate, append the domain(s) to the
+line:
+    example.com www.example.com
+
+To run lego for the first time, edit
+    %%ETCDIR%%/lego.sh
+and set the EMAIL variable.
+
+Then run lego.sh with the run argument as the %%LEGO_USER%% user:
+    $ %%ETCDIR%%/lego.sh run
+
+Subsequent periodic runs will run with the renew argument by default, with a
+renewal interval of 30 days.
+EOM
+}
+]

crypto/lego/pkg-descr

@@ -0,0 +1,2 @@
+lego is a client for Let's Encrypt users, written in Go. It has support for a
+number of ACME challenges, and no external dependencies.

crypto/lego/pkg-plist

@@ -0,0 +1 @@
+bin/lego

devel/gitea/Makefile

@@ -0,0 +1,78 @@
+PORTNAME=	gitea
+DISTVERSIONPREFIX=	v
+DISTVERSION=	1.24.6 #1.19.2
+CATEGORIES=	www
+MASTER_SITES+=	https://github.com/go-gitea/gitea/releases/download/${DISTVERSIONPREFIX}${DISTVERSION}/
+MASTER_SITES+=	https://dl.gitea.io/gitea/${DISTVERSION}/
+DISTNAME=	gitea-src-${DISTVERSION}
+
+MAINTAINER=	stb@lassitu.de
+COMMENT=	Compact self-hosted Git service
+WWW=		https://gitea.io/en-US/
+
+RUN_DEPENDS=	git:devel/git
+
+USES=		gmake go:no_targets
+
+EXTRACT_AFTER_ARGS=	--strip-components 1 # since 1.17.0, archive includes gitea-src-VERSION directory
+SUB_FILES+=	app.ini.sample
+SUB_LIST+=	GITUSER=${USERS}
+
+NO_WRKSUBDIR=	yes
+
+GO_TAGS+=bindata
+GO_TAGS+=sqlite sqlite_unlock_notify
+
+.include <bsd.port.options.mk>
+
+SSP_UNSAFE=	true
+MAKE_ENV=	LDFLAGS="${LDFLAGS} ${EXTRA_LDFLAGS}"
+MAKE_ARGS=	GOPATH=${WRKDIR} TAGS="${GO_TAGS}"
+ALL_TARGET=	backend
+MAKE_JOBS_UNSAFE=	yes
+
+LDFLAGS+=	"'-X "code.gitea.io/gitea/modules/setting.CustomPath=${PREFIX}/etc/gitea"'"
+LDFLAGS+=	"'-X "code.gitea.io/gitea/modules/setting.AppWorkPath=${PREFIX}/share/gitea"'"
+MAKE_ARGS=	GOPATH=${WRKDIR} TAGS="${GO_TAGS}" GOFLAGS="-buildvcs=false"
+
+
+PKGDEINSTALL=	${WRKDIR}/pkg-deinstall
+PKGINSTALL=	${WRKDIR}/pkg-install
+PKGMESSAGE=	${WRKDIR}/pkg-message
+USE_RC_SUBR=	gitea
+
+SUB_FILES+= pkg-install pkg-deinstall
+
+GITEA_OWNER=	gitea
+GITEA_GROUP=	gitea
+GITEA_OWNER_ID=	197
+GITEA_GROUP_ID=	197
+
+
+GITEA_LOGDIR=	/var/log/gitea
+GITEA_DBDIR=	/var/db/gitea
+GITEA_RUNDIR=	/var/run/gitea
+
+SUB_LIST+= GITEA_OWNER=${GITEA_OWNER}
+SUB_LIST+= GITEA_GROUP=${GITEA_GROUP}
+SUB_LIST+= GITEA_OWNER_ID=${GITEA_OWNER_ID}
+SUB_LIST+= GITEA_GROUP_ID=${GITEA_GROUP_ID}
+
+SUB_LIST+= GITEA_LOGDIR="${GITEA_LOGDIR}"
+SUB_LIST+= GITEA_DBDIR="${GITEA_DBDIR}"
+SUB_LIST+= GITEA_RUNDIR="${GITEA_RUNDIR}"
+
+
+post-patch:
+	${ECHO_CMD} ${DISTVERSION} >${WRKSRC}/VERSION
+
+do-install:
+	${INSTALL_SCRIPT} ${WRKSRC}/gitea ${STAGEDIR}${PREFIX}/sbin
+	${MKDIR} ${STAGEDIR}${ETCDIR}/conf
+	${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
+	${INSTALL_DATA} ${WRKDIR}/app.ini.sample ${STAGEDIR}${EXAMPLESDIR}/app.ini.sample
+
+#do-install:
+#	cd ${WRKSRC} && ${COPYTREE_SHARE} "options public templates" ${STAGEDIR}${DATADIR}
+
+.include <bsd.port.mk>

