From 3a2febe8aed93808da93f55d68de3def6c3bd975 Mon Sep 17 00:00:00 2001 From: Mikael Urankar Date: Mon, 13 Apr 2020 14:51:25 +0000 Subject: [PATCH] New port: security/tailscale Tailscale is a mesh VPN alternative, based on WireGuard, that connects your computers, databases, and services together securely without any proxies. WWW: https://tailscale.com/ Reviewed by: dmgk Differential Revision: https://reviews.freebsd.org/D24376 --- security/Makefile | 1 + security/tailscale/Makefile | 39 +++++++++++++++ security/tailscale/distinfo | 29 +++++++++++ security/tailscale/files/tailscaled.in | 69 ++++++++++++++++++++++++++ security/tailscale/pkg-descr | 4 ++ 5 files changed, 142 insertions(+) create mode 100644 security/tailscale/Makefile create mode 100644 security/tailscale/distinfo create mode 100644 security/tailscale/files/tailscaled.in create mode 100644 security/tailscale/pkg-descr diff --git a/security/Makefile b/security/Makefile index c37fa235bded..2d92e70d4162 100644 --- a/security/Makefile +++ b/security/Makefile @@ -1233,6 +1233,7 @@ SUBDIR += swatchdog SUBDIR += switzerland SUBDIR += symbion-sslproxy + SUBDIR += tailscale SUBDIR += tclsasl SUBDIR += tcpcrypt SUBDIR += teleport diff --git a/security/tailscale/Makefile b/security/tailscale/Makefile new file mode 100644 index 000000000000..481f48f88113 --- /dev/null +++ b/security/tailscale/Makefile @@ -0,0 +1,39 @@ +# $FreeBSD$ + +PORTNAME= tailscale +PORTVERSION= 0.97 +DISTVERSIONPREFIX= v +CATEGORIES= security + +MAINTAINER= mikael@FreeBSD.org +COMMENT= Mesh VPN that makes it easy to connect your devices + +LICENSE= BSD3CLAUSE +LICENSE_FILE= ${WRKSRC}/LICENSE + +USES= go:modules + +USE_GITHUB= yes +GH_TUPLE= \ + apenwarr:fixconsole:5a9f6489cc29:apenwarr_fixconsole/vendor/github.com/apenwarr/fixconsole \ + golang:crypto:f7b00557c8c4:golang_crypto/vendor/golang.org/x/crypto \ + golang:groupcache:8c9f03a8e57e:golang_groupcache/vendor/github.com/golang/groupcache \ + golang:net:244492dfa37a:golang_net/vendor/golang.org/x/net \ + golang:oauth2:bf48bf16ab8d:golang_oauth2/vendor/golang.org/x/oauth2 \ + golang:sync:cd5d95a43a6e:golang_sync/vendor/golang.org/x/sync \ + golang:sys:a7d97aace0b0:golang_sys/vendor/golang.org/x/sys \ + golang:time:555d28b269f0:golang_time/vendor/golang.org/x/time \ + klauspost:compress:v1.9.8:klauspost_compress/vendor/github.com/klauspost/compress \ + pborman:getopt:ee0cd42419d3:pborman_getopt/vendor/github.com/pborman/getopt \ + peterbourgon:ff:v2.0.0:peterbourgon_ff/vendor/github.com/peterbourgon/ff/v2 \ + rsc:goversion:v1.2.0:rsc_goversion/vendor/rsc.io/goversion \ + tailscale:wireguard-go:239518935266:tailscale_wireguard_go/vendor/github.com/tailscale/wireguard-go +USE_RC_SUBR= tailscaled + +GO_TARGET= ./cmd/tailscale \ + ./cmd/tailscaled + +PLIST_FILES= bin/tailscale \ + bin/tailscaled + +.include diff --git a/security/tailscale/distinfo b/security/tailscale/distinfo new file mode 100644 index 000000000000..5bbfea634657 --- /dev/null +++ b/security/tailscale/distinfo @@ -0,0 +1,29 @@ +TIMESTAMP = 1586695277 +SHA256 (tailscale-tailscale-v0.97_GH0.tar.gz) = 7ec7fca43e4f850aa09d9fc70a726f9550df8f6810ac51b2a202e5e9d64ed40b +SIZE (tailscale-tailscale-v0.97_GH0.tar.gz) = 198882 +SHA256 (apenwarr-fixconsole-5a9f6489cc29_GH0.tar.gz) = 60a7c20f3c7253049c70bcef2d5cfbc4f33eea5250e7f820eb48748b0a505418 +SIZE (apenwarr-fixconsole-5a9f6489cc29_GH0.tar.gz) = 6349 +SHA256 (golang-crypto-f7b00557c8c4_GH0.tar.gz) = 029c7e2c21a3b1a5df481e441b58f89d7c6ade793d6155ca01e23094047e3598 +SIZE (golang-crypto-f7b00557c8c4_GH0.tar.gz) = 1727281 +SHA256 (golang-groupcache-8c9f03a8e57e_GH0.tar.gz) = b92f918daa48048fd360f14d1a4aed6e70c1176ae6b00b0dc04094bb088e9865 +SIZE (golang-groupcache-8c9f03a8e57e_GH0.tar.gz) = 26047 +SHA256 (golang-net-244492dfa37a_GH0.tar.gz) = 511fcc4f88e15cf97dccca6ea4bdde6d240ebd7e1b14212a0447fc4f5b54031c +SIZE (golang-net-244492dfa37a_GH0.tar.gz) = 1172556 +SHA256 (golang-oauth2-bf48bf16ab8d_GH0.tar.gz) = 28b3a51a8bd90beb5952d1080218ea238127edfe9455ad48921989619ff918a8 +SIZE (golang-oauth2-bf48bf16ab8d_GH0.tar.gz) = 