[prev in list] [next in list] [prev in thread] [next in thread]
List: macports-changes
Subject: [macports-ports] branch master updated: adblock2privoxy: Update to version 2.1.0, add https_inspecti
From: Steve Smith via macports-changes <macports-changes () lists ! macports ! org>
Date: 2021-12-12 20:42:56
Message-ID: 163934178534.30992.8599174195226516338 () braeburn ! macports ! org
[Download RAW message or body]
<pre style='margin:0'>
Christopher Nielsen (mascguy) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/05467904286f8eb5bbb3de1c \
5494f81c4a1cc311">https://github.com/macports/macports-ports/commit/05467904286f8eb5bbb3de1c5494f81c4a1cc311</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were \
added to refs/heads/master by this push: <span style='display:block; \
white-space:pre;color:#404040;'> new 05467904286 adblock2privoxy: Update to \
version 2.1.0, add https_inspection, bugfixes </span>05467904286 is described below
<span style='display:block; white-space:pre;color:#808000;'>commit \
05467904286f8eb5bbb3de1c5494f81c4a1cc311 </span>Author: Steven Thomas Smith \
<s.t.smith@ieee.org>
AuthorDate: Sat Dec 11 21:11:13 2021 -0500
<span style='display:block; white-space:pre;color:#404040;'> adblock2privoxy: \
Update to version 2.1.0, add https_inspection, bugfixes </span>---
www/adblock2privoxy/Portfile | 403 ++++++++++++++++++---
www/adblock2privoxy/files/nginx.conf | 28 +-
www/adblock2privoxy/files/openssl.cnf | 229 ++++++++++++
.../files/private.myserver.launchctl-setenv.plist | 16 +
4 files changed, 630 insertions(+), 46 deletions(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git \
a/www/adblock2privoxy/Portfile b/www/adblock2privoxy/Portfile </span><span \
style='display:block; white-space:pre;color:#808080;'>index 41d64970c3e..7b134154772 \
100644 </span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- \
a/www/adblock2privoxy/Portfile </span><span style='display:block; \
white-space:pre;background:#e0e0ff;'>+++ b/www/adblock2privoxy/Portfile </span><span \
style='display:block; white-space:pre;background:#e0e0e0;'>@@ -4,13 +4,11 @@ \
PortSystem 1.0 </span> PortGroup haskell_stack 1.0
name adblock2privoxy
<span style='display:block; white-space:pre;background:#ffe0e0;'>-version \
2.0.2 </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+version 2.1.0 </span> revision \
0 categories www haskell
maintainers {ieee.org:s.t.smith @essandess} openmaintainer
license GPL-3
<span style='display:block; white-space:pre;background:#ffe0e0;'>-platforms \
macosx </span><span style='display:block; \
white-space:pre;background:#ffe0e0;'>-homepage \
https://github.com/essandess/adblock2privoxy </span>
description Convert adblock config files to privoxy format
long_description {*}${description}. \
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -33,11 +31,13 @@ \
long_description {*}${description}. \ </span> elemhide, other, \
popup, third-party, domain=..., \ match-case, donottrack.
<span style='display:block; white-space:pre;background:#e0ffe0;'>+homepage \
https://github.com/essandess/adblock2privoxy </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span> master_sites \
https://hackage.haskell.org/package/${name}-${version}
<span style='display:block; white-space:pre;background:#ffe0e0;'>-checksums \
rmd160 cd58a6b4603dcdce6b5e4014c4fcdd3d6c32753d \ </span><span style='display:block; \
white-space:pre;background:#ffe0e0;'>- sha256 \
c3f90360945df6e2e1fd86b491f980b4621b114020ecfc2220e295db57069c4e \ </span><span \
style='display:block; white-space:pre;background:#ffe0e0;'>- size \
42133 </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+checksums rmd160 \
da82eb5ece0f97b9ebf3ec97f6631f45d4bb30c5 \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ sha256 \
1c5ac2cb54cc9fd336a5ece50a8acbfaee13281ffe8c3a9d8c8b8b44f5859e70 \ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ size \
42526 </span>
depends_run-append \
port:nginx \
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -45,19 +45,23 @@ \
depends_run-append \ </span> port:wget
variant initialize_always \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- description \
{Always initialize all configuration files. Intended \ </span><span \
style='display:block; white-space:pre;background:#ffe0e0;'>- for development \
and troubleshooting only. Working deployments \ </span><span style='display:block; \
white-space:pre;background:#ffe0e0;'>- must disable this variant to prevent \
configuration files \ </span><span style='display:block; \
white-space:pre;background:#ffe0e0;'>- being overwritten at the next upgrade. \
Existing configuration \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ description {Always initialize all \
configuration files. Intended\ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ for development and troubleshooting \
only. Working deployments\ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ must disable this variant to prevent \
configuration files\ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ being overwritten at the next upgrade. \
Existing configuration\ </span> files are not overwritten by default.} {
<span style='display:block; white-space:pre;background:#ffe0e0;'>- ui_warn \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- "
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-\tAll \
configuration files will be initialized because </span><span style='display:block; \
white-space:pre;background:#ffe0e0;'>-\tthe variant +initialize_always is set. Please \
disable </span><span style='display:block; \
white-space:pre;background:#ffe0e0;'>-\tthis variant for working deployments. \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
pre-fetch { </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
ui_warn \ </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
"All configuration files will be initialized because\ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ the variant \
+initialize_always is set. Please disable\ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ this variant for working \
deployments." </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ } </span> }
<span style='display:block; white-space:pre;background:#e0ffe0;'>+# use domain or ip \
with port, e.g. 127.0.0.1:8119 </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+set adblock2privoxy_css_server \ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ \
127.0.0.1:8119 </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span> # relative paths to ${prefix}
set ab2p_datadir share/${name}
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -90,7 +94,7 @@ \
post-extract { </span> }
post-destroot {
<span style='display:block; white-space:pre;background:#ffe0e0;'>- xinstall -m \
0755 -d \ </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
xinstall -d \ </span> ${destroot}${prefix}/share/${name}/templates \
${destroot}${prefix}/etc/${name} \
${destroot}${prefix}/etc/${name}/privoxy \
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -115,37 +119,329 \
@@ post-destroot { </span> \
${destroot}${prefix}/etc/${name}/css/default.html.macports reinplace \
