From nobody Tue May 2 06:54:05 2023
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Q9W5V1SYMz48b1S;
Tue, 2 May 2023 06:54:06 +0000 (UTC)
(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 4Q9W5V0qhYz4VDK;
Tue, 2 May 2023 06:54:06 +0000 (UTC)
(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
t=1683010446;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:mime-version:mime-version:content-type:content-type:
content-transfer-encoding:content-transfer-encoding;
bh=wzys3MxjVrJTL5UPa07/bEZ7OS7Q8VHLSulZz2oJLcA=;
b=S7zP22r/5hnhy/Iyz1m8KUrYsFkaGAATo+Rit6ECoapLLUkyOxDqYheaxz+w6Lh57qyVza
SrBZ7uFHQ+Uw15HnhcOqrRACwsUXNwEEcTTWxk07dlZ/iSEu4tym5En9+gdtFwjq9n6TMw
m32kVyXbamFy16+FwEsmQnVvHSUcIU+OVJJLQ6Ul29a1EyEuCpcyjfjdc8htTazTptSfsM
TBplIQ6RE8CzqoRTA9XVzmroKU6PABYvRlSik+bniMfvEtJoyBpA/ta2fyTfuMw53k2s0y
K4DVpHwx59HiLeXhNQU8vJ8m2B/cD1F8ajszdEG64wxjOwtWgDtqYc4m9Di2HQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
s=dkim; t=1683010446;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:mime-version:mime-version:content-type:content-type:
content-transfer-encoding:content-transfer-encoding;
bh=wzys3MxjVrJTL5UPa07/bEZ7OS7Q8VHLSulZz2oJLcA=;
b=sIHv485dZguK64zC2JxqmoB159az8BRmbFkThI0zfrYrcTDYeyKLlX8z+tPoCeEX2Dx4uf
DsYLk2bdvjqOCX/zjHr/uEVbvIT+8tDeSOoZuw6V9Vsfh9PrQyv2PjiWHwNpFK+HJtKonb
Rq2defnnn76df1T5xCE7rKkzBkWekElbgH7CuYLiCDIyAtuDV3D4QjUeh3fIenHg+VfHIE
xUm0zsKle7pfok8J9JS5mwJ6VXdz6Sg94ss50PzKp0Cp/xxUd0103Ok6rJZNnRTdnACw14
oDS6ZVO7/pNtvV9GwzMYrFdKpmQN5uJLta7wWT0ca2YE9c6x2V+eKsTchX9DDg==
ARC-Authentication-Results: i=1;
mx1.freebsd.org;
none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1683010446; a=rsa-sha256; cv=none;
b=WbhSZkjI912g/h0hr7VYTC+9Q/t6Fwcohdo+WvNXXt//3kLdyRIZiI8cEBAhOEPSKgNgI1
xrHB1bb9tEwaqfUgN8AlE5GqQds0mjr6B3FKIp+pRvkvn0+I+AFwq0b5b2anjI6s8JEFKf
ZKDpcxUSScZWRPLNJ3v0yn5uvPsQ/zSIOkkMTzfrR72UpyMTCoU+FIX7NopnnRlzzHNb7l
4LkJBl3jl8tndRaEZq7NUI+RMdGMvH0neRzuQ9uc3uCSwLzy2QvMFPfXbWl4Z/WM1u1jD3
hx+k3GCfiAPW//nUc/KK2tktrJUAmLyHZO4Q5dwe61txu27ihnmp5SkogV+1qg==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
(Client did not present a certificate)
by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Q9W5T70RlzdrG;
Tue, 2 May 2023 06:54:05 +0000 (UTC)
(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 3426s5Kk027241;
Tue, 2 May 2023 06:54:05 GMT
(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 3426s5un027240;
Tue, 2 May 2023 06:54:05 GMT
(envelope-from git)
Date: Tue, 2 May 2023 06:54:05 GMT
Message-Id: <202305020654.3426s5un027240@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
dev-commits-ports-main@FreeBSD.org
From: Felix Palmen <zirias@FreeBSD.org>
Subject: git: cf234c830641 - main - security/tlsc: Add new port
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-all@freebsd.org
X-BeenThere: dev-commits-ports-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: zirias
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: cf234c830641b5bb839643a5d6fe25abce298d1e
Auto-Submitted: auto-generated
X-ThisMailContainsUnwantedMimeParts: N
The branch main has been updated by zirias:
URL: https://cgit.FreeBSD.org/ports/commit/?id=cf234c830641b5bb839643a5d6fe25abce298d1e
commit cf234c830641b5bb839643a5d6fe25abce298d1e
Author: Felix Palmen <zirias@FreeBSD.org>
AuthorDate: 2023-04-22 17:47:46 +0000
Commit: Felix Palmen <zirias@FreeBSD.org>
CommitDate: 2023-05-02 06:53:30 +0000
security/tlsc: Add new port
Tlsc is a little BSD-licensed daemon that allows to connect non-TLS
clients to TLS-enabled services.
