Import of the Penguin module for perl5
This commit is contained in:
James FitzGibbon
parent
669f12c322
commit
b579a4e406
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=6643
5 changed files with 175 additions and 0 deletions
35
devel/p5-Penguin/Makefile
Normal file
35
devel/p5-Penguin/Makefile
Normal file
|
|
@ -0,0 +1,35 @@
|
|||
# New ports collection makefile for: p5-Penguin
|
||||
# Version required: 3.00
|
||||
# Date created: May 28th 1997
|
||||
# Whom: James FitzGibbon <jfitz@FreeBSD.org>
|
||||
#
|
||||
# $Id$
|
||||
#
|
||||
|
||||
DISTNAME= Penguin-3.00
|
||||
PKGNAME= p5-Penguin-3.00
|
||||
CATEGORIES= devel security perl5
|
||||
MASTER_SITES= ${MASTER_SITE_PERL_CPAN}
|
||||
MASTER_SITE_SUBDIR= Penguin
|
||||
|
||||
MAINTAINER= jfitz@FreeBSD.ORG
|
||||
|
||||
BUILD_DEPENDS= perl5.004:${PORTSDIR}/lang/perl5
|
||||
RUN_DEPENDS= perl5.004:${PORTSDIR}/lang/perl5 \
|
||||
pgp:${PORTSDIR}/security/pgp
|
||||
|
||||
do-configure:
|
||||
@ cd ${WRKSRC}; ${SETENV} ${MAKE_ENV} ${PREFIX}/bin/perl Makefile.PL
|
||||
|
||||
post-install:
|
||||
${MKDIR} ${PREFIX}/lib/perl5/site_perl/Penguin/bin ${PREFIX}/lib/perl5/site_perl/Penguin/misc ${PREFIX}/lib/perl5/site_perl/Penguin/doc
|
||||
${INSTALL_DATA} ${WRKSRC}/bin/.pen ${PREFIX}/lib/perl5/site_perl/Penguin/bin
|
||||
.for file in makeapplet pclient penguind runapplet
|
||||
${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} ${WRKSRC}/bin/${file} ${PREFIX}/lib/perl5/site_perl/Penguin/bin
|
||||
.endfor
|
||||
${INSTALL_DATA} ${WRKSRC}/misc/* ${PREFIX}/lib/perl5/site_perl/Penguin/misc
|
||||
.for file in FAQ INSTALL MODULE_NOTES README SECURITY TODO
|
||||
${INSTALL_DATA} ${WRKSRC}/${file} ${PREFIX}/lib/perl5/site_perl/Penguin/doc
|
||||
.endfor
|
||||
|
||||
.include <bsd.port.mk>
|
||||
1
devel/p5-Penguin/distinfo
Normal file
1
devel/p5-Penguin/distinfo
Normal file
|
|
@ -0,0 +1 @@
|
|||
MD5 (Penguin-3.00.tar.gz) = 39a9a8b805f2947d0b861a1907f4556c
|
||||
1
devel/p5-Penguin/pkg-comment
Normal file
1
devel/p5-Penguin/pkg-comment
Normal file
|
|
@ -0,0 +1 @@
|
|||
a framework for passing digitally signed perl5 code between machines.
|
||||
95
devel/p5-Penguin/pkg-descr
Normal file
95
devel/p5-Penguin/pkg-descr
Normal file
|
|
@ -0,0 +1,95 @@
|
|||
From the FAQ:
|
||||
|
||||
5. 'Saaaay, what _is_ the design of Penguin?'
|
||||
|
||||
Glad you asked.
|
||||
|
||||
Consider two machines, foo and bar. A user on foo (or perhaps
|
||||
a program on foo) wishes to execute a program on machine bar.
|
||||
However, imagine that the people running bar don't want just
|
||||
anyone running code on their machine for security reasons.
|
||||
This is the normal case on the Internet, and one which the
|
||||
World Wide Web attempts to emulate with HTTP and CGI.