"s|@PREFIX@|${prefix}|g" \ ${destroot}${prefix}/etc/${name}/nginx.conf.macports
<span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall \
-m 0644 -W ${filespath} \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ private.myserver.launchctl-setenv.plist \
\ </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
${destroot}${prefix}/share/${name} </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+} </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+set tls_ca_dir \
${prefix}/etc/${name}/ca.macports </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+set tls_cert_dir ${prefix}/etc/${name}/certs \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+variant \
https_inspection \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ description {HTTPS CSS Server for use with \
'privoxy +https_inspection'.} { </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ depends_build-append \ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ \
port:sf-pwgen </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ depends_lib-append \ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ \
path:bin/openssl:openssl </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ # random 4-word-based passphrase \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ proc \
correct_horse_battery_staple {} { </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ # ignore errors from sf-pwgen if the \
password is shorter than requested </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ set passphrase \ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ [join [exec \
sh -c "sf-pwgen \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ --algorithm memorable --count 2 \
--length 16 \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ 2>/dev/null || true"] -] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # \
set random passphrase if sf-pwgen's is too short for some reason </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ if {[string \
length ${passphrase}] < 20} { </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ set passphrase \ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ [exec sh \
-c "openssl rand -base64 23 2>/dev/null \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ | sed 's|=*\$||' || true"] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
return ${passphrase} </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ } </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ post-destroot { </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ # TLS Root CA \
configuration </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ xinstall -m 0770 -d \
${destroot}${tls_cert_dir} </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ xinstall -m 0700 -d \
${destroot}${tls_ca_dir} </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ destroot.keepdirs-append \ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ \
${destroot}${tls_cert_dir} </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ xinstall -m 0644 -W ${filespath} \ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
openssl.cnf \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ \
${destroot}${tls_ca_dir}/openssl.cnf.macports </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ } </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ pre-activate { </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ if { [file exists \
${tls_ca_dir}] } { </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ delete ${tls_ca_dir}.previous \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
move ${tls_ca_dir} \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ ${tls_ca_dir}.previous \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
post-activate { </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ foreach f [list \ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ \
${tls_ca_dir}/openssl.cnf \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ ] { </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ if { \
[variant_isset "initialize_always"] </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ && [file exists ${f}] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
} { </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
delete ${f}.previous </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ move \ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ ${f} \
\ </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
${f}.previous </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ } </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ if { \
[variant_isset "initialize_always"] </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ || ![file exists ${f}] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
} { </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
if { [file isfile ${f}.macports] } { </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ xinstall -m 0644 \ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
${f}.macports \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ ${f} </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ } \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
} </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # CA \
passphrase </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
# generate a strong password, use for openssl -passin and -passout </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ set \
tls_ca_passphrase \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ [correct_horse_battery_staple] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set \
tls_ca_passphrase_fd \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ [open ${tls_ca_dir}/passphrase.txt \
w 0600] </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
# -passin or -passout </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ puts ${tls_ca_passphrase_fd} \ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
${tls_ca_passphrase} </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ # -passout </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ puts \
${tls_ca_passphrase_fd} \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ ${tls_ca_passphrase} </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ close \
${tls_ca_passphrase_fd} </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ # create the root CA </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ system -W \
${tls_ca_dir} \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ "sh <<ADBLOCK2PRIVOXY_PKI \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
# initialize </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ touch index.txt </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ echo 1000 \
> serial </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
# CA encrypted key </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ # EC </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl \
genpkey -out ca.key.pem -algorithm EC \\ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ -pkeyopt \
ec_paramgen_curve:P-384 -aes256 \\ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ -pass file:passphrase.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
