svn commit: r341772 - in head/security/pond: . files
Carlo Strub
cs at FreeBSD.org
Wed Jan 29 19:38:10 UTC 2014
Author: cs
Date: Wed Jan 29 19:38:08 2014
New Revision: 341772
URL: http://svnweb.freebsd.org/changeset/ports/341772
QAT: https://qat.redports.org/buildarchive/r341772/
Log:
- Update to 20140120
- Client compiles now too
Added:
head/security/pond/files/
head/security/pond/files/main_freebsd.go (contents, props changed)
head/security/pond/files/patch-client-cli-input.go (contents, props changed)
head/security/pond/files/patch-client-cli.go (contents, props changed)
head/security/pond/files/sys_freebsd.go (contents, props changed)
Modified:
head/security/pond/Makefile
head/security/pond/distinfo
head/security/pond/pkg-descr
Modified: head/security/pond/Makefile
==============================================================================
--- head/security/pond/Makefile Wed Jan 29 19:29:25 2014 (r341771)
+++ head/security/pond/Makefile Wed Jan 29 19:38:08 2014 (r341772)
@@ -1,35 +1,63 @@
# $FreeBSD$
PORTNAME= pond
-PORTVERSION= 20140118
+PORTVERSION= 20140120
CATEGORIES= security
MASTER_SITES= http://c-s.li/ports/
-DISTFILES= pond-20140118.tar.gz \
+DISTFILES= pond-20140120.tar.gz \
go-gtk-20131128.tar.gz \
ed25519-20131225.tar.gz
MAINTAINER= cs at FreeBSD.org
-COMMENT= Forward secure, asynchronous messenger -- Server Only
+COMMENT= Forward secure, asynchronous messenger
LICENSE= BSD3CLAUSE
BUILD_DEPENDS= ${LOCALBASE}/${GO_LIBDIR}/code.google.com/p/go.crypto/bcrypt.a:${PORTSDIR}/security/go.crypto \
${LOCALBASE}/${GO_LIBDIR}/code.google.com/p/goprotobuf/proto.a:${PORTSDIR}/devel/goprotobuf \
${LOCALBASE}/${GO_LIBDIR}/code.google.com/p/go.net/dict.a:${PORTSDIR}/net/go.net
+RUN_DEPENDS= tor:${PORTSDIR}/security/tor
+LIB_DEPENDS= gtkspell:${PORTSDIR}/textproc/gtkspell \
+ libtspi.so:${PORTSDIR}/security/trousers
BROKEN= Experimental. Know what you do!
-PLIST_FILES= bin/server
-# USE_GNOME= gtk30
+PLIST_FILES= bin/server bin/client
+USE_GNOME= gtk30
GO_PKGNAME= github.com/agl/pond
-GO_TARGET= ${GO_PKGNAME}/server
-# ${GO_PKGNAME}/client
+GO_TARGET= ${GO_PKGNAME}/server \
+ ${GO_PKGNAME}/client
post-extract:
@${MKDIR} ${GO_WRKSRC:H}
+ @${CP} files/sys_freebsd.go ${WRKSRC}/client/system/sys_freebsd.go
+ @${CP} files/main_freebsd.go ${WRKSRC}/client/main_freebsd.go
@${LN} -sf ${WRKSRC} ${GO_WRKSRC}
@${LN} -sf ${WRKDIR}/go-gtk-20131128 ${GO_WRKDIR_SRC}/github.com/agl/go-gtk
@${LN} -sf ${WRKDIR}/ed25519-20131225 ${GO_WRKDIR_SRC}/github.com/agl/ed25519
+post-patch:
+ @${REINPLACE_CMD} -e 's|\<gdk|\<gtk-3.0\/gdk|g' \
