Create dedicated sandbox user for wsdd service
This changes the account the wsdd service runs under from the generic
'daemon' user to its own dedicated '_wsdd' user.
Approved by: ports-secteam (joneum)
PR: 250159
Nix is a purely functional package manager. This means that it treats
packages like values in purely functional programming languages such as
Haskell -- they are built by functions that don't have side-effects,
and they never change after they have been built.
FreeBSD support in Nix is not fully complete yet. This commit only
brings the Nix package manager to the ports. Hopefully, this port will
streamline the work of bootstrapping of Nix packages on FreeBSD.
Thanks to all the kind folks who contributed to the porting efforts.
It was a fun journey.
WWW: https://nixos.org/nix/
Differential Revision: https://reviews.freebsd.org/D17766
rpki-client is a FREE, easy-to-use implementation of the Resource Public Key
Infrastructure (RPKI) for Relying Parties (RP) to facilitate validation of the
Route Origin of a BGP announcement. The program queries the RPKI repository
system and outputs Validated ROA Payloads in the configuration format of either
OpenBGPD or BIRD, but also as CSV or JSON objects for consumption by other
routing stacks. rpki-client originated in OpenBSD.
This version is based on the portable version of rpki-client.
WWW: https://www.rpki-client.org/
WWW: https://github.com/rpki-client/rpki-client-portable
Allocate UID and GID 270 for use when running rpki-client.
Give time to users to change their env
The new port is the successor, it supports milter feature and its
config file is in another path.
PR: 244424
Submitted by: Yasuhiro KIMURA <yasu@utahime.org> (maintainer)
Using PostgREST is an alternative to manual CRUD programming. Custom API
servers suffer problems. Writing business logic often duplicates, ignores or
hobbles database structure. Object-relational mapping is a leaky abstraction
leading to slow imperative code. The PostgREST philosophy establishes a single
declarative source of truth: the data itself.
WWW: http://postgrest.org/en/v7.0.0/
PR: 246383
Submitted by: Dmitry Wagin
- clixon user and group will be used to listen to a socket
- Updated pkg-message
PR: 246264
Submitted by: Dave Cornejo <dcornejo@netgate.com> (maintainer)
Sponsored by: Rubicon Communications, LLC (Netgate)
It can be used together with the Smallstep step-ca client.
step-ca is a local CA. It can be used to create your own local PKI
Infrastructure and includes things like e.g. the possibility to have your
own ACME server.
A private certificate authority (X.509 & SSH) & ACME server for secure
automated certificate management, so you can use TLS everywhere & SSO for SSH.
WWW: https://smallstep.com/certificates/
PR: 245535
Submitted by: Markus Wipp <mw@wipp.bayern>
Secure Shout Host Oriented Unified Talk is an instant-messaging platform
designed to make uses of the existing SSH server in your system.
SSHOUT creates a private chat room in your host. The authentication of the
chat room is done by SSH public authentication. Users can join your chat room
by either directly connecting your SSH server with any SSH client; or using a
SSHOUT client that implemented the client side SSHOUT API.
This package provides the SSHOUT server side programs; if you are finding a
SSHOUT client, go to project page and find out a suitable client; or you can
also write your own client using SSHOUT API.
PR: 228723
Submitted by: WHR <msl0000023508@gmail.com>
music streaming server / subsonic server API implementation
features
* browsing by folder (keeping your full tree intact)
* browsing by tags (using taglib - supports mp3, opus, flac, ape, m4a, wav,
etc.)
* on-the-fly audio transcoding and caching (requires ffmpeg) (thank you spijet)
* pretty fast scanning (with my library of ~27k tracks, initial scan takes
about 10m, and about 5s after incrementally)
* multiple users, each with their own transcoding preferences, playlists, top
tracks, top artists, etc.
* last.fm scrobbling
* artist similarities and biographies from the last.fm api
* a web interface for configuration (set up last.fm, manage users, start scans,
etc.)
* support for the album-artist tag, to not clutter your artist list with
compilation album appearances
* written in go, so lightweight and suitable for a raspberry pi, etc.
