Date: Thu, 1 Oct 2020 23:50:35 +0000 (UTC) From: Steve Wills <swills@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r550881 - in head/security/honeytrap: . files files/etc Message-ID: <202010012350.091NoZDC098405@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: swills Date: Thu Oct 1 23:50:34 2020 New Revision: 550881 URL: https://svnweb.freebsd.org/changeset/ports/550881 Log: security/honeytrap: multiple changes * Improve rc script * Clean up * Pass maintainership to submitter * Fix build with newer Go PR: 247140 PR: 248948 Submitted by: ezri.mudde@dutchsec.com Approved by: remco.verhoef@dutchsec.com (maintainer) Added: head/security/honeytrap/files/honeytrap.toml - copied, changed from r550880, head/security/honeytrap/files/etc/honeytrap.toml head/security/honeytrap/files/patch-cmd_constants.go (contents, props changed) head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sentry_platform_kvm_bluepill__unsafe.go (contents, props changed) head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sentry_platform_kvm_machine__unsafe.go (contents, props changed) head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sentry_platform_ptrace_subprocess__unsafe.go (contents, props changed) head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sentry_vfs_mount__unsafe.go (contents, props changed) head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sleep_sleep__unsafe.go (contents, props changed) head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sync_downgradable__rwmutex__unsafe.go (contents, props changed) head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sync_memmove__unsafe.go (contents, props changed) head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sync_tmutex__unsafe.go (contents, props changed) head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_tcpip_link_rawfile_blockingpoll__yield__unsafe.go (contents, props changed) head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_tcpip_time__unsafe.go (contents, props changed) Deleted: head/security/honeytrap/files/etc/ Modified: head/security/honeytrap/Makefile (contents, props changed) head/security/honeytrap/distinfo (contents, props changed) head/security/honeytrap/files/honeytrap.in Modified: head/security/honeytrap/Makefile ============================================================================== --- head/security/honeytrap/Makefile Thu Oct 1 23:30:32 2020 (r550880) +++ head/security/honeytrap/Makefile Thu Oct 1 23:50:34 2020 (r550881) @@ -1,21 +1,19 @@ # $FreeBSD$ PORTNAME= honeytrap -DISTVERSION= g20200415 +DISTVERSION= g20200625 CATEGORIES= security -MAINTAINER= remco.verhoef@dutchsec.com -COMMENT= HoneyTrap Freebsd port +MAINTAINER= ezri.mudde@dutchsec.com +COMMENT= Framework for running, monitoring and managing honeypots LICENSE= ART20 -BROKEN= fails to build - USES= go:modules +GO_BUILDFLAGS= -ldflags '-X github.com/honeytrap/honeytrap/cmd.Version=2020-07-22T08:34:55 -X github.com/honeytrap/honeytrap/cmd.ReleaseTag=DEVELOPMENT.2020-07-22T08-34-55Z -X github.com/honeytrap/honeytrap/cmd.CommitID=33bbb2db3a3140b0ce4fbda14747bc954e0bcadd -X github.com/honeytrap/honeytrap/cmd.ShortCommitID=33bbb2db3a31 -extldflags "static"' USE_GITHUB= yes -GH_TAGNAME= d8d94c8f -GH_TUPLE= \ - AndreasBriese:bbloom:28f7e881ca57:andreasbriese_bbloom/vendor/github.com/AndreasBriese/bbloom \ +GH_TAGNAME= 33bbb2d +GH_TUPLE= AndreasBriese:bbloom:28f7e881ca57:andreasbriese_bbloom/vendor/github.com/AndreasBriese/bbloom \ BurntSushi:toml:v0.3.0:burntsushi_toml/vendor/github.com/BurntSushi/toml \ Logicalis:asn1:c9c836c1a3cd:logicalis_asn1/vendor/github.com/Logicalis/asn1 \ Shopify:sarama:v1.16.0:shopify_sarama/vendor/github.com/Shopify/sarama \ @@ -72,22 +70,24 @@ GH_TUPLE= \ yuin:gopher-lua:8bfc7677f583:yuin_gopher_lua/vendor/github.com/yuin/gopher-lua \ google:gvisor:3eb302470365:google_gvisor/vendor/gvisor.dev/gvisor -USERS= honeytrap -GROUPS= honeytrap +HONEYTRAP_USER?