New port: security/titus

titus is a TLS/SSL proxy server (like stunnel or stud) that protects you
from vulnerabilities in the TLS implementation such as Heartbleed (or
worse).

titus requires FreeBSD 10.2 or newer due to PROC_TRACE_CTL which was
introduced at r277322

GIDs

@@ -179,6 +179,7 @@ varnish:*:429:
 quasselcore:*:442:
 callweaver:*:444:
 ecartis:*:450:
+dqcache:*:453:
 courier:*:465:
 condor:*:466:
 netmon:*:467:

UIDs

@@ -186,6 +186,7 @@ varnishlog:*:430:429::0:0:Varnish Log User:/nonexistent:/usr/sbin/nologin
 quasselcore:*:442:442::0:0:Quassel IRC User:/nonexistent:/usr/sbin/nologin
 callweaver:*:444:444::0:0:Callweaver account:/var/lib/callweaver:/usr/sbin/nologin
 ecartis:*:450:450::0:0:Ecartis Listserver:/usr/local/ecartis:/usr/sbin/nologin
+dqcache:*:453:453::0:0:Dqcache Resolver:/nonexistent:/usr/sbin/nologin
 courier:*:465:465::0:0:Courier Mail Server:/nonexistent:/usr/sbin/nologin
 condor:*:466:466::0:0:& user:/home/condor:/usr/sbin/nologin
 netmon:*:467:467::0:0:Network monitor account:/var/netmon:/usr/sbin/nologin
@@ -241,6 +242,8 @@ jenkins:*:818:818::0:0:Jenkins CI:/usr/local/jenkins:/bin/sh
 rundeck:*:819:819::0:0:Rundeck:/usr/local/rundeck:/bin/sh
 openacs:*:820:820::0:0:OpenACS Daemon User:/nonexistent:/usr/sbin/nologin
 dotlrn:*:821:821::0:0:.LRN Daemon User:/nonexistent:/usr/sbin/nologin
+titus:*:822:65533::0:0:Titus Daemon User:/nonexistent:/usr/sbin/nologin
+titus-keys:*:823:65533::0:0:Titus Keyserver User:/nonexistent:/usr/sbin/nologin
 polw:*:825:825::0:0:Policyd-weight Cache Owner:/nonexistent:/sbin/nologin
 statsd:*:826:826::0:0:Statsd Daemon:/nonexistent:/sbin/nologin
 netdisco:*:840:840::0:0:netdisco daemon:/nonexistent:/usr/sbin/nologin

security/Makefile

@@ -1061,6 +1061,7 @@
     SUBDIR += tcpcrypt
     SUBDIR += tinc
     SUBDIR += tinyca
+    SUBDIR += titus
     SUBDIR += tlswrap
     SUBDIR += tmux-cssh
     SUBDIR += tor

security/titus/Makefile

@@ -0,0 +1,38 @@
+# Created by: Mark Felder <feld@FreeBSD.org>
+# $FreeBSD$
+
+PORTNAME=	titus
+PORTVERSION=	0.3
+CATEGORIES=	security
+
+MAINTAINER=	feld@FreeBSD.org
+COMMENT=	TLS/SSL proxy server
+
+LICENSE=	MIT
+
+USES=	compiler:c++11-lang
+USE_RC_SUBR=	titus
+
+USE_OPENSSL=	yes
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	AGWA
+
+USERS=	titus titus-keys
+GROUPS=	nogroup
+
+MAKE_ENV+=	MANDIR=${MANPREFIX}/man
+
+.include <bsd.port.pre.mk>
+
+.if ${OSVERSION} < 1002000
+BROKEN=	Requires FreeBSD 10.2 or higher
+.endif
+
+post-patch:
+	${REINPLACE_CMD} 's|/var/lib/titus/empty|/var/empty|' ${WRKSRC}/titus.conf.example
+
+post-install:
+	${INSTALL_DATA} ${WRKSRC}/titus.conf.example ${STAGEDIR}${PREFIX}/etc/titus.conf.sample
+
+.include <bsd.port.post.mk>

security/titus/distinfo

@@ -0,0 +1,2 @@
+SHA256 (AGWA-titus-0.3_GH0.tar.gz) = 2b10e4a4e4df2b577465813b748e5d5f05e4e96cd5b48d64e3a148ab80c275bf
+SIZE (AGWA-titus-0.3_GH0.tar.gz) = 29521

security/titus/files/titus.in

@@ -0,0 +1,34 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: titus
+# REQUIRE: NETWORKING SERVERS
+# BEFORE: DAEMON
+# KEYWORD: shutdown
+
+#
+# Add some of the following variables to /etc/rc.conf to configure titus:
+# titus_enable (bool):	Set to "NO" by default.
+#				Set it to "YES" to enable titus.
+# titus_config (str):		Default "%%ETCDIR%%/titus.conf"
+#
+
+. /etc/rc.subr
+
+name="titus"
+rcvar=titus_enable
+
+load_rc_config $name
+
+: ${titus_enable="NO"}
+: ${titus_config="%%PREFIX%%/etc/${name}.conf"}
+
+pidfile=/var/run/titus.pid
+command="%%PREFIX%%/bin/titus"
+command_args="--daemon yes --pid-file ${pidfile} --config ${titus_config}"
+
+required_files="${titus_config}"
+
+run_rc_command "$1"

security/titus/pkg-descr

@@ -0,0 +1,5 @@
+titus is a TLS/SSL proxy server (like stunnel or stud) that protects you
+from vulnerabilities in the TLS implementation such as Heartbleed (or
+worse).
+
+WWW: https://opsmate.com/titus/

security/titus/pkg-plist

@@ -0,0 +1,3 @@
+bin/titus
+@sample etc/titus.conf.sample
+man/man8/titus.8.gz