|
||||
|
||||
Normally, there is no well-known channel for foo to transmit
|
||||
code to bar. Further, there is no provision for the code to
|
||||
undergo verification after transmission. Too, there is no
|
||||
well-defined way for bar to ensure that foo's code does not
|
||||
attempt to perform insecure or damaging operations.
|
||||
|
||||
Penguin attempts to solve these issues while making sure the
|
||||
code language maintains some acceptable degree of sufficiency
|
||||
and power.
|
||||
|
||||
Using Penguin, the user/program on foo 'digitally signs' the
|
||||
code that's earmarked for delivery to bar. The signature
|
||||
encodes the code in such a way that it is impossible to alter
|
||||
the code or deny that the signer signed it.
|
||||
|
||||
The code is then wrapped up into a packet and transmitted
|
||||
through a 'channel' to a Penguin process running on machine
|
||||
bar. The channel's protocol layer is abstracted away
|
||||
enough that it becomes unimportant; Penguin code can just
|
||||
as easily be delivered through SMTP or AOL Mail as through
|
||||
TCP/IP, DECNet, AppleTalk, whatever.
|
||||
|
||||
The Penguin process on bar unwraps the packet, which contains
|
||||
further verification and checksum information, and then
|
||||
'digitally unsigns' the code, a process which provides the
|
||||
code in 'clear' form while telling the receiver who digitally
|
||||
signed it.
|
||||
|
||||
The receiver then cross-references the signer's identity with
|
||||
a list of rights that the receiver associates with the signer,
|
||||
reverting to a set of default rights if the signer is unknown
|
||||
or unlisted.
|
||||
|
||||
A safe compartment is then created, populated with the
|
||||
functions allowed to the signer, and told to limit the
|
||||
operations it can perform to only those permitted to the
|
||||
signer.
|
||||
|
||||
The code is then compiled within that safe compartment. If
|
||||
it attempts to do something which the signer is not allowed
|
||||
to do, or if it attempts to call a function not permitted
|
||||
to the signer, the compartment immediately traps the operation
|
||||
and throws the code away before it can execute. If the code
|
||||
uses no unsafe or illegal operations, then it executes and
|
||||
produces a result.
|
||||
|
||||
The code executing side then becomes the master in the
|
||||
transaction, and can send code to the original sender,
|
||||
send the return value back in a data packet, and so forth.
|
||||
The process repeats as necessary until both parties are
|
||||
done; the channel then closes, and the Penguin transaction is complete.
|
||||
|
||||
The basic sentiment behind the idea of 'identity' being
|
||||
correlated to 'rights' in the receiver is that in signing
|
||||
the code, the signer commits her identity and her reputation
|
||||
on the correct operation of the code.
|
||||
|
||||
'highly trustable' signers (as one might imagine Larry Wall,
|
||||
Randal Schwartz, and Tom Christiansen to be) might be assigned
|
||||
very high levels of trust and equivalent degrees of 'rights',
|
||||
so that programs they sign can perform very complex and
|
||||
interesting operations on your computer. By the same token,
|
||||
paranoid sites or those wishing isolation could assign zero
|
||||
rights to everyone except for a select (perhaps internal) few.
|
||||
|
||||
Part of the 'rights' given to signers include possibly specialized
|
||||
functions that encapsulate the functionality of extremely dangerous
|
||||
operations. For instance, a store opening up on the Internet might
|
||||
put up a Penguin server which put functions called 'list_items'
|
||||
and 'buy_item()' into the limited compartments all users get.
|
||||
'list_items' might open up a file on the store's machine, read
|
||||
the contents, and spit them out -- an operation which, if allowed
|
||||
in the general case, would clearly breach security. However,
|
||||
by creating a specialized function, the security concern is
|
||||
removed, and by letting potential customers know of the function,
|
||||
the power and ease of use are kept high.
