diff options
| author | skydrome | 2015-06-01 15:49:15 -0400 |
|---|---|---|
| committer | skydrome | 2015-06-01 15:49:15 -0400 |
| commit | 910c290bf14a7aaad9a86f7bcb7733e9f8ccd0a2 (patch) | |
| tree | 726b3a8d80252f374a850cf999340c5a29990c00 | |
| download | aur-910c290bf14a7aaad9a86f7bcb7733e9f8ccd0a2.tar.gz | |
Initial commit
| -rw-r--r-- | .SRCINFO | 27 | ||||
| -rwxr-xr-x | PKGBUILD | 62 | ||||
| -rwxr-xr-x | tcpcrypt.install | 34 | ||||
| -rwxr-xr-x | tcpcryptd.conf | 11 | ||||
| -rwxr-xr-x | tcpcryptd.service | 16 |
5 files changed, 150 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..bf3a2d50048e --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,27 @@ +pkgbase = tcpcrypt-git + pkgdesc = Transparent user space implementation for the tcpcrypt TCP extensions + pkgver = 308.bb990b1 + pkgrel = 1 + url = http://tcpcrypt.org + install = tcpcrypt.install + arch = i686 + arch = x86_64 + license = BSD + makedepends = git + depends = libnetfilter_queue + depends = libnfnetlink + depends = libcap + depends = openssl + depends = iptables + provides = tcpcrypt + conflicts = tcpcrypt + backup = etc/conf.d/tcpcryptd.conf + source = git+https://github.com/scslab/tcpcrypt.git + source = tcpcryptd.conf + source = tcpcryptd.service + sha256sums = SKIP + sha256sums = a41bfa7b0c8f527f96c993f68e0a02265ad672fe6c2e10f41bc00b8b1f819305 + sha256sums = 68a3227f971dce0056bbe8768b570fade4ee8b17aca2e354c35352f2bf0a7028 + +pkgname = tcpcrypt-git + diff --git a/PKGBUILD b/PKGBUILD new file mode 100755 index 000000000000..53ec5c156ef1 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,62 @@ +# Contributor: Marti Raudsepp <marti@juffo.org> +# Contributor: skydrome <skydrome@i2pmail.org> +# Maintainer: mutantmonkey <aur@mutantmonkey.in> + +pkgname=tcpcrypt-git +pkgver=308.bb990b1 +pkgrel=1 +pkgdesc="Transparent user space implementation for the tcpcrypt TCP extensions" +arch=('i686' 'x86_64') +url="http://tcpcrypt.org" +license=('BSD') +depends=('libnetfilter_queue' 'libnfnetlink' 'libcap' 'openssl' 'iptables') +makedepends=('git') +provides=('tcpcrypt') +conflicts=('tcpcrypt') +install='tcpcrypt.install' +backup=('etc/conf.d/tcpcryptd.conf') +source=("git+https://github.com/scslab/tcpcrypt.git" + 'tcpcryptd.conf' + 'tcpcryptd.service') +sha256sums=('SKIP' + 'a41bfa7b0c8f527f96c993f68e0a02265ad672fe6c2e10f41bc00b8b1f819305' + '68a3227f971dce0056bbe8768b570fade4ee8b17aca2e354c35352f2bf0a7028') + +pkgver() { + cd tcpcrypt + echo $(git rev-list --count master).$(git rev-parse --short master) +} + +prepare() { + cd tcpcrypt + mkdir -p m4 + + sed -i 's:AC_PROG_LIBTOOL:LT_INIT:' configure.ac + ./bootstrap.sh +} + +build() { + cd tcpcrypt + + export JAIL_DIR='/run/tcpcryptd' + export JAIL_USER='tcpcryptd' + export DIVERT_PORT='1666' + export CONTROL_SOCKET='/run/tcpcryptd.control' + + ./configure --prefix=/usr + make +} + +package() { + cd tcpcrypt + make DESTDIR="$pkgdir" install + + install -dm755 "$pkgdir/usr/lib/tmpfiles.d" + echo 'd /run/tcpcryptd 0700 tcpcryptd