9 files changed, 153 insertions, 77 deletions

diff --git a/app-crypt/dehydrated/Manifest b/app-crypt/dehydrated/Manifest
index e13b79053a90..a35814a589cb 100644
--- a/app-crypt/dehydrated/Manifest
+++ b/app-crypt/dehydrated/Manifest
@@ -1 +1,3 @@
-DIST dehydrated-0.6.5.tar.gz 82274 BLAKE2B 3c8138bafdaab9c60db1463860d6c16dd0fb8e686f368e55a4fa010d004f350d03cdd161dde38361411506959f896a25ef802b76432c0fcd89a69d75fe1be9c9 SHA512 da8ff3ecb7ddeb25356469fa272aef4e7c3705049caf88d09656dbc4baf29e0efa135e6f154c78cec82da17a27a78f2145ee3b7bd71521a080e10550d09b8a53
+DIST dehydrated-0.7.0.tar.gz 86574 BLAKE2B 35a3b0b7592126ca65003a6c9eb8934a76584710d028057e5add7f77bb2fa3799e89a060306da3b98a62d291229a2a78f23e0f95f19e033796aee31e97b94488 SHA512 47740d2d31ca73482a4fc5ed0dfce986af907dd5449cb3a5230bf9683845686c8122fc32e6219a4439574ef11d6fb104ee09591c5ff667927a2c9c13ba005511
+DIST dehydrated-0.7.1.tar.gz 119992 BLAKE2B 0b287537206936ceff33bde8bbb8ab7b13f28bf58cd29c898348db0cf5a83157fed4535da218ac48a810a93b99474e96334a27c062c157e2f164b0e516b47111 SHA512 b7ac078d6034e784f3f485e8ce56b5fa2f1e2a3b5ef014d260046b5f1d5cbd99727501e95a9530d0d1b2f300003d3fa5bf7e7f532092041597236d92fbeb0f3c
+DIST dehydrated-0.7.1.tar.gz.asc 488 BLAKE2B 0dd678976f897e8684695bce1742e498bcbec0f78781a53dae7f715a1a379f85eba3531c0f3181dcab9bd7005f086e82889dad6d26f7d2075c877eef3d653acf SHA512 f03872b7e087b3f719a76aaebd46f017f47595feb03a29f5fcbe33796655cdcd0a34580ae34a85e3280c8305a2fe2ada47e4436bfbec294b7dbf67768df86394
diff --git a/app-crypt/dehydrated/dehydrated-0.6.5.ebuild b/app-crypt/dehydrated/dehydrated-0.6.5.ebuild
deleted file mode 100644
index fab5c7c8615d..000000000000
--- a/app-crypt/dehydrated/dehydrated-0.6.5.ebuild
+++ /dev/null
@@ -1,68 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit user
-
-DESCRIPTION="a client for signing certificates with an ACME-server"
-HOMEPAGE="https://github.com/lukas2511/dehydrated"
-SRC_URI="https://github.com/lukas2511/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
-
-LICENSE="MIT"
-SLOT="0"
-KEYWORDS="amd64 arm arm64 x86"
-IUSE="+cron"
-
-DEPEND="cron? ( virtual/cron )"
-RDEPEND="
-	${DEPEND}
-	app-shells/bash
-	net-misc/curl
-"
-
-src_configure() {
-	default
-	sed -i  's,^#CONFIG_D=.*,CONFIG_D="/etc/dehydrated/config.d",' docs/examples/config || die "could not set config (CONFIG_D)"
-}
-
-src_install() {
-	dobin "${PN}"
-	insinto "/etc/${PN}"
-	doins docs/examples/{config,domains.txt,hook.sh}
-	fperms u+x "/etc/${PN}/hook.sh"
-	dodoc docs/*.md
-
-	insinto /etc/"${PN}"/config.d
-	doins "${FILESDIR}"/00_gentoo.sh
-
-	if use cron ; then
-		insinto "/etc/cron.d"
-		newins "${FILESDIR}"/cron "${PN}"
-	fi
-
-	dodir /etc/"${PN}"/config.d
-	keepdir /etc/"${PN}"/config.d
-
-	default
-}
-
-pkg_preinst() {
-	enewgroup "${PN}"
-	enewuser "${PN}" -1 -1 /var/lib/"${PN}" "${PN}"
-}
-
-pkg_postinst() {
-	if [[ "${REPLACING_VERSIONS}" =~ (0\.3\.1|0\.4\.0) ]]; then
-		ewarn ""
-		ewarn "The new default BASEDIR is now '/var/lib/dehydrated'"
-		ewarn "Please consider migrating your data with a command like"
-		ewarn ""
-		ewarn "  'mv -v /etc/dehydrated/{accounts,archive,certs,lock} /var/lib/dehydrated'"
-		ewarn ""
-		ewarn "and make sure BASEDIR is set to '/var/lib/dehydrated'"
-		ewarn ""
-	fi
-	einfo "See /etc/dehydrated/config for configuration."
