git: 996a6909ee6e - main - New port: security/tang: Small daemon for binding data to the presence of a network

[Neel Chauhan]

The branch main has been updated by nc:

URL: https://cgit.FreeBSD.org/ports/commit/?id=996a6909ee6ea04ffc6962af5167811629275096

commit 996a6909ee6ea04ffc6962af5167811629275096
Author:     Howard Holm <hdholm at alumni.iastate.edu>
AuthorDate: 2021-05-10 01:21:25 +0000
Commit:     Neel Chauhan <nc at FreeBSD.org>
CommitDate: 2021-05-10 01:23:51 +0000

    New port: security/tang: Small daemon for binding data to the presence of a network
    
    PR:     255694
---
 security/Makefile       |  1 +
 security/tang/Makefile  | 30 ++++++++++++++++++++++++++++++
 security/tang/distinfo  |  3 +++
 security/tang/pkg-descr | 21 +++++++++++++++++++++
 security/tang/pkg-plist |  8 ++++++++
 5 files changed, 63 insertions(+)

diff --git a/security/Makefile b/security/Makefile
index 3b7a39ce0043..4a9d1a08c053 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -1245,6 +1245,7 @@
     SUBDIR += swatchdog
     SUBDIR += symbion-sslproxy
     SUBDIR += tailscale
+    SUBDIR += tang
     SUBDIR += tclsasl
     SUBDIR += tcpcrypt
     SUBDIR += teleport
diff --git a/security/tang/Makefile b/security/tang/Makefile
new file mode 100644
index 000000000000..d916a0645df5
--- /dev/null
+++ b/security/tang/Makefile
@@ -0,0 +1,30 @@
+PORTNAME=	tang
+DISTVERSION=	10
+CATEGORIES=	security
+
+MAINTAINER=	hdholm at alumni.iastate.edu
+COMMENT=	Tang is a small daemon for binding data to the presence of a network
+
+LICENSE=	GPLv3
+LICENSE_FILE=	${WRKSRC}/COPYING
+
+LIB_DEPENDS=	libhttp_parser.so:www/http-parser \
+		libjansson.so:devel/jansson \
+		libjose.so:net/jose
+RUN_DEPENDS=	socat:net/socat
+BUILD_DEPENDS=	a2x:textproc/asciidoc \
+		${LOCALBASE}/libdata/pkgconfig/jose.pc:net/jose \
+		socat:net/socat
+
+USES=		compiler:c11 meson ninja pkgconfig
+USE_GITHUB=	yes
+GH_ACCOUNT=	latchset
+GH_TAGNAME=	v10
+USE_LDCONFIG=	yes
+
+INSTALL_TARGET=	install-strip
+
+post-install:
+	${MKDIR} -m 0700 ${STAGEDIR}/var/db/tang
+
+.include <bsd.port.mk>
diff --git a/security/tang/distinfo b/security/tang/distinfo
new file mode 100644
index 000000000000..acc4a39838f3
--- /dev/null
+++ b/security/tang/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1620421972
+SHA256 (latchset-tang-10-v10_GH0.tar.gz) = 168ceee00bcf1da3d4e595285947fdcd5822b2e4e5cdb4b0e69b450b2cac2ba6
+SIZE (latchset-tang-10-v10_GH0.tar.gz) = 36469
diff --git a/security/tang/pkg-descr b/security/tang/pkg-descr
new file mode 100644
index 000000000000..9e9183b65d76
--- /dev/null
+++ b/security/tang/pkg-descr
@@ -0,0 +1,21 @@
+Tang is a server for binding data to network presence.
+
+This sounds fancy, but the concept is simple. You have some data, but you only
+want it to be available when the system containing the data is on a certain,
+usually secure, network. This is where Tang comes in.
+
+First, the client gets a list of the Tang server's advertised asymmetric keys.
+This can happen online by a simple HTTP GET. Alternatively, since the keys are
+asymmetric, the public key list can be distributed out of band.
+
+Second, the client uses one of these public keys to generate a unique,
+cryptographically strong encryption key. The data is then encrypted using this
+key. Once the data is encrypted, the key is discarded. Some small metadata is
+produced as part of this operation which the client should store in a convenient
+location. This process of encrypting data is the provisioning step.
+
+Third, when the client is ready to access its data, it simply loads the metadata
+produced in the provisioning step and performs an HTTP POST in order to recover
+the encryption key. This process is the recovery step.
+
+WWW: https://github.com/latchset/tang
diff --git a/security/tang/pkg-plist b/security/tang/pkg-plist
new file mode 100644
index 000000000000..746dacbd853c
--- /dev/null
+++ b/security/tang/pkg-plist
@@ -0,0 +1,8 @@
+libexec/tangd
+man/man1/tang-show-keys.1.gz
+man/man8/tang.8.gz
+libexec/tangd-keygen
+libexec/tangd-rotate-keys
+bin/tang-show-keys
+etc/rc.d/tangd
+ at dir /var/db/tang