From owner-dev-commits-ports-all@freebsd.org Mon May 10 01:24:01 2021 Return-Path: Delivered-To: dev-commits-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4D1C4628C0C; Mon, 10 May 2021 01:24:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Fdjxs0bqJz4bBb; Mon, 10 May 2021 01:24:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 055A51BDE3; Mon, 10 May 2021 01:24:01 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 14A1O0mF042376; Mon, 10 May 2021 01:24:00 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 14A1O0nm042375; Mon, 10 May 2021 01:24:00 GMT (envelope-from git) Date: Mon, 10 May 2021 01:24:00 GMT Message-Id: <202105100124.14A1O0nm042375@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Neel Chauhan Subject: git: 996a6909ee6e - main - New port: security/tang: Small daemon for binding data to the presence of a network MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: nc X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 996a6909ee6ea04ffc6962af5167811629275096 Auto-Submitted: auto-generated X-BeenThere: dev-commits-ports-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the ports repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 May 2021 01:24:01 -0000 The branch main has been updated by nc: URL: https://cgit.FreeBSD.org/ports/commit/?id=996a6909ee6ea04ffc6962af5167811629275096 commit 996a6909ee6ea04ffc6962af5167811629275096 Author: Howard Holm AuthorDate: 2021-05-10 01:21:25 +0000 Commit: Neel Chauhan CommitDate: 2021-05-10 01:23:51 +0000 New port: security/tang: Small daemon for binding data to the presence of a network PR: 255694 --- security/Makefile | 1 + security/tang/Makefile | 30 ++++++++++++++++++++++++++++++ security/tang/distinfo | 3 +++ security/tang/pkg-descr | 21 +++++++++++++++++++++ security/tang/pkg-plist | 8 ++++++++ 5 files changed, 63 insertions(+) diff --git a/security/Makefile b/security/Makefile index 3b7a39ce0043..4a9d1a08c053 100644 --- a/security/Makefile +++ b/security/Makefile @@ -1245,6 +1245,7 @@ SUBDIR += swatchdog SUBDIR += symbion-sslproxy SUBDIR += tailscale + SUBDIR += tang SUBDIR += tclsasl SUBDIR += tcpcrypt SUBDIR += teleport diff --git a/security/tang/Makefile b/security/tang/Makefile new file mode 100644 index 000000000000..d916a0645df5 --- /dev/null +++ b/security/tang/Makefile @@ -0,0 +1,30 @@ +PORTNAME= tang +DISTVERSION= 10 +CATEGORIES= security + +MAINTAINER= hdholm@alumni.iastate.edu +COMMENT= Tang is a small daemon for binding data to the presence of a network + +LICENSE= GPLv3 +LICENSE_FILE= ${WRKSRC}/COPYING + +LIB_DEPENDS= libhttp_parser.so:www/http-parser \ + libjansson.so:devel/jansson \ + libjose.so:net/jose +RUN_DEPENDS= socat:net/socat +BUILD_DEPENDS= a2x:textproc/asciidoc \ + ${LOCALBASE}/libdata/pkgconfig/jose.pc:net/jose \ + socat:net/socat + +USES= compiler:c11 meson ninja pkgconfig +USE_GITHUB= yes +GH_ACCOUNT= latchset +GH_TAGNAME= v10 +USE_LDCONFIG= yes + +INSTALL_TARGET= install-strip + +post-install: + ${MKDIR} -m 0700 ${STAGEDIR}/var/db/tang + +.include diff --git a/security/tang/distinfo b/security/tang/distinfo new file mode 100644 index 000000000000..acc4a39838f3 --- /dev/null +++ b/security/tang/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1620421972 +SHA256 (latchset-tang-10-v10_GH0.tar.gz) = 168ceee00bcf1da3d4e595285947fdcd5822b2e4e5cdb4b0e69b450b2cac2ba6 +SIZE (latchset-tang-10-v10_GH0.tar.gz) = 36469 diff --git a/security/tang/pkg-descr b/security/tang/pkg-descr new file mode 100644 index 000000000000..9e9183b65d76 --- /dev/null +++ b/security/tang/pkg-descr @@ -0,0 +1,21 @@ +Tang is a server for binding data to network presence. + +This sounds fancy, but the concept is simple. You have some data, but you only +want it to be available when the system containing the data is on a certain, +usually secure, network. This is where Tang comes in. + +First, the client gets a list of the Tang server's advertised asymmetric keys. +This can happen online by a simple HTTP GET. Alternatively, since the keys are +asymmetric, the public key list can be distributed out of band. + +Second, the client uses one of these public keys to generate a unique, +cryptographically strong encryption key. The data is then encrypted using this +key. Once the data is encrypted, the key is discarded. Some small metadata is +produced as part of this operation which the client should store in a convenient +location. This process of encrypting data is the provisioning step. + +Third, when the client is ready to access its data, it simply loads the metadata +produced in the provisioning step and performs an HTTP POST in order to recover +the encryption key. This process is the recovery step. + +WWW: https://github.com/latchset/tang diff --git a/security/tang/pkg-plist b/security/tang/pkg-plist new file mode 100644 index 000000000000..746dacbd853c --- /dev/null +++ b/security/tang/pkg-plist @@ -0,0 +1,8 @@ +libexec/tangd +man/man1/tang-show-keys.1.gz +man/man8/tang.8.gz +libexec/tangd-keygen +libexec/tangd-rotate-keys +bin/tang-show-keys +etc/rc.d/tangd +@dir /var/db/tang