From cperciva@xps.daemonology.net  Fri Aug 19 04:35:56 2011
Return-Path: <cperciva@xps.daemonology.net>
Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35])
	by hub.freebsd.org (Postfix) with ESMTP id 5AA9C106566B
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 19 Aug 2011 04:35:56 +0000 (UTC)
	(envelope-from cperciva@xps.daemonology.net)
Received: from xps.daemonology.net (freefall.freebsd.org [IPv6:2001:4f8:fff6::28])
	by mx2.freebsd.org (Postfix) with SMTP id 3C3DF14E3D2
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 19 Aug 2011 04:35:55 +0000 (UTC)
Received: (qmail 33244 invoked by uid 1001); 19 Aug 2011 04:35:54 -0000
Message-Id: <20110819043554.33243.qmail@xps.daemonology.net>
Date: 19 Aug 2011 04:35:54 -0000
From: Colin Percival <cperciva@freebsd.org>
Reply-To: Colin Percival <cperciva@freebsd.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: New port: sysutils/spiped secure pipe daemon
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         159899
>Category:       ports
>Synopsis:       New port: sysutils/spiped secure pipe daemon
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    crees
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Aug 19 04:40:09 UTC 2011
>Closed-Date:    Sun Aug 21 11:32:57 UTC 2011
>Last-Modified:  Sun Aug 21 11:40:08 UTC 2011
>Originator:     Colin Percival
>Release:        n/a
>Organization:
>Environment:
n/a
>Description:
Port of the spiped secure pipe daemon; this is essentially a replacement
for 'ssh -L', but using a pre-shared symmetric key (and not requiring SSH).

The only non-trivial component here is the rc.d script for creating
pipes; it is common for multiple instances of spiped to be required so
the rc.d script uses a list of pipes ($spiped_pipes) and options for
each pipe ($spiped_pipe_X_* for the pipe X).

I have a ports commit bit but don't use it often, and I'm not sure about
whether I got the rc.d script right in particular, so I'm submitting
this as a PR rather than committing it myself in the hopes that someone
with more ports-fu will make sure that I did things right. ;-)

>How-To-Repeat:
>Fix:

--- spiped.shar begins here ---
# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	spiped
#	spiped/files
#	spiped/files/spiped.in
#	spiped/pkg-descr
#	spiped/distinfo
#	spiped/Makefile
#
echo c - spiped
mkdir -p spiped > /dev/null 2>&1
echo c - spiped/files
mkdir -p spiped/files > /dev/null 2>&1
echo x - spiped/files/spiped.in
sed 's/^X//' >spiped/files/spiped.in << '333e110c043b23aeda04713cf125df30'
X#!/bin/sh
X
X# $FreeBSD$
X#
X# PROVIDE: spiped
X# REQUIRE: LOGIN
X# KEYWORD: shutdown
X#
X# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
X# to enable this service:
X#
X# spiped_enable:	Set to YES to enable spiped.
X# spiped_pipes:		List of names of pipes to create.
X# spiped_pipe_X_mode:	"encrypt"/"client" or "decrypt"/"server".
X# spiped_pipe_X_source: Source address of pipe X.
X# spiped_pipe_X_target:	Target address of pipe X.
X# spiped_pipe_X_key:	Key file for pipe X.
X
X. /etc/rc.subr
X
Xname="spiped"
Xstart_cmd="${name}_start"
Xstop_cmd="${name}_stop"
Xrcvar=${name}_enable
X
Xcommand=%%PREFIX%%/bin/${name}
X
Xload_rc_config $name
X
X: ${spiped_enable="NO"}
X
Xspiped_start()
X{
X	for P in ${spiped_pipes}; do
X		PIDFILE=/var/run/spiped_$P.pid
X		eval MODE=\$spiped_pipe_${P}_mode
X		eval SOURCE=\$spiped_pipe_${P}_source
X		eval TARGET=\$spiped_pipe_${P}_target
X		eval KEY=\$spiped_pipe_${P}_key
X		case "$MODE" in
X		encrypt | client)
X			MODEFLAG="-e"
X			;;
X		decrypt | server)
X			MODEFLAG="-d"
X			;;
X		*)
X			echo Invalid value for spiped_pipe_$P}_mode: $MODE
X			continue
X		esac
X		${command} $MODEFLAG -s $SOURCE -t $TARGET -k $KEY -p $PIDFILE
X	done
X}
X
Xspiped_stop()
X{
X	for P in ${spiped_pipes}; do
X		PIDFILE=/var/run/spiped_$P.pid
X		if [ -f $PIDFILE ]; then
X			kill -TERM `cat $PIDFILE`
X			rm $PIDFILE
X		fi
X	done
X}
X
Xrun_rc_command "$1"
333e110c043b23aeda04713cf125df30
echo x - spiped/pkg-descr
sed 's/^X//' >spiped/pkg-descr << '6ba1786c45428fb88d462c43c1965fdf'
XSpiped (pronounced "ess-pipe-dee") is a utility for creating symmetrically
Xencrypted and authenticated pipes between socket addresses, so that one may
Xconnect to one address (e.g., a UNIX socket on localhost) and transparently
Xhave a connection established to another address (e.g., a UNIX socket on a
Xdifferent system). This is similar to 'ssh -L' functionality, but does not
Xuse SSH and requires a pre-shared symmetric key. 
X
XWWW: http://www.tarsnap.com/spiped.html
X
X- Colin Percival
Xcperciva@tarsnap.com
6ba1786c45428fb88d462c43c1965fdf
echo x - spiped/distinfo
sed 's/^X//' >spiped/distinfo << '994a20e8a7d012e332be9fbe0642de43'
XSHA256 (spiped-1.0.0.tgz) = 82df05533bf8d8580f57e6dbec7d7e2966eabd3ea7a0a0bb06f87000947969a3
XSIZE (spiped-1.0.0.tgz) = 46684
994a20e8a7d012e332be9fbe0642de43
echo x - spiped/Makefile
sed 's/^X//' >spiped/Makefile << '2ab3cd9813c7e6138398a6bbf18b262d'
X# New ports collection makefile for:		spiped secure pipe daemon
X# Date created:					2011-08-18
X# Whom:						Colin Percival
X#
X# $FreeBSD$
X#
X
XPORTNAME=	spiped
XPORTVERSION=	1.0.0
XCATEGORIES=	sysutils security
XMASTER_SITES=	http://www.tarsnap.com/spiped/
XEXTRACT_SUFX=	.tgz
X
XMAINTAINER=	cperciva@tarsnap.com
XCOMMENT=	Daemon for creating secure symmetric pipes
X
XPLIST_FILES=	bin/spiped
X
XUSE_RC_SUBR=	spiped
X
X.include <bsd.port.mk>
2ab3cd9813c7e6138398a6bbf18b262d
exit
--- spiped.shar ends here ---


