diff --git a/.gitignore b/.gitignore index e69de29..6ca1317 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1,3 @@ +/tcpcrypt-bb990b1bfb0e411f0613abdaf3b71fdce50a82cf.tar.gz +/tcpcrypt-0.4.tar.gz +/tcpcrypt-0.5.tar.gz diff --git a/sources b/sources index e69de29..6a603fb 100644 --- a/sources +++ b/sources @@ -0,0 +1 @@ +SHA512 (tcpcrypt-0.5.tar.gz) = aa7068e24c16449e84cc06450bbbac0a245df4f7883eef3c5cc10afb3592f194d42103d06e3e072ad997d09835545fa71bfecd57209ee45c07433f64fb6f0048 diff --git a/tcpcrypt.spec b/tcpcrypt.spec new file mode 100644 index 0000000..050228a --- /dev/null +++ b/tcpcrypt.spec @@ -0,0 +1,222 @@ +%global _hardened_build 1 +%global snapshot 0 + +Summary: Opportunistically encrypt TCP connections +Name: tcpcrypt +Version: 0.5 +Release: 19%{?dist} +# Automatically converted from old format: BSD - review is highly recommended. +License: LicenseRef-Callaway-BSD +Url: http://tcpcrypt.org/ +Source0: http://tcpcrypt.org//%{name}-%{version}.tar.gz +SOURCE1: tmpfiles-tcpcrypt.conf +SOURCE2: tcpcryptd.service +SOURCE3: tcpcryptd-firewall +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +BuildRequires: make +BuildRequires: gcc +BuildRequires: openssl-devel libnetfilter_queue-devel libcap-devel +BuildRequires: libnetfilter_conntrack-devel libpcap-devel +BuildRequires: libtool autoconf automake +BuildRequires: systemd +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd + +%description +Provides a protocol that attempts to encrypt (almost) all of your +network traffic. Unlike other security mechanisms, Tcpcrypt works out +of the box: it requires no configuration, no changes to applications, +and your network connections will continue to work even if the remote +end does not support + +%package devel +Summary: Development package that includes the tcpcrypt header files +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description devel +The devel package contains the tcpcrypt library and the include files + +%package libs +Summary: Libraries used by tcpcryptd server and tcpcrypt-aware applications + +%description libs +Contains libraries used by tcpcryptd server and tcpcrypt-aware applications + +%prep +%autosetup + +# Create a sysusers.d config file +cat >tcpcrypt.sysusers.conf < - 0.5-19 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + +* Tue Feb 11 2025 Zbigniew Jędrzejewski-Szmek - 0.5-18 +- Add sysusers.d config file to allow rpm to create users/groups automatically + +* Sun Jan 19 2025 Fedora Release Engineering - 0.5-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + +* Wed Sep 04 2024 Miroslav Suchý - 0.5-16 +- convert license to SPDX + +* Sat Jul 20 2024 Fedora Release Engineering - 0.5-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Sat Jan 27 2024 Fedora Release Engineering - 0.5-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sat Jul 22 2023 Fedora Release Engineering - 0.5-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Thu Feb 23 2023 Eric Garver - 0.5-12 +- remove bash-isms from tcpcryptd-firewall + +* Thu Feb 23 2023 Eric Garver - 0.5-11 +- remove broken firewalld service definition + +* Sat Jan 21 2023 Fedora Release Engineering - 0.5-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Sat Jul 23 2022 Fedora Release Engineering - 0.5-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Sat Jan 22 2022 Fedora Release Engineering - 0.5-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Tue Sep 14 2021 Sahana Prasad - 0.5-7 +- Rebuilt with OpenSSL 3.0.0 + +* Fri Jul 23 2021 Fedora Release Engineering - 0.5-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 0.5-5 +- Rebuilt for updated systemd-rpm-macros + See https://pagure.io/fesco/issue/2583. + +* Wed Jan 27 2021 Fedora Release Engineering - 0.5-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Jul 29 2020 Fedora Release Engineering - 0.5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Fri Jan 31 2020 Fedora Release Engineering - 0.