# RSA </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
# openssl genpkey -out ca.key.pem -algorithm RSA \\ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ # \
-pkeyopt rsa_keygen_bits:2048 -aes256 \\ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ # -passout file:passphrase.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
chmod go-rw ca.key.pem </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ # CA certificate </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl req \
-config openssl.cnf \\ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ -new -x509 -days 1460 -sha256 \
\\ </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
-extensions v3_ca \\ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ -out ca.cert.pem -key \
ca.key.pem \\ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ -passin file:passphrase.txt \
-batch </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
# CA certificate openssl self-verification </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ openssl verify -CAfile ca.cert.pem \
ca.cert.pem </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
# Convert to .cer DER and .p12 for other uses </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ openssl x509 -outform der -in \
ca.cert.pem -out ca.cer </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ openssl pkcs12 -export -out ca.p12 \
\\ </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
-inkey ca.key.pem -in ca.cert.pem \\ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ -passin file:passphrase.txt \\ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
-passout file:passphrase.txt </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ # verify .p12 passphrase \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
openssl pkcs12 -noout -in ca.p12 -passin file:passphrase.txt </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ # Server \
certificates </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ # Server certificate encrypted key \
and decrypted key </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ openssl genpkey -out \
adblock2privoxy-nginx.key.pem \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ -algorithm EC -pkeyopt \
ec_paramgen_curve:P-384 -aes256 \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ -pass file:passphrase.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
openssl ec -in adblock2privoxy-nginx.key.pem \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ -passin file:passphrase.txt \ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
-out adblock2privoxy-nginx.key.pem.decrypted </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ chmod go-rwx \
adblock2privoxy-nginx.key.pem.decrypted </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ # Server certificate CSR \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
openssl req -config openssl.cnf -new -sha256 \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ -extensions server_cert -key \
adblock2privoxy-nginx.key.pem \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ -passin file:passphrase.txt \ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
-out adblock2privoxy-nginx.csr.pem -batch </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ # Server certificate (825 days \
maximum validity) </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ # \
https://support.apple.com/en-us/HT210176 </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ openssl ca -config openssl.cnf \
-days 825 -notext -md sha256 \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ -extensions server_cert -in \
adblock2privoxy-nginx.csr.pem \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ -out \
adblock2privoxy-nginx.cert.pem \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ -passin file:passphrase.txt \ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
-subj '/CN=adblock2privoxy-nginx' -batch </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ # Server certificate chain of trust \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
cat adblock2privoxy-nginx.cert.pem ca.cert.pem \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ > \
adblock2privoxy-nginx.chain.pem </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ # Server certificate and chain \
validity </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
openssl verify -CAfile ca.cert.pem adblock2privoxy-nginx.cert.pem </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl \
verify -CAfile ca.cert.pem adblock2privoxy-nginx.chain.pem </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ADBLOCK2PRIVOXY_PKI \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { \
![file exists ${tls_cert_dir}/adblock2privoxy-nginx.cert.pem] </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ || ![file \
exists ${tls_cert_dir}/adblock2privoxy-nginx.key.pem.decrypted] </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ } { \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
xinstall -m 0664 \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ ${tls_ca_dir}/ca.cert.pem \ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
${tls_cert_dir} </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ xinstall -m 0664 \ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ \
${tls_ca_dir}/ca.key.pem \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ ${tls_cert_dir} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
xinstall -m 0600 \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ \
${tls_ca_dir}/passphrase.txt \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ ${tls_cert_dir} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
xinstall -m 0664 \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ \
${tls_ca_dir}/adblock2privoxy-nginx.cert.pem \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ ${tls_cert_dir} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
xinstall -m 0664 \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ \
${tls_ca_dir}/adblock2privoxy-nginx.chain.pem \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ ${tls_cert_dir} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
xinstall -m 0664 \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ \
${tls_ca_dir}/adblock2privoxy-nginx.key.pem \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ ${tls_cert_dir} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
xinstall -m 0600 \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ \
${tls_ca_dir}/adblock2privoxy-nginx.key.pem.decrypted \ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ \
${tls_cert_dir} </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ } </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ if { ![file exists \
${tls_cert_dir}/dhparam.pem] </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ } { </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ system -W \
${tls_ca_dir} \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ "sh <<ADBLOCK2PRIVOXY_DH \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
