Date: Wed, 29 Jan 2014 19:38:08 +0000 (UTC) From: Carlo Strub <cs@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r341772 - in head/security/pond: . files Message-ID: <201401291938.s0TJc8cg011358@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cs Date: Wed Jan 29 19:38:08 2014 New Revision: 341772 URL: http://svnweb.freebsd.org/changeset/ports/341772 QAT: https://qat.redports.org/buildarchive/r341772/ Log: - Update to 20140120 - Client compiles now too Added: head/security/pond/files/ head/security/pond/files/main_freebsd.go (contents, props changed) head/security/pond/files/patch-client-cli-input.go (contents, props changed) head/security/pond/files/patch-client-cli.go (contents, props changed) head/security/pond/files/sys_freebsd.go (contents, props changed) Modified: head/security/pond/Makefile head/security/pond/distinfo head/security/pond/pkg-descr Modified: head/security/pond/Makefile ============================================================================== --- head/security/pond/Makefile Wed Jan 29 19:29:25 2014 (r341771) +++ head/security/pond/Makefile Wed Jan 29 19:38:08 2014 (r341772) @@ -1,35 +1,63 @@ # $FreeBSD$ PORTNAME= pond -PORTVERSION= 20140118 +PORTVERSION= 20140120 CATEGORIES= security MASTER_SITES= http://c-s.li/ports/ -DISTFILES= pond-20140118.tar.gz \ +DISTFILES= pond-20140120.tar.gz \ go-gtk-20131128.tar.gz \ ed25519-20131225.tar.gz MAINTAINER= cs@FreeBSD.org -COMMENT= Forward secure, asynchronous messenger -- Server Only +COMMENT= Forward secure, asynchronous messenger LICENSE= BSD3CLAUSE BUILD_DEPENDS= ${LOCALBASE}/${GO_LIBDIR}/code.google.com/p/go.crypto/bcrypt.a:${PORTSDIR}/security/go.crypto \ ${LOCALBASE}/${GO_LIBDIR}/code.google.com/p/goprotobuf/proto.a:${PORTSDIR}/devel/goprotobuf \ ${LOCALBASE}/${GO_LIBDIR}/code.google.com/p/go.net/dict.a:${PORTSDIR}/net/go.net +RUN_DEPENDS= tor:${PORTSDIR}/security/tor +LIB_DEPENDS= gtkspell:${PORTSDIR}/textproc/gtkspell \ + libtspi.so:${PORTSDIR}/security/trousers BROKEN= Experimental. Know what you do! -PLIST_FILES= bin/server -# USE_GNOME= gtk30 +PLIST_FILES= bin/server bin/client +USE_GNOME= gtk30 GO_PKGNAME= github.com/agl/pond -GO_TARGET= ${GO_PKGNAME}/server -# ${GO_PKGNAME}/client +GO_TARGET= ${GO_PKGNAME}/server \ + ${GO_PKGNAME}/client post-extract: @${MKDIR} ${GO_WRKSRC:H} + @${CP} files/sys_freebsd.go ${WRKSRC}/client/system/sys_freebsd.go + @${CP} files/main_freebsd.go ${WRKSRC}/client/main_freebsd.go @${LN} -sf ${WRKSRC} ${GO_WRKSRC} @${LN} -sf ${WRKDIR}/go-gtk-20131128 ${GO_WRKDIR_SRC}/github.com/agl/go-gtk @${LN} -sf ${WRKDIR}/ed25519-20131225 ${GO_WRKDIR_SRC}/github.com/agl/ed25519 +post-patch: + @${REINPLACE_CMD} -e 's|\<gdk|\<gtk-3.0\/gdk|g' \ + ${WRKDIR}/go-gtk-20131128/gdk/gdk.go \ + ${WRKDIR}/go-gtk-20131128/gdk/gdk_linux.go \ + ${WRKDIR}/go-gtk-20131128/gdk/gdk_windows.go \ + ${WRKDIR}/go-gtk-20131128/gtk/gtk.go + @${REINPLACE_CMD} -e 's|\<pango|\<pango-1.0\/pango|g' \ + ${WRKDIR}/go-gtk-20131128/pango/pango.go + @${REINPLACE_CMD} -e 's|\<gtk|\<gtk-3.0\/gtk|g' \ + ${WRKDIR}/go-gtk-20131128/gtk/gtk.go \ + ${WRKDIR}/go-gtk-20131128/gtkspell/gtkspell_fedora.go \ + ${WRKDIR}/go-gtk-20131128/gtkspell/gtkspell_ubuntu.go + @${REINPLACE_CMD} -e 's|\<glib|\<glib-2.0\/glib|g' \ + ${WRKDIR}/go-gtk-20131128/glib/glib.go + @${REINPLACE_CMD} -e 's|\<gdk-pixbuf|\<gdk-pixbuf-2.0\/gdk-pixbuf|g' \ + ${WRKDIR}/go-gtk-20131128/gdkpixbuf/gdkpixbuf.go + @${REINPLACE_CMD} -e 's|\<gtkspell|\<gtkspell-2.0\/gtkspell|g' \ + ${WRKDIR}/go-gtk-20131128/gtkspell/gtkspell_fedora.go \ + ${WRKDIR}/go-gtk-20131128/gtkspell/gtkspell_ubuntu.go + +do-build: + @(cd ${GO_WRKSRC}; ${SETENV} ${GO_ENV} ${GO_CMD} install -tags nogui -v ${GO_TARGET}) + .include <bsd.port.pre.mk> .include "${PORTSDIR}/lang/go/files/bsd.go.mk" .include <bsd.port.post.mk> Modified: head/security/pond/distinfo ============================================================================== --- head/security/pond/distinfo Wed Jan 29 19:29:25 2014 (r341771) +++ head/security/pond/distinfo Wed Jan 29 19:38:08 2014 (r341772) @@ -1,5 +1,5 @@ -SHA256 (pond-20140118.tar.gz) = fab50333d564e8b286aa62daac55ad0b6f0391731478a5490cbccd5bd1a74cc2 -SIZE (pond-20140118.tar.gz) = 1049288 +SHA256 (pond-20140120.tar.gz) = 22e3a69535b76d548cfec62bb18e5b33a5920fc53dbb02b1ca010741c58129ec +SIZE (pond-20140120.tar.gz) = 1049433 SHA256 (ed25519-20131225.tar.gz) = 6cd982fc6d93fd47b650e8922ab66fa64f40d395ddb5879497dbd8aa0c3c8c6d SIZE (ed25519-20131225.tar.gz) = 105671 SHA256 (go-gtk-20131128.tar.gz) = 505452cfb7972a49e6960ad26a48c743d02598113b44e1fe0d5b9ee2a20719a4 Added: head/security/pond/files/main_freebsd.go ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/pond/files/main_freebsd.go Wed Jan 29 19:38:08 2014 (r341772) @@ -0,0 +1,73 @@ +package main + +import ( + "crypto/rand" + "encoding/binary" + "flag" + "fmt" + "os" + "path/filepath" + "runtime" + + "code.google.com/p/go.crypto/scrypt" +) + +func main() { + stateFile := flag.String("state-file", "", "File in which to save persistent state") + pandaScrypt := flag.Bool("panda-scrypt", false, "Run in subprocess mode to process passphrase") + cliFlag := flag.Bool("cli", false, "If true, the CLI will be used, even if the GUI is available") + devFlag := flag.Bool("dev", false, "Is this a development environment?") + flag.Parse() + + if *pandaScrypt { + var numBytes uint32 + if err := binary.Read(os.Stdin, binary.LittleEndian, &numBytes); err != nil { + panic(err) + } + if numBytes > 1024*1024 { + panic("passphrase too large") + } + passphrase := make([]byte, int(numBytes)) + if _, err := os.Stdin.Read(passphrase); err != nil { + panic(err) + } + data, err := scrypt.Key(passphrase, nil, 1<<17, 16, 4, 32*3) + if err != nil { + panic(err) + } + os.Stdout.Write(data) + os.Exit(0) + } + + dev := os.Getenv("POND") == "dev" || *devFlag + runtime.GOMAXPROCS(4) + + if len(*stateFile) == 0 && dev { + *stateFile = "state" + } + + if len(*stateFile) == 0 { + home := os.Getenv("HOME") + if len(home) == 0 { + fmt.Fprintf(os.Stderr, "$HOME not set. Please either export $HOME or use --state-file to set the location of the state file explicitly.\n") + os.Exit(1) + } + configDir := filepath.Join(home, ".config") + os.Mkdir(configDir, 0700) + *stateFile = filepath.Join(configDir, "pond") + } + + if !haveGUI || *cliFlag || len(os.Getenv("PONDCLI")) > 0 { + client := NewCLIClient(*stateFile, rand.Reader, false /* testing */, true /* autoFetch */) + client.disableV2Ratchet = true + client.dev = dev + client.Start() + } else { + ui := NewGTKUI() + client := NewGUIClient(*stateFile, ui, rand.Reader, false /* testing */, true /* autoFetch */) + client.disableV2Ratchet = true + client.dev = dev + client.Start() + ui.Run() + } +} Added: head/security/pond/files/patch-client-cli-input.go ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/pond/files/patch-client-cli-input.go Wed Jan 29 19:38:08 2014 (r341772) @@ -0,0 +1,15 @@ +--- client/cli-input.go.orig 2014-01-20 16:38:38.000000000 +0000 ++++ client/cli-input.go 2014-01-24 23:58:07.000000000 +0000 +@@ -350,12 +350,6 @@ + i.commands.Insert(command.name) + } + +- autoCompleteCallback := func(line string, pos int, key rune) (string, int, bool) { +- return i.AutoComplete(line, pos, key) +- } +- +- i.term.AutoCompleteCallback = autoCompleteCallback +- + var ackChan chan struct{} + + for { Added: head/security/pond/files/patch-client-cli.go ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/pond/files/patch-client-cli.go Wed Jan 29 19:38:08 2014 (r341772) @@ -0,0 +1,33 @@ +--- client/cli.go.orig 2014-01-20 16:38:38.000000000 +0000 ++++ client/cli.go 2014-01-24 23:57:44.000000000 +0000 +@@ -105,12 +105,6 @@ + } + + func (c *cliClient) Start() { +- oldState, err := terminal.MakeRaw(0) +- if err != nil { +- panic(err.Error()) +- } +- defer terminal.Restore(0, oldState) +- + signal.Notify(make(chan os.Signal), os.Interrupt) + + wrapper, interruptChan := NewTerminalWrapper(os.Stdin) +@@ -119,9 +113,6 @@ + c.termWrapper = wrapper + + c.term = terminal.NewTerminal(wrapper, "> ") +- if width, height, err := terminal.GetSize(0); err == nil { +- c.term.SetSize(width, height) +- } + + c.loadUI() + +@@ -1883,7 +1874,6 @@ + }, + cliIdsAssigned: make(map[cliId]bool), + } +- c.ui = c + + c.newMeetingPlace = func() panda.MeetingPlace { + return &panda.HTTPMeetingPlace{ Added: head/security/pond/files/sys_freebsd.go ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/pond/files/sys_freebsd.go Wed Jan 29 19:38:08 2014 (r341772) @@ -0,0 +1,138 @@ +package system + +import ( + "bufio" + "bytes" + "errors" + "io" + "io/ioutil" + "os" + "strings" + "sync" + "syscall" +) + +func processLines(filename string, f func(line string) error) error { + contents, err := ioutil.ReadFile(filename) + if err != nil { + return err + } + + file := bufio.NewReader(bytes.NewBuffer(contents)) + for { + line, isPrefix, err := file.ReadLine() + if err == io.EOF { + break + } + if err != nil { + return err + } + if isPrefix { + return errors.New("file contains a line that it too long to process") + } + if err = f(string(line)); err != nil { + return err + } + } + + return nil +} + +// IsSafe checks to see whether the current OS appears to be safe. Specifically +// it checks that any swap is encrypted. +func IsSafe() error { + lineNo := 0 + err := processLines("/proc/swaps", func(line string) error { + lineNo++ + if lineNo == 1 { + // First line is just headings. + return nil + } + fields := strings.Fields(line) + if len(fields) < 1 { + return nil + } + device := fields[0] + if strings.Contains(device, "/mapper/") || strings.Contains(device, "/dm-") { + // We don't have permissions to introspect the mapper + // device, so we have to assume that it's encrypted. + return nil + } + + return errors.New("swapping is active on " + device + " which doesn't appear to be encrypted") + }) + + if err != nil { + return errors.New("system: while checking /proc/swaps: " + err.Error()) + } + return nil +} + +var ( + safeTempDir string + safeTempDirErr error + safeTempDirOnce sync.Once +) + +func findSafeTempDir() { + var candidates []string + + err := processLines("/proc/mounts", func(line string) error { + fields := strings.Fields(line) + if len(fields) < 1 { + return nil + } + path := fields[1] + filesystem := fields[2] + if filesystem == "tmpfs" && + syscall.Access(path, 7 /* rwx ok */) == nil { + candidates = append(candidates, path) + } + + return nil + }) + + if err == nil && len(candidates) == 0 { + err = errors.New("no writable tmpfs directories found") + } + + if err != nil { + safeTempDirErr = errors.New("system: while checking /proc/mounts: " + err.Error()) + return + } + + suggested := os.TempDir() + preferred := []string{suggested} + var otherOptions []string + if dir := os.Getenv("XDG_RUNTIME_DIR"); len(dir) > 0 { + otherOptions = append(otherOptions, dir) + } + otherOptions = append(otherOptions, "/tmp", "/var/tmp") + for _, d := range otherOptions { + if suggested != d { + preferred = append(preferred, d) + } + } + + for _, d := range preferred { + for _, candidate := range candidates { + if candidate == d { + safeTempDir = candidate + return + } + } + } + + safeTempDir = candidates[0] +} + +// SafeTempDir returns the path of a writable directory which is mounted with +// tmpfs. As long as the swap is encrypted, then it should be safe to write +// there. +func SafeTempDir() (string, error) { + safeTempDirOnce.Do(findSafeTempDir) + if safeTempDirErr != nil { + return "", safeTempDirErr + } + return safeTempDir, nil +} Modified: head/security/pond/pkg-descr ============================================================================== --- head/security/pond/pkg-descr Wed Jan 29 19:29:25 2014 (r341771) +++ head/security/pond/pkg-descr Wed Jan 29 19:38:08 2014 (r341772) @@ -6,6 +6,4 @@ traffic information against everyone exc Pond is experimental software! DO NOT USE IT FOR ANYTHING REAL!!! Use security/gnupg instead. -!!! THIS INSTALLS THE POND SERVER ONLY, NOT THE CLIENT !!! - WWW: https://github.com/agl/pond/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201401291938.s0TJc8cg011358>