= honeytrap +HONEYTRAP_GROUP?= honeytrap +HONEYTRAP_DBDIR?= /var/db/${PORTNAME} + +USERS= ${HONEYTRAP_USER} +GROUPS= ${HONEYTRAP_GROUP} USE_RC_SUBR= honeytrap -PLIST_FILES= bin/honeytrap \ - etc/honeytrap.toml \ - "@dir(honeytrap,honeytrap,4744) /var/log/honeytrap" \ - "@dir(honeytrap,honeytrap,4744) libdata/honeytrap" +PLIST_FILES= "@sample(honeytrap,honeytrap,0600) ${ETCDIR}/honeytrap.toml.sample" \ + bin/honeytrap +SUB_LIST= GROUP=${HONEYTRAP_GROUP} \ + HONEYTRAP_DBDIR=${HONEYTRAP_DBDIR} \ + USER=${HONEYTRAP_USER} + do-install: ${MKDIR} ${STAGEDIR}${PREFIX}/bin ${INSTALL_PROGRAM} ${WRKDIR}/bin/honeytrap ${STAGEDIR}${PREFIX}/bin/honeytrap - ${MKDIR} ${STAGEDIR}${PREFIX}/etc/rc.d - ${INSTALL_DATA} ${FILESDIR}/etc/honeytrap.toml ${STAGEDIR}${PREFIX}/etc - -post-install: - ${MKDIR} ${STAGEDIR}${PREFIX}/libdata/honeytrap - ${MKDIR} ${STAGEDIR}/var/log/honeytrap + ${MKDIR} ${STAGEDIR}${PREFIX}/etc/rc.d ${STAGEDIR}${ETCDIR} + ${INSTALL_DATA} ${FILESDIR}/honeytrap.toml ${STAGEDIR}${ETCDIR}/honeytrap.toml.sample .include <bsd.port.mk> Modified: head/security/honeytrap/distinfo ============================================================================== --- head/security/honeytrap/distinfo Thu Oct 1 23:30:32 2020 (r550880) +++ head/security/honeytrap/distinfo Thu Oct 1 23:50:34 2020 (r550881) @@ -1,6 +1,6 @@ -TIMESTAMP = 1587390791 -SHA256 (honeytrap-honeytrap-g20200415-d8d94c8f_GH0.tar.gz) = f565e52e8f4bbebc3765bd2ead68b7ab141da4ef00073749ae55268290f5d13a -SIZE (honeytrap-honeytrap-g20200415-d8d94c8f_GH0.tar.gz) = 379014 +TIMESTAMP = 1595352531 +SHA256 (honeytrap-honeytrap-g20200625-33bbb2d_GH0.tar.gz) = a6390179c0ba3282d7523f3633d4a15852f39081fd666f4ac3a4c37f95fef4c4 +SIZE (honeytrap-honeytrap-g20200625-33bbb2d_GH0.tar.gz) = 379053 SHA256 (AndreasBriese-bbloom-28f7e881ca57_GH0.tar.gz) = c87bf25d12aa9ef597c6a465dd2959d6d7e06d8341030d6d75c8a81ccc388ccd SIZE (AndreasBriese-bbloom-28f7e881ca57_GH0.tar.gz) = 7141 SHA256 (BurntSushi-toml-v0.3.0_GH0.tar.gz) = 2c49390424cfb043f803977bce80b1504495bada54f9e845ff8b30a05fab9a36 Modified: head/security/honeytrap/files/honeytrap.in ============================================================================== --- head/security/honeytrap/files/honeytrap.in Thu Oct 1 23:30:32 2020 (r550880) +++ head/security/honeytrap/files/honeytrap.in Thu Oct 1 23:50:34 2020 (r550881) @@ -3,18 +3,34 @@ # $FreeBSD$ # # PROVIDE: honeytrap -# REQUIRE: LOGIN +# REQUIRE: NETWORKING SERVERS DAEMON # KEYWORD: shutdown + +# Add honeytrap_enable="YES" to /etc/rc.conf to enable Honeytrap + +# Additional variables you can define are: + +# honeytrap_config (path): Config file path. +# Set to %%ETCDIR%%/honeytrap.toml by default. +# honeytrap_datadir (dir): Set dir to store honeytrap data in. +# Default is "%%HONEYTRAP_DBDIR%%" +# honeytrap_logdir (dir): Set dir to store honeytrap logs in. +# Default is "/var/log/honeytrap" +# honeytrap_user (string): Set user to run honeytrap. +# Default is "%%USER%%". +# honeytrap_group (string): Set group to run honeytrap. +# Default is "%%GROUP%%". +# honeytrap_pidfile (string): Set full path to pid file +# Default is "/var/run/honeytrap.pid" +# honeytrap_syslog_output_enable (bool): Set to YES to enable syslog output +# Default is "NO". See daemon(8). +# honeytrap_syslog_output_tag (str): Set syslog tag if syslog enabled. +# Default is "honeytrap". See daemon(8). +# honeytrap_syslog_output_priority (str): Set syslog priority if syslog enabled. +# Default is "info". See daemon(8). +# honeytrap_syslog_output_facility (str): Set syslog facility if syslog enabled. +# Default is "daemon". See daemon(8). # -# Add these lines to /etc/rc.conf.local or /etc/rc.conf -# to enable this service: -# -# honeytrap_enable (bool): Set to NO by default. -# Set it to YES to enable honeytrap. -# honeytrap_datadir (path): Set to %%PREFIX%%/libdata/honeytrap -# by default. -# honeytrap_config (path): Set to %%PREFIX%%/etc/honeytrap.toml -# by default. . /etc/rc.subr @@ -24,18 +40,49 @@ rcvar=honeytrap_enable load_rc_config $name : ${honeytrap_enable:="NO"} -: ${honeytrap_datadir="%%PREFIX%%/libdata/honeytrap"} -: ${honeytrap_config="%%PREFIX%%/etc/honeytrap.toml"} +: ${honeytrap_config="%%ETCDIR%%/honeytrap.toml"} +: ${honeytrap_datadir:="%%HONEYTRAP_DBDIR%%"} +: ${honeytrap_logdir:="/var/log/honeytrap"} +: ${honeytrap_user:="%%USER%%"} +: ${honeytrap_group:="%%GROUP%%"} +: ${honeytrap_pidfile:="/var/run/${name}.pid"} +: ${honeytrap_syslog_output_enable:="NO"} -start_cmd="${name}_start" +pidfile=${honeytrap_pidfile} +procname="%%PREFIX%%/bin/honeytrap" +command="/usr/sbin/daemon" -honeytrap_program="%%PREFIX%%/bin/honeytrap" -honeytrap_flags="--data $honeytrap_datadir --config $honeytrap_config" -pidfile=/var/run/${name}.pid +start_precmd="honeytrap_start_precmd" -honeytrap_start() +if checkyesno honeytrap_syslog_output_enable; then + if [ -n "${honeytrap_syslog_output_tag}" ]; then + honeytrap_syslog_output_flags="-T ${honeytrap_syslog_output_tag}" + else + honeytrap_syslog_output_flags="-T ${name}" + fi + if [ -n "${honeytrap_syslog_output_priority}" ]; then + honeytrap_syslog_output_flags="${honeytrap_syslog_output_flags} -s ${honeytrap_syslog_output_priority}" + fi + + if [ -n "${honeytrap_syslog_output_facility}" ]; then + honeytrap_syslog_output_flags="${honeytrap_syslog_output_flags} -l ${honeytrap_syslog_output_facility}" + fi +fi + +command_args="-f -t ${name} ${honeytrap_syslog_output_flags} -p ${pidfile} /usr/bin/env ${honeytrap_env} ${procname} --data ${honeytrap_datadir} --config ${honeytrap_config} ${honeytrap_flags}" + +honeytrap_start_precmd() { - daemon -o /var/log/honeytrap/service.log -p $pidfile -u $name $honeytrap_program $honeytrap_flags -} + if [ ! -e ${pidfile} ]; then + install -o ${honeytrap_user} -g ${honeytrap_group} /dev/null ${pidfile} + fi + if [ ! -d ${honeytrap_datadir} ]; then + install -d -m 0750 -o ${honeytrap_user} -g ${honeytrap_group} ${honeytrap_datadir} + fi + if [ ! -d ${honeytrap_logdir} ]; then + install -d -m 0750 -o ${honeytrap_user} -g ${honeytrap_group} ${honeytrap_logdir} + fi +} + run_rc_command "$@" Copied and modified: head/security/honeytrap/files/honeytrap.toml (from r550880, head/security/honeytrap/files/etc/honeytrap.toml) ============================================================================== Added: head/security/honeytrap/files/patch-cmd_constants.go ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/honeytrap/files/patch-cmd_constants.go Thu Oct 1 23:50:34 2020 (r550881) @@ -0,0 +1,21 @@ +--- cmd/constants.go.orig 2020-08-11 10:18:40 UTC ++++ cmd/constants.go +@@ -19,15 +19,12 @@ var ( + // GOPATH - GOPATH value at the time of build. + GOPATH = "" + +- // Go get development tag. +- goGetTag = "DEVELOPMENT.GOGET" +- + // Version - version time.RFC3339. +- Version = goGetTag ++ Version = "" + // ReleaseTag - release tag in TAG.%Y-%m-%dT%H-%M-%SZ. +- ReleaseTag = goGetTag ++ ReleaseTag = "" + // CommitID - latest commit id. +- CommitID = goGetTag ++ CommitID = "" + // ShortCommitID - first 12 characters from CommitID. + ShortCommitID = CommitID[:12] + ) Added: head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sentry_platform_kvm_bluepill__unsafe.go ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sentry_platform_kvm_bluepill__unsafe.go Thu Oct 1 23:50:34 2020 (r550881) @@ -0,0 +1,11 @@ +--- vendor/gvisor.dev/gvisor/pkg/sentry/platform/kvm/bluepill_unsafe.go.orig 2020-08-27 10:13:09 UTC ++++ vendor/gvisor.dev/gvisor/pkg/sentry/platform/kvm/bluepill_unsafe.go +@@ -13,7 +13,7 @@ + // limitations under the License. + + // +build go1.12 +-// +build !go1.15 ++// +build !go1.16 + + // Check go:linkname function signatures when updating Go version. + Added: head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sentry_platform_kvm_machine__unsafe.go ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sentry_platform_kvm_machine__unsafe.go Thu Oct 1 23:50:34 2020 (r550881) @@ -0,0 +1,11 @@ +--- vendor/gvisor.dev/gvisor/pkg/sentry/platform/kvm/machine_unsafe.go.orig 2020-08-27 10:11:57 UTC ++++ vendor/gvisor.dev/gvisor/pkg/sentry/platform/kvm/machine_unsafe.go +@@ -13,7 +13,7 @@ + // limitations under the License. + + // +build go1.12 +-// +build !go1.15 ++// +build !go1.16 + + // Check go:linkname function signatures when updating Go version. + Added: head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sentry_platform_ptrace_subprocess__unsafe.go ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sentry_platform_ptrace_subprocess__unsafe.go Thu Oct 1 23:50:34 2020 (r550881) @@ -0,0 +1,11 @@ +--- vendor/gvisor.dev/gvisor/pkg/sentry/platform/ptrace/subprocess_unsafe.go.orig 2020-08-27 10:10:47 UTC ++++ vendor/gvisor.dev/gvisor/pkg/sentry/platform/ptrace/subprocess_unsafe.go +@@ -13,7 +13,7 @@ + // limitations under the License. + + // +build go1.12 +-// +build !go1.15 ++// +build !go1.16 + + // Check go:linkname function signatures when updating Go version. + Added: head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sentry_vfs_mount__unsafe.go ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sentry_vfs_mount__unsafe.go Thu Oct 1 23:50:34 2020 (r550881) @@ -0,0 +1,11 @@ +--- vendor/gvisor.dev/gvisor/pkg/sentry/vfs/mount_unsafe.go.orig 2020-08-27 10:09:46 UTC ++++ vendor/gvisor.dev/gvisor/pkg/sentry/vfs/mount_unsafe.go +@@ -13,7 +13,7 @@ + // limitations under the License. + + // +build go1.12 +-// +build !go1.15 ++// +build !go1.16 + + // Check go:linkname function signatures when updating Go version. + Added: head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sleep_sleep__unsafe.go ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sleep_sleep__unsafe.go Thu Oct 1 23:50:34 2020 (r550881) @@ -0,0 +1,11 @@ +--- vendor/gvisor.dev/gvisor/pkg/sleep/sleep_unsafe.go.orig 