step-ca is a private certificate authority and ACME server.
Description:
step-ca is an online certificate authority for secure, automated certificate
management. It's the server counterpart to the step CLI tool.
You can use it to:
- Issue X.509 certificates for your internal infrastructure:
- HTTPS certificates that work in browsers (RFC5280 and CA/Browser Forum
compliance)
- TLS certificates for VMs, containers, APIs, mobile clients, database
connections, printers, wifi networks, toaster ovens...
- Client certificates to enable mutual TLS (mTLS) in your infra. mTLS is an
optional feature in TLS where both client and server authenticate each
other. Why add the complexity of a VPN when you can safely use mTLS over
the public internet?
- Issue SSH certificates:
- For people, in exchange for single sign-on ID tokens
- For hosts, in exchange for cloud instance identity documents
- Easily automate certificate management:
- It's an ACME v2 server
- It has a JSON API
- It comes with a Go wrapper
- ... and there's a command-line client you can use in scripts!
OK sthen@
The ring-v0.16.20 crate (latest) only builds on a handful of archs.
Work seems to be ongoing upstream to add support for more architectures.
ok semarie@
supply chain. It does so by verifying that each task in the chain
is carried out as planned, by authorized personnel only, and that
the product is not tampered with in transit.
from George Rosamond
ok sthen
files were dropped (mostly entry_points.txt) or .egg-info files changed
to directories. Small patches were needed where some other build systems
were calling Python tools to install due to changes in setuptools.
Messy patching needed for games/0ad which bundles a spidermonkey tar of
a specific version and patches it using files in its own distribution.
Been through a bulk on i386, plus I tested a few things separately on
amd64 where fallout from the recent qscintilla update has broken some ports
on !LP64 which was blocking them on i386.
gawk hidden dep spotted in phessler's aarch64 bulk build, json-c noticed
after Makefile scrutiny.
Zap the LibreSSL copy so that we know it starts being built instead
using the system libs.
ok tb@ jmatthew@ (maintainer)
Both ports dlopen(3) opensc-pkcs11.so, but since this unversioned library
is not registered in WANTLIB, LIB_DEPENDS += security/opensc won't be
turned into a RNU_DEPENDS and thus remains a mere BUILD_DEPENDS.
Turn LIB_ into BUILD_ + RUN_DEPENDS to match reality.
Noticed on a fresh install.
Default configuration requires at least 267 FD; that will leave us some margin.
While here, remove the _clamav user from the daemon class.
ok sthen (maintainer)
sops is a tool for managing secrets
Description:
sops is an editor of encrypted files that supports YAML, JSON, ENV, INI and
BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, age, and
PGP.
OK sdk@
