Date: Wed, 12 Nov 2014 17:11:57 -0800 From: John-Mark Gurney <jmg@funkthat.com> To: Bryan Drewery <bdrewery@FreeBSD.org> Cc: ports@FreeBSD.org Subject: Re: review of new tcpcrypt port... Message-ID: <20141113011157.GD24601@funkthat.com> In-Reply-To: <5463FCF6.4040901@FreeBSD.org> References: <20141108100709.GF24601@funkthat.com> <20141113001649.GB24601@funkthat.com> <5463FCF6.4040901@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--dkEUBIird37B8yKS Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Bryan Drewery wrote this message on Wed, Nov 12, 2014 at 18:36 -0600: > On 11/12/2014 6:16 PM, John-Mark Gurney wrote: > > John-Mark Gurney wrote this message on Sat, Nov 08, 2014 at 02:07 -0800: > >> I'd like someone to review the attached port for me to commit... It > >> contains a daemon to run on divert sockets to implement the tcpcrypt > >> protocol. I have tested this port w/ HEAD and it works fine w/ the > >> attached patch... > >> > >> The included patch has been submitted upstream and committed, but a > >> new release has not yet been released. > >> > >> portlint -A looks fine. > > > > As I haven't received a review, in a couple more days, probably Friday, > > I'll commit the port... > > > > Thanks. > > > > Can you include the security/Makefile bit in the patch too please? Hmm... Thought I did, but I clearly did not... Fixed... I've attached the latest version of the port.. > Have you ran it through poudriere? At the very least 'env DEVELOPER=1 > make stage' and 'make check-plist' are required. Portlint is not > sufficient, nor can it even be trusted in all cases. I didn't do poudriere, but I did all the building w/ DEVELOPER=1 set, which did fix a few things.. Looks like port test from porttools as documented at: https://www.freebsd.org/doc/en/books/porters-handbook/testing-porttools.html Is wrong.. you need to be in the port directory for it to work... > If you check those and get back to me I'll approve it. Thanks... > Usually you'd need a port commit bit to commit anything, or an approval > (which is different than a review). I hate our process, but that's how > it is. Poke people in #bsdports on EFNet, or me on IRC, for > approvals/reviews in the future. Well, I'm fine w/ someone else committing the port, just trying to save someone the work, and trying to get it into the tree in a timely manner.. I viewed the review as approval... Guess I should have made it more clear in my original request... btw, the included patch has been upstreamed, but they haven't tagged a new rc yet... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not." --dkEUBIird37B8yKS Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="tcpcrypt.port.2.patch" Index: GIDs =================================================================== --- GIDs (revision 372292) +++ GIDs (working copy) @@ -223,6 +223,7 @@ polw:*:825: statsd:*:826: netdisco:*:840: +tcpcryptd:*:841: munin:*:842: dahdi:*:843:asterisk fossy:*:901:www Index: UIDs =================================================================== --- UIDs (revision 372292) +++ UIDs (working copy) @@ -229,6 +229,7 @@ polw:*:825:825::0:0:Policyd-weight Cache Owner:/nonexistent:/sbin/nologin statsd:*:826:826::0:0:Statsd Daemon:/nonexistent:/sbin/nologin netdisco:*:840:840::0:0:netdisco daemon:/nonexistent:/usr/sbin/nologin +tcpcryptd:*:841:841::0:0:tcpcrypt daemon:/nonexistent:/usr/sbin/nologin munin:*:842:842::0:0:Munin:/var/munin:/usr/sbin/nologin fossy:*:901:901::0:0:FOSSology user:/usr/local/share/fossology:/usr/local/bin/bash scanlogd:*:902:902::0:0:scanlogd user:/nonexistent:/usr/sbin/nologin Index: security/Makefile =================================================================== --- security/Makefile (revision 372292) +++ security/Makefile (working copy) @@ -981,6 +981,7 @@ SUBDIR += switzerland SUBDIR += symbion-sslproxy SUBDIR += tclsasl + SUBDIR += tcpcrypt SUBDIR += tinc SUBDIR += tinyca SUBDIR += tlswrap Index: security/tcpcrypt/Makefile =================================================================== --- security/tcpcrypt/Makefile (revision 0) +++ security/tcpcrypt/Makefile (working copy) @@ -0,0 +1,27 @@ +# Created by: John-Mark Gurney <jmg@FreeBSD.org> +# $FreeBSD$ + +PORTNAME= tcpcrypt +DISTVERSION= 0.3.rc1 +CATEGORIES= security net + +MAINTAINER= jmg@FreeBSD.org +COMMENT= TCPCrypt userland divert daemon + +LICENSE= BSD2CLAUSE + +USE_GITHUB= yes +GH_ACCOUNT= scslab +GH_TAGNAME= v0.3-rc1 +GH_COMMIT= b110e7e + +#WRKSRC_SUBDIR= user +GNU_CONFIGURE= yes +USE_LDCONFIG= yes +USES= autoreconf libtool +INSTALL_TARGET= install-strip + +USERS= tcpcryptd +GROUPS= tcpcryptd + +.include <bsd.port.mk> Property changes on: security/tcpcrypt/Makefile ___________________________________________________________________ Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Index: security/tcpcrypt/distinfo =================================================================== --- security/tcpcrypt/distinfo (revision 0) +++ security/tcpcrypt/distinfo (working copy) @@ -0,0 +1,2 @@ +SHA256 (tcpcrypt-0.3.rc1.tar.gz) = da184da7b702cadeaec670f09e34af8d41be84d81ad253f4d977aaaa576da865 +SIZE (tcpcrypt-0.3.rc1.tar.gz) = 183047 Index: security/tcpcrypt/files/patch-unix.c =================================================================== --- security/tcpcrypt/files/patch-unix.c (revision 0) +++ security/tcpcrypt/files/patch-unix.c (working copy) @@ -0,0 +1,17 @@ +--- src/unix.c.orig 2014-09-10 16:22:26.000000000 -0700 ++++ src/unix.c 2014-10-31 23:59:29.000000000 -0700 +@@ -57,7 +57,13 @@ + s_in.sin_addr = ip->ip_dst; + s_in.sin_port = tcp->th_dport; + +-#if defined(__FreeBSD__) || defined(__DARWIN_UNIX03) ++#if defined(__FreeBSD__) ++#include <osreldate.h> ++#if __FreeBSD_version < 1000022 ++ #define HO_LEN ++#endif ++#endif ++#ifdef __DARWIN_UNIX03 + #define HO_LEN + #endif + #ifdef HO_LEN Property changes on: security/tcpcrypt/files/patch-unix.c ___________________________________________________________________ Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Index: security/tcpcrypt/pkg-descr =================================================================== --- security/tcpcrypt/pkg-descr (revision 0) +++ security/tcpcrypt/pkg-descr (working copy) @@ -0,0 +1,12 @@ +Tcpcrypt is a protocol that attempts to encrypt (almost) all of your +network traffic. Unlike other security mechanisms, Tcpcrypt works out +of the box: it requires no configuration, no changes to applications, +and your network connections will continue to work even if the remote +end does not support Tcpcrypt, in which case connections will +gracefully fall back to standard clear-text TCP. Install Tcpcrypt and +you'll feel no difference in your every day user experience, but yet +your traffic will be more secure and you'll have made life much harder +for hackers. + +WWW: http://www.tcpcrypt.org/ +WWW: https://github.com/sorbo/tcpcrypt Index: security/tcpcrypt/pkg-plist =================================================================== --- security/tcpcrypt/pkg-plist (revision 0) +++ security/tcpcrypt/pkg-plist (working copy) @@ -0,0 +1,10 @@ +bin/tcnetstat +bin/tcpcryptd +include/tcpcrypt/socket_address.h +include/tcpcrypt/tcpcrypt.h +lib/libtcpcrypt.a +lib/libtcpcrypt.so +lib/libtcpcrypt.so.0 +lib/libtcpcrypt.so.0.0.0 +man/man8/tcnetstat.8.gz +man/man8/tcpcryptd.8.gz --dkEUBIird37B8yKS--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20141113011157.GD24601>