This allows use of mlock() when vault is started via rc script.
Submitted by: dch
Reviewed by: jrm
Differential Revision: https://reviews.freebsd.org/D20025
Sonic is a fast, lightweight, and schema-less search backend. It
ingests search texts and identifier tuples that can then be queried
against in a microsecond's time.
Sonic can be used as a simple alternative to super-heavy and
full-featured search backends such as Elasticsearch in some use-cases.
It is capable of normalizing natural language search queries,
auto-completing a search query and providing the most relevant
results for a query. Sonic is an identifier index, rather than a
document index; when queried, it returns IDs that can then be used
to refer to the matched documents in an external database.
A strong attention to performance and code cleanliness has been
given when designing Sonic. It aims at being crash-free, super-fast
and puts minimum strain on server resources.
WWW: https://github.com/valeriansaliou/sonic
Reason for this is, if you like to use rspamd to also sign emails using DKIM, ARC,
rspamd need access to the private key used for signing.
As user nobody is correctly used to run rspamd each service that fallback
to user nobody would have access to the private key, which is a security risk.
PR: 230766
Hockeypuck implements the HKP draft protocol specification,
as well as several extensions to the protocol supported by SKS.
Public key material conforming to RFC 4880 is supported by the keyserver,
as are RFC 6637 ECC keys.
As-of-yet unsupported key material, such as recent Ed25519 signing keys,
may be distributed by Hockeypuck, however Hockeypuck is not able to
validate them yet.
WWW: https://hockeypuck.github.io
PR: 235904
Submitted by: Michiel van Baak <michiel@vanbaak.eu>
NZBHydra 2 is a meta search for NZB indexers. It provides easy access to a
number of raw and newznab based indexers. You can search all your indexers
from one place and use it as an indexer source for tools like Sonarr,
Radarr or CouchPotato.
WWW: https://github.com/theotherp/nzbhydra2
PR: 234537
Submitted by: Daniel Shafer <daniel shafer cc>
Differential_Revision: https://reviews.freebsd.org/D18704
libvirt-dbus wraps libvirt API to provide a high-level object-oriented API
better suited for dbus-based applications.
WWW: https://libvirt.org/dbus.html
Midpoint is a comprehensive identity management and identity
governance system. It is basically an complex integration tool
that can replicate and transform user records between numerous user
databases, management of the records, reporting, auditing and so
on. It allows very complex transformation and replication rules
including support for advanced RBAC and scripting. Its internal
mechanisms are based on state-of-the art concepts that are still
not yet widely used in the fieldof Identity Management.
WWW: https://evolveum.com/midpoint/
PR: 231766
Submitted by: Matthias Wolf <freebsd@rheinwolf.de>
Apache Archiva is an extensible repository management software that helps taking
care of your own personal or enterprise-wide build artifact repository. It is
the perfect companion for build tools such as Maven, Continuum, and ANT.
Archiva offers several capabilities, amongst which remote repository proxying,
security access management, build artifact storage, delivery, browsing, indexing
and usage reporting, extensible scanning functionality and many more!
WWW: https://archiva.apache.org
PR: 203071
Submitted by: Dušan Vejnovič <freebsd@dussan.org>
Differential Revision: https://reviews.freebsd.org/D15656
"nobody" should only be used by NFS and nothing should run as
it. Instead give tcpdump a dedicated user.
Also note that IPv6 is no longer optional, so just remove the option
Approved by: garga (maintainer, older version)
Reviewed by: matthew
Differential Revision: https://reviews.freebsd.org/D15841
GeoDNS is a DNS server with per-client targeted responses. It powers the NTP
Pool system and other similar services.
WWW: https://github.com/abh/geodns
PR: 227492
Submitted by: Vinicius Zavam <egypcio@googlemail.com>
Differential Revision: https://reviews.freebsd.org/D15056
- Working RC script
- Rename config file to .env so it's obvious what it is
- Don't depend on Postgres server by default
- Depend on ca_root_nss so it can actually fetch articles over HTTPS
- Run as a dedicated user
PR: 228275
Approved by: maintainer
Minimal IRC server which integrates with Mattermost and Slack.
Connect to your local/remote Mattermost installation or to Slack via your
IRC-client.
WWW: https://github.com/42wim/matterircd
PR: 227063
Submitted by: norrland@nullbyte.se
go-carbon is a go implementation of the carbon component of the graphite
project. It has support for multiple cpu's and can achieve higher concurrency.
WWW: https://github.com/lomik/go-carbon
PR: 226732
Submitted by: Andreas Andersson <a.andersson.thn@gmail.com>
This is a port of osrm-backend of the open-streetmap project.
WWW: http://project-osrm.org/
PR: 215524
Submitted by: Andreas Andersson <a.andersson.thn@gmail.com>
Reviewed by: koobs, ultima, tz
It is open-source and accessible to all. With Monero, you are your own bank.
Only you control and are responsible for your funds. Your accounts and
transactions are kept private from prying eyes.
This is the command line interface from
https://github.com/monero-project/monerohttps://getmonero.org/
Kafka is used for building real-time data pipelines and streaming apps.