|
||||
|
||||
Niggling but important technical issues currently being wrestled
|
||||
with include the way that foreign functions are registered into
|
||||
the namespace, the construction of a foreign function framework
|
||||
so that the names and function of the functions are well-known,
|
||||
and a superior-than-current 'digital signature' method.
|
||||
43
devel/p5-Penguin/pkg-plist
Normal file
43
devel/p5-Penguin/pkg-plist
Normal file
|
|
@ -0,0 +1,43 @@
|
|||
lib/perl5/site_perl/Penguin.pm
|
||||
lib/perl5/site_perl/Penguin/Channel/TCP.pm
|
||||
lib/perl5/site_perl/Penguin/Channel/TCP/Client.pm
|
||||
lib/perl5/site_perl/Penguin/Channel/TCP/Server.pm
|
||||
lib/perl5/site_perl/Penguin/Compartment.pm
|
||||
lib/perl5/site_perl/Penguin/Frame/Code.pm
|
||||
lib/perl5/site_perl/Penguin/Frame/Data.pm
|
||||
lib/perl5/site_perl/Penguin/PGP.pm
|
||||
lib/perl5/site_perl/Penguin/Rights.pm
|
||||
lib/perl5/site_perl/Penguin/Trivial/Client.pm
|
||||
lib/perl5/site_perl/Penguin/Trivial/Server.pm
|
||||
lib/perl5/site_perl/Penguin/Wrapper/PGP.pm
|
||||
lib/perl5/site_perl/Penguin/Wrapper/Transparent.pm
|
||||
lib/perl5/site_perl/i386-freebsd/auto/Penguin/.packlist
|
||||
lib/perl5/site_perl/Penguin/bin/.pen
|
||||
lib/perl5/site_perl/Penguin/bin/makeapplet
|
||||
lib/perl5/site_perl/Penguin/bin/pclient
|
||||
lib/perl5/site_perl/Penguin/bin/penguind
|
||||
lib/perl5/site_perl/Penguin/bin/runapplet
|
||||
lib/perl5/site_perl/Penguin/misc/HOW_TO_PLAY
|
||||
lib/perl5/site_perl/Penguin/misc/codefile
|
||||
lib/perl5/site_perl/Penguin/misc/codefile.pen
|
||||
lib/perl5/site_perl/Penguin/misc/evilapplet
|
||||
lib/perl5/site_perl/Penguin/misc/evilapplet.pen
|
||||
lib/perl5/site_perl/Penguin/misc/felix.asc
|
||||
lib/perl5/site_perl/Penguin/misc/map.asc
|
||||
lib/perl5/site_perl/Penguin/misc/rightsfile
|
||||
lib/perl5/site_perl/Penguin/doc/FAQ
|
||||
lib/perl5/site_perl/Penguin/doc/INSTALL
|
||||
lib/perl5/site_perl/Penguin/doc/MODULE_NOTES
|
||||
lib/perl5/site_perl/Penguin/doc/README
|
||||
lib/perl5/site_perl/Penguin/doc/SECURITY
|
||||
lib/perl5/site_perl/Penguin/doc/TODO
|
||||
@dirrm lib/perl5/site_perl/Penguin/Channel/TCP
|
||||
@dirrm lib/perl5/site_perl/Penguin/Channel
|
||||
@dirrm lib/perl5/site_perl/Penguin/Frame
|
||||
@dirrm lib/perl5/site_perl/Penguin/Trivial
|
||||
@dirrm lib/perl5/site_perl/Penguin/Wrapper
|
||||
@dirrm lib/perl5/site_perl/Penguin/bin
|
||||
@dirrm lib/perl5/site_perl/Penguin/misc
|
||||
@dirrm lib/perl5/site_perl/Penguin/doc
|
||||
@dirrm lib/perl5/site_perl/Penguin
|
||||
@dirrm lib/perl5/site_perl/i386-freebsd/auto/Penguin
|
||||
Loading…
Reference in a new issue