+ ${WRKDIR}/go-gtk-20131128/gdk/gdk.go \
+ ${WRKDIR}/go-gtk-20131128/gdk/gdk_linux.go \
+ ${WRKDIR}/go-gtk-20131128/gdk/gdk_windows.go \
+ ${WRKDIR}/go-gtk-20131128/gtk/gtk.go
+ @${REINPLACE_CMD} -e 's|\<pango|\<pango-1.0\/pango|g' \
+ ${WRKDIR}/go-gtk-20131128/pango/pango.go
+ @${REINPLACE_CMD} -e 's|\<gtk|\<gtk-3.0\/gtk|g' \
+ ${WRKDIR}/go-gtk-20131128/gtk/gtk.go \
+ ${WRKDIR}/go-gtk-20131128/gtkspell/gtkspell_fedora.go \
+ ${WRKDIR}/go-gtk-20131128/gtkspell/gtkspell_ubuntu.go
+ @${REINPLACE_CMD} -e 's|\<glib|\<glib-2.0\/glib|g' \
+ ${WRKDIR}/go-gtk-20131128/glib/glib.go
+ @${REINPLACE_CMD} -e 's|\<gdk-pixbuf|\<gdk-pixbuf-2.0\/gdk-pixbuf|g' \
+ ${WRKDIR}/go-gtk-20131128/gdkpixbuf/gdkpixbuf.go
+ @${REINPLACE_CMD} -e 's|\<gtkspell|\<gtkspell-2.0\/gtkspell|g' \
+ ${WRKDIR}/go-gtk-20131128/gtkspell/gtkspell_fedora.go \
+ ${WRKDIR}/go-gtk-20131128/gtkspell/gtkspell_ubuntu.go
+
+do-build:
+ @(cd ${GO_WRKSRC}; ${SETENV} ${GO_ENV} ${GO_CMD} install -tags nogui -v ${GO_TARGET})
+
.include <bsd.port.pre.mk>
.include "${PORTSDIR}/lang/go/files/bsd.go.mk"
.include <bsd.port.post.mk>
Modified: head/security/pond/distinfo
==============================================================================
--- head/security/pond/distinfo Wed Jan 29 19:29:25 2014 (r341771)
+++ head/security/pond/distinfo Wed Jan 29 19:38:08 2014 (r341772)
@@ -1,5 +1,5 @@
-SHA256 (pond-20140118.tar.gz) = fab50333d564e8b286aa62daac55ad0b6f0391731478a5490cbccd5bd1a74cc2
-SIZE (pond-20140118.tar.gz) = 1049288
+SHA256 (pond-20140120.tar.gz) = 22e3a69535b76d548cfec62bb18e5b33a5920fc53dbb02b1ca010741c58129ec
+SIZE (pond-20140120.tar.gz) = 1049433
SHA256 (ed25519-20131225.tar.gz) = 6cd982fc6d93fd47b650e8922ab66fa64f40d395ddb5879497dbd8aa0c3c8c6d
SIZE (ed25519-20131225.tar.gz) = 105671
SHA256 (go-gtk-20131128.tar.gz) = 505452cfb7972a49e6960ad26a48c743d02598113b44e1fe0d5b9ee2a20719a4
Added: head/security/pond/files/main_freebsd.go
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/pond/files/main_freebsd.go Wed Jan 29 19:38:08 2014 (r341772)
@@ -0,0 +1,73 @@
+package main
+
+import (
+ "crypto/rand"
+ "encoding/binary"
+ "flag"
+ "fmt"
+ "os"
+ "path/filepath"
+ "runtime"
+
+ "code.google.com/p/go.crypto/scrypt"
+)
+
+func main() {
+ stateFile := flag.String("state-file", "", "File in which to save persistent state")
+ pandaScrypt := flag.Bool("panda-scrypt", false, "Run in subprocess mode to process passphrase")
+ cliFlag := flag.Bool("cli", false, "If true, the CLI will be used, even if the GUI is available")
+ devFlag := flag.Bool("dev", false, "Is this a development environment?")
