aboutsummaryrefslogtreecommitdiffstats
path: root/security/cfs
diff options
context:
space:
mode:
authorcrees <crees@FreeBSD.org>2013-05-16 01:29:33 +0800
committercrees <crees@FreeBSD.org>2013-05-16 01:29:33 +0800
commitb3fc97974dbe8e4f6f7820963522874ed068a304 (patch)
treecdd4643238bb17905d3fee0cf5dc9805a4fe85e6 /security/cfs
parente12a511bced5267812760411dda5d77bbdbdc496 (diff)
downloadfreebsd-ports-graphics-b3fc97974dbe8e4f6f7820963522874ed068a304.tar.gz
freebsd-ports-graphics-b3fc97974dbe8e4f6f7820963522874ed068a304.tar.zst
freebsd-ports-graphics-b3fc97974dbe8e4f6f7820963522874ed068a304.zip
security/cfs: Resurrect and maintain CFS.
The referenced security issues have been fixed in this version (1.5.0 beta), and some small bugs have been found too, with many fixes from Debian's Gerrit Pape. Obtained from: Debian (parts) Security: CVE-2002-0351 Security: CVE-2006-3123
Diffstat (limited to 'security/cfs')
-rw-r--r--security/cfs/Makefile38
-rw-r--r--security/cfs/distinfo2
-rw-r--r--security/cfs/files/cfsd.in49
-rw-r--r--security/cfs/files/pkg-message.in22
-rw-r--r--security/cfs/pkg-descr11
-rw-r--r--security/cfs/pkg-plist13
6 files changed, 135 insertions, 0 deletions
diff --git a/security/cfs/Makefile b/security/cfs/Makefile
new file mode 100644
index 00000000000..d8063fdc172
--- /dev/null
+++ b/security/cfs/Makefile
@@ -0,0 +1,38 @@
+# Created by: John Polstra <jdp@polstra.com>
+# $FreeBSD$
+
+PORTNAME= cfs
+DISTVERSION= 1.5.0.beta
+CATEGORIES= security
+MASTER_SITES= http://www.bayofrum.net/dist/${PORTNAME}/
+
+MAINTAINER= crees@FreeBSD.org
+COMMENT= A cryptographic file system implemented as a user-space NFS server
+
+ALL_TARGET= cfs
+MAKE_ARGS= CC=cc
+MAN1= cattach.1 cdetach.1 cmkdir.1 cpasswd.1 cfssh.1
+MAN8= ccat.8 cfsd.8 cname.8
+
+CFSD_BOOTSTRAP= ${PREFIX}/cfsd-bootstrap
+USE_RC_SUBR= cfsd
+SUB_FILES= pkg-message
+SUB_LIST= CFSD_BOOTSTRAP=${CFSD_BOOTSTRAP}
+PLIST_SUB= CFSD_BOOTSTRAP=${CFSD_BOOTSTRAP}
+
+post-patch:
+ ${REINPLACE_CMD} 's/^\.TH SSH/.TH CFSSH/' ${WRKSRC}/cfssh.1
+
+do-install:
+ @cd ${WRKSRC}; \
+ ${INSTALL_PROGRAM} ccat cfsd cname ${PREFIX}/sbin; \
+ ${INSTALL_PROGRAM} cattach cdetach cmkdir cpasswd ${PREFIX}/bin; \
+ ${INSTALL_SCRIPT} cfssh ${PREFIX}/bin/cfssh; \
+ ${INSTALL_MAN} ${MAN1} ${PREFIX}/man/man1; \
+ ${INSTALL_MAN} ${MAN8} ${PREFIX}/man/man8; \
+ ${MKDIR} ${PREFIX}/share/doc/cfs; \
+ ${INSTALL_DATA} README.install notes.ms ${PREFIX}/share/doc/cfs
+ ${INSTALL} -d ${_BINOWNGRP} -m 0 ${CFSD_BOOTSTRAP}
+ @${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.mk>
diff --git a/security/cfs/distinfo b/security/cfs/distinfo
new file mode 100644
index 00000000000..60c1a6a42b1
--- /dev/null
+++ b/security/cfs/distinfo
@@ -0,0 +1,2 @@
+SHA256 (cfs-1.5.0.beta.tar.gz) = 55eed20e9e2dd05bf54aa34a91fd90574005f805e9d4eb9c1dcf63d188ffdc59
+SIZE (cfs-1.5.0.beta.tar.gz) = 108992
diff --git a/security/cfs/files/cfsd.in b/security/cfs/files/cfsd.in
new file mode 100644
