security/tlsc: Add new port

Tlsc is a little BSD-licensed daemon that allows to connect non-TLS clients to TLS-enabled services. It's kept simple, so uses all-standard options for TLS and doesn't implement anything else (like e.g. STARTTLS or doing service-side). Approved by: tcberner (mentor, implicit)
freebsd · May 2, 2023 · cf234c8 · cf234c8
1 parent d3b5d28
commit cf234c8
Show file tree

Hide file tree

Showing 5 changed files with 86 additions and 0 deletions.
diff --git a/security/Makefile b/security/Makefile
@@ -1294,6 +1294,7 @@
     SUBDIR += tinc-devel
     SUBDIR += tinyca
     SUBDIR += tls-check
+    SUBDIR += tlsc
     SUBDIR += tor
     SUBDIR += tor-devel
     SUBDIR += totp-cli

diff --git a/security/tlsc/Makefile b/security/tlsc/Makefile
@@ -0,0 +1,30 @@
+PORTNAME=	tlsc
+DISTVERSIONPREFIX=	v
+DISTVERSION=	1.2
+CATEGORIES=	security
+
+MAINTAINER=	zirias@FreeBSD.org
+COMMENT=	TLS connect daemon
+WWW=		https://github.com/Zirias/tlsc
+
+LICENSE=	BSD2CLAUSE
+LICENSE_FILE=	${WRKSRC}/LICENSE.txt
+
+USES=		compiler:c11 gmake ssl
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	Zirias
+GH_PROJECT=	zimk:zimk
+GH_TAGNAME=	0def4fa:zimk
+
+USE_RC_SUBR=	${PORTNAME}
+
+MAKE_ARGS=	V=1
+ALL_TARGET=	strip
+
+PLIST_FILES=	bin/tlsc
+
+post-extract:
+	@${MV} ${WRKSRC_zimk}/* ${WRKSRC}/zimk/
+
+.include <bsd.port.mk>
diff --git a/security/tlsc/distinfo b/security/tlsc/distinfo
@@ -0,0 +1,5 @@
+TIMESTAMP = 1683008653
+SHA256 (Zirias-tlsc-v1.2_GH0.tar.gz) = 90eb9315091f212d85afedb35d683e0ccf3ba692487caeeebb13986be75a4153
+SIZE (Zirias-tlsc-v1.2_GH0.tar.gz) = 23097
+SHA256 (Zirias-zimk-0def4fa_GH0.tar.gz) = faff68b6f7a0e337c9d42da7a7686b83e64a430592471d7eeaee3c5e2525d8fc
+SIZE (Zirias-zimk-0def4fa_GH0.tar.gz) = 12738
diff --git a/security/tlsc/files/tlsc.in b/security/tlsc/files/tlsc.in
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+# PROVIDE: tlsc
+# REQUIRE: DAEMON
+# BEFORE:  LOGIN
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name=tlsc
+desc="TLS connect daemon"
+
+rcvar=tlsc_enable
+
+load_rc_config ${name}
+
+: ${tlsc_enable:=NO}
+
+start_precmd=tlsc_prestart
+command="%%PREFIX%%/bin/tlsc"
+pidfile=/var/run/tlsc/tlsc.pid
+command_args="-p ${pidfile} ${tlsc_flags} ${tlsc_tunnels}"
+
+tlsc_prestart()
+{
+	if [ -z "${tlsc_tunnels}" ]; then
+		err 1 "tlsc_tunnels must be configured."
+	fi
+	if [ -n "${tlsc_user}" ]; then
+		rc_flags="-u ${tlsc_user} ${rc_flags}"
+	fi
+	if [ -n "${tlsc_group}" ]; then
+		rc_flags="-g ${tlsc_group} ${rc_flags}"
+	fi
+
+	# tlsc handles user and group itself
+	unset _user
+	unset _group
+	install -d -m 755 -o ${tlsc_user:-root} $(dirname ${pidfile})
+
+	return 0
+}
+
+run_rc_command "$1"
diff --git a/security/tlsc/pkg-descr b/security/tlsc/pkg-descr
@@ -0,0 +1,6 @@
+A simple socket proxy for connecting to TLS-enabled services.
+
+This daemon will listen on sockets (typically on localhost) and forward
+connecting clients to some remote host, adding TLS encryption.
+
+It does the job in the simplest possible way, using all-standard options.