* newer salt and token auth
* tested on dsub, jamstash, sublime music, and soundwaves
WWW: https://github.com/sentriz/gonic
- Change LICENSE to BSD2CLAUSE from BSD4CLAUSE
- Utilizes UID and GID irrd for 252
- Take MAINTAINERSHIP
- Mentioned in UPDATING
- Both irrd-legacy and irrd can bes installed and run concurrently
Approved by: ume (private mail)
signal-cli is a command-line interface for libsignal-service-java. It
supports registering, verifying, sending and receiving messages. To be able
to link to an existing Signal-Android/signal-cli instance, signal-cli uses
a patched libsignal-service-java, because libsignal-service-java does not
yet support provisioning as a slave device. For registering you need a
phone number where you can receive SMS or incoming calls. signal-cli is
primarily intended to be used on servers to notify admins of important
events. For this use-case, it has a dbus interface, that can be used to
send messages from any programming language that has dbus bindings.
WWW: https://github.com/AsamK/signal-cli
Note that the UIDs/GIDs were meaning to add 455 as the ID,
but typed 445 in the patch. I've corrected the IDs to 455.
I've also elided one blank line between the _DEPENDS lines
to please portlint.
Other than that, test builds succeeded on 11.3 (i386, amd64),
12.1 (i386, amd64, mips64, aarch64).
PR: 241426
Submitted by: Colin T. <bugzilla@nulldir.e4ward.com>
Reviewed by: Daniel Engberg
Approved by: samm@ (maintainer timeout, >4 months)
Special thanks to netchild for inspiring bringing back this piece software
to ports!
Reviewed by: netchild, pi, salvadore
Differential Revision: https://reviews.freebsd.org/D24127
HoneyTrap is a modular framework for running, monitoring and managing honeypots.
Using HoneyTrap you can use sensors, high interaction and low
interaction honeypots together, while still using the same event mechanisms.
HoneyTrap consists of services, directors, listeners and channels. It is easy to
build new services, attach existing honeypots and extend channels or directors.
PR: 242740
Submitted by: ezri.mudde@dutchsec.com
The imds-filterd tool allows administrators of EC2 instances to lock down
which data from the Instance Metadata Service can be accessed by specified
system users and groups, thereby making the EC2 Instance Metadata Service
compatible with traditional UNIX privilege separation.
Reviewed by: otis, dizzy, lwhsu
Sponsored by: Tarsnap Backup Inc.
Bitmark secures digital property registration through Bitmark certificates,
enabling economic trade of those properties between individuals, governments,
corporations, and institutions at global scale.
WWW: https://github.com/bitmark-inc/bitmarkd
Submitted by: Christopher Hall <hsw__bitmark.com>
Sponsored by: Bitmark Inc.
Differential Revision: https://reviews.freebsd.org/D23167
Release notes:
https://github.com/NLnetLabs/routinator/releases/tag/v0.6.2
Port changes:
- Add a startup script.
- Add a separate user/group for the daemon to use.
PR: 240560
PR: 239899
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
This is being done as svn copy instead of rename so that users of
security/bro can have some time to migrate. It also allows for
possible security updates to the old bro port which upstream has
indicated is possible for at least a few months.
Reviewed by: ler (mentor)
Approved by: ler (mentor)
Differential Revision: https://reviews.freebsd.org/D22376
Added rc script to run p0f in daemon mode as as unprivileged user.
That is useful to provide access to p0f API via unix socket for
various clients (e.g. anti-spam filters like rspamd, haraka-plugin-p0f,
etc.).
PR: 240712
Submitted by: Alexander Moisseev <moiseev@mezonplus.ru>
Lidarr is a music collection manager for Usenet and BitTorrent users.
It can monitor multiple RSS feeds for new tracks from your favorite
artists and will grab, sort and rename them.
It can also be configured to automatically upgrade the quality of
files already downloaded when a better quality format becomes
available.
It looks and smells like Sonarr but made for music.
WWW: https://lidarr.audio
PR: 234233
Submitted by: Michiel van Baak <michiel@vanbaak.eu>, Matt Russi <mrussi@gmail.com>
SEMS is an open-source SIP media server, implementing a B2BUA,
voicemail, IVRs, announcements, etc. It is designed to be
complementary to SIP proxy-only tools like Kamailio, OpenSIPS, etc.
This adds a new port for the SEMS SIP media server, which provides a
number of functions (Voicemail, conferencing, B2BUA, etc.) in conjunction
with a SIP router like Kamailio or OpenSIPS.
The most recent release (1.6.0) is both old and has a significant number
of issues on FreeBSD, so this corresponds to the current development
branch, which should hopefully become 1.7 in not too very long. I've
added one other patch (from SEMS pull request 57) that is required to
make message-waiting notifications behave in a useful way but has yet
to be merged upstream.
WWW: https://github.com/sems-server/sems/
PR: 240048
Reviewed by: koobs (ports)
Approved by: koobs (ports)
Differential Revision: D21410
OwnTracks apps.
OwnTracks allows you to keep track of your own location. You can build
your private location diary or share it with your family and friends.
OwnTracks is open-source and uses open protocols for communication so
you can be sure your data stays secure and private.
API backend for the sysutils/restic backup software, enabling fast and
easy network backups
Approved by: jrm (mentor, implicit)
Sponsored by: SkunkWerks, GmbH
Lego is a new let's encrypt client write in Go with
support for number of ACME challenges and no external
dependencies.
PR: 237349
Submitted by: Matthew Horan <matt@matthoran.com>
Project V is a set of network tools that help you to build your
own computer network. It secures your network connections and
thus protects your privacy.
WWW: https://www.v2ray.com
PR: 235418
Submitted by: Yanhui Shen <shen.elf@gmail.com>
Reviewed by: koobs, mat
Approved by: koobs (mentor)
Differential Revision: https://reviews.freebsd.org/D19066
Sonic is a fast, lightweight, and schema-less search backend. It
ingests search texts and identifier tuples that can then be queried
against in a microsecond's time.
Sonic can be used as a simple alternative to super-heavy and
full-featured search backends such as Elasticsearch in some use-cases.
It is capable of normalizing natural language search queries,
auto-completing a search query and providing the most relevant
results for a query. Sonic is an identifier index, rather than a
document index; when queried, it returns IDs that can then be used
to refer to the matched documents in an external database.
A strong attention to performance and code cleanliness has been
given when designing Sonic. It aims at being crash-free, super-fast
and puts minimum strain on server resources.
WWW: https://github.com/valeriansaliou/sonic
Reason for this is, if you like to use rspamd to also sign emails using DKIM, ARC,
rspamd need access to the private key used for signing.
As user nobody is correctly used to run rspamd each service that fallback
to user nobody would have access to the private key, which is a security risk.
PR: 230766
Hockeypuck implements the HKP draft protocol specification,
as well as several extensions to the protocol supported by SKS.
Public key material conforming to RFC 4880 is supported by the keyserver,
as are RFC 6637 ECC keys.
As-of-yet unsupported key material, such as recent Ed25519 signing keys,
may be distributed by Hockeypuck, however Hockeypuck is not able to
validate them yet.
WWW: https://hockeypuck.github.io
PR: 235904
Submitted by: Michiel van Baak <michiel@vanbaak.eu>
NZBHydra 2 is a meta search for NZB indexers. It provides easy access to a
number of raw and newznab based indexers. You can search all your indexers
from one place and use it as an indexer source for tools like Sonarr,
Radarr or CouchPotato.
WWW: https://github.com/theotherp/nzbhydra2
PR: 234537
Submitted by: Daniel Shafer <daniel shafer cc>
Differential_Revision: https://reviews.freebsd.org/D18704
libvirt-dbus wraps libvirt API to provide a high-level object-oriented API
better suited for dbus-based applications.
WWW: https://libvirt.org/dbus.html
Midpoint is a comprehensive identity management and identity
governance system. It is basically an complex integration tool
that can replicate and transform user records between numerous user
databases, management of the records, reporting, auditing and so
on. It allows very complex transformation and replication rules
including support for advanced RBAC and scripting. Its internal
mechanisms are based on state-of-the art concepts that are still
not yet widely used in the fieldof Identity Management.
WWW: https://evolveum.com/midpoint/
PR: 231766
Submitted by: Matthias Wolf <freebsd@rheinwolf.de>