# DH params </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
openssl dhparam -out dhparam.pem 2048 </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ADBLOCK2PRIVOXY_DH </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+" </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m \
0664 \ </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
${tls_ca_dir}/dhparam.pem \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ ${tls_cert_dir} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if { \
![file exists ${tls_cert_dir}/openssl.cnf] </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ } { </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m \
0664 \ </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
${tls_ca_dir}/openssl.cnf \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ ${tls_cert_dir} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # check \
adblock2privoxy-nginx certificate validity </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ # 30 days = 2592000 seconds </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ post-activate { \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set \
ab2p_cert_valid [exec /bin/sh -c \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ "if openssl x509 -checkend 2592000 \
-noout \ </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
-in \"${tls_cert_dir}/adblock2privoxy-nginx.cert.pem\" \ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ \
1>/dev/null 2>&1; \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ then echo 'WONT_EXPIRE'; \ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
else echo 'WILL_EXPIRE'; fi"] </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ if {[string trim ${ab2p_cert_valid}] ne \
{WONT_EXPIRE}} { </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ ui_warn "Certificate \
${tls_cert_dir}/adblock2privoxy-nginx.cert.pem expired or will expire within 30 \
days." </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
} </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
notes-append \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ "Configure adblock2privoxy PKI by \
creating a\ </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
certificate from e.g. Privoxy's certificate authority (CA). As sudo: </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ # Example, more \
likely use ${prefix}/etc/privoxy/CA </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ cp -R ${prefix}/etc/privoxy/ca.macports \
ca.adblock2privoxy && cd ca.adblock2privoxy </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ cp \
${tls_cert_dir}/openssl.cnf . </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ # edit openssl.cnf for your local \
organizationName, commonName, etc. </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ # initialize </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ touch index.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ echo \
1000 > serial </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ # Server certificates </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ # Server \
certificate encrypted key and decrypted key </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ openssl genpkey -out \
adblock2privoxy-nginx.key.pem \\ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ -algorithm EC -pkeyopt \
ec_paramgen_curve:P-384 -aes256 \\ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ -pass file:passphrase.txt \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
openssl ec -in adblock2privoxy-nginx.key.pem \\ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ -passin file:passphrase.txt \ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
-out adblock2privoxy-nginx.key.pem.decrypted </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ chmod go-rwx \
adblock2privoxy-nginx.key.pem.decrypted </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ # Server certificate CSR </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl req \
-config openssl.cnf -new -sha256 \\ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ -extensions server_cert -key \
adblock2privoxy-nginx.key.pem \\ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ -passin file:passphrase.txt \ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
-out adblock2privoxy-nginx.csr.pem -batch </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ # Server certificate (825 days maximum \
validity) </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
# https://support.apple.com/en-us/HT210176 </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ openssl ca -config openssl.cnf -days \
825 -notext -md sha256 \\ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ -extensions server_cert -in \
adblock2privoxy-nginx.csr.pem \\ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ -out adblock2privoxy-nginx.cert.pem \
\\ </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
-passin file:passphrase.txt \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ -subj '/CN=adblock2privoxy-nginx' \
-batch </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # \
Server certificate chain of trust </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ cat adblock2privoxy-nginx.cert.pem \
ca.cert.pem \\ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ > \
adblock2privoxy-nginx.chain.pem </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ # Server certificate and chain validity \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
openssl verify -CAfile ca.cert.pem adblock2privoxy-nginx.cert.pemw </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ openssl verify \
-CAfile ca.cert.pem adblock2privoxy-nginx.chain.pem </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ # Install the \
adblock2privoxy PKI </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ cp -p ca.key.pem ca.cert.pem \
passphrase.pem \\ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ adblock2privoxy-nginx.cert.pem \
adblock2privoxy-nginx.chain.pem \\ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ adblock2privoxy-nginx.key.pem \
adblock2privoxy-nginx.key.pem.decrypted \\ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ ${tls_cert_dir} </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+" </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+} </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+default_variants-append \ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
+https_inspection </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# default: empty flag </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+set ab2p_use_http_flag \ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
{} </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+if { \
![variant_isset "https_inspection"] } { </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ set ab2p_use_http_flag \ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ {-u} \
</span> }
startupitem.create yes
startupitems \
name ${name} \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- start \
"\"( IFS=\$'\\\\n' ADBLOCK2PRIVOXY_BLOCKLIST=(\$(grep -v -e '^ *#' < \
