From owner-freebsd-ports@FreeBSD.ORG Thu Nov 13 01:11:58 2014 Return-Path: Delivered-To: ports@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B6E9C42F; Thu, 13 Nov 2014 01:11:58 +0000 (UTC) Received: from h2.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "funkthat.com", Issuer "funkthat.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 8A8B36A2; Thu, 13 Nov 2014 01:11:58 +0000 (UTC) Received: from h2.funkthat.com (localhost [127.0.0.1]) by h2.funkthat.com (8.14.3/8.14.3) with ESMTP id sAD1BvEU035835 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 12 Nov 2014 17:11:58 -0800 (PST) (envelope-from jmg@h2.funkthat.com) Received: (from jmg@localhost) by h2.funkthat.com (8.14.3/8.14.3/Submit) id sAD1Bv8B035834; Wed, 12 Nov 2014 17:11:57 -0800 (PST) (envelope-from jmg) Date: Wed, 12 Nov 2014 17:11:57 -0800 From: John-Mark Gurney To: Bryan Drewery Subject: Re: review of new tcpcrypt port... Message-ID: <20141113011157.GD24601@funkthat.com> Mail-Followup-To: John-Mark Gurney , Bryan Drewery , ports@FreeBSD.org References: <20141108100709.GF24601@funkthat.com> <20141113001649.GB24601@funkthat.com> <5463FCF6.4040901@FreeBSD.org> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="dkEUBIird37B8yKS" Content-Disposition: inline In-Reply-To: <5463FCF6.4040901@FreeBSD.org> User-Agent: Mutt/1.4.2.3i X-Operating-System: FreeBSD 7.2-RELEASE i386 X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88 9322 9CB1 8F74 6D3F A396 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html X-TipJar: bitcoin:13Qmb6AeTgQecazTWph4XasEsP7nGRbAPE X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.2 (h2.funkthat.com [127.0.0.1]); Wed, 12 Nov 2014 17:11:58 -0800 (PST) Cc: ports@FreeBSD.org X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Nov 2014 01:11:58 -0000 --dkEUBIird37B8yKS Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Bryan Drewery wrote this message on Wed, Nov 12, 2014 at 18:36 -0600: > On 11/12/2014 6:16 PM, John-Mark Gurney wrote: > > John-Mark Gurney wrote this message on Sat, Nov 08, 2014 at 02:07 -0800: > >> I'd like someone to review the attached port for me to commit... It > >> contains a daemon to run on divert sockets to implement the tcpcrypt > >> protocol. I have tested this port w/ HEAD and it works fine w/ the > >> attached patch... > >> > >> The included patch has been submitted upstream and committed, but a > >> new release has not yet been released. > >> > >> portlint -A looks fine. > > > > As I haven't received a review, in a couple more days, probably Friday, > > I'll commit the port... > > > > Thanks. > > > > Can you include the security/Makefile bit in the patch too please? Hmm... Thought I did, but I clearly did not... Fixed... I've attached the latest version of the port.. > Have you ran it through poudriere? At the very least 'env DEVELOPER=1 > make stage' and 'make check-plist' are required. Portlint is not > sufficient, nor can it even be trusted in all cases. I didn't do poudriere, but I did all the building w/ DEVELOPER=1 set, which did fix a few things.. Looks like port test from porttools as documented at: https://www.freebsd.org/doc/en/books/porters-handbook/testing-porttools.html Is wrong.. you need to be in the port directory for it to work... > If you check those and get back to me I'll approve it. Thanks... > Usually you'd need a port commit bit to commit anything, or an approval > (which is different than a review). I hate our process, but that's how > it is. Poke people in #bsdports on EFNet, or me on IRC, for > approvals/reviews in the future. Well, I'm fine w/ someone else committing the port, just trying to save someone the work, and trying to get it into the tree in a timely manner.. I viewed the review as approval... Guess I should have made it more clear in my original request... btw, the included patch has been upstreamed, but they haven't tagged a new rc yet... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not." --dkEUBIird37B8yKS Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="tcpcrypt.port.2.patch" Index: GIDs =================================================================== --- GIDs (revision 372292) +++ GIDs (working copy) @@ -223,6 +223,7 @@ polw:*:825: statsd:*:826: netdisco:*:840: +tcpcryptd:*:841: munin:*:842: dahdi:*:843:asterisk fossy:*:901:www Index: UIDs =================================================================== --- UIDs (revision 372292) +++ UIDs (working copy) @@ -229,6 +229,7 @@ polw:*:825:825::0:0:Policyd-weight Cache Owner:/nonexistent:/sbin/nologin statsd:*:826:826::0:0:Statsd Daemon:/nonexistent:/sbin/nologin netdisco:*:840:840::0:0:netdisco daemon:/nonexistent:/usr/sbin/nologin +tcpcryptd:*:841:841::0:0:tcpcrypt daemon:/nonexistent:/usr/sbin/nologin munin:*:842:842::0:0:Munin:/var/munin:/usr/sbin/nologin fossy:*:901:901::0:0:FOSSology user:/usr/local/share/fossology:/usr/local/bin/bash scanlogd:*:902:902::0:0:scanlogd user:/nonexistent:/usr/sbin/nologin Index: security/Makefile =================================================================== --- security/Makefile (revision 372292) +++ security/Makefile (working copy) @@ -981,6 +981,7 @@ SUBDIR += switzerland SUBDIR += symbion-sslproxy SUBDIR += tclsasl + SUBDIR += tcpcrypt SUBDIR += tinc SUBDIR += tinyca SUBDIR += tlswrap Index: security/tcpcrypt/Makefile =================================================================== --- security/tcpcrypt/Makefile (revision 0) +++ security/tcpcrypt/Makefile (working copy) @@ -0,0 +1,27 @@ +# Created by: John-Mark Gurney +# $FreeBSD$ + +PORTNAME= tcpcrypt +DISTVERSION= 0.3.rc1 +CATEGORIES= security net + +MAINTAINER= jmg@FreeBSD.org +COMMENT= TCPCrypt userland divert daemon + +LICENSE= BSD2CLAUSE + +USE_GITHUB= yes +GH_ACCOUNT= scslab +GH_TAGNAME= v0.3-rc1 +GH_COMMIT= b110e7e + +#WRKSRC_SUBDIR= user +GNU_CONFIGURE= yes +USE_LDCONFIG= yes +USES= autoreconf libtool +INSTALL_TARGET= install-strip + +USERS= tcpcryptd +GROUPS= tcpcryptd + +.include Property changes on: security/tcpcrypt/Makefile ___________________________________________________________________ Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Index: security/tcpcrypt/distinfo =================================================================== --- security/tcpcrypt/distinfo (revision 0) +++ security/tcpcrypt/distinfo (working copy) @@ -0,0 +1,2 @@ +SHA256 (tcpcrypt-0.3.rc1.tar.gz) = da184da7b702cadeaec670f09e34af8d41be84d81ad253f4d977aaaa576da865 +SIZE (tcpcrypt-0.3.rc1.tar.gz) = 183047 Index: security/tcpcrypt/files/patch-unix.c =================================================================== --- security/tcpcrypt/files/patch-unix.c (revision 0) +++ security/tcpcrypt/files/patch-unix.c (working copy) @@ -0,0 +1,17 @@ +--- src/unix.c.orig 2014-09-10 16:22:26.000000000 -0700 ++++ src/unix.c 2014-10-31 23:59:29.000000000 -0700 +@@ -57,7 +57,13 @@ + s_in.sin_addr = ip->ip_dst; + s_in.sin_port = tcp->th_dport; + +-#if defined(__FreeBSD__) || defined(__DARWIN_UNIX03) ++#if defined(__FreeBSD__) ++#include ++#if __FreeBSD_version < 1000022 ++ #define HO_LEN ++#endif ++#endif ++#ifdef __DARWIN_UNIX03 + #define HO_LEN + #endif + #ifdef HO_LEN Property changes on: security/tcpcrypt/files/patch-unix.c ___________________________________________________________________ Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Index: security/tcpcrypt/pkg-descr =================================================================== --- security/tcpcrypt/pkg-descr (revision 0) +++ security/tcpcrypt/pkg-descr (working copy) @@ -0,0 +1,12 @@ +Tcpcrypt is a protocol that attempts to encrypt (almost) all of your +network traffic. Unlike other security mechanisms, Tcpcrypt works out +of the box: it requires no configuration, no changes to applications, +and your network connections will continue to work even if the remote +end does not support Tcpcrypt, in which case connections will +gracefully fall back to standard clear-text TCP. Install Tcpcrypt and +you'll feel no difference in your every day user experience, but yet +your traffic will be more secure and you'll have made life much harder +for hackers. + +WWW: http://www.tcpcrypt.org/ +WWW: https://github.com/sorbo/tcpcrypt Index: security/tcpcrypt/pkg-plist =================================================================== --- security/tcpcrypt/pkg-plist (revision 0) +++ security/tcpcrypt/pkg-plist (working copy) @@ -0,0 +1,10 @@ +bin/tcnetstat +bin/tcpcryptd +include/tcpcrypt/socket_address.h +include/tcpcrypt/tcpcrypt.h +lib/libtcpcrypt.a +lib/libtcpcrypt.so +lib/libtcpcrypt.so.0 +lib/libtcpcrypt.so.0.0.0 +man/man8/tcnetstat.8.gz +man/man8/tcpcryptd.8.gz --dkEUBIird37B8yKS--