net/fort: new port: FORT Validator

FORT Validator is an open source RPKI validator. This solution allows operators to validate BGP routing information against the RPKI repository for use in router configuration and resolution. Submitted by: Toni Kalombo <toni@devboks.com> (maintainer) Tested by: Mark Tinka <mark@tinka.africa>
2021-10-22 13:53:47 +08:00 · 2021-10-22 13:53:47 +08:00 · a679f9da38
commit a679f9da38
parent 7758a5695f
8 changed files with 140 additions and 0 deletions
--- a/net/Makefile
+++ b/net/Makefile
@ -157,6 +157,7 @@
    SUBDIR += findomain
    SUBDIR += flower
    SUBDIR += foreman-proxy
+    SUBDIR += fort
    SUBDIR += fpc-ldap
    SUBDIR += fpc-libenet
    SUBDIR += fpc-pcap
--- a/net/fort/Makefile
+++ b/net/fort/Makefile
@ -0,0 +1,41 @@
+PORTNAME=	fort
+DISTVERSION=	1.5.2
+CATEGORIES=	net
+
+MAINTAINER=	toni@devboks.com
+COMMENT=	FORT Validator is an open source RPKI validator
+
+LICENSE=	MIT
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+LIB_DEPENDS=	libcurl.so:ftp/curl libjansson.so:devel/jansson \
+		libxml2.so:textproc/libxml2
+RUN_DEPENDS=	${LOCALBASE}/bin/rsync:net/rsync
+
+USES=		autoreconf pkgconfig ssl
+USE_GCC=	yes
+USE_GITHUB=	yes
+USE_RC_SUBR=	fort
+
+GH_ACCOUNT=	NICMx
+GH_PROJECT=	FORT-validator
+
+GNU_CONFIGURE=	yes
+
+SUB_FILES=	pkg-message
+
+post-patch:
+	@${REINPLACE_CMD} -e "s|/tmp/fort|${ETCDIR}|" \
+		${WRKSRC}/examples/config.json
+	@${REINPLACE_CMD} -e "s|/usr/local/ssl|/etc/ssl|" \
+		${WRKSRC}/examples/config.json
+	@${REINPLACE_CMD} -e "s|rsync\",|${LOCALBASE}/bin/rsync\",|" \
+		${WRKSRC}/examples/config.json
+	@${REINPLACE_CMD} -e "/\"daemon\": false,/d" \
+		${WRKSRC}/examples/config.json
+post-install:
+	@${MKDIR} ${STAGEDIR}${ETCDIR}/repository ${STAGEDIR}${ETCDIR}/tal
+	${INSTALL_DATA} ${WRKSRC}/examples/config.json \
+		${STAGEDIR}${ETCDIR}/fort-config.json.sample
+
+.include <bsd.port.mk>
--- a/net/fort/distinfo
+++ b/net/fort/distinfo
@ -0,0 +1,3 @@
+TIMESTAMP = 1634812159
+SHA256 (NICMx-FORT-validator-1.5.2_GH0.tar.gz) = c49b7badcf6dae05b7c9ae9cb3b1514d2b742d868b83f8b8deb0d7ae0a3e6bf2
+SIZE (NICMx-FORT-validator-1.5.2_GH0.tar.gz) = 482094
--- a/net/fort/files/fort.in
+++ b/net/fort/files/fort.in
@ -0,0 +1,47 @@
+#!/bin/sh
+
+# PROVIDE: fort
+# REQUIRE: DAEMON fort
+# BEFORE: LOGIN
+# KEYWORD: shutdown
+
+# Define fort_enable in /etc/rc.conf[.local] to enable it.
+#
+# fort_enable (bool):  Set to "NO" by default.
+#                             Set it to "YES" to enable fort.
+
+. /etc/rc.subr
+
+name="fort"
+rcvar=fort_enable
+start_precmd=check_init
+command="%%PREFIX%%/bin/${name}"
+
+load_rc_config $name
+: ${fort_enable="NO"}
+: ${wrkdir:="%%ETCDIR%%"}
+
+
+fort_config=${fort_conf:-"%%ETCDIR%%/fort-config.json"}
+required_file=${fort_config}
+command_args="--configuration-file=${fort_config} --daemon=true"
+
+check_init() {
+	if [ ! -d ${wrkdir}/tal ]; then
+		echo
+		echo -n "Need to initialize fort with tals, "
+		echo "see man fort"
+		echo
+		exit 1
+	fi
+	if [ ! -f ${fort_config} ]; then
+		echo
+		echo -n "Configuration file not found at ${fort_config} "
+		echo  "Please create one before starting Fort, "
+		echo "see man fort"
+		echo
+		exit 1
+	fi
+}
+
+run_rc_command "$1"
--- a/net/fort/files/patch-src_Makefile.am
+++ b/net/fort/files/patch-src_Makefile.am
@ -0,0 +1,11 @@
+--- src/Makefile.am.orig	2021-09-20 02:51:17 UTC
+++ src/Makefile.am
+@@ -130,7 +130,7 @@ fort_SOURCES += $(ASN_MODULE_SRCS) $(ASN_MODULE_HDRS)
+ fort_CFLAGS  = -Wall -Wno-cpp -Wpedantic
+ # Feel free to temporarily remove this one if you're not using gcc 7.3.0.
+ #fort_CFLAGS += $(GCC_WARNS)
+-fort_CFLAGS += -std=gnu11 -O2 -g $(FORT_FLAGS) ${XML2_CFLAGS}
+fort_CFLAGS += -std=gnu11 -O2 -g $(FORT_FLAGS) ${XML2_CFLAGS} ${JANSSON_CFLAGS}
+ fort_LDFLAGS = $(LDFLAGS_DEBUG)
+ fort_LDADD   = ${JANSSON_LIBS} ${CURL_LIBS} ${XML2_LIBS}
+ 
--- a/net/fort/files/pkg-message.in
+++ b/net/fort/files/pkg-message.in
@ -0,0 +1,25 @@
+[
+{ type: install
+  message: <<EOM
+A default configuration file has been installed in
+%%ETCDIR%%/fort-config.json.sample.
+
+To use FORT, you will need the Trust Anchor Locator (TAL) files.
+You can download these by running "fort --init-tals" as follows:
+
+# fort --init-tals --tal %%ETCDIR%%/tal
+
+When you have downloaded the TAL files, you can start the RTR
+server and validator:
+
+# sysrc fort_enable=YES # or edit /etc/rc.conf manually
+# service fort start
+
+The default configuration will bind the RTR server to localhost
+on port 8323.
+
+Consult the FORT manual for more information:
+https://nicmx.github.io/FORT-validator/run.html
+EOM
+}
+]
--- a/net/fort/pkg-descr
+++ b/net/fort/pkg-descr
@ -0,0 +1,7 @@
+FORT validator is an MIT-licensed RPKI Relying Party, this is a tool offered as
+part of the FORT project. It is a solution that allows operators to validate BGP
+routing information against the RPKI repository for use in router configuration
+and resolution. The service performs the validation of the entire RPKI
+repository, and which serves the resulting ROAs for easy access by your routers.
+
+WWW: https://fortproject.net/en/validator
--- a/net/fort/pkg-plist
+++ b/net/fort/pkg-plist
@ -0,0 +1,5 @@
+bin/fort
+man/man8/fort.8.gz
+@dir %%ETCDIR%%/repository
+@dir %%ETCDIR%%/tal
+@sample %%ETCDIR%%/fort-config.json.sample