-	use cron && einfo "After finishing setup you should enable the cronjob in /etc/cron.d/dehydrated."
-}
diff --git a/app-crypt/dehydrated/dehydrated-0.7.0-r1.ebuild b/app-crypt/dehydrated/dehydrated-0.7.0-r1.ebuild
new file mode 100644
index 000000000000..120ac925e81f
--- /dev/null
+++ b/app-crypt/dehydrated/dehydrated-0.7.0-r1.ebuild
@@ -0,0 +1,50 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+DESCRIPTION="A client for signing certificates with an ACME-server"
+HOMEPAGE="https://github.com/dehydrated-io/dehydrated"
+SRC_URI="https://github.com/dehydrated-io/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="amd64 arm arm64 ~ppc64 ~riscv x86"
+IUSE="+cron"
+
+RDEPEND="acct-group/dehydrated
+	acct-user/dehydrated
+	app-shells/bash
+	net-misc/curl
+	cron? ( virtual/cron )"
+
+PATCHES=( "${FILESDIR}"/${P}-fix-CN-extraction-for-older-openssl-versions.patch )
+
+src_configure() {
+	default
+	sed -i  's,^#CONFIG_D=.*,CONFIG_D="/etc/dehydrated/config.d",' docs/examples/config || die "could not set config (CONFIG_D)"
+}
+
+src_install() {
+	dobin ${PN}
+	insinto /etc/${PN}
+	doins docs/examples/{config,domains.txt,hook.sh}
+	fperms u+x /etc/${PN}/hook.sh
+	dodoc docs/*.md
+
+	insinto /etc/${PN}/config.d
+	doins "${FILESDIR}"/00_gentoo.sh
+
+	if use cron ; then
+		insinto /etc/cron.d
+		newins "${FILESDIR}"/cron-r1 ${PN}
+	fi
+}
+
+pkg_postinst() {
+	if [[ -z "${REPLACING_VERSIONS}" ]] ; then
+		einfo "See /etc/dehydrated/config for configuration."
+
+		use cron && einfo "After finishing setup you should enable the cronjob in /etc/cron.d/dehydrated."
+	fi
+}
diff --git a/app-crypt/dehydrated/dehydrated-0.7.1.ebuild b/app-crypt/dehydrated/dehydrated-0.7.1.ebuild
new file mode 100644
index 000000000000..c760e927efba
--- /dev/null
+++ b/app-crypt/dehydrated/dehydrated-0.7.1.ebuild
@@ -0,0 +1,61 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="8"
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/dehydrated.asc
+
+inherit verify-sig
+
+DESCRIPTION="A client for signing certificates with an ACME-server"
+HOMEPAGE="https://dehydrated.io/"
+SRC_URI="
+	https://github.com/dehydrated-io/${PN}/releases/download/v${PV}/${P}.tar.gz
+	verify-sig? ( https://github.com/dehydrated-io/${PN}/releases/download/v${PV}/${P}.tar.gz.asc )
+"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
+IUSE="+cron"
+
+BDEPEND="verify-sig? ( sec-keys/openpgp-keys-dehydrated )"
+RDEPEND="acct-group/dehydrated
+	acct-user/dehydrated
+	app-shells/bash
+	net-misc/curl
+	cron? ( virtual/cron )"
+
+src_configure() {
+	default
+	sed -i  's,^#CONFIG_D=.*,CONFIG_D="/etc/dehydrated/config.d",' docs/examples/config \
+		|| die "could not set config (CONFIG_D)"
+}
+
+src_install() {
+	dobin ${PN}
+	insinto /etc/${PN}
+	doins docs/examples/{config,domains.txt,hook.sh}
+	fperms u+x /etc/${PN}/hook.sh
+	dodoc docs/*.md
+
+	insinto /etc/${PN}/config.d
+	newins "${FILESDIR}"/00_gentoo.sh-r1 00_gentoo.sh
+
+	keepdir /etc/${PN}/domains.d
+
+	doman  docs/man/dehydrated.1
+
+	if use cron ; then
+		insinto /etc/cron.d
+		newins "${FILESDIR}"/cron-r1 ${PN}
+	fi
+}
+
+pkg_postinst() {
+	if [[ -z "${REPLACING_VERSIONS}" ]] ; then
+		einfo "See /etc/dehydrated/config for configuration."