devel/gitea/distinfo

@@ -0,0 +1,3 @@
+TIMESTAMP = 1759474970
+SHA256 (gitea-src-1.24.6.tar.gz) = 92ed113cb30687d734a0cc93a29e95227fdab7977020cfda0a5db72b6ca6c12b
+SIZE (gitea-src-1.24.6.tar.gz) = 51738660

devel/gitea/files/app.ini.sample.in

@@ -0,0 +1,93 @@
+#
+# Sample Configuration for Gitea using SQLite
+#
+# For information on the available settings, consult the online
+# documentation, or see the accompanying file app.ini.defaults, which
+# contains the settings incorporated into the gitea binary.
+#
+# This sample configuration runs Gitea with a local database.  Before
+# running this configuration, make sure to change the INTERNAL_TOKEN,
+# JWT_SECRET, and SECRET_KEY variables.  SECRET_KEY is a password of your
+# choosing, INTERNAL_TOKEN is a 64-byte random number in BASE64 encoding,
+# JWT_SECRET is a 32-byte random number in BASE64 encoding.
+# 
+# You can generate the token using for example:
+#   openssl rand -base64 64
+# 
+# You can let Gitea add these to the config for you; you need to make
+# app.ini writeable by the git user.
+#
+# There are no pre-configured users; the first user to register becomes an
+# admin.  In this sample configuration, the HTTP server only listens on
+# localhost.
+#
+# If you'd rather use the web-based installer, remove this conf/app.ini file
+# and make %%PREFIX%%/etc/gitea/conf writeable to the git user.
+
+APP_NAME = Gitea: Git with a cup of tea
+RUN_USER = %%GITUSER%%
+RUN_MODE = prod
+
+[database]
+DB_TYPE  = sqlite3
+HOST     = 127.0.0.1:3306
+NAME     = gitea
+PASSWD   = 
+PATH     = /var/db/gitea/gitea.db
+SSL_MODE = disable
+USER     = root
+
+[indexer]
+ISSUE_INDEXER_PATH = /var/db/gitea/indexers/issues.bleve
+
+[log]
+ROOT_PATH = /var/log/gitea
+MODE      = file
+LEVEL     = Info
+
+[mailer]
+ENABLED = false
+
+[oauth2]
+JWT_SECRET = D56bmu6xCtEKs9vKKgMKnsa4X9FDwo64HVyaS4fQ4mY
+
+[picture]
+AVATAR_UPLOAD_PATH      = /var/db/gitea/data/avatars
+DISABLE_GRAVATAR        = false
+ENABLE_FEDERATED_AVATAR = false
+
+[repository]
+ROOT = /var/db/gitea/gitea-repositories
+# Gitea's default is 'bash', so if you have bash installed, you can comment
+# this out.
+SCRIPT_TYPE = sh
+
+[repository.upload]
+TEMP_PATH = /var/db/gitea/data/tmp/uploads
+
+[security]
+INSTALL_LOCK = true
+INTERNAL_TOKEN = 1FFhAklka01JhgJTRUrFujWYiv4ijqcTIfXJ9o4n1fWxz+XVQdXhrqDTlsnD7fvz7gugdhgkx0FY2Lx6IBdPQw==
+SECRET_KEY   = ChangeMeBeforeRunning
+
+[session]
+PROVIDER = file
+PROVIDER_CONFIG = /var/db/gitea/data/sessions
+
+[server]
+DOMAIN       = localhost
+HTTP_ADDR    = 127.0.0.1
+HTTP_PORT    = 3000
+ROOT_URL     = http://localhost:3000/
+DISABLE_SSH  = false
+SSH_DOMAIN   = %(DOMAIN)s
+SSH_PORT     = 22
+OFFLINE_MODE = false
+APP_DATA_PATH = /var/db/gitea/data
+
+[service]
+REGISTER_EMAIL_CONFIRM = false
+ENABLE_NOTIFY_MAIL     = false
+DISABLE_REGISTRATION   = false
+ENABLE_CAPTCHA         = true
+REQUIRE_SIGNIN_VIEW    = false

