rpms/tcpcrypt
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

merge into: rpms:f31
Branches Tags
rpms:rawhide
rpms:f43
rpms:main
rpms:f42
rpms:f41
rpms:f40
rpms:f39
rpms:f37
rpms:f38
rpms:f36
rpms:f35
rpms:f34
rpms:f33
rpms:f32
rpms:f31
rpms:f30
rpms:f29
rpms:f28
rpms:f27
rpms:f26
rpms:f25
rpms:f24
rpms:f23
rpms:epel7
rpms:f21
rpms:f22
rpms:el6
...
pull from: rpms:rawhide
Branches Tags
rpms:f43
rpms:main
rpms:rawhide
rpms:f42
rpms:f41
rpms:f40
rpms:f39
rpms:f37
rpms:f38
rpms:f36
rpms:f35
rpms:f34
rpms:f33
rpms:f32
rpms:f31
rpms:f30
rpms:f29
rpms:f28
rpms:f27
rpms:f26
rpms:f25
rpms:f24
rpms:f23
rpms:epel7
rpms:f21
rpms:f22
rpms:el6
Sign in to create a new pull request.

19 commits
f31 ... rawhide

Author SHA1 Message Date
Fedora Release Engineering
3bed1886a7 Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild 2025-07-25 19:08:58 +00:00
Zbigniew Jędrzejewski-Szmek
62c4fd5a76 Add sysusers.d config file to allow rpm to create users/groups automatically 
See https://fedoraproject.org/wiki/Changes/RPMSuportForSystemdSysusers.
 2025-02-11 16:44:39 +01:00
Fedora Release Engineering
9f91cd0e6b Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild 2025-01-19 12:29:34 +00:00
Miroslav Suchý
8be4d9a411 convert license to SPDX 
This is part of https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_4
 2024-09-04 22:17:55 +02:00
Fedora Release Engineering
91b6efd427 Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild 2024-07-20 07:10:40 +00:00
Fedora Release Engineering
96bd83752f Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild 2024-01-27 05:36:09 +00:00
Fedora Release Engineering
83630378ca Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2023-07-22 03:18:34 +00:00
Eric Garver
5fae8d3e21 fix: remove bash-isms 2023-02-23 09:37:32 -05:00
Eric Garver
b363879202 fix: remove broken firewalld integration 
The "direct" XML element has never been valid inside of a service
definition. So the firewalld integration has never worked.

New firewalld enforces sane configuration at startup. Old firewalld
would ignore the broken service definition and load the rest of the
configuration.
 2023-02-23 09:31:10 -05:00
Fedora Release Engineering
0005726b5e Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2023-01-21 04:45:30 +00:00
Fedora Release Engineering
2b16cc5e61 Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2022-07-23 10:11:27 +00:00
Fedora Release Engineering
9c5e9251fd - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2022-01-22 02:24:26 +00:00
Sahana Prasad
938e15f82e Rebuilt with OpenSSL 3.0.0 2021-09-14 19:16:19 +02:00
Fedora Release Engineering
dc900f83b9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2021-07-23 18:58:40 +00:00
Zbigniew Jędrzejewski-Szmek
ba99af065a Rebuilt for updated systemd-rpm-macros 
See https://pagure.io/fesco/issue/2583.
 2021-03-02 16:12:10 +01:00
Fedora Release Engineering
d19cf2894f - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2021-01-27 21:41:26 +00:00
Tom Stellard
4e781e4087 Add BuildRequires: make 
https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot
 2021-01-08 22:21:27 +00:00
Fedora Release Engineering
5a7e08d175 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2020-07-29 12:11:35 +00:00
Fedora Release Engineering
2438ab0472 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2020-01-31 01:12:33 +00:00
3 changed files with 70 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

12
tcpcrypt-firewalld.xml
View file

@ -1,12 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<direct>
<chain ipv="ipv4" table="raw" chain="tcpcrypt"/>
<rule ipv="ipv4" table="raw" chain="tcpcrypt" priority="0">
-p tcp -m mark --mark 0x0/0x10 -j NFQUEUE --queue-num 666</rule>
<rule ipv="ipv4" table="raw" chain="PREROUTING" priority="0">-j tcpcrypt</rule>
<chain ipv="ipv4" table="mangle" chain="tcpcrypt"/>
<rule ipv="ipv4" table="mangle" chain="tcpcrypt" priority="0">
-p tcp -m mark --mark 0x0/0x10 -j NFQUEUE --queue-num 666</rule>
<rule ipv="ipv4" table="mangle" chain="POSTROUTING" priority="0">-j tcpcrypt</rule>
</direct>