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->cperciva 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Fri Aug 19 04:40:18 UTC 2011 
Responsible-Changed-Why:  
Submitter has GNATS access (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=159899 
Responsible-Changed-From-To: cperciva->crees 
Responsible-Changed-By: crees 
Responsible-Changed-When: Fri Aug 19 17:22:11 UTC 2011 
Responsible-Changed-Why:  
I'll take it, but I'll also get dougb to review your rc script :) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=159899 

From: Chris Rees <chris@bayofrum.net>
To: bug-followup@FreeBSD.org, cperciva@FreeBSD.org
Cc:  
Subject: Re: ports/159899: New port: sysutils/spiped secure pipe daemon
Date: Fri, 19 Aug 2011 18:32:56 +0100

 Looking over your rc script -- would you be happy with making a 
 /var/run/${name} dir, rather than potentially loads of ${name}_$P.pid 
 files in /var/run?
 
 I've fixed a typo with a variable too; I'll send the script to rc for 
 review.
 
 Chris
 
 -- 
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.
 

From: Colin Percival <cperciva@freebsd.org>
To: Chris Rees <chris@bayofrum.net>
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/159899: New port: sysutils/spiped secure pipe daemon
Date: Fri, 19 Aug 2011 12:48:00 -0700

 On 08/19/11 10:32, Chris Rees wrote:
 > Looking over your rc script -- would you be happy with making a
 > /var/run/${name} dir, rather than potentially loads of ${name}_$P.pid
 > files in /var/run?
 
 Absolutely.  I wasn't sure if there was any precedent for pid files not
 being directly under /var/run/.
 
 > I've fixed a typo with a variable too; I'll send the script to rc for
 > review.
 
 Cool, thanks!
 
 -- 
 Colin Percival
 Security Officer, FreeBSD | freebsd.org | The power to serve
 Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid
State-Changed-From-To: open->closed 
State-Changed-By: crees 
State-Changed-When: Sun Aug 21 11:32:55 UTC 2011 
State-Changed-Why:  
New port added, with minor changes. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=159899 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/159899: commit references a PR
Date: Sun, 21 Aug 2011 11:32:28 +0000 (UTC)

 crees       2011-08-21 11:32:16 UTC
 
   FreeBSD ports repository
 
   Modified files:
     sysutils             Makefile 
   Added files:
     sysutils/spiped      Makefile distinfo pkg-descr 
     sysutils/spiped/files spiped.in 
   Log:
   Spiped (pronounced "ess-pipe-dee") is a utility for creating symmetrically
   encrypted and authenticated pipes between socket addresses, so that one may
   connect to one address (e.g., a UNIX socket on localhost) and transparently
   have a connection established to another address (e.g., a UNIX socket on a
   different system). This is similar to 'ssh -L' functionality, but does not
   use SSH and requires a pre-shared symmetric key.
   
   WWW: http://www.tarsnap.com/spiped.html
   
   - Colin Percival
   cperciva@tarsnap.com
   
   PR:             ports/159899
   Submitted by:   Colin Percival
   
   Revision  Changes    Path
   1.1315    +1 -0      ports/sysutils/Makefile
   1.1       +21 -0     ports/sysutils/spiped/Makefile (new)
   1.1       +2 -0      ports/sysutils/spiped/distinfo (new)
   1.1       +78 -0     ports/sysutils/spiped/files/spiped.in (new)
   1.1       +11 -0     ports/sysutils/spiped/pkg-descr (new)
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