index 00000000000..065f0daeaa1
--- /dev/null
+++ b/security/cfs/files/cfsd.in
@@ -0,0 +1,49 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# PROVIDE: cfsd
+# REQUIRE: mountd
+#
+# Add the following line to /etc/rc.conf to enable cfsd:
+#
+# cfsd_enable=YES
+#
+# Additional options:
+#
+# cfsd_port=3049 # the port to listen to
+# cfsd_mountpoint=/crypt # the CFS mountpoint
+#
+
+. /etc/rc.subr
+
+name=cfsd
+rcvar=cfsd_enable
+
+load_rc_config $name
+
+: ${cfsd_enable=no}
+: ${cfsd_port=3049}
+: ${cfsd_mountpoint=/crypt}
+
+command=%%PREFIX%%/sbin/cfsd
+command_args="$cfsd_port > /dev/null 2>&1"
+required_dirs="%%CFSD_BOOTSTRAP%% $cfsd_mountpoint"
+start_postcmd=cfsd_poststart
+stop_precmd=cfsd_prestop
+
+cfsd_poststart()
+{
+ if [ -n "$cfsd_mountpoint" ]; then
+ mount -o port="$cfsd_port",mntudp,nfsv2 localhost:%%CFSD_BOOTSTRAP%% "$cfsd_mountpoint"
+ fi
+}
+
+cfsd_prestop()
+{
+ if [ -n "$cfsd_mountpoint" ]; then
+ umount "$cfsd_mountpoint"
+ fi
+}
+
+run_rc_command $1
diff --git a/security/cfs/files/pkg-message.in b/security/cfs/files/pkg-message.in
new file mode 100644
index 00000000000..31217fe7c7e
--- /dev/null
+++ b/security/cfs/files/pkg-message.in
@@ -0,0 +1,22 @@
+===============================================================================
+Quick start instructions:
+
+ - add the following entry to /etc/exports:
+
+ %%CFSD_BOOTSTRAP%% localhost
+
+ - create the default CFS mountpoint (if you want to use a different
+ mountpoint, set the cfsd_mountpoint variable in /etc/rc.conf):
+
+ # mkdir /crypt
+
+ - enable rpcbind, mountd and cfsd in /etc/rc.conf:
+
+ cfsd_enable="YES"
+ mountd_enable="YES"
+
+ - start mountd and cfsd, or restart:
+
+ # service mountd start
+ # service cfsd start
+===============================================================================
diff --git a/security/cfs/pkg-descr b/security/cfs/pkg-descr
new file mode 100644
index 00000000000..2611ddd37af
--- /dev/null
+++ b/security/cfs/pkg-descr
@@ -0,0 +1,11 @@
+This is CFS, Matt Blaze's Cryptographic File System. It provides
+transparent encryption and decryption of selected directory trees.
+It is implemented as a user-level NFS server and thus does not
+require any kernel modifications.
+
+For an overview of how to use it, read "${PREFIX}/share/doc/cfs/notes.ms"
+and the manual pages. There is a paper describing CFS at:
+
+ http://www.crypto.com/papers/cfs.pdf
+
+WWW: http://www.bayofrum.net/cgi-bin/fossil/cfs/
diff --git a/security/cfs/pkg-plist b/security/cfs/pkg-plist
new file mode 100644
index 00000000000..b32516fed14
--- /dev/null
+++ b/security/cfs/pkg-plist
@@ -0,0 +1,13 @@
+bin/cattach
+bin/cdetach
+bin/cmkdir
+bin/cpasswd
+bin/cfssh
+sbin/ccat
+sbin/cfsd
+sbin/cname
+share/doc/cfs/README.install
+share/doc/cfs/notes.ms
+@exec install -d -o root -g wheel -m 0 %%CFSD_BOOTSTRAP%% 2>/dev/null || true
+@unexec rmdir %%CFSD_BOOTSTRAP%% 2>/dev/null || true
+@dirrm share/doc/cfs