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Sun Aug 04 2019 Filipe Rosset - 0.5-1 +- Update to 0.5 plus spec cleanup and modernization + +* Sat Jul 27 2019 Fedora Release Engineering - 0.4-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Sun Feb 03 2019 Fedora Release Engineering - 0.4-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Sat Jul 14 2018 Fedora Release Engineering - 0.4-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Fri Feb 09 2018 Fedora Release Engineering - 0.4-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Aug 03 2017 Fedora Release Engineering - 0.4-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 0.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sat Feb 11 2017 Fedora Release Engineering - 0.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Sun Mar 06 2016 Paul Wouters - 0.4-1 +- Updated to 0.4 +- Resolves: rhbz#1213128 wrong user tcpcrypt +- Resolves: rhbz#1312703 Package systemd ExecStartPre/ExecStopPost script broken + +* Fri Feb 05 2016 Fedora Release Engineering - 0.4-0.5.bb990b1b +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Fri Jun 19 2015 Fedora Release Engineering - 0.4-0.4.bb990b1b +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Thu Jan 29 2015 Paul Wouters - 0.4-0.3.bb990b1b +- fix groupadd +- remove rm -rf buildroot in install target + +* Thu Jan 29 2015 Paul Wouters - 0.4-0.2.bb990b1b +- Bundle tcpcrypd-firewall to start/stop the custom firewall rules +- Use macros for tmpfiles +- updated service file + +* Mon Jan 19 2015 Paul Wouters - 0.4-0.1.bb990b1b +- Update to latest git, fix versioning + +* Mon Aug 25 2014 Paul Wouters - 0-3.cacd9789 +- Enabled autoconf Buildrequires for snapshot release + +* Wed Aug 20 2014 Paul Wouters - 0-2.cacd9789 +- Updated to latest git, removed patched merged upstream +- Added systemd service file +- Removed no longer needed rpath fixes + +* Fri Aug 08 2014 Paul Wouters - 0-1.c8b7efa +- Patch for missing-call-to-chdir-with-chroot and missing-call-to-setgroups +- Remove RPATH + +* Thu Jul 24 2014 Paul Wouters - 0-0.c8b7efa +- Initial package for review + diff --git a/tcpcryptd-firewall b/tcpcryptd-firewall new file mode 100755 index 0000000..33d1075 --- /dev/null +++ b/tcpcryptd-firewall @@ -0,0 +1,23 @@ +#!/bin/sh + +# use iptables manually +if [ "$1" = "start" ] +then + iptables -t raw -N tcpcrypt + iptables -t raw -A tcpcrypt -p tcp -m mark --mark 0x0/0x10 -j NFQUEUE --queue-num 666 + iptables -t raw -I PREROUTING -j tcpcrypt + + iptables -t mangle -N tcpcrypt + iptables -t mangle -A tcpcrypt -p tcp -m mark --mark 0x0/0x10 -j NFQUEUE --queue-num 666 + iptables -t mangle -I POSTROUTING -j tcpcrypt + + # launch `tcpcryptd` with `-x 0x10` +fi +if [ "$1" = "stop" ] +then + iptables -t raw -F tcpcrypt + iptables -t raw -D PREROUTING -j tcpcrypt + + iptables -t mangle -F tcpcrypt + iptables -t mangle -D PREROUTING -j tcpcrypt +fi diff --git a/tcpcryptd.service b/tcpcryptd.service new file mode 100644 index 0000000..7147008 --- /dev/null +++ b/tcpcryptd.service @@ -0,0 +1,14 @@ +[Unit] +Description=tcpcryptd Server +After=syslog.target network.target + +[Service] +Type=simple +ExecStartPre=mkdir -p /var/run/tcpcryptd +ExecStartPre=/usr/bin/tcpcryptd-firewall start +ExecStart=/usr/bin/tcpcryptd -f -x 0x10 +ExecStopPost=/usr/bin/tcpcryptd-firewall stop + +[Install] +WantedBy=multi-user.target + diff --git a/tmpfiles-tcpcrypt.conf b/tmpfiles-tcpcrypt.conf new file mode 100644 index 0000000..6b6dfd6 --- /dev/null +++ b/tmpfiles-tcpcrypt.conf @@ -0,0 +1,2 @@ +D /var/run/tcpcryptd 0750 tcpcryptd tcpcryptd - +