\${prefix}/etc/${name}/adblock2privoxy_blocklist.txt \\\\ </span><span \
style='display:block; white-space:pre;background:#ffe0e0;'>-\t\t| while read -r t; do \
if wget --max-redirect=0 -S --spider \$t 2>&1 | grep -q 'HTTP/1.1 200 OK'; \
then echo \$t; fi done)); \\\\ </span><span style='display:block; \
white-space:pre;background:#ffe0e0;'>-\t/bin/test -f \
\\\"\${prefix}/etc/adblock2privoxy/privoxy/ab2p.task\\\" \\\\ </span><span \
style='display:block; white-space:pre;background:#ffe0e0;'>-\t&& \
\\\"\${prefix}/bin/adblock2privoxy\\\" -t \
\\\"\${prefix}/etc/adblock2privoxy/privoxy/ab2p.task\\\" \\\\ </span><span \
style='display:block; white-space:pre;background:#ffe0e0;'>-\t|| \
\\\"\${prefix}/bin/adblock2privoxy\\\" -p \
\\\"\${prefix}/etc/adblock2privoxy/privoxy\\\" \\\\ </span><span \
style='display:block; white-space:pre;background:#ffe0e0;'>-\t\t-w \
\\\"\${prefix}/etc/adblock2privoxy/css\\\" \\\\ </span><span style='display:block; \
white-space:pre;background:#ffe0e0;'>-\t\t-d 127.0.0.1:8119 \\\\ </span><span \
style='display:block; \
white-space:pre;background:#ffe0e0;'>-\t\t\\\"\${ADBLOCK2PRIVOXY_BLOCKLIST\[@]}\\\" \
\\\\ </span><span style='display:block; white-space:pre;background:#ffe0e0;'>-\t) \
&& \\\"\${prefix}/bin/port\\\" reload privoxy\"" \ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ init \
"ADBLOCK2PRIVOXY_CSS_SERVER=\"\${ADBLOCK2PRIVOXY_CSS_SERVER:-${adblock2privoxy_css_server}}\"" \
\ </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ start \
[list "( IFS=\$'\\n' ADBLOCK2PRIVOXY_BLOCKLIST=(\$(grep -v -e '^ *#' < \
\${prefix}/etc/${name}/adblock2privoxy_blocklist.txt \\" \ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ "\t| \
while read -r t; do if \"\${prefix}/bin/wget\" --max-redirect=0 -S --spider \"\${t}\" \
2>&1 | grep -q 'HTTP/1.1 200 OK'; then echo \"\${t}\"; fi done)); \\" \ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
"/bin/test -f \"\${prefix}/etc/adblock2privoxy/privoxy/ab2p.task\" \\" \ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ \
"&& \"\${prefix}/bin/adblock2privoxy\" -t \
\"\${prefix}/etc/adblock2privoxy/privoxy/ab2p.task\" \\" \ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ "|| \
\"\${prefix}/bin/adblock2privoxy\" -p \"\${prefix}/etc/adblock2privoxy/privoxy\" \\" \
\ </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
"\t-w \"\${prefix}/etc/adblock2privoxy/css\" \\" \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ "\t-d \
\${ADBLOCK2PRIVOXY_CSS_SERVER} ${ab2p_use_http_flag} \\" \ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ \
"\t\"\${ADBLOCK2PRIVOXY_BLOCKLIST\[@]}\" \\" \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ ") && \
\"\${prefix}/bin/port\" reload privoxy" \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ ] \ </span> stop \
"\"/usr/bin/kill -SIGUSR1 \\\"\$(/usr/bin/pgrep -u root ${name})\\\" \
2>/dev/null\"" \ pidfile none
startupitems-append \
name ${name}-nginx \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- init \
"\"pidfile=\\\"\${prefix}/var/run/nginx/nginx-adblock2privoxy.pid\\\"\"" \ \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- start \
"\"\\\"\${prefix}/sbin/nginx\\\" \\\\ </span><span style='display:block; \
white-space:pre;background:#ffe0e0;'>-\t\t-c \\\\ </span><span style='display:block; \
white-space:pre;background:#ffe0e0;'>-\t\t\\\"\${prefix}/etc/${name}/nginx.conf\\\" \
\\\\ </span><span style='display:block; white-space:pre;background:#ffe0e0;'>-\t\t-g \
\\\\ </span><span style='display:block; \
white-space:pre;background:#ffe0e0;'>-\t\t\\\"daemon off;\\\"\"" \ </span><span \
style='display:block; white-space:pre;background:#ffe0e0;'>- stop "\"if \
\[ -f \${pidfile} \]; then </span><span style='display:block; \
white-space:pre;background:#ffe0e0;'>-\t\t/usr/bin/kill \\\"\$(cat \${pidfile})\\\" \
\\\\ </span><span style='display:block; \
white-space:pre;background:#ffe0e0;'>-\t\t\t&& /bin/rm -f \${pidfile} ; \
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-\telse \
</span><span style='display:block; \
white-space:pre;background:#ffe0e0;'>-\t\t/usr/bin/kill -SIGUSR1 \
\\\"\$(/usr/bin/pgrep -u root nginx)\\\" 2>/dev/null ; </span><span \
style='display:block; white-space:pre;background:#ffe0e0;'>-\tfi\"" </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ init \
"pidfile=\"\${prefix}/var/run/nginx/nginx-adblock2privoxy.pid\"" \ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ start [list \
"\"\${prefix}/sbin/nginx\" \\" \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ "\t-c \\" \ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ \
"\t\"\${prefix}/etc/${name}/nginx.conf\" \\" \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ "\t-g \"daemon off;\"" \ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ] \ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ stop \
[list "if \[ -f \"\${pidfile}\" \]; then" \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ "\t/usr/bin/kill \"\$(cat \
\"\${pidfile}\")\" \\" \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ "\t\t&& /bin/rm -f \
\"\${pidfile}\" ;" \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ "else" \ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ \
"\t/usr/bin/kill -SIGUSR1 \"\$(/usr/bin/pgrep -u root nginx)\" 2>/dev/null ;" \ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
"fi" \ </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ]
</span>
post-activate {
# org.macports.adblock2privoxy
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -161,6 +457,10 @@ \
post-activate { </span> <integer>30</integer>\\
</dict>\\
</array>\\
<span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ <key>StandardErrorPath</key>\\ \
</span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ <string>${prefix}/var/log/${name}.log</string>\\
</span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ <key>StandardOutPath</key>\\ \
</span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ <string>${prefix}/var/log/${name}.log</string>\\
</span> &|" \
${prefix}/etc/${startupitem.location}/org.macports.${name}/org.macports.${name}.plist
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -189,22 +489,35 \
@@ post-activate { </span> }
}
<span style='display:block; white-space:pre;background:#ffe0e0;'>-notes "After \
initial installation, it is necessary to kickstart this launch daemon, \ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+notes "\ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+After initial \
installation, it is necessary to kickstart this launch daemon,\ </span> which does \
not run at load:
<span style='display:block; white-space:pre;background:#ffe0e0;'>-sudo launchctl \
kickstart -k system/org.macports.adblock2privoxy </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ sudo launchctl kickstart -k \
system/org.macports.adblock2privoxy </span>
<span style='display:block; white-space:pre;background:#ffe0e0;'>-The blocklist URLs \
are specified in the file </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+The blocklist URLs are specified in the file\ \
</span> ${prefix}/etc/${name}/adblock2privoxy_blocklist.txt.
