Renaud Allard wrote (2023-10-25 09:46 CEST):
> Hello,
>
> Here is a new port for certspotter. This needs a change in user.list for the
> daemon user.
> Tested on amd64.
>
> Cert Spotter is a Certificate Transparency log monitor from SSLMate that
> alerts you when an SSL/TLS certificate is issued for one of your domains.
> Cert Spotter is easier to use than other open source CT monitors, since it
> does not require a database. It's also more robust, since it uses a special
> certificate parser that ensures it won't miss certificates.
>
> You can use Cert Spotter to detect:
>
> Certificates issued to attackers who have compromised your DNS and are
> redirecting your visitors to their malicious site.
> Certificates issued to attackers who have taken over an abandoned
> sub-domain in order to serve malware under your name.
> Certificates issued to attackers who have compromised a certificate
> authority and want to impersonate your site.
> Certificates issued in violation of your corporate policy or outside of
> your centralized certificate procurement process.
>
> Best Regards
On the first look:
$ portcheck
trailing whitespace in pkg/README
missing share/doc/pkg-readmes/${PKGSTEM} in PLIST
$ make port-lib-depends-check
Missing: c.97 (/usr/local/bin/submitct) (system lib)
Missing: pthread.27 (/usr/local/bin/submitct) (system lib)
WANTLIB += c pthread
In pkg/README, the {LOCALSTATEDIR} is missing a $.
Why are you moving the watchlist to ${LOCALSTATEDIR}/certspotter,
while everything else goes into ${LOCALSTATEDIR}/certspotter/.certspotter?
I see that not all files can be moved. There's only -watchlist and -state-dir,
which is not enough to move everything.
For simplicity sake, I'd just let all files reside in
${LOCALSTATEDIR}/certspotter/.certspotter/
Best regards,
Stefan