tcpcryptd' >"$pkgdir/usr/lib/tmpfiles.d/tcpcryptd.conf" + + install -Dm644 "$srcdir"/tcpcrypt/LICENSE "$pkgdir"/usr/share/licenses/"$pkgname"/LICENSE + install -Dm644 "$srcdir"/tcpcryptd.conf "$pkgdir"/etc/conf.d/tcpcryptd.conf + install -Dm644 "$srcdir"/tcpcryptd.service "$pkgdir"/usr/lib/systemd/system/tcpcryptd.service +} + +# vim:set ts=2 sw=2 et: diff --git a/tcpcrypt.install b/tcpcrypt.install new file mode 100755 index 000000000000..da3a67f1d497 --- /dev/null +++ b/tcpcrypt.install @@ -0,0 +1,34 @@ +post_install() { + getent passwd tcpcryptd &>/dev/null || { + echo -n ">>> Creating tcpcryptd system user... " + /usr/sbin/useradd --system --user-group --home /run/tcpcryptd tcpcryptd + echo "done" + } + chown tcpcryptd:tcpcryptd /run/tcpcryptd + chmod 700 /run/tcpcryptd + + echo "To start tcpcrypt, run 'systemctl start tcpcryptd.service'. Secure" + echo "connections should Just Work between tcpcrypt-enabled machines." + echo "To start it at boot, run 'systemctl enable tcpcryptd.service'" + echo + echo "This implementation of tcpcrypt is relatively safe. In the worst case" + echo "the daemon crashes and you lose all connectivity. When that happens," + echo "just run 'systemctl stop tcpcryptd.service' to tear down iptables" + echo "rules and everything will continue." + echo + echo "For debugging, run 'tcnetstat' to list all active encrypted connections" + echo "Run 'iptables -vnL' to check if iptables rules were set up correctly" +} + +post_upgrade() { + chown -R tcpcryptd:tcpcryptd /run/tcpcryptd + chmod 700 /run/tcpcryptd +} + +pre_remove() { + getent passwd tcpcryptd &>/dev/null && { + echo -n ">>> Removing tcpcryptd system user... " + /usr/sbin/userdel tcpcryptd + echo "done" + } +} diff --git a/tcpcryptd.conf b/tcpcryptd.conf new file mode 100755 index 000000000000..a08648b044f4 --- /dev/null +++ b/tcpcryptd.conf @@ -0,0 +1,11 @@ +# configuration for the tcpcryptd daemon + +# STOP the daemon before you modify these -- otherwise the old iptables +# rules won't be torn down! + +# What TCP ports to capture? This can be a number or a range with ':' +# e.g. 0:65535 to captures all ports +PORT=0:65535 + +NFQUEUE_NUM=1666 + diff --git a/tcpcryptd.service b/tcpcryptd.service new file mode 100755 index 000000000000..a9126f634a68 --- /dev/null +++ b/tcpcryptd.service @@ -0,0 +1,16 @@ +[Unit] +Description=User-space implementation of tcpcrypt +After=network.target + +[Service] +Type=simple +EnvironmentFile=/etc/conf.d/tcpcryptd.conf +ExecStartPre=/usr/sbin/iptables -I INPUT ! --in-interface lo -p tcp --sport $PORT -j NFQUEUE --queue-num $NFQUEUE_NUM +ExecStartPre=/usr/sbin/iptables -I OUTPUT ! --out-interface lo -p tcp --dport $PORT -j NFQUEUE --queue-num $NFQUEUE_NUM +ExecStart=/usr/bin/tcpcryptd $OPTS -p $NFQUEUE_NUM +ExecStopPost=/usr/sbin/iptables -D INPUT ! --in-interface lo -p tcp --sport $PORT -j NFQUEUE --queue-num $NFQUEUE_NUM +ExecStopPost=/usr/sbin/iptables -D OUTPUT ! --out-interface lo -p tcp --dport $PORT -j NFQUEUE --queue-num $NFQUEUE_NUM +KillSignal=SIGINT + +[Install] +WantedBy=multi-user.target |