Example production run:
<span style='display:block; white-space:pre;background:#ffe0e0;'>-adblock2privoxy -p \
${prefix}/etc/adblock2privoxy/privoxy -w ${prefix}/etc/adblock2privoxy/css -d \
127.0.0.1:8119 \\ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ adblock2privoxy -p \
${prefix}/etc/adblock2privoxy/privoxy -w ${prefix}/etc/adblock2privoxy/css -d \
${adblock2privoxy_css_server} \\ </span> \$(< \
${prefix}/etc/${name}/adblock2privoxy_blocklist.txt)
Update run:
<span style='display:block; white-space:pre;background:#ffe0e0;'>-adblock2privoxy -t \
${prefix}/etc/adblock2privoxy/privoxy/ab2p.task" </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ adblock2privoxy -t \
${prefix}/etc/adblock2privoxy/privoxy/ab2p.task </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+The CSS web server domain name or IP address is \
specified by the\ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+environment variables (with default values): \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
\${ADBLOCK2PRIVOXY_CSS_SERVER:-${adblock2privoxy_css_server}} </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+To change site-specific \
launchd environment variables,\ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+use the launchd plist: </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ \
${prefix}/share/${name}/private.myserver.launchctl-setenv.plist </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+" </span>
if { [variant_isset "initialize_always"] } {
if {[exists notes]} {
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -212,7 +525,7 @@ \
if { [variant_isset "initialize_always"] } { </span> notes-append ""
}
notes-append \
<span style='display:block; white-space:pre;background:#ffe0e0;'>- "The \
variant +initialize_always is set, which initializes \ </span><span \
style='display:block; white-space:pre;background:#ffe0e0;'>- all configuration \
files. Please disable this variant for \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ "The variant +initialize_always is set, \
which initializes\ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ all configuration files. Please disable \
this variant for\ </span> working deployments."
}
<span style='display:block; white-space:pre;color:#808080;'>diff --git \
a/www/adblock2privoxy/files/nginx.conf b/www/adblock2privoxy/files/nginx.conf \
</span><span style='display:block; white-space:pre;color:#808080;'>index \
556eeefad65..c4bf3cef36f 100644 </span><span style='display:block; \
white-space:pre;background:#e0e0ff;'>--- a/www/adblock2privoxy/files/nginx.conf \
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ \
b/www/adblock2privoxy/files/nginx.conf </span><span style='display:block; \
white-space:pre;background:#e0e0e0;'>@@ -23,14 +23,40 @@ http { </span> #ab2p css \
domain name (optional, should be equal to --domainCSS parameter) server_name \
localhost;
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ ssl on;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
ssl_certificate \
@PREFIX@/etc/adblock2privoxy/certs/adblock2privoxy-nginx.chain.pem; </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ ssl_certificate_key \
@PREFIX@/etc/adblock2privoxy/certs/adblock2privoxy-nginx.key.pem.decrypted; \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # use \
modern crypto </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ # https://ssl-config.mozilla.org \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
ssl_protocols TLSv1.3; </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ ssl_prefer_server_ciphers on; </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ ssl_dhparam \
@PREFIX@/etc/adblock2privoxy/certs/dhparam.pem; </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ ssl_ciphers \
TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:EECDH+AESGCM:EDH+AESGCM;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
ssl_ecdh_curve secp384r1; </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ ssl_session_timeout 180m; </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ ssl_session_cache \
shared:SSL:20m; </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ ssl_session_tickets off; </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ add_header \
Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # comply \
with Content Security policy </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ add_header Content-Type "text/css"; \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
add_header X-Content-Type-Options nosniff; </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span> #root = --webDir parameter value
root @PREFIX@/etc/adblock2privoxy/css;
<span style='display:block; white-space:pre;background:#e0ffe0;'>+ # If useHTTP is \
set: </span> # Ensure that http://localhost:8119/ is a legitimate (200 return \
code) # default page; use as iOS proxy.pac blackhole
# Test with curl -I --proxy http://127.0.0.1:8119 \
http://www.foo.com/bar?q=snafoo location / {
<span style='display:block; white-space:pre;background:#ffe0e0;'>- rewrite ^ \
/default.html break; </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ return 301 \
http://$server_name:$server_port/@blackhole?; </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ # rewrite ^ /default.html break; \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ } \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ location \
~ ^/@blackhole { </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ default_type text/html; </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ return 200 \
"<!DOCTYPE html>\n<html>\n<head>\n<meta \
charset='utf-8'>\n</head>\n<body>\n<p><a \
href=\"https://github.com/essandess/adblock2privoxy\">adblock2privoxy</a> \
blackhole 🕳</p>\n</body>\n</html>\n"; </span> }
location ~ ^/+(ab2p(?:\.common)?\.css) {
<span style='display:block; white-space:pre;color:#808080;'>diff --git \
a/www/adblock2privoxy/files/openssl.cnf b/www/adblock2privoxy/files/openssl.cnf \
</span>new file mode 100644 <span style='display:block; \
white-space:pre;color:#808080;'>index 00000000000..52ee6ac669e </span><span \
style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null </span><span \
style='display:block; white-space:pre;background:#e0e0ff;'>+++ \
b/www/adblock2privoxy/files/openssl.cnf </span><span style='display:block; \
white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,229 @@ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+# Commands to create \
Privoxy Root CA certificate </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# Clean start </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+# rm ca.* index.txt* \
serial* </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+################## </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+# CA </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+################## \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Privoxy \
Root CA </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# mkdir \
certs && cd certs </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# touch index.txt </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+# echo 1000 > serial \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# CA \
certificate encrypted key passphrase, both -passin and -passout </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+# sf-pwgen --algorithm \
memorable --count 2 --length 24 2>/dev/null | paste -s -d -- '-' \ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+# 1>passphrase.txt \
|| true </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# if \
[ $(head -1 passphrase.txt | wc -c) < 20 ]; then openssl rand -base64 23 \
1>passphrase.txt 2>/dev/null; fi </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# cat passphrase.txt passphrase.txt > \
passphrase-dbl.txt \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# && mv passphrase-dbl.txt \
passphrase.txt \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# || rm -f passphrase-dbl.txt </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+# chmod go-rwx \
passphrase.txt </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# CA encrypted key </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+# EC </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl genpkey -out \
ca.key.pem -algorithm EC \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# -pkeyopt ec_paramgen_curve:P-256 -aes256 \
\ </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# \
-pass file:passphrase.txt </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# RSA </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# # openssl genpkey -out ca.key.pem -algorithm \