It is horizontally scalable, fault-tolerant, wicked fast,
and runs in production in thousands of companies.
WWW: https://kafka.apache.org/
PR: 220793
Submitted by: timp87@gmail.com
and strongly-consistent key-value store. It scales horizontally;
survives disk, machine, rack, and even datacenter failures with
minimal latency disruption and no manual intervention; supports
strongly-consistent ACID transactions; and provides a familiar SQL
API for structuring, manipulating, and querying data.
CockroachDB is inspired by Google's Spanner and F1 technologies, and
it's completely open source.
PR: 221635
Submitted by: James Nugent <freebsd@jen20.com>
Approved by: mat (mentor)
Differential Revision: https://reviews.freebsd.org/D12088
Jackett works as a proxy server: it translates queries from apps
(Sonarr, Radarr, SickRage, CouchPotato, Mylar, etc) into
tracker-site-specific http queries, parses the html response, then sends
results back to the requesting software. This allows for getting recent
uploads (like RSS) and performing searches. Jackett is a single
repository of maintained indexer scraping & translation logic - removing
the burden from other apps.
WWW: https://github.com/Jackett/Jackett
PR: 218458
and the Japan Vulnerability Notes (JVN). NVD and JVN contain security
vulnerabilities according to their CVE identifiers, including exhaustive
information and a risk score. The local copy is generated in sqlite format, and
the tool has a server mode for easy querying.
WWW: https://github.com/kotakanbe/go-cve-dictionary/
PR: 220561
Submitted by: Alexandru Ciobanu <iscandr@gmail.com> (maintainer)
Reviewed by: matthew (mentor), koobs, mat
Approved by: matthew (mentor)
Differential Revision: https://reviews.freebsd.org/D11745
FRRouting (FRR) is an IP routing protocol suite for Linux and Unix platforms
which includes protocol daemons for BGP, IS-IS, OSPF and RIP. FRR has its roots
in the Quagga project.
WWW: https://frrouting.org/
Sponsored by: Orange
Ceph is a distributed object store and file system designed to
provide excellent performance, reliability and scalability.
PR: 217046
Submitted by: Willem Jan Withagen <wjw@digiware.nl>
Reported by: Willem Jan Withagen <wjw@digiware.nl>
Reviewed by: asomers, feld, mat, mmokhi
Approved by: asomers, feld (mentor)
Differential Revision: https://reviews.freebsd.org/D9584
Samhain is an open source file integrity and host-based intrusion
detection system for Linux and Unix. It can run as a daemon process,
and and thus can remember file changes - contrary to a tool that runs
from cron, if a file is modified you will get only one report, while
subsequent checks of that file will ignore the modification as it is
already reported (unless the file is modified again).
Samhain can optionally be used as client/server system to provide
centralized monitoring for multiple host. Logging to a (MySQL or
PostgreSQL) database is supported.
PR: 214623
Submitted by: Nikola Kolev <koue@chaosophia.net>
- enables privilege separation
- removes the build dependency on asciidoctor
- removes the runtime dependency on makeinfo and readline
- add a runtime dependency on libedit
- do not install the HTML documentation (in favour of man pages)
- update the post-install message (pkg-message) in light of privilege separation
- set the permission of /var/db/chrony to the new "chronyd" user and group
PR: 216737
Submitted by: maintainer
Approved by: mat (mentor)
Differential Revision: https://reviews.freebsd.org/D9570
This update introduces a dedicated user for uwsgi and introduces the
uwsgi_socket_owner setting which by default is set to www:www. The
previous change to socket mode of 600 has been modified to 660 as well.
This change further increases security while restoring compatibility.
MFH: 2017Q1
Differential Revision: https://reviews.freebsd.org/D9398
- Add missing run depends
- Add rc script
- Add example configs
- Add instructions to pkg-message
- Add user for daemon to run as non-root
- Add patch to run with newer nacl
- Take maintainership
Approved by: maintainer (private communications)
Differential Revision: https://reviews.freebsd.org/D9228
Lightdm is a display manager that:
* Is cross-desktop - supports different desktops
* Supports different display technologies
* Is lightweight - low memory usage and fast performance
* Has a comprehensive test suite
WWW: https://www.freedesktop.org/wiki/Software/LightDM/
lightdm-gtk-greeter is the reference GTK+ greeter for LightDM.
WWW: https://launchpad.net/lightdm-gtk-greeter
Approved by: adamw (mentor, implicit)
Horizon is a Django-based project aimed at providing
a complete OpenStack Dashboard along with an extensible framework
for building new dashboards from reusable components.
PR: 215155
Submitted by: Alexander Nusov (alexander.nusov@nfvexpress.com)
Recursive DNS/DNSCurve server and comandline tool to debug DNS/DNSCurve
WWW: https://mojzis.com/software/dq/
PR: 215073
Submitted by: Piotr Kubaj <pkubaj@anongoth.pl>
Please note that this is a development version of nova.
Many features are not available.
Currently nova works on FreeBSD 11 and supports QEMU and Xen.
