CVS commit: pkgsrc/security/tlswrapper

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security/tlswrapper
From: "Amitai Schleier" <schmonz%netbsd.org@localhost>
Date: Tue, 4 Jan 2022 21:39:03 +0000

Module Name:    pkgsrc
Committed By:   schmonz
Date:           Tue Jan  4 21:39:03 UTC 2022

Added Files:
        pkgsrc/security/tlswrapper: DESCR Makefile PLIST distinfo

Log Message:
Add tlswrapper, an UCSPI/inetd-style TLS encryption wrapper.

tlswrapper is an TLS encryption wrapper between remote client and local
program prog. Systemd.socket/inetd/tcpserver/... creates the server
connection, tlswrapper encrypts/decrypts data stream and reads/writes
data from/to the program prog as follows:

Internet <--> systemd.socket/inetd/tcpserver/... <--> tlswrapper <--> prog

By running separate instance of tlswrapper for each TLS connection, a
vulnerability in the code (e.g. bug in the TLS library) can't be used to
compromise the memory of another connection.

To protect against secret-information leaks to the network connection
(such Heartbleed) tlswrapper runs two independent processes for every
TLS connection. One process holds secret-keys and runs secret-keys
operations and second talks to the network. Processes communicate with
each other through UNIX pipes.


To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 pkgsrc/security/tlswrapper/DESCR \
    pkgsrc/security/tlswrapper/Makefile pkgsrc/security/tlswrapper/PLIST \
    pkgsrc/security/tlswrapper/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Added files:

Index: pkgsrc/security/tlswrapper/DESCR
diff -u /dev/null pkgsrc/security/tlswrapper/DESCR:1.1
--- /dev/null   Tue Jan  4 21:39:03 2022
+++ pkgsrc/security/tlswrapper/DESCR    Tue Jan  4 21:39:03 2022
@@ -0,0 +1,16 @@
+tlswrapper is an TLS encryption wrapper between remote client and local
+program prog. Systemd.socket/inetd/tcpserver/... creates the server
+connection, tlswrapper encrypts/decrypts data stream and reads/writes
+data from/to the program prog as follows:
+
+Internet <--> systemd.socket/inetd/tcpserver/... <--> tlswrapper <--> prog
+
+By running separate instance of tlswrapper for each TLS connection, a
+vulnerability in the code (e.g. bug in the TLS library) can't be used to
+compromise the memory of another connection.
+
+To protect against secret-information leaks to the network connection
+(such Heartbleed) tlswrapper runs two independent processes for every
+TLS connection. One process holds secret-keys and runs secret-keys
+operations and second talks to the network. Processes communicate with
+each other through UNIX pipes.
Index: pkgsrc/security/tlswrapper/Makefile
diff -u /dev/null pkgsrc/security/tlswrapper/Makefile:1.1
--- /dev/null   Tue Jan  4 21:39:03 2022
+++ pkgsrc/security/tlswrapper/Makefile Tue Jan  4 21:39:03 2022
@@ -0,0 +1,36 @@
+# $NetBSD: Makefile,v 1.1 2022/01/04 21:39:03 schmonz Exp $
+
+GITHUB_PROJECT=                tlswrapper
+GITHUB_TAG=            20220101
+DISTNAME=              ${GITHUB_PROJECT}
+PKGNAME=               ${GITHUB_PROJECT}-${GITHUB_TAG}
+CATEGORIES=            security net
+MASTER_SITES=          ${MASTER_SITE_GITHUB:=janmojzis/}
+
+MAINTAINER=            schmonz%NetBSD.org@localhost
+HOMEPAGE=              https://github.com/janmojzis/tlswrapper/
+COMMENT=               UCSPI/inetd-style TLS encryption wrapper
+#LICENSE=              # TODO: (see mk/license.mk)
+
+TEST_TARGET=           test
+
+BUILD_DEFS+=           VARBASE TLSWRAPPER_CHROOT
+OWN_DIRS+=             ${TLSWRAPPER_CHROOT}
+MAKE_ENV+=             EMPTYDIR=${TLSWRAPPER_CHROOT:Q}
+
+INSTALLATION_DIRS=     bin man/man1
+
+post-extract:
+       ${RM} -f ${WRKSRC}/bearssl.sh
+
+do-install:
+       cd ${WRKSRC};                                                   \
+       for i in tlswrapper tlswrapper-tcp; do                          \
+               ${INSTALL_PROGRAM} $${i} \
+                       ${DESTDIR}${PREFIX}/bin;                        \
+               ${INSTALL_MAN} man/$${i}.1 \
+                       ${DESTDIR}${PREFIX}/${PKGMANDIR}/man1;          \
+       done
+
+.include "../../security/bearssl/buildlink3.mk"
+.include "../../mk/bsd.pkg.mk"
Index: pkgsrc/security/tlswrapper/PLIST
diff -u /dev/null pkgsrc/security/tlswrapper/PLIST:1.1
--- /dev/null   Tue Jan  4 21:39:03 2022
+++ pkgsrc/security/tlswrapper/PLIST    Tue Jan  4 21:39:03 2022
@@ -0,0 +1,5 @@
+@comment $NetBSD: PLIST,v 1.1 2022/01/04 21:39:03 schmonz Exp $
+bin/tlswrapper
+bin/tlswrapper-tcp
+man/man1/tlswrapper-tcp.1
+man/man1/tlswrapper.1
Index: pkgsrc/security/tlswrapper/distinfo
diff -u /dev/null pkgsrc/security/tlswrapper/distinfo:1.1
--- /dev/null   Tue Jan  4 21:39:03 2022
+++ pkgsrc/security/tlswrapper/distinfo Tue Jan  4 21:39:03 2022
@@ -0,0 +1,5 @@
+$NetBSD: distinfo,v 1.1 2022/01/04 21:39:03 schmonz Exp $
+
+BLAKE2s (tlswrapper-20220101.tar.gz) = aad0a74ffe7a494e037a7bce1f28ff643e545f9bd456d5298dbdd2c1dc41c83d
+SHA512 (tlswrapper-20220101.tar.gz) = df1c3505cb44468099c2ce439c1d75731a24722474e55fe7868f52d91d414adfa4fc3575826ac9a7c6fb6491752622985d87d691d44e847c8897148350b1acce
+Size (tlswrapper-20220101.tar.gz) = 239414 bytes

Prev by Date: CVS commit: pkgsrc/devel/deepstate-libfuzzer
Next by Date: CVS commit: pkgsrc/security
Previous by Thread: CVS commit: pkgsrc/devel/deepstate-libfuzzer
Next by Thread: CVS commit: pkgsrc/security
Indexes:

Home | Main Index | Thread Index | Old Index