81
tcpcrypt.spec
View file

@ -4,15 +4,16 @@
Summary: Opportunistically encrypt TCP connections
Name: tcpcrypt
Version: 0.5
Release: 1%{?dist}
License: BSD
Release: 19%{?dist}
# Automatically converted from old format: BSD - review is highly recommended.
License: LicenseRef-Callaway-BSD
Url: http://tcpcrypt.org/
Source0: http://tcpcrypt.org//%{name}-%{version}.tar.gz
SOURCE1: tmpfiles-tcpcrypt.conf
SOURCE2: tcpcryptd.service
SOURCE3: tcpcryptd-firewall
SOURCE4: tcpcrypt-firewalld.xml
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
BuildRequires: make
BuildRequires: gcc
BuildRequires: openssl-devel libnetfilter_queue-devel libcap-devel
BuildRequires: libnetfilter_conntrack-devel libpcap-devel
@ -21,9 +22,6 @@ BuildRequires: systemd
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
Requires(pre): shadow-utils
# we need to require it to install our file
Requires: firewalld
%description
Provides a protocol that attempts to encrypt (almost) all of your
@ -48,6 +46,11 @@ Contains libraries used by tcpcryptd server and tcpcrypt-aware applications
%prep
%autosetup
# Create a sysusers.d config file
cat >tcpcrypt.sysusers.conf <<EOF
u tcpcryptd - 'tcpcrypt daemon account' /var/run/tcpcryptd -
EOF
%build
sh bootstrap.sh
%configure --disable-static --disable-rpath
@ -61,8 +64,8 @@ mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d/ %{buildroot}/run/tcpcryptd
install -D -m 0644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/tcpcrypt.conf
mkdir -p %{buildroot}%{_unitdir}
install -m 0755 %{SOURCE2} %{buildroot}/%{_unitdir}/tcpcryptd.service
# install firewalld policy needed for tracking and marking packets
install -D -m 0644 %{SOURCE4} %{buildroot}/%{_prefix}/lib/firewalld/services/tcpcryptd.xml
install -m0644 -D tcpcrypt.sysusers.conf %{buildroot}%{_sysusersdir}/tcpcrypt.conf
%files libs
%doc README.markdown
@ -79,8 +82,8 @@ install -D -m 0644 %{SOURCE4} %{buildroot}/%{_prefix}/lib/firewalld/services/tcp
%{_mandir}/man8/*
%attr(0644,root,root) %{_tmpfilesdir}/tcpcrypt.conf
%attr(0644,root,root) %{_unitdir}/tcpcryptd.service
%attr(0644,root,root) %{_prefix}/lib/firewalld/services/tcpcryptd.xml
%attr(0755,tcpcryptd,tcpcryptd) %dir /run/tcpcryptd
%{_sysusersdir}/tcpcrypt.conf
%files devel
%{_libdir}/libtcpcrypt.so
@ -89,11 +92,6 @@ install -D -m 0644 %{SOURCE4} %{buildroot}/%{_prefix}/lib/firewalld/services/tcp
%ldconfig_scriptlets libs
%pre
getent group tcpcryptd >/dev/null || groupadd -r tcpcryptd
getent passwd tcpcryptd >/dev/null || \
useradd -r -g tcpcryptd -d /var/run/tcpcryptd -s /sbin/nologin \
-c "tcpcrypt daemon account" tcpcryptd || exit 0
%post
%systemd_post tcpcryptd.service
@ -105,6 +103,61 @@ useradd -r -g tcpcryptd -d /var/run/tcpcryptd -s /sbin/nologin \
%systemd_postun_with_restart tcpcryptd.service
%changelog
* Fri Jul 25 2025 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Feb 11 2025 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 0.5-18
- Add sysusers.d config file to allow rpm to create users/groups automatically
* Sun Jan 19 2025 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Wed Sep 04 2024 Miroslav Suchý <msuchy@redhat.com> - 0.5-16
- convert license to SPDX
* Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Feb 23 2023 Eric Garver <eric@garver.life> - 0.5-12
- remove bash-isms from tcpcryptd-firewall
* Thu Feb 23 2023 Eric Garver <eric@garver.life> - 0.5-11
- remove broken firewalld service definition
* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 0.5-7
- Rebuilt with OpenSSL 3.0.0
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 0.5-5
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Sun Aug 04 2019 Filipe Rosset <rosset.filipe@gmail.com> - 0.5-1
- Update to 0.5 plus spec cleanup and modernization

21
tcpcryptd-firewall
View file

@ -1,20 +1,7 @@
#!/bin/sh
# Check if we need to use firewalld or will handle rules directly with iptables
systemctl status firewalld.service >/dev/null
RETVAL=$?
if [ $RETVAL -eq 0 ]
then
# use firewalld
firewall-cmd --reload
firewall-cmd --direct --get-rules ipv4 raw tcpcrypt
firewall-cmd --direct --get-rules ipv4 mangle tcpcrypt
else
# use iptables manually
if [ "$1" == "start" ]
# use iptables manually
if [ "$1" = "start" ]
then
iptables -t raw -N tcpcrypt
iptables -t raw -A tcpcrypt -p tcp -m mark --mark 0x0/0x10 -j NFQUEUE --queue-num 666
@ -26,7 +13,7 @@ then
# launch `tcpcryptd` with `-x 0x10`
fi
if [ "$1" == "stop" ]
if [ "$1" = "stop" ]
then
iptables -t raw -F tcpcrypt
iptables -t raw -D PREROUTING -j tcpcrypt
@ -34,5 +21,3 @@ then
iptables -t mangle -F tcpcrypt
iptables -t mangle -D PREROUTING -j tcpcrypt
fi
fi