Common issues:
- Security groups are not implemented
- ARP spoofing, DHCP isolation protection are not implemented
- Nova services work from the root user
- No IPv6 support
QEMU issues:
- Need to enable serialconsole (TCP)
- Need to disable online CPU tracking
- Cannot mount cinder volumes
Xen issues:
- Live snapshots don't work
- No support for cinder volume hot-plugging
- XENBUS delay (5 min) when using qemu driver and COW images
- Some Linux images cannot be booted
For further FreeBSD specific notes please refer to port's pkg-message.
PR: 215151
Submitted by: Alexander Nusov (alexander.nusov@nfvexpress.com)
- Rewrite the rc script with new options that allows users to:
- set config file.
- set datadir.
- set bitcoin limits.
PR: ports/213235
Submitted by: Christopher Hall <hsw@bitmark.com>
Approved by: maintainer timeout (1 month)
- Set permissions properly on ETCDIR
- Add an information on znc user/group to pkg-message
- Pass maintainership to dbaio
PR: 200005
Submitted by: josh+freebsd@zevlag.com, dbaio@bsd.com.br
Nexus Repository Manager OSS provides you with an essential level of control
over the external repositories you use and the internal repositories you create.
It provides infrastructure and services for organizations that use repository
managers to obtain and deliver software. If you create software libraries or
applications for your end users, you can use Nexus Repository Manager OSS to
distribute your software. If your software depends on open source software
components, you can cache software components from remote repositories.
Nexus Repository Manager OSS features:
- Hosting repositories
- Proxy remote repositories
- Repository groups
- Numerous repository formats
- Hosting project websites
- Fine-grained security model
- Flexible LDAP integration
- Component search
- Scheduled rasks
- REST services
- Integration with m2eclipse
WWW: https://www.sonatype.com/nexus-repository-oss
PR: 203074
Submitted by: Dusan Vejnovic <freebsd@dussan.org>, Michael Osipov <1983-01-06@gmx.net> (maintainer)
Reviewed by: feld, junovitch, koobs (mentors)
Approved by: feld, junovitch, koobs (mentors)
FastDFS is an open source high performance distributed file system (DFS).
It's major functions include: file storing, file syncing and file accessing,
and design for high capacity and load balance.
WWW: https://github.com/happyfish100/fastdfs
PR: 213311
Submitted by: Daniel Ylitalo <daniel@blodan.se>
Summary:
Add 'rtg' user and group in UIDs/GIDs.
Use daemon(8) to daemonize rtgpoll.
Add prestart commands to set correct permissions for RTG's files.
Reviewers: swills, allanjude, xmj, andrew.fengler_scaleengine.com, #contributor_reviewers_ports, matthew
Reviewed By: #contributor_reviewers_ports, matthew
Subscribers: matthew, mat
Differential Revision: https://reviews.freebsd.org/D7486
OpenMDNS is a full implementation of MDNS/DNS-SD, it aims to be a light
replacement for Avahi/Bonjour. Currently OpenMDNS is about 10% of the size
of Avahi.
http://www.haesbaert.org/openmdns/
Prometheus is a systems and service monitoring system. It collects metrics
from configured targets at given intervals, evaluates rule expressions,
displays the results, and can trigger alerts if some condition is observed
to be true.
Prometheus' main distinguishing features as compared to other monitoring
systems are:
- a multi-dimensional data model (timeseries defined by metric name and
set of key/value dimensions)
- a flexible query language to leverage this dimensionality
- no dependency on distributed storage; single server nodes are autonomous
- timeseries collection happens via a pull model over HTTP
- pushing timeseries is supported via an intermediary gateway
- targets are discovered via service discovery or static configuration
- multiple modes of graphing and dashboarding support
- support for hierarchical and horizontal federation
WWW: https://prometheus.io/
PR: 212468
Submitted by: Jev Bjoersell <jev@ecadlabs.com>
The Knot DNS Resolver is a caching full resolver implementation,
including both a resolver library and a daemon.
WWW: https://www.knot-resolver.cz/
PR: 212215
Submitted by: Leo Vandewoestijne <freebsd@dns-lab.com>
ufdbGuard is a URL filter for the Squid web proxy. Besides blocking
access from PCs and smartphones to undesired websites, ufdbGuard
has safety features to make browsing safer and to block remote
access. ufdbGuard supports configuration of groups with different
web access policies, SafeSearch enforcement, SSH tunnel detection,
safer HTTPS traffic, time-based access rules and much more.
WWW: https://www.urlfilterdb.com/
PR: 212044
Submitted by: Pavel Timofeev <timp87@gmail.com>
People always go to the end and see that it's 999 and that we must be
out of entries. Now, they'll just have to pick a free entry.
Generated with (should be idempotent):
awk -F: '$3>=100 && $3 < 1000 && $3 != old+1 && !/^#/ {while (old+1 <= $3-1) {old=old+1; print "# free: "old}} /^# free/ {next} {print; old=$3}' UIDs
Discussed with: swills (on irc)
Sponsored by: Absolight