2020-08-27 10:03:23 UTC ++++ vendor/gvisor.dev/gvisor/pkg/sleep/sleep_unsafe.go +@@ -13,7 +13,7 @@ + // limitations under the License. + + // +build go1.11 +-// +build !go1.15 ++// +build !go1.16 + + // Check go:linkname function signatures when updating Go version. + Added: head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sync_downgradable__rwmutex__unsafe.go ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sync_downgradable__rwmutex__unsafe.go Thu Oct 1 23:50:34 2020 (r550881) @@ -0,0 +1,11 @@ +--- vendor/gvisor.dev/gvisor/pkg/sync/downgradable_rwmutex_unsafe.go.orig 2020-08-27 10:03:50 UTC ++++ vendor/gvisor.dev/gvisor/pkg/sync/downgradable_rwmutex_unsafe.go +@@ -4,7 +4,7 @@ + // license that can be found in the LICENSE file. + + // +build go1.13 +-// +build !go1.15 ++// +build !go1.16 + + // Check go:linkname function signatures when updating Go version. + Added: head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sync_memmove__unsafe.go ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sync_memmove__unsafe.go Thu Oct 1 23:50:34 2020 (r550881) @@ -0,0 +1,11 @@ +--- vendor/gvisor.dev/gvisor/pkg/sync/memmove_unsafe.go.orig 2020-08-27 10:04:54 UTC ++++ vendor/gvisor.dev/gvisor/pkg/sync/memmove_unsafe.go +@@ -4,7 +4,7 @@ + // license that can be found in the LICENSE file. + + // +build go1.12 +-// +build !go1.15 ++// +build !go1.16 + + // Check go:linkname function signatures when updating Go version. + Added: head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sync_tmutex__unsafe.go ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_sync_tmutex__unsafe.go Thu Oct 1 23:50:34 2020 (r550881) @@ -0,0 +1,11 @@ +--- vendor/gvisor.dev/gvisor/pkg/sync/tmutex_unsafe.go.orig 2020-08-27 10:06:40 UTC ++++ vendor/gvisor.dev/gvisor/pkg/sync/tmutex_unsafe.go +@@ -4,7 +4,7 @@ + // license that can be found in the LICENSE file. + + // +build go1.13 +-// +build !go1.15 ++// +build !go1.16 + + // When updating the build constraint (above), check that syncMutex matches the + // standard library sync.Mutex definition. Added: head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_tcpip_link_rawfile_blockingpoll__yield__unsafe.go ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_tcpip_link_rawfile_blockingpoll__yield__unsafe.go Thu Oct 1 23:50:34 2020 (r550881) @@ -0,0 +1,11 @@ +--- vendor/gvisor.dev/gvisor/pkg/tcpip/link/rawfile/blockingpoll_yield_unsafe.go.orig 2020-08-27 10:08:00 UTC ++++ vendor/gvisor.dev/gvisor/pkg/tcpip/link/rawfile/blockingpoll_yield_unsafe.go +@@ -14,7 +14,7 @@ + + // +build linux,amd64 linux,arm64 + // +build go1.12 +-// +build !go1.15 ++// +build !go1.16 + + // Check go:linkname function signatures when updating Go version. + Added: head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_tcpip_time__unsafe.go ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/honeytrap/files/patch-vendor_gvisor.dev_gvisor_pkg_tcpip_time__unsafe.go Thu Oct 1 23:50:34 2020 (r550881) @@ -0,0 +1,11 @@ +--- vendor/gvisor.dev/gvisor/pkg/tcpip/time_unsafe.go.orig 2020-08-27 10:08:55 UTC ++++ vendor/gvisor.dev/gvisor/pkg/tcpip/time_unsafe.go +@@ -13,7 +13,7 @@ + // limitations under the License. + + // +build go1.9 +-// +build !go1.15 ++// +build !go1.16 + + // Check go:linkname function signatures when updating Go version. +
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202010012350.091NoZDC098405>