Renaud Allard wrote (2023-10-25 09:46 CEST): > Hello, > > Here is a new port for certspotter. This needs a change in user.list for the > daemon user. > Tested on amd64. > > Cert Spotter is a Certificate Transparency log monitor from SSLMate that > alerts you when an SSL/TLS certificate is issued for one of your domains. > Cert Spotter is easier to use than other open source CT monitors, since it > does not require a database. It's also more robust, since it uses a special > certificate parser that ensures it won't miss certificates. > > You can use Cert Spotter to detect: > > Certificates issued to attackers who have compromised your DNS and are > redirecting your visitors to their malicious site. > Certificates issued to attackers who have taken over an abandoned > sub-domain in order to serve malware under your name. > Certificates issued to attackers who have compromised a certificate > authority and want to impersonate your site. > Certificates issued in violation of your corporate policy or outside of > your centralized certificate procurement process. > > Best Regards
On the first look: $ portcheck trailing whitespace in pkg/README missing share/doc/pkg-readmes/${PKGSTEM} in PLIST $ make port-lib-depends-check Missing: c.97 (/usr/local/bin/submitct) (system lib) Missing: pthread.27 (/usr/local/bin/submitct) (system lib) WANTLIB += c pthread In pkg/README, the {LOCALSTATEDIR} is missing a $. Why are you moving the watchlist to ${LOCALSTATEDIR}/certspotter, while everything else goes into ${LOCALSTATEDIR}/certspotter/.certspotter? I see that not all files can be moved. There's only -watchlist and -state-dir, which is not enough to move everything. For simplicity sake, I'd just let all files reside in ${LOCALSTATEDIR}/certspotter/.certspotter/ Best regards, Stefan