47016 +SHA256 (golang-sync-cd5d95a43a6e_GH0.tar.gz) = 00a6dce4c1a9ca9edae6c3f1bedc0b15911c62681371ad9ed7738e182ba70393 +SIZE (golang-sync-cd5d95a43a6e_GH0.tar.gz) = 16956 +SHA256 (golang-sys-a7d97aace0b0_GH0.tar.gz) = aa2b3847a5a1f32b33ba4c42a6bb2d89005e2590236f106f95e1f8baf92572fd +SIZE (golang-sys-a7d97aace0b0_GH0.tar.gz) = 1042410 +SHA256 (golang-time-555d28b269f0_GH0.tar.gz) = 8ce368da65025dad4e4ed302a5835e2b3579f3a111721f9b275803519a5d10b3 +SIZE (golang-time-555d28b269f0_GH0.tar.gz) = 9577 +SHA256 (klauspost-compress-v1.9.8_GH0.tar.gz) = 875db400d8bd838ce050db5931f540c17186f6ec2630420238da48be7bac1f56 +SIZE (klauspost-compress-v1.9.8_GH0.tar.gz) = 16106285 +SHA256 (pborman-getopt-ee0cd42419d3_GH0.tar.gz) = 8eaa2477da03612e053997e0cc0f541947e8cbd3b6e89c4bed628341a58623f2 +SIZE (pborman-getopt-ee0cd42419d3_GH0.tar.gz) = 39691 +SHA256 (peterbourgon-ff-v2.0.0_GH0.tar.gz) = f281421980071b90b5525900d4471fcf94f256c5453b6188f37ecef71a2d80a1 +SIZE (peterbourgon-ff-v2.0.0_GH0.tar.gz) = 25295 +SHA256 (rsc-goversion-v1.2.0_GH0.tar.gz) = 65e9c181995ed8c9207ea08d79a148ab53307b7fad2172a5a0764d6aa393a98e +SIZE (rsc-goversion-v1.2.0_GH0.tar.gz) = 8586 +SHA256 (tailscale-wireguard-go-239518935266_GH0.tar.gz) = 1dbd175c4028f2ed66c7ac4b685d6a945a6163faa6192ccf243a7adb897aee21 +SIZE (tailscale-wireguard-go-239518935266_GH0.tar.gz) = 114538 diff --git a/security/tailscale/files/tailscaled.in b/security/tailscale/files/tailscaled.in new file mode 100644 index 000000000000..a1aa1de0c621 --- /dev/null +++ b/security/tailscale/files/tailscaled.in @@ -0,0 +1,69 @@ +#!/bin/sh + +# $FreeBSD$ +# +# PROVIDE: tailscaled +# REQUIRE: networking +# KEYWORD: shutdown +# +# Add the following lines to /etc/rc.conf.local or /etc/rc.conf +# to enable this service: +# +# tailscaled_enable (bool): Set it to YES to enable tailscaled. +# Default is "NO". +# tailscaled_syslog_output_enable (bool): Set to enable syslog output. +# Default is "NO". See daemon(8). +# tailscaled_syslog_output_priority (str): Set syslog priority if syslog enabled. +# Default is "info". See daemon(8). +# tailscaled_syslog_output_facility (str): Set syslog facility if syslog enabled. +# Default is "daemon". See daemon(8). + +. /etc/rc.subr + +name=tailscaled +rcvar=tailscaled_enable + +load_rc_config $name + +: ${tailscaled_enable:="NO"} + +DAEMON=$(/usr/sbin/daemon 2>&1 | grep -q syslog ; echo $?) +if [ ${DAEMON} -eq 0 ]; then + : ${tailscaled_syslog_output_enable:="NO"} + : ${tailscaled_syslog_output_priority:="info"} + : ${tailscaled_syslog_output_facility:="daemon"} + if checkyesno tailscaled_syslog_output_enable; then + tailscaled_syslog_output_flags="-t ${name} -T ${name}" + + if [ -n "${tailscaled_syslog_output_priority}" ]; then + tailscaled_syslog_output_flags="${tailscaled_syslog_output_flags} -s ${tailscaled_syslog_output_priority}" + fi + + if [ -n "${tailscaled_syslog_output_facility}" ]; then + tailscaled_syslog_output_flags="${tailscaled_syslog_output_flags} -l ${tailscaled_syslog_output_facility}" + fi + fi +else + tailscaled_syslog_output_enable="NO" + tailscaled_syslog_output_flags="" +fi + +pidfile=/var/run/tailscaled.pid +procname="%%PREFIX%%/bin/tailscaled" +command="/usr/sbin/daemon" +command_args="-f ${tailscaled_syslog_output_flags} -p ${pidfile} ${procname}" + +# XXX: Can we have multiple interface? +tailscale_tap_dev="tailscale0" + +stop_postcmd="${name}_poststop" + +tailscaled_poststop() +{ + /sbin/ifconfig ${tailscale_tap_dev} >/dev/null 2>&1 && ( + logger -s -t tailscaled "Destroying tailscale0 adapter" + /sbin/ifconfig ${tailscale_tap_dev} destroy || logger -s -t tailscaled "Failed to destroy ${tailscale_tap_dev} adapter" + ) +} + +run_rc_command "$1" diff --git a/security/tailscale/pkg-descr b/security/tailscale/pkg-descr new file mode 100644 index 000000000000..12eb4f794572 --- /dev/null +++ b/security/tailscale/pkg-descr @@ -0,0 +1,4 @@ +Tailscale is a mesh VPN alternative, based on WireGuard, that connects your +computers, databases, and services together securely without any proxies. + +WWW: https://tailscale.com/