+
+		use cron && einfo "After finishing setup you should enable the cronjob in /etc/cron.d/dehydrated."
+	fi
+}
diff --git a/app-crypt/dehydrated/files/00_gentoo.sh-r1 b/app-crypt/dehydrated/files/00_gentoo.sh-r1
new file mode 100644
index 000000000000..53e9c0dfe538
--- /dev/null
+++ b/app-crypt/dehydrated/files/00_gentoo.sh-r1
@@ -0,0 +1,4 @@
+# base config required for gentoo defaults
+BASEDIR="/var/lib/dehydrated"
+DOMAINS_TXT="/etc/dehydrated/domains.txt"
+DOMAINS_D="/etc/dehydrated/domains.d"
diff --git a/app-crypt/dehydrated/files/cron b/app-crypt/dehydrated/files/cron
deleted file mode 100644
index df03b5fcee13..000000000000
--- a/app-crypt/dehydrated/files/cron
+++ /dev/null
@@ -1,2 +0,0 @@
-# dehydrated cron job
-#0 2 * * * dehydrated /usr/bin/dehydrated --cron
diff --git a/app-crypt/dehydrated/files/cron-r1 b/app-crypt/dehydrated/files/cron-r1
new file mode 100644
index 000000000000..31d1bb805a3e
--- /dev/null
+++ b/app-crypt/dehydrated/files/cron-r1
@@ -0,0 +1,2 @@
+# dehydrated cron job
+#27 2 * * * dehydrated /usr/bin/dehydrated --cron
diff --git a/app-crypt/dehydrated/files/dehydrated-0.7.0-fix-CN-extraction-for-older-openssl-versions.patch b/app-crypt/dehydrated/files/dehydrated-0.7.0-fix-CN-extraction-for-older-openssl-versions.patch
new file mode 100644
index 000000000000..91188fbe3587
--- /dev/null
+++ b/app-crypt/dehydrated/files/dehydrated-0.7.0-fix-CN-extraction-for-older-openssl-versions.patch
@@ -0,0 +1,30 @@
+From 29b67962ac07d5d2b24f69c863a9ef31e8ac53ee Mon Sep 17 00:00:00 2001
+From: Lukas Schauer <lukas@schauer.so>
+Date: Fri, 11 Dec 2020 18:02:51 +0100
+Subject: [PATCH] fix CN extraction for older openssl versions
+
+---
+ dehydrated | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/dehydrated b/dehydrated
+index 622165e..37e0ab6 100755
+--- a/dehydrated
++++ b/dehydrated
+@@ -926,14 +926,14 @@ extract_altnames() {
+     printf "%s" "${altnames}" | tr '\n' ' '
+   else
+     # No SANs, extract CN
+-    altnames="$( <<<"${reqtext}" grep '^[[:space:]]*Subject:' | _sed -e 's/.* CN ?= ?([^ /,]*).*/\1/' )"
++    altnames="$( <<<"${reqtext}" grep '^[[:space:]]*Subject:' | _sed -e 's/.*[ /]CN ?= ?([^ /,]*).*/\1/' )"
+     printf "%s" "${altnames}"
+   fi
+ }
+ 
+ # Get last issuer CN in certificate chain
+ get_last_cn() {
+-  <<<"${1}" _sed 'H;/-----BEGIN CERTIFICATE-----/h;$!d;x' | "${OPENSSL}" x509 -noout -issuer | head -n1 | _sed -e 's/.* CN ?= ?([^/,]*).*/\1/'
++  <<<"${1}" _sed 'H;/-----BEGIN CERTIFICATE-----/h;$!d;x' | "${OPENSSL}" x509 -noout -issuer | head -n1 | _sed -e 's/.*[ /]CN ?= ?([^/,]*).*/\1/'
+ }
+ 
+ # Create certificate for domain(s) and outputs it FD 3
diff --git a/app-crypt/dehydrated/metadata.xml b/app-crypt/dehydrated/metadata.xml
index f2198d055c2f..d4974e2fd2d8 100644
--- a/app-crypt/dehydrated/metadata.xml
+++ b/app-crypt/dehydrated/metadata.xml
@@ -1,13 +1,10 @@
-<?xml version='1.0' encoding='UTF-8'?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
 	<maintainer type="person">
 		<email>mschiff@gentoo.org</email>
 	</maintainer>
-	<maintainer type="person">
-		<email>whissi@gentoo.org</email>
-		<name>Thomas Deutschmann</name>
-	</maintainer>
+	<stabilize-allarches/>
 	<use>
 		<flag name="cron">Install cron job to sign/renew non-existent/changed/expiring certificates</flag>
 	</use>