RSA \ </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# # \
-pkeyopt rsa_keygen_bits:2048 -aes256 \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# # -pass file:passphrase.txt </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+# CA certificate \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl \
req -config openssl.cnf \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# -new -x509 -days 3650 -sha256 -extensions \
v3_ca -out certs/ca.cert.pem \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# -key ca.key.pem -passin \
file:passphrase.txt -batch </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# CA certificate text verification </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl x509 -text \
-noout -in ca.cert.pem </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# CA certificate openssl self-verification \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl \
verify -CAfile ca.cert.pem ca.cert.pem </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# CA convert to PKCS12 </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+# Note: `man openssl`: \
"If the same pathname </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# argument is supplied to -passin and \
-passout arguments then the </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# first line will be used for the input \
password and the next line </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# for the output password." </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl pkcs12 -export \
-out ca.p12 \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# -inkey ca.key.pem -in ca.cert.pem \ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# \
-passin file:passphrase.txt \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# -passout file:passphrase.txt </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+# verify .p12 passphrase \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl \
pkcs12 -noout -in ca.p12 -passin file:passphrase.txt </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+###################### \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Server \
certificates </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+###################### </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+# Clean and prepare \
directory for new certificates </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# rm serial* 01.pem index.txt ; echo 01 > \
serial ; touch index.txt </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# Server certificate encrypted key and \
decrypted key </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# openssl genpkey -out \
adblock2privoxy-nginx.key.pem \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# -algorithm EC -pkeyopt \
ec_paramgen_curve:P-384 -aes256 \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# -pass file:passphrase.txt </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl ec -in \
adblock2privoxy-nginx.key.pem -passin file:passphrase.txt \ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+# -out \
adblock2privoxy-nginx.key.pem.decrypted </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# chmod go-rwx \
adblock2privoxy-nginx.key.pem.decrypted </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# Server certificate CSR </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl req -config \
openssl.cnf -new -sha256 -extensions server_cert \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# -key adblock2privoxy-nginx.key.pem \
-passin file:passphrase.txt \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# -out adblock2privoxy-nginx.csr.pem -batch \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Server \
certificate (825 days maximum validity) </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# https://support.apple.com/en-us/HT210176 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl ca \
-config openssl.cnf -days 825 -notext -md sha256 \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# -extensions server_cert -in \
adblock2privoxy-nginx.csr.pem \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# -out adblock2privoxy-nginx.cert.pem \
-passin file:passphrase.txt \ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# -subj '/CN=adblock2privoxy-nginx' -batch \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Server \
certificate chain of trust </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# cat adblock2privoxy-nginx.cert.pem \
ca.cert.pem > adblock2privoxy-nginx.chain.pem </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# Server certificate text </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl x509 -in \
adblock2privoxy-nginx.cert.pem -text -noout </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# Server certificate and chain validity \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl \
verify -CAfile ca.cert.pem adblock2privoxy-nginx.cert.pem </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+# openssl verify -CAfile \
ca.cert.pem adblock2privoxy-nginx.chain.pem </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# DH params </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# openssl dhparam -out dhparam.pem 2048 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+[ca] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+default_ca \
= CA_default </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+[ CA_default ] </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+# Directory and file \
locations. </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+dir = . </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+certs = $dir \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+crl_dir \
= $dir </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+new_certs_dir = $dir </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+database = \
$dir/index.txt </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+serial = $dir/serial </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+RANDFILE = \
$dir/.rand </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# The root \
key and root certificate. </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+private_key = $dir/ca.key.pem \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+certificate \
= $dir/ca.cert.pem </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# For certificate revocation lists. \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+crlnumber \
= $dir/crlnumber </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+crl = $dir/ca.crl.pem \
</span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+crl_extensions = crl_ext </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+default_crl_days = 30 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# SHA-1 is \
deprecated, so use SHA-2 instead. </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+default_md = sha256 </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+name_opt = \
ca_default </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+cert_opt = ca_default </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+default_days = 825 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+preserve \
= no </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+policy \
= policy_strict </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+[ policy_strict ] </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+# The root CA should only \
sign intermediate certificates that match. </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# See the POLICY FORMAT section of `man ca`. \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+countryName \
= optional </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+stateOrProvinceName = optional </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+organizationName = \
optional </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+organizationalUnitName = optional </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+commonName = \
supplied </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+emailAddress = optional </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+[ policy_loose ] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Allow the \
intermediate CA to sign a more diverse range of certificates. </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+# See the POLICY FORMAT \
section of the `ca` man page. </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+countryName = optional </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+stateOrProvinceName = \