+ flag.Parse()
+
+ if *pandaScrypt {
+ var numBytes uint32
+ if err := binary.Read(os.Stdin, binary.LittleEndian, &numBytes); err != nil {
+ panic(err)
+ }
+ if numBytes > 1024*1024 {
+ panic("passphrase too large")
+ }
+ passphrase := make([]byte, int(numBytes))
+ if _, err := os.Stdin.Read(passphrase); err != nil {
+ panic(err)
+ }
+ data, err := scrypt.Key(passphrase, nil, 1<<17, 16, 4, 32*3)
+ if err != nil {
+ panic(err)
+ }
+ os.Stdout.Write(data)
+ os.Exit(0)
+ }
+
+ dev := os.Getenv("POND") == "dev" || *devFlag
+ runtime.GOMAXPROCS(4)
+
+ if len(*stateFile) == 0 && dev {
+ *stateFile = "state"
+ }
+
+ if len(*stateFile) == 0 {
+ home := os.Getenv("HOME")
+ if len(home) == 0 {
+ fmt.Fprintf(os.Stderr, "$HOME not set. Please either export $HOME or use --state-file to set the location of the state file explicitly.\n")
+ os.Exit(1)
+ }
+ configDir := filepath.Join(home, ".config")
+ os.Mkdir(configDir, 0700)
+ *stateFile = filepath.Join(configDir, "pond")
+ }
+
+ if !haveGUI || *cliFlag || len(os.Getenv("PONDCLI")) > 0 {
+ client := NewCLIClient(*stateFile, rand.Reader, false /* testing */, true /* autoFetch */)
+ client.disableV2Ratchet = true
+ client.dev = dev
+ client.Start()
+ } else {
+ ui := NewGTKUI()
+ client := NewGUIClient(*stateFile, ui, rand.Reader, false /* testing */, true /* autoFetch */)
+ client.disableV2Ratchet = true
+ client.dev = dev
+ client.Start()
+ ui.Run()
+ }
+}
Added: head/security/pond/files/patch-client-cli-input.go
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/pond/files/patch-client-cli-input.go Wed Jan 29 19:38:08 2014 (r341772)
@@ -0,0 +1,15 @@
+--- client/cli-input.go.orig 2014-01-20 16:38:38.000000000 +0000
++++ client/cli-input.go 2014-01-24 23:58:07.000000000 +0000
+@@ -350,12 +350,6 @@
+ i.commands.Insert(command.name)
+ }
+
+- autoCompleteCallback := func(line string, pos int, key rune) (string, int, bool) {
+- return i.AutoComplete(line, pos, key)
+- }
+-
+- i.term.AutoCompleteCallback = autoCompleteCallback
+-
+ var ackChan chan struct{}
+
+ for {
Added: head/security/pond/files/patch-client-cli.go
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/pond/files/patch-client-cli.go Wed Jan 29 19:38:08 2014 (r341772)
@@ -0,0 +1,33 @@
+--- client/cli.go.orig 2014-01-20 16:38:38.000000000 +0000
++++ client/cli.go 2014-01-24 23:57:44.000000000 +0000
+@@ -105,12 +105,6 @@
+ }
+
+ func (c *cliClient) Start() {
+- oldState, err := terminal.MakeRaw(0)
+- if err != nil {
+- panic(err.Error())
+- }
+- defer terminal.Restore(0, oldState)
+-
+ signal.Notify(make(chan os.Signal), os.Interrupt)
+
+ wrapper, interruptChan := NewTerminalWrapper(os.Stdin)
+@@ -119,9 +113,6 @@
+ c.termWrapper = wrapper
+
+ c.term = terminal.NewTerminal(wrapper, "> ")
+- if width, height, err := terminal.GetSize(0); err == nil {
+- c.term.SetSize(width, height)
+- }
+
+ c.loadUI()
+
+@@ -1883,7 +1874,6 @@
+ },
+ cliIdsAssigned: make(map[cliId]bool),
+ }
+- c.ui = c
+
+ c.newMeetingPlace = func() panda.MeetingPlace {
+ return &panda.HTTPMeetingPlace{
Added: head/security/pond/files/sys_freebsd.go
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/pond/files/sys_freebsd.go Wed Jan 29 19:38:08 2014 (r341772)
@@ -0,0 +1,138 @@
+package system
+
+import (
+ "bufio"
+ "bytes"
+ "errors"
+ "io"
+ "io/ioutil"
+ "os"
+ "strings"
+ "sync"
+ "syscall"
+)
+
+func processLines(filename string, f func(line string) error) error {
+ contents, err := ioutil.ReadFile(filename)
+ if err != nil {
+ return err
+ }
+
+ file := bufio.NewReader(bytes.NewBuffer(contents))
+ for {
+ line, isPrefix, err := file.ReadLine()
+ if err == io.EOF {
+ break
+ }
+ if err != nil {
+ return err
+ }
+ if isPrefix {
+ return errors.New("file contains a line that it too long to process")
+ }
+ if err = f(string(line)); err != nil {
+ return err
+ }
+ }
+
+ return nil
+}
+
+// IsSafe checks to see whether the current OS appears to be safe. Specifically
+// it checks that any swap is encrypted.