devel/gitea/files/gitea.in

@@ -0,0 +1,51 @@
+#!/bin/sh
+
+# PROVIDE: gitea
+# REQUIRE: NETWORKING SYSLOG
+# KEYWORD: shutdown
+#
+# Add the following lines to /etc/rc.conf to enable gitea:
+#
+#gitea_enable="YES"
+
+. /etc/rc.subr
+
+name="gitea"
+rcvar="gitea_enable"
+
+load_rc_config $name
+
+: ${gitea_user:="%%GITEA_OWNER%%"}
+: ${gitea_enable:="NO"}
+: ${gitea_facility:="daemon"}
+: ${gitea_priority:="debug"}
+: ${gitea_shared:="%%PREFIX%%/share/${name}"}
+: ${gitea_custom:="%%PREFIX%%/etc/${name}"}
+
+command="%%PREFIX%%/sbin/${name} web"
+procname="%%PREFIX%%/sbin/${name}"
+githome="$(eval echo ~${gitea_user})"
+
+pidfile="/var/run/${name}.pid"
+
+start_cmd="${name}_start"
+
+gitea_start() {
+	for d in /var/db/gitea /var/log/gitea; do
+		if [ ! -e "$d" ]; then
+			mkdir "$d"
+			chown ${gitea_user} "$d"
+		fi
+	done
+	/usr/sbin/daemon -S -l ${gitea_facility} -s ${gitea_priority} -T ${name} \
+		-u ${gitea_user} -p ${pidfile} \
+		/usr/bin/env -i \
+		"GITEA_WORK_DIR=${gitea_shared}" \
+		"GITEA_CUSTOM=${gitea_custom}" \
+		"HOME=${githome}" \
+		"PATH=%%PREFIX%%/bin:${PATH}" \
+		"USER=${gitea_user}" \
+		$command
+}
+
+run_rc_command "$1"

devel/gitea/files/pkg-deinstall.in

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+
+exit 0
+#EOF

devel/gitea/files/pkg-install.in

@@ -0,0 +1,33 @@
+#!/bin/sh
+
+set -x
+
+GITEA_LOGDIR="%%GITEA_LOGDIR%%"
+GITEA_DBDIR="%%GITEA_DBDIR%%"
+GITEA_RUNDIR="%%GITEA_RUNDIR%%"
+
+GROUP="%%GITEA_GROUP%%"
+OWNER="%%GITEA_OWNER%%"
+
+GROUP_ID="%%GITEA_GROUP_ID%%"
+OWNER_ID="%%GITEA_OWNER_ID%%"
+
+PKG_HOME="/home/gitea"
+
+case $2 in 
+    PRE-INSTALL)
+	pw group add ${GROUP} -g ${GROUP_ID}
+	pw user add ${OWNER} -u ${OWNER_ID} -g ${GROUP} \
+	  -d ${PKG_HOME} -s "/bin/sh" -c "gitea"
+	pw group mod ${GROUP} -M ${OWNER}
+	pw group show ${GROUP} 
+	pw user show ${OWNER}
+
+	install -d -o ${OWNER} -g ${GROUP} -m 0750 ${GITEA_DBDIR}
+	install -d -o ${OWNER} -g ${GROUP} -m 0750 ${GITEA_LOGDIR}
+	install -d -o ${OWNER} -g ${GROUP} -m 0750 ${GITEA_RUNDIR}
+	;;
+    POST-INSTALL)
+	;;
+esac
+#EOF

devel/gitea/pkg-descr

@@ -0,0 +1,4 @@
+A self-hosted Git service.
+
+Gitea is a community managed fork of Gogs, lightweight code hosting solution
+written in Go and published under the MIT license.

devel/gitea/pkg-message

@@ -0,0 +1,30 @@
+[
+{ type: upgrade
+  maximum_version: 1.7.6
+  message: <<EOM
+When upgrading from Gitea 1.7 or earlier, Gitea requires the addition of
+another secret to the config file in order to start up.  Either manually add
+JWT_SECRET to the ${PREFIX}/etc/gitea/conf/app.ini config file (see
+app.ini.sample), or allow Gitea to make the change for you by making the
+config file writable to the git user.
+EOM
+}
+{ type: upgrade
+  maximum_version: 1.15.0
+  message: <<EOM
+Some config file options have been changed in Gitea 1.15. Please refer to
+the documentation at https://docs.gitea.io/en-us/customizing-gitea/ and
+the release notes.
+EOM
+}
+{ type: upgrade
+  maximum_version: 1.15.1
+  message: <<EOM
+We remind users that a bug was discovered with gitea dump in 1.14.3–1.14.6
+and 1.15.0.  Database dumps from these versions cause broken fields in the
+repo_unit and login_source tables causing the issue identified in #16961.
+Users on 1.14.x must upgrade to 1.14.7 before running gitea dump.  See the
+release notes for more information.
+EOM
+}
+]

devel/gitea/pkg-plist

@@ -0,0 +1,3 @@
+sbin/gitea
+share/examples/gitea/app.ini.sample
+@dir share/examples/gitea