diff options
| author | skydrome | 2019-11-06 04:28:34 -0500 |
|---|---|---|
| committer | skydrome | 2019-11-06 04:28:34 -0500 |
| commit | 8ce5c1fd647b3254a1f867f67072cc689543003d (patch) | |
| tree | 16e08fe24e5ecb8311794fa429b18bfeaf8a5aca | |
| parent | 4b1f4c669b8a5979c1106c4304ba14b60b39234a (diff) | |
| download | aur-tcpcrypt-git.tar.gz | |
cleanup
| -rw-r--r-- | .SRCINFO | 10 | ||||
| -rw-r--r-- | PKGBUILD | 29 | ||||
| -rw-r--r-- | tcpcrypt.install | 15 | ||||
| -rw-r--r-- | tcpcryptd.conf | 16 | ||||
| -rw-r--r-- | tcpcryptd.service | 13 | ||||
| -rw-r--r-- | tcpcryptd.sysusers | 2 | ||||
| -rw-r--r-- | tcpcryptd.tmpfiles | 6 |
7 files changed, 39 insertions, 52 deletions
@@ -1,6 +1,6 @@ pkgbase = tcpcrypt-git pkgdesc = Transparent user space implementation for the tcpcrypt TCP extensions - pkgver = 346.ec01927 + pkgver = 369.25c9a85 pkgrel = 1 url = http://tcpcrypt.org install = tcpcrypt.install @@ -23,10 +23,10 @@ pkgbase = tcpcrypt-git source = tcpcryptd.tmpfiles source = tcpcryptd.sysusers sha256sums = SKIP - sha256sums = a41bfa7b0c8f527f96c993f68e0a02265ad672fe6c2e10f41bc00b8b1f819305 - sha256sums = 68a3227f971dce0056bbe8768b570fade4ee8b17aca2e354c35352f2bf0a7028 - sha256sums = 95393df0fca7e228e36b9594e29a3f32514c8f7229b329e0b9a37dab4985b28f - sha256sums = e9c73c4eeff3f14f0fedd14a529f8c81f591ada543b91e82252e5b2b8f11d916 + sha256sums = 4a12aafddb6600a49652acdec13e703a5f4305fd19fdb5c35581b188cd7cca58 + sha256sums = ac10f4c3de034bfc0ca8fd7034da7633a95d8fce7a9d12304a998a9c3b6fa51b + sha256sums = 3ed90191d41add525242e7e84769c17b6d40b5fa461937739b4d5b7532afc83d + sha256sums = 3eeaaa4124904c673cfe7584e6c399ea2ab060f0e1d4d181323552ffee782c81 pkgname = tcpcrypt-git @@ -3,7 +3,7 @@ # Maintainer: mutantmonkey <aur@mutantmonkey.in> pkgname=tcpcrypt-git -pkgver=346.ec01927 +pkgver=369.25c9a85 pkgrel=1 pkgdesc="Transparent user space implementation for the tcpcrypt TCP extensions" arch=('i686' 'x86_64') @@ -20,10 +20,10 @@ source=("git+https://github.com/scslab/tcpcrypt.git" 'tcpcryptd.conf' 'tcpcryptd.service' 'tcpcryptd.tmpfiles' 'tcpcryptd.sysusers') sha256sums=('SKIP' - 'a41bfa7b0c8f527f96c993f68e0a02265ad672fe6c2e10f41bc00b8b1f819305' - '68a3227f971dce0056bbe8768b570fade4ee8b17aca2e354c35352f2bf0a7028' - '95393df0fca7e228e36b9594e29a3f32514c8f7229b329e0b9a37dab4985b28f' - 'e9c73c4eeff3f14f0fedd14a529f8c81f591ada543b91e82252e5b2b8f11d916') + '4a12aafddb6600a49652acdec13e703a5f4305fd19fdb5c35581b188cd7cca58' + 'ac10f4c3de034bfc0ca8fd7034da7633a95d8fce7a9d12304a998a9c3b6fa51b' + '3ed90191d41add525242e7e84769c17b6d40b5fa461937739b4d5b7532afc83d' + '3eeaaa4124904c673cfe7584e6c399ea2ab060f0e1d4d181323552ffee782c81') pkgver() { cd tcpcrypt @@ -40,11 +40,6 @@ prepare() { build() { cd tcpcrypt - export JAIL_DIR=/run/tcpcryptd - export JAIL_USER=tcpcryptd - export DIVERT_PORT=1666 - export CONTROL_SOCKET=\"/run/tcpcryptd.control\" - ./configure --prefix=/usr make } @@ -53,14 +48,14 @@ package() { cd tcpcrypt make DESTDIR="$pkgdir" install - install -dm755 "$pkgdir/usr/lib/tmpfiles.d" - echo 'd /run/tcpcryptd 0700 tcpcryptd tcpcryptd' >"$pkgdir/usr/lib/tmpfiles.d/tcpcryptd.conf" + install -dm644 "$pkgdir"/usr/share/tcpcryptd - install -Dm644 "$srcdir"/tcpcrypt/LICENSE "$pkgdir"/usr/share/licenses/"$pkgname"/LICENSE - install -Dm644 "$srcdir"/tcpcryptd.conf "$pkgdir"/etc/conf.d/tcpcryptd.conf - install -Dm644 "$srcdir"/tcpcryptd.service "$pkgdir"/usr/lib/systemd/system/tcpcryptd.service - install -Dm644 "$srcdir"/tcpcryptd.tmpfiles "$pkgdir"/usr/lib/tmpfiles.d/tcpcryptd.conf - install -Dm644 "$srcdir"/tcpcryptd.sysusers "$pkgdir"/usr/lib/sysusers.d/tcpcryptd.conf + install -Dm755 src/iptables.sh "$pkgdir"/usr/share/tcpcryptd/iptables.sh + install -Dm644 ../tcpcrypt/LICENSE "$pkgdir"/usr/share/licenses/"$pkgname"/LICENSE + install -Dm644 ../tcpcryptd.conf "$pkgdir"/etc/conf.d/tcpcryptd.conf + install -Dm644 ../tcpcryptd.service "$pkgdir"/usr/lib/systemd/system/tcpcryptd.service + install -Dm644 ../tcpcryptd.tmpfiles "$pkgdir"/usr/lib/tmpfiles.d/tcpcryptd.conf + install -Dm644 ../tcpcryptd.sysusers "$pkgdir"/usr/lib/sysusers.d/tcpcryptd.conf } # vim:set ts=2 sw=2 et: diff --git a/tcpcrypt.install b/tcpcrypt.install index aa606613ec5f..e60b641c8fc7 100644 --- a/tcpcrypt.install +++ b/tcpcrypt.install @@ -1,23 +1,12 @@ post_install() { - echo "To start tcpcrypt, run 'systemctl start tcpcryptd.service'. Secure" + echo "To start tcpcrypt, run 'systemctl start tcpcryptd'. Secure" echo "connections should Just Work between tcpcrypt-enabled machines." - echo "To start it at boot, run 'systemctl enable tcpcryptd.service'" echo echo "This implementation of tcpcrypt is relatively safe. In the worst case" echo "the daemon crashes and you lose all connectivity. When that happens," - echo "just run 'systemctl stop tcpcryptd.service' to tear down iptables" + echo "just run 'systemctl stop tcpcryptd' to tear down iptables" echo "rules and everything will continue." echo echo "For debugging, run 'tcnetstat' to list all active encrypted connections" echo "Run 'iptables -vnL' to check if iptables rules were set up correctly" - post_upgrade -} - -post_upgrade() { - systemd-sysusers tcpcryptd.conf - systemd-tmpfiles --create tcpcryptd.conf -} - -pre_remove() { - echo } diff --git a/tcpcryptd.conf b/tcpcryptd.conf index a08648b044f4..b76a3e39fba7 100644 --- a/tcpcryptd.conf +++ b/tcpcryptd.conf @@ -3,9 +3,17 @@ # STOP the daemon before you modify these -- otherwise the old iptables # rules won't be torn down! -# What TCP ports to capture? This can be a number or a range with ':' -# e.g. 0:65535 to captures all ports -PORT=0:65535 +# which netfilter userspace queue to use +DIVERT_PORT=666 -NFQUEUE_NUM=1666 +# which user account +DAEMON_USER=tcpcryptd +# where to chroot +JAIL_DIR=/var/run/tcpcryptd + +# which ports should tcpcrypt try to engage on? +# see the multiport extension in iptables-extensions(8) for how to specify +# set exactly one of OMIT_PORTS or ONLY_PORTS: +OMIT_PORTS=22,53,261,443,563,614,636,684,695,989,990,992:995,6697,9999 +#ONLY_PORTS=80,7777 diff --git a/tcpcryptd.service b/tcpcryptd.service index a9126f634a68..4bfeb575e09e 100644 --- a/tcpcryptd.service +++ b/tcpcryptd.service @@ -1,16 +1,13 @@ [Unit] -Description=User-space implementation of tcpcrypt +Description=tcpcrypt daemon for automatic transparent encryption of TCP sessions +Documentation=man:tcpcryptd(8) After=network.target [Service] -Type=simple EnvironmentFile=/etc/conf.d/tcpcryptd.conf -ExecStartPre=/usr/sbin/iptables -I INPUT ! --in-interface lo -p tcp --sport $PORT -j NFQUEUE --queue-num $NFQUEUE_NUM -ExecStartPre=/usr/sbin/iptables -I OUTPUT ! --out-interface lo -p tcp --dport $PORT -j NFQUEUE --queue-num $NFQUEUE_NUM -ExecStart=/usr/bin/tcpcryptd $OPTS -p $NFQUEUE_NUM -ExecStopPost=/usr/sbin/iptables -D INPUT ! --in-interface lo -p tcp --sport $PORT -j NFQUEUE --queue-num $NFQUEUE_NUM -ExecStopPost=/usr/sbin/iptables -D OUTPUT ! --out-interface lo -p tcp --dport $PORT -j NFQUEUE --queue-num $NFQUEUE_NUM -KillSignal=SIGINT +ExecStartPre=/usr/share/tcpcryptd/iptables.sh start +ExecStart=/usr/bin/tcpcryptd -p "$DIVERT_PORT" -U "$DAEMON_USER" -J "$JAIL_DIR" -f -e +ExecStopPost=/usr/share/tcpcryptd/iptables.sh stop [Install] WantedBy=multi-user.target diff --git a/tcpcryptd.sysusers b/tcpcryptd.sysusers index 6465a41eb454..fd038fe6c7d7 100644 --- a/tcpcryptd.sysusers +++ b/tcpcryptd.sysusers @@ -1 +1 @@ -u tcpcryptd - "Tcpcrypt Daemon" /run/tcpcryptd +u tcpcryptd - "Tcpcrypt Daemon" /run/tcpcryptd diff --git a/tcpcryptd.tmpfiles b/tcpcryptd.tmpfiles index 8ad1fdd65f6d..6b2aeed2e462 100644 --- a/tcpcryptd.tmpfiles +++ b/tcpcryptd.tmpfiles @@ -1,4 +1,2 @@ -# systemd tmpfile settings for tcpcryptd -# See tmpfiles.d(5) for details - -d /run/tcpcryptd 0700 tcpcryptd tcpcryptd - +# chrooted jail directory for tcpcryptd: +d /run/tcpcryptd 0755 tcpcryptd root - - |