It's kept simple, so uses all-standard options for TLS and doesn't
implement anything else (like e.g. STARTTLS or doing service-side).
Approved by: tcberner (mentor, implicit)
---
security/Makefile | 1 +
security/tlsc/Makefile | 30 ++++++++++++++++++++++++++++++
security/tlsc/distinfo | 5 +++++
security/tlsc/files/tlsc.in | 44 ++++++++++++++++++++++++++++++++++++++++++++
security/tlsc/pkg-descr | 6 ++++++
5 files changed, 86 insertions(+)
diff --git a/security/Makefile b/security/Makefile
index 939f6122d086..95060c3f3de9 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -1294,6 +1294,7 @@
SUBDIR += tinc-devel
SUBDIR += tinyca
SUBDIR += tls-check
+ SUBDIR += tlsc
SUBDIR += tor
SUBDIR += tor-devel
SUBDIR += totp-cli
diff --git a/security/tlsc/Makefile b/security/tlsc/Makefile
new file mode 100644
index 000000000000..472b996550db
--- /dev/null
+++ b/security/tlsc/Makefile
@@ -0,0 +1,30 @@
+PORTNAME= tlsc
+DISTVERSIONPREFIX= v
+DISTVERSION= 1.2
+CATEGORIES= security
+
+MAINTAINER= zirias@FreeBSD.org
+COMMENT= TLS connect daemon
+WWW= https://github.com/Zirias/tlsc
+
+LICENSE= BSD2CLAUSE
+LICENSE_FILE= ${WRKSRC}/LICENSE.txt
+
+USES= compiler:c11 gmake ssl
+
+USE_GITHUB= yes
+GH_ACCOUNT= Zirias
+GH_PROJECT= zimk:zimk
+GH_TAGNAME= 0def4fa:zimk
+
+USE_RC_SUBR= ${PORTNAME}
+
+MAKE_ARGS= V=1
+ALL_TARGET= strip
+
+PLIST_FILES= bin/tlsc
+
+post-extract:
+ @${MV} ${WRKSRC_zimk}/* ${WRKSRC}/zimk/
+
+.include <bsd.port.mk>
diff --git a/security/tlsc/distinfo b/security/tlsc/distinfo
new file mode 100644
index 000000000000..e24704c81dd6
--- /dev/null
+++ b/security/tlsc/distinfo
@@ -0,0 +1,5 @@
+TIMESTAMP = 1683008653
+SHA256 (Zirias-tlsc-v1.2_GH0.tar.gz) = 90eb9315091f212d85afedb35d683e0ccf3ba692487caeeebb13986be75a4153
+SIZE (Zirias-tlsc-v1.2_GH0.tar.gz) = 23097
+SHA256 (Zirias-zimk-0def4fa_GH0.tar.gz) = faff68b6f7a0e337c9d42da7a7686b83e64a430592471d7eeaee3c5e2525d8fc
+SIZE (Zirias-zimk-0def4fa_GH0.tar.gz) = 12738
diff --git a/security/tlsc/files/tlsc.in b/security/tlsc/files/tlsc.in
new file mode 100644
index 000000000000..2d82526fdc80
--- /dev/null
+++ b/security/tlsc/files/tlsc.in
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+# PROVIDE: tlsc
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name=tlsc
+desc="TLS connect daemon"
+
+rcvar=tlsc_enable
+
+load_rc_config ${name}
+
+: ${tlsc_enable:=NO}
+
+start_precmd=tlsc_prestart
+command="%%PREFIX%%/bin/tlsc"
+pidfile=/var/run/tlsc/tlsc.pid
+command_args="-p ${pidfile} ${tlsc_flags} ${tlsc_tunnels}"
+
+tlsc_prestart()
+{
+ if [ -z "${tlsc_tunnels}" ]; then
+ err 1 "tlsc_tunnels must be configured."
+ fi
+ if [ -n "${tlsc_user}" ]; then
+ rc_flags="-u ${tlsc_user} ${rc_flags}"
+ fi
+ if [ -n "${tlsc_group}" ]; then
+ rc_flags="-g ${tlsc_group} ${rc_flags}"
+ fi
+
+ # tlsc handles user and group itself
+ unset _user
+ unset _group
+ install -d -m 755 -o ${tlsc_user:-root} $(dirname ${pidfile})
+
+ return 0
+}
+
+run_rc_command "$1"
diff --git a/security/tlsc/pkg-descr b/security/tlsc/pkg-descr
new file mode 100644
index 000000000000..709b440b8940
--- /dev/null
+++ b/security/tlsc/pkg-descr
@@ -0,0 +1,6 @@
+A simple socket proxy for connecting to TLS-enabled services.
+
+This daemon will listen on sockets (typically on localhost) and forward
+connecting clients to some remote host, adding TLS encryption.
+
+It does the job in the simplest possible way, using all-standard options.