+func IsSafe() error {
+ lineNo := 0
+ err := processLines("/proc/swaps", func(line string) error {
+ lineNo++
+ if lineNo == 1 {
+ // First line is just headings.
+ return nil
+ }
+ fields := strings.Fields(line)
+ if len(fields) < 1 {
+ return nil
+ }
+ device := fields[0]
+ if strings.Contains(device, "/mapper/") || strings.Contains(device, "/dm-") {
+ // We don't have permissions to introspect the mapper
+ // device, so we have to assume that it's encrypted.
+ return nil
+ }
+
+ return errors.New("swapping is active on " + device + " which doesn't appear to be encrypted")
+ })
+
+ if err != nil {
+ return errors.New("system: while checking /proc/swaps: " + err.Error())
+ }
+ return nil
+}
+
+var (
+ safeTempDir string
+ safeTempDirErr error
+ safeTempDirOnce sync.Once
+)
+
+func findSafeTempDir() {
+ var candidates []string
+
+ err := processLines("/proc/mounts", func(line string) error {
+ fields := strings.Fields(line)
+ if len(fields) < 1 {
+ return nil
+ }
+ path := fields[1]
+ filesystem := fields[2]
+ if filesystem == "tmpfs" &&
+ syscall.Access(path, 7 /* rwx ok */) == nil {
+ candidates = append(candidates, path)
+ }
+
+ return nil
+ })
+
+ if err == nil && len(candidates) == 0 {
+ err = errors.New("no writable tmpfs directories found")
+ }
+
+ if err != nil {
+ safeTempDirErr = errors.New("system: while checking /proc/mounts: " + err.Error())
+ return
+ }
+
+ suggested := os.TempDir()
+ preferred := []string{suggested}
+ var otherOptions []string
+ if dir := os.Getenv("XDG_RUNTIME_DIR"); len(dir) > 0 {
+ otherOptions = append(otherOptions, dir)
+ }
+ otherOptions = append(otherOptions, "/tmp", "/var/tmp")
+ for _, d := range otherOptions {
+ if suggested != d {
+ preferred = append(preferred, d)
+ }
+ }
+
+ for _, d := range preferred {
+ for _, candidate := range candidates {
+ if candidate == d {
+ safeTempDir = candidate
+ return
+ }
+ }
+ }
+
+ safeTempDir = candidates[0]
+}
+
+// SafeTempDir returns the path of a writable directory which is mounted with
+// tmpfs. As long as the swap is encrypted, then it should be safe to write
+// there.
+func SafeTempDir() (string, error) {
+ safeTempDirOnce.Do(findSafeTempDir)
+ if safeTempDirErr != nil {
+ return "", safeTempDirErr
+ }
+ return safeTempDir, nil
+}
Modified: head/security/pond/pkg-descr
==============================================================================
--- head/security/pond/pkg-descr Wed Jan 29 19:29:25 2014 (r341771)
+++ head/security/pond/pkg-descr Wed Jan 29 19:38:08 2014 (r341772)
@@ -6,6 +6,4 @@ traffic information against everyone exc
Pond is experimental software! DO NOT USE IT FOR ANYTHING REAL!!!
Use security/gnupg instead.
-!!! THIS INSTALLS THE POND SERVER ONLY, NOT THE CLIENT !!!
-
WWW: https://github.com/agl/pond/
More information about the svn-ports-all
mailing list