From e332ab40cdb730d30c38a474c2d9678807cd389e Mon Sep 17 00:00:00 2001 From: sthen Date: Mon, 19 Nov 2012 22:14:52 +0000 Subject: [PATCH] import ports/security/spiped, from James Turner, ok landry@ spiped (pronounced "ess-pipe-dee") is a utility for creating symmetrically encrypted and authenticated pipes between socket addresses, so that one may connect to one address (e.g., a UNIX socket on localhost) and transparently have a connection established to another address (e.g., a UNIX socket on a different system). This is similar to 'ssh -L' functionality, but does not use SSH and requires a pre-shared symmetric key. spipe (pronounced "ess-pipe") is a utility which acts as an spiped protocol client (i.e., connects to an spiped daemon), taking input from the standard input and writing data read back to the standard output. --- security/spiped/Makefile | 34 +++++++++++++++++++ security/spiped/distinfo | 2 ++ .../patches/patch-lib_events_events_network_c | 11 ++++++ security/spiped/pkg/DESCR | 11 ++++++ security/spiped/pkg/PLIST | 19 +++++++++++ security/spiped/pkg/spiped.rc | 21 ++++++++++++ 6 files changed, 98 insertions(+) create mode 100644 security/spiped/Makefile create mode 100644 security/spiped/distinfo create mode 100644 security/spiped/patches/patch-lib_events_events_network_c create mode 100644 security/spiped/pkg/DESCR create mode 100644 security/spiped/pkg/PLIST create mode 100644 security/spiped/pkg/spiped.rc diff --git a/security/spiped/Makefile b/security/spiped/Makefile new file mode 100644 index 00000000000..c32c5214cdd --- /dev/null +++ b/security/spiped/Makefile @@ -0,0 +1,34 @@ +# $OpenBSD: Makefile,v 1.1.1.1 2012/11/19 22:14:52 sthen Exp $ + +COMMENT = utility for creating secure pipes between socket addresses + +DISTNAME = spiped-1.2.2 +CATEGORIES = security sysutils + +MAINTAINER = James Turner + +HOMEPAGE = http://www.tarsnap.com/spiped.html +MASTER_SITES = http://www.tarsnap.com/spiped/ + +# BSD +PERMIT_PACKAGE_CDROM = Yes +PERMIT_PACKAGE_FTP = Yes +PERMIT_DISTFILES_CDROM =Yes +PERMIT_DISTFILES_FTP = Yes + +WANTLIB = c crypto pthread + +EXTRACT_SUFX = .tgz +NO_REGRESS = Yes +FAKE_FLAGS = BINDIR="${WRKINST}${PREFIX}/bin" + +post-install: + ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/spiped + ${INSTALL_DATA} ${WRKSRC}/COPYRIGHT ${PREFIX}/share/doc/spiped/ + ${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/doc/spiped/ + ${INSTALL_DATA} ${WRKSRC}/spipe/README ${PREFIX}/share/doc/spiped/README-spipe + ${INSTALL_DATA} ${WRKSRC}/spiped/README ${PREFIX}/share/doc/spiped/README-spiped + perl -pi -e 's,/etc/ssh/spiped.key,${SYSCONFDIR}/spiped/spiped.key,' \ + ${PREFIX}/share/doc/spiped/README + +.include diff --git a/security/spiped/distinfo b/security/spiped/distinfo new file mode 100644 index 00000000000..76dbd96aaec --- /dev/null +++ b/security/spiped/distinfo @@ -0,0 +1,2 @@ +SHA256 (spiped-1.2.2.tgz) = qetGgeTM1dhrii1OFnhduLoQ2Kn39zJIVRH9S5Lf8ew= +SIZE (spiped-1.2.2.tgz) = 51682 diff --git a/security/spiped/patches/patch-lib_events_events_network_c b/security/spiped/patches/patch-lib_events_events_network_c new file mode 100644 index 00000000000..802ecfa6269 --- /dev/null +++ b/security/spiped/patches/patch-lib_events_events_network_c @@ -0,0 +1,11 @@ +$OpenBSD: patch-lib_events_events_network_c,v 1.1.1.1 2012/11/19 22:14:52 sthen Exp $ +--- lib/events/events_network.c.orig Thu Nov 15 12:04:53 2012 ++++ lib/events/events_network.c Thu Nov 15 12:05:06 2012 +@@ -2,6 +2,7 @@ + + #include + #include ++#include + + #include "elasticarray.h" + #include "warnp.h" diff --git a/security/spiped/pkg/DESCR b/security/spiped/pkg/DESCR new file mode 100644 index 00000000000..8cbc5a03f7d --- /dev/null +++ b/security/spiped/pkg/DESCR @@ -0,0 +1,11 @@ +spiped (pronounced "ess-pipe-dee") is a utility for creating +symmetrically encrypted and authenticated pipes between socket +addresses, so that one may connect to one address (e.g., a UNIX socket +on localhost) and transparently have a connection established to another +address (e.g., a UNIX socket on a different system). This is similar to +'ssh -L' functionality, but does not use SSH and requires a pre-shared +symmetric key. + +spipe (pronounced "ess-pipe") is a utility which acts as an spiped +protocol client (i.e., connects to an spiped daemon), taking input from +the standard input and writing data read back to the standard output. diff --git a/security/spiped/pkg/PLIST b/security/spiped/pkg/PLIST new file mode 100644 index 00000000000..a09ae8d2e1a --- /dev/null +++ b/security/spiped/pkg/PLIST @@ -0,0 +1,19 @@ +@comment $OpenBSD: PLIST,v 1.1.1.1 2012/11/19 22:14:52 sthen Exp $ +@newgroup _spiped:707 +@newuser _spiped:707:_spiped:daemon:spiped user:/nonexistent:/sbin/nologin +@extra ${SYSCONFDIR}/spiped/spiped.key +@bin bin/spipe +@bin bin/spiped +share/doc/spiped/ +share/doc/spiped/COPYRIGHT +share/doc/spiped/README +share/doc/spiped/README-spipe +share/doc/spiped/README-spiped +@owner root +@group _spiped +@mode 750 +@sample ${SYSCONFDIR}/spiped/ +@mode +@group +@owner +@rcscript ${RCDIR}/spiped diff --git a/security/spiped/pkg/spiped.rc b/security/spiped/pkg/spiped.rc new file mode 100644 index 00000000000..40c928d42b1 --- /dev/null +++ b/security/spiped/pkg/spiped.rc @@ -0,0 +1,21 @@ +#!/bin/sh +# +# $OpenBSD: spiped.rc,v 1.1.1.1 2012/11/19 22:14:52 sthen Exp $ + +daemon="${TRUEPREFIX}/bin/spiped" +daemon_flags="-D -d -s '[0.0.0.0]:8022' -t '[127.0.0.1]:22' -k ${SYSCONFDIR}/spiped/spiped.key -p /var/run/spiped/spiped.pid" +daemon_user="_spiped" + +. /etc/rc.d/rc.subr + +pexp="${daemon}" +rc_reload=NO + +rc_pre() { + install -d -o _spiped /var/run/spiped + if [ ! -f ${SYSCONFDIR}/spiped/spiped.key ]; then + dd if=/dev/urandom bs=32 count=1 of=${SYSCONFDIR}/spiped/spiped.key + fi +} + +rc_cmd $1