optional </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+localityName = optional </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+organizationName = \
optional </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+organizationalUnitName = optional </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+commonName = \
optional </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+emailAddress = optional </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+[req] </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+# Options for the `req` \
tool (`man req`). </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# default_bits = 4096 </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+default_bits = \
2048 </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+distinguished_name = req_distinguished_name \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+string_mask \
= utf8only </span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# SHA-1 is \
deprecated, so use SHA-2 instead. </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+default_md = sha256 </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+[req_distinguished_name] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+countryName \
= US </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+countryName_default = US </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+countryName_min = 2 \
</span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+countryName_max = 2 </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+stateOrProvinceName = \
Massachusetts </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+stateOrProvinceName_default = Massachusetts \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+localityName \
= Boston </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+localityName_default = Boston </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+0.organizationName = \
MacPorts </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+0.organizationName_default = MacPorts \
</span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+organizationalUnitName = adblock2privoxy-nginx \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+commonName = \
adblock2privoxy-nginx </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+commonName_default = adblock2privoxy-nginx \
</span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+commonName_max = 64 </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+emailAddress = \
macports-users@lists.macports.org </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+emailAddress_max = 40 </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+[ v3_ca ] </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+# Extensions for a \
typical CA (`man x509v3_config`). </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+subjectKeyIdentifier = hash </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+authorityKeyIdentifier = \
keyid:always, issuer </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+basicConstraints = critical, CA:true \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+keyUsage = \
critical, digitalSignature, cRLSign, keyCertSign </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+[ v3_intermediate_ca ] </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+# Extensions for a \
typical intermediate CA (`man x509v3_config`). </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+subjectKeyIdentifier = hash </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+#authorityKeyIdentifier = \
keyid:always, issuer </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+basicConstraints = critical, CA:true, pathlen:0 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+keyUsage = \
critical, digitalSignature, cRLSign, keyCertSign </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+[ usr_cert ] </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+# Extensions for client certificates (`man \
x509v3_config`). </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+basicConstraints = CA:FALSE </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+subjectKeyIdentifier = \
hash </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+authorityKeyIdentifier = keyid, issuer \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+keyUsage = \
critical, nonRepudiation, digitalSignature, keyEncipherment </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+extendedKeyUsage = \
clientAuth, emailProtection </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+[ server_cert ] </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+# Extensions for server \
certificates (`man x509v3_config`). </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+basicConstraints = CA:FALSE </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+keyUsage = critical, \
digitalSignature, keyEncipherment </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+extendedKeyUsage = critical, serverAuth \
</span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+subjectKeyIdentifier = hash </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+authorityKeyIdentifier = \
keyid, issuer:always </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+subjectAltName = DNS:localhost, IP:127.0.0.1 \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+[ crl_ext ] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Extension \
for CRLs (`man x509v3_config`). </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+authorityKeyIdentifier=keyid:always \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+[ ocsp ] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Extension \
for OCSP signing certificates (`man ocsp`). </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+basicConstraints = CA:FALSE </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+subjectKeyIdentifier = \
hash </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+authorityKeyIdentifier = keyid, issuer \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+keyUsage = \
critical, digitalSignature </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+extendedKeyUsage = critical, OCSPSigning \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+[ smime ] \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+keyUsage = \
critical, nonRepudiation, digitalSignature, keyEncipherment </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+subjectAltName = \
critical, email:copy </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+extendedKeyUsage = critical, emailProtection \
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git \
a/www/adblock2privoxy/files/private.myserver.launchctl-setenv.plist \
b/www/adblock2privoxy/files/private.myserver.launchctl-setenv.plist </span>new file \
mode 100644 <span style='display:block; white-space:pre;color:#808080;'>index \
00000000000..9519d18b4fc </span><span style='display:block; \
white-space:pre;background:#ffe0e0;'>--- /dev/null </span><span style='display:block; \
white-space:pre;background:#e0e0ff;'>+++ \
b/www/adblock2privoxy/files/private.myserver.launchctl-setenv.plist </span><span \
style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,16 @@ \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+<?xml \
version="1.0" encoding="UTF-8"?> </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST \
1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+<plist \
version="1.0"> </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+<dict> </span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ <key>Label</key> </span><span \
style='display:block; \
white-space:pre;background:#e0ffe0;'>+ <string>private.myserver.launchctl-setenv</string>
</span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ <key>ProgramArguments</key> \
</span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ <array> </span><span \
style='display:block; \
white-space:pre;background:#e0ffe0;'>+ <string>/bin/bash</string> \
</span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ <string>-c</string> </span><span \
style='display:block; \
white-space:pre;background:#e0ffe0;'>+ <string>/bin/launchctl setenv \
ADBLOCK2PRIVOXY_CSS_SERVER 10.0.1.3:8119</string> </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ </array> \
</span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+ <key>RunAtLoad</key> </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/> \
</span><span style='display:block; \
white-space:pre;background:#e0ffe0;'>+</dict> </span><span \
style='display:block; white-space:pre;background:#e0ffe0;'>+</plist> \
</span></pre><pre style='margin:0'>
</pre>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic